From rforno at infowarrior.org Thu Aug 1 07:15:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 08:15:56 -0400 Subject: [Infowarrior] - 5CA upholds Warrantless Cellphone Tracking Message-ID: 07/30/2013 Federal Appeals Court Rules the Government Can Track Your Cell Phone Without a Warrant By Catherine Crump, Staff Attorney, ACLU Speech, Privacy and Technology Project at 5:12pm http://www.aclu.org/blog/technology-and-liberty/federal-appeals-court-rules-government-can-track-your-cell-phone-without It has long been our position that the government must obtain a warrant based on probable cause before engaging in surveillance of people's historical cell phone location information. Today, our efforts were dealt a setback. Over a strong dissent, the Fifth Circuit Court of Appeals held that individuals have no reasonable expectation of privacy over their location data. According to the court, law enforcement agents do not need to obtain a warrant to get this information, ruling instead that a less protective standard suffices. This ruling is troubling because, as we and the Electronic Frontier Foundation (EFF) argued, only a warrant standard fully protects Americans' privacy interests in their locations and movements over time. Cell phone companies store records on where each of us have been, often stretching back for years. That location information is sensitive and can reveal a great deal?what doctors people visit, where they spend the night, who their friends are, and where they worship. Given the sensitivity of these facts, law enforcement agents should have to demonstrate to a judge that they have a good reason to believe that they will turn up evidence of wrongdoing before gaining access to information that can paint a detailed picture of where a person has been over time. The Fifth Circuit did not accept this argument. It concludes that because historical cell phone location records are the business records of cell phone companies, individuals can have no reasonable expectation of privacy in them ? and therefore no Fourth Amendment protections. As the Fifth Circuit put it: "[C]ell site information is clearly a business record. The cell service provider collects and stores historical cell site data for its own business purposes . . . the government merely comes in after the fact and asks a provider to turn over records the provider has already created." This reasoning, generally referred to has the "third-party doctrine" (according to which you don't have a privacy expectation in any information turned over to a third party), was developed decades ago, long before cell phones were common, the use email was widespread, or the general public had heard of the Internet. It's not compatible with the ease with which digital technologies collect data about each of us today. If you have ever used an app, you understand that we share all sorts of information about ourselves as a precondition for participation in today's digital world. This doesn't mean Americans have suddenly stopped caring about privacy, but rather that a doctrine that was once useful is no longer an indicator of when Americans reasonably expect privacy and when they don't. Courts should keep up. In defending its application of the business records doctrine, the Fifth Circuit writes: "Their use of their phones, moreover, is entirely voluntary . . . . The Government does not require a member of the public to own or carry a phone." That's true. But good luck hunting for a job or maintaining a social life these days without one. The court also suggests that it is the free market or the legislature, not the courts, that should provide privacy protections for cell phone users: "But the recourse for these desires is in the market or the political process: in demanding that service providers do away with such records (or anonymize them) or in lobbying elected representatives to enact statutory protections." Regarding the first point, perhaps the court is unaware how opposed the cell phone companies are to even disclosing how long they keep subscriber data. It took a nation-wide public records act request campaign before we received a Justice Department information sheet on how long carriers keep such records. (According to the 2010 document, Verizon keeps historical cell phone records for "1 rolling year" while Sprint keeps them for "18-24 months.") There is no cell phone company that doesn't retain historical cell site location data, or even one that keeps it only for a short time. And anyway, our Fourth Amendment rights should not depend on the largesse of for-profit corporations. As for pressing for Congressional change, the ACLU has been doing just that for years. (The federal statute the government uses to obtain cell phone location records was written way back in 1986 and hasn't been meaningfully updated since.) But the mere fact that some other branch of government could provide a remedy is no reason for courts to take a pass on protecting Americans' privacy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 07:16:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 08:16:10 -0400 Subject: [Infowarrior] - Scientists Banned from Revealing Details of Car-Security Hack Message-ID: Scientists Banned from Revealing Details of Car-Security Hack The UK has banned researchers from revealing details of security vulnerabilities in car locks. In 2008, Phillips brought a similar suit against researchers who broke the Mifare chip. That time, they lost. This time, Volkswagen sued and won. This is bad news for security researchers. (Remember back in 2001 when security researcher Ed Felten sued the RIAA in the US to be able to publish his research results?) We're not going to improve security unless we're allowed to publish our results. And we can't start suppressing scientific results, just because a big corporation doesn't like what it does to their reputation. http://www.schneier.com/blog/archives/2013/08/scientists_bann.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 07:20:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 08:20:36 -0400 Subject: [Infowarrior] - Snowden granted 1-year Russian asylum Message-ID: Snowden granted 1-year political asylum in Russia, leaves airport http://rt.com/news/snowden-entry-papers-russia-902/ NSA whistleblower Edward Snowden has been granted temporary asylum in Russia and is allowed to enter the country?s territory. The whistleblower has been granted temporary political asylum in Russia, Snowden's legal representative Anatoly Kucherena said. ?I have just handed over to him papers from the Russian Immigration Service. They are what he needs to leave the transit zone,? he added. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 07:22:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 08:22:46 -0400 Subject: [Infowarrior] - Twitter logs sharp rise in non-NSA government requests for data Message-ID: Twitter logs sharp rise in non-NSA government requests for data Three-quarters of acknowledged requests for user information in the past six months came from the US ? Reuters in San Francisco ? theguardian.com, Wednesday 31 July 2013 23.28 EDT http://www.theguardian.com/technology/2013/aug/01/twitter-rise-government-requests-data Twitter is under increasing pressure from governments to release users' private information, with requests rising 40% in the first six months of the year, the firm said on Wednesday, in its twice-yearly transparency report. The US made three-quarters of the 1,157 data requests during the six-month period, the company's report said. Governments usually want the emails or IP addresses tied to a Twitter account. In one well-known case, a French court ordered Twitter in February to turn over information about an anonymous account that posted anti-Semitic tweets. Twitter, which had initially resisted by arguing that the data was stored beyond French jurisdiction in its California servers, ultimately complied in June. Efforts to censor Twitter content also rose sharply, the company said. "Over the last six months, we have gone from withholding content in two countries to withholding content [ranging from hate speech to defamation] in seven countries," said Twitter's legal policy manager, Jeremy Kessel. Twitter was censored the most in Brazil, where courts issued orders on nine occasions to remove a total of 39 defamatory tweets. Authorities in Japan, another large Twitter user base, made 87 requests for user information, while UK agencies filed 26. Most requests come in the form of court-issued subpoenas, Twitter said. The report did not include secret information requests within the US authorised under the Patriot Act. US companies are prohibited from acknowledging the existence of data requests made under those statutes. Transparency reports such as the one published by Twitter have been a contentious issue in the wake of the leaks by former security contractor Edward Snowden, who alleged that service providers including Google, Facebook and Microsoft systematically pass along huge troves of user data to the National Security Agency. The companies, which have denied the scope of Snowden's allegations, have asked the US government for permission to reveal the precise number of national security requests they receive in order to publicly argue that their co-operation with the government has been relatively limited. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 09:52:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 10:52:42 -0400 Subject: [Infowarrior] - Report On TSA Misconduct Finds 1 In 16 Employees Was Investigated Last Year Message-ID: <86251E20-0754-467F-BCD2-FC22AE502EA6@infowarrior.org> Report On TSA Misconduct Finds 1 In 16 Employees Was Investigated Last Year The TSA's security theater is now officially a substandard off-Broadway production. The General Accounting Office has released a damning report* on the TSA's handling of employee misconduct. Not that the TSA doesn't have its hands full simply writing up the paperwork on ill-behaved employees. From 2010-2012, over 9,600 cases of employee misconduct were reported, with 3,408 of those coming in 2012, an increase of over 700 cases from the previous year. < - > The more shocking statistic is the number of cases related to the specifics of the job -- screening and security. 1,936 cases -- 20% of the total -- were violations like failing to follow standard operating procedures, bypassing security or sleeping on the job. Another 16% (1,548 cases) weren't any better -- insubordination, ignoring policies and disrespectful conduct. Remember, these employees are the last line of defense between terrorists and planes, at least according to the narrative that's presented when infants and elementary school kids being detained and invasively searched. (Or when iPads go missing.) The TSA likes to brag about the weapons it's caught, but this data indicates there's still a good chance many weapons are making it through. < - > http://www.techdirt.com/articles/20130730/20412124011/report-tsa-misconduct-finds-1-16-employees-was-investigated-last-year.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 10:13:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 11:13:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?Exclusive=3A_NSA_pays_=A3100m_in?= =?windows-1252?q?_secret_funding_for_GCHQ?= Message-ID: <99B227FD-D4F2-4CE2-B690-F8FB832A8AF3@infowarrior.org> Exclusive: NSA pays ?100m in secret funding for GCHQ ? Nick Hopkins and Julian Borger ? The Guardian, Thursday 1 August 2013 11.04 EDT ? Jump to comments (6) http://www.theguardian.com/uk-news/2013/aug/01/nsa-paid-gchq-spying-edward-snowden The US government has paid at least ?100m to the UK spy agency GCHQ over the last three years to secure access to and influence over Britain's intelligence gathering programmes. The top secret payments are set out in documents which make clear that the Americans expect a return on the investment, and that GCHQ has to work hard to meet their demands. "GCHQ must pull its weight and be seen to pull its weight," a GCHQ strategy briefing said. The funding underlines the closeness of the relationship between GCHQ and its US equivalent, the National Security Agency. But it will raise fears about the hold Washington has over the UK's biggest and most important intelligence agency, and whether Britain's dependency on the NSA has become too great. In one revealing document from 2010, GCHQ acknowledged that the US had "raised a number of issues with regards to meeting NSA's minimum expectations". It said GCHQ "still remains short of the full NSA ask". Ministers have denied that GCHQ does the NSA's "dirty work", but in the documents GCHQ describes Britain's surveillance laws and regulatory regime as a "selling point" for the Americans. The papers are the latest to emerge from the cache leaked by the American whistleblower Edward Snowden, the former NSA contractor who has railed at the reach of the US and UK intelligence agencies. Snowden warned about the relationship between the NSA and GCHQ, saying the organisations have been jointly responsible for developing techniques that allow the mass harvesting and analysis of internet traffic. "It's not just a US problem," he said. "They are worse than the US." As well as the payments, the documents seen by the Guardian reveal: ? GCHQ is pouring money into efforts to gather personal information from mobile phones and apps, and has said it wants to be able to "exploit any phone, anywhere, any time". ? Some GCHQ staff working on one sensitive programme expressed concern about "the morality and ethics of their operational work, particularly given the level of deception involved". ? The amount of personal data available to GCHQ from internet and mobile traffic has increased by 7,000% over the past five years ? but 60% of all Britain's refined intelligence still appears to come from the NSA. ? GCHQ blames China and Russia for the vast majority of cyber-attacks against the UK and is now working with the NSA to provide the British and US militaries with a cyberwarfare capability. The details of the NSA payments, and the influence the US has over Britain are set out in GCHQ's annual "investment portfolios". The papers show the NSA gave GCHQ ?22.9m in 2009. The following year the NSA's contribution increased to ?39.9m, which included ?4m to support GCHQ's work for Nato forces in Afghanistan, and ?17.2m for the agency's Mastering the Internet project, which gathers and stores vast amounts of "raw" information ready for analysis. The NSA also paid ?15.5m towards redevelopments at GCHQ's sister site in Bude, north Cornwall, which intercepts communications from the transatlantic cables that carry internet traffic. "Securing external NSA funding for Bude has protected (GCHQ's core) budget," the paper said. In 2011/12 the NSA paid another ?34.7m to GCHQ. The papers show the NSA also pays half the costs of one of the UK's main eavesdropping capabilities in Cyprus. In turn, GCHQ has to take the American view into account when deciding what to prioritise. A document setting out GCHQ's spending plans for 2010/11 stated: "The portfolio will spend money supplied by the NSA and UK government departments against agreed requirements." Other documents say the agency must ensure there has been "an appropriate level of contribution ? from the NSA perspective". The leaked papers reveal the UK's biggest fear is that "US perceptions of the ? partnership diminish, leading to loss of access, and/or reduction in investment ? to the UK". When GCHQ does supply the US with valuable intelligence, the agency boasts about it. In one review, GCHQ boasted that it had supplied "unique contributions" to the NSA during its investigation of the American citizen responsible for an attempted car bomb attack in Times Square, New York City, in 2010. No other detail is provided ? but it raises the possibility that GCHQ might have been spying on an American living in the US. The NSA is prohibited from doing this by US law. Asked about the payments, a Cabinet Office spokesman said: "In a 60-year alliance it is entirely unsurprising that there are joint projects in which resources and expertise are pooled, but the benefits flow in both directions." A senior security source in Whitehall added: "The fact is there is a close intelligence relationship between the UK and US and a number of other countries including Australia and Canada. There's no automaticity, not everything is shared. A sentient human being takes decisions." Although the sums represent only a small percentage of the agencies' budgets, the money has been an important source of income for GCHQ. The cash came during a period of cost-cutting at the agency which led to staff numbers being slashed from 6,485 in 2009 to 6,132 last year. GCHQ seems desperate to please its American benefactor and the NSA does not hold back when it fails to get what it wants. On one project, GCHQ feared if it failed to deliver it would "diminish NSA's confidence in GCHQ's ability to meet minimum NSA requirements". Another document warned: "The NSA ask is not static and retaining 'equability' will remain a challenge for the near future." In November 2011, a senior GCHQ manager working in Cyprus bemoaned the lack of staff devoted to one eavesdropping programme, saying: "This is not sustainable if numbers reduce further and reflects badly on our commitments to the NSA." The overriding necessity to keep on the right side of the US was revealed in a UK government paper that set out the views of GCHQ in the wake of the 2010 strategic defence and security review. The document was called: "GCHQ's international alliances and partnerships: helping to maintain Britain's standing and influence in the world." It said: "Our key partnership is with the US. We need to keep this relationship healthy. The relationship remains strong but is not sentimental. GCHQ must pull its weight and be seen to pull its weight." Astonishingly, the document admitted that 60% of the UK's high-value intelligence "is based on either NSA end-product or derived from NSA collection". End product means official reports that are distillations of the best raw intelligence. Another pitch to keep the US happy involves reminding Washington that the UK is less regulated than the US. The British agency described this as one of its key "selling points". This was made explicit two years ago when GCHQ set out its priorities for the coming years. "We both accept and accommodate NSA's different way of working," the document said. "We are less constrained by NSA's concerns about compliance." GCHQ said that by 2013 it hoped to have "exploited to the full our unique selling points of geography, partnerships [and] the UK's legal regime". However, there are indications from within GCHQ that senior staff are not at ease with the rate and pace of change. The head of one of its programmes warned the agency was now receiving so much new intelligence that its "mission management ? is no longer fit for purpose". In June, the government announced that the "single intelligence account" fund that pays for GCHQ, MI5 and MI6 would be increased by 3.4% in 2015/16. However, this comes after three years in which the SIA has been cut from ?1.92bn to ?1.88bn. The agencies have also been tasked with making ?220m savings on existing programmes. The parliamentary intelligence and security committee (ISC) recently questioned whether the agencies were making the "claimed savings" and said their budgets should be more rigorously scrutinised to ensure efficiencies were "independently verifiable and/or sustainable". The Snowden documents show GCHQ has become increasingly reliant on money from "external" sources over the last seven years. In 2006 it received the vast majority of its funding directly from Whitehall, with only ?14m from "external" funding. In 2010 that rose to ?118m and by 2011/12 it had reached ?151m. Most of this comes from the Home Office. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 14:16:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 15:16:00 -0400 Subject: [Infowarrior] - NY woman interviewed by cops for online pressure cooker research Message-ID: (c/o RSK) New York woman visited by police after researching pressure cookers online Long Island resident said her web search history and 'trying to learn how to cook lentils' prompted a visit from authorities < - > http://www.theguardian.com/world/2013/aug/01/new-york-police-terrorism-pressure-cooker?CMP=twt_fd&CMP=SOCxx2I2 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 19:04:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 20:04:55 -0400 Subject: [Infowarrior] - New attack plucks secrets from HTTPS-protected pages Message-ID: Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. by Dan Goodin - Aug 1 2013, 11:30am EDT http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/ The HTTPS cryptographic scheme, which protects millions of websites, is susceptible to a new attack that allows hackers to pluck e-mail addresses and certain types of security credentials out of encrypted pages, often in as little as 30 seconds. The technique, scheduled to be demonstrated Thursday at the Black Hat security conference in Las Vegas, decodes encrypted data that online banks and e-commerce sites send in responses that are protected by the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols. The attack can extract specific pieces of data, such as social security numbers, e-mail addresses, certain types of security tokens, and password-reset links. It works against all versions of TLS and SSL regardless of the encryption algorithm or cipher that's used. It requires that the attacker have the ability to passively monitor the traffic traveling between the end user and website. The attack also requires the attacker to force the victim to visit a malicious link. This can be done by injecting an iframe tag in a website the victim normally visits or, alternatively, by tricking the victim into viewing an e-mail with hidden images that automatically download and generate HTTP requests. The malicious link causes the victim's computer to make multiple requests to the HTTPS server that's being targeted. These requests are used to make "probing guesses" that will be explained shortly. "We're not decrypting the entire channel, but only extracting the secrets we care about," Yoel Gluck, one of three researchers who developed the attack, told Ars. "It's a very targeted attack. We just need to find one corner [of a website response] that has the token or password change and go after that page to extract the secret. In general, any secret that's relevant [and] located in the body, whether it be on a webpage or an Ajax response, we have the ability to extract that secret in under 30 seconds, typically." It's the latest attack to chip away at the HTTPS encryption scheme, which forms the cornerstone of virtually all security involving the Web, e-mail, and other Internet services. It joins a pantheon of other hacks introduced over the past few years that bear names such as CRIME, BEAST, Lucky 13, and SSLStrip. While none of the attacks have completely undermined the security afforded by HTTPS, they highlight the fragility of the two-decade-old SSL and TLS protocols. The latest attack has been dubbed BREACH, short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext. As its name suggests, BREACH works by targeting the data compression that just about every website uses to conserve bandwidth. Based on the standard Deflate algorithm, HTTP compression works by eliminating repetitions in strings of text. Rather than iterating "abcd" four times in a chunk of data, for instance, compression will store the string "abcd" only once and then use space-saving "pointers" that indicate where the remaining three instances of the identical pattern are found. By reducing the number of bytes sent over a connection, compression can significantly speed up the time required for a message to be received. In general, the more repetitions of identical strings found in a data stream, the more potential there will be for compression to reduce the overall size. Using what's known as an oracle technique, attackers can use compression to gain crucial clues about the contents of an encrypted message. That's because many forms of encryption?including those found in HTTPS?do little or nothing to stop attackers from seeing the size of the encrypted payload. Compression oracle techniques are particularly effective at ferreting out small chunks of text in the encrypted data stream. BREACH plucks out targeted text strings from an encrypted response by guessing specific characters and including them in probe requests sent back to the targeted Web service. The attack then compares the byte length of the guess to the original response. When the guess contains the precise combination of characters found in the original response, it will generally result in a payload that's smaller than those produced by incorrect guesses. Because deflate compression stores the repetitive strings without significantly increasing the size of the payload, correct guesses will result in encrypted messages that are smaller than those produced by incorrect guesses. On how an Oracle attack works The first thing an attacker using BREACH might do to retrieve an encrypted e-mail address is guess the @ sign and Internet domain immediately to its right. If guesses such as "@arstechnica.com" and "@dangoodin.com" result in encrypted messages that are larger than the request/response pair without this payload, the attacker knows those addresses aren't included in the targeted response body. Conversely, if compressing "@example.com" against the encrypted address results in no length increase, the attacker will have a high degree of confidence that the string is part of the address he or she is trying to extract. From there, attackers can guess the string to the left of the @ sign character by character. Assuming the encrypted address was johndoe at example.com, guesses of a at example.com, b at example.com, c at example.com, and d at example.com would cause the encrypted message to grow. But when the attacker guesses e at example.com, it would result in no appreciable increase, since that string is included in the targeted message. The attacker would then repeat the same process to recover the remainder of the e-mail address, character by character, moving right to left. The technique can be used to extract other types of encrypted text included in Web responses. If the site being targeted sends special tokens designed to prevent so-called cross-site request forgery attacks, the credential will almost always contain the same format?such as "request_token=" followed by a long text string such as"bb63e4ba67e24d6b81ed425c5a95b7a2"?each time it's sent. The compression oracle attack can be used to guess this secret string. An attacker would begin by adding the text "request_token=a" to the text of the encrypted page being targeted and send it in a probe request to the Web server. Since the size of the encrypted payload grows, it would be obvious this guess is wrong. By contrast, adding "request_token=b" to the page wouldn't result in any appreciable increase in length, giving the attacker a strong clue that the first character following the equal sign is b. The attacker would use the same technique to guess each remaining character, one at a time, moving left to right. Most attacks that use the BREACH technique can be completed by making only a "few thousand" requests to the targeted Web service, in about 30 seconds with optimal network conditions and small secrets, and in minutes to an hour for more advanced secrets. BREACH, which was devised by Gluck along with researchers Neal Harris and Angelo Prado, builds off the breakthrough CRIME attack researchers Juliano Rizzo and Thai Duong demonstrated last September. Short for Compression Ratio Info-leak Made Easy, CRIME also exploited the compression in encrypted Web requests to ferret out the plaintext of authentication cookies used to access private user accounts. The research resulted in the suspension of TLS compression and an open networking compression protocol known as SPDY. BREACH, by contrast, targets the much more widely used HTTP compression that virtually all websites use when sending responses to end users. It works only against data sent in responses by the website. "If you go to the Wikipedia page or any of the specialized security pages, they will tell you that CRIME is mitigated as of today and is no longer an interesting attack and nobody cares about it," Prado said. "So we are bringing it back and making it work better, faster in a different context." The good news concerning BREACH is that it works only against certain types of data included in Web responses and then only when an attacker has succeeded in forcing the victim to visit a malicious link. Still, anytime an attacker can extract sensitive data shielded by one of the world's most widely used encryption schemes it's a big deal, particularly as concerns rise about NSA surveillance programs. Making matters more unsettling, there are no easy ways to mitigate the damage BREACH can do. Unlike TLS compression and SPDY, HTTP compression is an essential technology that can't be replaced or discarded without inflicting considerable pain on both website operators and end users. At their Black Hat demo, the researchers will release a collection of tools that will help developers assess how vulnerable their applications and online services are to BREACH attacks. Most mitigations will be application-specific. In other cases, the attacks may give rise to new "best practices" advice on how to avoid including certain types of sensitive data in encrypted Web responses. Most websites already list only the last four digits of a customer's credit card number; BREACH may force websites to truncate other sensitive strings as well. "We expect that it could be leveraged in particular situations, maybe with an intelligence agency, or maybe an individual actor or a malicious crime organization might use this in a targeted scenario," Prado said. "Any malware writer today has the ability to do something like this if they have not been doing it already." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 1 20:31:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Aug 2013 21:31:53 -0400 Subject: [Infowarrior] - 64, 019 Searches: A Dark Journey Into My Google History Message-ID: 64,019 Searches: A Dark Journey Into My Google History http://blogs.wsj.com/corporate-intelligence/2013/07/31/googles-all-seeing-eye-does-it-see-into-me-clearly-or-darkly/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 06:58:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 07:58:57 -0400 Subject: [Infowarrior] - How to Decode the True Meaning of What NSA Officials Say Message-ID: <4523200F-2560-4D72-A1B9-B8324C300039@infowarrior.org> How to Decode the True Meaning of What NSA Officials Say A lexicon for understanding the words U.S. intelligence officials use to mislead the public. By Jameel Jaffer and Brett Max Kaufman Posted Wednesday, July 31, 2013, at 5:29 PM http://www.slate.com/articles/news_and_politics/politics/2013/07/nsa_lexicon_how_james_clapper_and_other_u_s_officials_mislead_the_american.html James Clapper, the director of national intelligence, has been harshly criticized for having misled Congress earlier this year about the scope of the National Security Agency?s surveillance activities. The criticism is entirely justified. An equally insidious threat to the integrity of our national debate, however, comes not from officials? outright lies but from the language they use to tell the truth. When it comes to discussing government surveillance, U.S. intelligence officials have been using a vocabulary of misdirection?a language that allows them to say one thing while meaning quite another. The assignment of unconventional meanings to conventional words allows officials to imply that the NSA?s activities are narrow and closely supervised, though neither of those things is true. What follows is a lexicon for decoding the true meaning of what NSA officials say. Surveillance. Every time we pick up the phone, the NSA makes a note of whom we spoke to, when we spoke to him, and for how long?and it?s been doing this for seven years. After the call-tracking program was exposed, few people thought twice about attaching the label ?surveillance? to it. Government officials, though, have rejected the term, pointing out that this particular program doesn?t involve the NSA actually listening to phone calls?just keeping track of them. Their crabbed definition of ?surveillance? allows them to claim that the NSA isn?t engaged in surveillance even when it quite plainly is. Collect. If an intelligence official says that the NSA isn?t ?collecting? a certain kind of information, what has he actually said? Not very much, it turns out. One of the NSA?s foundational documents states that ?collection? occurs not when the government acquires information but when the government ?selects? or ?tasks? that information for ?subsequent processing.? Thus it becomes possible for the government to acquire great reams of information while denying that it is ?collecting? anything at all. Relevant. The NSA?s call-tracking program is ostensibly based on the Patriot Act?s Section 215, a provision that allows the government to compel businesses to disclose records that are ?relevant? to authorized foreign intelligence investigations. The theory, it seems, is that everybody?s phone records are relevant today because anybody?s phone records might become relevant in the future. This stretches the concept of ?relevance? far beyond the breaking point. Even the legislator who wrote Section 215 has rejected the government?s theory. If ?relevance? is given such a broad compass, what room is left for ?irrelevance?? Targeted. The call-tracking program is only one of the NSA?s surveillance efforts. Another is what?s been branded PRISM, a program that involves the acquisition of the contents of phone calls, emails, and other electronic communications. Americans need not worry about the program, the government says, because the NSA?s surveillance activities are ?targeted? not at Americans but at foreigners outside the United States. No one should be reassured by this. The government?s foreign targets aren?t necessarily criminals or terrorists?they may be journalists, lawyers, academics, or human rights advocates. And even if one is indifferent to the NSA?s invasion of foreigners? privacy, the surveillance of those foreigners involves the acquisition of Americans? communications with those foreigners. The spying may be ?targeted? at foreigners, but it vacuums up thousands of Americans? phone calls and emails. Incidental. Because the government?s surveillance targets are foreigners outside the United States, intelligence officials describe the acquisition of Americans? communications as ?incidental.? But the truth is that the statute behind PRISM?the FISA Amendments Act of 2008?was intended to let the government conduct warrantless surveillance of these very communications. In the debate that preceded passage of the law, intelligence officials told Congress that it was Americans? communications that were of most interest to them. Indeed, when some legislators introduced bills that would have barred access to these communications without a warrant, President Bush said he would veto them. (One of those bills, incidentally, was introduced by then?Sen. Barack Obama.) Inadvertent. The PRISM program sweeps up Americans? purely domestic communications, too. Officials have said that the collection of domestic communications is ?inadvertent,? but PRISM?s very design makes the collection of Americans? domestic communications perfectly predictable. This is in part because the NSA presumes that its surveillance targets are foreigners outside the United States unless it has specific information to the contrary. In 2009, the New York Times reported that the NSA?s collection of purely domestic communications under the 2008 statute had been ?significant and systemic.? Minimize. What does the NSA do with communications that are acquired ?incidentally? or ?inadvertently?? As intelligence officials have told the courts and Congress, so-called ?minimization? procedures limit the NSA?s retention and use of information about American citizens and permanent residents. Here again, though, the terminology is grossly misleading. The 2008 statute gives the NSA broad latitude to retain Americans? communications, share them with other agencies, and even share them with foreign governments. The NSA?s own documents suggest that the agency retains Americans? communications indefinitely if they include ?foreign intelligence information,? a term defined so broadly that it encompasses any conversation relating to foreign affairs. Even communications that don?t include foreign intelligence information are retained for as long as five years. No. When James Clapper was asked at a March Senate hearing whether the NSA was collecting information about millions of Americans, he answered, ?No,? and then, after a pause, ?not wittingly.? As Clapper has now conceded, the correct answer was simply ?yes.? Officials who describe the NSA?s activities using strategically idiosyncratic terminology presumably believe that they are telling the truth. In a certain formal sense, they usually are?though Clapper?s statement is a glaring exception. It shouldn?t need to be said, though, that their duties as public officials go beyond the avoidance of perjury charges. They have an obligation to ensure that the courts, Congress, and the public fully understand the policies that they are being asked to accept. They could start by using the same dictionary the rest of us do. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 07:08:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 08:08:21 -0400 Subject: [Infowarrior] - Crypto experts issue a call to arms to avert the cryptopocalypse Message-ID: <7519212E-D6AF-49C2-81E5-FE7A5DC1D1C2@infowarrior.org> Crypto experts issue a call to arms to avert the cryptopocalypse Nobody can crack important algorithms yet, but the world needs to prepare for that to happen. by Peter Bright - Aug 1 2013, 11:49pm EDT http://arstechnica.com/security/2013/08/crytpo-experts-issue-a-call-to-arms-to-avert-the-cryptopocalypse/ At the Black Hat security conference in Las Vegas, a quartet of researchers, Alex Stamos, Tom Ritter, Thomas Ptacek, and Javed Samuel, implored everyone involved in cryptography, from software developers to certificate authorities to companies buying SSL certificates, to switch to newer algorithms and protocols, lest they wake up one day to find that all of their crypto infrastructure is rendered useless and insecure by mathematical advances. We've written before about asymmetric encryption and its importance to secure communication. Asymmetric encryption algorithms have pairs of keys: one key can decrypt data encrypted with the other key, but cannot decrypt data encrypted with itself. The asymmetric algorithms are built on an underlying assumption that certain mathematical operations are "hard," which is to say, that the time it takes to do the operation increases proportional to some number raised to the power of the length of the key ("exponential time"). However, this assumption is not actually proven, and nobody knows for certain if it is true. The risk exists that the problems are actually "easy," where "easy" means that there are algorithms that will run in a time proportional only to the key length raised to some constant power ("polynomial time"). The most widely used asymmetric algorithms (Diffie Hellman, RSA, and DSA) depend on the difficulty of two problems: integer factorization, and the discrete logarithm. The current state of the mathematical art is that there aren't?yet?any easy, polynomial time solutions to these problems. However, after decades of relatively little progress in improving algorithms related to these problems, a flurry of activity in the past six months has produced faster algorithms for limited versions of the discrete logarithm problem. At the moment, there's no known way to generalize these improvements to make them useful to attack real cryptography, but the work is enough to make cryptographers nervous. They draw an analogy with the BEAST, CRIME, and BREACH attacks used to attack SSL. The theoretical underpinnings for these attacks are many years old, but for a long time were dismissed as merely theoretical and impossible to use in practice. It took new researchers and new thinking to turn them into practical attacks. When that happened, it uncovered a software industry ill-prepared to cope. A lot of software, rather than allowing new algorithms and protocols to be easily plugged in, has proven difficult or impossible to change. This means that switching to schemes that are immune to the BEAST, CRIME, and BREACH attacks is much more difficult than it should be: though there are newer protocols and different algorithms that avoid the problems that these attacks exploit, compatibility concerns mean that they can't be rapidly rolled out and used. The attacks against SSL are at least fairly narrow in scope and utility. A general purpose polynomial time algorithm for integer factorization or the discrete logarithm, however, would not be narrow in scope or utility: it would be readily adapted to blow wide open almost all SSL/TLS, ssh, PGP, and other encrypted communication. (The two mathematical problems, while distinct, share many similarities, so it's likely that an algorithm that solved integer factorization could be adapted in some way to solve the discrete logarithm, and vice versa). Worse, it would make updating these systems in a trustworthy manner nearly impossible: operating systems such as Windows and OS X depend on digital signatures that in turn depend on these same mathematical underpinnings to protect against the installation of fraudulent or malicious updates. If the algorithms were undermined, there would be no way of verifying the authenticity of the updates. While there's no guarantee that this catastrophe will occur?it's even possible that one day it might be proven that the two problems really are hard?the risk is enough to have researchers concerned. The difficulties of change that BEAST et al. demonstrated mean that if the industry is to have a hope of surviving such a revolution in cryptography, it must start making changes now. If it waits for a genius mathematician somewhere to solve these problems, it will be too late to do anything about it. Fortunately, a solution of sorts does exist. A family of encryption algorithms called elliptic curve cryptography (ECC) exists. ECC is similar to the other asymmetric algorithms in that it's based on a problem that's assumed to be hard (in this case, the elliptic curve discrete logarithm). However, ECC has the additional property that its hard problem is sufficiently different from integer factorization and the regular discrete logarithm that breakthroughs in either of those shouldn't imply breakthroughs in cracking ECC. However, support for ECC is still very problematic. Much of the technology is patented by BlackBerry, and those patents are enforced. There are certain narrow licenses available for implementations of ECC that meet various US government criteria, but the broader patent issues have led some vendors to refuse to support the technology. Further, support of protocols that can use ECC, such as TLS 1.2 (the latest iteration of SSL technology) is still not widely available. Certificate authorities have also been slow to offer ECC certificates. As such, the researchers are calling for the computer industry as a whole to do two things. First, embrace ECC today. Second, ensure that systems that use cryptography are agile. They must not be lumbered with limited sets of algorithms and obsolete protocols. They must instead make updating algorithms and protocols quick and easy, to ensure that software systems can keep pace with the mathematical research, and adapt quickly to new developments and techniques. The cryptopocalypse might never happen?but we should be prepared in case it does. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 08:14:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 09:14:24 -0400 Subject: [Infowarrior] - Dianne Feinstein knows best. Riiight. Message-ID: <5891F664-D052-4246-AB58-1CE42A2BEA71@infowarrior.org> Congressional Oversight? Dianne Feinstein Says She's 'Not A High-Tech Techie' But Knows NSA Can't Abuse Surveillance from the oh-really? dept http://www.techdirt.com/articles/20130801/16094924041/congressional-oversight-dianne-feinstein-says-shes-not-high-tech-techie-knows-nsa-cant-abuse-surveillance.shtml As the NSA and defenders of NSA surveillance are trying to minimize the damage from the latest leak, which revealed the details of the XKeyscore program, they're bending over backwards to insist that this program is both limited and immune from abuse. We've already mentioned that the claims that it can't be abused are laughable since there's already a well-documented history of abuse. However, even more bizarre is the following quote from Senate Intelligence Committee boss, Senator Dianne Feinstein (a staunch defender of the surveillance programs): Feinstein said, ?I am not a high-tech techie, but I have been told that is not possible.? Note that among Feinstein's jobs is oversight of this program. Yet, what kind of "oversight" is it when she admits that she's not qualified to understand the technology but "has been told" that such abuses are not possible? That doesn't seem like oversight. That seems like asking the NSA "can this system be abused?" and the NSA saying "oh, no no no, not at all." That's not exactly oversight, now is it? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 09:59:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 10:59:24 -0400 Subject: [Infowarrior] - The Public-Private Surveillance Partnership Message-ID: <398870BB-63FD-41E6-80D3-8E9989EC473E@infowarrior.org> The Public-Private Surveillance Partnership By Bruce Schneier - Jul 31, 2013 http://www.bloomberg.com/news/print/2013-07-31/the-public-private-surveillance-partnership.html Imagine the government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we all carry mobile phones. If the National Security Agency required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook Inc. (FB) If the Federal Bureau of Investigation demanded copies of all our conversations and correspondence, it would be laughed at. Yet we provide copies of our e-mail to Google Inc. (GOOG), Microsoft Corp. (MSFT) or whoever our mail host is; we provide copies of our text messages to Verizon Communications Inc. (VZ), AT&T Inc. (T) and Sprint Corp. (S); and we provide copies of other conversations to Twitter Inc., Facebook, LinkedIn (LNKD) Corp. or whatever other site is hosting them. The primary business model of the Internet is built on mass surveillance, and our government?s intelligence-gathering agencies have become addicted to that data. Understanding how we got here is critical to understanding how we undo the damage. Computers and networks inherently produce data, and our constant interactions with them allow corporations to collect an enormous amount of intensely personal data about us as we go about our daily lives. Sometimes we produce this data inadvertently simply by using our phones, credit cards, computers and other devices. Sometimes we give corporations this data directly on Google, Facebook, Apple Inc.?s iCloud and so on in exchange for whatever free or cheap service we receive from the Internet in return. The NSA is also in the business of spying on everyone, and it has realized it?s far easier to collect all the data from these corporations rather than from us directly. In some cases, the NSA asks for this data nicely. In other cases, it makes use of subtle threats or overt pressure. If that doesn?t work, it uses tools like national security letters. The Partnership The result is a corporate-government surveillance partnership, one that allows both the government and corporations to get away with things they couldn?t otherwise. There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations. Historically, these two areas have largely remained separate, but today each group has learned how to use the other?s laws to bypass their own restrictions. The government uses corporations to get around its limits, and corporations use the government to get around their limits. This partnership manifests itself in various ways. The government uses corporations to circumvent its prohibitions against eavesdropping domestically on its citizens. Corporations rely on the government to ensure that they have unfettered use of the data they collect. Here?s an example: It would be reasonable for our government to debate the circumstances under which corporations can collect and use our data, and to provide for protections against misuse. But if the government is using that very data for its own surveillance purposes, it has an incentive to oppose any laws to limit data collection. And because corporations see no need to give consumers any choice in this matter -- because it would only reduce their profits -- the market isn?t going to protect consumers, either. Our elected officials are often supported, endorsed and funded by these corporations as well, setting up an incestuous relationship between corporations, lawmakers and the intelligence community. The losers are us, the people, who are left with no one to stand up for our interests. Our elected government, which is supposed to be responsible to us, is not. And corporations, which in a market economy are supposed to be responsive to our needs, are not. What we have now is death to privacy -- and that?s very dangerous to democracy and liberty. Challenging Power The simple answer is to blame consumers, who shouldn?t use mobile phones, credit cards, banks or the Internet if they don?t want to be tracked. But that argument deliberately ignores the reality of today?s world. Everything we do involves computers, even if we?re not using them directly. And by their nature, computers produce tracking data. We can?t go back to a world where we don?t use computers, the Internet or social networking. We have no choice but to share our personal information with these corporations, because that?s how our world works today. Curbing the power of the corporate-private surveillance partnership requires limitations on both what corporations can do with the data we choose to give them and restrictions on how and when the government can demand access to that data. Because both of these changes go against the interests of corporations and the government, we have to demand them as citizens and voters. We can lobby our government to operate more transparently -- disclosing the opinions of the Foreign Intelligence Surveillance Court would be a good start -- and hold our lawmakers accountable when it doesn?t. But it?s not going to be easy. There are strong interests doing their best to ensure that the steady stream of data keeps flowing. (Bruce Schneier is a computer security technologist. He is the author of several books, including his latest, ?Liars and Outliers: Enabling the Trust Society Needs to Thrive.?) To contact the writer of this article: Bruce Schneier at schneier at schneier.com. To contact the editor responsible for this article: Alex Bruns at abruns at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 09:59:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 10:59:27 -0400 Subject: [Infowarrior] - Open-source Textbooks from OpenStax College Message-ID: <2EB77527-110F-471E-9E7A-A5C0BD92A9FE@infowarrior.org> Download Free, Open-source Textbooks from OpenStax College Textbooks are incredibly expensive (not to mention cumbersome and heavy in dead tree format). Smart students can pick up free digital textbooks from several sources, including one we haven't mentioned before: Rice University's OpenStax College. http://lifehacker.com/download-free-open-source-textbooks-from-openstax-coll-993587743 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 10:21:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 11:21:20 -0400 Subject: [Infowarrior] - Germany ends Cold War spying pact with US, Britain Message-ID: <97D7F486-21F1-4DE5-9CB9-9FD79603E815@infowarrior.org> (I'm sure this will make Merkel look stronger going into elections soon, too. --rick) Germany ends Cold War spying pact with US, Britain By FRANK JORDANS ? Aug. 2 10:57 AM EDT http://bigstory.ap.org/article/germany-nixes-surveillance-pact-us-britain BERLIN (AP) ? Germany canceled a Cold War-era surveillance pact with the United States and Britain on Friday in response to revelations by National Security Agency leaker Edward Snowden about those countries' alleged electronic eavesdropping operations. The move appeared largely symbolic, designed to show that the German government was taking action to stop unwarranted surveillance directed against its citizens without actually jeopardizing relations with Washington and London. With weeks to go before national elections, opposition parties had seized on Snowden's claim that Germany was complicit in the NSA's intelligence-gathering operations. Government officials have insisted that U.S. and British intelligence were never given permission to break Germany's strict privacy laws. But they conceded last month that an agreement dating back to the late 1960s gave the U.S., Britain and France the right to request German authorities to conduct surveillance operations within Germany to protect their troops stationed there. "The cancellation of the administrative agreements, which we have pushed for in recent weeks, is a necessary and proper consequence of the recent debate about protecting personal privacy," Germany's Foreign Minister Guido Westerwelle said in a statement. British Foreign Office brushed off the significance of the German move. "It's a loose end from a previous era which is right to tie up," the Foreign Office said in a statement, noting that the agreement had not been used since 1990. A spokeswoman for the U.S. embassy in Berlin, Ruth Bennett, confirmed that the agreement had been canceled but declined to comment further on the issue. A German official, speaking on condition of anonymity, also said the cancellation would have little practical consequences. He said the move was largely symbolic since the agreement had not been invoked since the end of the Cold War and would have no impact on current intelligence cooperation between Germany and its NATO allies. The official, who spoke on condition of anonymity because he wasn't authorized to publicly discuss the issue, said Germany was currently in talks with France to cancel its part of the agreement as well. Public reaction in Germany to Snowden's revelations was particularly strong, with civil rights campaigners recalling the mass surveillance carried out by secret police in communist East Germany and during the Nazi era. Merkel went so far as to raise the issue of alleged NSA spying with President Barack Obama when he visited Berlin in June. "The government needs to do something to show voters it's taking the issue seriously," said Henning Riecke of the German Council on Foreign Relations, a Berlin-based think tank. "Ending an agreement made in the pre-Internet age gives the Germans a chance to show they're doing something, and at the same time the Americans know it's not going to hurt them. Given the good relations between the intelligence agencies, they'll get the information they need anyway." According to Snowden, Germany has been a particular focus on U.S. intelligence gathering operations in recent years. Several of those who plotted and carried out the Sept. 11, 2001, terror attacks in the United States had lived in Germany. In March 2011, two U.S. Air Force members were killed and two wounded when a gunman from Kosovo fired on a military bus at Frankfurt International Airport. The gunman told police he was motivated by anger over the U.S.-led wars in Iraq and Afghanistan. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 12:28:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 13:28:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_Thing_We_Don=92t_Talk_About_?= =?windows-1252?q?in_Piracy_Estimates?= Message-ID: The Thing We Don?t Talk About in Piracy Estimates by Matt Schruers on July 25, 2013 http://www.project-disco.org/intellectual-property/072513-the-thing-we-dont-talk-about-in-piracy-estimates/ Today the House Judiciary committee is holding a hearing on the impact of copyright on the economy [webcast here]; I have already weighed in on it here. One of the important elements of the hearing should be to address empirical deficiencies in what we know about the effect of infringement. A recent report by the National Academies summed it up: not much. The problem with research in this area is that it is hard to conduct reasoned analysis when some subjects are off-limits. There are certain assumptions which simply cannot be questioned in economic loss analyses involving IP. It is not unlike the fact that the early study of geology suffered because for generations, it was socially unacceptable for geologists to even discuss evidence undermining the previously unchallenged notion that earth had sprung swiftly into being at the decent hour of 9 AM on a crisp Monday in October. When we cannot even acknowledge the ramifications of certain empirical issues ? at least, not in polite company ? academic progress is unlikely. So what is The Issue of Which One May Not Speak? The fact that money not spent on pirated content is, in many cases, still spent. The U.S. Government Accountability Office pointed this out in a widely discussed report in 2010, observing that ?effects of piracy within the United States are mainly redistributions within the economy for other purposes and that they should not be considered as a loss to the overall economy.? Money does not ?just vanish.? A Swiss Government commission made a similar observation the following year. Nevertheless, critics excoriated the GAO report and others like it for simply observing that intra-economy transfers are often redistributive, instead of destructive. Polite people just don?t say things like that. An old humorous ?Adult Swim? commercial pokes fun at this. Citing a then-recent estimate of the costs of film piracy to the economy, the ad observes that it is false to claim that this money is ?lost? to the economy ? rather, those are lost to the industry.* When infringement occurs, the infringer loses money. Money saved by those infringing content is still spent on other things, however, such as baby formula. Thus, the commercial arrives at the tongue-in-cheek observation that instead of costing the economy, ?film piracy feeds babies.? However, television piracy, it concludes with facetious gravitas, ?is destroying this great nation of ours. Naughty pirates.? Several years old now, the ad is nevertheless surprising because it acknowledges the taboo subject: some degree of infringement is not wealth destruction but rather wealth redistribution. The fact that infringement may be redistributive instead of destructive does not make it acceptable, of course. A violation of a government-granted right is normatively undesirable, because it flouts an entitlement that ? at least in theory ? reflects the will of the public. This is bad. Even if infringement is ?only? redistributive, we still make strong normative societal judgments against involuntary wealth redistribution. This happens regardless of whether it results from law (e.g., by tax policy), or contrary to law (e.g., infringement). Normatively bad isn?t the same as an economically bad, however. Not all normative transgressions necessarily have macroeconomic consequences. And yet those two items are invariably linked when studies consider infringement. Infringement is bad, therefore we must assign an economic cost to its badness. Hence, study after study makes the repeatedly discredited assumption that every infringement is a lost sale, usually calculated at the highest retail price for which the good was offered, and every lost sale represents a commensurate economic loss. None of this should diminish the opprobrium we assign to infringement: a reduced return means decreased incentive and may translate to reduced creative output. There must be some truth to this incentive theory, or centuries of IP law are based on a flawed premise. In this sense, redistribution is destruction if it deters future investment. That?s a slightly more complex model ? one which has yet to be built. Clearly, intellectual property is important to our economy ? as is open competition, and the free exchange of ideas. These three forces are each valuable tools in the ?innovation toolbox?, and allowing any one of them to be undermined ? including intellectual property ? may impair innovation, along with other important social goals. But as long as the empirical evidence around the policy conversation is so impoverished, we won?t be making well-informed decisions. * This observation is only true with respect to the U.S. economy. Some amount of piracy occurs abroad, and the ?savings? accruing to consumers are invested in foreign economies; this is certainly a loss to the U.S. economy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 16:24:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 17:24:12 -0400 Subject: [Infowarrior] - Congress eyes renewed push for legislation to rein in the NSA Message-ID: <7015F9C9-617D-4FFA-9CAA-16B62DC2152E@infowarrior.org> (As always, the devil is in the final details. --rick) Congress eyes renewed push for legislation to rein in the NSA Proposals signify major shift in political opinion as laws would represent the first rollback of the NSA's powers since 9/11 ? Spencer Ackerman and Paul Lewis in Washington ? theguardian.com, Friday 2 August 2013 14.20 EDT http://www.theguardian.com/world/2013/aug/02/congress-nsa-legislation-surveillance Members of Congress are considering 11 legislative measures to constrain the activities of the National Security Agency, in a major shift of political opinion in the eight weeks since the first revelations from whistleblower Edward Snowden. The proposals range from repealing the legal foundations of key US surveillance powers to more moderate reforms of the secretive court proceedings for domestic spying. If enacted, the laws would represent the first rollback of the NSA's powers since 9/11. The Guardian has spoken to six key lawmakers involved in the push to rein in the NSA, and those involved in the process argue there is now an emerging consensus that the bulk collection of millions of phone records needs to be overhauled or even ended. Justin Amash, the Republican congressman whose measure to terminate the indiscriminate collection of phone data was narrowly defeated 10 days ago, said he was certain the next legislative push will succeed. "The people who voted no are, I think, hopeful to get another opportunity to vote yes on reforming this program and other programs," he said. In the Senate, Democrat Ron Wyden said there was similarly "strong bipartisan support for fundamental reforms", a direct consequence of revelations about the nature and power of NSA surveillance. "Eight weeks ago, we wouldn't have had this debate in the Congress," he said. "Eight weeks ago there wouldn't have been this extraordinary vote." On Thursday, Snowden was granted temporary asylum in Russia, to the fury of Washington. The White House said it was "extremely disappointed" in the decision, and hinted that Barack Obama may pull out of a bilateral summit with Vladimir Putin in September. But even as Snowden was leaving the Moscow airport where he has been holed up for more than a month, Obama was telling key members of Congress at a meeting at the Oval Office that he was "open to suggestions" for reforming the NSA surveillance programs that have embroiled his administration in controversy. Wyden, a long-standing critic of dragnet surveillance, is backing a range of legislative efforts that would end bulk phone records acquisition and revamp the foreign intelligence surveillance (Fisa) court, which grants the NSA legal authorization for its mass collection. Several senators are supporting a bill introduced on Thursday by Democrat Richard Blumenthal which would introduce a public advocate into some proceedings at the court, which currently only hears the US government's case. In the past 30 years, it has turned down just 11 of the nearly 34,000 warrant requests submitted by federal authorities. Senior administration officials have indicated they are open to Blumenthal's proposals ? which would not in themselves curtail the NSA's powers. Another measure directed at the Fisa court is being brought by House Democrat Adam Schiff, who sits on the powerful intelligence committee. Under his plan, the court's judges, who are currently selected by the chief justice of the supreme court, would be appointed instead by the president, a process that would require them to undergo a congressional confirmation process. "Then you have these judges publicly vetted on their fourth amendment views prior to being placed on the court," Schiff said, referring to the constitutional freedom from unreasonable searches and seizures. Other measures seek to make government surveillance more transparent. This week Democratic senator Al Franken introduced a bill to force the US government to regularly report on the number of Americans whose data is being collated by the NSA. It would also permit internet companies to disclose the number of requests they receive for data. "The American public deserves more transparency, and my bill goes a long toward doing that," Franken said. A similar bill has been introduced by his Democratic colleague Jeff Merkley, who wants to compel the administration to disclose the key legal ruling from the Fisa court that governs how phone records are collected. Representative Zoe Lofgren, a California Democrat who on Friday introduced a bill promoting greater transparency around surveillance orders received by private companies, stressed the cross-party nature of the measures. "If you've noticed, we've not had a rash of bipartisan efforts in the House," she said, referring to the gridlock that has held up other legislation. There are other lawmakers who are pushing for more profound reforms. They include Republican James Sensenbrenner, the author of the post-9/11 Patriot Act, which the NSA has used to justify some of its data collection methods. His support of the Amash amendment last week revealed how far Congress has shifted in the weeks since the Snowden leaks were published. Sensenbrenner said the Patriot Act was being interpreted to allow for forms of surveillance that were never envisaged when it was passed. He now supports an Amash-style bill that would prevent the NSA from hoovering up phone records without specific justification. Most of the efforts focus on constraining the NSA's ability to spy on Americans. There is less congressional support for limiting its spying on foreigners' internet communication. One major exception is a measure introduced by House Democrat Rush Holt, that would repeal both the Patriot Act and the Fisa Amendments Act of 2008, two legislative pillars of post-9/11 surveillance. Holt, who previously served on the intelligence committee, represents the most sceptical wing of Congress. "I learned that the heads of the NSA and other intelligence agencies are schooled in secrecy and deception. You can't always believe everything they say," he said. "They say these have stopped 50 attacks or something like that, and though I'm not on the intelligence committee right now, and I can't speak item-by-item, I can be pretty sure that there's probably not too much truth to it." His bill represents the most radical congressional attempt at surveillance reform. Its prospects are not good, particularly because it would curtail Prism, one of the NSA programs to spy on the internet communications in foreign lands. Schiff said Prism was more popular in congress for two reasons. First, Prism "is focused outside the United States and not on US citizens". Second, Schiff said its effectiveness is "much more substantial" than the phone records collection. Intelligence officials have struggled to show how collecting bulk phone metadata was critical to foiling even one terrorist plot. Lawmakers may fume at the idea of collecting the phone records of Americans, but they seem nonplussed at the notion the NSA can freely access the emails of foreigners. Even those who do have concerns about Prism ? such as Wyden ? are looking for ways to ensure Americans are not ensnared in its dragnet, rather than ending it entirely. "It has become increasingly apparent that the balance between security and liberty has been tainted," Sensenbrenner said in a statement after he left the White House meeting. "The conversation was very productive and everyone agreed something must be done."--- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 2 17:06:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Aug 2013 18:06:42 -0400 Subject: [Infowarrior] - FBI pressures Internet providers to install surveillance software Message-ID: <1FEC7DF9-9212-4804-B5FE-BA4216726A90@infowarrior.org> FBI pressures Internet providers to install surveillance software CNET has learned the FBI has developed custom "port reader" software to intercept Internet metadata in real time. And, in some cases, it wants to force Internet providers to use the software. by Declan McCullagh August 2, 2013 12:26 PM PDT http://news.cnet.com/8301-13578_3-57596791-38/fbi-pressures-internet-providers-to-install-surveillance-software/ The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts. FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI's legal position during these discussions is that the software's real-time interception of metadata is authorized under the Patriot Act. Attempts by the FBI to install what it internally refers to as "port reader" software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the "harvesting program." Carriers are "extra-cautious" and are resisting installation of the FBI's port reader software, an industry participant in the discussions said, in part because of the privacy and security risks of unknown surveillance technology operating on an sensitive internal network. It's "an interception device by definition," said the industry participant, who spoke on condition of anonymity because court proceedings are sealed. "If magistrates knew more, they would approve less." It's unclear whether any carriers have installed port readers, and at least one is actively opposing the installation. In a statement from a spokesman, the FBI said it has the legal authority to use alternate methods to collect Internet metadata, including source and destination IP addresses: "In circumstances where a provider is unable to comply with a court order utilizing its own technical solution(s), law enforcement may offer to provide technical assistance to meet the obligation of the court order." AT&T, T-Mobile, Verizon, Comcast, and Sprint declined to comment. A government source familiar with the port reader software said it is not used on an industry-wide basis, and only in situations where carriers' own wiretap compliance technology is insufficient to provide agents with what they are seeking. For criminal investigations, police are generally required to obtain a wiretap order from a judge to intercept the contents of real-time communication streams, including e-mail bodies, Facebook messages, or streaming video. Similar procedures exist for intelligence investigations under the Foreign Intelligence Surveillance Act, which has received intense scrutiny after Edward Snowden's disclosures about the National Security Agency's PRISM database. There's a significant exception to both sets of laws: large quantities of metadata can be intercepted in real time through a so-called pen register and trap and trace order with minimal judicial review or oversight. That metadata includes IP addresses, e-mail addresses, identities of Facebook correspondents, Web sites visited, and possibly Internet search terms as well. "The statute hasn't caught up with the realties of electronic communication," says Colleen Boothby, a partner at the Washington, D.C. firm of Levine, Blaszak, Block & Boothby who represents technology companies and industry associations. Judges are not always in a position, Boothby said, to understand how technology has outpaced the law. Judges have concluded in the past that they have virtually no ability to deny pen register and trap and trace requests. "The court under the Act seemingly provides nothing more than a rubber stamp," wrote a federal magistrate judge in Florida, referring to the pen register law. A federal appeals court has ruled that the "judicial role in approving use of trap and trace devices is ministerial in nature." A little-noticed section of the Patriot Act that added one word -- "process" -- to existing law authorized the FBI to implant its own surveillance technology on carriers' networks. It was in part an effort to put the bureau's Carnivore device, which also had a pen register mode, on a firmer legal footing. A 2003 compliance guide prepared by the U.S. Internet Service Provider Association reported that the Patriot Act's revisions permitted "law enforcement agencies to use software instead of physical mechanisms to collect relevant pen register" information. Even though the Patriot Act would authorize the FBI to deploy port reader software with a pen register order, the legal boundaries between permissible metadata and impermissible content remain fuzzy. "Can you get things like packet size or other information that falls somewhere in the grey area between traditional pen register and content?" says Alan Butler, appellate advocacy counsel at the Electronic Privacy Information Center. "How does the judge know the box is actually doing? How does the service provider know? How does anyone except the technician know what's going on?" An industry source said the FBI wants providers to use their existing CALEA compliance hardware to route the targeted customer's communications through the port reader software. The software discards the content data and extracts the metadata, which is then provided to the bureau. (The 1994 Communications Assistance for Law Enforcement Act, or CALEA, requires that communication providers adopt standard practices to comply with lawful intercepts.) Whether the FBI believes its port reader software should be able to capture Subject: lines, URLs that can reveal search terms, Facebook "likes" and Google+ "+1s," and so on remains ambiguous, and the bureau declined to elaborate this week. The Justice Department's 2009 manual (PDF) requires "prior consultation" with the Computer Crime and Intellectual Property Section before prosecutors use a pen register to "collect all or part of a URL." "The last time I had to ask anybody that, they refused to answer," says Paul Rosenzweig, a former Homeland Security official and founder of Red Branch Consulting, referring to Subject: lines. "They liked creative ambiguity." Some metadata may, however, not be legally accessible through a pen register. Federal law says law enforcement may acquire only "dialing, routing, addressing, or signaling information" without obtaining a wiretap. That clearly covers, for instance, the Internet Protocol address of a Web site that a targeted user is visiting. The industry-created CALEA standard also permits law enforcement to acquire timestamp information and other data. But the FBI has configured its port reader to intercept all metadata -- including packet size, port label, and IPv6 flow data -- that exceeds what the law permits, according to one industry source. In 2007, the FBI, the Justice Department, and the Drug Enforcement Administration asked the Federal Communications Commission for an "expedited rulemaking" process to expand what wireless providers are required to do under CALEA. The agencies said they wanted companies to be required to provide more information about Internet packets, including the "field identifying the next level protocol used in the data portion of the Internet datagram," which could reveal what applications a customer is using. The FCC never ruled on the law enforcement request. Because it's relatively easy to secure a pen register and trap and trace order -- they only require a law enforcement officer to certify the results will likely be "relevant" to an investigation -- they're becoming more common. The Justice Department conducted 1,661 such intercepts in 2011 (PDF), up from only 922 a year earlier (PDF). That less privacy-protective standard is no accident. A U.S. Senate report accompanying the pen register and trap and trace law said its authors did "not envision an independent judicial review of whether the application meets the relevance standard." Rather, the report said, judges are only permitted to "review the completeness" of the paperwork. Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation and a former federal public defender, said he's concerned about port reader software doing more than the carriers know. "The bigger fear is that the boxes are secretly storing something," he said, "or that they're doing more than just simply allowing traffic to sift through and pulling out the routing information." "For the Feds to try to push the envelope is to be expected," Fakhoury said. "But that doesn't change the fact that we have laws in place to govern this behavior for a good reason." Update 2:30 p.m. PT: Here's a link to a 2006 court case elaborating on what counts as metadata for pen register and trap and trace orders. In it, the U.S. District Court in Washington, D.C., ruled that federal law "unambiguously authorize[s]" the government to use such an order to obtain all information about an e-mail account except "the Subject: line and body of the communication." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 3 17:49:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Aug 2013 18:49:48 -0400 Subject: [Infowarrior] - University of California to allow open access to new academic papers Message-ID: <970B6706-0457-4D33-923F-6B0A0AB4B5C5@infowarrior.org> University of California to allow open access to new academic papers On November 1, faculty will be automatically enrolled in the UC's open access policy. by Megan Geuss - Aug 3 2013, 4:45pm EDT http://arstechnica.com/tech-policy/2013/08/university-of-california-to-allow-open-access-to-new-academic-papers/ The University of California?an enormous institution that encompasses 10 campuses and over 8,000 faculty members?introduced an Open Access Policy late last week. This policy grants the UC a license to its faculty's work by default, and requires them to provide the UC with copy of their peer-reviewed papers on the paper's publication date. The UC then posts the paper online to eScholarship, its open access publishing site, where the paper will be available to anyone, free of charge. Making the open access license automatic for its faculty leverages the power of the institution?which publishes over 40,000 scholarly papers a year?against the power of publishers who would otherwise lock content behind a paywall. ?It is much harder for individuals to negotiate these rights on an individual basis than to assert them collectively,? writes the UC. ?By making a blanket policy, individual faculty benefit from membership in the policy-making group, without suffering negative consequences. Faculty retain both the individual right to determine the fate of their work, and the benefit of making a collective commitment to open access.? Faculty members will be allowed to opt out of the scheme if necessary?if they have a prior contract with a journal, for example. Academic papers published in traditional journals before the enactment of this policy will not be made available on eScholarship at this time. ?As faculty members, we are asserting our control over the publication of scholarly research and recognize the responsibility for making that process sustainable and true to the intentions of scholars,? explained the UC on a FAQ page. ?The faculty are also sending a strong collective message to publishers about the values and the system we would like in the future.? The move comes at a time when the US federal government is heavily promoting open access. In February 2013, the White House announced that all science papers produced through federal funding would be made available to the public one year after their publication, and the Obama Administration is working to extend that policy to cover the information published by all federal agencies. Many other institutions have adopted open access policies, including 177 other universities and the World Bank. As Chris Kelty, associate professor at the Department of Information Studies at UCLA, explained in a series of videos on the UC's eScholarship site: ?Everybody benefits from this really, the faculty benefit from this because their work's more widely available, it might come in for higher citations. The University benefits because the profile of the University is higher and it might send a message to Sacramento about our commitment to research. And the public benefits?whether you're a K-12 teacher, or someone in an emergency room looking for an article, or someone in business trying to get a patent, everyone in the public benefits from wider availability of our research.? In addition, Kelty explained, publishers ?are quite reconciled to this? after seeing 177 other universities take a similar path. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 3 20:48:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Aug 2013 21:48:52 -0400 Subject: [Infowarrior] - Other Agencies Clamor for Data N.S.A. Compiles Message-ID: <850CF7D2-A6F3-4101-AA10-140D627C8C58@infowarrior.org> Other Agencies Clamor for Data N.S.A. Compiles By ERIC LICHTBLAU and MICHAEL S. SCHMIDT Published: August 3, 2013 http://www.nytimes.com/2013/08/04/us/other-agencies-clamor-for-data-nsa-compiles.html WASHINGTON ? The National Security Agency?s dominant role as the nation?s spy warehouse has spurred frequent tensions and turf fights with other federal intelligence agencies that want to use its surveillance tools for their own investigations, officials say. Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the security agency?s vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say. Intelligence officials say they have been careful to limit the use of the security agency?s troves of data and eavesdropping spyware for fear they could be misused in ways that violate Americans? privacy rights. The recent disclosures of agency activities by its former contractor Edward J. Snowden have led to widespread criticism that its surveillance operations go too far and have prompted lawmakers in Washington to talk of reining them in. But out of public view, the intelligence community has been agitated in recent years for the opposite reason: frustrated officials outside the security agency say the spy tools are not used widely enough. ?It?s a very common complaint about N.S.A.,? said Timothy H. Edgar, a former senior intelligence official at the White House and at the office of the director of national intelligence. ?They collect all this information, but it?s difficult for the other agencies to get access to what they want.? ?The other agencies feel they should be bigger players,? said Mr. Edgar, who heard many of the disputes before leaving government this year to become a visiting fellow at Brown University. ?They view the N.S.A. ? incorrectly, I think ? as this big pot of data that they could go get if they were just able to pry it out of them.? Smaller intelligence units within the Drug Enforcement Administration, the Secret Service, the Pentagon and the Department of Homeland Security have sometimes been given access to the security agency?s surveillance tools for particular cases, intelligence officials say. But more often, their requests have been rejected because the links to terrorism or foreign intelligence, usually required by law or policy, are considered tenuous. Officials at some agencies see another motive ? protecting the security agency?s turf ? and have grown resentful over what they see as a second-tier status that has undermined their own investigations into security matters. At the drug agency, for example, officials complained that they were blocked from using the security agency?s surveillance tools for several drug-trafficking cases in Latin America, which they said might be connected to financing terrorist groups in the Middle East and elsewhere. At the Homeland Security Department, officials have repeatedly sought to use the security agency?s Internet and telephone databases and other resources to trace cyberattacks on American targets that are believed to have stemmed from China, Russia and Eastern Europe, according to officials. They have often been rebuffed. Officials at the other agencies, speaking only on the condition of anonymity because they were not authorized to discuss the tensions, say the National Security Agency?s reluctance to allow access to data has been particularly frustrating because of post-Sept. 11 measures that were intended to encourage information-sharing among federal agencies. In fact, a change made in 2008 in the executive order governing intelligence was intended to make it easier for the security agency to share surveillance information with other agencies if it was considered ?relevant? to their own investigations. It has often been left to the national intelligence director?s office to referee the frequent disputes over how and when the security agency?s spy tools can be used. The director?s office declined to comment for this article. Typically, the agencies request that the N.S.A. target individuals or groups for surveillance, search its databases for information about them, or share raw intelligence, rather than edited summaries, with them. If those under scrutiny are Americans, approval from the secret Foreign Intelligence Surveillance Court is required. The security agency, whose mission is to spy overseas, and the F.B.I., its main partner in surveillance operations, dominate the process as the Justice Department?s main ?customers? in seeking warrants from the intelligence court, with nearly 1,800 approved by the court last year. In a statement, the security agency said that it ?works closely with all intelligence community partners, and embeds liaison officers and other personnel at those agencies for the express purpose of ensuring N.S.A. is meeting their requirements and providing support to their missions.? The security agency?s spy tools are attractive to other agencies for many reasons. Unlike traditional, narrowly tailored search warrants, those granted by the intelligence court often allow searches through records and data that are vast in scope. The standard of evidence needed to acquire them may be lower than in other courts, and the government may not be required to disclose for years, if ever, that someone was the focus of secret surveillance operations. Decisions on using the security agency?s powers rest on many complicated variables, including a link to terrorism or ?foreign intelligence,? the type of surveillance or data collection that is being conducted, the involvement of American targets, and the priority of the issue. ?Every agency wants to think that their mission has to be the highest priority,? said a former senior White House intelligence official involved in recent turf issues. Other intelligence shops usually have quick access to N.S.A. tools and data on pressing matters of national security, like investigating a terrorism threat, planning battlefield operations or providing security for a presidential trip, officials say. But the conflicts arise during longer-term investigations with unclear foreign connections. In pressing for greater access, a number of smaller agencies maintain that their cases involve legitimate national security threats and could be helped significantly by the N.S.A.?s ability to trace e-mails and Internet activity or other tools. Drug agency officials, for instance, have sought a higher place for global drug trafficking on the intelligence community?s classified list of surveillance priorities, according to two officials. Dawn Dearden, a drug agency spokeswoman, said it was comfortable allowing the N.S.A. and the F.B.I. to take the lead in seeking surveillance warrants. ?We don?t have the authority, and we don?t want it, and that comes from the top down,? she said. But privately, intelligence officials at the drug agency and elsewhere have complained that they feel shut out of the process by the N.S.A. and the F.B.I. from start to finish, with little input on what groups are targeted with surveillance and only sporadic access to the classified material that is ultimately collected. Sometimes, security agency and bureau officials accuse the smaller agencies of exaggerating links to national security threats in their own cases when pushing for access to the security agency?s surveillance capabilities. Officials from the other agencies say that if a link to national security is considered legitimate, the F.B.I. will at times simply take over the case itself and work it with the N.S.A. In one such case, the bureau took control of a Secret Service investigation after a hacker was linked to a foreign government, one law enforcement official said. Similarly, the bureau became more interested in investigating smuggled cigarettes as a means of financing terrorist groups after the case was developed by the Bureau of Alcohol, Tobacco, Firearms and Explosives. Mr. Edgar said officials in the national intelligence director?s office occasionally allow other agencies a role in identifying surveillance targets and seeing the results when it is relevant to their own inquiries. But more often, he acknowledged, the office has come down on the side of keeping the process held to an ?exclusive club? at the N.S.A., the F.B.I. and the Justice Department, with help from the Central Intelligence Agency on foreign issues. Officials in the national intelligence director?s office worry about opening the surveillance too widely beyond the security agency and the F.B.I. for fear of abuse, Mr. Edgar said. The two intelligence giants have been ?burned? by past wiretapping controversies and know the political consequences if they venture too far afield, he added. ?I would have been very uncomfortable if we had let these other agencies get access to the raw N.S.A. data,? he said. As furious as the public criticism of the security agency?s programs has been in the two months since Mr. Snowden?s disclosures, ?it could have been much, much worse, if we had let these other agencies loose and we had real abuses,? Mr. Edgar said. ?That was the nightmare scenario we were worried about, and that hasn?t happened.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 3 20:52:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Aug 2013 21:52:32 -0400 Subject: [Infowarrior] - Bradley Manning and "hacker madness" scare tactic Message-ID: <0B62D3AA-CACF-4070-AF68-740D71FD3A1E@infowarrior.org> Bradley Manning and "hacker madness" scare tactic ? 10:55 02 August 2013 by Cindy Cohn http://www.newscientist.com/article/dn23981-bradley-manning-and-hacker-madness-scare-tactic.html US Army private Bradley Manning was convicted on 19 counts, including charges under the Espionage Act and the Computer Fraud and Abuse Act for leaking approximately 700,000 government documents to WikiLeaks. While it was a relief that he was not convicted of the worst charge, "aiding the enemy", the verdict remains deeply troubling and could potentially result in a sentence of life in prison. We will likely have a deeper analysis of the verdict later, but two things stand out as particularly relevant to ? and especially frightening for ? folks who love the internet and use digital tools. First, the decision continues a trend of government prosecutions that use familiarity with digital tools and knowledge of computers as a scare tactic and a basis for obtaining grossly disproportionate and unfair punishments, strategies enabled by broad, vague laws like the CFAA and the Espionage Act. Let's call this the "hacker madness" strategy. Using it, the prosecution portrays actions taken by someone using a computer as more dangerous or scary than they actually are by highlighting the digital tools used to a nontechnical or even technophobic judge. In the Manning case, the prosecution used Manning's use of a standard, more than 15-year-old Unix program called Wget to collect information, as if it were a dark and nefarious technique. Of course, anyone who has ever called up this utility on a Unix machine, which at this point is likely millions of ordinary Americans, knows that this program is no more scary or spectacular (and far less powerful) than a simple Google search. Yet the court apparently didn't know this and seemed swayed by it. We've seen this trick before. In a case that we at the Electronic Frontier Foundation handled in 2009, Boston College police used the fact that our client worked on a Linux operating system with "a black screen with white font" as part of a basis for a search warrant. Luckily the Massachusetts Supreme Court tossed out the warrant after EFF got involved, but who knows what would have happened had we not been there. And happily, Oracle got a big surprise when it tried a similar trick in Oracle v. Google and discovered that the judge was a programmer who sharply called them on it. But law enforcement keeps using this technique, likely based on a calculation that most judges aren't as technical as ordinary Americans, may even be afraid of technology, and can be swayed by the ominous use of technical jargon and techniques ? playing to media stereotypes of evil computer geniuses. Indeed the CFAA itself apparently was a response to President Ronald Reagan's fears after watching the completely fictional movie War Games. Second, while the court did not convict on the "aiding the enemy" charge, the government's argument ? that publishing something to the general public on the internet can count as "aiding the enemy" ? has strong digital overtones. The "aiding the enemy" charge is a breathtakingly broad military charge never before used against a leaker to the press. It is shocking that the government would even make this argument and that the judge didn't dismiss it outright. The prosecution argued that even if Manning never intended to aid the enemy, and even though the government did not need to prove the information published by WikiLeaks ever harmed the United States, the mere fact it ended up on the internet means he is guilty of a capital crime. This argument wasn't actually confined to WikiLeaks ? the government admitted during the trial that its claims would apply equally to The New York Times or other traditional media. But the reason this argument wasn't laughed out of court, we suspect, is the digital environment. After all, Adolf Hitler certainly had access to American newspapers, as did Joseph Stalin, Fidel Castro, Mao Zedong, Ho Chi Minh, or any other past enemy of America. The court tried to dress it up a bit, noting that Manning "trained in intelligence and received training on the fact that that enemy uses the internet to collect information about the United States", as if this is something that only someone with specialised "internet training" would know. But of course it's not. Everyone (at least everyone who regularly uses the internet) knows that the internet is used by good people and bad people all over the world and that anything published is, well, published and available to all. This is a feature of the Internet, not a bug, yet here it played into distorting the "aiding the enemy" crime out of all proportion and may have played a role in the five other counts under Espionage Act claims that he was convicted of. Even without this claim, Manning still faces life imprisonment ? no member of the press or public interested in more transparency about how our military works (or doesn't work) should rest easy with this verdict. Manning will appeal, of course. And in the long run, these tactics will likely stop working as more people become familiar with technologies. In the meantime, real harm to real people happens through overreaction, over-prosecution, and over-penalisation. And the harm also occurs to the public, which becomes less informed about governmental misconduct at home and abroad. Here's hoping the military appellate court has a programmer or two on it and can see through the scare tactics and technophobia that the prosecution has been doling out. But we're not holding our breath. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Aug 4 08:38:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Aug 2013 09:38:27 -0400 Subject: [Infowarrior] - Members of Congress denied access to basic information about NSA Message-ID: Members of Congress denied access to basic information about NSA Documents provided by two House members demonstrate how they are blocked from exercising any oversight over domestic surveillance ? Morgan Griffith's requests for NSA information ? Alan Grayson's requests for NSA information ? Glenn Greenwald ? theguardian.com, Sunday 4 August 2013 08.26 EDT http://www.theguardian.com/commentisfree/2013/aug/04/congress-nsa-denied-access/print Members of Congress have been repeatedly thwarted when attempting to learn basic information about the National Security Agency (NSA) and the secret FISA court which authorizes its activities, documents provided by two House members demonstrate. From the beginning of the NSA controversy, the agency's defenders have insisted that Congress is aware of the disclosed programs and exercises robust supervision over them. "These programs are subject to congressional oversight and congressional reauthorization and congressional debate," President Obama said the day after the first story on NSA bulk collection of phone records was published in this space. "And if there are members of Congress who feel differently, then they should speak up." But members of Congress, including those in Obama's party, have flatly denied knowing about them. On MSNBC on Wednesday night, Sen. Richard Blumenthal (D-Ct) was asked by host Chris Hayes: "How much are you learning about what the government that you are charged with overseeing and holding accountable is doing from the newspaper and how much of this do you know?" The Senator's reply: "The revelations about the magnitude, the scope and scale of these surveillances, the metadata and the invasive actions surveillance of social media Web sites were indeed revelations to me." But it is not merely that members of Congress are unaware of the very existence of these programs, let alone their capabilities. Beyond that, members who seek out basic information - including about NSA programs they are required to vote on and FISA court (FISC) rulings on the legality of those programs - find that they are unable to obtain it. Two House members, GOP Rep. Morgan Griffith of Virginia and Democratic Rep. Alan Grayson of Florida, have provided the Guardian with numerous letters and emails documenting their persistent, and unsuccessful, efforts to learn about NSA programs and relevant FISA court rulings. "If I can't get basic information about these programs, then I'm not able to do my job", Rep. Griffith told me. A practicing lawyer before being elected to Congress, he said that his job includes "making decisions about whether these programs should be funded, but also an oath to safeguard the Constitution and the Bill of Rights, which includes the Fourth Amendment." Rep. Griffith requested information about the NSA from the House Intelligence Committee six weeks ago, on June 25. He asked for "access to the classified FISA court order(s) referenced on Meet the Press this past weekend": a reference to my raising with host David Gregory the still-secret 2011 86-page ruling from the FISA court that found substantial parts of NSA domestic spying to be in violation of the Fourth Amendment as well as governing surveillance statutes. In that same June 25 letter, Rep. Griffith also requested the semi-annual FISC "reviews and critiques" of the NSA. He stated the rationale for his request: "I took an oath to uphold the United States Constitution, and I intend to do so." Almost three weeks later, on July 12, Rep. Griffith requested additional information from the Intelligence Committee based on press accounts he had read about Yahoo's unsuccessful efforts in court to resist joining the NSA's PRISM program. He specifically wanted to review the arguments made by Yahoo and the DOJ, as well as the FISC's ruling requiring Yahoo to participate in PRISM. On July 22, he wrote about letter to the Committee seeking information. This time, it was prompted by press reports that that the FISA court had renewed its order compelling Verizon to turn over all phone records to the NSA. Rep. Griffith requested access to that court ruling. The Congressman received no response to any of his requests. With a House vote looming on whether to defund the NSA's bulk collection program - it was scheduled for July 25 - he felt he needed the information more urgently than ever. He recounted his thinking to me: "How can I responsibly vote on a program I know very little about?" On July 23, he wrote another letter to the Committee, noting that it had been four weeks since his original request, and several weeks since his subsequent ones. To date, six weeks since he first asked, he still has received no response to any of his requests (the letters sent by Rep. Griffith can be seen here). "I know many of my constituents will ask about this when I go home," he said, referring to the August recess when many members of Congress meet with those they represent. "Now that I won't get anything until at least September, what am I supposed to tell them? How can I talk about NSA actions I can't learn anything about except from press accounts?" Congressman Grayson has had very similar experiences, except that he sometimes did receive responses to his requests: negative ones. On June 19, Grayson wrote to the House Intelligence Committee requesting several documents relating to media accounts about the NSA. Included among them were FISA court opinions directing the collection of telephone records for Americans, as well as documents relating to the PRISM program. But just over four weeks later, the Chairman of the Committee, GOP Rep. Mike Rogers, wrote to Grayson informing him that his requests had been denied by a Committee "voice vote". In a follow-up email exchange, a staff member for Grayson wrote to the Chairman, advising him that Congressman Grayson had "discussed the committee's decision with Ranking Member [Dutch] Ruppersberger on the floor last night, and he told the Congressman that he was unaware of any committee action on this matter." Grayson wanted to know how a voice vote denying him access to these documents could have taken place without the knowledge of the ranking member on the Committee, and asked: "can you please share with us the recorded vote, Member-by-Member?" The reply from this Committee was as follows: Thanks for your inquiry. The full Committee attends Business Meetings. At our July 18, 2013 Business Meeting, there were seven Democrat Members and nine Republican Members in attendance. The transcript is classified." To date, neither Griffith nor Grayson has received any of the documents they requested. Correspondence between Grayson and the Committee - with names of staff members and email addresses redacted - can be read here. Denial of access for members of Congress to basic information about the NSA and the FISC appears to be common. Justin Amash, the GOP representative who, along with Democratic Rep. John Conyers, co-sponsored the amendment to ban the NSA's bulk collection of Americans' phone records, told CNN on July 31: "I, as a member of Congress, can't get access to the court opinions. I have to beg for access, and I'm denied it if I - if I make that request." It is the Intelligence Committees of both the House and Senate that exercise primary oversight over the NSA. But as I noted last week, both Committees are, with the exception of a handful of members, notoriously beholden to the NSA and the intelligence community generally. Its members typically receive much larger contributions from the defense and surveillance industries than non-Committee members. And the two Committee Chairs - Democrat Dianne Feinstein in the Senate and Republican Mike Rogers in the House - are two of the most steadfast NSA loyalists in Congress. The senior Democrat on the House Committee is ardent NSA defender Dutch Ruppersberger, whose district not only includes NSA headquarters in Fort Meade, but who is also himself the second-largest recipient of defense/intelligence industry cash. Moreover, even when members of the Intelligence Committee learn of what they believe to be serious abuses by the NSA, they are barred by law from informing the public. Two Democratic Committee members in the Senate, Ron Wyden and Mark Udall, spent years warning Americans that they would be "stunned to learn" of the radical interpretations of secret law the Obama administration had adopted in the secret FISA court to vest themselves with extremist surveillance powers. Yet the two Senators, prohibited by law from talking about it, concealed what they had discovered. It took Edward Snowden's whistleblowing for Americans to learn what those two Intelligence Committee members were so dramatically warning them about. Finally, all members of Congress - not just those on the Intelligence Committees - are responsible for making choices about the NSA and for protecting the privacy rights and other Constitutional guarantees of Americans. "I did not take an oath to defer to the Intelligence Committee," Rep. Griffith told me. "My oath is to make informed decisions, and I can't do my job when I can't get even the most basic information about these programs." In early July, Grayson had staffers distribute to House members several slides published by the Guardian about NSA programs as part of Grayson's efforts to trigger debate in Congress. But, according to one staff member, Grayson's office was quickly told by the House Intelligence Committee that those slides were still classified, despite having been published and discussed in the media, and directed Grayson to cease distribution or discussion of those materials in the House, warning that he could face sanctions if he continued. It has been widely noted that the supremely rubber-stamping FISA court constitutes NSA "oversight" in name only, and that the Intelligence Committees are captured by the agency and constrained to act even if they were inclined to. Whatever else is true, members of Congress in general clearly know next to nothing about the NSA and the FISA court beyond what they read in the media, and those who try to rectify that are being actively blocked from finding out. From rforno at infowarrior.org Sun Aug 4 08:48:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Aug 2013 09:48:05 -0400 Subject: [Infowarrior] - Shanghaied Message-ID: <91B7E6A8-0C19-401F-909B-814C39ACB669@infowarrior.org> (Interesting piece, given the source. --rick) Shanghaied Shocked that Hollywood collaborated with the Nazis? It?s doing the exact same thing today with China ? By KYLE SMITH ? Last Updated: 1:10 AM, August 4, 2013 ? Posted: 10:35 PM, August 3, 2013 http://www.nypost.com/p/news/opinion/opedcolumnists/shanghaied_CDRl1DbGRu5DjclErtYYhL Six days after a protest by a group of Nazis managed to shut down a screening of ?All Quiet on the Western Front? for supposedly making Germans look like cowards, the film was banned in 1930 Germany. Germany then ordered a recut version of the film that was more flattering to its side in WWI and stipulated that the cuts must be made to all prints of the movie shown worldwide, not just in Germany. Since Germany had recently been the second-biggest movie market and was expected to bounce back to the same position soon, Universal chief Carl Laemmle (a German-born Jew) meekly accepted. Such alarming revelations, many based on newly unearthed documents, are the basis of Harvard scholar Ben Urwand?s new book, ?The Collaboration: Hollywood?s Pact with Hitler.? Urwand notes that 1930s Berlin heavily censored movies out of Hollywood, which would not deliver a major anti-Hitler production until 1939. Hollywood effectively submitted its films for approval to Georg Gyssling, a Nazi diplomat who arrived in LA in 1931 and threatened the studios with ?Article 15,? which said that if an American film released anywhere in the world offended Germany, the Germans would ban all other releases from the same studio. When top Hollywood talent including screenwriter Herman Mankiewicz (who later wrote ?Citizen Kane?) proposed an anti-Hitler project called ?The Mad Dog of Europe? be made independently so it wouldn?t hurt business at any studio, Gyssling vowed that Germany would ban all US films, period. So top Hollywood execs, including Will Hays (the head of the office in charge of Hollywood?s self-censorship) and MGM head Louis B. Mayer, killed the film internally. Said Mayer (who was also Jewish), ?We have interests in Germany; I represent the picture industry here in Hollywood; we have exchanges there; we have terrific income in Germany and, as far as I am concerned, this picture will never be made.? Word got around: Hands off Hitler. But Hollywood?s past shouldn?t surprise those who observe Hollywood?s present. Where moviedom is heading can be reduced to a single statistic. ?Iron Man,? which was released only five years ago, earned $15 million in China. Yet ?Iron Man 3? has taken in over $121 million in China. Meanwhile, studio chiefs scrambled to recut ?World War Z,? which originally contained a brief hint that the zombie outbreak began in China, to mollify Chinese state censors through whom all movies must pass. China has so far rejected the movie anyway. No one knows why, and the ?World War Z? grosses in China stand at zero. The zombie flick has been spun as a surprise hit that beat expectations, but it?ll need to take in something like $600 million to break even. So far it has earned $483 million. Think Brad Pitt wishes he had come up with a scene in which brave Chinese helped defeat the zombies? Every time Hollywood lets costs get completely out of hand, something comes along to save it. In the early 1980s it was videotapes, in the 1990s it was the DVD market. Now it?s China, but unlike the home-video market, China makes specific political demands on films. If ?WWZ? is any indication, simply removing negative implications about China isn?t enough: The studios have to go out of their way to paint China in a flattering light. Which is why ?Iron Man 3? was careful to insert extra scenes (seen only in China) featuring a heroic Chinese character, why the 2010 remake of ?The Karate Kid? felt like something engineered by the Chinese tourist commission (and karate isn?t even Chinese!), the 2012 ?Red Dawn? remake changed its villains from Chinese to North Koreans and the disaster epic ?2012? showed China saving the world. These are merely the first few drops of rain compared to the propaganda hurricane to come, though: China will be the biggest film market on Earth by 2020, according to Ernst & Young projections. Soon, every blockbuster director who wants to stay employed will be begging for a chance to be the new Leni Riefenstahl of the People?s Republic. What will Hollywood?s famously outspoken liberals do when a repressive authoritarian regime is essentially signing their paychecks? Nothing, of course. Don?t hold your breath waiting for Michael Moore to deliver a rant about Chinese censorship of journalists and filmmakers at the Oscars. Susan Sarandon won?t be arrested at rallies protesting China?s place as the world?s leading practitioner of capital punishment. Leonardo DiCaprio won?t be telling ?Entertainment Tonight? about his new campaign to draw awareness to China?s role as the world?s No. 1 threat to the environment. Because celebrities are very brave about taking a stand for basic human rights ? but only if they can be sure it won?t cost them a thing. kyle.smith at nypost.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Aug 4 09:18:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Aug 2013 10:18:55 -0400 Subject: [Infowarrior] - TiVo, media center PC makers alarmed by CableCard-cutting bill Message-ID: <81FC1578-5017-4A09-9CA8-1CBD23767D1E@infowarrior.org> (You know the cable guys love this idea to further solidify their monopoly on the customer endpoints. --rick) TiVo, media center PC makers alarmed by CableCard-cutting bill Cable operators could leave CableCard behind in their own hardware. by Rob Pegoraro Aug 2 2013, 12:37pm EDT http://arstechnica.com/tech-policy/2013/08/tivo-media-center-pc-makers-alarmed-by-cablecard-cutting-bill/ The CableCard?that small slab that lets a TiVo tune into cable by authenticating its connection?would lose a regulatory safeguard under a bill nearing introduction in Congress. The "?Consumer Video Device Cost Savings Act" proposes to squelch the authority of the Federal Communications Commission (FCC) to make cable operators use CableCards in their own boxes?a rule enacted in 2007 that discourages second-class treatment of third-party devices like TiVo DVRs. "In today?s competitive video marketplace, cable operators have no incentive to make it more difficult for their customers to use preferred devices to access their video programming," a draft dated July 24 reads. A subsequent draft from earlier this week drops that finding and cites a shorter name, "Consumer Choice in Video Devices Act." The bill, sponsored by Rep. Robert E. Latta (R-OH), would bar any FCC "rule or policy that prohibits a multi-channel video programming distributor from placing into service navigation devices for sale, lease, or use that perform both conditional access and other functions in a single integrated device." (Latta's office declined comment.) The National Cable & Telecommunications Association (NCTA) thinks that's a good, overdue idea, citing $1 billion in added subscriber costs since 2007 and an extra 500 million annual kilowatt hours of electrical use. (The former number covers operator-leased hardware, although it can be cheaper to use a CableCard with a tuner bought elsewhere. The latter comes from Energy Star guidelines allowing 15 kWh per year for a CableCard, against 60 kWh for a minimal cable box without HD or DVR features; older models use much more.) And NCTA says having more than 42 million CableCards in operator-supplied hardware (versus about 603,000 in third-party gear) ensures continued support. Meanwhile, satellite broadcasters face no such requirement. "The insurance is already there," said NCTA General Counsel Neal Goldberg in a phone interview. "They've got 40 million-plus boxes in the game." An electronics-industry executive who didn't want to be identified further agreed. "If they never bought another set-top for their own use with CableCard, it's not like their networks would stop supporting CableCard," he said. But TiVo and others worry more about CableCard's potential replacements. "The cable guys want to 'end of life' CableCard [and] move on to new security techniques without making a nationally standard successor solution available," wrote TiVo General Counsel Matt Zinn in an e-mail. He predicted higher prices for CableCards that will be left out of new features. (They already can't get many video-on-demand services.) Hauppauge Computer Works cofounder and CEO Ken Plotkin expressed the same fear about post-CableCard authentication in his company's WinTV receivers. "The issue with 'embedded conditional access' is that each cable operator has their own encryption system, and it is impractical for a small company to develop the decryption technology for each." Few other firms ship CableCard-ready devices?many gave up after apathetic or inept support from cable before the integration ban and a 2010 set of rules that required operators to let subscribers pop in a card instead of waiting for a service call. But this fall, Samsung plans to ship a Smart Media Player that would receive cable as well as Internet video services?a combination absent from cable boxes. Samsung is not taking a position on Latta's bill. Even without that, the regulatory framework meant to open cable hardware has been fracturing. In October, the FCC allowed operators to encrypt basic cable, ending the ability of QAM (Quadrature Amplitude Modulation) tuners to receive local, public, educational, and government channels. In April, it granted Charter an encryption-ban waiver so it could implement downloadable security schemes that electronics vendors might incorporate into future products. And in January, the Court of Appeals for the District of Columbia Circuit struck down a set of FCC regulations that constrained satellite broadcaster Echostar?but some of those rules, not at issue in the decision, covered CableCard deployment. Last month, TiVo petitioned the FCC to reinstate them. Nobody here seems to love CableCard all that much?it had one job, to promote an open market for cable gear, and it hasn't done that. (One does exist in Europe, where EU regulations mandate the "DVB-C" standard.) But the Latta bill would erode the FCC's leverage to shape any replacement. "Once a successor to CableCard is in place, we can [be] thinking about how to phase out some CableCard-specific rules," wrote Public Knowledge Senior Staff Attorney John Bergmayer. "But that should be the FCC's job?this level of statutory micromanagement is not helpful." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Aug 4 09:21:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Aug 2013 10:21:19 -0400 Subject: [Infowarrior] - =?windows-1252?q?A_Washington_Riddle=3A_What_Is_?= =?windows-1252?q?=91Top_Secret=92=3F?= Message-ID: <35F91256-87A4-451B-A0EB-B0189E4CCEDC@infowarrior.org> A Washington Riddle: What Is ?Top Secret?? Dan Tague By DAVID E. SANGER Published: August 3, 2013 http://www.nytimes.com/2013/08/04/sunday-review/a-washington-riddle-what-is-top-secret.html WASHINGTON ? LESS than 24 hours after Pfc. Bradley Manning was convicted last week of handing off 250,000 State Department cables and defense documents to WikiLeaks, The Guardian published on its Web site the latest classified material from the leaker of the moment, Edward J. Snowden. That installment included the National Security Agency?s playbook for XKeyscore, a powerful surveillance program enabling the agency?s analysts to monitor and trace Internet searches around the globe. The cases have provided lots of cable-television drama, from Private Manning?s court-martial to Moscow?s provocative granting of temporary asylum to America?s best-known fugitive. But the deeper lessons lie in how the government is stumbling in its efforts to protect its secrets in the Internet age. Washington has still not heeded two decades of warnings that the best way to protect America?s biggest secrets is to have far fewer of them and to recognize that much of what is stamped ?secret? today is widely available on the Internet. There are certainly some secrets the government needs to protect, but many of the most important clues about revolutions, nuclear transfers and new military sites can be found online, in open chat rooms and commercial satellite photos. In the early days of the cold war, secrecy seemed simpler. Classified documents were almost all on paper, making it far easier to limit access to officials with top clearances. There were not yet 16 intelligence agencies, much less the post-9/11 directives for them to share information they had once kept ?stovepiped,? so that others could not get to it. It was this pooling of information that allowed Private Manning, sitting at a remote outpost in Iraq, to download cables from the American Embassy in Beijing, and let Mr. Snowden, at a small base in Hawaii, to download ? without setting off alarms ? documents about intelligence collection operations and secret court decisions that had nothing to do with his job. ?This failure originated from two practices that we need to reverse,? Ashton B. Carter, the deputy secretary of defense, said recently. ?There was an enormous amount of information concentrated in one place,? he said. ?That?s a mistake.? And second, no individual should be given the kind of access Mr. Snowden had, Mr. Carter said. That has led to a new ?two-person rule? for downloading classified data, akin to the two guys who would sit in nuclear silos, each with a separate key needed to launch a missile. But that tactical solution doesn?t get to the core issue: When far too much information gets classified, nothing is really classified. Respect for the system erodes when information readily available in open sources is ostensibly guarded with high-level classification. It was this habit that Senator Daniel Patrick Moynihan railed against 20 years ago in ?Secrecy,? a book detailing the corrosive effects of over-classification. Mr. Moynihan might roar at recent examples. The bona fide secrets in those 250,000 cables were hidden among thousands of newspaper articles that someone had stamped ?secret? and sent to the State Department. A more serious problem erupts when classification collides with other American interests. Consider the least covert secret program in the American arsenal: drones. Every drone attack in Pakistan and Yemen made the local news, and Twitter, in hours. Often those reports were accompanied by huge exaggerations about civilian casualties. But the American ambassador in Pakistan was forced to let those claims go unanswered, because the program was classified. ?We did far more damage to our national security pretending we knew nothing,? one senior American official said in frustration, ?than if we had owned up to them and said, ?Here?s a list of terrorists we just put out of action.? ? Now, after years of investigative news reports, President Obama has begun talking about the program publicly. But he has steadfastly refused to show an equal willingness to justify America?s use of cyberweapons. That has many government officials and corporate executives worried because there are no global rules defining legitimate and illegitimate cyberattacks. Administration officials say Mr. Obama has succeeded in reducing, by 42 percent, the number of ?new secrets? classified by the government last year ? to a little over 72,000. But the White House has had less success redefining what should be classified. A 2008 report by the director of national intelligence acknowledged, ?The definitions of ?national security? and what constitutes ?intelligence? ? and thus what must be classified ? are unclear.? That seemed obvious over the past week when the government suddenly declassified the secret court order that was the basis for collecting ?metadata? on every telephone call made in the United States. It was unclear why it could not have been made public years ago ? especially since, as one intelligence official said recently, ?terrorists have thought for years we collect this stuff.? ?The reality is that much is classified just to take the issue off the public agenda,? said Steve Aftergood, a secrecy expert at the Federation of American Scientists. ?That?s not what classification is for, but it often serves that purpose.? So how might the government deal with its classification problem? Herb Lin, a researcher at the National Academy of Sciences, believes that budgets must be used to change behavior. ?The incentives to classify information are many, and the incentives to refrain from classifying it are few,? he noted recently, adding that he was speaking just for himself. ?Classifying information doesn?t incur any monetary cost for the classifier, and any economist will tell you that a free good will be overused.? So he proposes that the Pentagon and intelligence agencies should be given a budget, and every time a ?top secret? stamp is used, it should be charged against that budget. Intelligence officials would argue that you can?t put a price on national security and that classification decisions shouldn?t be made with budgets in mind. But Mr. Lin?s idea drives home a point: that secrecy and security are often not synonymous. David E. Sanger is the chief Washington correspondent for The New York Times. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 07:04:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 08:04:58 -0400 Subject: [Infowarrior] - U.S. directs DEA agents to cover up program used to investigate Americans Message-ID: <5D7BF034-A13C-498D-8337-60DD49E9A9AE@infowarrior.org> Exclusive: U.S. directs agents to cover up program used to investigate Americans By John Shiffman and Kristina Cooke http://news.yahoo.com/exclusive-u-directs-agents-cover-program-used-investigate-091643729.html WASHINGTON (Reuters) - A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans. Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges. The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses. "I have never heard of anything like this at all," said Nancy Gertner, a Harvard Law School professor who served as a federal judge from 1994 to 2011. Gertner and other legal experts said the program sounds more troubling than recent disclosures that the National Security Agency has been collecting domestic phone records. The NSA effort is geared toward stopping terrorists; the DEA program targets common criminals, primarily drug dealers. "It is one thing to create special rules for national security," Gertner said. "Ordinary crime is entirely different. It sounds like they are phonying up investigations." THE SPECIAL OPERATIONS DIVISION The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred. Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential. "Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD." A spokesman with the Department of Justice, which oversees the DEA, declined to comment. But two senior DEA officials defended the program, and said trying to "recreate" an investigative trail is not only legal but a technique that is used almost daily. A former federal agent in the northeastern United States who received such tips from SOD described the process. "You'd be told only, ?Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it," the agent said. "PARALLEL CONSTRUCTION" After an arrest was made, agents then pretended that their investigation began with the traffic stop, not with the SOD tip, the former agent said. The training document reviewed by Reuters refers to this process as "parallel construction." The two senior DEA officials, who spoke on behalf of the agency but only on condition of anonymity, said the process is kept secret to protect sources and investigative methods. "Parallel construction is a law enforcement technique we use every day," one official said. "It's decades old, a bedrock concept." A dozen current or former federal agents interviewed by Reuters confirmed they had used parallel construction during their careers. Most defended the practice; some said they understood why those outside law enforcement might be concerned. "It's just like laundering money - you work it backwards to make it clean," said Finn Selander, a DEA agent from 1991 to 2008 and now a member of a group called Law Enforcement Against Prohibition, which advocates legalizing and regulating narcotics. Some defense lawyers and former prosecutors said that using "parallel construction" may be legal to establish probable cause for an arrest. But they said employing the practice as a means of disguising how an investigation began may violate pretrial discovery rules by burying evidence that could prove useful to criminal defendants. A QUESTION OF CONSTITUTIONALITY "That's outrageous," said Tampa attorney James Felman, a vice chairman of the criminal justice section of the American Bar Association. "It strikes me as indefensible." Lawrence Lustberg, a New Jersey defense lawyer, said any systematic government effort to conceal the circumstances under which cases begin "would not only be alarming but pretty blatantly unconstitutional." Lustberg and others said the government's use of the SOD program skirts established court procedures by which judges privately examine sensitive information, such as an informant's identity or classified evidence, to determine whether the information is relevant to the defense. "You can't game the system," said former federal prosecutor Henry E. Hockeimer Jr. "You can't create this subterfuge. These are drug crimes, not national security cases. If you don't draw the line here, where do you draw it?" Some lawyers say there can be legitimate reasons for not revealing sources. Robert Spelke, a former prosecutor who spent seven years as a senior DEA lawyer, said some sources are classified. But he also said there are few reasons why unclassified evidence should be concealed at trial. "It's a balancing act, and they've doing it this way for years," Spelke said. "Do I think it's a good way to do it? No, because now that I'm a defense lawyer, I see how difficult it is to challenge." CONCEALING A TIP One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept. "I was pissed," the prosecutor said. "Lying about where the information came from is a bad start if you're trying to comply with the law because it can lead to all kinds of problems with discovery and candor to the court." The prosecutor never filed charges in the case because he lost confidence in the investigation, he said. A senior DEA official said he was not aware of the case but said the agent should not have misled the prosecutor. How often such misdirection occurs is unknown, even to the government; the DEA official said the agency does not track what happens with tips after the SOD sends them to agents in the field. The SOD's role providing information to agents isn't itself a secret. It is briefly mentioned by the DEA in budget documents, albeit without any reference to how that information is used or represented when cases go to court. The DEA has long publicly touted the SOD's role in multi-jurisdictional and international investigations, connecting agents in separate cities who may be unwittingly investigating the same target and making sure undercover agents don't accidentally try to arrest each other. SOD'S BIG SUCCESSES The unit also played a major role in a 2008 DEA sting in Thailand against Russian arms dealer Viktor Bout; he was sentenced in 2011 to 25 years in prison on charges of conspiring to sell weapons to the Colombian rebel group FARC. The SOD also recently coordinated Project Synergy, a crackdown against manufacturers, wholesalers and retailers of synthetic designer drugs that spanned 35 states and resulted in 227 arrests. Since its inception, the SOD's mandate has expanded to include narco-terrorism, organized crime and gangs. A DEA spokesman declined to comment on the unit's annual budget. A recent LinkedIn posting on the personal page of a senior SOD official estimated it to be $125 million. Today, the SOD offers at least three services to federal, state and local law enforcement agents: coordinating international investigations such as the Bout case; distributing tips from overseas NSA intercepts, informants, foreign law enforcement partners and domestic wiretaps; and circulating tips from a massive database known as DICE. The DICE database contains about 1 billion records, the senior DEA officials said. The majority of the records consist of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. Records are kept for about a year and then purged, the DEA officials said. About 10,000 federal, state and local law enforcement agents have access to the DICE database, records show. They can query it to try to link otherwise disparate clues. Recently, one of the DEA officials said, DICE linked a man who tried to smuggle $100,000 over the U.S. southwest border to a major drug case on the East Coast. "We use it to connect the dots," the official said. "AN AMAZING TOOL" Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst. "They do a pretty good job of screening, but it can be a struggle to know for sure whether the person on a wiretap is American," the senior law enforcement official said. Tips from domestic wiretaps typically occur when agents use information gleaned from a court-ordered wiretap in one case to start a second investigation. As a practical matter, law enforcement agents said they usually don't worry that SOD's involvement will be exposed in court. That's because most drug-trafficking defendants plead guilty before trial and therefore never request to see the evidence against them. If cases did go to trial, current and former agents said, charges were sometimes dropped to avoid the risk of exposing SOD involvement. Current and former federal agents said SOD tips aren't always helpful - one estimated their accuracy at 60 percent. But current and former agents said tips have enabled them to catch drug smugglers who might have gotten away. "It was an amazing tool," said one recently retired federal agent. "Our big fear was that it wouldn't stay secret." DEA officials said that the SOD process has been reviewed internally. They declined to provide Reuters with a copy of their most recent review. (Edited by Blake Morrison) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 11:35:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 12:35:59 -0400 Subject: [Infowarrior] - Feds are Suspects in New Malware That Attacks Tor Anonymity Message-ID: <74C1CF00-FCC7-4669-9B6A-961AE70999B6@infowarrior.org> Feds are Suspects in New Malware That Attacks Tor Anonymity ? By Kevin Poulsen ? 08.05.13 ? 3:57 AM http://www.wired.com/threatlevel/2013/08/freedom-hosting/ Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network. The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal ?drive-by? hack attack, but nobody?s calling in the FBI this time. The FBI is the prime suspect. ?It just sends identifying information to some IP in Reston, Virginia,? says reverse-engineer Vlad Tsrklevich. ?It?s pretty clear that it?s FBI or it?s some other law enforcement agency that?s U.S.-based.? If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI?s ?computer and internet protocol address verifier,? or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gathers information from the target?s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predator, extortionists and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor. The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases. The broad Freedom Hosting deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. The Irish Independent reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as ?the largest facilitator of child porn on the planet.? Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network. Freedom Hosting is a provider of turnkey ?Tor hidden service? sites ? special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are ideal for websites that need to evade surveillance or protect user?s privacy to an extraordinary degree ? which can include human rights groups and journalists. But it also naturally appeals to serious criminal elements. Shortly after Marques? arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a ?Down for Maintenance? message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in eastern Virginia. By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle ? the easiest, most user friendly package for using the Tor anonymity network. ?The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based,? the non-profit Tor Project wrote in a blog post Sunday. ?We?re investigating these bugs and will fix them if we can.? The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques?s arrest, is that the malware does nothing but identify the target. The heart of the malicious Javascript is a tiny Windows executable hidden in a variable named ?Magneto?. A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box. But the Magneto code doesn?t download anything. It looks up the victim?s MAC address ? a unique hardware identifier for the computer?s network or Wi-Fi card ? and the victim?s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user?s real IP address, and coded as a standard HTTP web request. ?The attackers pent a reasonable amount of time writing a reliable exploit, and a fairly customized payload, and it doesn?t allow them to download a backdoor or conduct any secondary activity,? says Tsrklevich, who reverse-engineered the Magneto code. The malware also sends, at the same time, a serial number that likely ties the target to his or her visit to the hacked Freedom Hosting-hosted website. In short, Magneto reads like the x86 machine code embodiment of a carefully crafted court order authorizing an agency to blindly trespass into the personal computers of a large number of people, but for the limited purpose of identifying them. But plenty of questions remain. For one, now that there?s a sample of the code, will anti-virus companies start detecting it? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 11:59:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 12:59:13 -0400 Subject: [Infowarrior] - MIT Students Release Program To 3D-Print High Security Keys Message-ID: 8/03/2013 @ 12:36PM |31,362 views MIT Students Release Program To 3D-Print High Security Keys http://www.forbes.com/sites/andygreenberg/2013/08/03/mit-students-release-program-to-3d-print-high-security-keys/print/ When lock maker Schlage imprinted the words ?do not duplicate? across the top of the keys for their high-security Primus locks, they meant to create another barrier to reproducing a piece of metal that?s already beyond the abilities of the average hardware store keymaker. One group of hackers, of course, took it instead as a direct challenge. At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert plan to release a piece of code that will allow anyone to create a 3D-printable software model of any Primus key, despite the company?s attempts to prevent the duplication of those carefully-controlled shapes. With just a flatbed scanner and their software tool, they were able to produce precise models that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. ?In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D-print it,? says 21-year old Van Albert. ?You can take a high security ?non-duplicatable? key and basically take it to a virtual hardware store to get it copied,? adds 20-year-old Lawrence. Schlage?s Primus models are advertised for use in high-security applications: The company?s marketing materials include references to the locks? use in government facilities, healthcare settings, and detention centers. That security stems in part from Primus?s unique model, which includes two tracks of teeth?one on the top of the key and another on the side, each of which correspond to a separate set of pins in the lock. Even Marc Weber Tobias, one of the world?s most well-known lockpicking experts, has written that he uses Primus locks in his home and for secure evidence storage in his legal practice. Lawrence?s and Van Albert?s software tool, to be clear, doesn?t let its users open any random door secured by one of those locks. It merely enables anyone to copy a key they couldn?t easily copy before. But the two students in MIT?s electrical engineering program point out that there are ways to copy a key without ever possessing it. Other researchers like those behind the Sneakey project have shown that keys can be effectively replicated from photos, even ones taken from hundreds of feet away. And by studying Schlage?s manuals and patents, Lawrence and Van Albert learned to decipher the two distinct codes in the keys?one set of six numbers cut into the top of the key and another set of five in its sidecut?that can be programmed into their modeling software and precisely reproduced. ?All you need is a friend that works there, or to take a picture of their key, or even a picture of the key hanging off their belt,? says Lawrence. ?Pirating keys is becoming like pirating movies. Someone still has to get the information in the first place, but then everyone can get a copy.? Once a key has been photographed or scanned, 3D-printing through online services is relatively cheap. The MIT students, who say they didn?t try printing the keys themselves on home 3D printers, used Shapeways to print working keys in nylon for less than $5 each, though a more durable titanium copy from i.Materialise.com cost them $150. I reached out to Schlage, but haven?t yet heard back from the company. Despite their focus on Primus locks, Lawrence and Van Albert argue that the security implications of 3D-printed keys aren?t limited to any one lock maker. ?Our message is that you can do this for any high-security key,? says Lawrence. ?It didn?t take that much work. In the future there will be models available online for almost any kind of key you?re looking for.? Lawrence and Van Albert point to the case of a photo of a set of New York City fire elevator master keys, which allow access to many electrical panels, elevator controls and subway gates around the city, that was published by the New York Post last fall. Though the Post?s story meant to warn about the possibility of those keys, which are distributed to electricians and firemen, falling into the wrong hands, its detailed image actually made it possible for anyone to model and 3D-print or mill the keys themselves. The Post quickly realized their mistake and took down their photo of the keys from its website, but not before it had already spread widely around the Internet. (I admittedly made a similar mistake myself last year when I posted a picture of a high-security handcuff key.) ?There?s no way of getting the cat back in the bag when you can print a New York city fire elevator key,? says Lawrence. ?Those files won?t go away.? Lawrence and Van Albert aren?t the first to try 3D printing keys. In 2011, Apple engineer Nirav Patel created a program that allowed anyone to encode their key?s measurements into a 3D-printable model, though Patel?s software only dealt with normal keys that can already be duplicated by any hardware store. At the HOPE hacker conference in New York last year, a German lockpicking expert known as ?Ray? showed that he could 3D-print and laser cut working keys for high-security handcuffs. Those keys are often highly restricted but designed to be identical, so that any police officer can open cuffs locked by another officer. That makes them especially vulnerable to being reproduced by anyone who wants to hide a copy of the tiny keys somewhere on their body, ready to pull out and use to free themselves. As for Schlage?s 3D printing problem, Lawrence and Van Albert don?t offer any easy fix. They argue the the whole notion of non-duplicatable keys may be an anachronism in the age of 3D printing, and that high-security institutions should move to electronic locks that use unique cryptographic keys that are far harder to copy. ?If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they ?ll be phased out more quickly,? says Van Albert. ?Either that,? adds Lawrence, ?or make 3D printers illegal.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 15:54:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 16:54:02 -0400 Subject: [Infowarrior] - Washington Post to be sold to Jeff Bezos Message-ID: <5A826130-666C-4258-A788-C95FB28D4553@infowarrior.org> Washington Post to be sold to Jeff Bezos By Paul Farhi http://www.washingtonpost.com/national/washington-post-to-be-sold-to-jeff-bezos/2013/08/05/ca537c9e-fe0c-11e2-9711-3708310f6f4d_print.html The Washington Post Co. has agreed to sell its flagship newspaper to Amazon.com founder and chief executive Jeffrey P. Bezos, ending the Graham family?s stewardship of one of America?s leading news organizations after four generations. Bezos, whose entrepreneurship has made him one of the world?s richest men, will pay $250 million in cash for The Post and affiliated publications to the Washington Post Co., which owns the newspaper and other businesses. Seattle-based Amazon will have no role in the purchase; Bezos himself will buy the news organization and become its sole owner when the sale is completed, probably within 60 days. The Post Co. will change to a new, still-undecided name and continue as a publicly traded company without The Post thereafter. The deal represents a sudden and stunning turn of events for The Post, Washington?s leading newspaper for decades and a powerful force in shaping the nation?s politics and policy. Few people were aware that a sale was in the works for the paper, whose reporters have broken such stories as the Pentagon Papers, the Watergate scandals and disclosures about the National Security Administration?s surveillance program in May. For much of the past decade, however, the paper has been unable to escape the financial turmoil that has engulfed newspapers and other ?legacy? media organizations. The rise of the Internet and the epochal change from print to digital technology have created a massive wave of competition for traditional news companies, scattering readers and advertisers across a radically altered news and information landscape and triggering mergers, bankruptcies and consolidation among the owners of print and broadcasting properties. ?Every member of my family started out with the same emotion?shock?in even thinking about? selling The Post, said Donald Graham, the Post Co.?s chief executive, in an interview Monday. ?But when the idea of a transaction with Jeff Bezos came up, it altered my feelings.? Added Graham, ?The Post could have survived under the company?s ownership and been profitable for the foreseeable future. But we wanted to do more than survive. I?m not saying this guarantees success but it gives us a much greater chance of success.? The Washington Post Co.?s newspaper division, of which The Post newspaper is the most prominent part, has suffered a 44 percent decline in operating revenue over the past six years. Although the paper is one of the most popular news sources online, print circulation has dwindled, too, falling another 7 percent daily and Sundays during the first half of this year. Ultimately, the paper?s financial challenges prompted the company?s board to consider a sale, a step once regarded as unthinkable by insiders and the Graham family itself. With extraordinary secrecy, Graham hired the investment firm Allen & Co. to shop the paper, company executives said. Allen?s representatives spoke with a half-dozen potential suitors before the Post Co.?s board settled on Bezos, 49, a legendary tech innovator who has never operated a newspaper. Bezos, in an interview, called The Post ?an important institution? and expressed optimism about its future. ?I don?t want to imply that I have a worked-out plan,? he said. ?This will be uncharted terrain and it will require experimentation.? He said, ?There would be change with or without new ownership. But the key thing I hope people will take away from this is that the values of The Post do not need changing. The duty of the paper is to the readers, not the owners.? Despite the end of the Graham family?s control of the newspaper after 80 years, Graham and Bezos said management and operations of the newspaper would continue without disruption after the sale. Post publisher Katharine Weymouth?Graham?s niece and the fourth generation of her family involved in the newspaper?will remain as publisher and chief executive of the Bezos-owned Post; executive editor Martin Baron will continue in his job. No layoffs are contemplated as a result of the transaction among the paper?s 2,000 employees, who will be told of the sale at a company-wide meeting Monday afternoon. Bezos said he would maintain his home in Seattle and would delegate the paper?s daily operations to its existing management. ?I have a fantastic day job that I love,? he said. In a note to Post employees on Monday, Weymouth wrote, ?This is a day that my family and I never expected to come. The Washington Post Company is selling the newspaper that it has owned and nurtured for eight decades. ? The new owner of The Post may be as much a surprise as the decision to sell the paper in the first place. Throughout his storied business career, Bezos has been an empire builder but hasn?t shown any evident interest in the newspaper business. He has, however, maintained a long friendship with Graham, and both men have informally advised the other over the years. Graham, for example, advised Bezos about how to feature newspapers on the Kindle, Amazon?s popular e-reader. A computer science and electrical engineering student at Princeton, Bezos used his tech savvy to rise rapidly at a New York hedge-fund company, becoming its youngest senior vice president. He founded Amazon at 30 with a $300,000 loan from his parents, working out of the garage in his rented home in Bellevue, Wash. He called his creation Amazon in part to convey the breadth of its offerings; early promotions called the site ?Earth?s Biggest Bookstore.? Since Amazon?s founding, Bezos has devoted himself to building it into a retail behemoth that sells everything from diapers to garden equipment to data storage at rock-bottom prices with a click of a mouse. It rung up $61 billion in sales last year. In the process, Amazon has wreaked havoc on traditional brick-and-mortar stores. Many retailers have expressed dismay, and resentment, at Amazon?s ability to sell the same products at a lower price, in part because of its efficiency but also because it wasn?t collecting sales tax in most states. For long periods, however, Bezos frustrated investors and analysts who wanted Amazon to turn profits more quickly, or more regularly. Because of heavy investments in warehouses and new businesses, Amazon didn?t deliver a profit until the company?s ninth year of operation, and seven years after selling shares to the public. At times, Bezos has been openly disdainful of Wall Street?s demands for ever-rising quarterly profits. He told Fortune magazine last year, ?The three big ideas at Amazon are long-term thinking, customer obsession, and willingness to invent.? Under Bezos, the company?s drive into new businesses has been relentless. To supplement its line of Kindle readers and tablets, for example, Bezos pushed Amazon into book publishing itself, upsetting rivals like Barnes & Noble and book agents alike. (Bezos himself is an avid newspaper reader; in addition to The Post, he said he reads the New York Times and Wall Street Journal.) But Amazon?s breakneck growth has also come with a few stumbles. Among other investments, Bezos bought a majority stake in Pets.com in 1999 and paid $60 million for a portion of Kozmo.com, a delivery service. Both companies went out of business. An attempt to compete with eBay.com in online auctions wasn?t successful. As such, an investment in Amazon comes with the likelihood of erratic earnings?and sometimes no earnings at all. The company lost $39 million last year. Ultimately, however, Amazon has rewarded patient believers. Amazon?s sales have increased almost tenfold since 2004 and its stock price has quadrupled in the past five years. ?We believe in the long term,? Bezos told Fortune, ?but the long term also has to come.? Friends and competitors have described Bezos as cerebral, demanding, curious, and given to asking challenging questions. He shows little tolerance for those who are poorly prepared, but can be charming and quick to laugh. ?If Jeff is unhappy, wait five minutes,? his wife has said of him. Bezos? personal ventures have also given no hint of any interest in the news business. He started a private company called Blue Origin in 2000 to develop a space vehicle, and has acquired land in west Texas as a rocket launch site, both part of a lifelong passion for space travel. He is also reportedly spending $42 million to develop a clock inside a mountain in Texas that is designed to last 10,000 years?a symbol of Bezos? business philosophy of thinking long-term. In naming Bezos its ?Businessperson of the Year? in 2012, Fortune called him ?the ultimate disrupter?[who] has upended the book industry and displaced electronic merchants? while pushing into new businesses, such as TV and feature film production. His drive and business creativity have earned him favorable comparisons to the late Steve Jobs, Apple?s co-founder and a confidant of Don Graham and his late mother, Post Co. chairman Katharine Graham. Earlier this year, Harvard Business Review ranked Bezos as the second best-performing chief executive in the world during the past decade, following only Jobs, who died in 2011. In a message to employees on Monday, Don Graham quoted billionaire investor Warren Buffett, a longtime advisor to the Post Co., calling Bezos ?the ablest CEO in America.? Bezos? reputation and smarts made him attractive as a buyer of The Post, said Weymouth. ?He?s everything we were looking for?a business leader with a track record of entrepreneurship who believes in our values and cares about journalism, and someone who was willing to pay a fair price to our shareholders,? she said. Weymouth said the decision to sell The Post sprang from annual budget discussions she had with Graham, her uncle, late last year. ?We talked about whether [the Washington Post Co.] was the right place to house The Post,? she said. ?If journalism is the mission, given the pressures to cut costs and make profits, maybe [a publicly traded company] is not the best place for The Post.? Any buyer, she said, ?had to share our values and commitment to journalism or we wouldn?t sell it.? The sale to Bezos involves The Post and its website (washingtonpost.com), along with the Express newspaper, the Gazette Newspapers and Southern Maryland Newspapers in suburban Washington, the Fairfax County Times, the Spanish-language El Tiempo Latino newspaper, and the Robinson Terminal production plant in Springfield. Bezos will also purchase the Comprint printing operation in Gaithersburg, which publishes several military publications. The deal does not include the company?s headquarters on 15th St. NW in Washington (the building has been for sale since February), or Foreign Policy magazine, Slate.com, the Root.com, the WaPo Labs digital-development operation or Post-owned land along the Potomac River in Alexandria. The Post, founded in 1877, has been controlled since 1933 by the heirs of Eugene Meyer, a Wall Street financier and former Federal Reserve official. Meyer bought the paper for $825,000 at a bankruptcy auction during the depth of the Depression. After years of financial struggle, Meyer and his successor as publisher of The Post, son-in-law Philip L. Graham, steered the paper into a leading position among Washington?s morning newspapers. They began enlarging the company, notably by acquiring TV stations and Newsweek magazine in 1963 (the company sold the magazine for a nominal fee to the late billionaire Sidney Harman in 2010 after years of losses). In later years, the company added cable TV systems and the Kaplan educational division, currently the company?s largest by revenue. Upon Graham?s death in 1963, his widow (and Meyer?s daughter) Katharine Graham took over management of the company. Despite her inexperience as a corporate executive, Mrs. Graham ably led the company through a colorful and expansive period. The newspaper rose to national stature under Benjamin C. Bradlee, whom Katharine Graham had hired from Newsweek in 1965 as a deputy managing editor and promoted to editor in 1968. Bradlee oversaw the opening of new reporting bureaus around the nation and the world, started the Style section, and ignited the paper?s long run of Pulitzer Prize-winning reporting. The Post?s and New York Times? publication in 1971 of stories based on the Pentagon Papers?a secret government study of American military and political involvement in Vietnam?led to a landmark legal case in which the Supreme Court prohibited the government from exercising ?prior restraint,? or pre-publication censorship, against the newspapers. The arrest of seven men accused of breaking into the Democratic National Committee?s headquarters at the Watergate office complex in 1972 triggered the newspaper?s unearthing of a series of illegal activities orchestrated by President Nixon and his closest advisers. The revelations eventually led to Nixon?s resignation. The events were memorialized by the movie ?All the President?s Men,? which turned The Post?as well as Bradlee and reporters Bob Woodward and Carl Bernstein?into household names. Seven years after Nixon?s resignation, however, the paper suffered one of its darkest hours. It was forced to give back a Pulitzer Prize awarded to reporter Janet Cooke in 1981 after she admitted that her story about an eight-year-old heroin addict in Washington named Jimmy was a fabrication. Katharine Graham, who died in 2001, was succeeded as Post publisher by her son, Donald, in 1979. He also succeeded her as chief executive of the Washington Post Co. in 1991. During the 1990s and into the new century, under Bradlee?s successor, Leonard Downie Jr., the paper enjoyed arguably its most successful run in terms of profits, circulation and journalism. With little direct competition, the newspaper division?s revenue and profit soared. The Post won 25 Pulitzers under Downie, including six in 2008, the year he retired and was succeeded by Marcus Brauchli as editor. The Grahams are among the last of a dwindling number of multigenerational family owners of metropolitan newspapers. Most major newspapers were once owned by local families with decades-long ties to their town or city, but that ownership profile has faded with succeeding generations and has largely disappeared in the Internet era. Many of the heirs to great newspaper fortunes have sold their holdings to corporations or wealthy investors with little connection to the regions that the newspapers helped shape or, in some instances lately, to local businesspeople whose wealth was more recently acquired. Over the past 20 years, the list of family-owned companies that have sold their newspapers holdings include the Chandlers (owners of the Los Angeles Times, among others), Cowles (Minneapolis Star Tribune), Copleys (San Diego Union-Tribune), and Bancrofts (Wall Street Journal). The New York Times, controlled by the Sulzberger family, is among the last major dailies still operated by descendants of its early proprietor. It acquired The Boston Globe from members of the Taylor family in 1993 for $1.1 billion; it announced last week it was selling the paper for a mere $70 million to Boston businessman John W. Henry, a businessman who owns the Boston Red Sox. Following the sale to Bezos, the Graham family will continue to control the renamed Washington Post Co. through its closely held stock, known as Class A shares. The A shares can?t be sold on the open market, but out-vote a second class of public stock, called Class B shares. The New York Times Co. has a similar stock structure, ensuring the Sulzbergers? control. Bezos, who ranks 11th on the Forbes 400 list of wealthiest individuals in America with a net worth of $23.2 billion, has given little indication of his ideological leanings over the years. He hasn?t been a heavy contributor to political campaigns, although he and his wife have regularly donated to the campaign of Sen. Patty Murray (D-Wash). In years past, they had given modest contributions to a handful of Republican and Democratic senators. Bezos? political profile rose suddenly and sharply when he and his wife agreed last year to donate $2.5 million to help pass a referendum that would legalize same-sex marriage in Washington State, catapulting them to the top ranks of financial backers of gay rights in the country. The donation doubled the money available to the initiative, which was approved last November and made Washington among the first states to pass same-sex marriage by popular vote. Perhaps the single biggest item on Amazon?s legislative agenda is a bill that would empower all states to collect sales tax from online retailers. Amazon is only required to collect sales taxes in states where it maintains a physical presence such as a warehouse. But Amazon now is supporting the bill, which has passed the Senate and is pending in the House. State sales taxes no longer pose a real threat to Amazon: With an emphasis on same-day shipping, the company is building distribution warehouses across the country and would have to pay the tax anyway. Last month, the company announced it would hire 5,000 employees at these warehouses, an ambitious growth strategy that is hurting profits in the short run. Bezos? most notable charitable donations have been twin $10 million contributions to two Seattle-based institutions, the Museum of History and Innovation and the Fred Hutchinson Cancer Research Center. The gift to the museum was for the creation of a center for innovation that would be situated a few blocks from a new Amazon headquarters campus. Baron, the former editor of the Boston Globe who joined The Post as its editor in January, said he was surprised to learn last week that the newspaper was being sold. But he added, ?I?m encouraged that the paper will be in the hands of a successful business person who understands the world of technology as well as anyone. He?s expressed his commitment to the organization and to its continued independence...I came here because I wanted to join a great news organization, and it will continue to be one.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 16:03:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 17:03:03 -0400 Subject: [Infowarrior] - An Earth Year on Mars Message-ID: <4770E3A4-4DCE-4255-ADC8-A61458F12A5C@infowarrior.org> Or, as @SarcasticRover might (and did) say this morning: "Great, 1 year and 100,000,000 miles and I'm still stuck in a damn crater." ;) --rick An Earth Year on Mars By KENNETH CHANG Published: August 5, 2013 On the first anniversary of its landing, halfway through its primary mission to Mars, NASA?s Curiosity rover still has a long way to go. To be exact, 4.4 miles. That is the distance to the foothills of Mount Sharp, an 18,000-foot mountain whose rocks could provide clues to a time on Mars when life could have thrived. Because Curiosity is driving at a careful pace ? up to a 100 yards a day ? the journey will take eight or nine months. For now, science is secondary as Curiosity crawls across a barren, largely uninteresting landscape. ?Pretty much pure driving, pedal to the metal,? said John P. Grotzinger, the mission?s project scientist. An interactive feature offers a chronology of where Curiosity has been and what it has done so far; new images and information will be added as the rover progresses. According to NASA, Curiosity has already traveled more than a mile, taken more than 36,700 images and fired 75,000 laser shots to analyze rocks and soil. The first day ? or sol, the term for a Martian day, which is about 40 minutes longer than a day on Earth ? began in the early morning of Aug. 6, 2012. (At mission control at NASA?s Jet Propulsion Laboratory in Pasadena, it was late on Aug. 5.) The spacecraft carrying Curiosity pierced the top of the Martian atmosphere at more than 13,000 miles per hour. In precisely choreographed maneuvers so risky that NASA called them ?seven minutes of terror,? Curiosity was dropped to an undamaged standstill on the surface. The rover, roughly the size of a car, ended up right where it had been aimed ? within Gale Crater, a 96-mile-wide scar from an asteroid impact at least 3.5 billion years ago. In that time layers of sediment filled much of the crater, which were then somehow carved away, leaving Mount Sharp at the center. Observations from orbit pointed to the presence of clay minerals at the base of the mountain, named in honor of Robert P. Sharp, a prominent geologist and Mars expert. Because clays form in water that has a neutral pH, that made Gale Crater a promising place to look for signs that Mars could have once been hospitable for life. Before it headed toward Mount Sharp, Dr. Grotzinger?s team decided to send Curiosity on a detour to investigate terrain that looked to be an intriguing confluence of three different rock types. Along the way, Curiosity spotted what looked like an ancient streambed. At the site, in the first rock it drilled on Feb. 8 (Sol 182), it struck the jackpot ? clays. This rock in this part of Mars formed in watery conditions that were surprisingly Earthlike. ?Unquestionably, Mars was a habitable planet in its ancient past,? Dr. Grotzinger said. Curiosity, however, does not have instruments that can directly search for life, past or present. Although the primary mission is scheduled for only two years, Curiosity could be exploring Mars far longer. ?It looks great,? said Jennifer H. Trosper, the deputy project manager. ?I think over all the rover has worked better than expected.? But lest anyone think that everything on the $2.5 billion mission would always work perfectly, a computer memory glitch in late February knocked Curiosity out of action for a couple of weeks. ?This is a very sober reminder that the rover ultimately has a finite lifetime,? Dr. Grotzinger said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 16:10:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 17:10:59 -0400 Subject: [Infowarrior] - Not all secrets are alike Message-ID: <2DB5A940-79B1-4C15-A4FF-8F92EA7B736F@infowarrior.org> Columnists 23 July 2013 Not all secrets are alike Hugh Gusterson http://www.thebulletin.org/not-all-secrets-are-alike An anthropologist, Gusterson is a professor of anthropology and sociology at George Mason University. His expertise is in nuclear culture, international security, and the anthropology of science.... When it comes to national security, there are two kinds of secrets. One is the strict military secret. Examples would include the design specifications of a new weapon or planned troop movements. Giving such secrets to an adversary may tip the military balance and is clearly damaging to national security. Most people have little trouble seeing those who give away such secrets?like Manhattan Project physicist Klaus Fuchs, who gave design details of the first atomic bomb to the Soviets?as traitors who should be punished. The second kind of secret is what anthropologists call the ?public secret.? These are denied yet known. Their ambiguous status as simultaneously public and secret torques them with psychological conflict. The concept of the public secret can best be grasped through examples from family life. It may be a public secret that a man is having an affair, but as long as his family does not confront him, the pact of silence allows everyone to behave as if he really does work late a lot at the office. It may be a public secret that a woman is an alcoholic, but as long as no one mentions the bottles stashed in odd places or the mysterious mood swings, public appearances can be maintained. As anyone familiar with such family situations knows, the consequences of saying publicly what everyone knows privately can be profound, forcing corrections in behavior or breaking families apart. Not infrequently, as Henrik Ibsen famously dramatized in his play An Enemy of the People, opprobrium attaches most harshly not to the transgressor, but to the person who tells the truth out loud. It is not just families that have public secrets. Religious institutions do too, as we learned from the child abuse scandal in the Catholic Church. And states have public secrets. For example, as the political thinker Michael Ignatieff has written, in Argentina under the military junta that ruled from 1976 to 1983, it was a public secret that activists and radicals were quietly being abducted by the military, tortured, and killed. This policy, under which between 15,000 and 30,000 citizens disappeared, was not publicly announced, and wealthy elites who had a vested interest in not knowing felt confident in denying it. Still, it was widely known in the way that whispered things are known. Eventually the ambiguity of the public secret was resolved and the facts were made public thanks to the indefatigable activism of the group the Mothers of the Disappeared, who demonstrated weekly in the Plaza de Mayo in Buenos Aires, and a truth commission appointed by President Raul Alfonsin. While the Mothers of the Disappeared could be dismissed as crackpots, a state commission armed with official documents finally had to be believed. As Ignatieff writes, the truth commission stripped the public secret of its deniability, forcing it into the open and working ?to reduce the number of lies that can be circulated unchallenged in public discourse.? He observes that ?its work has made it impossible to claim, for example, that the military did not throw half-dead victims into the sea from helicopters.? Often the state?s greatest rage is directed at those who reveal public secrets, not military secrets. Richard Nixon called Daniel Ellsberg ?the most dangerous man in America? not because he shared military secrets with the Vietcong (he did not), but because in giving the Pentagon Papers to the New York Times (and thus the American people), he made it impossible to deny what many already suspected?that the US government had lied about the reasons for the Vietnam War and about progress in fighting it. US national security officials have likewise been enraged by Bradley Manning, the US Army soldier who gave WikiLeaks 250,000 diplomatic cables and 500,000 Army reports. Although the Obama administration claims that Manning and WikiLeaks gave away military secrets, for the most part they caused embarrassment by revealing public secrets. Many Americans had long been sure that, military propaganda notwithstanding, some American troops in Iraq were prone to using violence indiscriminately, killing innocents, and enjoying the act of killing, but Manning?s release of the ?collateral murder? video, shot from a US military helicopter, gave visceral and undeniable form to inchoate knowledge. Likewise, in 2011 there were few Tunisians who did not know that their government was corrupt, but the people did not rise up against their government until WikiLeaks revealed that the US ambassador had cabled that "Corruption in Tunisia is getting worse. Whether it's cash, services, land, property, or yes, even your yacht, President Ben Ali's family is rumored to covet it and reportedly gets what it wants." Even though he has yet to be found guilty, Manning has been punished harshly. The United Nations special rapporteur on torture complained that Manning?held for months in solitary confinement, often naked, and deprived of sleep?had been subjected to ?cruel, inhuman and degrading treatment in violation of Article 16 of the Convention Against Torture.? Like Manning, Edward Snowden gave away a public secret, revealing that the National Security Agency does not just spy on foreigners, but in violation of the legal framework established after the Vietnam War, also harvests vast quantities of information on the communications of American citizens, including email messages, browsing histories, postal records, and telephone metadata. When public rather than military secrets are given away, the state always insists that military security has been damaged, so it should not surprise us that the Obama administration claims Snowden gave away military secrets that will help those bent on attacking the United States. But there is a reason the top leadership of Al Qaeda has communicated for years by personal courier, and it would be a terrorist or insurgent with a very short life expectancy who would communicate by cell phone or unencrypted email. Snowden?s real crime was to reveal incontrovertibly what some already guessed and others might prefer not to know: The US government has secretly created a massive apparatus of domestic surveillance on the edge of the law. American leaders say they will avoid future Mannings and Snowdens by segmenting access to information so that individual analysts cannot avail themselves of so much, and by giving fewer security clearances, especially to employees of contractors such as Booz Allen Hamilton, where Snowden worked. This will not work. Segmentation of access runs counter to the whole point of the latest intelligence strategy, which is fusion of data from disparate sources. The more Balkanized the data, the less effective the intelligence. And, as Dana Priest and William Arkin make clear in their important book Top Secret America, intelligence agencies are collecting so much information that they have to hire vast numbers of new employees, many of whom cannot be adequately vetted. Since 9/11 the National Security Agency?s workforce has grown by a third, to 33,000, and the number of private companies it relies on for contractors has tripled to close to 500. The more people know your secrets, the more likely it is they will leak out. But, in the final analysis, the reason there will be more Mannings and Snowdens is that so many American secrets are not strict military secrets but scandalous public secrets pertaining to ways the US national security state behaves that are at odds with national or international law, or in conflict with fundamental national values. Whether one condones what Snowden did or not, it is clear that he was motivated by a deep sense of indignation that his government was doing something profoundly wrong. "If you want a secret respected,? said Senator Daniel Patrick Moynihan, one of the country's greatest commentators on secrecy, ?see that it's respectable in the first place." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 5 16:14:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Aug 2013 17:14:02 -0400 Subject: [Infowarrior] - Jeff Bezos letter to WaPo employees Message-ID: <5E6E014E-8B2F-4FE4-8255-FA1F5A81AE25@infowarrior.org> Jeff Bezos on Post purchase http://www.washingtonpost.com/national/jeff-bezos-on-post-purchase/2013/08/05/e5b293de-fe0d-11e2-9711-3708310f6f4d_print.html To the employees of The Washington Post: You?ll have heard the news, and many of you will greet it with a degree of apprehension. When a single family owns a company for many decades, and when that family acts for all those decades in good faith, in a principled manner, in good times and in rough times, as stewards of important values ? when that family has done such a good job ? it is only natural to worry about change. So, let me start with something critical. The values of The Post do not need changing. The paper?s duty will remain to its readers and not to the private interests of its owners. We will continue to follow the truth wherever it leads, and we?ll work hard not to make mistakes. When we do, we will own up to them quickly and completely. I won?t be leading The Washington Post day-to-day. I am happily living in ?the other Washington? where I have a day job that I love. Besides that, The Post already has an excellent leadership team that knows much more about the news business than I do, and I?m extremely grateful to them for agreeing to stay on. There will of course be change at The Post over the coming years. That?s essential and would have happened with or without new ownership. The Internet is transforming almost every element of the news business: shortening news cycles, eroding long-reliable revenue sources, and enabling new kinds of competition, some of which bear little or no news-gathering costs. There is no map, and charting a path ahead will not be easy. We will need to invent, which means we will need to experiment. Our touchstone will be readers, understanding what they care about ? government, local leaders, restaurant openings, scout troops, businesses, charities, governors, sports ? and working backwards from there. I?m excited and optimistic about the opportunity for invention. Journalism plays a critical role in a free society, and The Washington Post -- as the hometown paper of the capital city of the United States -- is especially important. I would highlight two kinds of courage the Grahams have shown as owners that I hope to channel. The first is the courage to say wait, be sure, slow down, get another source. Real people and their reputations, livelihoods and families are at stake. The second is the courage to say follow the story, no matter the cost. While I hope no one ever threatens to put one of my body parts through a wringer, if they do, thanks to Mrs. Graham?s example, I?ll be ready. I want to say one last thing that?s really not about the paper or this change in ownership. I have had the great pleasure of getting to know Don very well over the last ten plus years. I do not know a finer man. Sincerely, Jeff Bezos --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:16:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:16:02 -0400 Subject: [Infowarrior] - Surveillance scandal rips through hacker community Message-ID: <3B4E96D3-E503-40CD-B48A-FE4985EFA8F6@infowarrior.org> Surveillance scandal rips through hacker community The good ol' days of chummy games of "Spot the Fed" at Defcon are finished as hackers and security entrepreneurs plan next steps in the wake of government spying revelations. by Seth Rosenblatt August 6, 2013 4:00 AM PDT http://news.cnet.com/8301-1009_3-57597093-83/surveillance-scandal-rips-through-hacker-community/ LAS VEGAS -- It used to be that the playful Defcon contest of "Spot the Fed" gave hackers and the government agents tracking them a chance interact in a less serious manner. Hackers who found a government agent among the conference attendees would wear with pride T-shirts that read, "I spotted the Fed." The agent would be given a shirt that read, "I am the Fed." And by flipping the cat-and-mouse dynamic for at least one weekend a year, the two groups more or less came to a greater understanding of each other. The relationship had gotten friendly enough so that when Gen. Keith Alexander, the director of the National Security Agency, visited Defcon for the first last year, the conference's founder Jeff Moss told CNET, "It's eye-opening to see the world from their view," and noted that he had wanted to score an official visit from the NSA since Defcon began. It would go too far to say that the uneasy marriage of friendship between the two groups now lies torn asunder in an acrimonious divorce. Hackers, information security professionals, and security experts looking to turn their knowledge into businesses won't stop working or communicating with the U.S. government. But the response to the scandal has driven many of them back to their more skeptical roots. "What we need to realize that [Gen. Alexander] is asking us to destroy ourselves," said Moxie Marlinspike, a well-known information security professional and entrepreneur who has had equipment seized and returned and been detained but never charged by the U.S. government. "The types of programs that he's developing are part of this trend of more efficient law enforcement, toward this world of 100 percent effective law enforcement," said Marlinspike, who uses the alias to protect his legal name. Marlinspike told CNET that he thinks the NSA is interested in hiring hackers because they tend to have an approach to critical thinking that produces an unusual mindset. Hackers are people, he said, who are "not always abiding by the letter of the law, but are not exactly harmful, either." "The problem is that he's asking us to participate in the destruction of the zone where hackers exist," Marlinspike said. General Keith Alexander of the National Security Agency asks security professionals and hackers to help with government surveillance at Black Hat 2013. (Credit: Seth Rosenblatt/CNET) No single hacker voice on NSA Information security professionals are not unified in their interpretation of Alexander's attempt at a mea culpa at last week's Black Hat conference here. Alex Stamos, a network infrastructure and security expert and the chief technical officer of Artemis, the company proposing the .secure top-level domain for a safer Internet, said that Alexander was actually aiming his talk not at independent security researchers but the security teams at security companies. "If you're a security researcher at a large cloud company, you have to include the NSA on your list of threats that you have to protect against," he said. Stamos has done government security consulting in the past, although he told an audience at his Defcon session discussing professional ethics for "white hat" or "good guy" hackers that he would reconsider doing so in the future. Christopher Soghoian, a senior policy analyst and principal technologist with the American Civil Liberties Union, agreed. "I think you've got an extra threat in your threat model, and that threat is the NSA." Marc Maiffret, a white hat hacker who narrowly avoided serious legal consequences for his teen hacking and has testified in front of Congress on security issues, said that the situation is more than a little ironic. "We don't want the NSA to monitor anything, but the whole goal of what [security professionals] do for the most part is to monitor everything. We should have the same safeguards to make sure that those abuses aren't happening," he said, referring to the recent surveillance revelations leaked by Edward Snowden. The ACLU's Soghoian said that the lack of public discussion is at the core of the problem and has impeded the government's achieving its stated security-and-safety goals. "The FBI has a unit now that does nothing but hack into people's computers, extract documents, control Webcams," he said. "The FBI's role as an offensive cyber actor significantly undermines their cause. How can an agency warn people about malware when it's using malware itself?" One security start-up that had an encounter with the FBI was Wickr, a privacy-forward text messaging app for the iPhone with an Android version in private beta. Wickr's co-founder Nico Sell told CNET at Defcon, "Wickr has been approached by the FBI and asked for a backdoor. We said, 'No.'" The mistrust runs deep. "Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs," said Marlinspike, "How could we believe them? How can we believe that anything they say is true?" Where does security innovation go next? The immediate future of information security innovation most likely lies in software that provides an existing service but with heightened privacy protections, such as webmail that doesn't mine you for personal data. Wickr's Sell thinks that her company has hit upon a privacy innovation that a few others are also doing, but many will soon follow: the company itself doesn't store user data. "[The FBI] would have to force us to build a new app. With the current app there's no way," she said, that they could incorporate backdoor access to Wickr users' texts or metadata. "Even if you trust the NSA 100 percent that they're going to use [your data] correctly," Sell said, "Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?" To that end, she said, people will start seeing privacy innovation for services that don't currently provide it. Calling it "social networks 2.0," she said that social network competitors will arise that do a better job of protecting their customer's privacy and predicted that some that succeed will do so because of their emphasis on privacy. Abine's recent MaskMe browser add-on and mobile app for creating disposable e-mail addresses, phone numbers, and credit cards is another example of a service that doesn't have access to its own users' data. Stamos predicted changes in services that companies with cloud storage offer, including offering customers the ability to store their data outside of the U.S. "If they want to stay competitive, they're going to have to," he said. But, he cautioned, "It's impossible to do a cloud-based ad supported service." Soghoian added, "The only way to keep a service running is to pay them money." This, he said, is going to give rise to a new wave of ad-free, privacy protective subscription services. The issue with balancing privacy and surveillance is that the wireless carriers are not interested in privacy, he said. "They've been providing wiretapping for 100 years. Apple may in the next year protect voice calls," he said, and said that the best hope for ending widespread government surveillance will be the makers of mobile operating systems like Apple and Google. Not all upcoming security innovation will be focused on that kind of privacy protection. Security researcher Brandon Wiley showed off at Defcon a protocol he calls Dust that can obfuscate different kinds of network traffic, with the end goal of preventing censorship. "I only make products about letting you say what you want to say anywhere in the world," such as content critical of governments, he said. Encryption can hide the specifics of the traffic, but some governments have figured out that they can simply block all encrypted traffic, he said. The Dust protocol would change that, he said, making it hard to tell the difference between encrypted and unencrypted traffic. It's hard to build encryption into pre-existing products, Wiley said. "I think people are going to make easy-to-use, encrypted apps, and that's going to be the future." Longer-term solutions Right now, the intersection of individual information security experts, governments, and private companies large and small is at a crisis point. How they untangle and compromise their competing interests could have far-reaching ramifications for all. Maiffret, the teen hacker turned respected infosec expert both inside and outside the infosec community, thinks that the government is going to have to give up some ground. "I think they know they need to say more. How do you say more, and not jeopardize things," is the question, he said. "There is a better middle ground. It's just like businesses accepting social media, it won't happen overnight." Companies could face severe consequences from their security experts, said Stamos, if the in-house experts find out that they've been lied to about providing government access to customer data. You could see "lots of resignations and maybe publicly," he said. "It wouldn't hurt their reputations to go out in a blaze of glory." Perhaps not surprisingly, Marlinspike sounded a hopeful call for non-destructive activism on Defcon's 21st anniversary. "As hackers, we don't have a lot of influence on policy. I hope that's something that we can focus our energy on," he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:16:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:16:05 -0400 Subject: [Infowarrior] - It's Dangerous For Free Speech When We Confuse Leakers With Spies Message-ID: <6D59ACC9-84F5-4C70-93BA-8D00F0686C73@infowarrior.org> It's Dangerous For Free Speech When We Confuse Leakers With Spies from the they're-not-the-same dept http://www.techdirt.com/articles/20130802/14032124047/its-dangerous-free-speech-when-we-confuse-leakers-with-spies.shtml We've tried to make similar points a few times in the past about our concern with the Obama administration going after whistleblowers and the journalists who publish their leaks by using the Espionage Act more than all other Presidents in history, combined (more than twice as much, actually). But the NY Times has a great piece highlighting how the federal government now seems to completely blur the lines between being a leaker and a spy. < = > Of course, some would argue that this is the goal. The very same article quotes former Bush administration apologist lawyer John Yoo -- infamous in part because of his tortured legal defense, twisting the clear meaning and intent of the Geneva Conventions in order to pretend that the US could use torture as an interrogation technique without violating the rules. Not surprisingly, Yoo doesn't have any problem at all with condemning leakers as spies. < - > But there's a larger, more troubling, point in all of this. When we redefine whistleblower and leaker to the point that they're considered "spies," and, at the same time, accuse journalists and media outlets of being co-conspirators and not being covered by the same basic rights that we supposedly honor in this country, the further and further we get from the basic ideals of a free and fair society. Again, those in power don't seem to much care for a free and fair society -- because they're in power. But for people who would like to have a government that actually represents the people, this should be a major concern. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:17:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:17:34 -0400 Subject: [Infowarrior] - IPR: Necessary and inherent limits to internet surveillance Message-ID: <0624BCE8-4037-4509-A6AA-34B990754759@infowarrior.org> Necessary and inherent limits to internet surveillance 05 Aug 2013 by Joss Wright on surveillance http://policyreview.info/articles/analysis/necessary-and-inherent-limits-internet-surveillance --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:19:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:19:15 -0400 Subject: [Infowarrior] - McAfee CTO to Lead Cybersecurity at Homeland Security Message-ID: McAfee CTO to Lead Cybersecurity at Homeland Security http://blogs.wsj.com/digits/2013/08/05/mcafee-cto-to-lead-cybersecurity-at-homeland-security/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:24:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:24:46 -0400 Subject: [Infowarrior] - Wag The Dog 2013? Message-ID: A *lot* of friends have asked this same question. Could it be a convenient diversion from other things, such as the public outcry over Snowden's disclosures? Instead of ficticious Firefly Girls an administration is running from it's the real-world Surveillance Sorority? --- rick http://freebeacon.com/terror-threat-intelligence-not-new/ Terror Threat Intelligence Not New BY: Bill Gertz Intelligence regarding al Qaeda plans to attack U.S. embassies, officials, and interests last Sunday was known for months by U.S. intelligence agencies but was used only recently to trigger the closure of embassies and issuance of public warnings of impending attacks. < - > The timing of the administration?s announced closure of numerous U.S. embassies in the Middle East has raised concerns among some U.S. officials that the Obama administration is politicizing intelligence to distract attention from the Benghazi and other scandals. ?Why is this coming out now?? asked one official with access to terrorist threat data. ?Is the administration trying to suck up news coverage with the embassy threats to distract attention from what the CIA was doing in Benghazi?? < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:27:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:27:10 -0400 Subject: [Infowarrior] - DHS creating federal cybersecurity marketplace Message-ID: Lockheed to SAIC Seek $6 Billion Anti-Hacking Work From U.S. By Chris Strohm and Danielle Ivory on July 23, 2013 http://www.businessweek.com/news/2013-07-23/lockheed-to-saic-seek-6-billion-anti-hacking-work-from-u-dot-s The U.S. Department of Homeland Security plans to create a $6 billion shopping hub for federal, state and local agencies seeking to shield their computer networks from hackers. Contracts for what may become the biggest unclassified cybersecurity program in the U.S. government will be awarded as early as this month. The agreement has attracted interest from dozens of companies seeking opportunities in a $512 billion federal contracting market that is shrinking with the wars? end and U.S. budget cuts. The list of bidders includes top contractors such as Lockheed Martin Corp. (LMT:US), Northrop Grumman Corp. (NOC:US) and SAIC Inc. (SAI:US) ?We?re not talking about buying pencils; we?re talking about an advanced technology architecture system,? said Michael Carpenter, president of U.S. sales for Santa Clara, California-based McAfee Inc., which is interested in doing work under the program. ?This is the first time I?ve seen in civilian government where they?ve come together for an entire joint acquisition.? The program follows a February executive order from President Barack Obama, which directed the Homeland Security Department to ensure that unclassified government networks are constantly scanned for threats, defended from attacks and audited for performance to ensure federal agencies are complying with computer-security rules. Five Contractors Agencies such as the Agriculture Department, Environmental Protection Agency and Social Security Administration have struggled to meet those requirements, according to a March 2013 White House report to Congress. The program will enable Homeland Security to work ?with federal civilian departments and agencies in developing capabilities that will improve their cybersecurity posture,? S.Y. Lee, a department spokesman, said in an e-mail. As many as five companies will be awarded contracts by the General Services Administration, according to a request for bids. The $6 billion is the maximum value of those contracts during as many as five years under the so-called Continuous Diagnostics and Mitigation program managed by Homeland Security. The suppliers will provide central hubs in which government agencies can buy computer hardware and software as well as consulting services to help manage employees? access to networks, according to the government?s request for bids. Those controls have been under scrutiny following defense contractor Edward Snowden?s leaks of classified U.S. surveillance programs. Early Warning Technology can be used to develop an electronic, early-warning radar to identify emerging threats and provide agencies the tools they need to thwart them, John Bordwine, global government chief architect for Symantec Corp. (SYMC:US), a network-security company based in Mountain View, California, said in a phone interview. The program is designed for civilian government agencies, though it also will be available to the Defense Department and intelligence agencies, according to the federal request for bids. State and local agencies will also be able to benefit from the consistency, pricing and purchasing speed that federal agencies will gain under the program, according to the request. While the program may turn out to be the largest unclassified cybersecurity contract in the federal government, it might not reach $6 billion, William Loomis, a managing director at Stifel Nicolaus & Co., a St. Louis, Missouri-based brokerage and investment banking firm, said in a phone interview. Congress Funds Loomis said one challenge is that Homeland Security can?t compel agencies to buy through the contracts. He said he believes smaller agencies are likely to buy the services. Congress appropriated $202 million to Homeland Security for the program during the current year ending Sept. 30, which equates to $185 million after automatic U.S. spending cuts under a process known as sequestration. The department has requested $168 million for the program in fiscal 2014. ?The only sure-fire money here is the $200 million a year? that the department gets, said Brian Friel, a contracts analyst for Bloomberg Industries. Ron Gula, chief executive officer of the network-security company Tenable Network Security Inc., said it also isn?t clear if Homeland Security will buy products and services for agencies. The company is based in Columbia, Maryland. ?Everybody knows this is a significant procurement, but nobody knows how it?s going to happen,? Gula said. ?What strings are attached to that? I don?t think anybody knows.? Lockheed Bid Lockheed Martin, based in Bethesda, Maryland, has bid to be a prime, or direct, contractor for the program, company spokeswoman Sheila Collins said in an e-mail. The Pentagon?s top contractor is committed to supporting Homeland Security ?in the effective deployment of this important information security capability across the federal government,? Collins said. Spokesmen for Falls Church, Virginia-based Northrop Grumman, McLean, Virginia-based SAIC and Falls Church, Virginia-based Computer Sciences Corp. (CSC:US) also said the companies had bid on the contract. The Homeland Security Department will get access to information about threats and electronic attacks on civilian government networks under the program. Data Sharing In April, lawmakers in the House of Representatives fought over whether the department or the National Security Agency should be the primary federal agency to receive cybersecurity threat data from companies as part of an information-sharing cybersecurity bill. The bill passed by the House directs companies to send data on intrusions to the Homeland Security Department unless they have a preexisting relationship for doing so with the Pentagon. The Obama administration?s decision to give more cybersecurity work to Homeland Security under the Continuous Diagnostics and Mitigation program may help settle the dispute over which agency is best suited to provide cybersecurity services, analyst Friel said. ?This establishes Homeland as the lead for civilian agencies, and Defense can keep managing its own cybersecurity programs,? Friel said. ?This is a program that DoD could have managed. In a way, it?s sort of settling the turf war.? To contact the reporters on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net; Danielle Ivory in Washington at divory at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 07:31:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 08:31:41 -0400 Subject: [Infowarrior] - Apple offers govs censorship options for video/photos Message-ID: No shooting at protest? Police may block mobile devices via Apple Published time: September 05, 2012 10:12 Edited time: September 05, 2012 14:12 http://rt.com/news/apple-patent-transmission-block-408/ Apple has patented a piece of technology which would allow government and police to block transmission of information, including video and photographs, from any public gathering or venue they deem ?sensitive?, and ?protected from externalities.? In other words, these powers will have control over what can and cannot be documented on wireless devices during any public event. And while the company says the affected sites are to be mostly cinemas, theaters, concert grounds and similar locations, Apple Inc. also says ?covert police or government operations may require complete ?blackout? conditions.? ?Additionally,? Apple says,? the wireless transmission of sensitive information to a remote source is one example of a threat to security. This sensitive information could be anything from classified government information to questions or answers to an examination administered in an academic setting.? The statement led many to believe that authorities and police could now use the patented feature during protests or rallies to block the transmission of video footage and photographs from the scene, including those of police brutality, which at times of major events immediately flood news networks and video websites. Apple patented the means to transmit an encoded signal to all wireless devices, commanding them to disable recording functions. Those policies would be activated by GPS, and WiFi or mobile base-stations, which would ring-fence ("geofence") around a building or a ?sensitive area? to prevent phone cameras from taking pictures or recording video. Apple may implement the technology, but it would not be Apple's decision to activate the ?feature? ? it would be down governments, businesses and network owners to set such policies, analyzes ZDNet technology website. Having invented one of the most sophisticated mobile devices, Apple now appears to be looking for ways to restrict its use. ?As wireless devices such as cellular telephones, pagers, personal media devices and smartphones become ubiquitous, more and more people are carrying these devices in various social and professional settings,? it explains in the patent. ?The result is that these wireless devices can often annoy, frustrate, and even threaten people in sensitive venues.? The company?s listed ?sensitive? venues so far include mostly meetings, the presentation of movies, religious ceremonies, weddings, funerals, academic lectures, and test-taking environments. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 10:30:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 11:30:24 -0400 Subject: [Infowarrior] - T.S.A. Expands Duties Beyond Airport Security Message-ID: <8EE940F5-9F11-406D-96C0-33E7034DBB6B@infowarrior.org> T.S.A. Expands Duties Beyond Airport Security By RON NIXON Published: August 5, 2013 http://www.nytimes.com/2013/08/06/us/tsa-expands-duties-beyond-airport-security.html WASHINGTON ? As hundreds of commuters emerged from Amtrak and commuter trains at Union Station on a recent morning, an armed squad of men and women dressed in bulletproof vests made their way through the crowds. The squad was not with the Washington police department or Amtrak?s police force, but was one of the Transportation Security Administration?s Visible Intermodal Prevention and Response squads ? VIPR teams for short ? assigned to perform random security sweeps to prevent terrorist attacks at transportation hubs across the United States. ?The T.S.A., huh,? said Donald Neubauer of Greenville, Ohio, as he walked past the squad. ?I thought they were just at the airports.? With little fanfare, the agency best known for airport screenings has vastly expanded its reach to sporting events, music festivals, rodeos, highway weigh stations and train terminals. Not everyone is happy. T.S.A. and local law enforcement officials say the teams are a critical component of the nation?s counterterrorism efforts, but some members of Congress, auditors at the Department of Homeland Security and civil liberties groups are sounding alarms. The teams are also raising hackles among passengers who call them unnecessary and intrusive. ?Our mandate is to provide security and counterterrorism operations for all high-risk transportation targets, not just airports and aviation,? said John S. Pistole, the administrator of the agency. ?The VIPR teams are a big part of that.? Some in Congress, however, say the T.S.A. has not demonstrated that the teams are effective. Auditors at the Department of Homeland Security are asking questions about whether the teams are properly trained and deployed based on actual security threats. Civil liberties groups say that the VIPR teams have little to do with the agency?s original mission to provide security screenings at airports and that in some cases their actions amount to warrantless searches in violation of constitutional protections. ?The problem with T.S.A. stopping and searching people in public places outside the airport is that there are no real legal standards, or probable cause,? said Khaliah Barnes, administrative law counsel at the Electronic Privacy Information Center in Washington. ?It?s something that is easily abused because the reason that they are conducting the stops is shrouded in secrecy.? T.S.A. officials respond that the random searches are ?special needs? or ?administrative searches? that are exempt from probable cause because they further the government?s need to prevent terrorist attacks. Created in the aftermath of the Sept. 11, 2001, attacks, the T.S.A. has grown to an agency of 56,000 people at 450 American airports. The VIPR teams were started in 2005, in part as a reaction to the Madrid train bombing in 2004 that killed 191 people. The program now has a $100 million annual budget and is growing rapidly, increasing to several hundred people and 37 teams last year, up from 10 teams in 2008. T.S.A. records show that the teams ran more than 8,800 unannounced checkpoints and search operations with local law enforcement outside of airports last year, including those at the Indianapolis 500 and the Democratic and Republican national political conventions. The teams, which are typically composed of federal air marshals, explosives experts and baggage inspectors, move through crowds with bomb-sniffing dogs, randomly stop passengers and ask security questions. There is usually a specially trained undercover plainclothes member who monitors crowds for suspicious behavior, said Kimberly F. Thompson, a T.S.A. spokeswoman. Some team members are former members of the military and police forces. T.S.A. officials would not say if the VIPR teams had ever foiled a terrorist plot or thwarted any major threat to public safety, saying the information is classified. But they argue that the random searches and presence of armed officers serve as a deterrent that bolsters the public confidence. Security experts give the agency high marks for creating the VIPR teams. ?They introduce an unexpected element into situations where a terrorist might be planning an attack,? said Rafi Ron, the former chief of security for Ben-Gurion International Airport in Israel, who is now a transportation security consultant. Local law enforcement officials also welcome the teams. ?We?ve found a lot of value in having these high-value security details,? said John Siqveland, a spokesman for Metro Transit, which operates buses and trains Minneapolis-St. Paul. He said that local transit police have worked with VIPR teams on security patrols on the Metro rail line, which serves the Minnesota Vikings stadium, the Mall of America and the airport. Kimberly Woods, a spokeswoman for Amtrak, said the railroad has had good experiences with VIPR team members who work with the Amtrak police on random bag inspections during high-travel times. ?They supplement our security measures,? she said. But elsewhere, experiences with the teams have not been as positive. In 2011, the VIPR teams were criticized for screening and patting down people after they got off an Amtrak train in Savannah, Ga. As a result, the Amtrak police chief briefly banned the teams from the railroad?s property, saying the searches were illegal. In April 2012, during a joint operation with the Houston police and the local transit police, people boarding and leaving city buses complained that T.S.A. officers were stopping them and searching their bags. (Local law enforcement denied that the bags were searched.) The operation resulted in several arrests by the local transit police, mostly for passengers with warrants for prostitution and minor drug possession. Afterward, dozens of angry residents packed a public meeting with Houston transit officials to object to what they saw as an unnecessary intrusion by the T.S.A. ?It was an incredible waste of taxpayers? money,? said Robert Fickman, a local defense lawyer who attended the meeting. ?Did we need to have T.S.A. in here for a couple of minor busts?? Representative Bennie Thompson, Democrat of Mississippi and ranking member on the House Homeland Security Committee, which has oversight of the T.S.A., said he generally supports the VIPR teams but remains concerned about the warrantless searches and the use of behavior detection officers to profile individuals in crowds. ?This is a gray area,? he said. ?I haven?t seen any good science that says that is what a terrorist looks like. Profiling can easily be abused.? Mr. Thompson said he also had questions about the effectiveness of the program because of issues like those raised in Houston and Savannah. ?It?s hard to quantify the usefulness of these teams based on what we have seen so far,? he said. An August 2012 report by the inspector general of the Department of Homeland Security raised similar questions. Some T.S.A. officials told auditors that they had concerns that deploying VIPR teams to train stations or other events was not always based on credible intelligence. The auditors also said that VIPR teams might not have ?the skills and information to perform successfully in the mass transit environment.? Mr. Pistole said the agency is now retraining VIPR teams based on recommendations in the report and is working to increase the public?s knowledge about them. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 12:13:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 13:13:08 -0400 Subject: [Infowarrior] - Military Tests Data Mining of Social Media for Special Ops Message-ID: <64CA1128-E291-4317-8A1A-3D37A4B43721@infowarrior.org> Military Tests Data Mining of Social Media for Special Ops http://blogs.fas.org/secrecy/2013/08/quantum-leap/ The U.S. military has been investigating the use of sophisticated data mining tools to probe social media and other open sources in order to support military operations against money laundering, drug trafficking, terrorism and other threats. But the window for doing so may be closing as the social media landscape changes, according to an internal assessment. U.S. Special Operations Command (SOCOM) National Capital Region (NCR) conducted a series of experiments over the past year under the rubric ?QUANTUM LEAP? that was intended to test ?non-traditional? tools and techniques to advance the SOCOM mission. An after-action report on the first experiment said it ?was successful in identifying strategies and techniques for exploiting open sources of information, particularly social media, in support of a counter threat finance mission.? Counter threat finance refers to efforts to disrupt an adversary?s finances. A copy of the SOCOM NCR report was obtained by Secrecy News. See ?Project QUANTUM LEAP: After Action Report,? 12 September 2012. ?Major lessons learned were the pronounced utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the internet and social media?,? the report said. The QUANTUM LEAP project, which did not utilize classified intelligence, relied heavily on participation by private sector firms identified in the report, who demonstrated tools they had developed ?to enhance the ability to discover relationships, human networks, and geospatial features? from open source data. A tool called Social Bubble permitted the search of Twitter-related content ?to explore human networks associated with the [counter threat finance] scenario and enabled identification of various entities? associated with the moneylaundering network.? A tool called Recon was used to reconstruct source documents from a raw data stream. Another tool served to ?collect large quantities of data from the ?deep web?, or sources which are accessible via the internet but not necessarily indexed or linked via a world wide web page.? And another called Semantica ?is capable of ingesting structured and semi-structured data and displaying it in a ?triplet? format, e.g. two entities and a relationship, such as [A is owned by B].? ?More than 200 additional open-source tools and sources were identified relevant to counter threat finance,? the SOCOM report said. The report said that as valuable as the opportunity created by new techniques for data mining of open sources appears to be, it may prove to be transient. ?We are currently in a ?window? of opportunity for exploitation of social media sources for application to CTF [counter threat finance] or other SOCOM NCR missions. This window could be as narrow as 18-24 months before the social media phenomenon transforms. This future transformation is unknown and could offer additional opportunities, or existing opportunities could be closed, but the only thing that is certain is that there will continue to be rapid change.? There are also unresolved legal issues. ?Legal review of the appropriate use and application of social media data is in its infancy. Social media is transforming notions of privacy and distinctions between personally identifiable information (PII) and self-reported public information will have to be established by precedent in case law,? the report said. ?Almost all information relevant to the QUANTUM LEAP experiment has a locative context [revealing the location of the source]. Location based services (LBS) are becoming integrated into every facet of our lives and are becoming much more accepted. There is a cultural/generational component to acceptance of LBS in social media,? the report said. SOCOM Public Affairs did not respond to requests for comment or further information about the project, and the report describing the effort (labeled ?draft?) has not been formally released. However, the report was kept unclassified, facilitating its dissemination and discussion among the interested public. Meanwhile, the future of SOCOM National Capital Region is itself uncertain, as Congress has thus far declined to authorize or appropriate funds that were requested for it in the coming fiscal year. ?The Committee remains unclear about the function, purpose, and costs associated with the operations, infrastructure, and facilities for this entity [SOCOM National Capital Region] both in the interim phase and the final end-state,? according to a June 2013 report of the House Appropriations Committee. ?Further, the Committee has received conflicting information over the course of the last year as to the purpose of this entity.? Project QUANTUM LEAP derives its name and inspiration from an initiative in the late 1990s to incorporate advanced technologies into Naval Special Warfare capabilities. That earlier Project QUANTUM LEAP was described in ?Stimulating Innovation in Naval Special Warfare by Utilizing Small Working Groups? by Thomas A. Rainville, Master?s Thesis, March 2001. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 17:31:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 18:31:19 -0400 Subject: [Infowarrior] - Former NSA Boss Calls Snowden's Supporters Internet Shut-ins; Equates Transparency Activists With Al-Qaeda Message-ID: <33415A59-7ABC-4F33-AE29-84A5816A7B9C@infowarrior.org> Former NSA Boss Calls Snowden's Supporters Internet Shut-ins; Equates Transparency Activists With Al-Qaeda http://www.techdirt.com/articles/20130806/12154724080/former-nsa-director-calls-snowdens-supporters-internet-shut-ins-equates-transparency-activists-with-al-qaida-terrorists.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 6 17:48:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Aug 2013 18:48:10 -0400 Subject: [Infowarrior] - Confused Xerox copiers rewrite documents, expert finds Message-ID: 6 August 2013 Last updated at 08:28 ET Confused Xerox copiers rewrite documents, expert finds http://www.bbc.co.uk/news/technology-23588202?print=true Photocopiers made by Xerox are changing numbers on documents, a German computer scientist has discovered. David Kriesel found that copies he made of construction plans had altered room dimensions. Other users have replicated the problem, which has been blamed on faults with compression software used by several Xerox models. The company has not yet issued a fix for the problem, but it told the BBC it was preparing a statement. Mr Kriesel said he worried that numbers could be altered on invoices and other important documents. Shrinking room He questioned whether incorrect figures could leave a company liable to legal action. Niri Shan, a partner at London-based law firm Taylor Wessing, told the BBC it could raise interesting legal implications. "The person who provided the figures would be liable [for any issues]. Then the question would be, could they turn round to the photocopying company and say, 'Hold on a minute, this is your fault'? "Often in commercial contracts, the manufacturer may have limitations of liability on consequential loss." In his tests, Mr Kriesel found that often the number "6" would be turned into an "8", and vice versa, with other numbers being affected too. One room on his copied plans had its dimensions shrunk from 21.11m to 14.13m. Substitute figures He said the anomaly is caused by Jbig2, an image compression standard. Image compression is typically used in scanners and copiers to make file sizes of scans smaller. Jbig2 would substitute figures it thought were the same, meaning similar numbers were being wrongly swapped. Mr Kriesel said the two models affected were the Xerox Workcentre 7535 and 7556. However, since posting details of the fault online, several other users have come forward with problems on other machines. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 06:42:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 07:42:26 -0400 Subject: [Infowarrior] - New double issue of Surveillance & Society Message-ID: Surveillance & Society | Vol.11, No.1/2 (2013) "Surveillance Futures" http://library.queensu.ca/ojs/index.php/surveillance-and-society/issue/current edited by Kirstie Ball, Clive Norris and David Murakami Wood. This is a double issue featuring both papers from open submission and papers originally presented at the 5th Biannual Surveillance Studies Network / Surveillance & Society Conference, 'Watch This Space? Surveillance Futures' organized by Kirstie Ball, Ben Gould, Nicky Green, Clive Norris and Charles Raab. Featuring 12 new articles... ? Rob Michael Pallitto - Bargaining with the Machine: A Framework for Describing Encounters with Surveillance Technologies ? Steve Mann & Joseph Ferenbok - New Media and the power politics of sousveillance in a surveillance-dominated world ? Patrick O'Byrne & Alyssa Bryan - Resisting Public Health Surveillance: Anonymous HIV Testing and the Imperative of Health ? Natasha Saltes - ?Abnormal? Bodies on the Borders of Inclusion: Biopolitics and the Paradox of Disability Surveillance ? Chiara Fonio & Stefano Agnoletto - Surveillance, Repression and the Welfare State: Aspects of Continuity and Discontinuity in post-Fascist Italy ? Helen M. Hintjens - Screening in or out? Surveillance of unwanted humanity across the EU ? Kees Boersma - Liminal Surveillance. Intensified use of an existing CCTV system during a local event ? ? Inga Kroener - 'Caught on Camera': The media representation of video surveillance in relation to the 2005 London Underground bombings ? S?verine Germain - A prosperous ?business?. The success of CCTV through the eyes of international literature ? ? Christopher Gad & Lone Koefoed Hansen - A Closed Circuit Technological Vision: On Minority Report, event detection, and enabling technologies ? Jennifer R. Whitson - Gaming the Quantified Self ? ? Baki Cakici - Sustainability through surveillance: ICT discourses in design documents plus a research note by Emily Smith & David Lyon on Survey Findings from Canada and the USA on Surveillance and Privacy from 2006 and 2012, and reviews of Bauman and Lyon's Liquid Surveillance, Magnet's When Biometrics Fail, Gilliom and Monahan's SuperVision and Larsen's Setting the Watch. Surveillance & Society| http://www.surveillance-and-society.org ?over a decade of independent, genuinely open-access, free, peer-reviewed academic publishing! --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 06:53:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 07:53:26 -0400 Subject: [Infowarrior] - U.S. to review DEA unit that hides use of intel in crime cases Message-ID: But of course they are. Because it was all 100% acceptable and didn't require any internal investigations into its legality until the public found out about it. ---rick U.S. to review DEA unit that hides use of intel in crime cases By John Shiffman and David Ingram WASHINGTON | Mon Aug 5, 2013 7:16pm EDT http://www.reuters.com/article/2013/08/05/us-dea-sod-reaction-idUSBRE97412S20130805 (Reuters) - The Justice Department is reviewing a U.S. Drug Enforcement Administration unit that passes tips culled from intelligence intercepts, wiretaps, informants and a large telephone database to field agents, White House Press Secretary Jay Carney said Monday. Reuters reported Monday that agents who use such tips are trained to "recreate" the investigative trail to effectively conceal the DEA unit's involvement from defense lawyers, prosecutors and even judges, a policy many lawyers said could violate a defendant's right to a fair trial. Federal drug agents call the process of changing the true genesis of an arrest "parallel construction," according to a training document. Although the DEA program may use legal means to collect and distribute the tips, critics say that by hiding the origin of a case, defendants may not know about potentially exculpatory evidence. "It's my understanding? that the Department of Justice is looking at some of the issues raised in the story," Carney said during his daily briefing at the White House on Monday. Carney referred reporters to a Justice Department spokesman, who confirmed that a review was under way, but declined further comment. In an interview with Reuters last month, two senior DEA officials defended the program, saying it has been in place since the late 1990s, has been reviewed by every Attorney General since then, and is perfectly legal. One DEA official said "parallel construction" is used every day by agents and police nationwide and is "a bedrock concept." The program, run by DEA's Special Operations Division, differs in several respects from National Security Agency activities revealed by former NSA contractor Edward Snowden. Among these is disclosure to the accused. Collection of domestic data by the NSA and FBI for espionage and terrorism cases is regulated by the Foreign Intelligence Surveillance Act. If prosecutors intend to use FISA or other classified evidence in court, they issue a public notice, and a judge determines whether the defense is entitled to review the evidence. In the DEA's case, a document reviewed by Reuters shows that federal drug agents are trained to "recreate" the investigative trail to conceal the SOD's involvement. Defense attorneys say the practice prevents defendants from even knowing about evidence that might help their cases. In a statement, the NSA said that it cannot use the telephone database program exposed by Snowden for law enforcement purposes. However, the NSA said that it does coordinate with law enforcement. "This coordination frequently includes sanitizing classified information so that it can be passed to personnel at lower clearance levels in order to meet their operational requirements," the NSA statement said. "If the Intelligence Community collects information pursuant to a valid foreign intelligence tasking that is recognized as being evidence of a crime, the intelligence community can disseminate that information to law enforcement, as appropriate." While the NSA activities are aimed at terrorists, the SOD program focuses on drug dealers and money launders. That distinction troubles some civil libertarians, who fear secretive measures designed to target terrorists are being used to catch ordinary criminals. Jerry Cox, president of the National Association of Criminal Defense Lawyers (NACDL), said defense lawyers "long feared that overbroad national security policies would become the norm for all criminal prosecutions and today we know our concerns were not unfounded." Ezekiel Edwards, director of the American Civil Liberties Union's Criminal Law Reform Project, said the SOD procedures violate the fundamental right to a fair trial. "When someone is accused of a crime, the Constitution guarantees the right to examine the government's evidence, including its sources, and confront the witnesses against them," he said. "Our due process rights are at risk when our federal government hides and distorts the sources of evidence used as the basis for arrests and prosecutions." (Edited by Michael Williams) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 06:55:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 07:55:59 -0400 Subject: [Infowarrior] - Good read: Restoring Trust in Government and the Internet Message-ID: <4F0B15F5-57C4-46EE-B003-D941CD8B2DB9@infowarrior.org> (note: article on Bruce's site has embedded hyperlinks to the various statements/stories cited. --rick) Restoring Trust in Government and the Internet http://www.schneier.com/blog/archives/2013/08/restoring_trust.html In July 2012, responding to allegations that the video-chat service Skype -- owned by Microsoft -- was changing its protocols to make it possible for the government to eavesdrop on users, Corporate Vice President Mark Gillett took to the company's blog to deny it. Turns out that wasn't quite true. Or at least he -- or the company's lawyers -- carefully crafted a statement that could be defended as true while completely deceiving the reader. You see, Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, because the government was already able to eavesdrop on users. At a Senate hearing in March, Director of National Intelligence James Clapper assured the committee that his agency didn't collect data on hundreds of millions of Americans. He was lying, too. He later defended his lie by inventing a new definition of the word "collect," an excuse that didn't even pass the laugh test. As Edward Snowden's documents reveal more about the NSA's activities, it's becoming clear that we can't trust anything anyone official says about these programs. Google and Facebook insist that the NSA has no "direct access" to their servers. Of course not; the smart way for the NSA to get all the data is through sniffers. Apple says it's never heard of PRISM. Of course not; that's the internal name of the NSA database. Companies are publishing reports purporting to show how few requests for customer-data access they've received, a meaningless number when a single Verizon request can cover all of their customers. The Guardian reported that Microsoft secretly worked with the NSA to subvert the security of Outlook, something it carefully denies. Even President Obama's justifications and denials are phrased with the intent that the listener will take his words very literally and not wonder what they really mean. NSA Director Gen. Keith Alexander has claimed that the NSA's massive surveillance and data mining programs have helped stop more than 50 terrorist plots, 10 inside the U.S. Do you believe him? I think it depends on your definition of "helped." We're not told whether these programs were instrumental in foiling the plots or whether they just happened to be of minor help because the data was there. It also depends on your definition of "terrorist plots." An examination of plots that that FBI claims to have foiled since 9/11 reveals that would-be terrorists have commonly been delusional, and most have been egged on by FBI undercover agents or informants. Left alone, few were likely to have accomplished much of anything. Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative. There's much more to come. Right now, the press has published only a tiny percentage of the documents Snowden took with him. And Snowden's files are only a tiny percentage of the number of secrets our government is keeping, awaiting the next whistle-blower. Ronald Reagan once said "trust but verify." That works only if we can verify. In a world where everyone lies to us all the time, we have no choice but to trust blindly, and we have no reason to believe that anyone is worthy of blind trust. It's no wonder that most people are ignoring the story; it's just too much cognitive dissonance to try to cope with it. This sort of thing can destroy our country. Trust is essential in our society. And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers. Study after study demonstrates the value of living in a high-trust society and the costs of living in a low-trust one. Rebuilding trust is not easy, as anyone who has betrayed or been betrayed by a friend or lover knows, but the path involves transparency, oversight and accountability. Transparency first involves coming clean. Not a little bit at a time, not only when you have to, but complete disclosure about everything. Then it involves continuing disclosure. No more secret rulings by secret courts about secret laws. No more secret programs whose costs and benefits remain hidden. Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions. Accountability means that those who break the law, lie to Congress or deceive the American people are held accountable. The NSA has gone rogue, and while it's probably not possible to prosecute people for what they did under the enormous veil of secrecy it currently enjoys, we need to make it clear that this behavior will not be tolerated in the future. Accountability also means voting, which means voters need to know what our leaders are doing in our name. This is the only way we can restore trust. A market economy doesn't work unless consumers can make intelligent buying decisions based on accurate product information. That's why we have agencies like the FDA, truth-in-packaging laws and prohibitions against false advertising. In the same way, democracy can't work unless voters know what the government is doing in their name. That's why we have open-government laws. Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society. Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I'm expected to know which companies protect their users' privacy and which encryption programs the NSA can't break. The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do. This essay originally appeared on CNN.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 07:07:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 08:07:58 -0400 Subject: [Infowarrior] - =?windows-1252?q?Obama=3A_=27We_Don=92t_Have_a_Do?= =?windows-1252?q?mestic_Spying_Program=27?= Message-ID: <01523BCD-57C7-4623-BEDA-B592FF5DE9A7@infowarrior.org> Talk about creative wordsmithing...... Obama: 'We Don?t Have a Domestic Spying Program' http://www.weeklystandard.com/blogs/obama-we-don-t-have-domestic-spying-program_745680.html On NSA: POTUS said government surveillance is a "critical component to counterterrorism." But, he said, he knows that the surveillance programs have "raised a lot of questions for people." "We don?t have a domestic spying program. What we do have is some mechanisms that can track a phone number or an email address that is connected to a terroritst attack...That information is useful." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 08:23:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 09:23:57 -0400 Subject: [Infowarrior] - Koppel: America's Chronic Overreaction to Terrorism Message-ID: <93629C4E-395B-4D91-A8CA-F86A052B8765@infowarrior.org> The third-to-last paragraph is spot-on correct. --rick Ted Koppel: America's Chronic Overreaction to Terrorism The country's capacity for self-inflicted damage must have astounded even Osama bin Laden. TED KOPPEL http://online.wsj.com/article/SB10001424127887324653004578650462392053732.html June 28, 2014, will mark the 100th anniversary of what is arguably the most eventful terrorist attack in history. That was the day that Gavrilo Princip, a Bosnian Serb, shot and killed the heir to the Austro-Hungarian throne. In one of those mega-oversimplifications that journalists love and historians abhor, the murder of the Archduke Franz Ferdinand and his pregnant wife, Sophie, led directly and unavoidably to World War I. Between 1914 and 1918, 37 million soldiers and civilians were injured or killed. If there should ever be a terrorists' Hall of Fame, Gavrilo Princip will surely deserve consideration as its most effective practitioner. Terrorism, after all, is designed to produce overreaction. It is the means by which the weak induce the powerful to inflict damage upon themselves?and al Qaeda and groups like it are surely counting on that as the centerpiece of their strategy. It appears to be working. Right now, 19 American embassies and a number of consulates and smaller diplomatic outposts are closed for the week due to the perceived threat of attacks against U.S. targets. Meantime, the U.S. has launched drone strikes on al Qaeda fighters in Yemen. By the standards of World War I, however, the United States has responded to the goading of contemporary terrorism with relative moderation. Indeed, during almost a decade of terrorist provocation, the U.S. government showed the utmost restraint. In February of 1993, before most of us had any real awareness of al Qaeda, Khalid Sheikh Mohammed, who would later be identified as the principal architect of 9/11, financed an earlier attack on the World Trade Center with car bombs that killed six and injured more than 1,000. Enlarge Image AFP/Getty Images Pakistani security personnel stand guard outside the US consulate in Lahore on Monday. Five years later, al Qaeda launched synchronized attacks on U.S. embassies in Kenya and Tanzania, killing more than 220 and injuring well over 4,000 people. In October 2000, al Qaeda operatives rammed a boat carrying explosives into the USS Cole, which was docked in Yemen. Seventeen American sailors were killed and 39 were injured. Each of these attacks occurred during the presidency of Bill Clinton. In each case, the U.S. responded with caution and restraint. Covert and special operations were launched. The U.S. came close to killing or capturing Osama bin Laden at least twice, but there was a clear awareness among many policy makers that bin Laden might be trying to lure the U.S. into overreacting. Clinton administration counterterrorism policy erred, if at all, on the side of excessive caution. Critics may argue that Washington's feckless response during the Clinton years encouraged al Qaeda to launch its most spectacular and devastating attack on Sept. 11, 2001. But President George W. Bush also showed great initial restraint in ordering a response to the 9/11 attacks. Covert American intelligence operatives working with special operations forces coordinated indigenous Afghan opposition forces against the Taliban on the ground, while U.S. air power was directed against the Taliban and al Qaeda as they fled toward Pakistan. It was only 18 months later, with the invasion of Iraq in 2003, that the U.S. began to inflict upon itself a degree of damage that no external power could have achieved. Even bin Laden must have been astounded. He had, it has been reported, hoped that the U.S. would be drawn into a ground war in Afghanistan, that graveyard to so many foreign armies. But Iraq! In the end, the war left 4,500 American soldiers dead and 32,000 wounded. It cost well in excess of a trillion dollars?every penny of which was borrowed money. Saddam was killed, it's true, and the world is a better place for it. What prior U.S. administrations understood, however, was Saddam's value as a regional counterweight to Iran. It is hard to look at Iraq today and find that the U.S. gained much for its sacrifices there. Nor, as we seek to untangle ourselves from Afghanistan, can U.S. achievements there be seen as much of a bargain for the price paid in blood and treasure. At home, the U.S. has constructed an antiterrorism enterprise so immense, so costly and so inexorably interwoven with the defense establishment, police and intelligence agencies, communications systems, and with social media, travel networks and their attendant security apparatus, that the idea of downsizing, let alone disbanding such a construct, is an exercise in futility. The Sunday TV talk shows this past weekend resonated with the rare sound of partisan agreement: The intercepted "chatter" between al Qaeda leader Ayman al Zawahiri and the leader of al Qaeda in the Arabian Peninsula was sufficiently ominous that few questions have been raised about the government's decision to close its embassies. It may be that an inadequate response to danger signals that resulted in the death of the U.S. ambassador in Benghazi last September contributed to an overreaction in the current instance. Clearly, it does not hurt, at a time when the intelligence community is charged with being overly intrusive in its harvesting of intelligence data, that we be presented with dramatic evidence of the program's effectiveness. Yet when all is said and done, al Qaeda?by most accounts decimated and battered by more than a decade of the worst damage that the world's most powerful nation can inflict?remains a serious enough threat that Washington ordered 19 of its embassies to pull up their drawbridges and take shelter for fear of what those terrorists still might do. Will terrorists kill innocent civilians in the years to come? Of course. They did so more than 100 years ago, when they were called anarchists?and a responsible nation-state must take reasonable measures to protect its citizens. But there is no way to completely eliminate terrorism. The challenge that confronts us is how we will live with that threat. We have created an economy of fear, an industry of fear, a national psychology of fear. Al Qaeda could never have achieved that on its own. We have inflicted it on ourselves. Over the coming years many more Americans will die in car crashes, of gunshot wounds inflicted by family members and by falling off ladders than from any attack by al Qaeda. There is always the nightmare of terrorists acquiring and using a weapon of mass destruction. But nothing would give our terrorist enemies greater satisfaction than that we focus obsessively on that remote possibility, and restrict our lives and liberties accordingly. ///// Mr. Koppel is a special correspondent for NBC News and news analyst for NPR. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 08:37:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 09:37:36 -0400 Subject: [Infowarrior] - DC, Maryland: Speed Camera Firms Move To Hide Evidence Message-ID: DC, Maryland: Speed Camera Firms Move To Hide Evidence http://www.thenewspaper.com/news/41/4167.asp Afraid of refunds, Washington, DC and Salisbury, Maryland conceal evidence that could reveal camera inaccuracy. The firms operating red light cameras and speed cameras in the District of Columbia and Maryland are working to suppress evidence that could be used to prove the innocence of a photo enforcement ticket recipient. In Washington, the Arizona-based vendor American Traffic Solutions has repositioned cameras and cropped photos so that it is impossible to determine whether another object or vehicle happens to be within the radar unit's field of view. The change is important since DC hearing adjudicators have been throwing out citations whenever another vehicle was visible, creating the possibility of a spurious radar reading (view ruling). The cropping also makes it extremely difficult to use pavement lines to perform a secondary check of the speed estimate provided by the radar. Lines painted on the road for this purpose are visible in one photo, but not the other (view first photo, view second photo). No video is provided to the vehicle owner. The District has also recently been installing next-generation speed cameras that use infrared light instead of a visible flash when photographing vehicles. This means drivers will have no way of knowing whether they will receive a ticket until weeks after the alleged violation. In Salisbury, Maryland, the city and its private speed camera contractor Brekford are working together to prevent the Maryland Drivers Alliance from confirming whether the photo enforcement program is in compliance with state law. There is good reason to believe it is not, as other towns that allow Brekford to issue tickets, including Greenbelt and Hagerstown, have been forced to refund illegally issued citations. At issue is whether Brekford's cameras were properly certified under Maryland Code Section 21-809, which requires testing on an annual basis by an independent lab. The law states that the results of such testing "shall be kept on file" along with a daily setup log. The Maryland-based motoring rights group simply asked for a copy of the file. The city and camera company now insist that the group must pay $535 to the speed camera contractor for the calibration certificates and logs that the municipality is required to keep on file. These are documents that the State Highway Administration makes freely available on its website. "In regards to this request, it is anticipated to take six total hours to gather and assemble the requested documents," Brekford wrote in a July 16 letter to the Salisbury police chief. "The first two hours will be provided without charge, however the addition four hours shall be charged at the rate of $75.00 per hour. An additional $235.00 will be charged for the copying and mailing services rendered in providing the requested information. Additionally, Brekford does not release or provide technical specifications on any of our camera systems." The city also delayed responding to the request for thirty days, which the motorist group says is one of many violations of the state's public records laws. The refusal to provide basic specifications regarding the camera's operation is also raising eyebrows. "Basically they are saying the public is just supposed to 'trust us' when Brekford says their equipment is of a sort which is reliable, since they are withholding all documents which describe the technology," said Ron Ely, the Maryland Drivers Alliance chairman. Source: Response to Mayland Public Information Request (Brekford, 7/16/2013) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 14:31:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 15:31:48 -0400 Subject: [Infowarrior] - Hollywood 'caught' giving identical scripts to Congress Message-ID: Dear Hollywood: Giving Identical Scripts To Congress Reveals That You're Feeding Them Talking Points from the gotta-keep-track-of-which-congress-person-is-shilling-for-hollywood-today... dept So we already covered last week's Congressional hearings concerning technology and copyright. As we noted, there was some really great testimony from a variety of individuals who are really working hard to provide great products and services that are enabling much greater creativity (often relying on fair use) and doing so without having to worry about strict intellectual property (in fact, often thriving by ignoring their own intellectual property entirely). Unfortunately, as was expected, some in Congress attacked the speakers using copyright maximalist talking points. At times you could just tell that the Representatives were reading points fed to them by entertainment industry lobbyists. It happens. But usually, they don't make it quite this obvious. That's because whoever fed the "Friends of Hollywood" Congressional Reps their questions last week forgot to make careful notes of who they gave which questions to... leading to a repeat. Congresswomen Judy Chu and Karen Bass both represent different parts of Los Angeles, so it's no surprise that they'd be there to carry water for the legacy entertainment industry. But,having both of them ask identical questions, word-for-word, one right after the other? That kinda reveals that they were fed that question, doesn't it? You can watch the full video here, or to make it easier, I've made a short YouTube video that shows the two questions back to back: < - > http://www.techdirt.com/articles/20130806/23560024090/dear-hollywood-giving-identical-scripts-to-congress-reveals-that-youre-feeding-them-talking-points.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 18:25:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 19:25:28 -0400 Subject: [Infowarrior] - Exclusive: IRS manual detailed DEA's use of hidden intel evidence Message-ID: <3A289685-6D45-433E-88CE-43D749E2C3D4@infowarrior.org> Exclusive: IRS manual detailed DEA's use of hidden intel evidence By John Shiffman and David Ingram http://uk.reuters.com/article/2013/08/07/uk-dea-irs-idUKBRE9761B620130807 WASHINGTON | Wed Aug 7, 2013 11:29pm BST (Reuters) - Details of a U.S. Drug Enforcement Administration program that feeds tips to federal agents and then instructs them to alter the investigative trail were published in a manual used by agents of the Internal Revenue Service for two years. The practice of recreating the investigative trail, highly criticized by former prosecutors and defence lawyers after Reuters reported it this week, is now under review by the Justice Department. Two high-profile Republicans have also raised questions about the procedure. A 350-word entry in the Internal Revenue Manual instructed agents of the U.S. tax agency to omit any reference to tips supplied by the DEA's Special Operations Division, especially from affidavits, court proceedings or investigative files. The entry was published and posted online in 2005 and 2006, and was removed in early 2007. The IRS is among two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency. An IRS spokesman had no comment on the entry or on why it was removed from the manual. Reuters recovered the previous editions from the archives of the Westlaw legal database, which is owned by Thomson Reuters Corp, the parent of this news agency. As Reuters reported Monday, the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden. Monday's Reuters report cited internal government documents that show that law enforcement agents have been trained to conceal how such investigations truly begin - to "recreate" the investigative trail to effectively cover up the original source of the information. DEA officials said the practice is legal and has been in near-daily use since the 1990s. They have said that its purpose is to protect sources and methods, not to withhold evidence. NEW DETAIL Defence attorneys and some former judges and prosecutors say that systematically hiding potential evidence from defendants violates the U.S. Constitution. According to documents and interviews, agents use a procedure they call "parallel construction" to recreate the investigative trail, stating in affidavits or in court, for example, that an investigation began with a traffic infraction rather than an SOD tip. The IRS document offers further detail on the parallel construction program. "Special Operations Division has the ability to collect, collate, analyze, evaluate, and disseminate information and intelligence derived from worldwide multi-agency sources, including classified projects," the IRS document says. "SOD converts extremely sensitive information into usable leads and tips which are then passed to the field offices for real-time enforcement activity against major international drug trafficking organizations." The 2005 IRS document focuses on SOD tips that are classified and notes that the Justice Department "closely guards the information provided by SOD with strict oversight." While the IRS document says that SOD information may only be used for drug investigations, DEA officials said the SOD role has recently expanded to organized crime and money laundering. According to the document, IRS agents are directed to use the tips to find new, "independent" evidence: "Usable information regarding these leads must be developed from such independent sources as investigative files, subscriber and toll requests, physical surveillance, wire intercepts, and confidential source information. Information obtained from SOD in response to a search or query request cannot be used directly in any investigation (i.e. cannot be used in affidavits, court proceedings or maintained in investigative files)." The IRS document makes no reference to SOD's sources of information, which include a large DEA telephone and Internet database. CONCERN IN CONGRESS House Intelligence Committee Chairman Mike Rogers, R-Michigan, expressed concern with the concept of parallel construction as a method to hide the origin of an investigation. His comments came on the Mike Huckabee Show radio program. "If they're recreating a trail, that's wrong and we're going to have to do something about it," said Rogers, a former FBI agent. "We're working with the DEA and intelligence organizations to try to find out exactly what that story is." Spokespeople for the DEA and the Department of Justice declined to comment. Sen. Rand Paul, R-Kentucky, a member of the Homeland Security and Government Affairs Committee, said he was troubled that DEA agents have been "trying to cover up a program that investigates Americans." "National security is one of government's most important functions. So is protecting individual liberty," Paul said. "If the Constitution still has any sway, a government that is constantly overreaching on security while completely neglecting liberty is in grave violation of our founding doctrine." Officials have stressed that the NSA and DEA telephone databases are distinct. The NSA database, disclosed by Snowden, includes data about every telephone call placed inside the United States. An NSA official said that database is not used for domestic criminal law enforcement. The DEA database, called DICE, consists largely of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. DICE includes about 1 billion records, and they are kept for about a year and then purged, DEA officials said. (Research by Hilary Shroyer of West, a Thomson Reuters business. Additional reporting by David Lawder. Edited by Michael Williams) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 18:28:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 19:28:06 -0400 Subject: [Infowarrior] - The Surveillance Reforms Obama Supported Before He Was President Message-ID: The Surveillance Reforms Obama Supported Before He Was President by Kara Brandeisky ProPublica, Aug. 7, 2013, 10:24 a.m. When the House of Representatives recently considered an amendment that would have dismantled the NSA?s bulk phone records collection program, the White House swiftly condemned the measure. But only five years ago, Sen. Barack Obama, D-Ill. was part of a group of legislators that supported substantial changes to NSA surveillance programs. Here are some of the proposals the president co-sponsored as a senator. < - > http://www.propublica.org/article/the-surveillance-reforms-obama-supported-before-he-was-president --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 7 18:29:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Aug 2013 19:29:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?Federal_judge=3A_Bitcoin=2C_=93a?= =?windows-1252?q?_currency=2C=94_can_be_regulated_under_American_law?= Message-ID: Federal judge: Bitcoin, ?a currency,? can be regulated under American law Bitcoin Savings and Trust's founder has been accused of running a Ponzi scheme. by Cyrus Farivar - Aug 7 2013, 12:55pm EDT In the case of a Texas man accused of massive Bitcoin-based fraud, a federal judge has ruled that bitcoins are ?a currency or form of money," and are therefore subject to relevant US laws. The case revolves around Bitcoin Savings and Trust (BTCST), a virtual Bitcoin-based hedge fund that many suspected of being a scam. BTCST shut down in August 2012, and the Securities and Exchange Commission (SEC) last month formally charged founder Trendon Shavers with running a Ponzi scheme. As we previously reported, the SEC has said Shavers ?raised at least 700,000 bitcoins in BTCST investments, which amounted to more than $4.5 million based on the average price of bitcoins in 2011 and 2012 when the investments were offered and sold.? Shavers did not immediately respond to our request for comment. < - > http://arstechnica.com/tech-policy/2013/08/federal-judge-bitcoin-a-currency-can-be-regulated-under-american-law/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 06:55:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 07:55:47 -0400 Subject: [Infowarrior] - =?windows-1252?q?New=2EDoD=2EPress=2EOffice=2EEma?= =?windows-1252?q?il=2EAddress=2Eis=2E_57=2ECharacters=2ELong_=85_Seriousl?= =?windows-1252?q?y?= Message-ID: <12B1C1EA-6A90-458B-B214-11D6A8DE5E11@infowarrior.org> (c/o DM) I guess more characters = better security? --rick New.DoD.Press.Office.Email.Address.is. 57.Characters.Long ? Seriously http://blogs.defensenews.com/intercepts/2013/08/new-dod-press-office-email-address-is-57-characters-seriously/ Want to get in touch with a DoD press officer after business hours? Get your pen ready to take down this 57-character email address. It?s seriously 57 characters. Coming from a building that loves to shorten basic two-word phrases to concise acronyms, the new email address is comical. We won?t print the whole thing here, but let?s just say it includes four dots and three dashes and that?s before the @ symbol. The former address was two simple words, DutyOfficer at osd.mil. The update is part of a DoD-wide migration to a new email system designed to be more secure and cheaper to operate. Based on this new address, they?re clearly not paying by the character. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 07:03:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 08:03:55 -0400 Subject: [Infowarrior] - Former TSA Head: TSA, change the airport security mindset Message-ID: <4AB25B4B-D0C1-4811-89A4-D11A552061D2@infowarrior.org> TSA, change the airport security mindset By Kip Hawley, Special to CNN updated 10:00 AM EDT, Tue August 6, 2013 http://www.cnn.com/2013/08/06/opinion/hawley-tsa/index.html Editor's note: Kip Hawley was head of the Transportation Security Administration from 2005 through 2009. He is the co-author of "Permanent Emergency: Inside the TSA and the Fight for the Future of American Security." (CNN) -- Airport transportation security officers are probably the least understood and most maligned of federal employees. Travelers hate them for taking away water bottles and making them take off their shoes. If a story is reported about them, it's along the lines of a little old lady getting groped. They are the victims of unflattering stereotypes that make easy targets for cheap laughs. Even President Barack Obama made a joke about pat-downs in a 2011 State of the Union address. And when the Government Accountability Office found increased Transportation Security Administration officer misconduct, it just ratcheted up their unpopularity. The report was jarring and disturbing -- rising numbers of absenteeism, theft and intentional security lapses. Obviously, these are red flags that can't be ignored. Unfortunately, instead of taking on the issue of stopping the misconduct, GAO's focus was on how TSA "could strengthen oversight of allegations of employee misconduct," the safe issues of process oversight, management of the accusations and data gathering versus digging into the controversial root causes of the actual misconduct. TSA's response was to assure us it fires those proven to have violated the public trust. In fact, it does. It will be tempting for TSA leaders to rally around solutions involving tougher discipline, deeper investigations and more thorough documentation. That would be exactly the wrong way to fix the real problem. In today's TSA, too many officers switch off their minds in favor of just finishing out the shift without rocking the boat. This may be the root cause of the GAO-identified misdeeds. TSA needs to have its officers switched-on and motivated. The security workforce comprises many who stepped up after 9/11 to stop terror attacks. My experience with transportation security officers is that they are overwhelmingly dedicated, sharp, willing and empathetic to passengers and their problems. Considering that the human brain is the most sophisticated technology on the planet and that the officers have experience with hundreds of thousands of passengers, the question would seem to be: "How do we get the most from this resource that we already pay and have on duty at checkpoints?" It is not through additional rules and a more robust disciplinary process. Security officers are in the best position to use their experience and training and detect a threat not covered in the Standard Operating Procedure. Al Qaeda knows the rules and designs its attacks to comply with it. To stop attacks, officers thinking on their own needs to be encouraged, not disciplined. Once officers are allowed to think for themselves, it opens the door for mistakes and criticism. But people can be taught the fundamentals of risk management, which provides a framework for making informed judgments. The risk strategy must be carefully thought out -- complexity theory, with its network orientation, is the best way to think about transportation security risk -- and risk management tools understood and applied. A nation with no airline security Armed with substantial intelligence resources, TSA's air marshals, inspectors and security officers need to be nimble in thinking about and applying the principles of risk management. But they also must be empowered to act. TSA needs to make these changes right now to take on the root causes of its public and security issues. It needs to clean up the mind numbing, overly complicated checkpoint "standard operating procedure," which no longer matches our security needs and allow officers to act. What needs to be changed: ? The intrusive pat-down needs to be discontinued in favor of a lighter technique supplemented with available technologies. ? The "prohibited items" list needs to be radically reduced to ban only real security threats such as explosives and toxins. As far as carrying knives, the FAA should make it a serious federal offense to intimidate a member of the flight crew or another passenger with a blade -- and then TSA can remove blades from the prohibited list. Blades represent virtually no threat to the aircraft at this point. And the baggie rule should be dropped. Current technology allows threat liquids to be detected when they are taken out of the carry-on and scanned in a bin. ? Passengers should be chosen randomly for shoes and coat inspections. Precheck programs for frequent fliers that expedite security screening should be applied to all travelers. ? Workers need to be retrained in risk management and encouraged to use their own judgment and experience, consulting with team members, to make prudent discretionary security calls. ? The pay-for-performance system for transportation security officers needs to be reinstated. When transportation security officers unionized, merit pay was replaced by the seniority system -- essentially, if officers follow the standard operating procedure, they get regular pay raises up till retirement regardless of how well they perform. ? We need to allow real private-sector innovation to compete and play a more meaningful role in security. Today, a fig leaf system is in place that calls itself "private sector" but is in reality just personnel outsourcing. These outsourced employees have to follow the TSA process exactly -- the only difference is that they get to charge an 8% markup on all their expenses. We need to get new ideas from outside the TSA that can be tested at our checkpoints. A clear risk management strategy along with these changes, taken together, would energize checkpoint activity, bring the public more on board, drive out the few bad apples, and improve security. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 07:03:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 08:03:56 -0400 Subject: [Infowarrior] - Terrorism experts: evacuating embassies is "crazy pants, " "absurd hyperbole" Message-ID: <743C4AB6-E22C-463A-90BC-41FDEDE061D5@infowarrior.org> Terrorism experts: evacuating embassies is "crazy pants," "absurd hyperbole" Cory Doctorow at 4:58 pm Wed, Aug 7, 2013 http://boingboing.net/2013/08/07/terrorism-experts-evacuating.html By an amazing coincidence, the worst terrorist attack that never happened since 9/11 is not happening right now, proving that everyone who was worried about out-of-control NSA spying had lost the plot. Which is ZOMGTERRISM. So 28 US diplomatic posts have been evacuated (that is to say, "experienced an ordered departure"), including ones in places like Mauritius or Madagascar, where al Qaeda has nefariously never operated as part of its devious plan to lure everyone there into a false sense of security. Well, some people are cynical and just don't believe it, despite all the overwhelming secret evidence that we're not allowed to see or know about or hear about or even have described to us. People like State Department counterterrorism advisor Will McCants, who called the evacuation of the diplomatic posts "Crazy Pants" ("you can quote me"). Loose cannons like Michael Leiter, former director of the National Counterterrorism Center, who called the terrifying and nonspecific warnings "absurd hyperbole that is coming almost entirely from reckless commentators or ill-informed or ill-spoken [Capitol] Hill folks...no one who really knows al Qaeda or its history thinks that this is as huge a deal as portrayed?and certainly nothing remotely close to the worst thing we have seen since 9/11." But what the hell does he know? "It's not completely random," said another expert of the administration's reaction, "but most people are, like, 'Whaaat?'" Other terms used to describe it in addition to "Whaaat?" and "crazy pants": "willy-nilly," "baffling," "tenuous," "head-scratching," and "who really knows, anyway?" White House spokesman Jay Carney wasn't helping any: "What we know is the threat emanates from, and may be focused on, occurring in the Arabian Peninsula," he said yesterday. "It could potentially be beyond that, or elsewhere. We cannot be more specific." So, just stay away from everywhere, thanks. But we have to do something, don't we, because isn't this "the most serious threat [Sen. Saxby Chambliss has] seen in the last several years," reminiscent of "what we saw before 9/11"? Actually, "[t]hat is absurd hyperbole that is coming almost entirely from reckless commentators or ill-informed or ill-spoken [Capitol] Hill folks," or so said Michael Leiter, but what does a former director of the National Counterterrorism Center know about counterterrorism? "I don't think this was purposeful hype," Leiter continued, "but no one who really knows al Qaeda or its history thinks that this is as huge a deal as portrayed?and certainly nothing remotely close to the worst thing we have seen since 9/11." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 07:54:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 08:54:18 -0400 Subject: [Infowarrior] - Unhappy With U.S. Foreign Policy? Pentagon Says You Might Be A 'High Threat' Message-ID: (c/o IP) Unhappy With U.S. Foreign Policy? Pentagon Says You Might Be A 'High Threat' Posted: 08/07/2013 11:36 am EDT | Updated: 08/07/2013 5:19 pm EDT http://www.huffingtonpost.com/2013/08/07/insider-threat-training_n_3714333.html A security training test created by a Defense Department agency warns federal workers that they should consider the hypothetical Indian-American woman a "high threat" because she frequently visits family abroad, has money troubles and "speaks openly of unhappiness with U.S. foreign policy." That slide, from the Defense Information Systems Agency (DISA), is a startling demonstration of the Obama administration's obsession with leakers and other "insider threats." One goal of its broader "Insider Threat" program is to stop the next Bradley Manning or Edward Snowden from spilling classified or sensitive information. But critics have charged that the Insider Threat program, as McClatchy first reported, treats leakers acting in the public interest as traitors -- and may not even accomplish its goal of preventing classified leaks. DISA's test, dubbed the "CyberAwareness Challenge," was produced in October 2012, a month before the Obama administration finalized its Insider Threat policy. The slide about Hema is included in a section of the training about "insider threats," which are defined by an accompanying guide as "threats from people who have access to the organization's information systems and may cause loss of physical inventory, data, and other security risks." Both Hema's travel abroad and her political dissatisfaction are treated as threat "indicators." Versions of the training for Defense Department and other federal employees are unclassified and available for anyone to play online. "Catch me if you can," the training dares. In a statement to The Huffington Post, Pentagon spokesman Lt. Col. Damien Pickart said, "DISA was sensitive to any civil liberty concerns that might arise from any portion of the curriculum, which is why it coordinated with 26 federal agencies to ensure the maximum amount of input was received before going live." "When considering personnel for a position of trust that requires a security clearance, there are many potential indicators that must be considered when evaluating for insider threat concerns," he explained. "The department takes these variables into consideration based on past examples of personnel who engaged in spying or treasonous acts." Several million people across the federal government have taken the training since it was released, Pickart said, and there has been only one complaint. He added that the next version of the security awareness training, to be released in October, is being updated so that its insider-threat test focuses more on behavior, "not personal characteristics or beliefs." Notably, the CyberAwareness Challenge is given to a wide range of federal employees whose roles have far less to do with security threats than that of a National Security Agency contractor like Snowden. The Department of Housing and Urban Development even requires its private business partners accessing a tenant rental assistance database to complete the training. The Defense Department version of the "CyberAwareness Challenge" shows a healthy familiarity with Manning's disclosures to WikiLeaks: In one training slide, the user is asked what to do when contacted by a reporter from "WikiSpills." Identifying "WikiSpills," even hypothetically, as a legitimate journalist organization is quite different from how military prosecutors have approached the real WikiLeaks in the trial of Manning. There the military has suggested that WikiLeaks founder Julian Assange took few steps to verify the leaks he received before publication and acted as a virtual co-conspirator with his source. Steven Aftergood, an expert on government secrecy at the Federation of American Scientists, said the DISA training slide was "ignorant and clumsy." "The item 'speaks openly of unhappiness with U.S. foreign policy' simply does not belong on the list," Aftergood wrote in an email to HuffPost. "It is not a threat indicator. It could apply to most members of Congress, if not to most Americans. By presenting the matter this way, the slide suggests that overt dissent is a security concern. That is an error." READERS: Have you taken this security awareness training or another "insider threat" test? The Huffington Post would like to hear from you. Email Matt Sledge at sledge at huffingtonpost.com, or call 347-927-9877. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 08:59:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 09:59:30 -0400 Subject: [Infowarrior] - China has a massive Windows XP problem Message-ID: <8AFBD01C-EBAC-41F7-9977-E0BC4E9329DA@infowarrior.org> China has a massive Windows XP problem By the time of XP's retirement in April, around 10% of all U.S. computers will be running the OS; in China, 65% of companies will do so Gregg Keizer August 7, 2013 (Computerworld) http://www.computerworld.com/s/article/9241429/China_has_a_massive_Windows_XP_problem The Chinese are going to have a very, very hard time kicking the Windows XP habit. The deadline for the retirement of Microsoft's most successful operating system ever is eight months from tomorrow: April 8, 2014. That's the day when the Redmond, Wash. company is to deliver the last XP security update. The problem is that a significant chunk of the world's PCs continue to run the aged OS, and with just months to go, a seemingly impossible task faces those users: Getting off the 12-year-old XP and onto something newer. According to analytics company Net Applications, 37.2% of the globe's personal computers ran Windows XP last month. If Microsoft's estimate of 1.4 billion Windows PCs worldwide is accurate, XP's share translates into nearly 570 million machines. But while much digital ink has been spilled on the impending deadline -- what one popular Windows blogger called a "coming Windows XP Apocalypse" on Tuesday -- the truth is that some countries have a bigger headache than others. In the U.S., for example, 16.4% of all personal computers ran Windows XP in July, or about one in six, Net Applications' data showed. But in China, where XP remains king, 72.1% of the country's computers relied on the soon-to-retire operating system last month, or nearly three out of every four systems. In any XP doomsday scenario, that means China is in a position four times more precarious than the U.S. And it will get worse for China, not better, as the remaining eight months flip off the calendar. If one assumes that recent trends in XP's decline continue, then its share in the U.S. will drop to between 9.1% and 11.1% by April 2014 (depending on whether the forecast is based on the last three months or the last six months, respectively). China, however, is in a tougher spot because while it's been shedding Windows XP at about the same clip as the U.S., the country's much larger current share puts it at a severe disadvantage. By April 2014, XP will still be on between 65.2% and 65.7% of its personal computers. Eight months from now, China's XP problem will be six or seven times bigger than the U.S.'s. The hand-wringing about XP's stubbornness, then, is largely overdone when talking about the U.S. But it's on target when it comes to cases like China's. Theories about the staying power of XP have been proposed by almost every industry analyst and blogging pundit. Some cited the operating system's longevity -- it's been proven and tested by a dozen years of use -- while others pointed out that businesses hold on to XP because of internal, custom or niche applications that would cost a fortune to upgrade, even if they were available on other platforms. And China often was singled out for its propensity for piracy and a resulting apathy toward patches in general. The share of China's personal computers running the aging Windows XP dwarfs that in the U.S. (Data: Net Applications.) Some people may never upgrade for the simple reason that their Windows XP PC is their last PC. When it dies, so does their interest in traditional personal computers. Instead, they'll just use their tablets all of the time rather than just part of the time. Migration experts have opined that the easy upgrades have been done, and what's left are the much more expensive ones. Many consumers simply can't comprehend why there are laggards at all, ignoring the economics of shifting hundreds, even thousands of systems from one OS to another. But the truth is that people are deserting Windows XP. In the U.S., XP's rate of decline over the last six months has been 60% higher than the global average. Over the last three months, it's been 116% higher. The majority have fled to Windows 7, which in July powered half of all personal computers in the U.S. Even China has been making strides, with XP reduction rates equal to, or in the case of its six-month average, greater than the U.S.'s. A quarter of the country's computers now run Windows 7, Net Applications estimated. But the large numbers of PCs destined to be running XP next April has prompted speculation -- in some cases, running back years -- that Microsoft will back down, perhaps at the last minute, and continue patching at least the worst vulnerabilities in Windows XP. That hope stems from the numbers. In the U.S., the 9% or 10% or 11% of all computers likely to be running XP next April represents millions: If the Computer Industry Almanac's 2012 estimate of 310 million in-place systems is used, XP will be on at least 28 million PCs when the retirement clock reaches midnight. Microsoft's given no hint that it will back down. Even as recently as last month, during its Worldwide Partner Conference, it touted the sales opportunities in helping customers ditch XP, claiming the migration was a potential windfall worth $32 billion. Most analysts have concluded that there's little use thinking Microsoft will blink. John Pescatore, at the time an analyst with Gartner, put it best in a December 2012 interview: "I think they have to draw a line in the sand," said Pescatore. "They've supported XP longer than anything else." Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer at computerworld.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 10:44:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 11:44:15 -0400 Subject: [Infowarrior] - NSA Said to Search Content of Messages to and From U.S. Message-ID: N.S.A. Said to Search Content of Messages to and From U.S. By CHARLIE SAVAGE Published: August 8, 2013 http://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html?ref=global-home WASHINGTON ? The National Security Agency is searching the contents of vast amounts of Americans? e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials. The N.S.A. is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, a practice that government officials have openly acknowledged. It is also casting a far wider net for people who cite information linked to those foreigners, like a little used e-mail address, according to a senior intelligence official. While it has long been known that the agency conducts extensive computer searches of data it vacuums up overseas, that it is systematically searching ? without warrants ? through the contents of Americans? communications that cross the border reveals more about the scale of its secret operations. It also adds another element to the unfolding debate, provoked by the disclosures of Edward J. Snowden, the former N.S.A. contractor, about whether the agency has infringed on Americans? privacy as it scoops up e-mails and phone data in its quest to ferret out foreign intelligence. Government officials say the cross-border surveillance was authorized by a 2008 law, the FISA Amendments Act, in which Congress approved eavesdropping on domestic soil without warrants as long as the ?target? was a noncitizen abroad. Voice communications are not included in that surveillance, the senior official said. Asked to comment, Judith A. Emmel, an N.S.A. spokeswoman, did not directly address surveillance of cross-border communications. But she said the agency?s activities were lawful and intended to gather intelligence not about Americans but about ?foreign powers and their agents, foreign organizations, foreign persons or international terrorists.? ?In carrying out its signals intelligence mission, N.S.A. collects only what it is explicitly authorized to collect,? she said. ?Moreover, the agency?s activities are deployed only in response to requirements for information to protect the country and its interests.? Hints of the surveillance appeared in a set of rules, leaked by Mr. Snowden, for how the N.S.A. may carry out the 2008 FISA law. One paragraph mentions that the agency ?seeks to acquire communications about the target that are not to or from the target.? The pages were posted online by the newspaper The Guardian on June 20, but the telltale paragraph, the only rule marked ?Top Secret? amid 18 pages of restrictions, went largely overlooked amid other disclosures. To conduct the surveillance, the N.S.A. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border. The senior intelligence official, who, like other former and current government officials, spoke on condition of anonymity because of the sensitivity of the topic, said the N.S.A. makes a ?clone of selected communication links? to gather the communications, but declined to specify details, like the volume of the data that passes through them. Computer scientists said that it would be difficult to systematically search the contents of the communications without first gathering nearly all cross-border text-based data; fiber-optic networks work by breaking messages into tiny packets that flow at the speed of light over different pathways to their shared destination, so they would need to be captured and reassembled. The official said that a computer searches the data for the identifying keywords or other ?selectors? and stores those that match so that human analysts could later examine them. The remaining communications, the official said, are deleted; the entire process takes ?a small number of seconds,? and the system has no ability to perform ?retrospective searching.? The official said the keyword and other terms were ?very precise? to minimize the number of innocent American communications that were flagged by the program. At the same time, the official acknowledged that there had been times when changes by telecommunications providers or in the technology had led to inadvertent overcollection. The N.S.A. monitors for these problems, fixes them and reports such incidents to its overseers in the government, the official said. The disclosure sheds additional light on statements intelligence officials have made recently, reassuring the public that they do not ?target? Americans for surveillance without warrants. At a House Intelligence Committee oversight hearing in June, for example, a lawmaker pressed the deputy director of the N.S.A., John Inglis, to say whether the agency listened to the phone calls or read the e-mails and text messages of American citizens. Mr. Inglis replied, ?We do not target the content of U.S. person communications without a specific warrant anywhere on the earth.? Timothy Edgar, a former intelligence official in the Bush and Obama administrations, said that the rule concerning collection ?about? a person targeted for surveillance rather than directed at that person had provoked significant internal discussion. ?There is an ambiguity in the law about what it means to ?target? someone,? Mr. Edgar, now a visiting professor at Brown, said. ?You can never intentionally target someone inside the United States. Those are the words we were looking at. We were most concerned about making sure the procedures only target communications that have one party outside the United States.? The rule they ended up writing, which was secretly approved by the Foreign Intelligence Surveillance Court, says that the N.S.A. must ensure that one of the participants in any conversation that is acquired when it is searching for conversations about a targeted foreigner must be outside the United States, so that the surveillance is technically directed at the foreign end. Americans? communications singled out for further analysis are handled in accordance with ?minimization? rules to protect privacy approved by the surveillance court. If private information is not relevant to understanding foreign intelligence, it is deleted; if it is relevant, the agency can retain it and disseminate it to other agencies, the rules show. While the paragraph hinting at the surveillance has attracted little attention, the American Civil Liberties Union did take note of the ?about the target? language in a June 21 post analyzing the larger set of rules, arguing that the language could be interpreted as allowing ?bulk? collection of international communications, including of those of Americans. Jameel Jaffer, a senior lawyer at the A.C.L.U., said Wednesday that such ?dragnet surveillance will be poisonous to the freedoms of inquiry and association? because people who know that their communications will be searched will change their behavior. ?They?ll hesitate before visiting controversial Web sites, discussing controversial topics or investigating politically sensitive questions,? Mr. Jaffer said. ?Individually, these hesitations might appear to be inconsequential, but the accumulation of them over time will change citizens? relationship to one another and to the government.? The senior intelligence official argued, however, that it would be inaccurate to portray the N.S.A. as engaging in ?bulk collection? of the contents of communications. ? ?Bulk collection? is when we collect and retain for some period of time that lets us do retrospective analysis,? the official said. ?In this case, we do not do that, so we do not consider this ?bulk collection.? ? Stewart Baker, a former general counsel for the N.S.A., said that such surveillance could be valuable in identifying previously unknown terrorists or spies inside the United States who unwittingly reveal themselves to the agency by discussing a foreign-intelligence ?indicator.? He cited a situation in which officials learn that Al Qaeda was planning to use a particular phone number on the day of an attack. ?If someone is sending that number out, chances are they are on the inside of the plot, and I want to find the people who are on the inside of the plot,? he said. The senior intelligence official said that the ?about the target? surveillance had been valuable, but said it was difficult to point to any particular terrorist plot that would have been carried out if the surveillance had not taken place. He said it was one tool among many used to assemble a ?mosaic? of information in such investigations. He also pointed out that the surveillance was used for other types of foreign-intelligence collection, not just terrorism, the official said. There has been no public disclosure of any ruling by the Foreign Intelligence Surveillance Court explaining its legal analysis of the 2008 FISA law and the Fourth Amendment as allowing ?about the target? searches of Americans? cross-border communications. But in 2009, the Justice Department?s Office of Legal Counsel signed off on a similar process for searching federal employees? communications without a warrant to make sure none contain malicious computer code. That opinion, by Steven G. Bradbury, who led the office in the Bush administration, may echo the still-secret legal analysis. He wrote that because that system, called EINSTEIN 2.0, scanned communications traffic ?only for particular malicious computer code? and there was no authorization to acquire the content for unrelated purposes, it ?imposes, at worst, a minimal burden upon legitimate privacy rights.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 16:17:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 17:17:01 -0400 Subject: [Infowarrior] - Snowden and Lavabit Message-ID: <48B5F264-B0F5-44AB-8F02-F5916BA678D6@infowarrior.org> Lavabit, email service Snowden reportedly used, abruptly shuts down Xeni Jardin at 12:05 pm Thu, Aug 8, 2013 http://boingboing.net/2013/08/08/lavabit-email-service-snowden.html Remember when word circulated that Edward Snowden was using Lavabit, an email service that purports to provide better privacy and security for users than popular web-based free services like Gmail? Lavabit's owner has shut down service, with a mysterious message posted on the lavabit.com home page today. Below, the full message: My Fellow Users, I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what?s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests. What?s going to happen now? We?ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company. This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States. Sincerely, Ladar Levison Owner and Operator, Lavabit LLC Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 8 18:07:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Aug 2013 19:07:35 -0400 Subject: [Infowarrior] - NSA cites case as success of phone data-collection program Message-ID: NSA cites case as success of phone data-collection program By Ellen Nakashima http://www.washingtonpost.com/world/national-security/nsa-cites-case-as-success-of-phone-data-collection-program/2013/08/08/fc915e5a-feda-11e2-96a8-d3b921c0924a_print.html He was a San Diego cab driver who fled Somalia as a teenager, winning asylum in the United States after he was wounded during fighting among warring tribes. Today, Basaaly Moalin, 36, is awaiting sentencing following his conviction on charges that he sent $8,500 to Somalia in support of the terrorist group al-Shabab. Moalin?s prosecution, barely noticed when the case was in court, has suddenly come to the fore of a national debate about U.S. surveillance. Under pressure from Congress, senior intelligence officials have offered it as their primary example of the unique value of a National Security Agency program that collects tens of millions of phone records from Americans. Officials have said that NSA surveillance tools have helped disrupt terrorist plots or identify suspects in 54 cases in the United States and overseas. In many of those cases, an agency program that targets the communication of foreigners, including e-mails, has proved critical. But the importance of the phone logs in disrupting those plots has been less clear ? and also far more controversial since it was revealed in June. Across a dozen years of records collection, critics say, the government has offered few instances in which the massive storehouse of Americans? records contained the first crucial lead that cracked a case ? and even those, they say, could have been obtained through a less intrusive method. ?There?s no reason why NSA needed to have its own database containing the phone records of millions of innocent Americans in order to get the information related to Moalin,? said Sen. Mark Udall (D-Colo.), a Senate Intelligence Committee member who has been pressing officials for evidence of the program?s effectiveness. ?It could have just as easily gone directly to the phone companies with an individualized court order.? U.S. officials say that the NSA?s programs often work in conjunction with one another ? and that taking away a critical ability such as the ?bulk collection? of phone records would undermine the agency?s effort to prevent terrorist attacks. ?You essentially have a range of tools at your disposal ? one or more of these tools might tip you to a plot, other [tools] might then give you an exposure as to what the nature of that plot is,? NSA Deputy Director John C. Inglis told a Senate panel last week. ?Finally, the exercise of multiple instruments of power, to include law enforcement power, ultimately completes the picture and allows you to interdict that plot.? The NSA collects its vast digital archive of phone records under a provision of the Foreign Intelligence Surveillance Act. U.S. officials emphasize that those logs do not contain the names of customers or content ? just ?metadata,? which includes phone numbers and the times and dates of calls. They note that they need a ?reasonable, articulable suspicion? that a number they wish to check in the database is linked to a foreign terrorist group. And they say that without having all the calls in one place and easily searchable with a keystroke, finding links to suspicious numbers would be tedious and time-consuming. Moalin?s lawyer said he is surprised that counterterrorism officials have cited his client?s case as a hallmark success. ?The notion that this case could be used to justify a mass collection of data is mind-boggling, considering it?s $8,500 that went to Somalia,? said Joshua Dratel, who denied that his client sent money to the terrorist group. Needle in a haystack It was a tip that put Moalin on the FBI?s radar in 2003. But when investigators found no link to terrorism, they closed the case. Then, in 2007, the NSA came up with a number in Somalia that it believed was linked to al-Shabab. It ran the number against its database. Inglis said officials had no idea whether the number had ties to any number in the United States. ?In order to find the needle that matched up against that number, we needed the haystack,? he said. The NSA found that the San Diego number had had ?indirect? contact with ?an extremist outside the United States,? FBI Deputy Director Sean Joyce told the Senate last week. The agency passed the number to the FBI, which used an administrative subpoena to identify it as Moalin?s. Then, according to court records, in late 2007, the bureau obtained a wiretap order and over the course of a year listened to Moalin?s conversations. About 2,000 calls were intercepted. Over several months in 2008, prosecutors say, Moalin arranged for the transfer of several thousand dollars to al-Shabab. They say he sent the money to a prominent al-Shabab military leader named Aden Hashi Ayro and other associates. In May 2008, Ayro was killed by a U.S. cruise missile strike. In 2009, an FBI field intelligence group assessed that Moalin?s support for al-Shabab was not ideological. Rather, according to an FBI document provided to his defense team, Moalin probably sent money to an al-Shabab leader out of ?tribal affiliation? and to ?promote his own status? with tribal elders. In 2010, three years after the bureau opened an investigation, it arrested Moalin as he was about to board a flight to Somalia to visit his wife and children. Prosecutors alleged that Moalin and some acquaintances were sending money to al-Shabab to finance attacks against the transitional government of Somalia and allied fighters from Ethi?o?pia, as well as civilians. In the calls, Moalin is heard speaking to a man called ?Sheikalow,? who prosecutors allege was Ayro, the al-Shabab commander. In one call, Sheikalow can be heard telling Moalin that it was ?time to finance the jihad.? Moalin?s defense attorneys argued that the voice was in fact that of a local police chief from Moalin?s home region, who sometimes goes by the name of Sheikalow. The police chief testified in a video deposition that he spoke with Moalin. The reference to jihad was about fighting the Ethiopians, not the West, Dratel said. He said the men were sending money to help build schools and orphanages. In February, a jury convicted Moalin and three acquaintances ? all Somali immigrants ? on conspiracy to provide material support to terrorism. Moalin faces up to life in prison. Identifying threats in U.S. U.S. officials argue that Moalin?s number probably would not have surfaced ? at least not in a timely fashion ? had it not been for the database. And they draw a parallel with the period before the attacks of Sept. 11, 2001. The NSA, targeting a safehouse in Yemen, intercepted seven calls from hijacker Khalid al-Mihdhar. But the NSA didn?t know where he was calling from. ?Lacking the originating phone number, NSA analysts concluded that al-Mihdhar was overseas,? the Justice Department said in recently declassified reports to Congress on the phone records program. ?In fact, al-Mihdhar was calling from San Diego,? the reports said. Had the intelligence community known where Mihdhar and a co-conspirator were and detained them, the ?simple fact of their detention could have derailed the plan,? the 9/11 Commission said. To close that gap, the government created the phone call database. The goal, the reports say, is to ?rapidly identify any terrorist threats emanating from within the United States.? The NSA could put together a more limited dataset by going to every phone company and asking for all the numbers that have been in contact with a target number. But that takes time, and if analysts want to examine secondary contacts, they would have to go back to the phone company, officials said. Such arguments do not persuade critics, even when the government asserts that the database helped break another case involving a co-conspirator in a plot to bomb the New York City subway system. ?In both cases,? Sen. Ron Wyden (D-Ore.) said recently on the Senate floor, ?the government had all the information it needed to go to the phone company and get an individual court order.? If time was of the essence, he said, a different court order or administrative subpoena would allow for an emergency request for the records. Wyden noted that both Moalin and the subway plot co-conspirator were arrested ?months or years after they were first identified? by mining the phone logs. The bottom line, said Rep. Adam Schiff (D-Calif.), a House Intelligence Committee member, is that even if the program is ?only occasionally successful, there?s still no justification that I can see for obtaining that amount of data in the first place.? Timothy H. Edgar, a former deputy privacy officer at the Office of the Director of National Intelligence, said that he had pushed for a middle ground solution that would let the phone companies hold the data and perform the link analysis. ?You wouldn?t have this problem of having this massive database in the hands of the government, where the government is saying, ?Trust us,? ? said Edgar, who is now at Brown University?s Watson Institute for International Affairs. Following the uproar about the NSA?s far-reaching collection of phone data, U.S. officials have said they are willing to discuss revisions. At the Senate hearing last week, Robert S. Litt, general counsel for the Office of the Director of National Intelligence, said the administration is open to seeing ?whether there are changes that can be made that are consistent with preserving the essence of the program, and yet provide greater public confidence.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 9 06:16:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Aug 2013 07:16:08 -0400 Subject: [Infowarrior] - SilentCircle shutters encrypted e-mail too In-Reply-To: <44ECC599-3910-478D-93C1-B5BEEED3969C@farber.net> References: <15053.19c179fd.3f35c5a3@aol.com> <44ECC599-3910-478D-93C1-B5BEEED3969C@farber.net> Message-ID: Silent Circle follows Lavabit in shuttering encrypted e-mail http://news.cnet.com/8301-13578_3-57597726-38/silent-circle-follows-lavabit-in-shuttering-encrypted-e-mail/?part=rss&subj=news&tag=title Silent Circle shuttered its encrypted e-mail service on Thursday, the second such closure in just a few hours in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy. Silent Circle, which makes software that encrypts phone calls and other communications, announced in a company blog post that it could "see the writing on the wall" and decided it best to shut down its Silent Mail feature. The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation. < - > http://news.cnet.com/8301-13578_3-57597726-38/silent-circle-follows-lavabit-in-shuttering-encrypted-e-mail/?part=rss&subj=news&tag=title --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 9 06:44:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Aug 2013 07:44:54 -0400 Subject: [Infowarrior] - TPB turns 10 tomorrow Message-ID: 8 August 2013 Last updated at 19:24 ET The Pirate Bay: BitTorrent site sails to its 10th birthday http://www.bbc.co.uk/news/technology-23587447?print=true This Saturday fans of The Pirate Bay file-sharing site are set to celebrate its 10th anniversary at a party in Stockholm sponsored by an energy drinks maker. The event - and the service's very survival - is an irritant to rights holders who have used the courts in the UK, Ireland, Malaysia and elsewhere to make internet service providers (ISPs) block access to TPB's domain. They want to make it as hard as possible for the public to find lists of torrents - pointers that tell a program where to locate fragments of a file on others' computers that can be downloaded and combined to form a whole. Earlier this week the UK's Industry Trust for Intellectual Property Awareness warned such pirate websites provided a gateway for children to access adult-rated material. Another lobby group - the Creative Coalition Campaign - has claimed they have cost jobs as well. "Criminal sites such as The Pirate Bay profit on the back of other people's work whilst reinvesting nothing into new content or contributing anything back into the legitimate economy," Christine Payne, chairwoman of the UK's Creative Coalition Campaign, told the BBC. "This poses a direct threat to growth and jobs and should not be celebrated or glorified." TPB might take issue with that. Among its pages is a section offering independent artists a chance to showcase their work. But the point remains, much of its traffic comes from visitors looking for free downloads of copyrighted content. The main thepiratebay.sx domain is currently ranked the net's 95th most visited, according to Amazon's analytics division, Alexa. That figure does not account for the fact people are also accessing the service through proxy sites and other means to overcome bans, suggesting its true rank is higher. To mark TPB's anniversary the BBC asked for a series of views about what its legacy is and where it goes from here. Tobias Andersson, The Pirate Bay co-founder Ten internet years is like 100 human years. Just like very few of us get to live that long, very few internet sites get to see such a lifetime. Despite being run by only a handful of nerds and bullied by governments worldwide and despite death threats from thugs of the entertainment industries, The Pirate Bay has sailed on. When we started, we never thought our little anarchist/hacker experiment would explode like it did - that hundreds of millions of users would visit every month, that 40% of the entire internet's traffic would be generated by our trackers or that foreign governments would threaten to blacklist Sweden at the World Trade Organization unless it "handled" the pirate problem. One can learn a lot from these 10 years, but what's most interesting is what's coming. The 3D-printing revolution hits us any minute - and the sharing of things. Suddenly, not only music and movie industries will feel threatened, but clothing, weapon and car industries as well - along with nations that depend on them. Everything will change and it'll be fast. This is partly why I believe that The Pirate Bay should quit after its 10th birthday - to force the world into creating something newer and better, not relying on people sacrificing themselves for "the cause" or on sites being chased from domain to domain. Future copy-fights will no longer be about sharing a tune or a movie, but ultimately about defining who will have the right to produce and if ideas are to be owned and sold or commonly shared. Everyone will be affected by these fights and too much will be at stake. We need something new. Chris Marcich, Motion Picture Association Although The Pirate Bay remains one of the most notorious BitTorrent file-sharing websites, the recent court rulings in a number of European countries have had an impact on the overall traffic to the site. Yet, it continues to operate and facilitate infringement of copyright. If we are to ensure that people have the continued ability to create new ideas and be rewarded for their creation, the status quo of online content theft cannot continue. Protecting the rule of law online is not censorship and the enforcement of copyright has not impeded the growth of the internet. A common misconception is that those who created the site did so because they were fighting for a greater cause. The reality is that these are individuals who have chosen to profit illegally from the hard work and the creativity of the millions of people involved in the creation and distribution of movies and TV shows. We tend to forget that in addition to harming the creative community, mass dissemination of infringing content on the internet also has a negative impact on consumers who are concerned about their privacy and safe internet use and rightly expect to view shows and movies online through safe and legitimate outlets. The internet continues to be a revolutionary communications tool and as consumers demand premium content sooner and across multiple devices, the film industry is responding by increasing the choice of legitimate avenues to watch films and TV shows. We want an internet that works for everyone, that is a place for investment, innovation and creativity. Bendert Zevenbergen, Oxford Internet Institute Over the last 10 years, The Pirate Bay has shaken up the cultural and creative world and has forced it wake up to demands of the modern consumer. The website filled a gigantic gap, which was left wide open by the established industry - access to cultural and creative works via the internet. The Pirate Bay users are people who grew up with the internet and those who use it extensively as part of their life. They understand the complexity and the dynamics of this new information environment, and also the huge potential it offers for the cultural and creative industries. When their demand to access music and films on their digital devices was not met, they found their own way, often via The Pirate Bay. Current policy makers and judges are often not frequent internet users themselves and therefore don't understand that the complexity and dynamics of the net make services such as The Pirate Bay resilient to simple traditional legal enforcement measures. Extensive legal conflicts, seizures and restrictive internet policies have made The Pirate Bay one of the most well known services of its type today, while these measures are having negative consequences for the internet as a whole. The digital consumer is now rejoicing at the chance to access to global libraries of music and films through paid-for subscription services such as Spotify and Netflix. We have The Pirate Bay to thank for waking up the cultural world to the opportunities for digital music and films distribution, not restrictive but futile copyright enforcement measures. Ernesto van der Sar, Torrentfreak The Pirate Bay is exemplary of how a small group of rather disorganised individuals can have an enormous impact on several multi-billion pound industries. The site is certainly not the first to facilitate unregulated sharing of information among the public, but it is much more resilient than their predecessors. The fact that the site is still around today, despite numerous lawsuits, is fascinating and shows how large the power of a few can be. I believe that The Pirate Bay has set an example for others who have challenged the establishment by opening up information via the internet, including Wikileaks, Anonymous and to a certain degree Edward Snowden. The power, reach and influence of these small groups or individuals is enormous, and was unthinkable a decade ago. Without opening up the discussion about the potential harm The Pirate Bay may have inflicted on the entertainment industries, I believe that its existence has motivated and sped up the development of many new legal alternatives. Through The Pirate Bay, consumers have greater control and as a result many have sent signals to the movie and music industries that legal alternatives are lacking or simply unavailable. For example, when The Pirate Bay was founded many UK citizens used it to download MP3s because the iTunes store and other legal alternatives did not yet exist, and unlimited streaming services such as Spotify were still a mere speck on the horizon. While it may be impossible to defeat piracy entirely, the challenge for copyright holders is to make The Pirate Bay obsolete with superior products and services. Peter Bradwell, Open Rights Group The Pirate Bay saga is certainly a long, drawn out affair. Despite being the target of sustained enforcement action, with various court decisions against the site and its founders, The Pirate Bay hasn't gone away. It is not clear that enforcement has had much of an impact on it's popularity. One of the important lessons to take from this story is about how website blocking powers are used. We're no fans of website blocking. It is mostly pointless and dangerous. But it is possible for copyright owners to seek an injunction forcing ISPs to try to block access to websites for copyright infringement. UK ISPs were ordered to try to block access to the Pirate Bay last year. We've been trying to engage with this court process but have found it extremely difficult. It is not transparent enough and so far has only involved ISPs and copyright trade associations. This matters because blocking affects other rights such as freedom of expression and privacy. Currently the orders, containing detail such as the lists of blocked URLs [web addresses], are effectively secret and there seems to be no clear process to review or correct mistakes. To be clear, we do not think people have a right to access free stuff. We care about who decides what we are all allowed to look at or distribute online. That is a significant power. It should be exercised in an accountable and transparent way via rigorous due process. Mistakes or abuses of that power can easily lead to sites wrongly being subjected to enforcement action. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 9 15:15:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Aug 2013 16:15:43 -0400 Subject: [Infowarrior] - POTUS outlines 4 'reforms' to regain public trust in surveillance Message-ID: <54F4C018-F138-4B4C-8E5E-C3C314F09AFD@infowarrior.org> (Note: Rick initial comments in brackets in the text below. Full transcript is at the URL at the bottom of this message) TRANSCRIPT: President Obama?s August 9, 2013, news conference at the White House By Washington Post Staff < - > In other words, it?s not enough for me, as president, to have confidence in these programs. The American people need to have confidence in them as well. And that?s why over the last few weeks I?ve consulted members of Congress, who come at this issue from many different perspectives. I?ve asked the Privacy and Civil Liberties Oversight Board to review where our counterterrorism efforts and our values come into tension. And I directed my national security team to be more transparent and to pursue reforms of our laws and practices. And so today I?d like to discuss four specific steps, not all- inclusive, but some specific steps that we?re going to be taking very shortly to move the debate forward. [Rick Note: The PCLOB was pretty dormant until recently. Wonder why?] First, I will work with Congress to pursue appropriate reforms to Section 215 of the Patriot Act, the program that collects telephone records. As I?ve said, this program is an important tool in our effort to disrupt terrorist plots, and it does not allow the government to listen to any phone calls without a warrant. But given the scale of this program, I understand the concerns of those who would worry that it could be subject to abuse. So after having a dialogue with members of Congress and civil libertarians, I believe that there are steps we can take to give the American people additional confidence that there are additional safeguards against abuse. For instance, we can take steps to put in place greater oversight, greater transparency and constraints on the use of this authority. So I look forward to working with Congress to meet those objectives. [Rick Note: Really? Really? (sorry, had to be snarky for a second.) Second, I?ll work with Congress to improve the public?s confidence in the oversight conducted by the Foreign Intelligence Surveillance Court, known as the FISC. The FISC was created by Congress to provide judicial review of certain intelligence activities so that a federal judge must find that our actions are consistent with the Constitution. However, to build greater confidence, I think we should consider some additional changes to the FISC. One of the concerns that people raise is that a judge reviewing a request from the government to conduct programmatic surveillance only hears one side of the story, may tilt it too far in favor of security, may not pay enough attention to liberty. And while I?ve got confidence in the court and I think they?ve done a fine job, I think we can provide greater assurances that the court is looking at these issues from both perspectives -- security and privacy. So specifically, we can take steps to make sure civil liberties concerns have an independent voice, in appropriate cases, by ensuring that the government?s position is challenged by an adversary. [Rick Note: "in appropriate cases" leaves plenty of wiggle room. And if they're cleared to access the FISC, how will this public advocate be able to tell the public if/when there are transgressions or abuses w/o violating their secrecy oath?] Number three, we can and must be more transparent. So I?ve directed the intelligence community to make public as much information about these programs as possible. We?ve already declassified unprecedented information about the NSA, but we can go further. So at my direction, the Department of Justice will make public the legal rationale for the government?s collection activities under Section 215 of the Patriot Act. [Rick Note: What they declassified was still heavily redacted. When the leaker's information is more useful for public debate than what's officially released, problems of trust and having a "complete understanding" remain.] The NSA is taking steps to put in place a full-time civil liberties and privacy officer and release information that details its mission, authorities and oversight. And finally, the intelligence community is creating a website that will serve as a hub for further transparency. And this will give Americans and the world the ability to learn more about what our intelligence community does and what it doesn?t do, how it carries out its mission and why it does so. [Rick Note: Having the IC set up a hub for meaningful public transparency? Clearly the Administration is not without a sense of humour. I'm reminded of Sir Humphrey's great quote on government transparency efforts: "we should always tell the public everything they can find out from other sources."] Fourth, we?re forming a high level group of outside experts to review our entire intelligence and communications technologies. We need new thinking for a new era. We now have to unravel terrorist plots by finding a needle in a haystack of global telecommunications, and meanwhile technology has given governments, including our own, unprecedented capability to monitor communications. [Rick Note: If it's the same group of tech execs who met with POTUS yesterday to discuss surveillance stuff, that meeting was held in secret and its discussions were not disclosed. Also, it doesn't change the completely risk-averse culture permeating Washington's mindset that feels it must try and stop anything bad from happening anywhere at anytime, and thus initiated these programs to begin with.] So I?m tasking this independent group to step back and review our capabilities, particularly our surveillance technologies, and they?ll consider how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy, particularly in an age when more and more information is becoming public. And they will provide an interim report in 60 days and a final report by the end of this year, so that we can move forward with a better understanding of how these programs impact our security, our privacy and our foreign policy. [Rick Note: "Forming a committee and 'writing a report' is always something governments do during times of crisis. The key is what will happen after the report is submitted. Will it be public? Will it be redacted? Will it lead to any meaningful changes? Sounds good, but the devil is in the details.] So all these steps are designed to ensure that the American people can trust that our efforts are in line with our interests and our values. <- > http://www.washingtonpost.com/politics/transcript-president-obamas-august-9-2013-news-conference-at-the-white-house/2013/08/09/5a6c21e8-011c-11e3-9a3e-916de805f65d_print.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 9 15:17:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Aug 2013 16:17:15 -0400 Subject: [Infowarrior] - WH white paper on NSA surveillance oversight Message-ID: <40C4D890-656A-4B86-B003-087355084B54@infowarrior.org> Obama administration white paper on NSA surveillance oversight http://www.scribd.com/document_downloads/159211491?extension=pdf&from=embed&source=embed --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 9 15:19:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Aug 2013 16:19:36 -0400 Subject: [Infowarrior] - The free Web program that got Bradley Manning convicted of computer fraud Message-ID: c/o AJR) The free Web program that got Bradley Manning convicted of computer fraud By Max Fisher, Updated: July 30, 2013 http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/30/the-free-web-program-that-got-bradley-manning-convicted-of-computer-fraud/?print=1 One of the charges for which a military court found Army Pfc. Bradley Manning guilty on Tuesday is computer fraud, which carries a maximum sentence of 10 years. But the nature of that conviction might surprise people who haven?t been following the case closely: it all comes down to a simple little Web program that dates back to 1996. Wget is a free, open-source program so basic that it can be run from the Web or from a file that?s about half the size of an MP3 file. What it does is so simple that most Web users today wouldn?t even realize this could require a separate program: It downloads files. It doesn?t break into password-protected servers, secretly transmit data or steal the latest Kanye West album. The program?s name is a combination of ?World Wide Web? and ?get,? as in you use it to get files from the Internet. Its function is roughly equivalent to right-clicking something on your Web browser and then hitting ?save to desktop.? Investigators found that, when Manning downloaded vast numbers of U.S. diplomatic cables and other files from the computer network he regularly accessed for his Army intelligence job, he?d used wget to do it. This doesn?t mean he used wget to hack into the system ? Manning already had access to the files. It means that he used this tool to download the files more efficiently. Illegally taking and distributing the files are covered under separate charges. How does using wget qualify as computer fraud? U.S. prosecutors pointed out that wget was not on the list of ?approved? programs for use in facility where Manning worked. They argued that, although Manning was allowed to access the files, using an unauthorized program to do it amounted to a digital ?trespass? and thus computer fraud. They also used the fact that wget was not permitted on Manning?s computer as further evidence that using it amounted to illegal computer access. The defense tried to get this charge dismissed two weeks ago, noting that Manning hadn?t stolen passwords or bypassed digital firewalls to access the documents and thus had not committed computer fraud. The judge, Col. Denise Lind, declined to throw out the charge. That Manning was convicted of computer fraud seems to suggest that using wget on a U.S. government computer to download large numbers of files can be considered the digital equivalent of trespassing ? even if it?s on turf you?re otherwise allowed to access. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 9 21:00:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Aug 2013 22:00:53 -0400 Subject: [Infowarrior] - DOJ: There's No Expectation Of Privacy In Your Phone Records Because People Don't Like Terrorists Message-ID: <7C38DFA2-914C-4D10-8842-4488C08B14B1@infowarrior.org> DOJ: There's No Expectation Of Privacy In Your Phone Records Because People Don't Like Terrorists http://www.techdirt.com/articles/20130809/16320324131/doj-theres-no-expectation-privacy-your-phone-records-because-people-dont-like-terrorists.shtml Following our post on the NSA's document defending its surveillance programs, let's look more closely at the Justice Department's "white paper" explaining the legal rationale for scooping up all of the metadata on every phone call under Section 215 of the Patriot Act, also known as the "business records" or "tangible things" section. This document just focuses on that one program, rather than the many other programs, and within its 23 pages there are so many ridiculous things. I'm sure we'll come back to many of them in future posts. After going through it a few times, it seems abundantly clear that this was a rush job by the administration to defend this particular program, without realizing just how ridiculous many of its claims are. As Julian Sanchez has noted, the arguments made in this document appear to contradict the DOJ's actions in dozens of ways, and basically invalidates a ton of previous arguments concerning other surveillance programs. And, worse, it more or less opens the door for massive surveillance on a variety of other things. Again from Sanchez, the argument in this paper could easily apply to having a local prosecutor subpoena all city phone records looking for drug dealing. Because safety! Let's pick out just a few of the more inane arguments, starting with that first one highlighted above. As we've seen in the past, the DOJ makes a long and incredibly misleading argument about why your phone records aren't private under Smith v. Maryland, but then it goes further to argue that even if a court were to say that Smith v. Maryland and the third party doctrine didn't apply here, that's okay, because the searches are "reasonable" because people want to be protected from terrorists. < - > And this is the other shocker. To translate, this is saying "because Congress did not explicitly tell us to stop collecting all data, we take that as implicit permission to collect all data." As for that claim that this information was "made available to all Members of Congress," that too is misleading, evidence by approximately half of Congress admitting they had no clue about this at all. Also, "made available" is incredibly different from "clearly informed and explained to Congress what we were doing." Basically, they gave this info to the Intelligence Committee, who then sought to obfuscate it and play down any concerns. While others in Congress could ask to see the details (though, sometimes those requests are denied), they're often not allowed to bring in staff who might understand the details, nor are they allowed to make copies or take notes. These members are shown documents that may not be clear and which they might not understand. That's not fully informing them. And the resulting decision not to directly block that program is laughable because many in Congress flat out lied about these programs (or were totally misinformed). To take that as "approval" of these programs takes incredible hubris. < - > Honestly, this document is a mess. It's clearly a whitewash job done to cover up the fact that this program is a massive intrusion on privacy and almost certainly both illegal and unconstitutional. Coming up with after-the-fact legal justifications for it just shows how desperate the administration is getting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 10 10:54:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Aug 2013 11:54:31 -0400 Subject: [Infowarrior] - Lavabit's closure marks the death of secure cloud computing in the US Message-ID: <3CD6F100-6A29-4475-866B-E7DB504ED828@infowarrior.org> Lavabit's closure marks the death of secure cloud computing in the US Once Edward Snowden's use of the email service was public, it was perhaps a given that Lavabit would be targeted by the US ? Alex Hern ? theguardian.com, Saturday 10 August 2013 05.00 EDT http://www.theguardian.com/commentisfree/2013/aug/10/lavabit-closure-cloud-computing-edward-snowden 'It is not surprising that Edward Snowden would use a service designed for keeping messages out of prying hands.' Photograph: Kacper Pempel/Reuters On Thursday afternoon, Ladar Levison, the owner and operator of Lavabit, an email service that prides itself on privacy and security, abruptly closed his website, posting a short message to his former users. "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit," he wrote. "After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot." Levison might be gagged by the law, but it's not hard to guess at least part of the reason why his site is having legal troubles. In early July, journalists and human rights activists received an email from edsnowden at lavabit.com, inviting them to a press conference in Moscow's Sheremetyevo airport. Given the NSA leaker's understandable desire for security, it is not surprising that Edward Snowden would use a service designed for keeping messages out of prying hands. But knowing the American government's desire to go to extraordinary lengths (such as grounding the Bolivian president's plane) necessary to recapture him, it was perhaps a given that Lavabit would be a target once Snowden's use of the service was public. Assuming the former infrastructure analyst's justified paranoia was put to good use, even a fully co-operative Lavabit wouldn't be able to provide the US government with much help. One of the site's biggest selling points against more popular email services such as Gmail is its full support for public-key encryption. This is a form of encryption which uses two numerical "keys" to encode a message. One, the public key, is given out freely. Anyone wanting to send a message to Snowden would know his public key, encrypt the message with it, and send the now-garbled text. Snowden would then use his private key to decrypt it. This practice is also known as "asymmetric encryption", because of the most important factor in it: the public key cannot be used to decrypt the messages it has encrypted. Only the private key can do that. And, while the technological details are far too complex to get in to here (it's basically magic maths, involving extremely large prime numbers), based on everything we know about the intelligence services, even they can't break that sort of encryption. If they don't have the key, they don't have the data. Unfortunately, as we know from the Verizon leaks that started this whole thing off, you can find out a huge amount about people without ever looking at their actual data. The metadata they leave behind ? data about their data ? is just as valuable. In Lavabit's case, that almost certainly includes who Snowden has been emailing, and when. Depending on how much data the site stores, and how careful Snowden was when accessing it (he may have taken measures such as accessing the site through anonymisers like Tor, which would limit the damage), they could have details such as when he checked his inbox, what IP address he was checking from, and which browser he was using. Levison promises he will fight "for the constitution" in the courts, but the odds are stacked against him. Bigger companies with better legal resources than Lavabit have been forced to submit to the national security apparatus. Eventually any metadata the site does hold is likely to end up in the hands of the government. It's not hard to sense the desperation in Levison's voice when he writes that "without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States", but it's also admirable honesty. From a security point of view, cloud computing in the US is dead on its feet. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 10 10:54:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Aug 2013 11:54:36 -0400 Subject: [Infowarrior] - Snowden's Asylum: 'It's the law, stupid' Message-ID: Snowden's Asylum: 'It's the law, stupid' http://www.aljazeera.com/indepth/opinion/2013/08/2013841016657318.html It should be made clear that Russia has no legal, political or moral duty to turn Snowden over to American authorities. Last Modified: 08 Aug 2013 14:15 Richard Falk Richard Falk is Albert G. Milbank Professor Emeritus of International Law at Princeton University and Visiting Distinguished Professor in Global and International Studies at the University of California, Santa Barbara. He is also the United Nations Special Rapporteur on Palestinian human rights. Russia's grant of temporary refugee status to Snowden for one year was in full accord with the normal level of protection to be given to anyone accused of nonviolent political crimes in a foreign country, writes Richard Falk [AP] The most influential media in the United States has lived up to its pro-government bias in the Snowden Affair in three major ways: firstly, by consistently referring to Snowden by the demeaning designation of 'leaker' rather than as 'whistleblower' or 'surveillance dissident,' both more respectful and accurate. Secondly, they are completely ignoring the degree to which Russia's grant of temporary refugee status to Snowden for one year was in full accord with the normal level of protection to be given to anyone accused of nonviolent political crimes in a foreign country, and pursued diplomatically and legally by the government that is seeking to indict and prosecute. In effect, for Russia to have turned Snowden over to the United States under these conditions would have been morally and politically scandalous considering the nature of his alleged crimes. Thirdly, the media's refusal to point out that espionage, the main accusation against Snowden, is the quintessential 'political offense' in international law, and as such is routinely excluded from any list of extraditable offenses. That is, even if there had been an extradition treaty between the United States and Russia, it should have been made clear that there was no legal duty on Russia's part to turn Snowden over to American authorities for criminal prosecution, and a moral and political duty not to do so, especially in the circumstances surrounding the controversy over Snowden. If these elements had been clearly articulated, the United States government would have seemed ridiculous if it complained about the willingness of some foreign governments to give Snowden asylum. The Obama administration, and senate hot heads could bemoan Snowden's unavailability for prosecution to their heart's content, but it would be then seen for what it is: a petulant empire exhibiting its rage and anger because it's hard power global presence is of no use, and its policy options are constrained by the rule of law. Under these conditions to be threatening foreign countries with adverse diplomatic consequences if they refuse to play ball is not only exhibiting a child's frustration, but it is self-defeating. If properly presented, those countries that offered asylum or refused Washington's demand for the transfer of Snowden to American custody did the only decent thing. What should be surprising is that more governments were not forthcoming, leaving it to such small countries as Bolivia, Venezuela, and Nicaragua to withstand the strong arm tactics of the United States, perhaps signaling a welcome new resolve throughout Latin America to no longer accept a regional identity of being the backyard of the colossus of the North. If anything, President Vladimir Putin, considering the nature of the Snowden disclosures about the global reach of American surveillance systems, acted with exceptional deference to the sensitivities of the United States. Instead of merely pointing out that Snowden could not be transferred to the United States against his will, Putin went out of his way to say that he did not want the incident to harm relations with the United States, and even went so far as to condition Snowden's asylum on an unusual pledge that he refrain from any further release of documents damaging to American interests. Such a constructive approach to a delicate situation hardly merits the hyperbolic aggressive words of the supposedly liberal Democratic senator from New York, Charles Schumer: "Russia has stabbed us in the back?Each day that Mr. Snowden is allowed to roam free is another turn of the knife". We should ask these deeply aggrieved senators for honest answers, including John McCain and Lindsey Graham never ones to shy away from a good fight, what they would have done had a comparable Russian whistleblower revealed a Russian surveillance system that was listening in on secret government deliberations in Washington as well as invading the privacy of ordinary Americans. The righteous indignation surrounding such revelations and the gratitude that would be bestowed on a Russian Snowden would know no bounds. Washington seems to be casting around for tangible ways to express its displeasure with Russia. The American presidential press secretary, Jay Carney, talks of 'extreme disappointment' leading to the possible cancellation of the Obama/Putin summit scheduled for September where such issues as Syria, reduction of nuclear arsenals, and Iran would be on the agenda. Senators John McCain and Lindsey Graham, reminiscent of Cold War days, issued an inflammatory joint statement urging the United States to view Russia through an optic of conflict. It impetuously proposed reacting to Snowden's asylum by beefing up the commitment to deploy missile defense systems in Europe and expanding NATO in ways that the Kremlin would find antagonistic. Of course, Putin's new identity as 'human rights defender' lacks any principled credibility given his approach to political dissent in Russia, but that does not diminish the basic correctness of his response to Snowden. There is a certain obtuseness in the American diplomatic shrillness in this instance. Snowden's acts of espionage are pure political offense. Beyond this, the nature of what was disclosed revealed sustained threats to the confidentiality of government communications throughout the world. If anything, rather than being intimidated by American inappropriate demands, the more natural and healthier international response would have been to cry 'foul play!' If the world were composed of equal sovereign states and a global rule of law existed, the United States would have meekly apologised and, at the very least, promised to refrain from such behaviour in the future. Snowden would have been chastised for breaking American law, but commended for bringing to the surface some ugly encroachments on freedom and constitutional order, including within America, that shows how dangerous it is to leave the balancing of security and civil liberties to the good faith and judgment of bureaucrats and politicians. It is a sad moment of truth that reveals much about alignments and sensibilities. Some prominent public commentators in the United States, such as the former head of the CIA, Robert Gates, and Jeffrey Toobin, CNN's talking head on legal issues, fall into line with the established order by affirming how much more they trust anonymous dedicated public servants in government than a dissident figure like Edward Snowden who takes it upon himself to decide what the public needs to know. As with Julian Assange and Bradley Manning, the litmus test is not on such a level of abstraction, but with respect to the concreteness of ascertaining whether what was revealed were the kind of dirty secrets that should be known in a democratic society. It would seem that a genuinely democratic government would not wish that the commission of war crimes and invasions of the privacy of citizens were kept secret, and beyond procedures of accountability. In the age of digital wonders, more than ever we are dependent upon the vigilance of citizens of conscience to protect us against Orwellian scenarios of those many wannabe Darth Vaders lurking in the murky depths of the governmental bureaucracy in Washington. It is such individuals that have repeatedly taken the United States to the dark side in places like Guantanamo, Abu Ghraib, and Bagram Air Force Base, as well as arranging those infamous 'black sites' and devising depraved procedures such as 'extreme rendition' to ensure that a suspect will be duly tortured with no consequences if it turns out that he is innocent. We, as citizens of the world, should be thankful for the sacrifices made individuals such as Julian Assange, Bradley Manning, and Edward Snowden, surely deserving heroes of our time! And if we are ever to achieve legitimate government, then even our elected leaders and representatives would be grateful for such a check on the abuses of government. Richard Falk is Albert G. Milbank Professor Emeritus of International Law at Princeton University and Visiting Distinguished Professor in Global and International Studies at the University of California, Santa Barbara. He is also the United Nations Special Rapporteur on Palestinian human rights. The views expressed in this article are the author's own and do not necessarily reflect Al Jazeera's editorial policy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 07:19:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 08:19:45 -0400 Subject: [Infowarrior] - must read: Phil Zimmerman on the surveillance society Message-ID: <1367B80A-948C-41DB-9F20-E87DE09F6D2D@infowarrior.org> Phil Zimmermann, creator of PGP, in a wide-ranging interview talks about the corrupting nature of big data, the end of privacy and the rise of the surveillance society. He also shared his thoughts on Moore?s Law and its marriage to public policy, and why Silent Circle shutdown its email-service. http://gigaom.com/2013/08/11/zimmermanns-law-pgp-inventor-and-silent-circle-co-founder-phil-zimmermann-on-the-surveillance-society/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 07:20:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 08:20:43 -0400 Subject: [Infowarrior] - Republicans Warn Against NSA Changes Message-ID: <9BE8A77A-0490-4C04-AEE0-2A387AF97AFC@infowarrior.org> (surprise, surprise. Same old fear-based rationales. ---rick) Republicans Warn Against NSA Changes By Janet Hook and Sarah Portlock http://blogs.wsj.com/washwire/2013/08/11/republicans-warn-against-nsa-changes/ Some senior Republicans in Congress on Sunday threw cold water on a cornerstone of President Barack Obama?s plan to revamp the National Security Agency?s surveillance programs?his proposal to provide a new advocate for privacy concerns. House Homeland Security Committee Chairman Michael McCaul (R., Texas) raised questions about the proposal, which would add an advocate in the proceedings of the secret court that oversees the agency?s sweeping phone-data collection. He said he feared it would slow down antiterrorism efforts when time is of the essence. Mr. McCaul, who dealt with these issues as a counterterrorism prosecutor, said changes like those Mr. Obama proposed would ?slow down the efficacy and efficiency of our counterterrorism investigation.? ?I don?t think that?s the right way to go,? Mr. McCaul said, speaking on NBC?s ?Meet the Press.? Also expressing concern about the proposal was Rep. Pete King (R., N.Y.), a senior member of the House Intelligence Committee. He said on CBS?s ?Face the Nation? that it would be ?very impractical? in cases where decisions have to be made quickly for terrorism investigations. ?We cannot afford to have this become a debating society,? said Mr. King. ?We need decisions made quickly, yes or no, up or down, because lives are at stake.? Those cautionary words from senior Republicans suggested the proposals Mr. Obama outlined at a Friday news conference may meet resistance on Capitol Hill. Some of the proposals, including changes to the Foreign Intelligence Surveillance Court, would require action by Congress, which has been deeply split on these issues. Mr. Obama didn?t give many details of his proposals, and Congress is in recess until early September. Some civil libertarians said the president didn?t go far enough in addressing their concerns about privacy and government overreach. Associated Press Germans protest NSA practices last month. At the foreign intelligence court, the government presents its case for collecting phone data to a judge, without other parties present. The court almost always approves the final government proposal. While the Obama administration had defended the current court structure, administration officials said Friday that new measures were needed to restore public confidence in the court Michael Hayden, a former director of the NSA and the Central Intelligence Agency under President George W. Bush, said he believed that Mr. Obama?s proposal would not have to be as intrusive as critics were suggesting. ?He was not talking about getting public defender in there for Tony Soprano every time you want to go up on a wiretap with him,? Mr. Hayden said on CBS?s ?Face the Nation.? A privacy advocate with a more narrowly defined role ?may be useful for transparency and it may be useful for confidence,? Mr. Hayden said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 07:20:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 08:20:46 -0400 Subject: [Infowarrior] - Privacy-protecting products/services list Message-ID: <03F5DDF6-3A06-4334-8933-9151F1366C2B@infowarrior.org> Interesting suites of tools/services listed. Nifty reference. --rick Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora. Stop governments from spying on you by encrypting your communications and ending your reliance on proprietary services. https://prism-break.org/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 07:24:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 08:24:48 -0400 Subject: [Infowarrior] - Blackberry up for sale Message-ID: <9808AE09-69F5-4172-9E04-2346108FC621@infowarrior.org> BlackBerry forms committee to explore 'strategic alternatives' http://news.cnet.com/8301-1035_3-57598078-94/blackberry-forms-committee-to-explore-strategic-alternatives/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 08:33:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 09:33:03 -0400 Subject: [Infowarrior] - NYC Stop-and-Frisk Practice Violated Rights, Judge Rules Message-ID: <4BAF2E44-34D2-4E91-B434-06B66A2CE5B3@infowarrior.org> Stop-and-Frisk Practice Violated Rights, Judge Rules By JOSEPH GOLDSTEIN Published: August 12, 2013 http://www.nytimes.com/2013/08/13/nyregion/stop-and-frisk-practice-violated-rights-judge-rules.html In a repudiation of a major element in the Bloomberg administration?s crime-fighting legacy, a federal judge has found that the stop-and-frisk tactics of the New York Police Department violated the constitutional rights of tens of thousands of New Yorkers, and called for a federal monitor to oversee broad reforms. In a decision issued on Monday, the judge, Shira A. Scheindlin, ruled that police officers have for years been systematically stopping innocent people in the street without any objective reason to suspect them of wrongdoing. Officers often frisked these people, usually young minority men, for weapons or searched their pockets for contraband, like drugs, before letting them go, according to the 195-page decision. These stop-and-frisk episodes, which soared in number over the last decade as crime continued to decline, demonstrated a widespread disregard for the Fourth Amendment, which protects against unreasonable searches and seizures by the government, according to the ruling. It also found violations with the 14th Amendment. To fix the constitutional violations, Judge Scheindlin of Federal District Court in Manhattan said she intended to designate an outside lawyer, Peter L. Zimroth, to monitor the Police Department?s compliance with the Constitution. The decision to install Mr. Zimroth, a partner in the New York office of Arnold & Porter, LLP, and a former corporation counsel and prosecutor in the Manhattan district attorney?s office, will leave the department under a degree of judicial control that is certain to shape the policing strategies under the next mayor. The ruling, in Floyd v. City of New York, follows a two-month nonjury trial earlier this year over the department?s stop-and-frisk practices. Judge Scheindlin heard testimony from about a dozen black or biracial men and a woman who described being stopped, and she heard from statistical experts who offered their conclusions based on police paperwork describing some 4.43 million stops between 2004 and mid-2012. Numerous police officers and commanders testified as well, typically defending the legality of stops and saying they were made only when officers reasonably suspected criminality was afoot. While the Supreme Court has long recognized the right of police officers to briefly stop and investigate people who are behaving suspiciously, Judge Scheindlin found that the New York police had overstepped that authority. She found that officers were too quick to deem as suspicious behavior that was perfectly innocent, in effect watering down the legal standard required for a stop. She noted that about 88 percent of the stops result in the police letting the person go without an arrest or ticket, a percentage so high, she said, that it suggests there was not a credible suspicion to suspect the person of criminality in the first place. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 12:45:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 13:45:39 -0400 Subject: [Infowarrior] - Rep Peter King channeling AG Ashcroft? Message-ID: Rep. Peter King Says Referring To NSA Activity As 'Spying' Or 'Snooping' Is Slander http://www.techdirt.com/articles/20130811/23573624141/rep-peter-king-says-any-reforms-to-nsa-spying-all-americans-shows-president-obama-is-monumental-failure.shtml ....why am I reminded of John Ashcroft's 2001 'PATRIOT' Act testimony when reading that? Ashcroft: Critics of new terror measures undermine effort http://archives.cnn.com/2001/US/12/06/inv.ashcroft.hearing/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 17:06:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 18:06:43 -0400 Subject: [Infowarrior] - WH IP czar Espinel steps down Message-ID: <52F26E19-BC24-4141-B15D-9B8517EC311D@infowarrior.org> Obama's intellectual property chief steps down By Jennifer Martinez - 08/12/13 04:57 PM ET http://thehill.com/blogs/hillicon-valley/technology/316705-obamas-intellectual-property-chief-steps-down The White House's intellectual property chief, Victoria Espinel, has stepped down from her role in the administration and is rumored to be one of the top candidates to lead BSA | The Software Alliance, according to industry sources. Espinel served as the White House's first intellectual property enforcement officer, a position that was established in the 2008 Pro-IP Act. She was appointed by President Obama in September 2009 and confirmed by the Senate later that year. Espinel officially stepped down from her role at the White House on Friday, according to the Office of Management and Budget. Howard Shelanski, who serves as the administrator of the Office of Information and Regulatory Affairs at OMB, will step in for Espinel in the interim while the administration searches for a new intellectual property chief. He will head up both offices until a new IP chief is named. During her time at the White House, Espinel encouraged various private-sector members to develop a set of best practices on ways to combat online piracy and the sale of counterfeit products on the Web. Last month the White House partnered with Google, Yahoo, Microsoft and other online advertising companies to unveil a set of best practices aimed at keeping ads off of pirate sites. She also advocated for Congress to make illegal streaming of online content a felony, when appropriate, in a 2011 white paper that outlined legislative recommendations on intellectual property enforcement. Espinel's name has been floated as one of the top candidates to succeed Robert Holleyman as CEO of BSA, a trade group that represents top software companies like Microsoft and McAfee. Holleyman stepped down as the president and CEO of BSA in March to launch a new company, Cloud 4 Growth, that focuses on helping governments and organizations use cloud technology. Prior to joining the White House, Espinel was a professor at the George Mason University School of Law, where she taught intellectual property and trade law. She has also served as a top official on intellectual property issues at the Office of the United States Trade Representative. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 17:55:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 18:55:08 -0400 Subject: [Infowarrior] - DNI Clapper to estalbish 'independent' review board Message-ID: Confessed Liar To Congress, James Clapper, Gets To Set Up The 'Independent' Review Over NSA Surveillance from the uh,-that's-not-independent dept Well, this is rather incredible. Remember on Friday how one of President Obama's efforts to get people to trust the government more concerning the NSA's surveillance efforts was to create an "outside" and "independent" board to review it all? Specifically, he said: < - > Okay. Outside, independent. Sure, that might help. Except, that was Friday. Today is Monday. And, on Monday we learn that "outside" and "independent" actually means setup by Director of National Intelligence, James Clapper -- the same guy who has already admitted to lying to Congress about the program, and has received no punishment for doing so. This is independent? From this we're supposed to expect real oversight?!? < - > http://www.techdirt.com/articles/20130812/13512624147/president-asks-confessed-liar-to-congerss-james-clapper-to-set-up-independent-review-committee-over-nsa-surveillance.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 12 18:01:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Aug 2013 19:01:14 -0400 Subject: [Infowarrior] - Turning the Apple //e into a lisp machine, part 1 Message-ID: (The video of the //e booting up and going into ProDOS and the 151 environment brought back memories! --rick) Turning the Apple //e into a lisp machine, part 1 http://www.osnews.com/story/27261/Turning_the_Apple_e_into_a_lisp_machine --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 13 06:54:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Aug 2013 07:54:29 -0400 Subject: [Infowarrior] - How Laura Poitras Helped Snowden Spill His Secrets Message-ID: (long but worth reading ---rick) How Laura Poitras Helped Snowden Spill His Secrets http://www.nytimes.com/2013/08/18/magazine/laura-poitras-snowden.html?hp&_r=1& --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 13 06:58:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Aug 2013 07:58:45 -0400 Subject: [Infowarrior] - Cheat-Sheet On Spying Message-ID: <57280248-7C3C-4EBD-8D70-58D1F0DC544E@infowarrior.org> Cheat-Sheet On Spying http://www.ritholtz.com/blog/2013/08/cheat-sheet-on-spying/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 13 07:03:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Aug 2013 08:03:18 -0400 Subject: [Infowarrior] - 3-D Printing Stirs Copyright Clash on Homemade IPhone Gear: Tech Message-ID: <9E4D7871-7433-4CF1-A562-2D2BF66057A7@infowarrior.org> 3-D Printing Stirs Copyright Clash on Homemade IPhone Gear: Tech By Olga Kharif and Susan Decker - Aug 13, 2013 http://www.bloomberg.com/news/print/2013-08-13/3-d-printing-stirs-copyright-clash-on-homemade-iphone-gear-tech.html Fernando Sosa had no doubt his sword-covered iPhone dock inspired by the hit TV series ?Game of Thrones? would become a top seller for his small manufacturing startup. Then he heard from HBO. Defending a copyright on electronics featuring its show, HBO in February demanded Sosa halt sales on his website. He did, and gave more than a dozen customers refunds for $49.99. Sosa is part of the swelling ranks of designers facing legal challenges for using consumer versions of 3-D printers once found only on factory floors. ?It?s going to be a problem for the future,? said Sosa, co-owner of Nuproto LLC in Orlando, Florida. ?A lot of new products are going to come out, and big companies are going to squash the little companies.? Clashes are cropping up as 3-D printers become more affordable and websites such as Thingiverse.com post blueprints to help the machines build everything from toy tanks to replacement toaster parts. The disputes are ushering in a new era in legal skirmishes over high-tech designs, threatening a printing market that?s estimated by Wohlers Associates Inc. to surge to $10.8 billion by 2021 from $2.2 billion last year. ?We?re at the tipping point,? Darrell Mottley, a patent and trademark attorney at Banner & Witcoff Ltd. in Washington, said in an interview. ?The technology has got to where it?s not that expensive. If you?re a manufacturer and people start making their own replacement parts, what does that mean?? Falling Prices 3-D printers build an object by churning out thin layers of plastic one on top of the next, following instructions from a computer-drawn blueprint. They eliminate the need for older manufacturing techniques such as injection molding. Designers can craft their own schematics or download patterns online. The latest consumer machines from companies such as 3D Systems Corp. and Stratasys Ltd. sell at retail prices of less than $3,000, making the technology accessible to people who wouldn?t shell out more than 10 times that amount for industrial versions. More than 45,000 low-end models have been sold in the past three years, according to Todd Grimm, a board member of Additive Manufacturing Users Group. 3D Systems, a printer maker based in Rock Hill, South Carolina, is projected to post a 42 percent surge in revenue this year to $503.2 million, according to the average of analysts? estimates compiled by Bloomberg. Consumer models such as the CubeX are starting to make a ?meaningful contribution? to growth, Chief Executive Officer Abraham Reichental said last month. MakerBot Buyout Sales at Stratasys, based in Eden Prairie, Minnesota, are estimated to more than double to $462.6 million this year, according to data compiled by Bloomberg. The company agreed to buy Brooklyn-based 3-D printing startup MakerBot in June for at least $403 million to expand sales to consumers. Nuproto?s Sosa uses a machine from Delta Micro Factory Corp., which charges from $899 to $1,649, according to its website. HBO is focused on protecting its copyrights no matter how objects are produced, according to Jeff Cusson, a spokesman for the network, which is owned by Time Warner Inc. ?We?re indifferent to the technology,? Cusson said. ?If you are going to infringe on our copyright, we are going to take steps to prevent you from doing so.? ?Right Safeguards? As 3-D printing becomes more ubiquitous, websites that help people profit from their creations are being asked to remove some designs, according to Pete Weijmarshausen, CEO of New York-based Shapeways Inc. The company, which prints made-to-order products based on blueprints uploaded by users, has had five requests to remove items so far this year, he said. That?s about as many as Shapeways got in 2012. Weijmarshausen is on the defensive to keep that number from climbing. Many more legal disputes have been prevented by his team of engineers who vet every design, making sure nothing violates copyrights, trademarks or patents. If it raises a flag, Shapeways takes it down, he said. ?We have to be diligent about it,? Weijmarshausen said. ?We have to put the right safeguards in place.? In cases that do escalate, two things could tip the scales in designers? favor: websites can protect themselves from litigation by warning users against transmitting blueprints for copied products; and, corporations may not want to risk the backlash of taking their fans to court. Cautionary Tale ?They could spend years and millions of dollars suing customers, or they could make it easy for people to access their stuff online,? Michael Weinberg, a vice president at digital advocacy group Public Knowledge, said in an interview. So far, 3-D printing disputes have been playing out as cease-and-desist orders -- no lawsuits have been filed. The music business offers a cautionary tale, he said. The Recording Industry Association of America sued more than 35,000 people it accused of illegally sharing songs online, only to reverse course in 2008 and chase only the worst offenders. Mindful of potential litigation, several startups are developing software to protect designs distributed on 3-D printing sites. Mountain View, California-based Authentise is developing SendShapes.com, which will stream instructions directly to 3-D printers, eliminating file downloads as a way to curtail the type of file-sharing that became rampant in the music industry. ?Legal Alternative? Another startup, Sweden-based 3DBurrito.com, is developing software that would safeguard designs sold on its marketplace. The company plans to negotiate licensing agreements to sell blueprints from corporations that sell everything from toys to movies. ?It?s important that they adopt this technology and work with marketplaces like ours to offer consumers a legal alternative,? CEO Max Fod?rus said in an interview. In the meantime, some corporations are embracing 3-D printers, as long as the machines aren?t being used to produce objects for sale. Lego A/S, for example, is well aware that its fans use 3-D printers to create new bricks to enhance the sets it sells. One popular design on Thingiverse enables kids to adapt Lego bricks so they can connect to wooden train tracks made by Brio AB. While personal use of these hybrid toys is fine, their sale may cross a legal line, Roar Rude Trangbaek, a spokesman for Lego, said in an e-mailed statement. ?We will definitely want to pursue infringements as and when we see them, in order to ensure the protection of our brand and ultimately the consumers,? he said. Nokia Oyj, the mobile-handset manufacturer, goes even further in sanctioning 3-D printing. At the Mobile World Congress earlier this year, Nokia used a MakerBot machine to print custom cases for its Lumia 820 phone. In a blog post interview in January, Nokia executive John Kneeland touted 3-D printers as a tool that may one day let consumers customize devices. ?You want a waterproof, glow-in-the-dark phone with a bottle-opener and a solar charger?? Kneeland said on the blog. ?Someone can build it for you -- or you can print it yourself!? To contact the reporters on this story: Olga Kharif in Portland at okharif at bloomberg.net; Susan Decker in Washington at sdecker1 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 13 17:16:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Aug 2013 18:16:30 -0400 Subject: [Infowarrior] - WH: Clapper will not lead the surveillance review Message-ID: <306129BC-AF06-4484-A8CB-3CF82974AB79@infowarrior.org> (DC's dance card is getting quite hard to follow, given all the tapdancing going on these days. --rick) White House insists James Clapper will not lead NSA surveillance review Officials stress director of national intelligence will have limited role after Obama seemed to imply Clapper would head panel ? Ewen MacAskill in New York ? theguardian.com, Tuesday 13 August 2013 17.59 EDT http://www.theguardian.com/world/2013/aug/13/white-house-james-clapper-nsa-surveillance-review The White House has moved to dampen controversy over the role of the director of national intelligence James Clapper in a panel reviewing NSA surveillance, insisting that he would neither lead it nor choose the members. Statements by Barack Obama and Clapper on Monday night were widely interpreted as the director of national intelligence being placed in charge of the inquiry, which the president had announced on Friday would be "independent". The apparent involvement of Clapper, who has admitted lying to Congress over NSA surveillance of US citizens, provoked a backlash, with critics accusing the president of putting a fox in charge of the hen house. But the White House national security council insisted on Tuesday that Clapper's role would be more limited. "The panel members are being selected by the White House, in consultation with the intelligence community," national security council spokeswoman Caitlin Hayden said. The DNI had to be involved for administrative reasons, because the panel would need security clearance and access to classified material, she added. After the White House and the Pentagon released their statements saying Clapper had been asked by Obama to "establish" the panel and report its findings, media outlets reported this to mean Clapper heading the panel and choosing the members. Republican congressman Justin Amash, who led a revolt that narrowly failed in its effort to cut NSA funding, tweeted: "Pres Obama believes man who lied to public in congressional hearing about NSA should lead NSA review process meant to build public trust". Clapper apologised last month for misleading a Senate hearing by denying that the NSA collects information about millions of Americans. In response to leaks by former NSA contractor Edward Snowden, Obama announced at a press conference on Friday that an independent panel of outsiders would be set up to investigate concerns about the scale of NSA surveillance. The president appeared to backtrack on Monday evening when he said he was directing Clapper "to establish a review group on intelligence and communications technologies" that would brief and later report to the president through Clapper by December. Clapper, in a separate statement, echoed this but described the investigatory body as "the director of national intelligence review group on intelligence and communications technology". Timothy Lee, writing in the Washington Post, said: "The announcement doesn't inspire confidence that the president is interested in truly independent scrutiny of the nation's surveillance programs. The panel will be chosen by, and report to, director of national intelligence James Clapper." But on Tuesday the White House repeated Obama's promise that the panel would be independent and contain outsiders. It described media reports of Monday's statements by Obama and Clapper as inaccurate. "I can confirm we are not backtracking on what the president announced," said Hayden. She added that the panel members woul be appointed soon. "The panel will not report to the DNI. As the DNI's statement yesterday made clear, the review group will brief its interim findings to the president within 60 days of its establishment, and provide a final report with recommendations no later than December 15 2013." She added: "As we announced on Friday, the review group will be made up of independent, outside experts. The DNI's role is one of facilitation, and the group is not under the direction of or led by the DNI. "The members require security clearances and access to classified information so they need to be administratively connected to the government, and the DNI's office is the right place to provide that. The review process and findings will be the group's." One of the US senators who has led the challenge to NSA domestic surveillance, Ron Wyden, said he hoped that the creation of what he described as an independent board would be one part of ensuring that the security and civil liberties of American are protected. In an email to the Guardian, Wyden, a Democrat, said: "That board must be able to take an unbiased look at intelligence gathering and surveillance practices, so that the Congress and the public can be confident that an honest and straightforward review is taking place." He added: "It is my hope that DNI Clapper will take just such an approach to establishing this review panel, because anything less will do little to improve the confidence the public has in the intelligence community." Wyden was the senator to whom Clapper admitted giving an "erroneous" answer at a Senate hearing about the extent of domestic surveillance. Michelle Richardson, a legislative counsel at the American Civil Liberties Union, who specialises in national security and transparency, said: "We hope Clapper constructs a panel with a diversity of views and expertise. He needs to look outside the immediate intelligence community that has been creating and operating these programs over the years. She added: "It was disappointing to see that the DNI's press release didn't even mention privacy or the constitution." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 14 07:02:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Aug 2013 08:02:23 -0400 Subject: [Infowarrior] - Nintendo Restricts The Number Of Times You Can Play A Game Demo For Some Reason Message-ID: <3A44D92F-B827-42D8-9D31-C1DB22638329@infowarrior.org> Nintendo Restricts The Number Of Times You Can Play A Game Demo For Some Reason http://kotaku.com/nintendo-your-restrictions-on-demos-are-just-silly-1111594393 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 14 07:02:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Aug 2013 08:02:28 -0400 Subject: [Infowarrior] - Gmail: You weren't really expecting privacy, were you? Message-ID: (and if you were......shame on you! --rick) Gmail: You weren't really expecting privacy, were you? http://news.cnet.com/8301-31322_3-57598424-256/gmail-you-werent-really-expecting-privacy-were-you/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 14 21:00:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Aug 2013 22:00:37 -0400 Subject: [Infowarrior] - HPSCI under fire from GOP House members Message-ID: <06A7CE98-D09C-45F6-BEF2-0DF66577B81C@infowarrior.org> Intelligence committee urged to explain if they withheld crucial NSA document Critics demand answers from chairman Mike Rogers after claims that committee failed to share document before key vote ? Spencer Ackerman in Washington ? theguardian.com, Wednesday 14 August 2013 10.30 EDT The leadership of the House intelligence committee is under growing pressure to explain whether it withheld surveillance information from members of Congress before a key vote to renew the Patriot Act. A Republican congressman and government ethics watchdogs are demanding that the powerful panel's chairman, Mike Rogers of Michigan, responds to charges that the panel's leadership failed to share a document prepared by the justice department and intelligence community. The document was explicitly created to inform non-committee members about bulk collection of Americans' phone records ahead of the vote in 2011. Michigan Republican Justin Amash alleged that the committee kept it from non-committee members ? the majority of the House. Now Morgan Griffith, a Republican who represents Virginia's ninth district, is calling for answers. "I certainly think leadership needs to figure out what's going on. We're trying to get information so we can do our jobs as congressmen," he told the Guardian. "If we're not able to get that information, it's inappropriate." "Obviously, this is of concern," he added. Griffith has been been critical of the committee for blocking attempts by non-members to obtain information about classified programs. On August 4, the Guardian published a series of letters he had written to the committee requesting more details, all of which had gone unanswered. The accusations broaden the focus of the surveillance controversy from the National Security Agency to one of the congressional committees charged with exercising oversight of it ? and the panel's closeness to the NSA it is supposed to oversee. < - > http://www.theguardian.com/world/2013/aug/14/nsa-intelligence-committee-under-pressure-document/print --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 15 06:47:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Aug 2013 07:47:04 -0400 Subject: [Infowarrior] - A proposed new $5 per year cellphone tax Message-ID: <3143B1A3-9CB9-4964-BA55-50E35CDCAB7E@infowarrior.org> Proposed new $5 per year cellphone tax could be used to bring more U.S. schools online By Andy Boxall ? August 15, 2013 http://www.digitaltrends.com/mobile/connected-cellphone-tax-could-cost-an-extra-5-per-year/ You may have already heard of ConnectED, President Obama?s plan to bring high-speed Internet connectivity to 99 percent of America?s school students. The five year scheme was revealed back in June and at the time, there was vague talk about raising taxes on phone bills to help pay for the initiative ? except it wasn?t clear whether this was fixed or mobile phones, or when such a tax would be implemented, if at all. That question has been answered today, and it?s cellphone users who will be paying. White House officials, quoted in the New York Post, say each phone user will end up paying about $5 extra per year on their bill, or around $0.40 each month. It?s unlikely to break the bank, but it?s enough to notice. It?s all still at the proposal stage, but rather than need to be approved by Congress, it?s being put in the hands of the FCC, which has the power to add additional, mandatory charges to fund programs such as ConnectED. If it goes ahead, the tax won?t stick around for ever, as it?s intended to end after three years. During this period of time, an estimated $6 billion would be amassed. In return for the money, the ConnectED scheme will bring high speed Internet access to more schools (particularly in rural areas), train teachers, and buy more digital learning content. When ConnectED was introduced, President Obama said he had been inspired by countries such as South Korea, where 100 percent of its students had access to high speed Internet. In the U.S., he said, only 20 percent of students had access to Wi-Fi. By sidestepping Congress, and proposing a further tax on consumers ? in New York, mobile bills have ten different taxes added already ? ConnectED?s funding plan has attracted controversy. The Washington Post says Republican politicians will put pressure on the FCC to refuse the scheme, while White House officials are concerned a worrying precedent will be set by Congress not having the final say on the use of public funds. The report says the FCC has begun examining the plan, but it could take up to a year before a decision is reached. Read more: http://www.digitaltrends.com/mobile/connected-cellphone-tax-could-cost-an-extra-5-per-year/#ixzz2c2Njp2T1 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 15 21:17:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Aug 2013 22:17:15 -0400 Subject: [Infowarrior] - Audit: NSA broke privacy rules thousands of times per yea Message-ID: NSA broke privacy rules thousands of times per year, audit finds By Barton Gellman http://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-49ddc7417125_print.html The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents. Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls. The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence. In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a ?large number? of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt, according to a ?quality assurance? review that was not distributed to the NSA?s oversight staff. In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional. The Obama administration has provided almost no public information about the NSA?s compliance record. In June, after promising to explain the NSA?s record in ?as transparent a way as we possibly can,? Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. ?Every now and then, there may be a mistake,? Cole said in congressional testimony. The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders. In a statement in response to questions for this article, the NSA said it attempts to identify problems ?at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.? The government was made aware of The Post?s intention to publish the documents that accompany this article online. ?We?re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,? a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity. ?You can look at it as a percentage of our total activity that occurs each day,? he said. ?You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.? There is no reliable way to calculate from the number of recorded compliance issues how many Americans have had their communications improperly collected, stored or distributed by the NSA. The causes and severity of NSA infractions vary widely. One in 10 incidents is attributed to a typographical error in which an analyst enters an incorrect query and retrieves data about U.S phone calls or e-mails. But the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance. The May 2012 audit, intended for the agency?s top leaders, counts only incidents at NSA?s Fort Meade headquarters and other facilities in the Washington area. Three government officials, speaking on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee ?can and should do more to independently verify that NSA?s operations are appropriate, and its reports of compliance incidents are accurate.? Despite the quadrupling of NSA?s oversight staff after a series of significant violations in 2009, the rate of infractions increased throughout 2011 and early 2012. An NSA spokesman declined to disclose whether the trend has continued since last year. One major problem is largely unpreventable, the audit says, because current operations rely on technology that cannot quickly determine whether a foreign mobile phone has entered the United States. In what appears to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection. The operation to obtain what the agency called ?multiple communications transactions? collected and commingled U.S. and foreign e-mails, according to an article in SSO News, a top-secret internal newsletter of the NSA?s Special Source Operations unit. NSA lawyers told the court that the agency could not practicably filter out the communications of Americans. In October 2011, months after the program got underway, the Foreign Intelligence Surveillance Court ruled that the collection effort was unconstitutional. The court said that the methods used were ?deficient on statutory and constitutional grounds,? according to a top-secret summary of the opinion, and it ordered the NSA to comply with standard privacy protections or stop the program. James R. Clapper Jr., the director of national intelligence, has acknowledged that the court found the NSA in breach of the Fourth Amendment, which prohibits unreasonable searches and seizures, but the Obama administration has fought a Freedom of Information lawsuit that seeks the opinion. Generally, the NSA reveals nothing in public about its errors and infractions. The unclassified versions of the administration?s semi-annual reports to Congress feature blacked-out pages under the headline, ?Statistical Data Relating to Compliance Incidents.? Members of Congress may read the unredacted documents, but only in a special secure room and are not allowed to take notes. Fewer than 10 percent of lawmakers employ a staff member who has the security clearance to read the reports and provide advice about their meaning and significance. The limited portions of the reports that can be read by the public acknowledge ?a small number of compliance incidents.? Under NSA auditing guidelines, the incident count does not usually disclose the number of Americans affected. ?What you really want to know, I would think, is how many innocent U.S. person communications are, one, collected at all, and two, subject to scrutiny,? said Julian Sanchez, a research scholar and close student of the NSA at the Cato Institute. The documents provided by Snowden offer only glimpses of those questions. Some reports make clear that an unauthorized search produced no records. But a single ?incident? in February 2012 involved the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy, according to the May 2012 audit. Each file contained an undisclosed number of telephone call records. One of the documents sheds new light on a statement by NSA Director Keith B. Alexander last year that ?we don?t hold data on U.S. citizens.? Some Obama administration officials, speaking on the condition of anonymity, have defended Alexander with assertions that the agency?s internal definition of ?data? does not cover ?metadata? such as the trillions of American call records that the NSA is now known to have collected and stored since 2006. Those records include the telephone numbers of the parties and the times and durations of conversations, among other details, but not their content or the names of callers. The NSA?s authoritative definition of data includes those call records. ?Signals Intelligence Management Directive 421,? which is quoted in secret oversight and auditing guidelines, states that ?raw SIGINT data .?.?. includes, but is not limited to, unevaluated and/or unminimized transcripts, gists, facsimiles, telex, voice, and some forms of computer-generated data, such as call event records and other Digital Network Intelligence (DNI) metadata as well as DNI message text.? In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a ?large number? of intercepted calls. A spokesman declined to discuss the matter. The NSA has different reporting requirements for each branch of government and each of its legal authorities. The ?202? collection was deemed irrelevant to any of them. ?The issue pertained to Metadata ONLY so there were no defects to report,? according to the author of the secret memo from March 2013. The large number of database query incidents, which involve previously collected communications, confirms long-standing suspicions that the NSA?s vast data banks ? with code names such as MARINA, PINWALE and XKEYSCORE ? house a considerable volume of information about Americans. Ordinarily the identities of people in the United States are masked, but intelligence ?customers? may request unmasking, either one case at a time or in standing orders. In dozens of cases, NSA personnel made careless use of the agency?s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and ?radio? or ?radar? ? a query that could just as easily have collected on people in the United States as on their Pakistani military target. The NSA uses the term ?incidental? when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, ?does not constitute a .?.?. violation? and ?does not have to be reported? to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely. In one required tutorial, NSA collectors and analysts are taught to fill out oversight forms without giving ?extraneous information? to ?our FAA overseers.? FAA is a reference to the FISA Amendments Act of 2008, which granted broad new authorities to the NSA in exchange for regular audits from the Justice Department and the office of the Director of National Intelligence and periodic reports to Congress and the surveillance court. Using real-world examples, the ?Target Analyst Rationale Instructions? explain how NSA employees should strip out details and substitute generic descriptions of the evidence and analysis behind their targeting choices. ?I realize you can read those words a certain way,? said the high-ranking NSA official who spoke with White House authority, but the instructions were not intended to withhold information from auditors. ?Think of a book of individual recipes,? he said. Each target ?has a short, concise description,? but that is ?not a substitute for the full recipe that follows, which our overseers also have access to.? Julie Tate and Carol D. Leonnig contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 15 21:17:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Aug 2013 22:17:20 -0400 Subject: [Infowarrior] - FISC Chief Judge: Ability to police U.S. spying program limited Message-ID: <3632273F-A6F6-478D-B705-0A3425D71383@infowarrior.org> Court: Ability to police U.S. spying program limited By Carol D. Leonnig http://www.washingtonpost.com/politics/court-ability-to-police-us-spying-program-limited/2013/08/15/4a8c8c44-05cd-11e3-a07f-49ddc7417125_print.html The leader of the secret court that is supposed to provide critical oversight of the government?s vast spying programs said that its ability do so is limited and that it must trust the government to report when it improperly spies on Americans. The chief judge of the Foreign Intelligence Surveillance Court said the court lacks the tools to independently verify how often the government?s surveillance breaks the court's rules that aim to protect Americans? privacy. Without taking drastic steps, it also cannot check the veracity of the government?s assertions that the violations its staff members report are unintentional mistakes. ?The FISC is forced to rely upon the accuracy of the information that is provided to the Court,? its chief, U.S. District Judge Reggie Walton, said in a written statement to The Washington Post. ?The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.? Walton?s comments came in response to internal government records obtained by The Post showing that National Security Agency staff members in Washington overstepped their authority on spy programs thousands of times per year. The records also show that the number of violations has been on the rise. The court?s description of its practical limitations contrasts with repeated assurances from the Obama administration and intelligence agency leaders that the court provides central checks and balances on the government?s broad spying efforts. They have said that Americans should feel comfortable that the secret intelligence court provides robust oversight of government surveillance and protects their privacy from rogue intrusions. President Obama and other government leaders have emphasized the court?s oversight role in the wake of revelations this year that the government is vacuuming up ?metadata? on Americans? telephone and Internet communications. ?We also have federal judges that we?ve put in place who are not subject to political pressure,? Obama said at a news conference in June. ?They?ve got lifetime tenure as federal judges, and they?re empowered to look over our shoulder at the executive branch to make sure that these programs aren?t being abused.? Privacy advocates and others in government have voiced concerns about the ability of overseers to police secret programs of immense legal and technological complexity. Several members of the House and Senate intelligence committees told The Post last week that they face numerous obstacles and constraints in questioning spy agency officials about their work. In 2009, for example, a Justice Department review uncovered a major operational glitch that had led to a series of significant violations of the court?s order and notified the court, according to records that were declassified July 31 by the Office of the Director of National Intelligence. The government described the problem as one of ?over-collection? of metadata records for U.S. phone calls. In September 2009, NSA Director Keith B. Alexander made a presentation to the FISA court about the agency?s effort to remedy the problem. ?FISA Court placed several restrictions on aspects of the business records collection program until the compliance processes were improved to its satisfaction,? the memo stated. The public summaries of the violations do not say how long the problem went undetected and unreported to the court, or what information was improperly gathered by the agency?s automated collection systems. ?The problems generally involved the implementation of highly sophisticated technology in a complex and ever-changing communications environment which, in some instances, results in the automated tools operating in a manner that was not completely consistent with the specific terms of the Court?s orders,? according to unredacted portions of a December 2009 memo provided to the Senate and House intelligence committees. Two people familiar with the 2009 flaw said that the agency was collecting more ?fields? of information from the customer records of telephone companies than the court had approved. The NSA declined to answer questions about the event. One senior intelligence official, who was authorized by the White House to speak on the condition of anonymity, described the 2009 incident as a ?major event? that prompted the agency to dramatically increase its compliance staff. ?We uncovered some disconnects between us and our overseers, disconnects between what we had put in documentation, the way we had described things in documentation,? the official said. Although the violation was unintentional, the official said, ?it wasn?t always the easiest of discussions? with the court. The agency paused, ?got ourselves with our overseers back into fair territory,? and has since made ?substantial improvement? in compliance, the official said. Privacy advocates say they fear that some violations are never reported to the court. In January 2008, the NSA appeared to have mistakenly collected data on numerous phone calls from the Washington area code 202, thinking they were foreign phone calls from Egypt, whose country code is 20. According to a 2013 ?quality assurance? review of the incident, a communications switch misread the coding of the calls and presumed they were international. The NSA has broad authority that is not subject to the FISA court to collect and monitor foreign communications under certain circumstances. The description of the 2008 problem suggests that the inadvertent collection of U.S. phone calls was not reported to the FISA court. ?[H]owever, the issue pertained to Metadata ONLY so there were no defects to report,? the review stated. Under FISA rules, the government is required to immediately notify the court if it believes it has violated any of its orders on surveillance. The government does not typically provide the court with case-specific detail about individual compliance cases, such as the names of people it later learned it was improperly searching in its massive phone or e-mail databases, according to two people familiar with the court?s work. Unlike the dozens of staff available to Congress?s intelligence and judiciary committees, the FISA court has five lawyers to review compliance violation reports. A staff lawyer can elevate a concern about a significant compliance issue to a judge on the court, according to a letter Walton recently sent to the Senate describing the court?s role. The court can always demand and obtain more details about cases, but it is unclear how often that occurs. In the past, while grappling with rules for implementing the surveillance programs, judges on the court have requested a visit to NSA headquarters to inspect the operations, the officials said. Last week, the president said that he recognizes that some Americans may lack trust in the oversight process ? in which the secret court approves the rules for collecting Americans? communications ? and that he will work with Congress on reforms, which could include a privacy advocate to the court. ?In other words, it?s not enough for me as president to have confidence in these programs,? Obama said in his news conference. ?The American people need to have confidence in them, as well. ? Barton Gellman, Peter Wallsten and Alice Crites contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 07:39:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 08:39:46 -0400 Subject: [Infowarrior] - Noonan: What We Lose if We Give Up Privacy Message-ID: <8EDA1E31-AB75-4A4F-A001-649033C4B38E@infowarrior.org> (c/o JA) Noonan: What We Lose if We Give Up Privacy A civil libertarian reflects on the dangers of the surveillance state. By PEGGY NOONAN http://online.wsj.com/article/SB10001424127887323639704579015101857760922.html What is privacy? Why should we want to hold onto it? Why is it important, necessary, precious? Is it just some prissy relic of the pretechnological past? We talk about this now because of Edward Snowden, the National Security Agency revelations, and new fears that we are operating, all of us, within what has become or is becoming a massive surveillance state. They log your calls here, they can listen in, they can read your emails. They keep the data in mammoth machines that contain a huge collection of information about you and yours. This of course is in pursuit of a laudable goal, security in the age of terror. Is it excessive? It certainly appears to be. Does that matter? Yes. Among other reasons: The end of the expectation that citizens' communications are and will remain private will probably change us as a people, and a country. *** Among the pertinent definitions of privacy from the Oxford English Dictionary: "freedom from disturbance or intrusion," "intended only for the use of a particular person or persons," belonging to "the property of a particular person." Also: "confidential, not to be disclosed to others." Among others, the OED quotes the playwright Arthur Miller, describing the McCarthy era: "Conscience was no longer a private matter but one of state administration." Privacy is connected to personhood. It has to do with intimate things?the innards of your head and heart, the workings of your mind?and the boundary between those things and the world outside. A loss of the expectation of privacy in communications is a loss of something personal and intimate, and it will have broader implications. That is the view of Nat Hentoff, the great journalist and civil libertarian. He is 88 now and on fire on the issue of privacy. "The media has awakened," he told me. "Congress has awakened, to some extent." Both are beginning to realize "that there are particular constitutional liberty rights that [Americans] have that distinguish them from all other people, and one of them is privacy." Mr. Hentoff sees excessive government surveillance as violative of the Fourth Amendment, which protects "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" and requires that warrants be issued only "upon probable cause . . . particularly describing the place to be searched, and the persons or things to be seized." But Mr. Hentoff sees the surveillance state as a threat to free speech, too. About a year ago he went up to Harvard to speak to a class. He asked, he recalled: "How many of you realize the connection between what's happening with the Fourth Amendment with the First Amendment?" He told the students that if citizens don't have basic privacies?firm protections against the search and seizure of your private communications, for instance?they will be left feeling "threatened." This will make citizens increasingly concerned "about what they say, and they do, and they think." It will have the effect of constricting freedom of expression. Americans will become careful about what they say that can be misunderstood or misinterpreted, and then too careful about what they say that can be understood. The inevitable end of surveillance is self-censorship. All of a sudden, the room became quiet. "These were bright kids, interested, concerned, but they hadn't made an obvious connection about who we are as a people." We are "free citizens in a self-governing republic." Mr. Hentoff once asked Justice William Brennan "a schoolboy's question": What is the most important amendment to the Constitution? "Brennan said the First Amendment, because all the other ones come from that. If you don't have free speech you have to be afraid, you lack a vital part of what it is to be a human being who is free to be who you want to be." Your own growth as a person will in time be constricted, because we come to know ourselves by our thoughts. He wonders if Americans know who they are compared to what the Constitution says they are. Mr. Hentoff's second point: An entrenched surveillance state will change and distort the balance that allows free government to function successfully. Broad and intrusive surveillance will, definitively, put government in charge. But a republic only works, Mr. Hentoff notes, if public officials know that they?and the government itself?answer to the citizens. It doesn't work, and is distorted, if the citizens must answer to the government. And that will happen more and more if the government knows?and you know?that the government has something, or some things, on you. "The bad thing is you no longer have the one thing we're supposed to have as Americans living in a self-governing republic," Mr. Hentoff said. "The people we elect are not your bosses, they are responsible to us." They must answer to us. But if they increasingly control our privacy, "suddenly they're in charge if they know what you're thinking." This is a shift in the democratic dynamic. "If we don't have free speech then what can we do if the people who govern us have no respect for us, may indeed make life difficult for us, and in fact belittle us?" If massive surveillance continues and grows, could it change the national character? "Yes, because it will change free speech." What of those who say, "I have nothing to fear, I don't do anything wrong"? Mr. Hentoff suggests that's a false sense of security. "When you have this amount of privacy invasion put into these huge data banks, who knows what will come out?" Or can be made to come out through misunderstanding the data, or finagling, or mischief of one sort or another. "People say, 'Well I've done nothing wrong so why should I worry?' But that's too easy a way to get out of what is in our history?constant attempts to try to change who we are as Americans." Asked about those attempts, he mentions the Alien and Sedition Acts of 1798, the Red Scare of the 1920s and the McCarthy era. Those times and incidents, he says, were more than specific scandals or news stories, they were attempts to change our nature as a people. What of those who say they don't care what the federal government does as long as it keeps us safe? The threat of terrorism is real, Mr. Hentoff acknowledges. Al Qaeda is still here, its networks are growing. But you have to be careful about who's running U.S. intelligence and U.S. security, and they have to be fully versed in and obey constitutional guarantees. "There has to be somebody supervising them who knows what's right. . . . Terrorism is not going to go away. But we need someone in charge of the whole apparatus who has read the Constitution." Advances in technology constantly up the ability of what government can do. Its technological expertise will only become deeper and broader. "They think they're getting to how you think. The technology is such that with the masses of databases, then privacy will get even weaker." Mr. Hentoff notes that J. Edgar Hoover didn't have all this technology. "He would be so envious of what NSA can do." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 07:59:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 08:59:00 -0400 Subject: [Infowarrior] - NSA to open $60M data analysis lab at NCSU Message-ID: NSA to open $60M data analysis lab at NCSU's Centennial Campus http://wraltechwire.com/nsa-to-open-data-analysis-lab-at-ncsu/12779289/ Raleigh, N.C. ? The National Security Agency plans to create a data analysis lab on North Carolina State University's Centennial Campus, officials said Thursday. The $60.75 million NSA grant to fund the Laboratory for Analytic Sciences is the largest sponsored research contract in the university?s history, officials said, and the lab is expected to bring 100 jobs to the Triangle over the next several years and attract related government and industry projects. Other details for the new lab weren't disclosed for security reasons, officials said. Access to the lab will be restricted to people who have government security clearance, but some of the fundamental research will be conducted at the unclassified level in existing faculty labs, they said. ?We appreciate the confidence of the National Security Agency to select N.C. State for this groundbreaking endeavor," Chancellor Randy Woodson said in a statement. "Not only will it enhance the academic experience for our students and faculty, it will also add to the economic prosperity of our community through new jobs, new industry and new partnerships.? A key goal of the lab is to promote advances in the science of data analysis through collaborations among industry, academia and government, officials said. N.C. State?s expertise in handling "big data" ranges from its Institute for Advanced Analytics, which offers an intensive 10-month master's degree ? the first program of its kind ? to its Center for Innovative Management Studies, which examines the trends and technologies surrounding big data. The university also has traditional strengths in computer science, mathematics and statistics and is hiring four faculty members for its new data-driven science ?cluster.? The university already has a major collaborative project on cybersecurity with the NSA, and it has numerous research contracts with the Department of Defense, from technology that can best help soldiers identify improvised explosive devices from a distance to fire-protection research to help soldiers and first responders to a language training center that works to improve the language skills, regional expertise and intercultural communication skills of military personnel. Web Editor: Matthew Burns --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 10:01:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 11:01:05 -0400 Subject: [Infowarrior] - The new paranoia: A government afraid of itself Message-ID: <0C4B98B7-117F-42DE-B11E-6BB41DE1B69D@infowarrior.org> The new paranoia: A government afraid of itself By Jesse Walker http://www.washingtonpost.com/opinions/the-new-paranoia-a-government-afraid-of-itself/2013/08/15/1f3db594-038a-11e3-a07f-49ddc7417125_print.html Jesse Walker, the books editor for Reason magazine, is the author of ?The United States of Paranoia: A Conspiracy Theory.? In the popular stereotype, conspiracy theorists direct their paranoia at the government: The CIA shot JFK. NASA faked the moon landing. Sept. 11 was an inside job. But the most significant sorts of political paranoia are the kinds that catch on with people inside the halls of power, not the folks on the outside looking in. The latest example is a crackdown on leaks that has the government crippled by a fear of its own employees. Washington is petrified of itself. The federal effort, called the Insider Threat Program, was launched in October 2011, and it certainly hasn?t diminished since Edward Snowden disclosed details of the National Security Agency?s domestic spying. As McClatchy reporters Marisa Taylor and Jonathan S. Landay have described, federal employees and contractors are encouraged to keep an eye on allegedly suspicious ?indicators? in their co-workers? lives, from financial troubles to divorce. A brochure produced by the Defense Security Service, titled ?INSIDER THREATS: Combating the ENEMY within your organization,? sums up the spirit of the program: ?It is better to have reported overzealously than never to have reported at all.? The word ?espionage? appears 10 times in that pamphlet, while ?leak? isn?t used even once. But the most insidious part of the crackdown is that it blurs the boundary between spies and whistleblowers. This comes, after all, at a time when the government is increasingly willing to prosecute leakers under the Espionage Act. An agent of a foreign power would fall under the program?s purview, but so would someone releasing information to the media. Leaking, one Defense Department document declares, ?is tantamount to aiding the enemies of the United States.? It doesn?t help that the Insider Threat Program has been adopted in agencies that have little or nothing to do with national security, including the Social Security Administration, the National Oceanic and Atmospheric Administration, the Department of Education and the Peace Corps. A tutorial for Agriculture Department employees includes a long list of ?examples of behaviors that may indicate an individual has vulnerabilities that are of security concern.? These include sleeping at your desk ? that might be a sign of alcoholism ? and ?expression of bizarre thoughts, perceptions, or expectations.? The list was imported, word for word, from a Defense Department document. Other conspiracy theories involve groups that seem different: Suspected plotters can be identified by where they live, their racial or ethnic identity, or their social status. The enemy within,by contrast, can live anywhere and look like anyone. The men and women allegedly atop the cabal might be based in another country, but their puppets are ordinary neighbors, co-workers, members of your family. Anyone could conceivably be ? or become ? part of the plot. This isn?t the first time an effort intended to protect national security has spiraled into something bigger, messier and more dangerous for individual liberty. The most famous crackdown on the enemy within was the post-World War II Red Scare, when fear of Soviet spies caused trouble not just for genuine foreign agents but for a host of people who merely had left-wing ideological leanings. Less well known, but arguably even more intrusive, was a simultaneous crackdown that the historian David K. Johnson has called the Lavender Scare. In those days, gays and lesbians were presumed to be security risks. In 1950, CIA Director Roscoe Hillenkoetter warned a House committee that ?perverts in key positions? formed ?a government within a government.? Civil-service homosexuals, he continued, ?belong to the lodge, the fraternity. One pervert brings other perverts into an agency, they move from position to position, and advance them usually in the interest of furthering the romance of the moment.? A great purge ensued. Bureaucrats informed investigators about co-workers they suspected of being homosexual; interrogators pressured suspects into naming other gay men and lesbians in the workforce. Many private companies in Washington, particularly if they had government contracts that required security clearances, cracked down on their workers as well. Johnson has estimated that the State Department fired about 1,000 employees believed to be homosexuals in the 1950s and ?60s, far more than the number of alleged reds who got the ax. That shouldn?t be surprising: The United States has always been home to far more gays than communists. Today?s Leak Scare has the potential to be even more open-ended, since it isn?t rooted in fear of a particular country or subculture. There are countless motives for releasing classified or ?sensitive? information to the media, from political convictions to bureaucratic turf wars. And there is plenty of material that has been classified not out of a genuine security concern but simply because it might make an agency ? or someone inside it ? look bad. Meanwhile, the Insider Threat enforcers? profile of a potential security risk is vague and untested; it could send interrogators on wild goose chases, questioning employees based on groundless suspicions and poisoning the office atmosphere. Whether or not the profiling can identify potential leakers, it isn?t likely to stop leaks. As security specialist Bruce Schneierwrote when the WikiLeaks cables shook Washington in 2010, ?The government is learning what the music and movie industries were forced to learn years ago: it?s easy to copy and distribute digital files.? Washington is classifying documents at a remarkable rate. According to a report from the Public Interest Declassification Board last year, one intelligence agency alone classifies the equivalent of about 20 million well-stuffed four-drawer filing cabinets every 18 months. Nearly 5 million federal employees or contractors have access to at least some secret information. Even more have access to information that isn?t classified but might embarrass someone. That creates a double bind: The more the government trusts someone with sensitive data, the more it has reason to fear that person. Trust breeds mistrust. It?s the sort of situation that might make a person paranoid. Did anyone ever imagine a government so scared of its own shadow? I can think of at least two people who did. One is novelist and essayist Robert Anton Wilson, who often wrote satirically about conspiracies. Any secret police agency, he suggested, must be monitored by another arm of the government, lest it be infiltrated by its enemies. But then ?a sinister infinite regress enters the game. Any elite second order police must be, also, subject to infiltration. .?.?. So it, too, must be monitored, by a secret-police-of-the-third-order? and so on. ?In practice, of course, this cannot regress to mathematical infinity, but only to the point where every citizen is spying on every other citizen or until the funding runs out.? The point applies not just to police but to any hierarchy with secrets to hide. The other man is Julian Assange, who in 2006laid out as clear a statement of his intentions as you?ll find. ?The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie,? the WikiLeaks founder wrote. That fear will engender more secrecy, he continued, which in turn will make it harder for the institution to act. The Insider Threat Program suggests that Assange was on to something. So does another development. After the WikiLeaks cables came out, and again after the Snowden revelations, many federal workers found that they couldn?t access Web sites with news reports about the leaks. If that publicly available material found its way to an Army employee?s computer, the Monterey County Heraldreported in June, the authorities might respond with ?the wipe or destruction of the computer?s hard drive.? The information was still officially classified, you see. And so the war on leaks degenerates to a government deliberately destroying its property to keep its staffers from catching sight of publicly available information. Now there?s an enemy within. outlook at washpost.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 11:42:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 12:42:00 -0400 Subject: [Infowarrior] - White House Tried To Interfere With Washington Post's Report, And To Change Quotes From NSA Message-ID: <44810A93-6365-4B0A-A429-D330F1308BC0@infowarrior.org> White House Tried To Interfere With Washington Post's Report, And To Change Quotes From NSA http://www.techdirt.com/articles/20130816/01314924200/white-house-tried-to-interfere-with-washington-posts-report-to-change-quotes-nsa.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 11:45:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 12:45:12 -0400 Subject: [Infowarrior] - Microsoft is accidentally sending takedown requests for OpenOffice Message-ID: Microsoft is accidentally sending takedown requests for OpenOffice http://www.geek.com/microsoft/microsoft-is-accidentally-sending-takedown-requests-for-openoffice-1567361/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 14:31:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 15:31:42 -0400 Subject: [Infowarrior] - Obama upends WH intel panel Message-ID: Obama upends intel panel By: Josh Gerstein August 15, 2013 05:52 PM EDT http://dyn.politico.com/printstory.cfm?uuid=4CF7FB3A-9B6C-4399-B24B-6A7018563F43 The White House dismissed the bulk of President Barack Obama?s premier panel of outside intelligence advisers earlier this year, leaving the blue-ribbon commission largely vacant as the public furor built over the National Security Agency?s widespread tracking of Americans? telephone calls. The President?s Intelligence Advisory Board stood 14 members strong through 2012, but the White House website was recently updated to show the panel?s roster shrinking to just four people. In the past four years, the high-powered group has waded into the implications of WikiLeaks for intelligence sharing, and urged retooling of America?s spy agencies as the United States withdraws from big wars abroad. (PHOTOS: 10 famous/infamous whistleblowers) Some analysts say the panel would have been an obvious choice to dig into the profound questions and concerns contractor Edward Snowden raised by leaking details about the NSA?s bulk collection of telephone metadata and internet traffic. But the board?s thin ranks at present ? and the remaining members? close ties to Obama ? may have fueled the decision the president announced last week to turn instead to a brand new and still unnamed body of outside experts to delve into the privacy issues raised by surveillance in the ?Big Data? age. Two PIAB members confirmed to POLITICO this week that they were asked to leave the longstanding panel as part of a broader reshuffle. ?They kicked me off,? said former Rep. Lee Hamilton (D-Ind.). ?I was on it a long time under Bush and under Obama. They wanted to make some changes.? ?I don?t know anything about whether they?ve brought in new members. They thanked me and that?s about all I know,? added Hamilton, widely known for his service as vice chairman of the 9/11 Commission. The 82-year-old former congressman ? who has headed Indiana University?s Center for Congress since 2010 ? said he wasn?t upset about being booted from the PIAB, although he remains in the dark about precisely why he was shown the door. Philip Zelikow, who served as executive director of the 9/11 Commission and later as a top aide to Secretary of State Condoleezza Rice, was also asked recently to step off the PIAB. ?I?ve resigned from the Board, one of ten of the fourteen earlier members who have done so,? Zelikow said via email. ?Four of the earlier members have remained, pending a reconstitution of the Board at some point for the balance of the President?s second term. The White House website displays the current situation, pending that.? A White House spokeswoman confirmed Thursday that a group of panel members recently concluded their service. ?A number of PIAB members have recently departed their positions and in staffing the Board, we look carefully at the President?s needs and ensure that the group is comprised of individuals with the skills and expertise to meet those needs,? National Security Council spokeswoman Caitlin Hayden told POLITICO via e-mail. It?s unclear precisely when the panel was slimmed down, but members? biographies suggest the departures took place since early May. PIAB watchers and former intelligence officials said they were taken aback by the scope of the exodus from the board. ?I?m sort of surprised because I follow this very closely. ? Four people down from 14 ? I can see why this is raising your eyebrows,? said Michael Desch, head of Notre Dame?s political science department and co-author of ?Privileged and Confidential: The Secret History of the President?s Intelligence Advisory Board.? ?If this is as it appears, this is pretty remarkable,? Desch said. ?The PIAB doesn?t look fully staffed. ? This does look strange.? A couple of the recent departures from the board came because its members were tapped for full-time jobs in the administration ? moves that essentially make it impossible to remain part of a body supposed to provide outside advice. Panel co-chairman Chuck Hagel was nominated in January as defense secretary and sworn in the following month. Venture capitalist and former lobbyist Tom Wheeler joined the board in 2011, but was tapped by Obama in May 2013 to head the Federal Communications Commission. And Hagel?s co-chairman and fellow former senator, David Boren, said he asked to leave the panel early this year ?because of the demands of my work as president of the University of Oklahoma. My request to the president was made shortly after the first of the year,? Boren said in a statement responding to a query from POLITICO. Also exiting the board in recent months, according to the White House website: former Securities and Exchange Commission member Roel Campos, international lawyer and philanthropist Rita Hauser, stealth technology pioneer and former Undersecretary of Defense Paul Kaminski, Stimson Center CEO Ellen Laipson, and retired Air Force Gen. Lester Lyles. The panel itself is currently without a chairman. The current vacancies on the PIAB ? which can include up to 16 members ? remain as Obama aides have scrambled in recent days to set up the new, surveillance-and-technology ?review group? the president announced Friday. The talk of a new board to dig into intelligence issues quickly raised questions in some quarters about duplication of effort. ?There are already four boards that have jurisdiction here,? House Intelligence Committee member Adam Schiff (D-Calif.) said Tuesday on MSNBC. ?So, the question is what will the mission be here?? Schiff said he presumes the new review group will have more technology experts than some of the existing panels, but there still could be overlap. ?I think these boards are going to be tripping over each other if they?re not defined in what their scope will be,? the congressman said. The White House said the new panel has a special, single purpose. ?The PIAB is a standing body, while the Review Group that the President announced last week is being created for a specific task and is not intended to be a permanent advisory element after it has delivered its findings and recommendations,? Hayden said. ?Since they began, we have engaged with the PIAB to hear their views on the recent disclosures.? Some analysts noted that the Obama administration struggled for almost three years to find a full slate of nominees for the Privacy and Civil Liberties Oversight Board mandated by Congress in 2008. It has come up to full speed in only the past few months after confirmation in May of its chairman, David Medine. The new, ground-up effort Obama announced last week may stem in part from the fact that the current PIAB membership is unlikely to be viewed as robustly independent of the president and his advisers. Two of the intelligence board?s current four members are former senior officials in Obama?s White House: Harvard law professor Daniel Meltzer was the No. 2 lawyer in the White House Counsel?s Office during the president?s first year and a half in office, and Mona Sutphen was Obama?s deputy chief of staff for policy through the beginning of 2011. The remaining two members are former CIA Deputy Director Jami Miscik and former Navy Secretary Richard Danzig. All four did not respond to messages seeking comment for this story. Also raising questions about the intelligence board?s independence in its current formulation: The three Obama-appointed members who also served on the panel during the George W. Bush administration ? Hamilton, Hauser and Zelikow ? are all among those cast off in recent months. While the PIAB?s ranks have been dramatically depleted in recent months, the board is supposed to pick up one new member soon. After passing over Central Intelligence Agency Deputy Director Michael Morell for the top CIA job earlier this year, Obama announced in June that he planned to name Morell to the PIAB once he left government. Morell?s last day at Langley came last week and, according to the White House, he?s expected to join the board this fall. ?Other members may be added,? Hayden said Thursday. She did not say when or whether the board is expected to expand to its previous size. The PIAB, formerly known as the President?s Foreign Intelligence Advisory Board (pronounced ?PIFF-ee-ab?), dates back to the Kennedy administration. President Richard Nixon drew criticism for appointing wealthy political supporters such as Alfred Bloomingdale to the prestigious panel. Under Ford, it drew attention for a ?Team B? exercise in which conservatives on the board concluded that the intelligence community was vastly understating the Soviet threat. President Jimmy Carter had enough of those kinds of headlines and mothballed the board during his term. President Ronald Reagan carried out a downsizing of the panel in 1985 that bears some similarity to what?s happened in recent months. ?The big PFIAB flap is the famous Halloween massacre during the Reagan administration, when it went from 21 to eight,? Desch said. ?That was a huge kerfuffle.? Over the years, the panel has usually kept a low profile, but the tasks they are handed and the group?s ensuing reports have sometimes been discussed publicly. After the so-called underwear bomber attempted to blow up a U.S. airliner bound for Detroit on Christmas Day 2009, Obama tasked the PFIAB with examining some of the intelligence failures that led to the would-be bomber boarding the plane. Obama later said he had asked the panel to ?examine the longer-term challenge of sifting through vast universes of intelligence and data in our information age? ? a mandate that sounds at least related to the new working group?s focus on big data. A White House statement in 2010 on the massive leak to WikiLeaks said the PIAB would ?take an independent look at the means by which the Executive Branch as a whole shares and protects classified information.? Obama also asked the panel to assess how the Director of National Intelligence post created after the Sept. 11, 2001, terrorist attacks was working. However, the board?s most influential work under Obama may have been a recent report concluding that an intense focus on terrorism and Al Qaeda had distracted U.S. intelligence agencies from obtaining key information about political and military challenges in places like China and the Middle East. Obama unveiled his co-chairs for the PIAB, Boren and Hagel, in front of reporters and cameras in the White House?s Cabinet Room in October 2009, predicting that the two former senators would prove to be ?an invaluable resource? as the administration crafted its intelligence policies. The president also pledged more transparency about the board?s activities. ?We are off to a good start with this meeting ? by welcoming the press, which past advisory boards have rarely done. That?s a reflection of my administration?s commitment to transparency and open government ? even, when appropriate, on matters of national security and intelligence,? Obama said. That commitment to transparency has sometimes seemed to waver. In 2011, the White House ignored questions from the Los Angeles Times about the membership of the oversight subpanel, known as the IOB. The Electronic Frontier Foundation filed a Freedom of Information Act request for the membership list and heard nothing for seven months. A week after filing a lawsuit to enforce the request, the Office of the Director of National Intelligence confirmed that Boren, Hagel and Lyles were serving on the oversight subcommittee. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 14:52:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 15:52:30 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?ZMap_=B7_The_Internet_Scanner?= Message-ID: <3E4CAA5A-C936-48CE-8F6F-55F6476D0784@infowarrior.org> (c/o RF. Paper presented @ USENIX Security in DC this week. --rick) Research Paper: https://zmap.io/paper.html ZMap ? The Internet Scanner https://zmap.io/ ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet. ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet. Learn more in our research paper or check out our Getting Started Guide to start using ZMap yourself. https://zmap.io/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 16 16:51:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Aug 2013 17:51:16 -0400 Subject: [Infowarrior] - Feds target instructors of polygraph-beating methods Message-ID: <07B41A6F-E28F-4FBC-920D-D28A4EE97353@infowarrior.org> ? Posted on Friday, August 16, 2013 ? Seeing threats, feds target instructors of polygraph-beating methods Doug Williams, a former Oklahoma City police polygrapher, says he can teach people how to pass lie detector tests. Federal prosecutors and agents recently targeted him and another instructor in undercover stings aimed at cracking down on the teaching of polygraph beating methods. < - > http://www.mcclatchydc.com/2013/08/16/199590/seeing-threats-feds-target-instructors.html From rforno at infowarrior.org Sat Aug 17 16:49:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Aug 2013 17:49:23 -0400 Subject: [Infowarrior] - Lavabit owner: 'I could be arrested' for resisting surveillance order Message-ID: <2BEED728-9FB6-41F1-B26D-9112442D3BB4@infowarrior.org> Lavabit.com owner: 'I could be arrested' for resisting surveillance order By Michael Isikoff NBC News National Investigative Correspondent http://investigations.nbcnews.com/_news/2013/08/13/20008036-lavabitcom-owner-i-could-be-arrested-for-resisting-surveillance-order?lite The owner of an encrypted email service used by ex-NSA contractor Edward Snowden said he has been threatened with criminal charges for refusing to comply with a secret surveillance order to turn over information about his customers. "I could be arrested for this action," Ladar Levison told NBC News about his decision to shut down his company, Lavabit LLC, in protest over a secret court order he had received from a federal court that is overseeing the investigation into Snowden. Lavabit said he was barred by federal law from elaborating on the order or any of his communications with federal prosecutors. But a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney?s office in Alexandria, Va., sent an email to Levison's lawyer last Thursday ? the day Lavabit was shuttered -- stating that Levison may have "violated the court order," a statement that was interpreted as a possible threat to charge Levison with contempt of court. Trump, who has been a lead attorney on high-profile leak investigations targeting former CIA officers John Kiriakou and Jeffrey Sterling, did not respond to a request for comment, nor did prosecutors in the U.S. Attorney?s Office, whose prosecutors have charged Snowden with violations of the Espionage Act. "We have no comment," said Andrew Ames, a spokesman for the Justice Department. Levison, a 32-year-old entrepreneur who ran his company out of a Dallas apartment, said in a public statement last Thursday that he made "the difficult decision" to shut down Lavabit because he did not want "to become complicit in crimes against the American people." The court order that prompted the action is believed by legal observers to be a sealed subpoena or a national security letter requiring him to cooperate in surveillance related to the Snowden investigation. Recipients of such legal orders are barred from publicly comment on them. Levison said he believes this prohibition is a violation of his First Amendment rights while the underlying request violated the Fourth Amendment rights of his customers. "I'm fighting it in every way," said Levison, adding that he is challenging the government?s action in a federal appeals court. "Because the government has barred Lavabit from disclosing the nature of its demands, we still don't know what information the government is seeking, or why it's seeking it," said Ben Wizner, a national security lawyer for the ACLU. "It's hard to have a debate about the reasonableness of the government's actions ? or Lavabit's response, for that matter ? when we don't know what we're debating." Levison said he started Lavabit 10 years ago to capitalize on public concerns about the Patriot Act, offering customers a paid service ? between $8 and $16 a year ? that would encrypt their emails in ways that would make it extremely difficult, if not impossible, for law enforcement agents to decipher. He said that until he shut down, his small company was generating about $100,000 in revenue annually with about 10,000 users paying for the encryption service. One who appears to have been a customer was Snowden: When the ex-NSA contractor invited human rights groups to a press conference at the Moscow airport on July 11, his message was communicated from a Lavabit.com email address ? edsnowden at lavabit.com. Snowden himself told Glenn Greenwald of the Guardian last week that he found Levison?s decision to close rather than provide information to the government "inspiring" and asked why other larger companies such as Google "aren't fighting for our interest the same way small businesses are." Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that." But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone. Those demands apparently began about the time that Snowden surfaced as one of his customers, apparently triggering a secret legal battle between Levison and federal prosecutors. Levison said he has been "threatened with arrest multiple times over the past six weeks," but that he was making a stand on principle: "I think it's important to point out that what prompted me to shut down my service wasn't access to one person's data. It was about protecting the privacy of all my users." He has also started a legal defense fund and said he's gotten "an overwhelming response," raising more than $90,000 in the past few days. Among those now backing him is former Texas congressman and Republican presidential candidate Ron Paul, who told NBC News on Tuesday that Levison's legal battle "should be in the interests of everybody who cares about liberty." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 17 16:53:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Aug 2013 17:53:59 -0400 Subject: [Infowarrior] - Fwd: American Sun Tzu References: Message-ID: <922AE2E1-DC87-426C-B79F-8D1F33AD2653@infowarrior.org> Chuck is a longtime friend and a kindred spirit. Although somewhat off-topic for the norms of the list, his comments, and those he cites from Lind, are worth reading. --rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. > From: Chuck Spinney > Subject: American Sun Tzu > Date: August 17, 2013 12:57:30 PM EDT > > Most readers of this list should be familiar with the name, if not the ideas, of the late American strategist Col John R. Boyd (USAF ret). Boyd was my mentor and closest friend, and I am deeply indebted to him for the knowledge he so generously bestowed on me. While no short essay can capture the entirety of Boyd's thinking, attached below is an excellent introduction to what some might call John Boyd's art of war. It is written by my friend and colleague Bill Lind, a leading contributor to the Military Reform Movement in the 1980s. Of particular importance is Bill's concluding point about 'open systems.' But you need to understand Boyd's work to understand the centrality of this point in strategy and grand strategy. > > Lind's essay is very timely, given that Republicans and Democrats alike have driven America into a grand-strategic cul de sac that is weakening our position abroad, while wrecking our democracy at home. IMO, this grand-strategic trap is a self-inflicted wound and is well summarized by Lind. (Boyd's criteria for a sensible grand strategy can be found here.) Hopefully, Lind's essay will tweak your interest in Boyd's important work. > > Exiting America's grand strategic mess will not be easy because the Military - Industrial - Congressional Complex and its wholly owned subsidiaries in academia, the thinktanks, the pol-mil apparat, and the mass media have a vested interest in continuing down what has become a clearly a self-destructive evolutionary pathway. A parasitical "faction" is now exploiting the interplay of chance and necessity to benefit itself at the expense of the "whole." Boyd's ideas -- particularly those relating to his moral design for grand strategy -- offer a way to begin thinking about how to get off this pathway and return to one where the interplay of chance of necessity leads more naturally to salutary growth at home and abroad. > > If you are not familiar with Boyd and his ideas, my advice is to start with Robert Coram's superb biography, (about 100,000 sold and still in print). It is by far the best general introduction to the man and his work. Those interested in heavier lifting can dive into James Fallows', Chet Richards,' and Franz Ozinga's analyses of Boyd's strategic thought. For the truly masochistic, a complete compendium of Boyd's briefings slides can be downloaded from this link. But beware, these briefings are long, albeit highly condensed, idiosyncratic, and a bit didactical. Nevertheless, determined readers will find their study to be infinitely rewarding, because like the writing of Sun Tzu, their essence is one of ever expanding timelessness. > > Chuck Spinney > Cannes, France > > John Boyd?s Art of War > Why our greatest military theorist only made colonel. > By WILLIAM S. LIND, The American Conservative, August 16, 2013 > > http://www.theamericanconservative.com/articles/john-boyds-art-of-war/ > > Off and on for about 20 years, I had the honor of working with the greatest military theorist America ever produced, Col. John Boyd, USAF. As a junior officer, Boyd developed the energy-management tactics now used by every fighter pilot in the world. Later, he influenced the designs of the F-15 and F-16, saving the former from becoming the turkey we are now buying in the F-35 and making the latter the best fighter aircraft on the planet. His magnum opus, a 12-hour briefing titled ?Patterns of Conflict,? remains a vast mine of military wisdom, one unlikely to be exhausted in this century. > > Boyd is best known for coming up with the OODA Loop or Boyd Cycle. He posited that all conflict is composed of repeated, time-competitive cycles of observing, orienting, deciding, and acting. The most important element is orientation: whoever can orient more quickly to a rapidly changing situation acquires a decisive advantage because his slower opponent?s actions are too late and therefore irrelevant?as he desperately seeks convergence, he gets ever increasing divergence. At some point, he realizes he can do nothing that works. That usually leads him either to panic or to give up, often while still physically largely intact. > > The OODA Loop explains how and why Third Generation maneuver warfare, such as the German Blitzkrieg method, works. It describes exactly what happened to the French in 1940, when Germany defeated what was considered the strongest army on earth in six weeks with only about 27,000 German dead, trifling casualties by World War I standards. The French actually had more and better tanks than the Germans. > > It is also a partial explanation for our repeated defeats by Fourth Generation non-state entities. Our many layers of headquarters, large staffs, and centralized decision-making give us a slow OODA Loop compared to opponents whose small size and decentralized command enable a fast one. A Marine officer stationed with our counter-drug traffic effort in Bolivia told me the traffickers went through the Loop 12 times in the time it took us to go through it once. I mentioned that to Colonel Boyd, and he replied, ?Then we?re not even in the game.? > > Another of Boyd?s contributions to military theory explains more of our failure in recent conflicts. To the traditional levels of war?tactical, operational, and strategic?Boyd added three new ones: physical, mental, and moral. It is useful to think of these as forming a nine-box grid, with tactical, operational, and strategic on one axis and physical, mental, and moral on the other. Our armed forces focus on the single box defined by tactical and physical, where we are vastly superior. But non-state forces focus on the strategic and the moral, where they are often stronger, in part because they represent David confronting Goliath. In war, a higher level trumps a lower, so our repeated victories at the tactical, physical level are negated by our enemies? successes on the strategic and moral levels, and we lose. > > Boyd had a reservoir of comments he repeated regularly, one of which was, ?A lot of people in Washington talk about strategy. Most of them can spell the word, but that?s all they know of it.? The establishment?s insistence on an offensive grand strategy, where we attempt to force secular liberal democracy down the throats of every people on earth, is a major reason for our involvement and defeat in Fourth Generation conflicts. A defensive grand strategy, which is what this country followed successfully through most of its history, would permit us to fold our enemies back on themselves, something Boyd recommended. With us out of the picture, their internal fissures, such as those between Sunni and Shiites in the Islamic world, would become their focus. But as usual, Boyd was right: virtually no one in Washington can understand the advantages of a defensive grand strategy. > > Being involved in every conflict on earth is useful if the real game is boosting the Pentagon?s budget rather than serving our national interests. Here too Boyd had a favorite line. He often said, ?It is not true the Pentagon has no strategy. It has a strategy, and once you understand what that strategy is, everything the Pentagon does makes sense. The strategy is, don?t interrupt the money flow, add to it.? > > > Perhaps Boyd?s most frequently uttered warning was, ?All closed systems collapse.? Both our military and our policy-making civilian elite live in closed systems. Because Second Generation war reduces everything to putting firepower on targets, when we fail against Fourth Generation opponents, the military?s only answer is to put more firepower on more targets. Ideas about other ways of waging war are ignored because they do not fit the closed Second Generation paradigm. Meanwhile, Washington cannot consider alternatives to our current foreign policy or grand strategy because anyone who proposes one is immediately exiled from the establishment, as was Boyd himself. It says something about our current condition that the greatest military theorist we ever produced retired as a colonel. At John?s funeral in Arlington, which I attended, most of the people in uniform were junior Marine officers. His own service, the Air Force, was barely represented. > > John?s work was often elegant, but in person he was always the direct, and sometimes crude, fighter pilot. Boyd?s favorite, inelegant phrase for defeating one of his many opponents in the Pentagon was ?giving him the whole enchilada right up the poop chute.? That is what history will shortly give this country if we continue to allow closed systems to lead us. Boyd?s work, which is best summarized in Frans Osinga?s book Science, Strategy and War: The Strategic Theory of John Boyd, could put us on a different course. But learning from Boyd would require open systems in Washington. Perhaps after the establishment collapses, Boyd can help us pick up the pieces. > > William S. Lind is author of the Maneuver Warfare Handbook and director of the American Conservative Center for Public Transportation. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sun Aug 18 14:25:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Aug 2013 15:25:12 -0400 Subject: [Infowarrior] - Glenn Greenwald's partner detained at Heathrow airport for nine hours Message-ID: <6C08248C-404A-488E-A3D2-673190CD0FC2@infowarrior.org> (c/o Ferg) Glenn Greenwald's partner detained at Heathrow airport for nine hours David Miranda, partner of Guardian interviewer of whistleblower Edward Snowden, questioned under Terrorism Act ? Guardian staff ? The Guardian, Sunday 18 August 2013 14.21 EDT http://www.theguardian.com/world/2013/aug/18/glenn-greenwald-guardian-partner-detained-heathrow The partner of the Guardian journalist who has written a series of stories revealing mass surveillance programmes by the US National Security Agency was held for almost nine hours on Sunday by UK authorities as he passed through London's Heathrow airport on his way home to Rio de Janeiro. David Miranda, who lives with Glenn Greenwald, was returning from a trip to Berlin when he was stopped by officers at 8.30am and informed that he was to be questioned under schedule 7 of the Terrorism Act 2000. The controversial law, which applies only at airports, ports and border areas, allows officers to stop, search, question and detain individuals. The 28-year-old was held for nine hours, the maximum the law allows before officers must release or formally arrest the individual. According to official figures, most examinations under schedule 7 ? over 97% ? last under an hour, and only one in 2,000 people detained are kept for more than six hours. Miranda was then released without charge, but officials confiscated electronics equipment including his mobile phone, laptop, camera, memory sticks, DVDs and games consoles. Since 5 June, Greenwald has written a series of stories revealing the NSA's electronic surveillance programmes, detailed in thousands of files passed to him by whistleblower Edward Snowden. The Guardian has also published a number of stories about blanket electronic surveillance by Britain's GCHQ, also based on documents from Snowden. While in Berlin, Miranda had visited Laura Poitras, the US film-maker who has also been working on the Snowden files with Greenwald and the Guardian. "This is a profound attack on press freedoms and the news gathering process," said Greenwald. "To detain my partner for a full nine hours while denying him a lawyer, and then seize large amounts of his possessions, is clearly intended to send a message of intimidation to those of us who have been reporting on the NSA and GCHQ. The actions of the UK pose a serious threat to journalists everywhere. "But the last thing it will do is intimidate or deter us in any way from doing our job as journalists. Quite the contrary: it will only embolden us more to continue to report aggressively." A spokesperson for the Guardian said: "We were dismayed that the partner of a Guardian journalist who has been writing about the security services was detained for nearly nine hours while passing through Heathrow airport. We are urgently seeking clarification from the British authorities." A spokesperson for Scotland Yard said: "At 08:05 on Sunday 18 August 2013 a 28-year-old man was detained at Heathrow airport under schedule 7 of the Terrorism Act 2000. He was not arrested. He was subsequently released at 17:00." Schedule 7 of the Terrorism Act has been widely criticised for giving police broad powers under the guise of anti-terror legislation to stop and search individuals without prior authorisation or reasonable suspicion ? setting it apart from other police powers. Those stopped have no automatic right to legal advice and it is a criminal offense to refuse to cooperate with questioning under schedule 7, which critics say is a curtailment of the right to silence. Last month, the UK government announced it would reduce the maximum period of detention to six hours, and promised a review of the operation on schedule 7 amid concerns that it unfairly targets minority groups and gives individuals fewer legal protections than they would have if detained at a police station. From rforno at infowarrior.org Sun Aug 18 14:25:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Aug 2013 15:25:16 -0400 Subject: [Infowarrior] - Greenwald: Detaining my partner: a failed attempt at intimidation Message-ID: <57E41239-317D-4C12-B544-6EF8D6711261@infowarrior.org> Detaining my partner: a failed attempt at intimidation The detention of my partner, David Miranda, by UK authorities will have the opposite effect of the one intended ? Glenn Greenwald ? theguardian.com, Sunday 18 August 2013 14.44 EDT http://www.theguardian.com/commentisfree/2013/aug/18/david-miranda-detained-uk-nsa At 6:30 am this morning my time - 5:30 am on the East Coast of the US - I received a telephone call from someone who identified himself as a "security official at Heathrow airport." He told me that my partner, David Miranda, had been "detained" at the London airport "under Schedule 7 of the Terrorism Act of 2000." David had spent the last week in Berlin, where he stayed with Laura Poitras, the US filmmaker who has worked with me extensively on the NSA stories. A Brazilian citizen, he was returning to our home in Rio de Janeiro this morning on British Airways, flying first to London and then on to Rio. When he arrived in London this morning, he was detained. At the time the "security official" called me, David had been detained for 3 hours. The security official told me that they had the right to detain him for up to 9 hours in order to question him, at which point they could either arrest and charge him or ask a court to extend the question time. The official - who refused to give his name but would only identify himself by his number: 203654 - said David was not allowed to have a lawyer present, nor would they allow me to talk to him. I immediately contacted the Guardian, which sent lawyers to the airport, as well various Brazilian officials I know. Within the hour, several senior Brazilian officials were engaged and expressing indignation over what was being done. The Guardian has the full story here. Despite all that, five more hours went by and neither the Guardian's lawyers nor Brazilian officials, including the Ambassador to the UK in London, were able to obtain any information about David. We spent most of that time contemplating the charges he would likely face once the 9-hour period elapsed. According to a document published by the UK government about Schedule 7 of the Terrorism Act, "fewer than 3 people in every 10,000 are examined as they pass through UK borders" (David was not entering the UK but only transiting through to Rio). Moreover, "most examinations, over 97%, last under an hour." An appendix to that document states that only .06% of all people detained are kept for more than 6 hours. The stated purpose of this law, as the name suggests, is to question people about terrorism. The detention power, claims the UK government, is used "to determine whether that person is or has been involved in the commission, preparation or instigation of acts of terrorism." But they obviously had zero suspicion that David was associated with a terrorist organization or involved in any terrorist plot. Instead, they spent their time interrogating him about the NSA reporting which Laura Poitras, the Guardian and I are doing, as well the content of the electronic products he was carrying. They completely abused their own terrorism law for reasons having nothing whatsoever to do with terrorism: a potent reminder of how often governments lie when they claim that they need powers to stop "the terrorists", and how dangerous it is to vest unchecked power with political officials in its name. Worse, they kept David detained right up until the last minute: for the full 9 hours, something they very rarely do. Only at the last minute did they finally release him. We spent all day - as every hour passed - worried that he would be arrested and charged under a terrorism statute. This was obviously designed to send a message of intimidation to those of us working journalistically on reporting on the NSA and its British counterpart, the GCHQ. Before letting him go, they seized numerous possessions of his, including his laptop, his cellphone, various video game consoles, DVDs, USB sticks, and other materials. They did not say when they would return any of it, or if they would. This is obviously a rather profound escalation of their attacks on the news-gathering process and journalism. It's bad enough to prosecute and imprison sources. It's worse still to imprison journalists who report the truth. But to start detaining the family members and loved ones of journalists is simply despotic. Even the Mafia had ethical rules against targeting the family members of people they feel threatened by. But the UK puppets and their owners in the US national security state obviously are unconstrained by even those minimal scruples. If the UK and US governments believe that tactics like this are going to deter or intimidate us in any way from continuing to report aggressively on what these documents reveal, they are beyond deluded. If anything, it will have only the opposite effect: to embolden us even further. Beyond that, every time the US and UK governments show their true character to the world - when they prevent the Bolivian President's plane from flying safely home, when they threaten journalists with prosecution, when they engage in behavior like what they did today - all they do is helpfully underscore why it's so dangerous to allow them to exercise vast, unchecked spying power in the dark. David was unable to call me because his phone and laptop are now with UK authorities. So I don't yet know what they told him. But the Guardian's lawyer was able to speak with him immediately upon his release, and told me that, while a bit distressed from the ordeal, he was in very good spirits and quite defiant, and he asked the lawyer to convey that defiance to me. I already share it, as I'm certain US and UK authorities will soon see. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Aug 18 15:08:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Aug 2013 16:08:54 -0400 Subject: [Infowarrior] - =?windows-1252?q?WikiLeaks_posts_400GB_of_encrypt?= =?windows-1252?q?ed_=91insurance=92_data_online?= Message-ID: WikiLeaks posts 400 gigabytes of encrypted ?insurance? data online Published time: August 18, 2013 10:11 http://rt.com/news/wikileaks-encrypted-files-facebook-626/ WikiLeaks has released a trove of encrypted ?insurance? data on Twitter and Facebook. The data can?t be read without an encryption key, but the movement?s supporters say that could be published later in case anything happens to leading WikiLeaks figures. The whistleblowing organization published links for a massive 400 gigabytes worth of encrypted data it described as ?insurance documents? on its Twitter and Facebook accounts. It is possible to download the files but advanced encoding prevents them from being opened. WikiLeaks releases encrypted versions of upcoming publication data ("insurance") from time to time to nullify attempts at prior restraint. The group described encryption as a necessary measure in light of previous attempts to block its leaking of classified information. The practice of encoding data and then later releasing the key is not uncommon for WikiLeaks, but the sheer size of the files has attracted considerable attention. WikiLeaks followers on Facebook and Twitter speculated on what the documents might contain, and also that the key would be released if anything should happen to WikiLeaks founder Julian Assange or NSA whistleblower Edward Snowden. ?They're files that will not have the passwords released unless something happens to specific individuals associated with WikiLeaks. Like the insurance file for Assange, which is more from the cables and info Manning leaked out,? Facebook user Tom-Eric Halvorsen wrote on WikiLeaks? profile page. The organization aided Snowden in his negotiations on temporary asylum in Russia following the leaking of classified US government data that revealed the NSA?s global surveillance programs. WikiLeaks has indicated that the data disclosed so far is only the tip of the iceberg, and that more revelations will follow. However, there could be problems ahead for Snowden if more leaks are released, as the Russian government says that as a part of the temporary asylum agreement, Snowden should refrain from releasing data that ?damages? the US. The whistleblower applied for asylum in Russia after the US voided his passport, leaving him stranded in Moscow?s Sheremetyevo Airport for over a month. Washington has branded the former NSA contractor a fugitive and issued an extradition order against him on charges of espionage. In the wake of the revelations about the US government?s global spying programs, the Obama administration has sought to justify mass surveillance as a necessary evil to protect national security. Even so, President Barack Obama has announced a number of reforms to the NSA to increase its transparency and regulate the information collected by the government. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 19 06:39:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Aug 2013 07:39:30 -0400 Subject: [Infowarrior] - Al Jazeera America Promises a More Sober Look at the News Message-ID: <8115EF77-977D-4762-ADF4-DC072BC6BD0A@infowarrior.org> Al Jazeera America Promises a More Sober Look at the News By BRIAN STELTER Published: August 18, 2013 http://www.nytimes.com/2013/08/19/business/media/al-jazeera-america-promises-a-more-sober-look-at-the-news.html?pagewanted=all It sounds like something a journalism professor would imagine. In actuality, it is Al Jazeera America, the culmination of a long-held dream among the leaders of Qatar, the Middle Eastern emirate that already reaches most of the rest of the world with its Arabic- and English-language news channels. The new channel, created specifically for consumers in the United States, will join cable and satellite lineups on Tuesday afternoon. Al Jazeera America is the most ambitious American television news venture since Rupert Murdoch and Roger Ailes started the Fox News Channel in 1996. It faces some of the same obstacles that Fox eventually glided over ? including blanket skepticism about whether distributors, advertisers and viewers will give it a chance. But that is where the parallels to other channels end, because Al Jazeera America is going against the grain of seemingly every trend in television news. ?Viewers will see a news channel unlike the others, as our programming proves Al Jazeera America will air fact-based, unbiased and in-depth news,? said Ehab Al Shihabi, the channel?s acting chief executive, on a news conference call last week. He was explicit about what will be different, saying, ?There will be less opinion, less yelling and fewer celebrity sightings.? Mr. Al Shihabi and other Al Jazeera representatives say proprietary research supports their assertions that American viewers want a PBS-like news channel 24 hours a day. Originally the new channel was going to have an international bent; now its overseers emphasize how much American news it will cover and how many domestic bureaus it will have, which some see as an effort to appease skeptics. Would-be competitors at big broadcast news divisions like NBC and established cable news channels like CNN have mostly shrugged at the start-up. A senior television news executive predicted that Al Jazeera America would, at the outset, receive even lower ratings than the channel it is replacing, Current TV. Last month the lame-duck Current had about 24,000 viewers in prime time, according to Nielsen data; Fox News had 1.3 million. Al Jazeera acquired Current TV for $500 million in January to start an American channel, after trying unsuccessfully for years to win cable and satellite carriage for its English-language international news channel. But with carriage comes concessions. Since distributors discourage their partners from giving programming away on the Internet, Al Jazeera will have to block American users from the live streams of its programming that tend to be popular in periods of tumult overseas. Al Jazeera will start in about 48 million of the country?s roughly 100 million homes that subscribe to television. It is in talks with Time Warner Cable, which publicly dropped Current TV upon Al Jazeera?s acquisition. Meanwhile, one of Al Jazeera?s overseas rivals, the British Broadcasting Corporation, continues to press for wider carriage of BBC World News in America. What is unique about Al Jazeera ? its seemingly limitless financing from an oil- and gas-rich government ? may be its biggest advantage and its most-remarked-upon weakness. With a staff of 900, including 400 newsroom employees, it is one of the most significant investments in television journalism in modern times. Paul Eedle, an Al Jazeera English executive who is helping to start the channel, would not comment on the total budget, but said hundreds of millions of dollars were being spent. ?We?re here because we think our journalistic mission has something to offer America,? he said. Many contend Qatar?s geopolitical aims are a motivator, too. The Al Jazeera name still arouses deep suspicion in some Americans, mostly because of the period immediately after the Sept. 11, 2001, terrorist attacks, when Al Jazeera broadcast messages from Osama bin Laden and was demonized by Bush administration officials as anti-American. Al Jazeera America officials rebut questions about whether its brand name will hurt its chances on cable by invoking other foreign brands, like Honda, that are now viewed favorably in the United States. For now, some big sponsors appear to be skittish; Al Jazeera declined to name any major advertisers. It has cast its lower commercial load ? about six minutes an hour, compared with more than 15 minutes an hour on another news channels ? as a perk for viewers. ?Not cluttering the news with commercials,? Mr. Al Shihabi said after a studio tour in New York on Thursday. He was swarmed by reporters, evincing widespread interest ? at least among journalists ? in the premiere of the channel. ?I am reminded of three other news organization launches in the U.S. that were transformative,? Bob Meyers, president of the National Press Foundation, wrote in a blog post last week. ?One was the launch of CNN on June 1, 1980; the second was the launch of Bloomberg News in 1990; and the third was the launch of Politico in 2007.? He suggested that Al Jazeera America was in the same category, saying, ?Could be fun, and even beneficial, to watch.? On Tuesday, the anchors will look vaguely familiar: most have histories at one or more of the major American television networks. Some of them, like John Seigenthaler, had left the business and said they thought they would not take another job in television, until Al Jazeera came along. ?They said: ?We want to do real news. We want to give it context and perspective and make it balanced and in-depth.? I thought, ?Gee, this is a dream come true,? ? he said. Mr. Seigenthaler (the anchor of the weekend editions of ?NBC Nightly News? until 2007) will kick off prime time at 8 p.m. with a straightforward newscast. ?America Tonight,? a newsmagazine, will follow at 9 p.m. It will be hosted by Joie Chen (a CBS News correspondent until 2008), and has been billed as Al Jazeera?s flagship program. Antonio Mora (a former ?Good Morning America? news anchor who spent the last 10 years at local stations) will take over at 10 p.m. with a talk show called ?Consider This.? Al Jazeera?s approach ? more time for more serious journalism ? is an implicit criticism of the other options for news on television. Mr. Mora said he had sensed far less commercial pressure at Al Jazeera than at local stations where he had worked. ?There?s a sense here of the news being a public trust,? he said. None of the anchors said they had felt any slant in coverage plans, pro-Qatar or otherwise, despite accounts from some former Al Jazeera English employees of interference from above. In interviews, the anchors made offhand remarks that it is hard to imagine counterparts at other networks making. For instance, Ms. Chen asked: ?How big does our audience need to be? I don?t know. Nobody talks about that here.? She was scheduled to be in South Dakota over the weekend, filing stories from an Indian reservation. ?That?s not even a pitch I would have made in my old newsroom,? she said, because of budget limitations. ?Here, we never have any debate about resources,? she said. ?It?s like this: ?Is that a good story?? ?Yes, it?s a good story.? ?Then go tell it.? ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 19 06:47:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Aug 2013 07:47:17 -0400 Subject: [Infowarrior] - NFL 'security' measures Message-ID: <0AA74DF0-BEA6-4709-B3BA-F14073091908@infowarrior.org> QOTD: "Our fans deserve to be in a safe and secure environment" ... which means of course that every week they can buy a new seat cushion since they can't bring them into the stadium anymore. Security? of what? League profits? At what point does providing "security" become self-defeating and annoyed olks give up going to games in person? http://www.wtop.com/357/3357383/NFL-to-limit-bags-brought-into-stadiums NFL to limit bags brought into stadiums Monday - 8/19/2013, 7:00am ET BARRY WILNER AP Pro Football Writer FLORHAM PARK, N.J. (AP) -- Bring yourself to the game. Leave the cooler and backpack at home. The NFL is tightening stadium security starting this preseason, limiting the size and type of bags fans can bring to the game. The restrictions are designed to enhance security while speeding up entry into stadiums. With the exception of medically necessary items, only clear plastic, vinyl or PVC bags no larger than 12 inches by 6 inches by 12 inches will be allowed. One-gallon clear plastic freezer bags also will be OK, as will small clear plastic bags approximately the size of someone's hand, with or without a handle or strap. One of those clear bags and a small clutch bag will be allowed per person. Binoculars, cameras, and smartphones also will be permitted. Banned items will include purses larger than a clutch bag; coolers; briefcases; backpacks; fanny packs; cinch bags; seat cushions; luggage; computer bags; and camera bags or any bag larger than the permissible size. The league is encouraging fans not to bring any bags to games. "Our fans deserve to be in a safe and secure environment," Jeffrey Miller, the NFL's chief security officer, said Thursday. "Public safety is our top priority. This will make the job of checking items much more efficient and effective. We will be able to deliver a better and quicker experience at the gates and also provide a safer environment. We appreciate our fans' cooperation." An NFL committee on stadium security recommended these measures in May and the owners have approved them. A secondary buffer area well outside the stadium will be established where security personnel will check for prohibited items or bags being carried toward the ballpark. Fans with prohibited bags will be turned away until they dispose of those bags. Stadium personnel are being encouraged to have approved bags on hand to give to fans, or to have a place outside the restricted areas to check items, so that fans can reclaim after games. Recently, the NFL has done pat downs and bag checks and also used metal detectors to upgrade security. The new policy announced Thursday has worked well at colleges such as Penn State, Michigan and Michigan State, which do not permit any bags in their stadiums. Boston's TD Garden allows only clutch bags. The NFL ramped up security at the draft in late April, its one major event since the Boston Marathon bombings. In a statement Thursday, the league said: "We had been discussing a new approach to bag restrictions before the Boston Marathon incident. We have come up with a way to do it that will actually make access more convenient for fans than it has been. We think the fans will embrace and appreciate it." Stadium workers and media will continue to enter NFL stadiums through designated gates where they will be subject to screening and bag inspections. ___ Online: http://pro32.ap.org and http://twitter.com/AP_NFL --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 19 15:03:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Aug 2013 16:03:09 -0400 Subject: [Infowarrior] - =?windows-1252?q?U=2ES=2E_had_advance_notice_of_B?= =?windows-1252?q?ritain=92s_plan_to_detain_reporter_Glenn_Greenwald=92s_p?= =?windows-1252?q?artner?= Message-ID: <3408A546-C5CE-4CED-A8D3-40E5C0D67BFD@infowarrior.org> U.S. had advance notice of Britain?s plan to detain reporter Glenn Greenwald?s partner By Philip Rucker and Karla Adam, http://www.washingtonpost.com/world/europe/uk-police-urged-to-explain-detention-of-reporter-glenn-greewalds-partner/2013/08/19/f2a3159c-08d9-11e3-89fe-abb4a5067014_print.html LONDON? British authorities gave U.S. officials advance notice that they planned to detain the Brazilian partner of journalist Glenn Greenwald, who worked with leaker Edward Snowden to expose details of the National Security Agency?s surveillance programs. The White House received a ?heads up? that London police would detain David Miranda on Sunday at Heathrow Airport, White House spokesman Josh Earnest told reporters Monday. He added that the U.S. government did not request Miranda?s detention, calling it ?a law enforcement action? taken by the British government. ?This was a decision that was made by the British government without the involvement and not at the request of the United States government,? Earnest said. ?It?s as simple as that.? Pressed repeatedly on the matter, Earnest would not condemn the nine-hour detention of Miranda, nor did he say whether British authorities shared with the United States any intelligence they might have extracted from him. ?I don?t have a way to characterize for you any of the conversations between the British government and the U.S. government on this matter, other than to say that this is a decision that they made on their own and not at the request of the United States,? Earnest said. ?In terms of, you know, the kinds of classified, confidential conversations that are ongoing between the U.S. and our allies in Britain, I?m not able to characterize that for you.? < - > A defiant Greenwald said any attempt to intimidate journalists would ultimately backfire. ?If the U.K. and U.S. governments believe that tactics like this are going to deter or intimidate us in any way from continuing to report aggressively on what these documents reveal, they are beyond deluded,? Greenwald said. ?If anything, it will have only the opposite effect: to embolden us even further.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 19 17:48:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Aug 2013 18:48:27 -0400 Subject: [Infowarrior] - Undownloading: Further Proof Those eBooks You Paid For Really Aren't Yours Message-ID: Undownloading: Further Proof Those eBooks You Paid For Really Aren't Yours http://www.techdirt.com/articles/20130819/05521324229/undownloading-further-proof-those-ebooks-you-paid-really-arent-yours.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 19 17:50:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Aug 2013 18:50:47 -0400 Subject: [Infowarrior] - Miranda, Schedule 7 and the danger that all reporters now face Message-ID: <7BBADD19-ED00-4068-B0E3-7268EABA18D5@infowarrior.org> David Miranda, schedule 7 and the danger that all reporters now face As the events in a Heathrow transit lounge ? and the Guardian offices ? have shown, the threat to journalism is real and growing ? Alan Rusbridger ? The Guardian, Monday 19 August 2013 17.30 EDT http://www.theguardian.com/commentisfree/2013/aug/19/david-miranda-schedule7-danger-reporters In a private viewing cinema in Soho last week I caught myself letting fly with a four-letter expletive at Bill Keller, the former executive editor of the New York Times. It was a confusing moment. The man who was pretending to be me ? thanking Keller for "not giving a shit" ? used to be Malcolm Tucker, a foul-mouthed Scottish spin doctor who will soon be a 1,000-year-old time lord. And Keller will correct me, but I don't remember ever swearing at him. I do remember saying something to the effect of "we have the thumb drive, you have the first amendment". The fictional moment occurs at the beginning of the DreamWorks film about WikiLeaks, The Fifth Estate, due for release next month. Peter Capaldi is, I can report, a very plausible Guardian editor. This real-life exchange with Keller happened just after we took possession of the first tranche of WikiLeaks documents in 2010. I strongly suspected that our ability to research and publish anything to do with this trove of secret material would be severely constrained in the UK. America, for all its own problems with media laws and whistleblowers, at least has press freedom enshrined in a written constitution. It is also, I hope, unthinkable that any US government would attempt prior restraint against a news organisation planning to publish material that informed an important public debate, however troublesome or embarrassing. On Sunday morning David Miranda, the partner of Guardian columnist Glenn Greenwald, was detained as he was passing through Heathrow airport on his way back to Rio de Janeiro, where the couple live. Greenwald is the reporter who has broken most of the stories about state surveillance based on the leaks from the former NSA contractor Edward Snowden. Greenwald's work has undoubtedly been troublesome and embarrassing for western governments. But, as the debate in America and Europe has shown, there is considerable public interest in what his stories have revealed about the right balance between security, civil liberties, freedom of speech and privacy. He has raised acutely disturbing questions about the oversight of intelligence; about the use of closed courts; about the cosy and secret relationship between government and vast corporations; and about the extent to which millions of citizens now routinely have their communications intercepted, collected, analysed and stored. In this work he is regularly helped by David Miranda. Miranda is not a journalist, but he still plays a valuable role in helping his partner do his journalistic work. Greenwald has his plate full reading and analysing the Snowden material, writing, and handling media and social media requests from around the world. He can certainly use this back-up. That work is immensely complicated by the certainty that it would be highly unadvisable for Greenwald (or any other journalist) to regard any electronic means of communication as safe. The Guardian's work on the Snowden story has involved many individuals taking a huge number of flights in order to have face-to-face meetings. Not good for the environment, but increasingly the only way to operate. Soon we will be back to pen and paper. Miranda was held for nine hours under schedule 7 of the UK's terror laws, which give enormous discretion to stop, search and question people who have no connection with "terror", as ordinarily understood. Suspects have no right to legal representation and may have their property confiscated for up to seven days. Under this measure ? uniquely crafted for ports and airport transit areas ? there are none of the checks and balances that apply once someone is in Britain proper. There is no need to arrest or charge anyone and there is no protection for journalists or their material. A transit lounge in Heathrow is a dangerous place to be. Miranda's professional status ? much hand-wringing about whether or not he's a proper "journalist ? is largely irrelevant in these circumstances. Increasingly, the question about who deserves protection should be less "is this a journalist?" than "is the publication of this material in the public interest?" The detention of Miranda has rightly caused international dismay because it feeds into a perception that the US and UK governments ? while claiming to welcome the debate around state surveillance started by Snowden ? are also intent on stemming the tide of leaks and on pursuing the whistleblower with a vengeance. That perception is right. Here follows a little background on the considerable obstacles being placed in the way of informing the public about what the intelligence agencies, governments and corporations are up to. A little over two months ago I was contacted by a very senior government official claiming to represent the views of the prime minister. There followed two meetings in which he demanded the return or destruction of all the material we were working on. The tone was steely, if cordial, but there was an implicit threat that others within government and Whitehall favoured a far more draconian approach. The mood toughened just over a month ago, when I received a phone call from the centre of government telling me: "You've had your fun. Now we want the stuff back." There followed further meetings with shadowy Whitehall figures. The demand was the same: hand the Snowden material back or destroy it. I explained that we could not research and report on this subject if we complied with this request. The man from Whitehall looked mystified. "You've had your debate. There's no need to write any more." During one of these meetings I asked directly whether the government would move to close down the Guardian's reporting through a legal route ? by going to court to force the surrender of the material on which we were working. The official confirmed that, in the absence of handover or destruction, this was indeed the government's intention. Prior restraint, near impossible in the US, was now explicitly and imminently on the table in the UK. But my experience over WikiLeaks ? the thumb drive and the first amendment ? had already prepared me for this moment. I explained to the man from Whitehall about the nature of international collaborations and the way in which, these days, media organisations could take advantage of the most permissive legal environments. Bluntly, we did not have to do our reporting from London. Already most of the NSA stories were being reported and edited out of New York. And had it occurred to him that Greenwald lived in Brazil? The man was unmoved. And so one of the more bizarre moments in the Guardian's long history occurred ? with two GCHQ security experts overseeing the destruction of hard drives in the Guardian's basement just to make sure there was nothing in the mangled bits of metal which could possibly be of any interest to passing Chinese agents. "We can call off the black helicopters," joked one as we swept up the remains of a MacBook Pro. Whitehall was satisfied, but it felt like a peculiarly pointless piece of symbolism that understood nothing about the digital age. We will continue to do patient, painstaking reporting on the Snowden documents, we just won't do it in London. The seizure of Miranda's laptop, phones, hard drives and camera will similarly have no effect on Greenwald's work. The state that is building such a formidable apparatus of surveillance will do its best to prevent journalists from reporting on it. Most journalists can see that. But I wonder how many have truly understood the absolute threat to journalism implicit in the idea of total surveillance, when or if it comes ? and, increasingly, it looks like "when". We are not there yet, but it may not be long before it will be impossible for journalists to have confidential sources. Most reporting ? indeed, most human life in 2013 ? leaves too much of a digital fingerprint. Those colleagues who denigrate Snowden or say reporters should trust the state to know best (many of them in the UK, oddly, on the right) may one day have a cruel awakening. One day it will be their reporting, their cause, under attack. But at least reporters now know to stay away from Heathrow transit lounges. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 19 18:18:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Aug 2013 19:18:05 -0400 Subject: [Infowarrior] - WH asks SCOTUS to allow warrantless cellphone searches Message-ID: <89C913E0-79F8-4A73-878A-66E6E9F909E0@infowarrior.org> Obama administration asks Supreme Court to allow warrantless cellphone searches By Timothy B. Lee, Updated: August 19, 2013 http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/19/obama-administration-asks-supreme-court-to-allow-warrantless-cellphone-searches/?print=1 If the police arrest you, do they need a warrant to rifle through your cellphone? Courts have been split on the question. Last week the Obama administration asked the Supreme Court to resolve the issue and rule that the Fourth Amendment allows warrantless cellphone searches. In 2007, the police arrested a Massachusetts man who appeared to be selling crack cocaine from his car. The cops seized his cellphone and noticed that it was receiving calls from ?My House.? They opened the phone to determine the number for ?My House.? That led them to the man?s home, where the police found drugs, cash and guns. The defendant was convicted, but on appeal he argued that accessing the information on his cellphone without a warrant violated his Fourth Amendment rights. Earlier this year, the First Circuit Court of Appeals accepted the man?s argument, ruling that the police should have gotten a warrant before accessing any information on the man?s phone. The Obama Administration disagrees. In a petition filed earlier this month asking the Supreme Court to hear the case, the government argues that the First Circuit?s ruling conflicts with the rulings of several other appeals courts, as well as with earlier Supreme Court cases. Those earlier cases have given the police broad discretion to search possessions on the person of an arrested suspect, including notebooks, calendars and pagers. The government contends that a cellphone is no different than any other object a suspect might be carrying. But as the storage capacity of cellphones rises, that position could become harder to defend. Our smart phones increasingly contain everything about our digital lives: our e-mails, text messages, photographs, browser histories and more. It would be troubling if the police had the power to get all that information with no warrant merely by arresting a suspect. On the other hand, the Massachusetts case involves a primitive flip-phone, which could make this a bad test case. The specific phone involved in this 2007 incident likely didn?t have the wealth of information we store on more modern cellphones. It?s arguably more analogous to the address books and pagers the courts have already said the police can search. So, as Orin Kerr points out, if the Supreme Court ruled on the case, it would be making a decision based on ?facts that are atypical now and are getting more outdated every passing month.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 20 07:19:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Aug 2013 08:19:55 -0400 Subject: [Infowarrior] - Time for Answers from the NSA Message-ID: <3B6106F8-E9C4-4C3D-8662-F4F2C543DE01@infowarrior.org> (These clowns who still casually dismiss folks complaining about online privacy as people "in pajamas" or "people who haven't spoken to the opposite sex in years" are so far out of touch from reality it's not even funny. --rick) Time for Answers from the NSA After a report of 2,776 privacy violations, even NSA defenders are getting fed up. By John Fund http://www.nationalreview.com/article/356098/time-answers-nsa-john-fund --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 20 07:29:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Aug 2013 08:29:32 -0400 Subject: [Infowarrior] - Groklaw shuts down over surveillance concerns Message-ID: <0BBA6201-5979-4D52-9FE5-B78569D41FDB@infowarrior.org> Surveillance concerns bring an end to crusading site Groklaw A legally informed Web site critical of lawsuits from the SCO Group, Apple, Oracle, and patent trolls shuts down because its founder says e-mail can't be protected from government scrutiny. by Stephen Shankland August 20, 2013 4:11 AM PDT http://news.cnet.com/8301-13578_3-57599288-38/surveillance-concerns-bring-an-end-to-crusading-site-groklaw/ Citing concerns about privacy and government surveillance, Pamela Jones is shutting down her site Groklaw, which for years took on what she and vocal fans saw as wrongheaded legal action in the tech domain. "There is now no shield from forced exposure," Jones said in final blog post Tuesday. Groklaw depended on collaboration over e-mail, "and there is now no private way, evidently, to collaborate." Jones, a paralegal, started her site a decade ago taking on the SCO Group's legal attack on IBM and others involving Linux and Unix intellectual property. She rebutted the company's position, detailed the arcana of the lawsuit proceedings, and shared legal filings on which the case rested. Volunteers attended some hearings in person, and collaborative efforts found just any hole that could be poked in SCO's case. The site archives show hundreds of posts since its start in May 2003. As SCO's case fizzled, Groklaw directed its righteous indignation toward other legal cases, including the storm of patent infringement cases in the tech world, digital rights management, open-source licensing, and Psystar's Mac clones. Jones herself is withdrawing from the electronic world, too. "My personal decision is to get off of the Internet to the degree it's possible. I'm just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can't stay online personally without losing my humanness, now that I know that ensuring privacy online is impossible. I find myself unable to write," she said. "Oddly, if everyone did that, leap off the Internet, the world's economy would collapse, I suppose. I can't really hope for that. But for me, the Internet is over." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 20 08:40:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Aug 2013 09:40:06 -0400 Subject: [Infowarrior] - Are IP proxies illegal now? Message-ID: <049AABC7-13CE-4125-A190-1CEBABC366E6@infowarrior.org> Changing IP address to access public website ruled violation of US law CFAA forbids easy method of evading IP blocking used by 3taps (and Aaron Swartz). http://arstechnica.com/tech-policy/2013/08/changing-ip-address-to-access-public-website-ruled-violation-of-us-law/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 20 14:46:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Aug 2013 15:46:21 -0400 Subject: [Infowarrior] - Stuxnet Leaks Came From Administration Itself Message-ID: Stuxnet Leaks Came From Administration Itself http://www.techdirt.com/articles/20130820/10152624254/stuxnet-leaks-came-administration-itself.shtml It was pointed out towards the end of June that the Justice Department was investigating the "leaks" that led to David E. Sanger's book on the Stuxnet virus, along with a widely-read New York Times article that preceded it. At that time, indications were given that the target of the investigations was the former second-highest ranking member of the military, General James Cartwright. Mike pointed out then that it would be interesting to see how Cartwright was treated for his leaks as compared to Bradley Manning. It looks like there will be plenty of "interesting" comparisons to be made in the near future, as a Washington Times article by Rowan Scarborough has discovered (with the help of documents acquired by Freedom Watch) that the trail of Stuxnet leaks leads directly back to the White House itself. < - > The evidence released so far paints a pretty damning portrait of an administration prone to convenient transparency. Whistleblowing and leaks are fine as long as the administration approves of the message. What will be telling is how these leakers are punished for coughing up classified information directly related to national security. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 20 20:34:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Aug 2013 21:34:36 -0400 Subject: [Infowarrior] - Luca Parmitano's orbital scare Message-ID: <02B727D7-BC41-4F9E-A985-EC0209C46E73@infowarrior.org> EVA 23: exploring the frontier Posted on August 20, 2013 by raffaella http://blogs.esa.int/luca-parmitano/2013/08/20/eva-23-exploring-the-frontier/ < - > At this exact moment, just as I?m thinking about how to uncoil the cable neatly (it is moving around like a thing possessed in the weightlessness), I ?feel? that something is wrong. The unexpected sensation of water at the back of my neck surprises me ? and I?m in a place where I?d rather not be surprised. I move my head from side to side, confirming my first impression, and with superhuman effort I force myself to inform Houston of what I can feel, knowing that it could signal the end of this EVA. On the ground, Shane confirms they have received my message and he asks me to await instructions. Chris, who has just finished, is still nearby and he moves towards me to see if he can see anything and identify the source of the water in my helmet. At first, we?re both convinced that it must be drinking water from my flask that has leaked out through the straw, or else it?s sweat. But I think the liquid is too cold to be sweat, and more importantly, I can feel it increasing. I can?t see any liquid coming out of the drinking water valve either. When I inform Chris and Shane of this, we immediately receive the order to ?terminate? the sortie. The other possibility, to ?abort?, is used for more serious problems. I?m instructed to go back to the airlock. Together we decide that Chris should secure all the elements that are outside before he retraces his steps to the airlock, i.e. he will first move to the front of the Station. And so we separate. As I move back along my route towards the airlock, I become more and more certain that the water is increasing. I feel it covering the sponge on my earphones and I wonder whether I?ll lose audio contact. The water has also almost completely covered the front of my visor, sticking to it and obscuring my vision. I realise that to get over one of the antennae on my route I will have to move my body into a vertical position, also in order for my safety cable to rewind normally. At that moment, as I turn ?upside-down?, two things happen: the Sun sets, and my ability to see ? already compromised by the water ? completely vanishes, making my eyes useless; but worse than that, the water covers my nose ? a really awful sensation that I make worse by my vain attempts to move the water by shaking my head. By now, the upper part of the helmet is full of water and I can?t even be sure that the next time I breathe I will fill my lungs with air and not liquid. To make matters worse, I realise that I can?t even understand which direction I should head in to get back to the airlock. I can?t see more than a few centimetres in front of me, not even enough to make out the handles we use to move around the Station. I try to contact Chris and Shane: I listen as they talk to each other, but their voices are very faint now: I can hardly hear them and they can?t hear me. I?m alone. I frantically think of a plan. It?s vital that I get inside as quickly as possible. I know that if I stay where I am, Chris will come and get me, but how much time do I have? It?s impossible to know. Then I remember my safety cable. Its cable recoil mechanism has a force of around 3lb that will ?pull? me towards the left. It?s not much, but it?s the best idea I have: to follow the cable to the airlock. I force myself to stay calm and, patiently locating the handles by touch, I start to move, all the while thinking about how to eliminate the water if it were to reach my mouth. The only idea I can think of is to open the safety valve by my left ear: if I create controlled depressurisation, I should manage to let out some of the water, at least until it freezes through sublimation, which would stop the flow. But making a ?hole? in my spacesuit really would be a last resort. I move for what seems like an eternity (but I know it?s just a few minutes). Finally, with a huge sense of relief, I peer through the curtain of water before my eyes and make out the thermal cover of the airlock: just a little further, and I?ll be safe. One of the last instructions I received was to go back inside immediately, without waiting for Chris. According to protocol, I should have entered the airlock last, because I was first to leave. But neither Chris nor I have any problem in changing the order in which we re-enter. Moving with my eyes closed, I manage to get inside and position myself to wait for Chris? return. I sense movement behind me; Chris enters the airlock and judging from the vibrations, I know that he?s closing the hatch. At that moment, communication passes to Karen and for some reason, I?m able to hear her fairly well. But I realise that she can?t hear me because she repeats my instructions even though I?ve already replied. I follow Karen?s instructions as best I can, but when repressurization begins I lose all audio. The water is now inside my ears and I?m completely cut off. I try to move as little as possible to avoid moving the water inside my helmet. I keep giving information on my health, saying that I?m ok and that repressurization can continue. Now that we are repressurizing, I know that if the water does overwhelm me I can always open the helmet. I?ll probably lose consciousness, but in any case that would be better than drowning inside the helmet. At one point, Chris squeezes my glove with his and I give him the universal ?ok? sign with mine. The last time he heard me speak was before entering the airlock! The minutes of repressurization crawl by and finally, with an unexpected wave of relief, I see the internal door open and the whole team assembled there ready to help. They pull me out and as quickly as possible, Karen unfastens my helmet and carefully lifts it over my head. Fyodor and Pavel immediately pass me a towel and I thank them without hearing their words because my ears and nose will still be full of water for a few minutes more. Space is a harsh, inhospitable frontier and we are explorers, not colonisers. The skills of our engineers and the technology surrounding us make things appear simple when they are not, and perhaps we forget this sometimes. Better not to forget. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 08:00:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 09:00:50 -0400 Subject: [Infowarrior] - Comcast asserts (c) over its court filing Message-ID: <3C6BAA51-6D50-4FBA-ABF2-DC0C91F54D9C@infowarrior.org> Comcast asserts copyright over its court filing, is attempting to shut down news site that reproduced it Cory Doctorow at 4:32 am Wed, Aug 21, 2013 In an article published last week, TorrentFreak reproduced Comcast's response to a subpoena regarding the copyright troll Prenda Law. Since then, Comcast's agents Cyveillance have sent a series of escalating legal threats to TorrentFreak and its hosting provider, LeaseWeb, asserting copyright over a document that is not copyrightable, and whose reproduction would be Fair Use in any event. TorrentFreak's hosting provider has given them 24 hours to resolve the issue or face shutdown. http://boingboing.net/2013/08/21/comcast-asserts-copyright-over.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 08:02:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 09:02:53 -0400 Subject: [Infowarrior] - =?windows-1252?q?Russia=92s_FSB_mulls_ban_on_=91T?= =?windows-1252?q?or=92_online_anonymity_network?= Message-ID: Russia?s FSB mulls ban on ?Tor? online anonymity network Published time: August 16, 2013 10:50 http://rt.com/politics/russia-tor-anonymizer-ban-571/ The head of the Federal Security Service (FSB) has personally ordered preparations for laws that would block the Tor anonymity network from the entire Russian sector of the Internet, a Russian newspaper reported. FSB director Aleksandr Bortnikov announced the initiative at a recent session of the National Anti-Terrorism Committee, saying that his agency would develop the legislative drafts together with other Russian law enforcement and security bodies, the widely circulated daily Izvestia reported. The news was disclosed after the Russian civil movement ?Head Hunters? wrote a letter to the FSB with a request to block Tor, as it is one of the favorite software tools for distributors and users of child pornography. The FSB replied that the request was directed to the wrong body, as crimes against public health and morals fall under the Interior Ministry?s jurisdiction. The agency, however, informed the activists about possible future changes to the legal code. The FSB official said that the agency initiated the move as internet anonymizers were used by weapon traffickers, drug dealers and credit card fraudsters, giving the FSB an obvious interest in limiting the use of such software. At the same time, an unnamed source told the newspaper that not all Russian security specialists welcomed the idea, as various criminals often overestimated the protection provided by the Undernet, acted recklessly and allowed themselves to get caught. The blocking would require the development of some new methods of search and control in new anonymity networks that would appear soon after the Russian audience loses access to existing ones, the source noted. The head of the Head Hunters group, Sergey Zhuk, also said that in his opinion, total blocking was not a very good idea and that he personally would prefer the networks? owners be compelled to cooperate. At the same time, the activist said that the fact that Tor contains the largest child porn archives on the planet was a sufficient condition for demanding it be blocked. He added that if Tor is eventually outlawed in Russia this would not be the fault of the country?s legislators, politicians or activists, but solely the fault of stubborn owners of Tor. The director of the Safe Internet League ? a voluntary censorship group that unites several Russian ISPs ? told reporters that his organization supported the idea to outlaw Tor, but added that this should be done after all pedophiles, perverts, drug dealers ?and other creeps? are disclosed, caught and jailed. Lower House MP Ilya Kostunov noted that the problem was important but doubted that it was technically executable. ?As far as I know, it is impossible to block Tor,? Kostunov said. ?The network re-tunes quickly, switches to different hubs and starts working again.? The Tor Project administration also said that the blocking of the system was extremely difficult, adding that even Tor?s own specialists could not control the information flowing through their servers or identify users. Russian law enforcers are not the only specialists concerned by Tor?s popularity and the seedy segment of its users. Earlier this month security experts worldwide accused the FBI and NSA of exploiting a flaw in the Firefox browser to identify and potentially monitor Tor subscribers. The move led to the arrest of the alleged founder of the company Freedom Hosting, Eric Eoin Marques, over charges of facilitating child porn. The arrest apparently led to the shutdown of thousands of Undernet sites that comprised a large part of Tor?s total content. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 11:41:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 12:41:54 -0400 Subject: [Infowarrior] - Manning sentenced to 35 years Message-ID: <7D3572D4-8592-47D0-98D1-256FA53E55EE@infowarrior.org> Bradley Manning sentenced to 35 years in prison Wikileaking private could be freed in ten years By Brid-Aine Parnell, 21st August 2013 < - > http://www.theregister.co.uk/2013/08/21/manning_35_years_jail_wikileaks_assange/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 11:44:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 12:44:11 -0400 Subject: [Infowarrior] - NSA Program Found Unconstitutional Went On For 3 Years; Started Right After Telcos Got Immunity Message-ID: <74F4776F-7AA4-447F-9A22-C95A8C2DC8DE@infowarrior.org> NSA Program Found Unconstitutional Went On For 3 Years; Started Right After Telcos Got Immunity from the law-breaking?-what-law-breaking? dept http://www.techdirt.com/articles/20130821/01021524265/nsa-program-found-unconstitutional-went-3-years-started-right-after-telcos-got-immunity.shtml A further delve into the latest NSA surveillance bombshell from the WSJ highlights the ridiculousness of the claims that there were "no violations" by the NSA over the years. We've been aware for a while that the FISC ruled a certain NSA program unconstitutional, but the details had been kept secret. It only came out that something was found unconstitutional a year ago, through the efforts of Senator Ron Wyden. Since then, people have been digging for more. The DOJ finally has agreed to release a redacted version of the FISC ruling after fighting it for a while, but as we wait, some more details have been coming out. Last week's Washington Post story about abuses claimed that this particular program wasn't reported to the FISC for "many months." Yet, as we mentioned last night, the WSJ article claims that the program actually went on for three years: < -- > Marcy Wheeler, however, puts two and two together, and notes that the "start" of this admitted unconstitutional spying was in 2008 -- which is exactly when the telcos received immunity from all such cases involving warrantless wiretapping. And, so, she points out the administration and various NSA defenders may actually be using an incredibly twisted level of reasoning to claim that this program that violated the 4th Amendment doesn't count as a "violation" because since the telcos have immunity, there's no one to "prosecute" for breaking the law. Under this twisted interpretation, the government grants telcos retroactive immunity on such surveillance, and can then use that immunity to pretend that everything it does is legal since the telcos can't be prosecuted. If that turns out to be true, it's downright evil. And, you wonder why the key part of CISPA was to basically extend blanket immunity on privacy violations between not just telcos and the government, but basically all tech companies. The more immunity the government grants, the more "legal" all its actions become. It's sickening. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 12:54:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 13:54:00 -0400 Subject: [Infowarrior] - EFF Victory Results in Release of Secret Court Opinion Finding NSA Surveillance Unconstitutional Message-ID: <1F34D515-37CE-4A97-99C1-8B5D459772FC@infowarrior.org> EFF Victory Results in Release of Secret Court Opinion Finding NSA Surveillance Unconstitutional https://www.eff.org/deeplinks/2013/08/eff-victory-results-expected-release-secret-court-opinion-finding-nsa-surveillance For almost two years, EFF has been fighting the government in federal court to force the public release of an 86-page opinion of the secret Foreign Intelligence Surveillance Court (FISC). Issued in October 2011, the secret court?s opinion found that surveillance conducted by the NSA under the FISA Amendments Act was unconstitutional and violated ?the spirit of? federal law. Today, EFF can declare victory: a federal court ordered the government to release records in our litigation, the government has indicated it intends to release the opinion today, and ODNI has called a 3:00 EST press conference to discuss "issues" with FISA Amendments Act surveillance, which we assume will include a discussion of the opinion. It remains to be seen how much of the opinion the government will actually make available to the public. President Obama has repeatedly said he welcomes a debate on the NSA?s surveillance: disclosing this opinion?and releasing enough of it so that citizens and advocates can intelligently debate the constitutional violation that occurred?is a critical step in ensuring that an informed debate takes place. Here are examples of documents previously released by the administration in response to our Freedom of Information Act request. Anything even resembling those ?releases? would be utterly unacceptable today. But we?ve come a long way since then?it took filing a lawsuit, litigating (and winning) in the FISC itself; the unprecedented public release of information about NSA surveillance activities; and our continuing efforts to push the government in the district court for release of the opinion. Release of the opinion today is just one step in advancing a public debate on the scope and legality of the NSA?s domestic surveillance programs. EFF will keep fighting until the NSA?s domestic surveillance program is reined in, federal surveillance laws are amended to prevent these kinds of abuse from happening in the future, and government officials are held accountable for their actions. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 14:03:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 15:03:36 -0400 Subject: [Infowarrior] - more on....Comcast asserts (c) over its court filing References: <3C6BAA51-6D50-4FBA-ABF2-DC0C91F54D9C@infowarrior.org> Message-ID: Comcast says its attempt to shut down TorrentFreak by claiming copyright on court filing was "error" http://boingboing.net/2013/08/21/comcast-says-its-attempt-to-sh.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. Begin forwarded message: > Comcast asserts copyright over its court filing, is attempting to shut down news site that reproduced it > > Cory Doctorow at 4:32 am Wed, Aug 21, 2013 > > In an article published last week, TorrentFreak reproduced Comcast's response to a subpoena regarding the copyright troll Prenda Law. Since then, Comcast's agents Cyveillance have sent a series of escalating legal threats to TorrentFreak and its hosting provider, LeaseWeb, asserting copyright over a document that is not copyrightable, and whose reproduction would be Fair Use in any event. TorrentFreak's hosting provider has given them 24 hours to resolve the issue or face shutdown. > > http://boingboing.net/2013/08/21/comcast-asserts-copyright-over.html > > --- > Just because i'm near the punchbowl doesn't mean I'm also drinking from it. > From rforno at infowarrior.org Wed Aug 21 14:38:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 15:38:50 -0400 Subject: [Infowarrior] - FISC Opinion Holding NSA Surveillance Unconstitutional Message-ID: <8DAE04CB-6BC3-43D1-8AE8-445E2C860ABD@infowarrior.org> (Heavy redactions. --rick) October 3, 2011 FISC Opinion Holding NSA Surveillance Unconstitutional https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surveillance-unconstitutional From rforno at infowarrior.org Wed Aug 21 14:43:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 15:43:10 -0400 Subject: [Infowarrior] - =?windows-1252?q?German_IT_officials_reportedly_d?= =?windows-1252?q?eem_Windows_8_too_=91dangerous=92_to_use?= Message-ID: <6F6523C4-2617-42D4-8071-CFD7D17D2B51@infowarrior.org> (c/o Ferg) "The National Security Agency?s snooping practices may be costing American companies a lot of money. German publication Zeit Online has obtained leaked documents that purportedly show that IT experts within the German government believe that Windows 8 contains back doors that the NSA could use to remotely control any computers that have it installed." http://news.yahoo.com/german-officials-reportedly-deem-windows-8-too-dangerous-183059602.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 16:34:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 17:34:20 -0400 Subject: [Infowarrior] - DNI phone greeting: "Your call may be monitored" Message-ID: (Recording is @ the URL) http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/21/obama-intelligence-czars-phone-message-your-call-may-be-monitored/ This is what happens when you call the office that oversees the NSA: ?You have reached the Office of the Director of National Intelligence. Please be advised that your call may be monitored.? You don?t say. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 21 19:54:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Aug 2013 20:54:42 -0400 Subject: [Infowarrior] - US Gov To Issue Secure Online IDs Message-ID: <75CF14A9-F5B6-49DD-A7A7-CC0C73AD1B2D@infowarrior.org> http://www.forbes.com/sites/tomgroenfeldt/2013/08/21/ditch-your-passwords-us-gov-to-issue-secure-online-ids/ 8/21/2013 @ 7:49AM |9,728 views Ditch Your Passwords -- US Gov To Issue Secure Online IDs SecureKey, based in Toronto, today announced it has been awarded a contract by the USPS to provide a cloud-based authentication infrastructure. Get ready for a new set of abbreviations. This is part of some federal programs that have been underway for several years, mostly below the radar ? at least this is the first I have heard of it despite being an avid reader of tech publications. But apparently a lot of people have been working on this ? some of the relevant Web sites and information sources are listed below. The Federal Cloud Credential Exchange (FCXX) is designed to enable individuals to securely access online services ?such as health benefits, student loan information, and retirement benefit information?at multiple federal agencies without the need to use a different password or other digital identification for each service. The first federal agency to use it will be the Veterans Administration. SecureKey already operates a trusted identity service in Canada. Andre Boysen, chief marketing officer for SecureKey Technologies, said that Canadians using identification keys provided by one of five participating Canadian banks, can connect with 120 government programs online with no additional user names or passwords for everything from benefits queries to fishing licenses. He compared the identification network concept to payment networks. ?Like payment networks, you have providers and subscribers, and it provides an easier way for consumers to get benefits.? he said. ?The challenge for governments is they can?t authenticate because they can?t see the users.? This is part of implementing President Obama?s National Strategy for Trusted Identities in Cyberspace (NSTIC) and the federal government?s policies and procedures under its Identity, Credential and Access Management (ICAM) program. The identity gurus have an active organization and Web site at www.idecosystem.org which posted this note: ?The National Strategy for Trusted Identities in Cyberspace (NSTIC), signed by the President in April 2011, states, ?A secure cyberspace is critical to our prosperity.? This powerful declaration makes clear that securing cyberspace is absolutely essential to increasing the security and privacy of transactions conducted over the Internet. The Identity Ecosystem envisioned in the NSTIC is an online environment that will enable people to validate their identities securely, but with minimized disclosure of personal information when they are conducting transactions.? SecureKey is also in pilots with government organizations in the UK. SecureKey said it was chosen by the USPS for its innovative federated authentication platform, SecureKey briidge.net Exchange. This cloud-based authentication and credential brokerage service is at the heart of the Federal credential program, enabling it to easily and cost-effectively broker user credential management capabilities instead of having to create and manage an authentication infrastructure robust enough to handle tens of millions of citizens by itself. The cloud-based service follows federal guidelines to protect privacy, said SecureKey, although exactly what that means after the Snowden revelations is not clear. The credential exchange will be designed to transmit credential information securely without knowing users? actual identities. It will also limit the ability of third-party credential providers and the federal agencies relying on their credentials to track citizens? transactions among agencies. The SecureKey program is designed to connect identity providers?such as banks, governments, healthcare organizations, and others?with consumers? favorite online services though a cloud-based broker service. The platform allows identity providers and online services to integrate once, reducing the integration and business complexity otherwise incurred in establishing many-to-many relationships. The company said it reduces credential management costs for online service providers, while removing user sign-up barriers, preserving user privacy, and providing convenience. Boysen said the IRS is a great example of the value of a single user credential usable across multiple agencies. Most people interact with the IRS just once a year, so remembering a user name and password would be difficult. Meanwhile the IRS estimates it loses $5 billion a year to fraud such as paying out rebates to stolen identities. By using third-party authentication like SecureKey rather than developing its own program, the IRS would save $40 million to $111 million in adoption costs and another $2 million to $19 million in annual maintenance costs, the study estimates. The study did not claim it would save the IRS from identity fraud but said it would make it much easier for the agency to identify citizens and exchange information with them without subjecting them to identity theft. Identity theft affected over 8 million Americans and cost over $30 billion, according to a 2011 Javelin study. ?Public and private sector organizations are spending billions of dollars trying to prevent unauthorized access to their IT systems and to mitigate the damage when unauthenticated access occurs.? The study said users are tired of all the requests for registration from Web sites. One report found that 77 percent of users change their behavior when asked to register online, with 60 percent leaving the site. ?Beyond being frustrating to internet users, this situation also represents a loss of business for companies.? The UAE has a similar program to develop secure IDs for its citizens. I wrote about it for Banking Technology magazine (http://www.bankingtech.com/142841/identity-and-mobile-figure-large-at-payments-and-cards-event/)after a conference in Dubai earlier this year. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 23 07:12:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Aug 2013 08:12:28 -0400 Subject: [Infowarrior] - Nasdaq Shutdown Brings Half of Stock Market to Standstill Message-ID: <64B29C2A-AEBC-4223-A3FD-97885E1E8269@infowarrior.org> Nasdaq Shutdown Brings Half of Stock Market to Standstill By Sam Mamudi and Whitney Kisling - Aug 23, 2013 http://www.bloomberg.com/news/print/2013-08-23/nasdaq-shutdown-brings-half-of-stock-market-to-standstill.html A faulty connection between the two biggest operators of U.S. stock exchanges brought half of the world?s largest equity market to a standstill, the second time this week U.S. trading was shaken by a computer malfunction. Connectivity was disrupted between NYSE Arca, where about 11 percent of American share volume occurs, and the data processing subsidiary of Nasdaq Stock Market, home to 2,150 U.S. companies, according to a person with direct knowledge of the matter. That led Nasdaq to freeze thousands of stocks from Apple Inc. to Facebook Inc. (FB) that trade on about 50 markets from Kansas to New Jersey for more than three hours. President Barack Obama was told about the malfunction and Mary Jo White, the chairman of the Securities and Exchange Commission, plans to convene market officials to discuss ways of making trading more reliable. Just three days ago, Goldman Sachs Group Inc., which made $5.8 billion from stock trading in 2012, flooded options markets with unintentional orders. ?For three hours not a single person in the world could trade any Nasdaq-listed stock,? Manoj Narang, the chief executive officer of Tradeworx Inc., a high-frequency trading firm in Red Bank, New Jersey, that designed a system to monitor markets for the SEC, said in a phone interview. ?That?s not acceptable, especially for something as simple as a quote feed not working.? Electronic Markets The disruption is the latest to signal unreliability in electronic markets just as individual investors who withdrew from stocks after the global economic crisis have shown signs of embracing equities. About $30 billion poured into exchange-traded funds that own U.S. shares in July, the most since 2008 and the second-highest ever, according to data compiled by Bloomberg since 2000. Failures are increasing as global markets get more fragmented. U.S. equity trading, which began on Wall Street more than two centuries ago and was dominated by the New York Stock Exchange for most of that period, has become dispersed among more than 50 electronic platforms accessible around the world. It?s the latest challenge for Robert Greifeld, the 56-year-old chief executive officer of Nasdaq OMX Group Inc., which was criticized for mishandling the initial public offering of Facebook in May 2012. Nasdaq agreed to pay $10 million to settle SEC charges related to the IPO as regulators cited ?poor systems and decision-making.? Exchange Fragility While Nasdaq?s closure yesterday kept brokers from executing client trades and raised fresh concerns about exchange fragility, investors praised the decision to stop activity before chaos snowballed. Nasdaq?s own shares, which were covered by the halt, fell 3.4 percent to $30.46 in New York yesterday. That was the biggest drop in four months and trimmed the 2013 advance to 22 percent. The stock rose 0.6 percent at 10:58 a.m. in Frankfurt trading today. The Nasdaq Composite Index (CCMP), which didn?t move during the outage, gained 1.1 percent to 3,638.71 yesterday. The Nasdaq 100 Index of the biggest companies listed on the exchange climbed 1 percent to 3,101.82. ?It?s a good thing to halt the data before the trades go crazy because it could have easily turned into a flash crash,? said James Angel, a finance professor at Georgetown University in Washington. ?It certainly doesn?t make them look good when their market went down but they pulled the switch before the market went crazy.? Transactions Frozen Nasdaq froze transactions in all of its shares just after noon, stopping the buying and selling on its platform and dozens of others where the securities trade. Bad connectivity between an exchange that wasn?t identified and Nasdaq?s securities information processor, or SIP, led to a ?degradation in the ability of the SIP to disseminate consolidated quotes and trades,? according to a Nasdaq release. The exchange was NYSE Arca, according to the person with direct knowledge, who asked not to be identified because the matter is private. Rob Madden, a Nasdaq spokesman, declined to comment on the matter, as did Rich Adamonis, a spokesman for NYSE Euronext. Nasdaq and NYSE, which almost all U.S. companies use to go public, each operate SIPs. The units receive quotes and trades from around the country and disseminate them in three groups, known as tapes. NYSE operates the Tapes A and B and Nasdaq runs Tape C. Can?t Trade ?In order for the trade to be consummated, it has to hit the tape,? said Sayena Mostowfi, senior analyst at Tabb Group LLC based in New York. If it doesn?t, ?you can?t really trade,? she said. ?That?s why the entire market goes out.? The Nasdaq SIP processed about 85.4 million quotes and 6.25 million trades per day in the fourth quarter of 2010, according to a consolidated exchange data report. NYSE?s handled 311.3 million quotes and 20.1 million trades daily in the same period. During peaks, Nasdaq saw an average of 58,585 quotes and 14,030 trades a second. Nasdaq?s malfunction shows that not enough redundancy is built into the quote processing system, according to Jerome Dodson, president of San Francisco-based Parnassus Investments, which oversees about $9 billion. His firm submitted equity trades around noon New York time that weren?t completed. ?The traders said: ?There?s nothing filling! There?s nothing filling!?? said Dodson, who oversees the Parnassus Fund that has beaten 93 percent of its peers in the past five years. ?No doubt there should be a backup system.? Strain Signs Signs of strain appeared shortly after 10 a.m. when NYSE Arca (NYX) began alerting traders to problems, saying it was having issues routing orders in certain Nasdaq-listed securities, according to emails the exchange sent to subscribers. Although the exchange said it resolved the issue within about 10 minutes, live orders for those securities were canceled 20 minutes later and quoting didn?t resume until 11:16 a.m., status updates show. About 30 minutes later, Nasdaq sent an alert that its SIP was having ?momentary interruptions? disseminating quotes, and exchanges began halting Nasdaq-listed security data shortly after noon. NYSE Arca stopped at 12:14 p.m. at the request of Nasdaq, according to alerts. Nasdaq equity indexes didn?t update during the outage and volume in stocks listed on the New York Stock Exchange also dwindled as liquidity dried up around the country. As happened after Goldman Sachs?s mishap, traders said losing access to so many stocks would expose trading positions to losses. ?Real Fear? ?The real fear is that we get stuck wearing some kind of risk because of an interruption that is not of our doing,? Max Breier, a senior equity derivatives trader at BMO Capital Markets Corp. in New York, said in a phone interview. ?Any halt in information or ability to trade is going to hinder our ability to manage our risk and take positions.? Obama was briefed on the disruption by his chief of staff, Denis McDonough, according to an e-mail from Josh Earnest, deputy White House press secretary, to reporters traveling with the president in upstate New York. A meeting of exchange leaders will be convened in Washington to ?accelerate ongoing efforts to further strengthen our markets? by the SEC?s White, according to a government statement. The SEC and the Commodity Futures Trading Commission have stepped up scrutiny of trading since the so-called flash crash of May 6, 2010, when $862 billion in equity value was erased in 20 minutes before prices recovered. The CFTC, the top U.S. derivatives regulator, is poised to announce a range of potential methods for overseeing automated and high-frequency trading, according to four people with knowledge of the matter. Direct Edge The decision to freeze stocks halted dozens of other markets around the country that trade securities. Exchanges from Bats Global Markets Inc. in Lenexa, Kansas, to Jersey City, New Jersey-based Direct Edge Holdings LLC published notices saying they were following the main exchange. Nasdaq ?has to recommit to making sure they are delivering their core value proposition, which is reliable, transparent and effective market making,? Brad McMillan, chief investment officer for Waltham, Massachusetts-based Commonwealth Financial Network, said in a phone interview. His firm has more than $71 billion under management. ?If it gets to the point of, ?Oh, yeah, Nasdaq went down again, and that?s not news,? that?s when they lost their ability to deliver their core function.? Volume Drops The disruption resulted in the second-fewest shares changing hands on U.S. exchanges in at least five years during a full-day session. About 4.4 billion shares traded yesterday, 30 percent below the three-month average. Volume was lower only on Oct. 8, 2012, excluding holiday trading, according to data Bloomberg began compiling in 2008. About 740 million exchange-listed shares changed hands during the three hours through 3:20 p.m. in New York following the suspension, or a third of the total transactions over the first three hours, data compiled by Bloomberg show. American stock markets regularly shut down as share volume rose in the late 1960s before computers were in widespread use. According to the Depository Trust & Clearing Corp.?s website, exchanges closed every Wednesday and shortened trading hours as daily share volume of 10 million to 12 million shares meant ?brokers were literally buried in paperwork.? Volume has averaged more than 6 billion shares a day in 2013. Squirrel Shutdown Yesterday?s outage was longer than an approximately 40-minute shutdown in 1994 that was triggered when a squirrel chewed through a power line in Shelton, Connecticut, disrupting electricity near a Nasdaq computer facility in Trumbull. That same year, a communications-software error shut the exchange for two-and-a-half hours. Another squirrel was to blame for a 1987 outage that lasted 82 minutes, according to a New York Times report at the time. Investors in China were whipsawed by a computer malfunction last week. State-controlled brokerage Everbright Securities Co. reported a trading loss of 194 million yuan ($32 million) and apologized to investors after errors in order-execution systems on Aug. 16 sparked the biggest intraday swing in China?s benchmark index since 2009. Yesterday?s halt ?is not a Nasdaq issue, this is a much broader issue,? Sal Arnuk, a partner and co-founder at Themis Trading LLC in Chatham, New Jersey, said in a phone interview. ?This is a black eye and an egg on the face of the structure of all the exchanges.? To contact the reporters on this story: Sam Mamudi in New York at smamudi at bloomberg.net; Whitney Kisling in New York at wkisling at bloomberg.net To contact the editor responsible for this story: Lynn Thomasson at lthomasson at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 23 07:13:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Aug 2013 08:13:18 -0400 Subject: [Infowarrior] - PRISM data used for (c) bust of Dotcom? Message-ID: (And thus, we apparently enter the slippery slope of abusing secretive "national security tools" to enforce excessive and overly-broad commercial copyright interests, which is a *very* dangerous thing. --rick) NZ police affidavits show use of PRISM for surveillance By Juha Saarinen on Aug 23, 2013 5:46 AM (16 hours ago) Police affidavits related to the raid on Kim Dotcom's Mega mansion appear to show that New Zealand police and spy agencies are able to tap directly into United States surveillance systems such as PRISM to capture email and other traffic. The discovery was made by blogger Keith Ng who wrote on his On Point blog that the Organised and Financial Crime Agency New Zealand (OFCANZ) requested assistance from the Government Communications Security Bureau (GCSB), the country's signals intelligence unit, which is charge of surveilling the Pacific region under the Five-Eyes agreement. A list of so-called selectors or search terms were provided to GCSB by the police [PDF, redacted] for the surveillance of emails and other data traffic generated by Dotcom and his Megaupload associates. < - > http://www.itnews.com.au/News/354407,nz-police-affidavits-show-use-of-prism-for-surveillance.aspx --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 23 07:13:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Aug 2013 08:13:23 -0400 Subject: [Infowarrior] - Blaming Sequestration, CIA Closes Historical Document Declassification Office Message-ID: Blaming Sequestration, CIA Closes Historical Document Declassification Office from the nice-going,-everyone-involved-[finger-pointed-at-Congress] dept http://www.techdirt.com/articles/20130822/13141424284/blaming-sequestration-cia-closes-historical-document-declassification-office.shtml The forced cuts of the sequester are hitting everywhere, apparently even at agencies with black budgets. With the budgets not open for public inspection, whatever's cut by those agencies will take on the appearance of being "discretionary." The latest cut by the CIA certainly looks to be a cut of convenience, rather than one of necessity. < - > The agency's spokesman says this move will "create efficiencies," which is both untrue and a buzzword-ish mistreatment of English. All it does is push a likely unwanted task (does the CIA really care whether or not the public's interest is served?) to a part of the agency that wants it even less. With this move, the CIA's history is allowed to slink back into the shadows while its present continues to be kept out of the sunlight by an antagonist FOIA department. The off-the-record budget keeps anyone from stating definitively whether this cut was mandatory or simply convenient, but considering its lack of direct benefit to the agency (and its agenda), it's not a surprise to see it swiftly placed on the chopping block. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 23 08:29:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Aug 2013 09:29:46 -0400 Subject: [Infowarrior] - Microsoft CEO Ballmer to step down within 12 months Message-ID: <5107D792-5167-481E-B3A1-AC4AE6DAD2F4@infowarrior.org> Microsoft CEO Ballmer to step down within 12 months MARKETS, TECHNOLOGY, MICROSOFT CORP, BUSINESS NEWS CNBC.com | Friday, 23 Aug 2013 | 9:04 AM ET http://www.cnbc.com/id/100963220/print Microsoft's CEO Steve Ballmer shocked markets on Friday by announcing he would step down within 12 months, ending a tenure marked by the software giant's declining dominance and struggles to keep pace with its competitors. In a terse statement, Microsoft said Ballmer would retire "upon the completion of a process to choose his successor. In the meantime, Ballmer will continue as CEO and will lead Microsoft through the next steps of its transformation to a devices and services company that empowers people for the activities they value most." Investors applauded the news by sending Microsoft's shares surging in premarket trading by 7 percent -- adding a whopping $24 billion to the software company's market capitalization from Thursday's close. The news came only months after the Redmond-based technology behemoth announced a broad reorganization designed to capitalize on the relentless shift toward mobile technology. Ballmer acknowledged the strategic shift, as he complemented the new leadership team. "There is never a perfect time for this type of transition, but now is the right time," Ballmer said in a statement. "My original thoughts on timing would have had my retirement happen in the middle of our company's transformation to a devices and services company," he added. "We need a CEO who will be here longer term for this new direction." ? 2013 CNBC.com URL: http://www.cnbc.com/100963220 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 23 13:56:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Aug 2013 14:56:33 -0400 Subject: [Infowarrior] - My Dinner With NSA Director Keith Alexander Message-ID: My Dinner With NSA Director Keith Alexander Jennifer Granick, Contributor Director of Civil Liberties, Stanford Center for Internet and Society http://www.forbes.com/sites/jennifergranick/2013/08/22/my-dinner-with-general-alexander/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 24 18:34:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Aug 2013 19:34:16 -0400 Subject: [Infowarrior] - IETF launches fightback against state snoopers Message-ID: <2DB49EB0-C974-4460-853B-F832A685D0B4@infowarrior.org> Internet launches fightback against state snoopers By Robert Cookson, Digital Media Correspondent http://www.ft.com/intl/cms/s/0/ab28f708-0a7e-11e3-aeab-00144feabdc0.html Key architects of the internet have started to fight back against US and UK snooping programmes by drawing up an ambitious plan to defend traffic over the world wide web against mass surveillance. The Internet Engineering Task Force, a body that develops internet standards, has proposed a system in which all communication between websites and browsers would be shielded by encryption. In practical terms that would be akin to extending the sort of secure communications that banks and retailers like Amazon use to protect their customers across the world wide web. While the plan is at an early stage, it has the potential to transform a large part of the internet and make it more difficult for governments, companies and criminals to eavesdrop on people as they browse the web. At present, only a fraction of all websites ? typically those that handle financial information ? encrypt data when communicating with web browsers. ?There has been a complete change in how people perceive the world? since whistleblower Edward Snowden disclosed the extent of US surveillance programmes earlier this summer, said Mike Belshe, a software engineer and IETF member who helped develop Google web browser Chrome. ?Not having encryption on the web today is a matter of life and death,? he said. The IETF push for greater use of encryption comes alongside calls from top internet and privacy groups for fundamental reforms of the laws governing the web. In a letter to the FT published this weekend, top groups including web founder Tim Berners Lee?s World Wide Web Foundation call for a ?reform of the status quo? online. ?Online privacy is being eroded at a breakneck speed by blanket surveillance, and unless steps to reform are taken immediately, the notion of free and secure online communications will be relegated to the annals of history,? they write. ?Blanket government surveillance by default, with laws enforced in secret, will always be unacceptable.? The IETF, which operates through the ?rough consensus? of its members, has been instrumental in shaping the technical infrastructure of the web since it was founded in 1986. While the body cannot force the adoption of its standards, it is highly influential and its membership includes employees of the world?s biggest internet companies including Google, Microsoft and Apple. But at its conference in Berlin this month, IETF members reached ?nearly unanimous consensus? on the need to build encryption into the heart of the web, said Mark Nottingham, a developer who chairs the IETF working group on HTTP, a data access protocol that underpins the web. ?There are a lot of people who want this to happen,? he said. Mr Nottingham cautioned that it was ?very early days? and said the proposal would need to undergo extensive discussion within the broad web community before it could be implemented. Exactly how the plan would work has yet to be decided. But at present the idea is to mandate the use of Transport Layer Security (TLS), a cryptographic protocol, in the next version of HTTP, which is planned for 2014. It would then be up to companies behind web browsers and web servers to put the new standards into practice. Google and Twitter are among several big companies that have long called for more encryption of web traffic. Chrome, Google?s popular web browser, already allows people to encrypt their activity when browsing any of the company?s websites. However, security experts said that while TLS encryption would make surveillance more difficult, it was far from foolproof. ?If you?re looking for a silver bullet to make people?s personal traffic impossible to break, this won?t be it,? said Sam Curry, chief technologist at RSA, a computer security company. Hackers, especially those with substantial computing power, would find ways to crack the encryption or get around it by exploiting other vulnerabilities in the network, he said. Nonetheless, he added: ?Anything that improves trust in the digital world is a noble aim.? Copyright The Financial Times Limited 2013. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 24 19:01:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Aug 2013 20:01:30 -0400 Subject: [Infowarrior] - One-click reference to delete much of your Web presence Message-ID: Justdelete.me Wants To Help You Pull The Plug On All Those Pesky Online Accounts Chris Velazco http://techcrunch.com/2013/08/23/justdelete-me-wants-to-help-you-pull-the-plug-on-all-those-pesky-online-accounts/ It?s tiring, isn?t it? Doing everything online, I mean. Everyday you log into services tailor-made for shopping, searching, sharing, watching, chatting, curating, reading, bragging ? that?s a lot of places to keep your personal information, and no one could blame you if you wanted to try to pare down on those extraneous connections. Hell, I?d like nothing better myself sometimes. A U.K.-based duo consisting of developer Robb Lewis and designer Ed Poole seem to understand that desire awfully well, and they teamed up to create what may be a truly indispensable resource. It?s called Justdelete.me, and as the name sort of implies, it?s a directory of links to pages where you can lay waste to your myriad online accounts. It?s a deceptively simple resource. You?re greeted with a sizable grid that points you to a slew of popular web services that you probably use. More specifically, those links point you straight at the pages where you can deactivate all those pesky accounts? or at least where you can try. Thankfully, Lewis has done the due diligence to figure out which services can be disconnected from painlessly and which ones require you to (ugh) actually communicate with someone to get the job done. A disconcerting number of sites and services fall into that latter category. Of the ones that Lewis has added, 10 won?t let you kill your account without first talking to a customer service rep, and 4 (Netflix, Steam, Starbucks, and WordPress) don?t seem to let you delete your accounts at all. Of course, it?s in these companies? best interests to keep the account deletion process as obtuse (one might say dark) as possible. The less progress you make on that front, the more likely you are to say ?screw it? and remain in their clutches. As useful as the site can be for people looking to disconnect sans headaches, it?s far from being a complete compendium. Lewis notes on his blog that Justdelete.me is very much a work-in-progress ? he?ll gladly accept suggestions for services that people think should be on the list, and here?s hoping this thing continues to pick up steam. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Aug 25 08:39:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Aug 2013 09:39:15 -0400 Subject: [Infowarrior] - Havenco/Sealand is coming back Message-ID: <31FF8D54-5624-4DA9-98AF-B7DDE2FC1101@infowarrior.org> The World's Most Notorious Micronation Has the Secret to Protecting Your Data From the NSA A decade ago, the Principality of Sealand tried to create a data haven?and failed spectacularly. Now it's trying again. < - > http://www.motherjones.com/politics/2013/08/sealand-havenco-data-haven-pirate --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Aug 25 08:45:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Aug 2013 09:45:52 -0400 Subject: [Infowarrior] - The Surveillance Paradigm References: <20130825132348.DF85F2281C4@palinka.tinho.net> Message-ID: <8EEC6497-F342-4949-9E26-BF834069A742@infowarrior.org> Begin forwarded message: > From: dan > > http://www.faz.net/aktuell/feuilleton/the-surveillance-paradigm-be-the-friction-our-response-to-the-new-lords-of-the-ring-12241996.html > > Shoshana Zuboff is the person who coined the phrase "anticipatory > compliance" and much worth listening to. First tenured female at > Harvard Business School, now emeritus. > From rforno at infowarrior.org Sun Aug 25 12:12:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Aug 2013 13:12:49 -0400 Subject: [Infowarrior] - NSA bugged UN HQ Message-ID: <2F69F5B6-4CFA-4248-8128-4252E151D359@infowarrior.org> U.S. spy agency bugged U.N. headquarters: Germany's Spiegel 11:30am EDT http://www.reuters.com/assets/print?aid=USBRE97O08120130825 BERLIN (Reuters) - The U.S. National Security Agency has bugged the United Nations' New York headquarters, Germany's Der Spiegel weekly said on Sunday in a report on U.S. spying that could further strain relations between Washington and its allies. Citing secret U.S. documents obtained by fugitive former intelligence contractor Edward Snowden, Der Spiegel said the files showed how the United States systematically spied on other states and institutions. Der Spiegel said the European Union and the U.N.'s Vienna-based nuclear watchdog, the International Atomic Energy Agency (IAEA), were among those targeted by U.S. intelligence agents. In the summer of 2012, NSA experts succeeded in getting into the U.N. video conferencing system and cracking its coding system, according one of the documents cited by Der Spiegel. "The data traffic gives us internal video teleconferences of the United Nations (yay!)," Der Spiegel quoted one document as saying, adding that within three weeks the number of decoded communications rose to 458 from 12. Internal files also show the NSA spied on the EU legation in New York after it moved to new rooms in autumn 2012. Among the documents copied by Snowden from NSA computers are plans of the EU mission, its IT infrastructure and servers. According to the documents, the NSA runs a bugging program in more than 80 embassies and consulates worldwide called "Special Collection Service". "The surveillance is intensive and well organized and has little or nothing to do with warding off terrorists," wrote Der Spiegel. OPEN LETTER Snowden's leaks have embarrassed the United States by exposing the global extent of its surveillance programs. Washington has said its spies operate within the law and that the leaks have damaged national security. A week ago Britain, a staunch U.S. ally in the intelligence field, detained the partner of a Brazil-based journalist working for London's Guardian newspaper who has led coverage of Snowden's leaks. British police said documents seized from David Miranda were "highly sensitive" and could put lives at risk if disclosed. The Guardian last week destroyed computer equipment containing Snowden files after it was threatened with possible legal action by senior British government advisers. In an open letter to British Prime Minister David Cameron published on Sunday, editors of leading Nordic newspapers said Miranda's detention and moves against the Guardian were "undermining the position of the free press throughout the world". "(We are) deeply concerned that a stout defender of democracy and free debate such as the United Kingdom uses anti-terror legislation in order to legalize what amounts to harassment of both the paper and individuals associated with it," said the letter from Sweden's Dagens Nyheter, Finland's Helsingin Sanomat, Denmark's Politiken and Norway's Aftenposten. Earlier this month, U.S. President Barack Obama announced plans to limit U.S. government surveillance programs, saying the United States could and should be more transparent. The issue has also become a hot topic in Germany before an election next month. Some reports have suggested that German intelligence agents have cooperated with U.S. spies. There could be a voter backlash if it emerges that Chancellor Angela Merkel, tipped to win a third term, knew more about such cooperation than she has so far acknowledged. (Reporting by Madeline Chambers; Additional reporting by Gwladys Fouche; Editing by Jon Boyle) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 26 11:37:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Aug 2013 12:37:13 -0400 Subject: [Infowarrior] - Gitmo Bans Solzhenitsyn's 'The Gulag Archipelago' Message-ID: <831CD83A-4C9F-4AFF-B8C8-2E724875D402@infowarrior.org> Guantanamo Bay Authorities Ban Solzhenitsyn's 'The Gulag Archipelago' http://www.techdirt.com/articles/20130822/09182124281/guantanamo-bay-authorities-ban-solzhenitsyns-gulag-archipelago.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 26 11:37:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Aug 2013 12:37:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?We=92re_All_Still_Hostages_to_th?= =?windows-1252?q?e_Big_Banks?= Message-ID: We?re All Still Hostages to the Big Banks By ANAT R. ADMATI Published: August 25, 2013 http://www.nytimes.com/2013/08/26/opinion/were-all-still-hostages-to-the-big-banks.html?hp STANFORD, Calif. ? NEARLY five years after the bankruptcy of Lehman Brothers touched off a global financial crisis, we are no safer. Huge, complex and opaque banks continue to take enormous risks that endanger the economy. From Washington to Berlin, banking lobbyists have blocked essential reforms at every turn. Their efforts at obfuscation and influence-buying are no surprise. What?s shameful is how easily our leaders have caved in, and how quickly the lessons of the crisis have been forgotten. We will never have a safe and healthy global financial system until banks are forced to rely much more on money from their owners and shareholders to finance their loans and investments. Forget all the jargon, and just focus on this simple rule. Mindful, perhaps, of the coming five-year anniversary, regulators have recently taken some actions along these lines. In June, a committee of global banking regulators based in Basel, Switzerland, proposed changes to how banks calculate their leverage ratios, a measure of how much borrowed money they can use to conduct their business. Last month, federal regulators proposed going somewhat beyond the internationally agreed minimum known as Basel III, which is being phased in. Last Monday, President Obama scolded regulators for dragging their feet on implementing Dodd-Frank, the gargantuan 2010 law that was supposed to prevent another crisis but in fact punted on most of the tough decisions. Don?t let the flurry of activity confuse you. The regulations being proposed offer little to celebrate. From Wall Street to the City of London comes the same wailing: requiring banks to rely less on borrowing will hurt their ability to lend to companies and individuals. These bankers falsely imply that capital (unborrowed money) is idle cash set aside in a vault. In fact, they want to keep placing new bets at the poker table ? while putting taxpayers at risk. When we deposit money in a bank, we are making a loan. JPMorgan Chase, America?s largest bank, had $2.4 trillion in assets as of June 30, and debts of $2.2 trillion: $1.2 trillion in deposits and $1 trillion in other debt (owed to money market funds, other banks, bondholders and the like). It was notable for surviving the crisis, but no bank that is so heavily indebted can be considered truly safe. The six largest American banks ? the others are Bank of America, Citigroup, Wells Fargo, Goldman Sachs and Morgan Stanley ? collectively owe about $8.7 trillion. Only a fraction of this is used to make loans. JPMorgan Chase used some excess deposits to trade complex derivatives in London ? losing more than $6 billion last year in a notoriously bad bet. Risk, taken properly, is essential for innovation and growth. But outside of banking, healthy corporations rarely carry debts totaling more than 70 percent of their assets. Many thriving corporations borrow very little. Banks, by contrast, routinely have liabilities in excess of 90 percent of their assets. JPMorgan Chase?s $2.2 trillion in debt represented some 91 percent of its $2.4 trillion in assets. (Under accounting conventions used in Europe, the figure would be around 94 percent.) Basel III would permit banks to borrow up to 97 percent of their assets. The proposed regulations in the United States ? which Wall Street is fighting ? would still allow even the largest bank holding companies to borrow up to 95 percent (though how to measure bank assets is often a matter of debate). If equity (the bank?s own money) is only 5 percent of assets, even a tiny loss of 2 percent of its assets could prompt, in essence, a run on the bank. Creditors may refuse to renew their loans, causing the bank to stop lending or to sell assets in a hurry. If too many banks are distressed at once, a systemic crisis results. Prudent banks would not lend to borrowers like themselves unless the risks were borne by someone else. But insured depositors, and creditors who expect to be paid by authorities if not by the bank, agree to lend to banks at attractive terms, allowing them to enjoy the upside of risks while others ? you, the taxpayer ? share the downside. Implicit guarantees of government support perversely encouraged banks to borrow, take risk and become ?too big to fail.? Recent scandals ? JPMorgan?s $6 billion London trading loss, an HSBC money laundering scandal that resulted in a $1.9 billion settlement, and inappropriate sales of credit-card protection insurance that resulted, on Thursday, in a $2 billion settlement by British banks ? suggest that the largest banks are also too big to manage, control and regulate. NOTHING suggests that banks couldn?t do what they do if they financed, for example, 30 percent of their assets with equity (unborrowed funds) ? a level considered perfectly normal, or even low, for healthy corporations. Yet this simple idea is considered radical, even heretical, in the hermetic bubble of banking. Bankers and regulators want us to believe that the banks? high levels of borrowing are acceptable because banks are good at managing their risks and regulators know how to measure them. The failures of both were manifest in 2008, and yet regulators have ignored the lessons. If banks could absorb much more of their losses, regulators would need to worry less about risk measurements, because banks would have better incentives to manage their risks and make appropriate investment decisions. That?s why raising equity requirements substantially is the single best step for making banking safer and healthier. The transition to a better system could be managed quickly. Companies commonly rely on their profits to grow and invest, without needing to borrow. Banks should do the same. Banks can also sell more shares to become stronger. If a bank cannot persuade investors to buy its shares at any price because its assets are too opaque, unsteady or overvalued, it fails a basic ?stress test,? suggesting it may be too weak without subsidies. Ben S. Bernanke, chairman of the Federal Reserve, has acknowledged that the ?too big to fail? problem has not been solved, but the Fed counterproductively allows most large banks to make payouts to their shareholders, repeating some of the Fed?s most obvious mistakes in the run-up to the crisis. Its stress tests fail to consider the collateral damage of banks? distress. They are a charade. Dodd-Frank was supposed to spell the end to all bailouts. It gave the Federal Deposit Insurance Corporation ?resolution authority? to seize and ?wind down? banks, a kind of orderly liquidation ? no more panics. Don?t count on it. The F.D.I.C. does not have authority in the scores of nations where global banks operate, and even the mere possibility that banks would go into this untested ?resolution authority? would be disruptive to the markets. The state of financial reform is grim in most other nations. Europe is in a particularly dire situation. Many of its banks have not recovered from the crisis. But if other countries foolishly allow their banks to be reckless, it does not follow that we must do the same. Some warn that tight regulation would push activities into the ?shadow banking system? of money market funds and other short-term lending vehicles. But past failures to make sure that banks could not hide risks using various tricks in opaque markets is hardly reason to give up on essential new regulations. We must face the challenge of drawing up appropriate rules and enforcing them, or pay dearly for failing to do so. The first rule is to make banks rely much more on equity, and much less on borrowing. Anat R. Admati, a professor of finance and economics at the Stanford Graduate School of Business, is the author, with Martin Hellwig, of ?The Bankers? New Clothes: What?s Wrong With Banking and What to Do About It.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 26 12:06:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Aug 2013 13:06:56 -0400 Subject: [Infowarrior] - Guardian's Editorial on Spying Message-ID: <45197B5E-967F-4EBC-AFCA-4A6FD9E71268@infowarrior.org> Surveillance and the state: this way the debate goes on Thanks to Edward Snowden, the world now has a debate about the dramatic change in the contract between state and citizen ? Editorial ? The Guardian, Friday 23 August 2013 18.58 EDT http://www.theguardian.com/commentisfree/2013/aug/23/surveillance-state-debate-goes-on "Spies spy! Who knew?" Thus the world-weary shrug from too many people who ought to know better over the revelations deriving from the material leaked by Edward Snowden about what goes on inside the west's major intelligence agencies in 2013. We have all read our Le Carr?, they sigh. We spy on them, they spy on us. Except in fiction, it must remain a secret world. The secrecy has to remain near-absolute because our national security depends on it. The best way for the state to ensure such secrecy is to have an armoury of criminal and civil laws ? backed by punitive sanctions ? to deter any leakages. This used to work. But the nature of spying has changed: this much we have learned from Mr Snowden. What was once highly targeted has now become virtually universal. The evident ambition is to put entire populations under some form of surveillance. The faceless intelligence masters may say they are still searching for needles, but first they want the entire haystack. And thus countless millions of entirely innocent (in every sense) citizens are potentially being monitored. Their phone calls, web searches, texts and emails are routinely intercepted, collected, stored and subjected to analysis. Did the governments involved ever stop to think about the notion of consent? Did any engineer, spy chief, minister, congressman or president ever wonder whether such a dramatic change in the contract between state and citizen required some form of debate? Secrecy and openness Thanks to Mr Snowden they have now got a debate ? one that is rippling around the world. President Barack Obama says he welcomes that debate. That much is encouraging, even if it seems unlikely to be true because it is not going to be a comfortable debate for any government ? nor for those in intelligence, nor for anyone running a major technology or telecommunications company. The world was simpler when the law could be used to prevent any meaningful and informed discussion of what was involved. The laws crafted before and during the first world war (the Espionage Act in the US, the Official Secrets Act in the UK) saw to that. Secrecy and openness must collide. Governments and spies will place the greater emphasis on security: that is inevitable. Individuals who treasure free speech, an unfettered press, the capacity for dissent, or an individual's rights to privacy or protection against the state, will have equal, or greater, concerns. It is obvious that virtually anyone with a digital life ? any user of Google or Verizon or BT or Facebook or Skype ? is entitled to know quite how much privacy they can reasonably expect. This is the coming debate. Who will hold the debate, and how is it to be informed? To date, there has been a vigorous discussion on these matters in the US and European legislatures and media. In the UK, the number of MPs or peers who have said anything at all is tiny. Much legal oversight of intelligence matters happens in closed courts. Parliamentary oversight is a similarly shadowy affair. In the UK, Sir Malcolm Rifkind, who is supposed to be a kind of regulator, too often sounds like a cheerleader. In the US, the same can alas be said of Senator Dianne Feinstein, who heads the Senate intelligence committee. Responsible reporting What role does a free press have in assisting and informing this debate? In late May, Mr Snowden gave this newspaper a volume of documents from his role as one of 850,000 intelligence employees cleared to read and analyse top-secret material. It is difficult to imagine any editor in the free world who would have destroyed this material unread, or handed it back, unanalysed, to the spy agencies or the government. The Guardian did what we hope any news organisation would do ? patiently analysed and responsibly reported on some of the material we have read in order to inform the necessary public debate. Some time after our first disclosures we were contacted by the cabinet secretary, who said he spoke on behalf of the prime minister. He acknowledged that we had behaved responsibly, expressed concerns about the security of the material we held and requested the return or destruction of the documents. We explained that complying with the request would destroy our ability to report. At this stage there was no threat of law, but nevertheless we took the precaution of sharing some of the material with news organisations in America, where we consider there to be more robust protections for serious journalism of public importance. Some weeks later the tone of these and other discussions changed. There was, by mid-July, an explicit threat that the government would, after all, seek to stop the Guardian's work and prevent publication of further material by legal means. To have resisted such action would have involved handing over ultimate control of the material to a judge and could have meant that no stories could have been published for many months, if at all. The first amendment of the American constitution guarantees its press protections of which British editors can only dream. For more than 40 years ? since the publication of the so-called Pentagon papers in 1971 ? it has been accepted that the state will not succeed in trying to obtain prior restraint of the press. So we will in future report this story from New York. We have shared some material with, and will collaborate with, the New York Times. It is, we believe, inconceivable that the US government would try to obtain, or the US court grant, an injunction against publication by the NYT. The US attorney general has recently given an assurance that he will not prosecute any journalist "for doing his or her job". So the debate about the mass collection of data on populations, the links between the state, the intelligence services and large corporations, and the uses and limits of oversight can continue. Meanwhile in the UK, the police ? with the apparent knowledge of the government ? misused a law designed to combat terrorism to detain a member of the Guardian's team for nine hours and to confiscate his material. The former lord chancellor, Lord Falconer, has confirmed that there was no intention that the 2000 Terrorism Act should be used against people like David Miranda, the partner of the Guardian columnist Glenn Greenwald. "The state may wish that journalists would not publish sensitive material," he wrote in these columns last week, "but it is up to journalists, not the state, to decide where to draw the line." Civil liberties and security These are words that should be heeded by the British government official who told us that the Guardian had "had our debate" and that there was no "need" to write any more. It is not the role of politicians or civil servants to determine the limits of public discussion. Nor should the debate be circumscribed by attempting to criminalise the act of journalism ? without which, in this instance, there could be no debate. Citizens of free countries are entitled to protect their privacy against the state. The state has a duty to protect free speech as well as security. Fundamental rights, as we say, collide. Journalists have a duty to inform and facilitate a debate and to help test the consent of people about the nature of any trade-offs between civil liberties and security. A democratic government should seek to protect and nourish that debate, not threaten it or stamp it out. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 26 12:40:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Aug 2013 13:40:57 -0400 Subject: [Infowarrior] - Guardian partners with NYT over Snowden GCHQ files Message-ID: Guardian partners with New York Times over Snowden GCHQ files Some of Edward Snowden cache shared with US paper after 'climate of intense pressure' from UK government ? Lisa O'Carroll ? The Guardian, Friday 23 August 2013 13.17 EDT http://www.theguardian.com/uk-news/2013/aug/23/guardian-news-york-times-partnership The Guardian has struck a partnership with the New York Times which will give the US paper access to some of the sensitive cache of documents leaked by the National Security Agency whistleblower Edward Snowden. The arrangement was made when the Guardian was faced with demands from the UK government to hand over the GCHQ files it had in its possession. "In a climate of intense pressure from the UK government, the Guardian decided to bring in a US partner to work on the GCHQ documents provided by Edward Snowden. We are working in partnership with the NYT and others to continue reporting these stories," the Guardian said in a statement. Journalists in America are protected by the first amendment which guarantees free speech and in practice prevents the state seeking pre-publication injunctions or "prior restraint". It is intended that the collaboration with the New York Times will allow the Guardian to continue exposing mass surveillance by putting the Snowden documents on GCHQ beyond government reach. Snowden is aware of the arrangement. The collaboration echoes that of the partnership forged in 2010 between the Guardian, the New York Times and Der Spiegel in relation to WikiLeaks's release of US military and diplomatic documents. The US surveillance scandal broke in early June when the Guardian revealed the US was collecting telephone records of millions of American citizens. Since then the Guardian has exposed mass surveillance of Facebook, Google, Microsoft, eavesdropping by Britain's GCHQ on foreign politicians at G20 summits in London and the secret operation codenamed Tempora, involving mass interception of cable traffic, designed, in the words of GCHQ to "Master the Internet". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 26 13:56:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Aug 2013 14:56:23 -0400 Subject: [Infowarrior] - =?windows-1252?q?Open_Secret_About_Google=92s_Sur?= =?windows-1252?q?veillance_Case_No_Longer_Secret?= Message-ID: Open Secret About Google?s Surveillance Case No Longer Secret By Jennifer Valentino-DeVries and Danny Yadron http://blogs.wsj.com/digits/2013/08/26/open-secret-about-googles-surveillance-case-no-longer-secret/ The Justice Department recently won a court battle to keep an Internet company from talking about federal demands for user data, arguing that even disclosing the company?s name would damage national security. But then, after months of arguments, the department appears to have been foiled by its own redaction process, which left the name ?Google? on one page that was posted Friday in the U.S. District Court for the Southern District of New York. The case and GoogleGOOG +0.23%?s role in it underscore a tension between some Silicon Valley companies and the government over national security surveillance and the secrecy surrounding it. Google has been pushing back against data-gathering tools called national security letters in two federal courts since this spring. Such letters, known as NSLs, allow the Federal Bureau of Investigation to demand account information and other data, but not the content of calls and emails. They typically come with a strict gag order, and companies cannot even acknowledge they receive them. After a judge in California ruled the law was a violation of the First Amendment right to free speech in March, Google challenged several of the letters it had received and asked to be freed from the gag orders. The decisions have consistently sided with the government and ordered Google to comply and keep quiet. But after news broke that Google was part of a program called Prism, which allows the National Security Agency to collect data on Internet users from U.S. technology companies, the company asked one of the judges, in New York, to reconsider. Google and other companies involved in the NSA programs have said the secrecy surrounding government data-gathering leaves them unable to tell their customers what they really do with the data and puts their business at a disadvantage. ?[Redacted] has a First Amendment right to communicate transparently with its users and the public regarding its receipt of the NSL,? an attorney for the initially unnamed company wrote in a court filing, dated Aug. 16. ?In light of broadly available misinformation about [redacted] receipt of and compliance with national security process and the concerns and questions of its users? [redacted] seeks to advance the public debate by taking reasonable, limited steps to increase transparency regarding its practices.? Many references to an unnamed company are redacted in the 10-page document. But a sentence before a large blocked-out section on page 8 says that, after the Guardian and Washington Post newspapers reported Prism?s existence, ?the public?s already healthy interest in Google?s receipt of, and response to, national security legal process skyrocketed.? Whoops. The FBI didn?t respond to requests for comment. The court didn?t respond to a request for comment left on Sunday. A Google spokesman declined to comment on if Google is indeed involved in the case, further highlighting how the government?s gag order remains in effect. The Google spokesman did however stand up for the unnamed technology company. ?We fight for our users and have petitioned the U.S. government for more openness about their requests for user information, so we find the government?s position in this case disappointing,? the spokesman said. The attorney listed on the filing, Todd Hinnen of Seattle firm Perkins Coie, represents Google in litigation, according to his online biography. Reached by phone Friday evening, Hinnen said he could ?neither confirm nor deny? the veracity of the document. He declined to comment on his involvement with Google. The company?s legal push against the records requests has been previously reported, after a filing error in California resulted in the release of a one-page document that included Google?s name and a reference to the law governing national security letters. But the government officially has never acknowledged Google?s involvement. In a June 5 letter to the court, the government argues that divulging the company?s name ?would alert current and potential adversaries and targets,? possibly leading them to ?change tactics and stop using the provider?s services altogether.? The government also argues that, if the court were to allow the company to acknowledge receipt of the national security letters, it would set a bad precedent and lead to many other companies being allowed to discuss NSLs. Google, for its part, says in its memo that discussion of NSLs should be part of ?a debate the President has encouraged? since the disclosure of Prism and other programs revealed by former NSA contractor Edward Snowden. ?Maintaining the redaction now serves only to protect a secret that everyone already knows,? the company says in the document. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Aug 26 13:57:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Aug 2013 14:57:51 -0400 Subject: [Infowarrior] - Facebook friends could change your credit score Message-ID: <3CB17853-CD95-4DD2-83F1-47DA887D16E2@infowarrior.org> Facebook friends could change your credit score http://money.cnn.com/2013/08/26/technology/social/facebook-credit-score/index.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 27 07:20:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Aug 2013 08:20:25 -0400 Subject: [Infowarrior] - MLK's Speech Led to FBI Surveillance Program Message-ID: <5A029798-EBDB-40B0-8300-27CBA6FBD394@infowarrior.org> King Address That Stirred World Led to FBI Surveillance Program By Tony Capaccio - Aug 27, 2013 12:00 AM ET http://www.bloomberg.com/news/2013-08-27/king-address-that-stirred-world-led-to-fbi-surveillance-program.html Martin Luther King Jr.?s ?I Have a Dream Speech? inspired the world. It also galvanized the Federal Bureau of Investigation into undertaking one of its biggest surveillance operations in history. Initially approved in October 1963 by then-Attorney General Robert Kennedy, the FBI?s wiretap and clandestine microphone campaign against King lasted until his assassination in April 1968. It was initially justified to probe King?s suspected, unproven links to the Communist Party, morphing into a crusade to ?neutralize? and discredit the civil rights leader. The speech?s impact on the FBI was first outlined in a 1976 report of the U.S. Senate ?Select Committee To Study Governmental Operations with Respect to Intelligence Activities,? known by its popular nickname, the ?Church Committee,? after Idaho Democrat Frank Church. At a time when the nation is absorbing revelations of telephone and e-mail surveillance by the National Security Agency, the FBI?s spying on King -- which had no court authorization or oversight -- stands as an example of domestic security gone to excess. ?The FBI?s program to destroy Dr. King as the leader of the civil rights movement entailed efforts to discredit him with churches, universities and the press,? said the report. It collected information about King?s plans and activities ?through an extensive surveillance program, employing nearly every intelligence gathering technique at the Bureau?s disposal,? said the report. Soviet Example William Sullivan, head of the FBI?s domestic intelligence division during the King surveillance program, told the committee in 1975 that, ?No holds were barred. We have used [similar] techniques against Soviet agents. [The same methods were] brought home against any organization against which we were targeted. We did not differentiate. This is a rough, tough business.? Sullivan reflected the view of top FBI leaders including Director J. Edgar Hoover, in an Aug. 30, 1963, post-speech memo entitled ?Communist Party, USA, Negro Question.? ?Personally, I believe in the light of King?s powerful, demagogic speech? that ?he stands head and shoulders over all other Negro leaders put together when it comes to influencing great masses,? Sullivan said. ?We must mark him now, if we have not done so before, as the most dangerous Negro of the future in this Nation from the standpoint of communism, the Negro and national security.? King ?Dangerous? The speech?s impact and popularity ?very directly contributes in a very major way to Sullivan characterizing? King as ?the most dangerous Negro? in the country,? Pulitzer Prize winning historian David Garrow wrote in an e-mail statement. ?FBI officials viewed the speech as significantly increasing King?s national stature,? Garrow said, making him ?measurably more ?dangerous? in the FBI?s view than he?d been prior? to it, Garrow said. Sullivan?s characterization was ?indicative of where the FBI?s top intelligence officers were coming from,? said Garrow, author of several books on King, including his 1987 Pulitzer Prize-winning biography, ?Bearing the Cross.? And it wasn?t just Hoover, it was ?an organizational culture of like-minded white men,? he said. In an Oct. 1, 1963, memo to his field offices, Hoover directed ?that we at once intensify our coverage of communist influence on the Negro.? Kennedy?s Approval Robert Kennedy that month approved the installation of wiretaps on King?s phone and those at the New York and Atlanta offices of his Southern Christian Leadership Conference, ostensibly to look into any communist ties. The bureau in December 1963 decided to expand its microphone and wiretap effort without telling Kennedy in ?a secret effort to discredit Dr. King and to ?neutralize? him as the leader of the civil rights movement,? said the Church report. The effort began in January 1964 and included installing microphones at hotels King visited. The first was the Willard Hotel in Washington, D.C., which yielded 19 reels of taped King conversations, said the Church report. The hotel this week sponsored an ?I Have a Dream? brunch with opera diva Denyce Graves to commemorate the 50th anniversary of the historic address. FBI Lessons Asked what lessons can be applied to the NSA surveillance issue from the Bureau?s 1960s campaign, Garrow said ?the richly-documented history? should be ?a well-remembered reminder that U.S. intelligence agencies should not be trusted to behave properly, or even legally, in the absence of aggressive investigative oversight.? Legal opinions from the court that authorizes foreign surveillance, which were declassified last week, said tens of thousands of Americans who sent e-mails from 2008 to 2011 had some of them scooped up by the NSA. The NSA intercepted as many as 56,000 electronic communications a year of Americans who weren?t suspected of having links to terrorism before a secret court found the operation unconstitutional in 2011, according to opinions. Postscript: Sullivan in 1975 testimony before the Church panel backtracked from his post-speech memo, noting ?we had to engage in a lot of nonsense which we ourselves really did not believe in.? To contact the reporter on this story: Tony Capaccio in Washington at acapaccio at bloomberg.net To contact the editors responsible for this story: Steven Komarow at skomarow1 at bloomberg.net; John Walcott at jwalcott9 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 27 07:20:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Aug 2013 08:20:28 -0400 Subject: [Infowarrior] - BATS + DirectEdge merger = second biggest US exchange Message-ID: <1EEA9B5D-2BAE-4D76-9F67-E9C9924594F7@infowarrior.org> Bats Agrees to Merge With Direct Edge as Volume Shrinks By Nandini Sukumar, Nikolaj Gammeltoft & Nick Taborek - Aug 26, 2013 10:15 AM ET http://www.bloomberg.com/news/2013-08-26/bats-agrees-to-merge-with-direct-edge-as-exchange-volume-shrinks.html Bats Global Markets Inc. and Direct Edge Holdings LLC agreed to merge, uniting two of the biggest American exchange operators amid a four-year decline in volume. The third- and fourth-largest equity market owners said the transaction will close in the first half of 2014. Joe Ratterman, the chief executive officer of Bats, will keep that role at the combined firm, while Direct Edge CEO William O?Brien will be president. Financial details weren?t disclosed. Formed by some of the fastest traders on Wall Street, the closely held companies have watched volume dry up in the U.S., cutting profits at the proprietary trading firms they count among their biggest customers. Shares changing hands on all U.S. exchanges have fallen 36 percent since 2009 to 6.3 billion shares a day in 2013 and profits for high-frequency traders slipped 80 percent, according to data compiled by Bloomberg and Rosenblatt Securities Inc. ?Volume is weak,? Dan Veru, the chief investment officer who helps oversee $4.5 billion at Palisade Capital Management LLC, said by phone from Fort Lee, New Jersey. ?That?s been the trend going on for quite some time. So unless you have real scale, it?s difficult to compete. Mergers like this probably create some scale.? The companies? four exchanges will keep operating, using Bats?s technology, according to a statement. The combination will be headquartered near Kansas City, Missouri. Bats is based in Lenexa, Kansas. Trading Systems Bats, an acronym for Better Alternative Trading System, started trading in 2006, aiming to match the incumbent exchanges on speed and beat them on prices. Seven years later, the firm?s daily average U.S. equity market share is about 10 percent, according to data from Tabb Group LLC. That compares to averages of 23 percent at NYSE Euronext and 18 percent at Nasdaq OMX Group Inc. Direct Edge has about 11 percent, Tabb said. The deal comes as IntercontinentalExchange Inc. (ICE) prepares to complete the acquisition of NYSE Euronext, which owns the New York Stock Exchange, the oldest U.S. bourse. Combining Bats, and Jersey City, New Jersey-based Direct Edge would make them the second-biggest market by volume. Bats, which tried and failed to go public last year, was founded in 2005 by high-frequency trader Dave Cummings of Tradebot Systems Inc. and, along with Direct Edge, helped dismantle the duopoly on American stocks that was enjoyed by the New York Stock Exchange and the Nasdaq Stock Market. ?Dominant Stranglehold? ?When Cummings set up Bats, it was really in response to the New York and Nasdaq having a dominant stranglehold on the equity trading market,? Larry Tabb, chief executive officer of the Tabb Group in New York, said in a phone interview on Aug. 23 after Bloomberg News reported the two companies were in discussions. ?But time moves on, order flows declined, it?s gotten much more competitive.? This year?s acquisition of market-making firm Knight Capital Group Inc. by Getco LLC, the Chicago-based high-frequency trader, may have made today?s merger more likely, Tabb said. Both are shareholders in Bats. Knight, now KCG Holdings Inc., also owns a stake in Direct Edge. Electronic platforms have seen their reputations dim over the last week after a connectivity issue caused Nasdaq to halt trading in all its listed shares for three hours yesterday and Goldman Sachs Group Inc. bombarded markets with mistaken options orders. Bats shut its main market for almost an hour on Aug. 6 when a computer system malfunctioned. Multiple Platforms Bats, run with about 160 employees from a two-story office complex, operates two stock exchanges and an options market in the U.S. as well as Bats Chi-X Europe, the largest pan-European stock exchange. O?Brien said in September 2012 that he was focused on expanding as an independent company following a report in the Wall Street Journal his firm was in merger discussions with the owner of the Toronto exchange. Speculation over a Direct Edge sale dates to December 2011, when the U.S. Justice Department made the divestiture of Deutsche Boerse AG?s 31.5 percent stake in the company, held through its International Securities Exchange unit, a condition of its proposed merger with NYSE Euronext. European regulators blocked the trans-Atlantic union two months later and the Frankfurt-based exchange never made a deal. Both companies count trading firms and banks among their owners, and Bats gained two new shareholders this month. Private-equity firms Spectrum Equity Investors LP and TA Associates Management LP bought all of Lehman Brothers Holdings Inc.?s estate when it exited its investment, according to a statement from Bats and the investors. Largest Owners Bats lists Getco as its largest owner with a 15.4 percent voting interest. Other owners include Morgan Stanley, Credit Suisse Group AG, Nomura Holdings Inc. and Citigroup Inc. KCG, Goldman Sachs Group Inc. and Citadel all have a 19.9 percent stake in Direct Edge. An additional 8.8 percent belongs to a group of five brokers, including New York-based JPMorgan Chase & Co. ?It makes sense,? Paul Gulberg, an analyst at Portales Partners LLC, said in a phone interview Aug. 23. ?A combined company is probably more efficient to run.? To contact the reporters on this story: Nandini Sukumar in London at nsukumar at bloomberg.net; Nikolaj Gammeltoft in New York at ngammeltoft at bloomberg.net; Nick Taborek in New York at ntaborek at bloomberg.net To contact the editor responsible for this story: Lynn Thomasson at lthomasson at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 27 11:09:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Aug 2013 12:09:30 -0400 Subject: [Infowarrior] - Facebook: Governments Demanded Data On 38K Users Message-ID: Facebook: Governments Demanded Data On 38K Users by The Associated Press August 27, 201311:12 AM http://www.npr.org/templates/story/story.php?storyId=216075828 WASHINGTON (AP) ? Government agents in 74 countries demanded information on about 38,000 Facebook users in the first half of this year, with about half the orders coming from authorities in the United States, the company said Tuesday. The social-networking giant is the latest technology company to release figures on how often governments seek information about its customers. Microsoft and Google have done the same. As with the other companies, it's hard to discern much from Facebook's data, besides the fact that, as users around the globe flocked to the world's largest social network, police and intelligence agencies followed. Facebook and Twitter have become organizing platforms for activists and, as such, have become targets for governments. During anti-government protests in Turkey in May and June, Turkish Prime Minister Recep Tayyip Erdogan called social media "the worst menace to society." At the time, Facebook denied it provided information about protest organizers to the Turkish government. Data released Tuesday show authorities in Turkey submitted 96 requests covering 173 users. Facebook said it provided some information in about 45 of those cases, but there's no information on what was turned over and why. "We fight many of these requests, pushing back when we find legal deficiencies and narrowing the scope of overly broad or vague requests," Colin Stretch, Facebook's general counsel company said in a blog post. "When we are required to comply with a particular request, we frequently share only basic user information, such as name." Facebook spokeswoman Sarah Feinberg said the company stands by its assertions that it gave no information regarding the Turkey protests. "The data included in the report related to Turkey is about child endangerment and emergency law enforcement requests," she said. Facebook and other technology companies have been criticized for helping the National Security Agency secretly collect data on customers. Federal law gives government the authority to demand data without specific warrants, and while companies can fight requests in secret court hearings, it's an uphill battle. Facebook turned over some data in response to about 60 percent of those requests. It's not clear from the Facebook data how many of the roughly 26,000 government requests on 38,000 users were for law-enforcement purposes and how many were for intelligence gathering. Technology and government officials have said criminal investigations are far more common than national security matters as a justification for demanding information from companies. The numbers are imprecise because the federal government forbids companies from revealing how many times they've been ordered to turn over information about their customers. Facebook released only a range of figures for the United States. The company said it planned to start releasing these figures regularly. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 27 12:09:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Aug 2013 13:09:01 -0400 Subject: [Infowarrior] - SiriusXM sued for millions in 'unpaid' music royalties Message-ID: <7D7B8E18-6EFF-4B63-BCC3-DCFF37243E28@infowarrior.org> SiriusXM sued for millions in 'unpaid' music royalties Royalties group takes satellite radio service to court for up to $100m By Brid-Aine Parnell, 27th August 2013 http://www.theregister.co.uk/2013/08/27/soundexchange_sues_siriusxm_digital_royalties/ Digital rights organisation SoundExchange has filed a lawsuit against satellite radio giant SiriusXM for what it termed "massive underpayment of royalties" from 2007 to 2012. The nonprofit group, which collects digital royalties on behalf of artists, said it believed that the satellite radio service provider ? which had 25 million subscribers as of last quarter ? owed somewhere between $50m and $100m for making allegedly illegal deductions and exemptions when calculating the fees, including deducting for pre-1972 recordings. SoundExchange also accused SiriusXM of leaving out the extra bump in money made from its Premier package as well as the funds that came in from its Family Friendly and Mostly Music packages in its royalty calculations. Just to top things off, the group also said the radio service had failed to pay the fees for several late payments during the six-year period. ?SiriusXM is knowingly withholding royalties from the creators who bring life to their service, even as the company continues to experience unprecedented and explosive growth,? said Michael Huppe, president and CEO of SoundExchange, in a canned statement. ?We cannot sit by and watch this multi-billion dollar company reap record profits from the creative contributions of artists and labels without paying them everything they deserve.? Sound recordings were not given federal copyright protection until 1972 and instead relied on individual US states' laws for protection. SoundExchange claims that Sirius reduced its royalty payments by between 10 and 15 per cent, corresponding with the number of pre-1972 recordings played through Sirius's service. According to the group, during the same time it was underpaying royalties, SiriusXM grew its subscribers from 17 million to 24 million and revenues from $2.06bn to $3.4bn. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 27 16:03:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Aug 2013 17:03:56 -0400 Subject: [Infowarrior] - Schneier on NSA/FBI intimidation Message-ID: NSA intimidation expanding surveillance state: Column Bruce Schneier 1:40 p.m. EDT August 27, 2013 We need protection from intelligence-gathering run amok. http://www.usatoday.com/story/opinion/2013/08/27/nsa-snowden-russia-obama-column/2702461/ If there's any confirmation that the U.S. government has commandeered the Internet for worldwide surveillance, it is what happened with Lavabit earlier this month. Lavabit is -- well, was -- an e-mail service that offered more privacy than the typical large-Internet-corporation services that most of us use. It was a small company, owned and operated by Ladar Levison, and it was popular among the tech-savvy. NSA whistleblower Edward Snowden among its half-million users. Last month, Levison reportedly received an order -- probably a National Security Letter -- to allow the NSA to eavesdrop on everyone's e-mail accounts on Lavabit. Rather than "become complicit in crimes against the American people," he turned the service off. Note that we don't know for sure that he received a NSL -- that's the order authorized by the Patriot Act that doesn't require a judge's signature and prohibits the recipient from talking about it -- or what it covered, but Levison has said that he had complied with requests for individual e-mail access in the past, but this was very different. So far, we just have an extreme moral act in the face of government pressure. It's what happened next that is the most chilling. The government threatened him with arrest, arguing that shutting down this e-mail service was a violation of the order. There it is. If you run a business, and the FBI or NSA want to turn it into a mass surveillance tool, they believe they can do so, solely on their own initiative. They can force you to modify your system. They can do it all in secret and then force your business to keep that secret. Once they do that, you no longer control that part of your business. You can't shut it down. You can't terminate part of your service. In a very real sense, it is not your business anymore. It is an arm of the vast U.S. surveillance apparatus, and if your interest conflicts with theirs then they win. Your business has been commandeered. For most Internet companies, this isn't a problem. They are already engaging in massive surveillance of their customers and users -- collecting and using this data is the primary business model of the Internet -- so it's easy to comply with government demands and give the NSA complete access to everything. This is what we learned from Edward Snowden. Through programs like PRISM, BLARNEY and OAKSTAR, the NSA obtained bulk access to services like Gmail and Facebook, and to Internet backbone connections throughout the US and the rest of the world. But if it were a problem for those companies, presumably the government would not allow them to shut down. To be fair, we don't know if the government can actually convict someone of closing a business. It might just be part of their coercion tactics. Intimidation, and retaliation, is part of how the NSA does business. Former Qwest CEO Joseph Nacchio has a story of what happens to a large company that refuses to cooperate. In February 2001 -- before the 9/11 terrorist attacks -- the NSA approached the four major US telecoms and asked for their cooperation in a secret data collection program, the one we now know to be the bulk metadata collection program exposed by Edward Snowden. Qwest was the only telecom to refuse, leaving the NSA with a hole in its spying efforts. The NSA retaliated by canceling a series of big government contracts with Qwest. The company has since been purchased by CenturyLink, which we presume is more cooperative with NSA demands. That was before the Patriot Act and National Security Letters. Now, presumably, Nacchio would just comply. Protection rackets are easier when you have the law backing you up. As the Snowden whistleblowing documents continue to be made public, we're getting further glimpses into the surveillance state that has been secretly growing around us. The collusion of corporate and government surveillance interests is a big part of this, but so is the government's resorting to intimidation. Every Lavabit-like service that shuts down -- and there have been several --- gives us consumers less choice, and pushes us into the large services that cooperate with the NSA. It's past time we demanded that Congress repeal National Security Letters, give us privacy rights in this new information age, and force meaningful oversight on this rogue agency. Bruce Schneier writes about security and technology. His latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Aug 27 21:04:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Aug 2013 22:04:12 -0400 Subject: [Infowarrior] - CA High School Students Kill A First Amendment-Violating 'Social Media Contract' Message-ID: <1E943174-C7D2-42C7-A69F-908EAD50E266@infowarrior.org> CA High School Students Kill A First Amendment-Violating 'Social Media Contract' http://www.techdirt.com/articles/20130815/15270224193/ca-high-school-students-kill-first-amendment-violating-social-media-contract.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Aug 28 14:43:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Aug 2013 15:43:01 -0400 Subject: [Infowarrior] - WH names members of the NSA "review group" Message-ID: For Immediate Release August 27, 2013 http://www.whitehouse.gov/the-press-office/2013/08/27/statement-press-secretary-review-group-intelligence-and-communications-t Statement by the Press Secretary on the Review Group on Intelligence and Communications Technology On August 9, President Obama called for a high-level group of experts to review our intelligence and communications technologies. Today the President met with the members of this group: Richard Clarke, Michael Morell, Geoffrey Stone, Cass Sunstein and Peter Swire. These individuals bring to the task immense experience in national security, intelligence, oversight, privacy and civil liberties. The Review Group will bring a range of experience and perspectives to bear to advise the President on how, in light of advancements in technology, the United States can employ its technical collection capabilities in a way that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure. The President thanked the Members of the Group for taking on this important task and looks forward to hearing from them as their work proceeds. Within 60 days of beginning their work, the Review Group will brief their interim findings to the President through the Director of National Intelligence, and the Review Group will provide a final report and recommendations to the President. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 29 12:44:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Aug 2013 13:44:53 -0400 Subject: [Infowarrior] - NYPD designates mosques as terrorism organizations Message-ID: NYPD designates mosques as terrorism organizations http://news.yahoo.com/nypd-designates-mosques-terrorism-organizations-070801349.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 29 12:48:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Aug 2013 13:48:55 -0400 Subject: [Infowarrior] - US IC budget details leaked Message-ID: <0CD300E4-6B39-4388-9906-66667EA1F684@infowarrior.org> U.S. spy network?s successes, failures and objectives detailed in ?black budget? summary By Barton Gellman and Greg Miller, U.S. spy agencies have built an intelligence-gathering colossus since the attacks of Sept. 11, 2001, but remain unable to provide critical information to the president on a range of national security threats, according to the government?s top secret budget. The $52.6 billion ?black budget? for fiscal 2013, obtained by The Washington Post from former intelligence contractor Edward Snowden, maps a bureaucratic and operational landscape that has never been subject to public scrutiny. Although the government has annually released its overall level of intelligence spending since 2007, it has not divulged how it uses those funds or how it performs against the goals set by the president and Congress. The 178-page budget summary for the National Intelligence Program details the successes, failures and objectives of the 16 spy agencies that make up the U.S. intelligence community, which has 107,035 employees. The summary describes cutting-edge technologies, agent recruiting and ongoing operations. The Washington Post is withholding some information after consultation with U.S. officials who expressed concerns about the risk to intelligence sources and methods. Sensitive details are so pervasive in the documents that The Post is publishing only summary tables and charts online. < big snip > http://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_print.html From rforno at infowarrior.org Thu Aug 29 17:32:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Aug 2013 18:32:17 -0400 Subject: [Infowarrior] - Federal Court Sides With ACLU in No Fly List Lawsuit Message-ID: <37558C25-3B6E-49E8-BB78-3BFAA4B6D027@infowarrior.org> Federal Court Sides With ACLU in No Fly List Lawsuit Court Recognizes Due Process Rights of Americans on List https://www.aclu.org/national-security/federal-court-sides-aclu-no-fly-list-lawsuit August 29, 2013 FOR IMMEDIATE RELEASE CONTACT: 212-549-2666, media at aclu.org PORTLAND, Ore. ? A federal court ruled late yesterday that constitutional rights are at stake when the government places Americans on the No Fly List, agreeing with the plaintiffs in a lawsuit filed by the American Civil Liberties Union. The suit challenges the process for attempting to get off the list as unfair, inadequate, and unconstitutional. The decision also asked the ACLU and the government to submit additional information about the No Fly List redress procedure in order to help the court decide the ultimate question of whether it satisfies the Fifth Amendment's guarantee of due process. "This decision is a critically important step towards vindicating the due process rights of Americans on the No Fly List," said ACLU Staff Attorney Nusrat Choudhury, one of the attorneys who argued the case in June. "For the first time, a federal court has recognized that when the government bans Americans from flying and smears them as suspected terrorists, it deprives them of constitutionally protected liberties, and they must have a fair process to clear their names. The No Fly List procedures violate due process because the government refuses to provide any explanation or a hearing for innocent Americans to challenge their inclusion, and we look forward to making that case to the court." The national ACLU, along with its affiliates in Oregon, Southern California, Northern California, and New Mexico, filed the lawsuit in June 2010. It represents 13 U.S. citizens, including four military veterans, who are on the No Fly List and banned from flying to or from the U.S. or over American airspace. In July 2012, the 9th Circuit Appeals Court reversed the district court's dismissal of the case on jurisdictional grounds, and now the district court is considering the case on its merits. In yesterday's ruling, U.S. District Judge Anna J. Brown wrote, "Although there are perhaps viable alternatives to flying for domestic travel within the continental United States such as traveling by car or train, the Court disagrees with Defendants? contention that international air travel is a mere convenience in light of the realities of our modern world. Such an argument ignores the numerous reasons an individual may have for wanting or needing to travel overseas quickly such as for the birth of a child, the death of a loved one, a business opportunity, or a religious obligation? the Court concludes on this record that Plaintiffs have a constitutionally-protected liberty interest in traveling internationally by air, which is affected by being placed on the list." Plaintiff Abe Mashal, a U.S. Marine Corps veteran and dog trainer, has lost the business of clients located outside of driving distance from his home in Illinois, and he was unable to travel to Hawaii for his sister-in-law's graduation. "Putting me on a blacklist without telling me why or giving me a chance to clear my name is fundamentally unfair," Mashal said. "I've done nothing wrong, yet the government is putting me through great personal and financial hardship." According to media reports, there are more than 20,000 people on the No Fly List. Their only recourse is to file a request with the Department of Homeland Security's "Traveler Redress Inquiry Program," after which DHS responds with a letter that does not explain why they were denied boarding. The letter does not confirm or deny whether their names remain on the No Fly List, and does not indicate whether they can fly. The only way for a person to find out if his or her name was removed from the No Fly List is to buy a plane ticket, go to the airport, see if he or she can get on the flight ? taking the risk of being denied boarding and marked as a suspected terrorist, and losing the cost of the airline ticket. The ACLU argues that this system violates the Fifth Amendment's requirement that the government cannot deprive a person of liberty "without due process of law." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Aug 29 21:50:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Aug 2013 22:50:15 -0400 Subject: [Infowarrior] - DNI to publish numbers of secret spying orders Message-ID: AP/ August 29, 2013, 8:58 PM Intel chief to publish numbers of secret spying orders http://www.cbsnews.com/8301-250_162-57600716/intel-chief-to-publish-numbers-of-secret-spying-orders/ WASHINGTON The nation's top intelligence official said Thursday that he'll now release figures every year on how many new top secret court orders and national security letters are issued and how many people are targeted because of them. Director of National Intelligence James R. Clapper said in a statement that the number of Foreign Intelligence Surveillance Court orders and national security letters authorizing spying will be published on a website established to show the American people how U.S. spy agencies work. The court orders and letters are tools authorized by the USA Patriot Act to pursue suspects related to terrorism and espionage. Publishing the numbers is part of President Barack Obama's edict to provide more transparency and to try to convince Americans that they are not being spied on, after leaks by former National Security Agency systems analyst Edward Snowden revealed the NSA annually gathers millions of U.S. phone and Internet records and has scooped up thousands of U.S. emails mixed with those of terror suspects. Several lawmakers have called for the court orders to be declassified, and have drafted at least 19 bills aimed at trimming the NSA's spying authority. The NSA made public three formerly secret court opinions last week which revealed the agency was ordered in 2011 to stop collecting thousands of Internet communications from Americans with no connection to terrorism -- a practice it says was an unintended consequence when it gathered bundles of Internet traffic connected to terror suspects. A judge had ordered the NSA to publish one of the court orders; the other two released showed the agency had changed its processes and received a legal sign-off by the secret court on a procedure to limit how long the mixed emails may be stored and how the data may be accessed when it is likely to include U.S. citizens' emails. ? 2013 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 30 07:26:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Aug 2013 08:26:06 -0400 Subject: [Infowarrior] - =?windows-1252?q?Facebook_scoops_up_mobile_phone_?= =?windows-1252?q?numbers_=96_but_won=27t_say_why?= Message-ID: Original URL: http://www.theregister.co.uk/2013/08/30/facebook_data_usage_policy_rejigged_again/ Facebook scoops up mobile phone numbers ? but won't say why By Kelly Fiveash Posted in Applications, 30th August 2013 11:33 GMT Facebook is slurping mobile phone numbers from its users without explaining why, it has emerged. In an upcoming overhaul to the social network's data use policy, Facebook said it had made a number of updates about the information it receives about individuals using the free content ad network. It includes simplifying the language it uses to explain what information it receives from users whenever they are using or "running" Facebook. It said it was also clarifying that some of that information reveals details about the device itself such as an IP address, operating system or ? surprisingly ? a mobile phone number. The Register has asked Facebook to clarify this point as it's not clear from the revised policy wording if a mobile number is scooped up without an individual's knowledge or as a result of it being previously submitted by that person to access some of the company's services. Importantly, Facebookers are not required to cough up their mobile phone number upon registering with the service. At time of writing, Facebook was yet to respond with comment. The Nasdaq-listed company announced yesterday that it once again planned to rejigger its user policies, in part in response to a $20m US legal settlement. Facebook has agreed to explain how it uses a name, profile picture, content and information in connection with ads after it got into hot water over its Sponsored Stories function, which ? without prior consent ? served adverts to Facebookers featuring the faces and names of people who had "Liked" a particular product. The Mark Zuckerberg-run outfit now states that it will no longer take responsibility for how those ads are served, because users will have agreed to that usage upon signing up to the network. Existing users will also be expected to simply comply with the new terms, or else ditch Facebook in protest against how their data is being re-purposed: Our goal is to deliver advertising and other commercial or sponsored content that is valuable to our users and advertisers. In order to help us do that, you agree to the following: You give us permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you. If you have selected a specific audience for your content or information, we will respect your choice when we use it. If you are under the age of eighteen (18), or under any other applicable age of majority, you represent that at least one of your parents or legal guardians has also agreed to the terms of this section (and the use of your name, profile picture, content, and information) on your behalf. We do not give your content or information to advertisers without your consent. You understand that we may not always identify paid services and communications as such. Facebook also made it clear that the company can use photo recognition software to correctly identify people on the network. It said: We are able to suggest that your friend tag you in a picture by scanning and comparing your friend's pictures to information we've put together from your profile pictures and the other photos in which you've been tagged. Facebook added that individuals can control that tagging function by finding the adequate setting (in this case: "Timeline and Tagging") to turn photo recognition off. It is also having to tell people that when they're casually browsing the free content ad network on mobile devices, they are paying operators for any data they use "including sponsored or commercial content". And, for the few among us who still believe the conceit that Facebook is first and foremost about connecting people across the globe, the company stated that there were "special provisions applicable to users outside the United States". It continued: We made [it] clear that you are not allowed to use Facebook if you are prohibited from receiving products or services from the United States. The network is, of course, jammed with ads. So presumably a country such as Cuba, for example, will no longer be granted access to Facebook given that the US has maintained an economic embargo against the South American country since 1960. After all, Facebook can't make ad bucks from Cubans who cannot access goods and services offered by US corporations. The policy changes will be applied by the end of next week and come less than a year since Facebook last tweaked its "privacy" settings. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Aug 30 07:57:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Aug 2013 08:57:35 -0400 Subject: [Infowarrior] - NYC to Court: Cameras are ok anywhere, except on police Message-ID: Mayor Bloomberg Loves Security Cameras Everywhere... Until His Police Are Ordered To Wear Them http://www.techdirt.com/articles/20130829/19515424360/mayor-bloomberg-loves-security-cameras-everywhere-until-his-police-are-ordered-to-wear-them.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 31 09:49:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Aug 2013 10:49:01 -0400 Subject: [Infowarrior] - OT: Thoughts on Obama's March to Folly in Syria References: <41091761-17EC-4425-9233-473B75637CA0@gmail.com> Message-ID: <166854A6-C7CB-410F-ADF6-1AA0604AFF0C@infowarrior.org> Chuck's comments in particular are worth reading as the drums of war here in Versailles on the Potomac beat louder with each passing day. (Note: Chuck is a long-time friend and former DOD analyst. --rick) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. > From: Chuck Spinney > > President Obama's Syria nightmare is becoming increasingly bizarre. The man who claimed he could distinguish dumb from smart wars is marching headlong into the dumbest one yet, with allies jumping ship left and right. Consider, please, the following: > > (1) NBC just released a poll saying a majority of the American people are opposed to another war in Syria, and 80% are opposed to a war without Congressional authorization. > > (2) But Congress is out of session. Nevertheless Mr. Obama is under pressure to attack before Congress returns from its Labor Day vacation. Moreover, despite the fact that at least 188 members of Congress have called for a debate and vote on the war question; thus far, Mr. Obama has not indicated he will call Congress into an emergency session. Yet six years ago, Senator (candidate) Obama told interviewer Charlie Savage on December 20, 2007: "The President does not have power under the Constitution to unilaterally authorize a military attack in a situation that does not involve stopping an actual or imminent threat to the nation." > > (3) The nearest counterpart to our Congress, the British Parliament, just voted to pull the plug on Prime Minister David Cameron's warmongering -- and in so doing, the unwritten British Constitution has made a mockery of the written, legalistic US Constitution. Bottom line: the checks and balances in the UK are working to ensure our closest ally will not partake in our adventure, while those in the United States are being bypassed. > > (4) The UN and the Security Council also pulled the plug on approving and supporting a US strike; ditto for the Arab League and Jordan, and our coup-leading friends in Egypt. > > (5) The secretary general of NATO, Anders Rasmussen, said NATO will not be part of a strike on Syria. > > So who is left in Obama's increasingly isolated coalition of the willing: France and Israel -- two countries with a lot of sordid baggage loading down the Syria Question. Some readers may never have heard of the Sykes-Picot Agreement, but your can bet most Syrians have. > > A reasonable person might ask how an obviously intelligent Mr. Obama could land himself in such a mess? > > The proximate cause is clear: Mimicking Israeli Prime Minister Netanyahu's provocative definition of a red line on Iranian nukes, Mr. Obama recklessly established a red line on chemical weapons in the ongoing increasingly chaotic Syrian civil war. But the red line made Obama vulnerable to being boxed in by all sorts of false flag operations -- and false flags are a recurring reality in the wilderness of mirrors that is Middle Eastern politics. Ironically, President Assad, who is being blamed for the release of chemical weapons, is about the only player in the game who has nothing to gain from a such an attack. > > While it is too early understand the deeper reasons for Obama's mad march to war, I submit there is at least one hypothesis that is at least superficially consistent with the behaviour patterns of Obama and his advisors: Mr. Obama's (and that of his advisors') behaviour stems in part from the subtle interactions of at least two psychological factors that shape the Orientation driving the decision making behaviour of their OODA loops. > > The first stems from a habitual belief that Mr. Obama -- an inveterate deal maker -- can control domestic politics by cutting and shaving political differences at home. But cutting and shaving uses up maneuvering space, and its gradual loss has insensibly salami-sliced him into a corner. Policy to aid rebels with nonlethal aid then establishing the red line being cases in point; each bought time at the expense of future flexibility. In effect, Mr. Obama, by his own volition, has slowly become ensnared by the permanent war party in Versailles on the Potomac. This cutting an shaving is also evident in his conduct of the drone campaign and Afghan War, not to mention his inability to significantly reduce the Pentagon's bloated budget. > > The second factor -- a naivet? about the effectiveness of precision weapons -- compounds the first in shaping the Orientation of the President and his advisors. Prior to becoming President, Mr. Obama had no experience in the conduct of military affairs. In effect, the Orientation driving his decision cycle was like a blank sheet to be filled in by "experts." His obvious intelligence and lawyerly mind has made him especially vulnerable to pseudo-scientific, logical sounding exhortations of a group-thinking coterie of formal and informal defense advisors. These officials have a long track record of grossly exaggerating the revolutionary capabilities of precision weapons. The persuasive power of their exhortations is usually packaged in slick looking power point briefings, hard to fathom computer simulations, glossy contractor advertisements, etc. The hidden assumptions, excessive technical complexity, and aura of scientific authority surrounding these exhortations, especially when coupled with arrogant notions about the utility of guided bombs in carefully calibrated tit-for-tat political signaling, at once capture the intellect and stroke the political ego of leaders. > > Bringing these two strains of though together, habits and naive beliefs -- more generally, arrogance and ignorance -- have, in effect, worked insidiously to sap Mr. Obama of the initiative in the Syrian Question and have rendered him a passive traveller into a trap of his own making. > > If I am right, then in effect, President Obama is now a reactive player struggling to preserve himself in the US march to folly. A natural question is who and what pressures are driving the parade? Cui bono? > > The seasoned Middle Eastern reporter, Robert Fisk, has one theory: > > Published on Friday, August 30, 2013 by The Independent/UK > Iran, Not Syria, Is the West's Real Target > Iran is ever more deeply involved in protecting the Syrian government. Thus a victory for Bashar is a victory for Iran. And Iranian victories cannot be tolerated by the West > > by Robert Fisk > > Before the stupidest Western war in the history of the modern world begins ? I am, of course, referring to the attack on Syria that we all yet have to swallow ? it might be as well to say that the cruise missiles which we confidently expect to sweep onto one of mankind?s oldest cities have absolutely nothing to do with Syria. > > They are intended to harm Iran. They are intended to strike at the Islamic republic now that it has a new and vibrant president ? as opposed to the crackpot Mahmoud Ahmadinejad ? and when it just might be a little more stable. > > Iran is Israel?s enemy. Iran is therefore, naturally, America?s enemy. So fire the missiles at Iran?s only Arab ally. > > There is nothing pleasant about the regime in Damascus. Nor do these comments let the regime off the hook when it comes to mass gassing. But I am old enough to remember that when Iraq ? then America?s ally ? used gas against the Kurds of Hallabjah in 1988, we did not assault Baghdad. Indeed, that attack would have to wait until 2003, when Saddam no longer had any gas or any of the other weapons we had nightmares over. > > And I also happen to remember that the CIA put it about in 1988 that Iran was responsible for the Hallabjah gassings, a palpable lie that focused on America?s enemy whom Saddam was then fighting on our behalf. And thousands ? not hundreds ? died in Hallabjah. But there you go. Different days, different standards. > > And I suppose it?s worth noting that when Israel killed up to 17,000 men, women and children in Lebanon in 1982, in an invasion supposedly provoked by the attempted PLO murder of the Israeli ambassador in London ? it was Saddam?s mate Abu Nidal who arranged the killing, not the PLO, but that doesn?t matter now ? America merely called for both sides to exercise ?restraint?. And when, a few months before that invasion, Hafez al-Assad ? father of Bashar ? sent his brother up to Hama to wipe out thousands of Muslim Brotherhood rebels, nobody muttered a word of condemnation. ?Hama Rules? is how my old mate Tom Friedman cynically styled this bloodbath. > > Anyway, there?s a different Brotherhood around these days ? and Obama couldn?t even bring himself to say ?boo? when their elected president got deposed. > > But hold on. Didn?t Iraq ? when it was ?our? ally against Iran ? also use gas on the Iranian army? It did. I saw the Ypres-like wounded of this foul attack by Saddam ? US officers, I should add, toured the battlefield later and reported back to Washington ? and we didn?t care a tinker?s curse about it. Thousands of Iranian soldiers in the 1980-88 war were poisoned to death by this vile weapon. > > I travelled back to Tehran overnight on a train of military wounded and actually smelled the stuff, opening the windows in the corridors to release the stench of the gas. These young men had wounds upon wounds ? quite literally. They had horrible sores wherein floated even more painful sores that were close to indescribable. Yet when the soldiers were sent to Western hospitals for treatment, we journos called these wounded ? after evidence from the UN infinitely more convincing than what we?re likely to get from outside Damascus ? ?alleged? gas victims. > > So what in heaven?s name are we doing? After countless thousands have died in Syria?s awesome tragedy, suddenly ? now, after months and years of prevarication ? we are getting upset about a few hundred deaths. Terrible. Unconscionable. Yes, that is true. But we should have been traumatised into action by this war in 2011. And 2012. But why now? > > I suspect I know the reason. I think that Bashar al-Assad?s ruthless army might just be winning against the rebels whom we secretly arm. With the assistance of the Lebanese Hezbollah ? Iran?s ally in Lebanon ? the Damascus regime broke the rebels in Qusayr and may be in the process of breaking them north of Homs. Iran is ever more deeply involved in protecting the Syrian government. Thus a victory for Bashar is a victory for Iran. And Iranian victories cannot be tolerated by the West. > > And while we?re on the subject of war, what happened to those magnificent Palestinian-Israeli negotiations that John Kerry was boasting about? While we express our anguish at the hideous gassings in Syria, the land of Palestine continues to be gobbled up. Israel?s Likudist policy ? to negotiate for peace until there is no Palestine left ? continues apace, which is why King Abdullah of Jordan?s nightmare (a much more potent one than the ?weapons of mass destruction? we dreamed up in 2003) grows larger: that ?Palestine? will be in Jordan, not in Palestine. > > > Robert Fisk is Middle East correspondent for The Independent newspaper. He is the author of many books on the region, including The Great War for Civilisation: The Conquest of the Middle East. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sat Aug 31 10:13:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Aug 2013 11:13:19 -0400 Subject: [Infowarrior] - U.S. mounted 231 offensive cyber-operations in 2011 Message-ID: U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show By Barton Gellman and Ellen Nakashima http://www.washingtonpost.com/world/national-security/us-spy-agencies-mounted-231-offensive-cyber-operations-in-2011-documents-show/2013/08/30/d090a6ae-119e-11e3-b4cb-fd7ce041d814_print.html U.S. intelligence services carried out 231 offensive cyber-operations in 2011, the leading edge of a clandestine campaign that embraces the Internet as a theater of spying, sabotage and war, according to top-secret documents obtained by The Washington Post. That disclosure, in a classified intelligence budget provided by NSA leaker Edward Snowden, provides new evidence that the Obama administration?s growing ranks of cyberwarriors infiltrate and disrupt foreign computer networks. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control. Budget documents say the $652 million project has placed ?covert implants,? sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions. The documents provided by Snowden and interviews with former U.S. officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood. The Obama administration treats all such cyber-operations as clandestine and declines to acknowledge them. The scope and scale of offensive operations represent an evolution in policy, which in the past sought to preserve an international norm against acts of aggression in cyberspace, in part because U.S. economic and military power depend so heavily on computers. ?The policy debate has moved so that offensive options are more prominent now,? said former deputy defense secretary William J. Lynn III, who has not seen the budget document and was speaking generally. ?I think there?s more of a case made now that offensive cyberoptions can be an important element in deterring certain adversaries.? Of the 231 offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets, which former officials say includes adversaries such as Iran, Russia, China and North Korea and activities such as nuclear proliferation. The document provided few other details about the operations. Stuxnet, a computer worm reportedly developed by the United States and Israel that destroyed Iranian nuclear centrifuges in attacks in 2009 and 2010, is often cited as the most dramatic use of a cyberweapon. Experts said no other known cyberattacks carried out by the United States match the physical damage inflicted in that case. U.S. agencies define offensive cyber-operations as activities intended ?to manipulate, disrupt, deny, degrade, or destroy information resident in computers or computer networks, or the computers and networks themselves,? according to a presidential directive issued in October 2012. Most offensive operations have immediate effects only on data or the proper functioning of an adversary?s machine: slowing its network connection, filling its screen with static or scrambling the results of basic calculations. Any of those could have powerful effects if they caused an adversary to botch the timing of an attack, lose control of a computer or miscalculate locations. U.S. intelligence services are making routine use around the world of government-built malware that differs little in function from the ?advanced persistent threats? that U.S. officials attribute to China. The principal difference, U.S. officials told The Post, is that China steals U.S. corporate secrets for financial gain. ?The Department of Defense does engage? in computer network exploitation, according to an e-mailed statement from an NSA spokesman, whose agency is part of the Defense Department. ?The department does ***not*** engage in economic espionage in any domain, including cyber.? ?Millions of implants? The administration?s cyber-operations sometimes involve what one budget document calls ?field operations? abroad, commonly with the help of CIA operatives or clandestine military forces, ?to physically place hardware implants or software modifications.? Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO). As its name suggests, TAO builds attack tools that are custom-fitted to their targets. The NSA unit?s software engineers would rather tap into networks than individual computers because there are usually many devices on each network. Tailored Access Operations has software templates to break into common brands and models of ?routers, switches and firewalls from multiple product vendor lines,? according to one document describing its work. The implants that TAO creates are intended to persist through software and equipment upgrades, to copy stored data, ?harvest? communications and tunnel into other connected networks. This year TAO is working on implants that ?can identify select voice conversations of interest within a target network and exfiltrate select cuts,? or excerpts, according to one budget document. In some cases, a single compromised device opens the door to hundreds or thousands of others. Sometimes an implant?s purpose is to create a back door for future access. ?You pry open the window somewhere and leave it so when you come back the owner doesn?t know it?s unlocked, but you can get back in when you want to,? said one intelligence official, who was speaking generally about the topic and was not privy to the budget. The official spoke on the condition of anonymity to discuss sensitive technology. Under U.S. cyberdoctrine, these operations are known as ?exploitation,? not ?attack,? but they are essential precursors both to attack and defense. By the end of this year, GENIE is projected to control at least 85,000 implants in strategically chosen machines around the world. That is quadruple the number ? 21,252 ? available in 2008, according to the U.S. intelligence budget. The NSA appears to be planning a rapid expansion of those numbers, which were limited until recently by the need for human operators to take remote control of compromised machines. Even with a staff of 1,870 people, GENIE made full use of only 8,448 of the 68,975 machines with active implants in 2011. For GENIE?s next phase, according to an authoritative reference document, the NSA has brought online an automated system, code-named TURBINE, that is capable of managing ?potentially millions of implants? for intelligence gathering ?and active attack.? ?The ROC? When it comes time to fight the cyberwar against the best of the NSA?s global competitors, the TAO calls in its elite operators, who work at the agency?s Fort Meade headquarters and in regional operations centers in Georgia, Texas, Colorado and Hawaii. The NSA?s organizational chart has the main office as S321. Nearly everyone calls it ?the ROC,? pronounced ?rock?: the Remote Operations Center. ?To the NSA as a whole, the ROC is where the hackers live,? said a former operator from another section who has worked closely with the exploitation teams. ?It?s basically the one-stop shop for any kind of active operation that?s not defensive.? Once the hackers find a hole in an adversary?s defense, ?[t]argeted systems are compromised electronically, typically providing access to system functions as well as data. System logs and processes are modified to cloak the intrusion, facilitate future access, and accomplish other operational goals,? according to a 570-page budget blueprint for what the government calls its Consolidated Cryptologic Program, which includes the NSA. Teams from the FBI, the CIA and U.S. Cyber Command work alongside the ROC, with overlapping missions and legal authorities. So do the operators from the NSA?s National Threat Operations Center, whose mission is focused primarily on cyber?defense. That was Snowden?s job as a Booz Allen Hamilton contractor, and it required him to learn the NSA?s best hacking techniques. According to one key document, the ROC teams give Cyber Command ?specific target related technical and operational material (identification/recognition), tools and techniques that allow the employment of U.S. national and tactical specific computer network attack mechanisms.? The intelligence community?s cybermissions include defense of military and other classified computer networks against foreign attack, a task that absorbs roughly one-third of a total cyber operations budget of $1.02 billion in fiscal 2013, according to the Cryptologic Program budget. The ROC?s breaking-and-entering mission, supported by the GENIE infrastructure, spends nearly twice as much: $651.7 million. Most GENIE operations aim for ?exploitation? of foreign systems, a term defined in the intelligence budget summary as ?surreptitious virtual or physical access to create and sustain a presence inside targeted systems or facilities.? The document adds: ?System logs and processes are modified to cloak the intrusion, facilitate future access, and accomplish other operational goals.? The NSA designs most of its own implants, but it devoted $25.1 million this year to ?additional covert purchases of software vulnerabilities? from private malware vendors, a growing gray-market industry based largely in Europe. ?Most challenging targets? The budget documents cast U.S. attacks as integral to cyber?defense ? describing them in some cases as ?active defense.? ?If you?re neutralizing someone?s nuclear command and control, that?s a huge attack,? said one former defense official. The greater the physical effect, officials said, the less likely it is that an intrusion can remain hidden. ?The United States is moving toward the use of tools short of traditional weapons that are unattributable ? that cannot be easily tied to the attacker ? to convince an adversary to change their behavior at a strategic level,? said another former senior U.S. official, who also spoke on the condition of anonymity to discuss sensitive operations. China and Russia are regarded as the most formidable cyber?threats, and it is not always easy to tell who works for whom. China?s offensive operations are centered in the Technical Reconnaissance Bureau of the People?s Liberation Army, but U.S. intelligence has come to believe that those state-employed hackers by day return to work at night for personal profit, stealing valuable U.S. defense industry secrets and selling them. Iran is a distant third in capability but is thought to be more strongly motivated to retaliate for Stuxnet with an operation that would not only steal information but erase it and attempt to damage U.S. hardware. The ?most challenging targets? to penetrate are the same in cyber-operations as for all other forms of data collection described in the intelligence budget: Iran, North Korea, China and Russia. GENIE and ROC operators place special focus on locating suspected terrorists ?in Afghanistan, Pakistan, Yemen, Iraq, Somalia, and other extremist safe havens,? according to one list of priorities. The growth of Tailored Access Operations at the NSA has been accompanied by a major expansion of the CIA?s Information Operations Center, or IOC. The CIA unit employs hundreds of people at facilities in Northern Virginia and has become one of the CIA?s largest divisions. Its primary focus has shifted in recent years from counterterrorism to cybersecurity, according to the budget document. The military?s cyber-operations, including U.S. Cyber Command, have drawn much of the public?s attention, but the IOC undertakes some of the most notable offensive operations, including the recruitment of several new intelligence sources, the document said. Military cyber-operations personnel grouse that the actions they can take are constrained by the legal authorities that govern them. The presidential policy directive on cyber-operations issued in October made clear that military cyber-operations that result in the disruption or destruction or even manipulation of computers must be approved by the president. But the directive, the existence of which was first reported last fall by The Post and leaked in June by Snowden, largely does not apply to the intelligence community. Given the ?vast volumes of data? pulled in by the NSA, storage has become a pressing question. The NSA is nearing completion of a massive new data center in Utah. A second one will be built at Fort Meade ?to keep pace with cyber processing demands,? the budget document said. According to the document, a high-performance computing center in Utah will manage ?storage, analysis, and intelligence production.? This will allow intelligence agencies ?to evaluate similarities among intrusions that could indicate the presence of a coordinated cyber attack, whether from an organized criminal enterprise or a nation-state.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Aug 31 21:49:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Aug 2013 22:49:04 -0400 Subject: [Infowarrior] - NSA Spied On Al Jazeera Communications Message-ID: <6D45F607-E1A6-4F7C-BBEF-4E1DBBA19BB2@infowarrior.org> 08/31/2013 06:19 PM Snowden Document http://www.spiegel.de/international/world/nsa-spied-on-al-jazeera-communications-snowden-document-a-919681-druck.html NSA Spied On Al Jazeera Communications Arab news broadcaster Al Jazeera was spied on by the National Security Agency, according to documents seen by SPIEGEL. The US intelligence agency hacked into protected communication, a feat that was considered a particular success. It makes sense that America's National Security Agency (NSA) would be interested in the Arab news broadcaster Al Jazeera. The Qatar-based channel has been broadcasting audio and video messages from al-Qaida leaders for more than a decade. The United States intelligence agency was so interested, in fact, that it hacked into Al Jazeera's internal communications system, according to documents from former NSA contractor and whistleblower Edward Snowden that have been seen by SPIEGEL. One such document, dated March 23, 2006, reveals that the NSA's Network Analysis Center managed to access and read communication by "interesting targets" that was specially protected by the news organization. The information also shows that the NSA officials were not satisfied with Al Jazeera's language analysis. In addition to cracking the airline reservation services for Russian airline Aeroflot, accessing "Al Jazeera broadcasting internal communication" was listed as a "notable success," the document shows. The NSA said these selected targets had "high potential as sources of intelligence." The encrypted information was forwarded to the responsible NSA departments for further analysis, according to the document, which did not reveal to what extent the intelligence agency spied on journalists or managers of the media company, or whether the surveillance is ongoing. Previous documents seen by SPIEGEL have not specified that the media were spied on by the NSA. But as more information emerges, the massive scope of the organization's international surveillance of telephone and Internet communication continues to grow. URL: ? http://www.spiegel.de/international/world/nsa-spied-on-al-jazeera-communications-snowden-document-a-919681.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.