From rforno at infowarrior.org Mon Dec 2 06:44:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Dec 2013 07:44:17 -0500 Subject: [Infowarrior] - The Insidiousness of Facebook Messenger's Mobile App Terms of Service Message-ID: <8A67834F-7FD1-4F93-8CE0-27BB2E5F60D6@infowarrior.org> The Insidiousness of Facebook Messenger's Mobile App Terms of Service Posted: 12/01/2013 6:13 pm http://www.huffingtonpost.com/sam-fiorella/the-insidiousness-of-face_b_4365645.html How much access to your (and your friends') personal data are you prepared to share for access to free mobile apps? I suspect the amount is significantly less than that which you actually agreed to share when blindly accepting the Terms of Service. Case in point: Facebook's Messenger App, which boasts over 1,000,000,000 downloads, requires the acceptance of an alarming amount of personal data and, even more startling, direct control over your mobile device. I'm willing to bet that few, if any, of those who downloaded this app read the full Terms of Service before accepting them and downloading the app. The Facebook Messenger app is a standalone version of the instant chat feature within the social network. You can easily access this within the Facebook app on your mobile device, but opening the full application also requires more memory, bandwidth, and battery life. As a result, Facebook offers this one feature as a standalone app in which you can instantly chat with your Facebook friends without having to launch the full Facebook app. If you're one of those 1,000,000,000 people who have downloaded this app, take a moment to read the following. I've posted, word for word, a few of the most aggressive app permission you've accepted. ? Allows the app to change the state of network connectivity ? Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Malicious apps may cost you money by making calls without your confirmation. ? Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation. ? Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation. ? Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation. ? Allows the app to read you phone's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge. ? Allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. ? Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others. ? Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call. ? Allows the app to get a list of accounts known by the phone. This may include any accounts created by applications you have installed. The fact that social media and mobile apps are so insidious is nothing new, we all know (or should know) that no app is truly free. "Free" online apps are paid for by the provision of personal data such as name, location, browsing history, etc. In turn, mobile developers and social networks charge advertisers to serve up highly targeted ads to specific groups of people. In a way, it pays to offer some personal information for a better experience with online ads, which we all hate so much. However, Facebook Messenger's attempt to collect so much information and take control of our devices is unprecedented and, quite frankly, frightening. The fact that over a 1,000,000,000 people have accepted these terms is an alarming insight into the future of mobile apps and personal security. If this many people have not read the Messenger Terms of Service (or have read it and don't care), how emboldened will mobile developers be in the future? I understand the nature of "free" mobile apps. I'm prepared to give up some personal data for the right to access a game, content, or social network for free and to have an improved advertising experience while enjoying that free service. However, Facebook has pushed this too far. It's time we stood up and said "no!" Take the first step by deleting this app. Next, review the Terms of Service agreements you've previously accepted without reading, and be sure you're comfortable with the cost of free. The only way to curb this harmful trend is to take a stand. Read every online and mobile Terms of Service agreement before accepting and, where it goes too far, say no. Will you say no? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 2 11:22:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Dec 2013 12:22:05 -0500 Subject: [Infowarrior] - SCOTUS declines case on making online retailers collect sales taxes Message-ID: <3E327779-491D-4A8B-987D-E126B5D73A4F@infowarrior.org> Supreme Court declines case on making online retailers collect sales taxes By Robert Barnes The Supreme Court on Monday declined to get involved in state efforts to force online retailers such as Amazon.com to collect sales tax from customers even in places where the companies do not have a physical presence. The issue ? ending what for many Americans is tax-free online shopping ? is one of the most important in modern retailing. Traditional brick-and-mortar businesses say the online retailers receive an unfair advantage by not collecting sales tax in some areas. All but five states impose sales taxes, and an increasing number have passed legislation to force online retailers such as Overstock and eBay to begin collecting those taxes from customers. Online retailers complained that a patchwork of state laws and conflicting lower court decisions needed the Supreme Court?s attention. ?There are billions of dollars of commerce for which we need guidance that we can rely upon,? said David C. Blum, a Chicago tax lawyer who represents both online retailers and traditional businesses. He added: ?We have evolved into an Internet world, and we need to know what?s taxable and what?s not.? As is its custom, the court gave no explanation for turning down petitions from Amazon and Overstock.com to review a decision by New York?s highest court to uphold that state?s 2008 law requiring sales tax collections. Seattle-based Amazon has no offices, distribution centers or workforce in New York. But the New York Court of Appeals said Amazon?s relationship with third-party affiliates in the state that receive commissions for sending Web traffic its way satisfied the ?substantial nexus? necessary to force the company to collect taxes. (Amazon founder Jeffrey P. Bezos also owns The Washington Post.) < - > http://www.washingtonpost.com/politics/supreme-court-declines-case-on-making-online-retailers-collect-sales-taxes/2013/12/02/e430ec8c-55f5-11e3-835d-e7173847c7cc_print.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 2 12:16:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Dec 2013 13:16:01 -0500 Subject: [Infowarrior] - Feinstein And Rogers Scaremongering, con't. Message-ID: <98C721D7-27B0-4CD9-ADBE-F6217537725E@infowarrior.org> Feinstein And Rogers Try To Scare Americans With Ooga Booga Terrorism Threats from the halloween-was-a-month-ago dept http://www.techdirt.com/articles/20131201/23124625421/feinstein-rogers-try-to-scare-americans-with-ooga-booga-terrorism-threats.shtml It appears that the heads of the Senate and House Intelligence Committees, Senator Dianne Feinstein and Rep. Mike Rogers, are recognizing that their strategy for keeping their co-dependent relationship with the NSA going is failing and that the American public and an increasingly large segment of Congress no longer believes their bogus claims. Perhaps that's because every time they open their mouths, it takes all of about an hour before many of their claims are completely debunked, if not outright mocked for obviously being bogus. So their latest strategy? To basically yell "Ooga Booga Terrorists!" as loud as they can to try to scare people based on absolutely nothing. < - > Either way, this whole thing -- having both appear together, both making vague "we're all going to die" statements without any details to back it up combined with an exceptionally misleading use of statistics -- suggests that this is the typical FUD. It's Feinstein and Rogers shouting "terror" in a crowded theater, because they know that they've already lost public opinion on this, and are quickly losing Congress as well. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 2 12:40:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Dec 2013 13:40:45 -0500 Subject: [Infowarrior] - From Dishfire to Wabash: a quick guide to 21st-century spy speak Message-ID: <8D5C942D-30BF-4414-AEEE-C1565D13771B@infowarrior.org> From Dishfire to Wabash: a quick guide to 21st-century spy speak The NSA files leaked by Edward Snowden are full of intelligence services jargon. Decode the language of surveillance with our glossary of insider terminology ? James Ball ? The Guardian, Sunday 1 December 2013 < - > http://www.theguardian.com/world/2013/dec/02/dishfire-wabash-spy-language-snowden-files-nsa-surveillance-glossary From rforno at infowarrior.org Mon Dec 2 20:21:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Dec 2013 21:21:08 -0500 Subject: [Infowarrior] - NSA wrote turkey-day family talking points Message-ID: <49A89668-B734-4F27-A470-32DD04F7532A@infowarrior.org> The NSA wrote turkey-day talking points, because of course it did By Brian Fung, Updated: December 2 at 4:54 pm http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/02/the-nsa-wrote-turkey-day-talking-points-because-of-course-it-did Thanksgiving can be a touchy time for families with divergent politics. If not Obamacare, it's a good bet that somebody, somewhere was facing off with an aunt or uncle about the NSA. Defenders of the spy agency might have found this set of talking points (link) helpful. Distributed internally by the NSA the week before Thanksgiving and reported earlier today by Firedoglake, the two-pager ? a literal set of bullet points ? armed employees with verbal ammunition that they were encouraged to share "with family and close friends." As with previous sets of talking points prepared for top intelligence officials, this latest document isn't afraid to invoke 9/11. It also cites a common statistic about the effectiveness of NSA surveillance, claiming that it contributed to the disruption of 54 terrorist plots since 2001. Critics challenge this figure, saying that less than a handful of those cases can be realistically connected to the snooping. Another part of the talking points takes a thinly veiled shot at China. "NSA does not and will not steal industry secrets in order to give U.S. companies a competitive advantage," it reads. Beijing has, on occasion, been accused of conducting economic espionage as a way to advance its political interests. At other times, the talking points take a sloganeering turn. "NSA performs its mission exceptionally well," it reads (its emphasis). "We strive to be the best we can be, because that's what America requires as part of its defense in a dangerous world." The memo wraps with a bid for closure, pledging support for transparency and a willingness to make whatever reforms the White House sees fit. But at the dinner table, closure was probably elusive. Hat tip: Christopher Soghoian --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 3 06:28:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Dec 2013 07:28:42 -0500 Subject: [Infowarrior] - =?windows-1252?q?HPSCI_Seeks_=93Continuous_Evalua?= =?windows-1252?q?tion=94_of_Security-Cleared_Employees?= Message-ID: HPSCI Seeks ?Continuous Evaluation? of Security-Cleared Employees Categories: Intelligence, Leaks, Security Clearances http://blogs.fas.org/secrecy/2013/11/evaluation/ Recent unauthorized disclosures of classified information might have been prevented if U.S. intelligence agencies ?continuously evaluated the backgrounds of employees and contractors,? according to the House Permanent Select Committee on Intelligence (HPSCI). In its new report on the FY 2014 intelligence authorization bill, the Committee would require intelligence agencies to ?continuously determine whether their employees and contractors are eligible for access to classified information? by using all available transactional records and social media. ?Continuous evaluation allows the IC to take advantage of lawfully available government and public information to detect warning signals that the current system of five-year periodic reinvestigation misses,? the HPSCI report said. ?That information might include: foreign travel; reports of foreign contacts financial disclosure information; checks of criminal, commercial marketing, and credit databases; and other appropriate publicly available information.? The recently developed concept of continuous evaluation (CE) ?allows for a review at any time of an individual with eligibility or access to classified information or in a sensitive position to ensure that that individual continues to meet the requirements for eligibility,? said Brian Prioletti of the ODNI National Counterintelligence Executive at a November 13 hearing of the House Homeland Security Committee. ?As envisioned in the reformed security clearance process, [continuous evaluation] includes automated record checks of commercial databases, government databases, and other information lawfully available,? Mr. Prioletti said. ?Manual checks are inefficient and resource-intensive. The C.E. initiative currently under development will enable us to more reliably determine an individual?s eligibility to hold a security clearance or a sensitive position on an ongoing basis.? ?There are a number of ongoing pilot studies to assess the feasibility of selected automated record checks and the utility of publicly available electronic information to include social media sites in the personnel security process,? he added. ?While we fully recognize the value of publicly available electronic information and its relevancy from an adjudicative perspective, there are resource, privacy, and civil liberty concerns that must be addressed as we incorporate such checks into our security processes,? Mr. Prioletti acknowledged. Up Next: Continuous Monitoring ?Continuous evaluation? itself is just an interim stage, said Gregory Marshall, chief security officer at the Department of Homeland Security. It is a stepping stone to the desired end state of ?continuous monitoring,? which involves more extensive collection directed at the individual subject. [Update: This is a non-standard use of the term "continuous monitoring," which normally refers to monitoring of information systems, not persons.] ?This administration?s recent information-sharing and safeguarding initiative, also known as Insider Threat, seeks to complement background investigations and continuous evaluation with continuous monitoring,? Mr. Marshall said. ?This program will incorporate and analyze data in near-real time from a much broader set of sources. Its focus is the protection of classified information but its applicability to suitability and contractor fitness is evident.? Indeed, the ?applicability? of this approach to all sorts of concerns is evident. If leaks of national security information are deemed to be a counterintelligence threat, why wouldn?t the full arsenal of surveillance tools, including the NSA?s PRISM, be employed against them? An NSA memorandum reported in the Huffington Post today noted that ?vulnerabilities of character? revealed through intelligence gathering can be effectively used to discredit individual ?radicalizers.? In one particularly horrifying case, it was found that a suspect ?publishes articles without checking facts.? (?Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit ?Radicalizers?,? by Glenn Greenwald, Ryan Gallagher, and Ryan Grim, November 26). The Director of National Intelligence recently ordered a review to see whether the number of persons who hold security clearances ? nearly 5 million persons ? could be reduced. (?Obama Administration Looks to Scrub Security Clearance List? by Josh Gerstein, Politico, November 21). That objective could be inadvertently advanced by efforts to ratchet up personnel security procedures. Facing continuous evaluation and the prospect of continuous monitoring, some individuals might decide to opt out of the security clearance system voluntarily. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 3 06:28:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Dec 2013 07:28:45 -0500 Subject: [Infowarrior] - HPSCI Wants President to Plan for Leaks of Covert Action Message-ID: <9BF02C95-1C4C-4FBC-B1A2-28A23647F59C@infowarrior.org> HPSCI Wants President to Plan for Leaks of Covert Action Categories: Congress, Intelligence, Oversight http://blogs.fas.org/secrecy/2013/12/hpsci-covert/ The President would have to prepare a written plan for responding to the possibility of an unauthorized disclosure of any CIA covert action program, according to a provision adopted last month by the House Permanent Select Committee on Intelligence. The requirement was introduced by Rep. Jan Schakowsky (D-IL) and was adopted by voice vote in the pending FY 2014 Intelligence Authorization Act (section 307). The measure represents an implicit acknowledgment that the secrecy of CIA covert action today cannot be assured or blithely assumed, particularly when compartmented intelligence programs are regularly reported in the press. Covert action by definition is a CIA activity that is intended to be deniable and unattributable to the U.S. government. Covert action is considered to be an option when public disclosure of the operation would render it unfeasible, diminish its utility, or generate adverse consequences for the United States. The history of CIA covert action, which remains obscure in large part, includes some notable successes, such as the clandestine support of Poland?s Solidarity movement. But the record also includes terrifying failures, like the overthrow of Guatemala?s leadership in 1954, which inaugurated decades of violent oppression in that country. Analysts and former intelligence officials (such as Greg Treverton, Roy Godson, and Loch Johnson) have long argued that covert action should never be undertaken without a degree of confidence that the American public would support it if it were known. The Schakowsky provision would effectively force such consideration of public reaction by requiring officials to anticipate and plan for the unintended disclosure of each covert action program. Although her amendment was adopted by the House Intelligence Committee without objection, Rep. Schakowsky ended up opposing the Committee markup of the FY2014 intelligence bill. As explained in the Minority Views appended to the Committee report, she objected to the bill?s failure to ban so-called ?signature strikes,? referring to the targeted killing of unknown persons based on their suspicious behavior, or signature. Another proposal favored by Rep. Schakowsky but not adopted by the Committee would have required ?an independent alternative analysis prior to striking a U.S. person.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 3 13:28:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Dec 2013 14:28:07 -0500 Subject: [Infowarrior] - A Tour Through The Bizarre Mind Of An NSA Defender Message-ID: <598347B0-AA82-4ECF-BC8F-11F319BF30F1@infowarrior.org> A Tour Through The Bizarre Mind Of An NSA Defender: Discrediting Activists By Using Their Porn Surfing Is Just Like Journalism! from the i-don't-even... dept http://www.techdirt.com/articles/20131127/17552525397/tour-through-bizarre-mind-nsa-defender-discrediting-activists-using-their-porn-surfing-is-just-like-journalism.shtml Oh, Stewart Baker. It's getting to the point where I feel like we may even need a "Oh, Stewart Baker" topic here on Techdirt, given how often we seem to feel the need to utter that phrase. Baker, if you haven't been playing along with the home version, is the former NSA and DHS official who really likes to support the ability of the government to spy on everyone and really seems to dislike civil liberties. Oh, and he has this incredible way of making statements so blatantly ridiculous that, personally, I find it scary that the government apparently trusted him in multiple really important positions. Let's go through some of the examples before getting to the latest wacky claim. < - > That Baker can't see the difference between having access to that corpus of data through questionable means and journalism is, well, stunning. It gives you a picture into the mind of an NSA defender, however. It's a picture where he will cling to and distort pretty much any argument to try to defend the indefensible. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 4 06:31:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Dec 2013 07:31:21 -0500 Subject: [Infowarrior] - OT: Blues Brothers mall car-chase recreated in Lego Message-ID: <00D6F1D1-3417-4508-B74B-071381EFEF35@infowarrior.org> (mid-week fun for a change! --rick) Blues Brothers mall car-chase recreated in Lego http://boingboing.net/2013/12/03/blues-brothers-mall-car-chase.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 4 06:37:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Dec 2013 07:37:58 -0500 Subject: [Infowarrior] - OpEd: Americans Trading Liberty for False Security Message-ID: <223988D9-3523-4D61-A14D-D840997CEF09@infowarrior.org> (nothing we didn't already know or have been saying / noticing for the past 13 years. --rick) Rand Paul: Americans Trading Liberty for False Security by Sen. Rand Paul 3 Dec 2013 http://www.breitbart.com/Big-Government/2013/12/03/We-re-Not-Burning-Books-Yet In the opening pages of Ray Bradbury?s famous novel Fahrenheit 451, protagonist Guy Montag asks: Wasn?t there a time when firemen used to put out fires? They laugh at him, rebuke him and say: Everybody knows firemen start fires. Montag knew this. Montag?s father and his grandfather had been firemen. It had been his duty for many years to start fires. He knew it was his duty to burn books, but this day would be different. Montag arrived on the scene to do his job but found a woman who wouldn?t leave. He complained that she had all of her books but still wouldn?t leave. Undeterred, Montag proceeds with the other firemen to douse her books?and her?with kerosene. The woman shouts out and goads them. She is indignant that they would touch her books at all, and she still wouldn?t leave. She says to them: ?Play the man, Master Ridley; today we will light such a candle, by God?s grace, in England, that it won?t be forgotten.? They keep dousing her with kerosene and she says it again: ?Play the man, Master Ridley. Today we will light such a candle.? In the book, the reference is lost on the firemen who simply continue to do their job. The reference is to 16th century figure Hugh Latimer, who literally became a human candle. He was burned at the stake in 1555 for heresy?opposing the state religion. He wanted to promote the idea that the Bible should be translated into English, which the state forbade. In America today, we?re not yet burning people at the stake, fortunately. Nor are we burning books. But your government is interested in what books you read. They?re interested in what you say in your phone calls. They?re interested in what you write in your emails. As we all now know from the National Security Agency (NSA) revelations last summer, such government surveillance of citizens has been going on for a while now. In the Summer of 2012, I asked for a report on this subject and was given a classified briefing. I wanted to know to what extent your privacy was being invaded. To what extent government was reading your emails, listening to your phone conversations without a judge?s warrant. At the time, I couldn?t tell you the answer because it was classified. What I could say though, is that if the government says it is a few hundred incidents, it?s actually closer to a gazillion incidents. A gazillion is a fictitious number. But it?s a very large number, and one that is closer to the actual number of the communications that are being looked at by the federal government on a daily, hourly, or even minute-to-minute basis. We have been too lax in giving up our privacy. We are trading our liberty for some sort of sense of ostensible security. Look at how we travel now, the personal privacy and dignity we?ve lost, something the TSA might have reminded some Americans over the Thanksgiving holiday. Harvard Law School professor Noah Feldman has asked, ?The next time airport security tells you to put your hands over your head and hold that vulnerable position for seven seconds, ask yourself: Is this the posture of a free man?? When we give up our dignity and basic freedoms that we?ve always enjoyed as Americans, we give the terrorists a victory they most certainly don?t deserve. We lose something too important to who we are as a people. Our liberties are slipping away from us. When Hugh Latimer said, let this be an episode that will not soon be forgotten?he became a human candle against tyranny and intolerance. Americans still have a torch that?s burning. The liberty torch is burning, figuratively or otherwise, in New York Harbor. We cannot continue to trade our freedoms for a false security. We can never let that flame of liberty go out. This column features revised portions of a speech delivered at Freedomfest in Las Vegas, Nevada, July 14, 2012. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 4 06:39:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Dec 2013 07:39:17 -0500 Subject: [Infowarrior] - Administration to review facial recognition technology Message-ID: December 03, 2013, 04:31 pm Administration to review facial recognition technology By Kate Tummarello http://thehill.com/blogs/hillicon-valley/technology/191865-commerce-department-takes-up-facial-recognition The Obama administration on Tuesday said it plans to review the privacy implications of facial recognition technology. Lawmakers and privacy advocates have expressed fears that tech companies and government agencies are using facial recognition technologies to track people, often without their knowledge. The Commerce Department said it recognizes those concerns and will work with tech groups, privacy advocates and online advertising trade associations to identify them. ?Facial recognition technology has the potential to improve services for consumers, support innovation by businesses, and affect identification and authentication online and offline,? said Larry Strickling, the administrator of Commerce?s National Telecommunications and Information Administration (NTIA). ?However, the technology poses distinct consumer privacy challenges ? and the importance of securing faceprints and ensuring consumers? appropriate control over their data is clear,? he said. In February 2012, the Obama administration tasked the NTIA with bringing together tech companies, advertising firms and advocacy groups to work on digital privacy issues. The agency completed an 18-month review of mobile app privacy policies and will turn to facial recognition technology in early 2014. Strickling said the discussions ?could include an examination of the privacy risks associated with the use of photo databases in stores and other commercial settings and face prints as a unique biometric identifier.? Lawmakers have sounded the alarm about the growing use of facial recognition on the Internet and by law enforcement officials. In a letter last month, Sen. Al Franken (D-Minn.) asked the NTIA to explore facial recognition concerns, citing specific concerns with the way Facebook is cataloguing its users? profile pictures. Franken on Tuesday hailed the NTIA?s move as ?great news for privacy? while pointing to ?expansive facial recognition programs? like one at the FBI. ?While facial recognition can be useful, these programs don't do enough to protect privacy ? and they are just the beginning of what is a growing technology,? Franken said. The Commerce agency?s process will provide ?an important opportunity to advance privacy protections for this powerful new technology,? he said. Sen. Ed Markey (D-Mass.) also applauded the agency?s move. ?Clear policies that support consumer privacy are crucial as facial recognition technology is developed and deployed,? he said. ?While these technologies hold great promise for innovation, consumers ? not companies ? should to be in control of their sensitive personal information, including having the choice to affirmatively opt-in to being subject to facial recognition or detection.? The agency said the first meeting about the technology will take place Feb. 6, 2014. ? This story was first posted at 9:14 a.m. and has been updated. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 4 11:22:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Dec 2013 12:22:14 -0500 Subject: [Infowarrior] - Hacker-built drone can hunt, hijack other drones Message-ID: ("Begun, the Drone Wars, have." ---rick) Hacker-built drone can hunt, hijack other drones Security researcher releases software to hijack Parrot drones out of the sky By Lucian Constantin December 4, 2013 10:38 AM ET http://www.computerworld.com/s/article/9244521/Hacker_built_drone_can_hunt_hijack_other_drones IDG News Service - A security researcher has released software and technical instructions for modifying a drone so that it can identify and hijack other drones. Security researcher Samy Kamkar created the hacker drone, which uses the Parrot AR.Drone 2.0 radio-controlled quadcopter -- a popular unmanned helicopter with four rotors. Made by French wireless products manufacturer Parrot, the AR.Drone 2.0 has a built-in Wi-Fi wireless controller that's used to control the drone remotely from iOS or Android mobile devices. Kamkar's drone carries a Raspberry Pi embedded computer running Linux and has two USB wireless adapters connected to it, an Alfa AWUS036H Wi-Fi network card with an external antenna and an Edimax EW-7811Un nano Wi-Fi adaptor. A lightweight 1000mAh USB battery is also part of the payload and powers the Raspberry Pi. The Alfa Wi-Fi adaptor is important because its wireless chipset can run in monitor mode. The monitor, or RFMON (Radio Frequency MONitor), mode can be used to monitor and inject raw packets into other wireless networks without being connected to them, Kamkar said in his SkyJack presentation video. Kamkar developed a Perl application dubbed SkyJack that runs on the Raspberry Pi and uses other open-source software to hijack drones. SkyJack uses the Alfa adapter's monitor mode to identify other Parrot AR Drones by their MAC addresses, which all contain Parrot's vendor identifier, and then attempts to deauthenticate their real owners. This is done using Aircrack-ng, an open-source program for hacking into wireless networks. According to the Aircrack-ng documentation a deauthentication attack "sends disassociate packets to one or more clients which are currently associated with a particular access point." Once the real owner is disconnected from a targeted drone, SkyJack connects to it pretending to be the owner and starts sending commands using node-ar-drone, an open-source library that implements the networking protocols used by the Parrot AR Drone 2.0. The Parrot drone with the Raspberry Pi attached is only needed for mobile attacks, but the SkyJack application can also run from any Linux laptop on the ground and hijack drones out of the sky, Kamkar said in a blog post. The researcher released SkyJack on GitHub and said that the idea for creating a drone hijacking application came to him after reading that Amazon is considering using drones to deliver packages. "Today Amazon announced they're planning to use unmanned drones to deliver some packages to customers within five years. Cool!" Kamkar said. "How fun would it be to take over drones, carrying Amazon packages...or take over any other drones, and make them my little zombie drones. Awesome." Kamkar is known for releasing the infamous Samy cross-site scripting worm on MySpace in 2005, forcing the company to temporarily shut down the website, an act for which he served three years of probation during which he could not use a computer. Since 2008, he has been involved in security research, uncovering a serious flaw in PHP, exposing privacy risks associated with the collection of GPS coordinates and wireless network information by mobile devices, and releasing Evercookie, a highly persistent browser cookie that demonstrates how many technologies can be used to track users. Parrot was not immediately available for comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 4 16:35:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Dec 2013 17:35:11 -0500 Subject: [Infowarrior] - Fwd: NSA tracking cellphone locations worldwide, Snowden documents show References: <529F9536.5080506@mykolab.com> Message-ID: Certainly not a completely new revelation or capability, but it's the news-du-jour from the Snowden Files. --rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. Begin forwarded message: > From: Paul F > > NSA tracking cellphone locations worldwide, Snowden documents show > > "The National Security Agency is gathering nearly 5 billion records a > day on the whereabouts of cellphones around the world, according to > top-secret documents and interviews with U.S. intelligence officials, > enabling the agency to track the movements of individuals ? and map > their relationships ? in ways that would have been previously unimaginable." > > "The records feed a vast database that stores information about the > locations of at least hundreds of millions of devices, according to the > officials and the documents, which were provided by former NSA > contractor Edward Snowden. New projects created to analyze that data > have provided the intelligence community with what amounts to a mass > surveillance tool." > > Much more: > > http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html From rforno at infowarrior.org Thu Dec 5 07:02:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Dec 2013 08:02:35 -0500 Subject: [Infowarrior] - Ot: Bohemian Rhapsody: The Star Wars Edition Message-ID: <438BE52E-7756-4B24-9C33-423819408C45@infowarrior.org> (as one of the comments on GAS say, "is nothing sacred?" --rick) Bohemian Rhapsody: The Star Wars Edition A fantastic Star Wars-themed parody of Queen?s Bohemian Rhapsody by the fine folks taking part of the University of Advancing Technology?s Digital Video Program. http://www.youtube.com/watch?v=oi7KPDi_yQI --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 5 08:25:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Dec 2013 09:25:49 -0500 Subject: [Infowarrior] - Dementia epidemic looms with 135 million sufferers seen by 2050 Message-ID: <7110AD01-4FCA-448C-94DF-10B07C75284B@infowarrior.org> Dementia epidemic looms with 135 million sufferers seen by 2050 By Kate Kelland | Reuters ? 13 hours ago http://ca.news.yahoo.com/dementia-epidemic-looms-135-million-sufferers-seen-2050-000429599--business.html LONDON (Reuters) - Many governments are woefully unprepared for an epidemic of dementia currently affecting 44 million people worldwide and set to more than treble to 135 million people by 2050, health experts and campaigners said on Thursday. Fresh estimates from the advocacy group Alzheimer's Disease International (ADI) showed a 17 percent increase in the number of people with the incurable mind-robbing condition compared with 2010, and warned that by 2050 more than 70 percent of dementia sufferers will be living in poorer countries. "It's a global epidemic and it is only getting worse," said ADI's executive director Marc Wortmann. "If we look into the future the numbers of elderly people will rise dramatically. It's vital that the World Health Organization makes dementia a priority, so the world is ready to face this condition." Alzheimer's, the most common form of dementia, is a fatal brain disease that has no cure and few effective treatments. Like other forms of the disorder, it affects patients' memory, thinking and behavior and is an increasingly overwhelming burden on societies and economies. While there are a few drugs that can ease some symptoms in some people, there is no cure. Even now, the global cost of dementia care is more than $600 billon, or around 1.0 percent of global gross domestic product (GDP), and that will only increase, the ADI says. In a policy report published along with the new data, Martin Prince, a professor at King's College London's Institute of Psychiatry, said "most governments are woefully unprepared for the dementia epidemic". His report said only 13 countries have national dementia plans. "This is a global problem that is increasingly impacting on developing countries with limited resources and little time to develop comprehensive systems of social protection, health and social care," Prince said in a statement. Leaders from the Group of Eight (G8) industrialized countries are due to meet in London next week for a special summit on dementia - a condition that includes Alzheimer's, vascular dementia, dementia with Lewy bodies (DLB), fronto-temporal dementia and many other causes of cognitive decline. In Britain, dementia is the most feared health condition among people aged over 55 and costs the economy 23 billion pounds ($37.6 billion) a year - more than cancer, stroke or heart disease combined. Prime Minister David Cameron, who will host the summit, has committed to spending 66 million pounds on dementia research by 2015. Campaigners welcome the investment, but also say it is a fraction - one eighth - of what is spent on cancer research in Britain. Experts on neurological conditions, research campaigners and charities say they are determined the summit should not be just a talking shop, but should see leaders committing to dramatically increased funds for research and drug development in dementia, and to giving it greater political attention. "Lack of funding means dementia research is falling behind other conditions," said Jeremy Hughes, chief executive of the Alzheimer's Society. "The G8 is our once-in-a-generation chance to conquer this condition and we must see meaningful action after the talking is over." As well as more money for fundamental scientific research and for drug development, experts say they want the G8 summit to focus on ways to attract, develop and retain the best scientists, doctors and carers into the field of dementia. ($1 = 0.6119 British pounds) (Editing by Sonya Hepinstall) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 5 12:23:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Dec 2013 13:23:49 -0500 Subject: [Infowarrior] - Good News, America. We're One Giant Step Closer to Patent Reform! Message-ID: <8E8957EF-70E8-4470-8F24-E01E36FD160F@infowarrior.org> Good News, America. We're One Giant Step Closer to Patent Reform! https://www.eff.org/deeplinks/2013/12/good-news-america-were-one-giant-step-closer-patent-reform Good news! Today, the House of Representatives voted 323-89 in favor of the Innovation Act, the best troll-killing bill we've seen yet. And earlier this week the White House put out a strong statement in support of the legislation. All that's left is the Senate, which has promised to take up the issue before the end of this year. The Innovation Act isn't perfect. It doesn't go nearly far enough to reform the demand letter problem. Its provisions protecting consumers and end-users, while present, aren't as robust as we would hope. And it dropped expanded covered business method review, a provision that would have helped ensure that the Patent Office issues fewer patents for "inventions" that aren't particularly inventive. But the Innovation Act is nonetheless a huge step in the right direction. It gives defendants tools to fight back, makes ligitation cheaper and includes an important fee-shifting provision, so companies that stand up to the trolls have a chance to recover their fees and costs at the end of litigation. It requires trolls to make their case up front by providing basic information about their patents, the supposed infringement. And it prohibits trolls from hiding behind shell companies. Today's vote makes clear that policymakers understand that patent trolls impose an unacceptable tax on innovation and that their conduct, which often amounts to little more than run-of-the mill extortion, must be stopped. We got here in no small part because of those of you who helped by making calls, emailing your members of Congress, and using social networks to get the word out. Thank you! And stay tuned: now we head to the Senate. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 5 13:08:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Dec 2013 14:08:33 -0500 Subject: [Infowarrior] - Microsoft Makes Big Moves To Protect Customers From Government Eyes Message-ID: (c/o DanO) http://www.securityweek.com/microsoft-makes-big-moves-protect-customers-government-eyes Microsoft Makes Big Moves To Protect Customers From Government Eyes By Mike Lennon on December 05, 2013 ?We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution.? - Brad Smith, Microsoft Microsoft, concerned over recent allegations of governments attempting to circumvent online security measures in order to monitor users, has vowed to take action in order to protect its customers from prying eyes and increase transparency. To start, the software giant said it would ?pursue a comprehensive engineering effort to strengthen the encryption of customer data? across its networks and services. ?For many years, we?ve used encryption in our products and services to protect our customers from online criminals and hackers,? Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft wrote in a blog post late Wednesday. ?While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on.? Microsoft?s anti-surveillance and security efforts will include ?major communications?, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure. Overall, Microsoft said it would provide protection across the "full lifecycle of customer-created content", including: ? Customer content moving between customers and Microsoft will be encrypted by default. ? All of Microsoft?s key platform, productivity and communications services will encrypt customer content as it moves between Microsoft data centers. ? Strong cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths. Microsoft also said it would encrypt customer content that it stores. For applications and services developed to run on Windows Azure, Microsoft will give developers the choice, but will offer tools help them easily protect data. Code Transparency In addition, Microsoft said it would enhance the transparency of its software code, helping to convince customers its products do not contain back doors. The company said it would go as far as opening a network of ?transparency centers? designed to provide customers with greater ability to assure themselves of the integrity of Microsoft?s products. The centers will be opened across Europe, the Americas and Asia, Microsoft said. The company also said it would make an effort to protect data traveling between service providers, such as from one email provider to another. All of these initiatives will be in place by the end of 2014, Microsoft said, with much of it is effective already. ?Although this is a significant engineering effort given the large number of services we offer and the hundreds of millions of customers we serve, we?re committed to moving quickly,? Smith added. ?In fact, many of our services already benefit from strong encryption in all or part of the lifecycle. For example, Office 365 and Outlook.com customer content is already encrypted when traveling between customers and Microsoft, and most Office 365 workloads as well as Windows Azure storage are now encrypted in transit between our data centers. In other areas we?re accelerating plans to provide encryption.? ?Ultimately, we?re sensitive to the balances that must be struck when it comes to technology, security and the law,? Smith concluded. ?We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 5 18:51:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Dec 2013 19:51:00 -0500 Subject: [Infowarrior] - Closed Microsoft inevitably leads to unclosable back doors: FSF Message-ID: Closed Microsoft inevitably leads to unclosable back doors: FSF Summary: The foundation behind the promotion of free and open source software says it is impossible to have a true chain of trust without the ability for users to fix back doors themselves. By Chris Duckett December 5, 2013 -- 23:23 GMT (15:23 PST) http://www.zdnet.com/closed-microsoft-inevitably-leads-to-unclosable-back-doors-fsf-7000024003/ The Free Software Foundation has lashed out at announcements out of Microsoft yesterday that Redmond was committing itself to increased encryption of user data and legal transparency. Last night, the software giant confirmed that by the end of 2014, it would have added 2048-bit encryption to the links between its data centres, and encrypted all user data that Microsoft stored. John Sullivan, executive director of the Free Software Foundation, called the Microsoft announcements meaningless and added that the company had made promises on security before. "Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure," he said in a statement. "A lock on your own house to which you do not have the master key is not a security system, it is a jail." Sullivan said that any system which does not allow for code review and modification, inevitably leaves itself open to back doors and privacy violations, and even questioned Microsoft's definition of a vulnerability. "While the Microsoft announcement does promise "transparency" to reassure people that there are no back doors in Windows, this is no solution," said Sullivan. "Microsoft has demonstrated time and time again that its definition of a 'back door' will not be the same as yours. Noticing that the back door is wide open will do you no good if you are forbidden from shutting it." In its announcement yesterday, Microsoft said that many of its new security moves are already in place, and that the company would be using the courts to fight gag orders preventing the company from notifying customers when governments seek their data. Writing in a blog post, Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs, said that the company believes that governments should gain access to information and data in the same way it did before IT moved to the cloud, by going directly to Microsoft's customers, and that the company should only be propelled to disclose data in "the most limited circumstances". Redmond's increased focus on encryption follows the public learning of the Muscular program conducted by the NSA and GCHQ that allowed the spy agencies to tap the traffic moving between Google and Yahoo data centres. Google and Yahoo have already made similar encryption announcements. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 5 18:57:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Dec 2013 19:57:50 -0500 Subject: [Infowarrior] - Google open up users' archives of Gmail and Calendar for downloading Message-ID: <1E97FCF1-3F20-4834-BC09-B340B6ACACE2@infowarrior.org> Google open up users' archives of Gmail and Calendar for downloading Dec. 5, 2013 at 7:42 PM http://www.upi.com/Science_News/Technology/2013/12/05/Google-open-up-users-archives-of-Gmail-and-Calendar-for-downloading/UPI-64001386290568/?spt=rln&or=1 MOUNTAIN VIEW, Calif., Dec. 5 (UPI) -- U.S. search giant Google says it is making its archives available to users, allowing them to search and find emails and calendar events from years past. Users of Gmail and Google Calendar will be able to export a copy of archive data for both backups and in order to move the data to other platforms, the Mountain View, Calif., firm said Thursday. "Having access to your data and being able to take it with you is important, especially if that data contains precious memories like old love letters, your first job offer, or that 100-message thread discussing the merits of various cat videos," Google software engineer Nick Piepmeier said in a blog post. While nostalgic revisiting of cat videos may be nice, the move suggests Google is hoping to reassure users that they control their own data in the wake of revelations about government data mining programs, ZDNet said. Users can search for particular data using Gmail labels or calendar date ranges or can download the entire contents of their personal archives, Google said. The archive for Google Calendar is available now, while the Gmail option will be introduced over the next month or so, Google said. Read more: http://www.upi.com/Science_News/Technology/2013/12/05/Google-open-up-users-archives-of-Gmail-and-Calendar-for-downloading/UPI-64001386290568/#ixzz2meTu2sMW --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 6 07:52:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 08:52:02 -0500 Subject: [Infowarrior] - Comcast Kills Business Model of Piracy Monitoring and Settlement Firm Message-ID: Never thought I'd say it about actions regarding IP/DMCA stuff, but nice job, Comcast!! --rick Comcast Kills Business Model of Piracy Monitoring and Settlement Firm http://torrentfreak.com/comcast-kills-business-model-of-piracy-monitoring-and-settlement-firm-131206/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 6 08:07:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 09:07:48 -0500 Subject: [Infowarrior] - Glenn Greenwald interview w/CNet Message-ID: <5E983506-49D4-4899-BAA1-16C41E7B756E@infowarrior.org> Saving the Net from the surveillance state: Glenn Greenwald speaks up (Q&A) http://news.cnet.com/8301-13578_3-57613838-38/saving-the-net-from-the-surveillance-state-glenn-greenwald-speaks-up-q-a/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 6 08:22:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 09:22:23 -0500 Subject: [Infowarrior] - US Spy Satellite Logo Not At All Subtle: Octopus Enveloping The Earth Message-ID: US Spy Satellite Logo Not At All Subtle: Octopus Enveloping The Earth http://www.techdirt.com/articles/20131205/15585425475/us-spy-satellite-logo-not-all-subtle-octopus-enveloping-earth.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 6 08:32:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 09:32:33 -0500 Subject: [Infowarrior] - more on.... US Spy Satellite Logo Not At All Subtle: Octopus Enveloping The Earth References: Message-ID: <8527F34A-B858-4C67-8BBD-81704DA0A97E@infowarrior.org> > From: daniel > Subject: RE: [Infowarrior] - US Spy Satellite Logo Not At All Subtle: Octopus Enveloping The Earth > Date: December 6, 2013 9:31:03 AM EST > > The Logos and patches often tell a story about the missions. I realize that this link is pretty old, but I figure you may like the relevance. > > > http://www.collectspace.com/news/news-083100a.html > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Fri Dec 6 10:07:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 11:07:10 -0500 Subject: [Infowarrior] - =?windows-1252?q?More_Airports_Set_to_Install_TSA?= =?windows-1252?q?_=91Detention_Pods=92?= Message-ID: More Airports Set to Install TSA ?Detention Pods? Devices that critics liken to cattle grids have biometric capabilities Paul Joseph Watson Infowars.com December 6, 2013 http://www.infowars.com/more-airports-set-to-install-tsa-detention-pods/ A new Transportation Security Administration directive that mandates airports provide security for terminal exits is likely to lead to the installation of more ?detention pods? which have the capability of subjecting travelers to biometric scans. ?Airports across the country have sued to block a new Transportation Security Administration directive that requires them, starting Jan. 1, to begin guarding exit security doors, as passengers leave flights and head for baggage claims,? reports the Associated Press. The article notes that in order to comply with the regulation and save hundreds of thousands of dollars a year in staffing, airports may follow the example set by Atlantic City International, which has ?installed five cylinder-shaped glass exit portals since 2009.? These ?detention pods?, which temporarily hold a traveler inside the portal until a green light and a voice command signals that the person can leave, have been compared to cattle grids by critics who see them as another way in which travelers are treated as prisoners inside the airport. According to Karen De Coster, the pods are a way ?to remind you that you are a captive? and are ?meant to make you feel like a prisoner who cannot leave.? The detention pods, which are also in place at Syracuse International Airport, ?were designed and approved by TSA,? according to Syracuse Airport Commissioner Christina Callahan. Travelers have expressed confusion at the necessity of the pods. ?I don?t understand those doors,? Cindy Katz, of Jupiter, Fla. told the Boston Globe. ?What are they supposed to do? It slows everyone down.? The article also notes how some are concerned about ?being scanned somehow while closed inside.? Mindy Carpenter, who was waiting for friends to arrive at the airport complained, ?It just took so long for the four of them to come through.? The report adds that the detention pods ?could be the wave of things to come,? and that their manufacturer, Eagle Security Group, is currently in talks with other airports. As we previously highlighted, although the devices currently in use do not (at least publicly) utilize any kind of scanning technology, the pods do have biometric and object-detecting capabilities, meaning in the future Americans could face yet another stifling level of security simply to leave the airport. A video demonstration of the devices shows a user biometrically scanning his fingerprint before he is allowed to leave the containment area. ?The identity of the user is guaranteed via fingerprint, iris or facial recognition scans before they are allowed to complete their passage from non-secure to secure areas. The Eagle ACP (Access Control Portal) with integrated biometrics of your choice is a complete solution,? states the company?s website. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 6 15:57:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 16:57:18 -0500 Subject: [Infowarrior] - Elsevier is taking down papers from Academia.edu Message-ID: Elsevier is taking down papers from Academia.edu December 6, 2013 Lots of researchers post PDFs of their own papers on their own web-sites. It?s always been so, because even though technically it?s in breach of the copyright transfer agreements that we blithely sign, everyone knows it?s right and proper. Preventing people from making their own work available would be insane, and the publisher that did it would be committing a PR gaffe of huge proportions. Enter Elsevier, stage left. Bioinformatician Guy Leonard is just one of several people to have mentioned on Twitter this morning that Academia.edu took down their papers in response to a notice from Elsevier. Here?s a screengrab of the notification: < - > http://svpow.com/2013/12/06/elsevier-is-taking-down-papers-from-academia-edu/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 6 16:35:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Dec 2013 17:35:10 -0500 Subject: [Infowarrior] - Unmasked: Area 51's Biggest, Stealthiest Spy Drone Yet Message-ID: Unmasked: Area 51's Biggest, Stealthiest Spy Drone Yet http://killerapps.foreignpolicy.com/posts/2013/12/06/unmasked_area_51s_biggest_stealthiest_spy_drone_yet The drone that spied on bin Laden and on Iran's nukes was just the start. Meet its bigger, higher-flying, stealthier cousin, the Northrop Grumman RQ-180. It's probably been flying for a few years now, but you weren't supposed to know that; the existence of this secret project, based out of Area 51, was revealed Friday byAviation Week. The existence of the RQ-180 has been long rumored. Cryptic public statements by U.S. Air Force officials indicated a secret high-altitude reconnaissance drone, and Northrop officials frequently reference the broad strokes of the program. For that matter, it is likely not the only classified unmanned aerial vehicle, or UAV. Other companies, including Lockheed and Boeing, also have a stable of smaller secretaircraft. The RQ-180 is likely flying from the secret Air Force test facility at Groom Lake, Nevada, widely known as Area 51. Its exact specifications, including such crucial details as the number of engines, is unknown, but Aviation Week suggests a wingspan of over 130 feet, based on hangar construction at Northrop's Palmdale, California facility. The number of aircraft built is also unknown; however, a flight test program, relatively quick entry into service and open budget documents suggest a small fleet are flying routinely. One such aircraft is Lockheed's RQ-170, first shown to the world in grainy pictures from Kandahar air base, Afghanistan, but only officially acknowledged after one crashed almost-intact in Iran. The RQ-170 was (and maybe still is)tasked by the CIA to spy on Iran's contentious nuclear program. The drone was reportedly used to spy on Osama Bin Laden in Pakistan before and during the raid that killed him. RQ-170 has also been reported in South Korea, possibly to look at North Korea's nuclear program. RQ-170 was impressive, but limited: it showed only some stealth characteristics, and was widely believed to be slightly outdated by the time it was discovered. The larger and stealthier RQ-180 would be able to fly higher, longer, allowing the CIA to watch the same targets for days at a time, and -- just maybe -- spy on more sophisticated countries. The RQ-180 is based off the X-47B, a much smaller experimental aircraft that became the first drone to takeoff and land from an aircraft carrier. Where the smaller X-47B lacks range and stealth, RQ-180 evidently delivers. Though RQ-180 is far too large for an aircraft carrier, it may have the same air-to-air refueling capabilities as the X-47B, allowing it to stay in the air virtually indefinitely. It may also have attack capabilities: X-47B has bomb bays, which have thus far gone unused, and indeed Aviation Week suggests it is used for electronic attack and carries sophisticated sensors. The aircraft's performance is said to be similar to Northrop's white-world entry, the RQ-4 Global Hawk, which can fly for days and cover thousands of miles. Hopefully the RQ-180 performs better; Global Hawk has received mixed marks on its evaluations, and the aircraft it was meant to replace, the venerable Lockheed U-2, will continue to fly for decades to come. White-world reconnaissance capabilities, such as the General Atomics MQ-9 Reaper and a plethora of modified Beechcraft King Airs, are incapable of stealth and can easily be tracked on radar. Though few doubt stealthier capabilities, the Air Force has been closemouthed on its stealthy intelligence aircraft. The Nevada desert has a long history of supporting whole squadrons of classified aircraft, including the famed Lockheed SR-71 Blackbird, the F-117 stealth fighter and the RQ-170. Often upon becoming public the aircraft are transferred to other facilities, usually the slightly-less-classified Tonopah Test Range airport. The wheels of declassification turn slowly, so as with RQ-170, details of the RQ-180 will likely remain opaque for years to come. From rforno at infowarrior.org Sat Dec 7 08:11:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Dec 2013 09:11:22 -0500 Subject: [Infowarrior] - =?windows-1252?q?=27Patriot=27_Act_author=3A_Obam?= =?windows-1252?q?a=92s_intel_czar_should_be_prosecuted?= Message-ID: Patriot Act author: Obama?s intel czar should be prosecuted By Brendan Sasso http://thehill.com/blogs/hillicon-valley/technology/192241-patriot-act-author-obamas-intel-czar-should-be-prosecuted Rep. James Sensenbrenner Jr., the original author of the Patriot Act, says Director of National Intelligence James Clapper should be prosecuted for lying to Congress. "Lying to Congress is a federal offense, and Clapper ought to be fired and prosecuted for it," the Wisconsin Republican said in an interview with The Hill. He said the Justice Department should prosecute Clapper for giving false testimony during a Senate Intelligence Committee hearing in March. During that hearing, Sen. Ron Wyden (D-Ore.) asked Clapper whether the National Security Agency (NSA) collects data on millions of Americans. Clapper insisted that the NSA does not ? or at least does "not wittingly" ? collect information on Americans in bulk. After documents leaked by Edward Snowden revealed that the NSA collects records on virtually all U.S. phone calls, Clapper apologized for the misleading comment. The intelligence director said he tried to give the "least untruthful" answer he could without revealing classified information. Sensenbrenner said that explanation doesn?t hold water and argued the courts and Congress depend on accurate testimony to do their jobs. "The only way laws are effective is if they're enforced," Sensenbrenner said. "If it's a criminal offense ? and I believe Mr. Clapper has committed a criminal offense ? then the Justice Department ought to do its job." Shawn Turner, a spokesman for Clapper, declined to comment. Sensenbrenner also said President Obama should fire Clapper and NSA Director Keith Alexander in the wake of the revelations about the spying programs. He argued that, because members of the military are naturally more concerned with national security, both jobs should be filled with civilians. "The successor of both Clapper and Alexander ought to be civilians," Sensenbrenner said. "I think that civilians would be able to have a better balance in seeing the distinction between security and civil liberties." Alexander is a four-star Army general, while Clapper is a retired lieutenant general in the Air Force. Senior White House officials are considering whether the next NSA director should be a civilian, as The Hill first reported last month. The NSA has been led only by military officers since its founding in 1952. Alexander has said he will retire in the spring. Sensenbrenner, a former chairman of the House Judiciary Committee, is pushing the USA Freedom Act, which would limit the NSA's power, tighten oversight and end the bulk collection of phone records. He was the original author of the Patriot Act in 2001, which the NSA has cited when filing secret court requests to conduct surveillance. But Sensenbrenner claims that the NSA is overstepping the law and violating the Constitution. From rforno at infowarrior.org Sat Dec 7 08:11:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Dec 2013 09:11:29 -0500 Subject: [Infowarrior] - As Online Ads Look More Like News Articles, F.T.C. Warns Against Deception Message-ID: As Online Ads Look More Like News Articles, F.T.C. Warns Against Deception Mary F. Calvert for The New York Times Edith Ramirez, chairwoman of the Federal Trade Commission, spoke on Wednesday at a conference about ads that may be hard to recognize as marketing tools. By EDWARD WYATT Published: December 4, 2013 http://www.nytimes.com/2013/12/05/business/ftc-says-sponsored-online-ads-can-be-misleading.html WASHINGTON ? What happens when advertising stops being obvious? The Federal Trade Commission, charged with protecting consumers and guarding against deceptive advertising practices, acknowledges it does not know. But faced with a growing wave of digital advertising that is intended to look like the news articles and features of the publications where they appear, the commission is warning advertisers that it intends to vigorously enforce its rules against misleading advertising. The practice of what is now known as native advertising or sponsored content ? and has been referred to as advertorial or infomercial ? has grown more aggressive on the Internet. That is because companies and brands have the ability to target specific audiences and individuals and to get instant feedback when consumers react to what is being shown. Bait and switch is as old as sales itself, and it has been subject to F.T.C. rules for nearly a century. But as door-to-door salesmen portraying themselves as opinion pollsters have given way to web pages made to look like unbiased magazine articles, consumer-protection officials have grown concerned that even information labeled advertising can mislead consumers. ?The delivery of relevant messages and cultivating user engagement are important goals, of course,? Edith Ramirez, the chairwoman of the F.T.C., said on Wednesday at a conference the agency conducted to discuss native advertising. Several hundred advertisers, academics and media executives were there to hear the message. ?That is the point of advertising, after all,? Ms. Ramirez added. ?But it?s equally important that advertising not mislead consumers. By presenting ads that resemble editorial content, an advertiser risks implying, deceptively, that the information comes from a nonbiased source.? F.T.C. officials said recent surveys on online publishers revealed that 73 percent offered native advertising opportunities on their sites and that an additional 17 percent were considering offering them this year. (The New York Times is among the publications that will begin the practice next year.) About 41 percent of brands and one-third of advertising agencies use such methods, they said. Chris Laird, marketing director for brand operations at Procter & Gamble, said sponsored content allowed the company to ?immediately measure the impact it is having on our business.? Unlike advertisements in magazines or on television, online ads let a company know when a consumer downloads a coupon, posts a product review or goes to a shopping site and buys its product. The F.T.C., interested in what drives consumer decisions, conducted a test with a panel of advertising and publishing experts. It showed them different models of sponsored content and asked whether each might be confusing or deceptive. Is, for example, putting an advertisement in a shaded box enough of a distinction to warn consumers that they are being sold something? What if the box has a headline saying ?sponsored content,? ?sponsored by Dawn? or ?brought to you by ...?? It became clear throughout the day that advertisers and marketers were loath to label an ?advertisement? as an ad. Robert Weissman, president of Public Citizen, a consumer advocacy group, said ?the word ?advertisement? tells people what is being done to them.? ?The whole point of the word ?sponsored? is to avoid calling it what it is,? he said. Jeff Johnson, who helps companies design user interfaces, said ?sponsored by? messages confuse consumers because they are not clear on whether the advertiser played a role in the creation of the material or asked a publisher to create material that was compatible with a product. Several publishers and website owners who use native advertising defended the practice, saying their readers were knowledgeable enough to understand how to distinguish promotion from newsroom content. Tessa Gould, director of The Huffington Post?s native advertising studio, said prominent labels like ?Presented by Sony? accompanied a recent article titled ?The 8 Most Incredible Water Festivals You Need to Attend.? The article was specifically created by the site to help Sony promote its new waterproof tablet computer. Not all examples are so clear cut. Jon Steinberg, president and chief operating officer of BuzzFeed, noted that companies could directly post articles that had marketing purposes to the BuzzFeed website. But because they are not paid placements, there is no commercial relationship. ?There is a distinction to be made between labeling something as an advertisement and telling the consumer who the content is from,? he said. Sometimes the content originates with the same people who create the regular articles and headlines. Mashable.com uses its reporters and editors to create the advertising content. The publication?s technology journalists are regularly used to create advertising ?because it allows us to go more in depth? in reporting, said Adam Ostrow, chief strategy officer for Mashable. For a consumer, what is missing in a native advertisement is as important as what is included, said Michelle De Mooy, a senior associate at Consumer Action, an advocacy group. Sponsored content on a medical website that offers information about a drug to treat a disorder but that does not talk about cheaper alternative treatments affects a consumer beyond the perception of the site?s credibility. But the F.T.C. has to answer crucial questions before it can come up with any solutions: Do consumers really care about the advertisements? And is there harm being done? David J. Franklyn, a professor at the University of San Francisco law school, said preliminary results from his research showed that as many as 35 percent of the consumers in groups he has studied could not identify an advertisement even when it said ?advertisement? on it. Roughly half, he said, indicated they did not know what the word ?sponsored? meant. Perhaps more important, he said, is that one-third of consumers say they do not care if something is an advertisement or is editorial material, and many would be more likely to click through to an item if they knew it was an ad. That led Mr. Franklyn to ask: ?So what are we protecting the consumer from?? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 7 08:11:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Dec 2013 09:11:33 -0500 Subject: [Infowarrior] - Obama war chiefs widen drone kill box Message-ID: Obama war chiefs widen drone kill box By Kristina Wong -The Washington Times Tuesday, December 3, 2013 http://www.washingtontimes.com/news/2013/dec/3/pentagon-gives-more-room-for-deadly-error-in-drone/print/ The Pentagon has loosened its guidelines on avoiding civilian casualties during drone strikes, modifying instructions from requiring military personnel to "ensure" civilians are not targeted to encouraging service members to "avoid targeting" civilians. In addition, instructions now tell commanders that collateral damage "must not be excessive" in relation to mission goals, according to Public Intelligence, a nonprofit research group that analyzed the military's directives on drone strikes. "These subtle but important changes in wording provide insight into the military's attempts to limit expectations in regards to minimizing collateral damage and predicting the lethal effects of military operations," Public Intelligence said in a recent report. The number of civilian casualties caused by U.S. drone strikes is a point of contention among Washington, human rights groups and countries where strikes are conducted, chiefly Afghanistan, Pakistan, Libya, Yemen and Somalia. Because the strikes are classified operations, the U.S. typically does not acknowledge when they occur, or reveal how many combatants and civilians are killed or injured. An official for the Air Force ? the service primarily tasked with carrying out drone strikes ? said "tactical directives have changed a number of times over the years to tackle collateral damage concerns not only from aircraft and helicopters but from mortars and other weapons that deliver effects beyond line of sight." The official, who requested anonymity to discuss security matters, declined to say how the directives have changed or what the collateral damage concerns are, citing "operational security." Military officials, however, said the Joint Chiefs document is one of several that instruct commanders on conducting drone strikes, as well as theater-specific rules of engagement and the overarching Law of Armed Conflict. The October 2012 document was published on a Pentagon website several months ago but has since been removed, said Public Intelligence founder and editor Michael Haynes, who obtained and analyzed the documents. A military official confirmed that the document is being used, among others, to provide guidance for drones. Human rights groups say such secrecy prevents scrutiny and accountability for civilian casualties. Amnesty International and Human Rights Watch have released reports focused on Pakistan and Yemen that say the strikes could be illegal and that the U.S. has killed more than 4,700 people, including more than 1,000 civilians. Administration officials say the strikes are legal because the U.S. is at war with al Qaeda and its associates. They also insist there is a wide gap between the government's civilian casualty count and those of human rights groups. "Before any strike is taken, there must be near-certainty that no civilians will be killed or injured ? the highest standard we can set," President Obama said in a rare acknowledgment of the strikes in May 2013. Public Intelligence conducted a word-for-word analysis of an instructional document from the chairman of the Joint Chiefs of Staff titled "No-Strike and the Collateral Damage Estimate Methodology," which was provided to the American Civil Liberties Union in 2009, and a version of the document that was updated in October 2012. The ACLU filed a Freedom of Information Act request to obtain the 2009 version, which is posted on its website. The 2009 version directs military personnel to take reasonable precautions to ensure that civilians are not targeted in attacks; the 2012 version says service members should "avoid targeting" civilians. "A requirement to 'ensure' that civilians are not the subject of attacks is changed to an admonishment to 'avoid targeting' civilians," Mr. Haynes said. Moreover, commanders had been instructed to "consider the military necessity for attacking the target, proportionality of the means planned, and reasonableness within the framework of operational objectives." The modified language tells leaders that collateral damage "must not be excessive" in relation to mission objectives. What's more, the updated version adds a paragraph that says the process for estimating collateral damage outlined in the document "does not account for secondary explosions" caused by the strike, such as of a weapons cache or fuel tank, because those explosions "cannot be consistently measured or predicted." "The section does say that commanders should be 'cognizant of the risks' from secondary explosions, but this is fairly weak wording and does not imply necessary compliance," Mr. Haynes said. The earlier version also defines "collateral concern" as objects that are "not considered lawful military targets" under the Law of Armed Conflict. The updated version defines the term as objects "located inside the collateral hazard area." The guidance applies only to military drone strikes and not necessarily to those carried out by the CIA, although the military and the CIA work together on some drone operations. Citing an increase in drone operations last year in Libya, Air Force officials said the number of military drone strikes in 2013 is expected to be lower than in 2012. Officials said military drones last year led to or helped ground troops kill and/or capture more than 1,850 enemy combatants. Officials declined to specify how many enemy combatants were killed or captured. Pentagon statistics show that 361 Hellfire missiles and six 500-pound laser-guided bombs were fired in 2012. In 2011, 432 Hellfire missiles and 19 500-pound laser-guided bombs were fired. Military officials say they take great care in differentiating civilians from combatants and sometimes wait several weeks until a target is away from relatives and civilians. But they also acknowledge that it can be difficult to assess civilian casualties or other collateral damage, especially when a target is hiding in a structure or under foliage. Given this difficulty, the collateral damage estimate "is our best means of minimizing civilian casualties and damages to nearby structures," said a spokesman for Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff. "I have talked to Pentagon officials that say they are very, very careful," said Sarah Holewinski, executive director of Civilians in Conflict. "But it's not enough to have a conversation and have to trust. There should be a lot more transparency." Despite Mr. Obama's pledge for more transparency on drone strikes, the administration "continues to answer legitimate questions and criticisms by saying, 'We can't really talk about this,'" said Naureen Shah, advocacy adviser at Amnesty International. Senior administration officials recently met with representatives of human rights organizations to discuss reports that the groups published in October, but told participants not to reveal who attended the meetings, where they met or what was discussed. "To me, this is just yet another example of the unreasonable level of secrecy surrounding this program," said Letta Tayler, author of Human Rights Watch's report on U.S. drone strikes in Yemen. "We hope that the U.S. will move swiftly to acknowledge basic details of these strikes." ? Copyright 2013 The Washington Times, LLC. Click here for reprint permission. Read more: http://www.washingtontimes.com/news/2013/dec/3/pentagon-gives-more-room-for-deadly-error-in-drone/#ixzz2mnXEp99x --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 7 08:22:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Dec 2013 09:22:49 -0500 Subject: [Infowarrior] - US Court Secretly Lets Government Share Megaupload Evidence With Copyright Industry Message-ID: US Court Secretly Lets Government Share Megaupload Evidence With Copyright Industry from the government-copyright-industrial-complex dept http://www.techdirt.com/articles/20131206/02524925481/us-court-secretly-lets-government-share-megaupload-evidence-with-copyright-industry.shtml In the latest in a long list of travesties carried out by the US government in the Megaupload case, apparently it went to the US court handling the case, and without letting Megaupload know, got an ex parte order allowing the government to share evidence from the case with various copyright holders and then to issue press releases about the case. As Megaupload's lawyers point out, the whole thing is a clear due process violation. < - > Apparently part of the issue for the original filing to reveal this information was that some copyright holders are getting antsy that as the case drags on, they won't also be able to file civil cases against Megaupload before the three-year statute of limitations expires. However, as Megaupload's lawyers point out, there is no urgency here since the government itself made no move to share this information over the past two years. If it really wanted to share the information it had ample time to make the request and allow Megaupload's lawyers to review and take part in the process, rather than trying to route around them entirely. < -> --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 7 08:23:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Dec 2013 09:23:55 -0500 Subject: [Infowarrior] - A Federal Agency That Still Uses Floppy Disks Message-ID: <6F1282AE-EF1F-4132-9DC8-4AB61162089A@infowarrior.org> (c/o KM) Slowly They Modernize: A Federal Agency That Still Uses Floppy Disks By JADA F. SMITH Published: December 6, 2013 http://www.nytimes.com/2013/12/07/us/politics/slowly-they-modernize-a-federal-agency-that-still-uses-floppy-disks.html WASHINGTON ? The technology troubles that plagued the HealthCare.gov website rollout may not have come as a shock to people who work for certain agencies of the government ? especially those who still use floppy disks, the cutting-edge technology of the 1980s. Every day, The Federal Register, the daily journal of the United States government, publishes on its website and in a thick booklet around 100 executive orders, proclamations, proposed rule changes and other government notices that federal agencies are mandated to submit for public inspection. So far, so good. It turns out, however, that the Federal Register employees who take in the information for publication from across the government still receive some of it on the 3.5-inch plastic storage squares that have become all but obsolete in the United States. Now government infrastructure experts are hoping that public embarrassments like the HealthCare.gov debacle will prompt a closer look at the government?s technological prowess, especially if it might mean getting rid of floppy disks. ?You?ve got this antiquated system that still works but is not nearly as efficient as it could be,? said Stan Soloway, chief executive of the Professional Services Council, which represents more than 370 government contractors. ?Companies that work with the government, whether longstanding or newcomers, are all hamstrung by the same limitations.? The use of floppy disks peaked in American homes and offices in the mid-1990s, and modern computers do not even accommodate them anymore. But The Federal Register continues to accept them, in part because legal and security requirements have yet to be updated, but mostly because the wheels of government grind ever slowly. Davita Vance-Cooks, the head of the Government Printing Office, which prints The Federal Register and publishes it online, spoke at a congressional hearing on Wednesday about her department?s attempts to make its work remain relevant in a post-print world. Despite creating mobile apps, The Federal Register still requires agencies to submit information on paper, with original signatures, though they can create a digital signature via a secured email system. Agencies are also permitted to submit the documents on CD-ROMs and floppy disks, but not on flash drives or SD cards. ?The Federal Register Act says that an agency has to submit the original and two duplicate originals or two certified copies,? said Amy P. Bunk, The Federal Register?s director of legal affairs and policy. As long as an agency does that through one of the approved methods of transmission, she said, ?they?ve met the statutory requirement.? But the secure email system ? which uses software called Public Key Infrastructure technology ? is expensive, and some government agencies have not yet upgraded to it. As a result, some agencies still scan documents on to a computer and save them on floppy disks. The disks are then sent by courier to the register. Ms. Bunk said that although many agencies did use the secure email system, The Federal Register could not require it until Congress made it compulsory by law. ?There are limits as to how far we can make the agencies do everything in lock step,? said Jim Bradley, the assistant public printer for the Government Printing Office. Federal budget cuts, he said, had helped slow down any modernization. ?We?ve got to accommodate the funding and everything else,? Mr. Bradley said. ?Some agencies move forward with technology, and that?s great. Other agencies aren?t ready to go this year, maybe not next year.? A spokesman for The Federal Register would not say which agencies still used floppy disks. But at The Register?s office, a modest space on North Capitol Street in sight of the Capitol dome, couriers were recently seen coming in and out as an employee pulled a floppy disk from one package and at least two CD-ROMs from others. Meanwhile, experts say that an administration that prided itself on its technological savvy has a long way to go in updating the computer technology of the federal government. HealthCare.gov and the floppy disks of The Federal Register, they say, are but two recent examples of a government years behind the private sector in digital innovation. Mr. Soloway, of the Professional Services Council, said that the government?s technology was also causing it to fall behind in cooperation with the private sector. ?It?s undoubtedly inhibiting the expansion? of what corporations are willing to do with the government, Mr. Soloway said. ?And it remains an inhibitor for the next generation of companies.? This article has been revised to reflect the following correction: Correction: December 7, 2013 An earlier version of this article incorrectly reported the agency that oversees The Federal Register. It is the National Archives, not the Government Printing Office. The Government Printing Office prints The Federal Register and publishes it online. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 9 07:59:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Dec 2013 08:59:13 -0500 Subject: [Infowarrior] - =?windows-1252?q?Spies=92_Dragnet_Reaches_a_Playi?= =?windows-1252?q?ng_Field_of_Elves_and_Trolls?= Message-ID: Spies? Dragnet Reaches a Playing Field of Elves and Trolls By MARK MAZZETTI and JUSTIN ELLIOTT Published: December 9, 2013 13 Comments http://www.nytimes.com/2013/12/10/world/spies-dragnet-reaches-a-playing-field-of-elves-and-trolls.html?hp&_r=0 Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents. Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels. The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games ? fake identities, voice and text chats, a way to conduct financial transactions ? American and British intelligence agencies worried that they might be operating there, according to the papers. Online games might seem innocuous, a top-secret 2008 N.S.A. document warned, but they had the potential to be a ?target-rich communication network? allowing intelligence suspects ?a way to hide in plain sight.? Virtual games ?are an opportunity!? another 2008 N.S.A. document declared. But for all their enthusiasm ? so many C.I.A., F.B.I. and Pentagon spies were hunting around in Second Life, the document noted, that a ?deconfliction? group was needed to avoid collisions ? the intelligence agencies may have inflated the threat. The documents do not cite any counterterrorism successes from the effort, and former American intelligence officials, current and former gaming company employees and outside experts said in interviews that they knew of little evidence that terrorist groups viewed the games as havens to communicate and plot operations. Games ?are built and operated by companies looking to make money, so the players? identity and activity is tracked,? said Peter W. Singer of the Brookings Institution, an author of ?Cybersecurity and Cyberwar: What Everyone Needs to Know.? ?For terror groups looking to keep their communications secret, there are far more effective and easier ways to do so than putting on a troll avatar.? The surveillance, which also included Microsoft?s Xbox Live, could raise privacy concerns. It is not clear exactly how the agencies got access to gamers? data or communications, how many players may have been monitored or whether Americans? communications or activities were captured. One American company, the maker of World of Warcraft, said that neither the N.S.A. nor its British counterpart, the Government Communications Headquarters, had gotten permission to gather intelligence in its game. Many players are Americans, who can be targeted for surveillance only with approval from the nation?s secret intelligence court. The spy agencies, though, face far fewer restrictions on collecting certain data or communications overseas. "We are unaware of any surveillance taking place," said a spokesman for Blizzard Entertainment, based in Irvine, Calif., which makes World of Warcraft. "If it was, it would have been done without our knowledge or permission." A spokeswoman for Microsoft declined to comment. Philip Rosedale, the founder of Second Life and a former chief executive officer of Linden Lab, the game?s maker, declined to comment on the spying revelations. Current Linden executives did not respond to requests for comment. A Government Communications Headquarters spokesman would neither confirm nor deny any involvement by that agency in gaming surveillance, but said that its work is conducted under ?a strict legal and policy framework? with rigorous oversight. An N.S.A. spokeswoman declined to comment. Intelligence and law enforcement officials became interested in games after some became enormously popular, drawing tens of millions of people worldwide, from preteens to retirees. The games rely on lifelike graphics, virtual currencies and the ability to speak to other players in real time. Some gamers merge the virtual and real worlds by spending long hours playing and making close online friends. Andrew W. Lehren contributed reporting. Page 2 of 3 In World of Warcraft, players share the same fantasy universe ? walking around and killing computer-controlled monsters or the avatars of other players, including elves, animals or creatures known as orcs. In Second Life, players create customized human avatars that can resemble themselves or take on other personas ? supermodels and bodybuilders are popular ? who can socialize, buy and sell virtual goods, and go places like beaches, cities, art galleries and strip clubs. In Microsoft?s Xbox Live service, subscribers connect online in games that can involve activities like playing soccer or shooting at each other in space. According to American officials and documents that Mr. Snowden provided to The Guardian, which shared them with The New York Times and ProPublica, spy agencies grew worried that terrorist groups might take to the virtual worlds to establish safe communications channels. In 2007, as the N.S.A. and other intelligence agencies were beginning to explore virtual games, N.S.A. officials met with the chief technology officer for the manufacturer of Second Life, the San Francisco-based Linden Lab. The executive, Cory Ondrejka, was a former Navy officer who had worked at the N.S.A. with a top-secret security clearance. He visited the agency?s headquarters at Fort Meade, Md., in May 2007 to speak to staff members over a brown bag lunch, according to an internal agency announcement. ?Second Life has proven that virtual worlds of social networking are a reality: come hear Cory tell you why!? said the announcement. It added that virtual worlds gave the government the opportunity ?to understand the motivation, context and consequent behaviors of non-Americans through observation, without leaving U.S. soil.? Mr. Ondrejka, now the director of mobile engineering at Facebook, said through a representative that the N.S.A. presentation was similar to others he gave in that period, and declined to comment further. Even with spies already monitoring games, the N.S.A. thought it needed to step up the effort. ?The Sigint Enterprise needs to begin taking action now to plan for collection, processing, presentation and analysis of these communications,? said one April 2008 N.S.A. document, referring to ?signals intelligence.? The document added, ?With a few exceptions, N.S.A. can?t even recognize the traffic,? meaning that the agency could not distinguish gaming data from other Internet traffic. By the end of 2008, according to one document, the British spy agency, known as GCHQ, had set up its ?first operational deployment into Second Life? and had helped the police in London in cracking down on a crime ring that had moved into virtual worlds to sell stolen credit card information. The British spies running the effort, which was code-named Operation Galician, were aided by an informer using a digital avatar ?who helpfully volunteered information on the target group?s latest activities.? Though the games might appear to be unregulated digital bazaars, the companies running them reserve the right to police the communications of players and store the chat dialogues in servers that can be searched later. The transactions conducted with the virtual money common in the games, used in World of Warcraft to buy weapons and potions to slay monsters, are also monitored by the companies to prevent illicit financial dealings. In the 2008 N.S.A. document, titled ?Exploiting Terrorist Use of Games & Virtual Environments,? the agency said that ?terrorist target selectors? ? which could be a computer?s Internet Protocol address or an email account ? ?have been found associated with Xbox Live, Second Life, World of Warcraft? and other games. But that document does not present evidence that terrorists were participating in the games. Still, the intelligence agencies found other benefits in infiltrating these online worlds. According to the minutes of a January 2009 meeting, GCHQ?s ?network gaming exploitation team? had identified engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players ? potential targets for recruitment as agents. At Menwith Hill, a Royal Air Force base in the Yorkshire countryside that the N.S.A. has long used as an outpost to intercept global communications, American and British intelligence operatives started an effort in 2008 to begin collecting data from World of Warcraft. Andrew W. Lehren contributed reporting. Page 3 of 3 One N.S.A. document said that the World of Warcraft monitoring ?continues to uncover potential Sigint value by identifying accounts, characters and guilds related to Islamic extremist groups, nuclear proliferation and arms dealing.? In other words, targets of interest appeared to be playing the fantasy game, though the document does not indicate that they were doing so for any nefarious purposes. A British document from later that year said that GCHQ had ?successfully been able to get the discussions between different game players on Xbox Live.? By 2009, the collection was extensive. One document says that while GCHQ was testing its ability to spy on Second Life in real time, British intelligence officers vacuumed up three days? worth of Second Life chat, instant message and financial transaction data, totaling 176,677 lines of data, which included the content of the communications. For their part, players have openly worried that the N.S.A. might be watching them. In one World of Warcraft discussion thread, begun just days after the first Snowden revelations appeared in the news media in June, a human death knight with the user name ?Crrassus? asked whether the N.S.A. might be reading game chat logs. ?If they ever read these forums,? wrote a goblin priest with the user name ?Diaya,? ?they would realize they were wasting? their time. Even before the American government began spying in virtual worlds, the Pentagon had identified the potential intelligence value of video games. The Pentagon?s Special Operations Command in 2006 and 2007 worked with several foreign companies ? including an obscure digital media business based in Prague ? to build games that could be downloaded to mobile phones, according to people involved in the effort. They said the games, which were not identified as creations of the Pentagon, were then used as vehicles for intelligence agencies to collect information about the users. Eager to cash in on the government?s growing interest in virtual worlds, several large private contractors have spent years pitching their services to American intelligence agencies. In one 66-page document from 2007, part of the cache released by Mr. Snowden, the contracting giant SAIC promoted its ability to support ?intelligence collection in the game space,? and warned that online games could be used by militant groups to recruit followers and could provide ?terrorist organizations with a powerful platform to reach core target audiences.? It is unclear whether SAIC received a contract based on this proposal, but one former SAIC employee said that the company at one point had a lucrative contract with the C.I.A. for work that included monitoring the Internet for militant activity. An SAIC spokeswoman declined to comment. In spring 2009, academics and defense contractors gathered at the Marriott at Washington Dulles International Airport to present proposals for a government study about how players? behavior in a game like World of Warcraft might be linked to their real-world identities. ?We were told it was highly likely that persons of interest were using virtual spaces to communicate or coordinate,? said Dmitri Williams, a professor at the University of Southern California who received grant money as part of the program. After the conference, both SAIC and Lockheed Martin won contracts worth several million dollars, administered by an office within the intelligence community that finances research projects. It is not clear how useful such research might be. A group at the Palo Alto Research Center, for example, produced a government-funded study of World of Warcraft that found ?younger players and male players preferring competitive, hack-and-slash activities, and older and female players preferring noncombat activities,? such as exploring the virtual world. A group from the nonprofit SRI International, meanwhile, found that players under age 18 often used all capital letters both in chat messages and in their avatar names. Those involved in the project were told little by their government patrons. According to Nick Yee, a Palo Alto researcher who worked on the effort, ?We were specifically asked not to speculate on the government?s motivations and goals.? Andrew W. Lehren contributed reporting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 9 08:01:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Dec 2013 09:01:31 -0500 Subject: [Infowarrior] - Tech Giants Issue Call for Limits on Government Surveillance of Users Message-ID: <0C1E6971-F709-4CAA-914B-5005A3218468@infowarrior.org> Tech Giants Issue Call for Limits on Government Surveillance of Users By EDWARD WYATT and CLAIRE CAIN MILLER Published: December 9, 2013 http://www.nytimes.com/2013/12/09/technology/tech-giants-issue-call-for-limits-on-government-surveillance-of-users.html?hpw&rref=technology Eight prominent technology companies, bruised by revelations of government spying on their customers? data and scrambling to repair the damage to their reputations, are mounting a public campaign to urge President Obama and Congress to set new limits on government surveillance. On Monday the companies, led by Google and Microsoft, presented a plan to regulate online spying and urged the United States to lead a worldwide effort to restrict it. They accompanied it with an open letter, in the form of full-page ads in national newspapers, including The New York Times, and a website detailing their concerns. It is the broadest and strongest effort by the companies, often archrivals, to speak with one voice to pressure the government. The tech industry, whose billionaire founders and executives are highly sought as political donors, forms a powerful interest group that is increasingly flexing its muscle in Washington. ?It?s now in their business and economic interest to protect their users? privacy and to aggressively push for changes,? said Trevor Timm, an activist at the Electronic Frontier Foundation. ?The N.S.A. mass-surveillance programs exist for a simple reason: cooperation with the tech and telecom companies. If the tech companies no longer want to cooperate, they have a lot of leverage to force significant reform.? The political push by the technology companies opens a third front in their battle against government surveillance, which has escalated with recent revelations about government spying without the companies? knowledge. The companies have also been making technical changes to try to thwart spying and have been waging a public-relations campaign to convince users that they are protecting their privacy. ?People won?t use technology they don?t trust,? Brad Smith, Microsoft?s general counsel, said in a statement. ?Governments have put this trust at risk, and governments need to help restore it.? Apple, Yahoo, Facebook, Twitter, AOL and LinkedIn joined Google and Microsoft in saying that they believed in governments? right to protect their citizens. But, they said, the spying revelations that began last summer with leaks of National Security Agency materials by Edward J. Snowden showed that ?the balance in many countries has tipped too far in favor of the state and away from the rights of the individual.? The Obama administration has already begun a review of N.S.A. procedures in reaction to public outrage. The results of that review could be presented to the White House as soon as this week. ?Having done an independent review and brought in a whole bunch of folks ? civil libertarians and lawyers and others ? to examine what?s being done, I?ll be proposing some self-restraint on the N.S.A., and you know, to initiate some reforms that can give people more confidence,? Mr. Obama said Thursday on the MSNBC program ?Hardball.? While the Internet companies fight to maintain authority over their customers? data, their business models depend on collecting the same information that the spy agencies want, and they have long cooperated with the government to some extent by handing over data in response to legal requests. The new principles outlined by the companies contain little information and few promises about their own practices, which privacy advocates say contribute to the government?s desire to tap into the companies? data systems. ?The companies are placing their users at risk by collecting and retaining so much information,? said Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, a nonprofit research and advocacy organization. ?As long as this much personal data is collected and kept by these companies, they are always going to be the target of government collection efforts.? For instance, Internet companies store email messages, search queries, payment details and other personal information to provide online services and show personalized ads. They are trying to blunt the spying revelations? effects on their businesses. Each disclosure risks alienating users, and foreign governments are considering laws that would discourage their citizens from using services from American Internet companies. The cloud computing industry could lose $180 billion, or a quarter of its revenue, by 2016, according to Forrester Research. Telecom companies, which were not included in the proposal to Congress, have had a closer working relationship with the government than the Internet companies, such as longstanding partnerships to hand over customer information. While the Internet companies have published so-called transparency reports about government requests, for example, the telecoms have not. ?For the phone companies,? said Tim Wu, a professor at Columbia studying the Internet and the law, ?help with federal spying is a longstanding tradition with roots in the Cold War. It?s another area where there?s a split between old tech and new tech ? the latter taking a much more libertarian position.? The new surveillance principles, the Internet companies said, should include limiting governments? authority to collect users? information, setting up a legal system of oversight and accountability for that authority, allowing the companies to publish the number and nature of the demands for data, ensuring that users? online data can be stored in different countries and establishing a framework to govern data requests between countries. In a statement, Larry Page, Google?s co-founder and chief executive, criticized governments for the ?apparent wholesale collection of data, in secret and without independent oversight.? He added, ?It?s time for reform and we urge the U.S. government to lead the way.? In their open letter, the companies maintain they are fighting for their customers? privacy. ?We are focused on keeping users? data secure,? the letter said, ?deploying the latest encryption technology to prevent unauthorized surveillance on our networks, and by pushing back on government requests to ensure that they are legal and reasonable in scope.? The global principles outlined by the companies make no specific mention of any country and call on ?the world?s governments to address the practices and laws regulating government surveillance of individuals and access to their information.? But the open letter to American officials specifically cites the United States Constitution as the guidepost for new restrictions on government surveillance. Chief among the companies? proposals is a demand to write ?sensible limitations? on the ability of government agencies to compel Internet companies to disclose user data, forbidding the wholesale vacuuming of user information. ?Governments should limit surveillance to specific known users for lawful purposes, and should not undertake bulk data collection of Internet communications,? the companies said. Brian X. Chen contributed reporting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 9 08:21:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Dec 2013 09:21:56 -0500 Subject: [Infowarrior] - Scientists Discover Untapped Freshwater Reserves Beneath the Oceans Message-ID: Dec 09, 2013 08:19 AM EST Scientists Discover Untapped Freshwater Reserves Beneath the Oceans By Benita Matilda http://www.scienceworldreport.com/articles/11464/20131209/scientits-disocver-untapped-freshwater-reserves-beneath-the-oceans.htm Scientists Disocver Untapped Freshwater Reserves Beneath the Oceans Australian scientists have identified vast freshwater reserves buried beneath the oceans offering new prospect for wiping out the alarming global water crisis. According to the latest report documented in the journal Nature, researchers have revealed the presence of nearly half a million cubic kilometres of low salinity water located beneath the seabed on the continental shelves. Located off Australia, China North America and South Africa, the newly discovered fresh water reserves can be used to supply water to coastal cities. "The volume of this water resource is a hundred times greater than the amount we've extracted from the Earth's sub-surface in the past century since 1900," says lead author Dr Vincent Post (pictured) of the National Centre for Groundwater Research and Training (NCGRT) and the School of the Environment at Flinders University. "Knowing about these reserves is great news because this volume of water could sustain some regions for decades." According to Dr. Post, the groundwater scientists were very well aware of the presence of the freshwater reserves beneath the seafloor, but have assumed it to occur during unusual and extraordinary situations. But this latest study reveals that the fresh and brackish aquifers under the seabed is a common phenomena that were formed nearly hundreds to thousands of years ago when the sea level was lower than what it is currently. The researchers explain that rainwater penetrated into the ground and filled up the water tables in regions that are currently under sea. This event was similar around the globe. Nearly 20,000 years ago, the sea levels rose, the ice caps began melting and the areas were covered by oceans. Most of the aquifers today are protected from seawater by blankets of clay and sediments that are piled on top. These aquifers are not different from those found below land. Their salinity is low due to which they can be easily converted into drinking water. The study researchers propose two ways to gain access to these freshwater reserves. It could either be by constructing a platform and drilling into the seabed, which is expensive. Or drill from the mainland that is at a closer distance from the aquifer. "Freshwater under the seabed is much less salty than seawater," Dr Post says. "This means it can be converted to drinking water with less energy than seawater desalination, and it would also leave us with a lot less hyper-saline water. Freshwater on our planet is increasingly under stress and strain so the discovery of significant new stores off the coast is very exciting. It means that more options can be considered to help reduce the impact of droughts and continental water shortages." An important factor that the nations with new reserves of freshwater offshore should remember is that the water reserves are non-renewable and should be used carefully. Once gone it cannot be replenished until the level of sea water drops again, which is next to impossible keeping in mind the rapid change in climate. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 9 10:56:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Dec 2013 11:56:07 -0500 Subject: [Infowarrior] - Putin dissolves state news agency, tightens grip on Russia media Message-ID: Putin dissolves state news agency, tightens grip on Russia media By Timothy Heritage MOSCOW Mon Dec 9, 2013 10:12am EST http://www.reuters.com/article/2013/12/09/us-russia-media-idUSBRE9B80I120131209 (Reuters) - President Vladimir Putin tightened his control over Russia's media on Monday by dissolving the main state news agency and replacing it with an organization that is to promote Moscow's image abroad. The move to abolish RIA Novosti and create a news agency to be known as Rossiya Segodnya is the second in two weeks strengthening Putin's hold on the media as he tries to reassert his authority after protests against his rule. Most Russian media outlets are already loyal to Putin, and opponents get little air time, but the shake-up underlined their importance to Putin keeping power and the Kremlin's concern about the president's ratings and image. The head of the new agency, to be built from the ashes of RIA Novosti, is a conservative news anchor, Dmitry Kiselyov, who once caused outrage by saying the organs of homosexuals should not be used in transplants. "The main focus of ... Rossiya Segodnya (Russia Today) is to highlight abroad the state policy and public life of the Russian Federation," said a decree signed by Putin. Sergei Ivanov, the head of the presidential administration, told reporters that the changes were intended to save money and improve the state media. But the new organization has strong similarities to APN, a Soviet-era news agency whose role included writing articles about "the social-economic and cultural life of the Soviet people and items reflecting Soviet society's point of view on important internal and international events". RIA said in an English-language article about Putin's step: "The move is the latest in a series of shifts in Russia's news landscape which appear to point towards a tightening of state control in the already heavily regulated media sector." Rossiya Segodnya's focus on building up Russia abroad could solidify Putin's grip on information by further limiting sources of news for Russians whose TV screens are dominated by state-controlled channels. Putin's decree appeared to have little effect on the two other major Russian news agencies, state-run Itar-Tass and private Interfax, but it could benefit both by making RIA's replacement less of a competitor domestically. Itar-Tass is the successor of the Soviet official Tass agency, while Interfax has more leeway as a private agency but is restricted by the Kremlin's dominance. NEWS BOSS COURTS CONTROVERSY A prominent member of parliament, Alexei Mitrofanov, described Kiselyov as a "powerful propagandist" but said this was a good thing and that he was suitable for the job. In his third term, after weathering protests led by urban liberals, the 61-year-old Putin has often appealed to conservatives and championed the Russian Orthodox Church as a moral guide for society. Kiselyov has proved a loyal Putin supporter as a television presenter, at times making provocative remarks. In 2010 he said homosexuals should be banned from donating blood or sperm and last year said they should also be banned from donating organs. Putin has been Russia's dominant leader since he was first elected president in 2000. He began his third term in the Kremlin in May 2012 after stepping aside to serve for four years as prime minister because of constitutional limits. The opposition staged big street protests against him for several months from December 2011, following a parliamentary election they said was rigged. The demonstrations have faded but Putin's popularity ratings have declined from their peak during his first two terms - from 2000 until 2008. The Kremlin extended its grip over radio and television broadcasting on November 26 when the media arm of state-controlled Gazprom bought mining tycoon Vladimir Potanin's Profmedia. Through the deal, the ex-Soviet gas ministry - now Russia's largest firm by revenue - will add TV and radio stations, cinemas and film production and distribution assets to a sprawling portfolio built up around commercial channel NTV. The Kremlin already funds an English-language TV channel called RT which was initially known as Russia Today. It is not clear whether the two will operate separately and RT's head, Margarita Simonyan, said she had been unaware of the move. The new organization will be created in RIA Novosti's headquarters in central Moscow. The fate of its journalists and other employees was not immediately clear. RIA Novosti was created as the Soviet Information Bureau in 1941, after Nazi Germany invaded the Soviet Union, and issues reports in Russian and foreign languages. (This story has been refiled to delete extraneous word in 4th paragraph) (Additional reporting by Maria Tsvetkova and Alexei Kalmykov; Editing by Mark Heinrich) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 9 20:31:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Dec 2013 21:31:38 -0500 Subject: [Infowarrior] - =?windows-1252?q?TSA_Seizes_Sock_Monkey=92s_Toy_G?= =?windows-1252?q?un?= Message-ID: <2AA843BE-E847-43D8-89E1-1477CE1EA015@infowarrior.org> (Anyone else think the sock monkey has more common sense than the TSA folks here?) TSA Seizes Sock Monkey?s Toy Gun By Andrew Johnson December 9, 2013 12:35 PM http://www.nationalreview.com/corner/365823/tsa-seizes-sock-monkeys-toy-gun-andrew-johnson TSA agents in St. Louis, Missouri, disarmed Rooster Monkburn, a cowboy sock money, of his two-inch toy gun after a woman brought the stuffed monkey through security. Agents said that it posed a threat because it could be confused for a real gun, according to local reports. ?[The agent] said ?this is a gun,?? said Phyllis May, recounting the experience to fly back to her home in Washington state. ?I said no, it?s not a gun it?s a prop for my monkey.? May, who has a small business selling sock monkeys, was also questioned for bringing the sewing supplies she uses to make the stuffed animals in her carry-on bag. TSA agents told her they would have to confiscate the miniature firearm and call the police, although Washington?s KING-TV reports that the TSA never did call the authorities. May?s sewing supplies were ultimately returned to her. ?Rooster Monkburn has been disarmed so I?m sure everyone on the plane was safe,? May quipped. ?I understand [the TSA agent] was doing her job but at some point doesn?t common sense prevail?? May had named the disarmed monkey Rooster Monkburn after Rooster Cogburn, John Wayne?s character in the film True Grit. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 9 21:34:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Dec 2013 22:34:55 -0500 Subject: [Infowarrior] - Samsung attempts to silence YouTube complaint of Galaxy S4 fire, fails Message-ID: Samsung attempts to silence YouTube complaint of Galaxy S4 fire, fails updated 07:33 pm EST, Mon December 9, 2013 http://www.electronista.com/articles/13/12/09/settlement.offer.includes.comprehensive.gag.order.preventing.follow.up/ Settlement offer includes comprehensive gag order preventing follow-up Following a fire severely damaging YouTube user Ghostlyrich's Samsung Galaxy S4, the Korean manufacturer wanted proof that the device was damaged in the manner that the user reported, prior to any replacement or repair offer being made. Ghostlyrich uploaded a video showing the damage, with a melted case and visibly damaged internal hardware. In a settlement offer mailed to the user, Samsung demanded the video be removed before it would send out a replacement, with other extreme terms. The user claimed that he plugged in the phone prior to retiring for the night, and woke up to a charred plastic smell. He allegedly used an official Samsung charger and cable, and showed both on the original video. Ghostlyrich said that he had no problem with removing the original video, but refused to agree to the remainder of Samsung's terms which included never discussing the incident with anyone. He then posted a video discussing the situation so far. The original video garnered 120,000 views. The "retaliation" video has been viewed 475,000 times after some technology press coverage. The user contrasted a positive service response with a previous service problem he had with an Apple iPhone, Microsoft's reasonable response to a red ring of death Xbox, and Samsung's legal response to the burned phone. He noted that Samsung demand that he "take responsibility" for the phone catching fire, and demanded that he not discuss the settlement in any way, with any person, including further videos. Ghostlyrich has obviously violated the terms of the settlement, with no response from Samsung at this time. Read more: http://www.electronista.com/articles/13/12/09/settlement.offer.includes.comprehensive.gag.order.preventing.follow.up/#ixzz2n2VaQP4b --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 10 20:25:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Dec 2013 21:25:25 -0500 Subject: [Infowarrior] - NSA uses Google cookies to pinpoint targets for hacking Message-ID: <161F8592-D8FC-4A99-B642-A235D287E494@infowarrior.org> NSA uses Google cookies to pinpoint targets for hacking By Ashkan Soltani, Andrea Peterson, and Barton Gellman, Updated: December 10 at 8:50 pm http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking//?print=1 The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance. The agency's internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations. For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance. Cookie monster According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the ?PREF? cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser. In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. The slides say the cookies are used to "enable remote exploitation," although the specific attacks used by the NSA against targets are not addressed in these documents. The NSA's use of cookies isn't a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion - akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs. Separately, the NSA is also using commercially gathered information to help it locate mobile devices around the world, the documents show. Many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone's owner. This information is more specific than the broader location data the government is collecting from cellular phone networks, as reported by the Post last week. "On a macro level, 'we need to track everyone everywhere for advertising' translates into 'the government being able to track everyone everywhere,'" says Chris Hoofnagle, a lecturer in residence at UC Berkeley Law. "It's hard to avoid." These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist. The NSA declined to comment on the specific tactics outlined in this story, but an NSA spokesman sent the Post a statement: "As we've said before, NSA, within its lawful mission to collect foreign intelligence to protect the United States, uses intelligence tools to understand the intent of foreign adversaries and prevent them from bringing harm to innocent Americans." Google declined to comment for this article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests. "The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information," Page said in a statement on the coalition's Web site. "This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world." How consumers are tracked online Internet companies store small files called cookies on users' computers to uniquely identify them for ad-targeting and other purposes across many different Web sites. This advertising-driven business model pays for many of the services, like e-mail accounts, that consumers have come to expect to have for free. Yet few are aware of the full extent to which advertisers, services and Web sites track their activities across the Web and mobile devices. These data collection mechanisms are invisible to all but the most sophisticated users -- and the tools to opt-out or block them have limited effectiveness. Privacy advocates have pushed to create a "Do Not Track" system allowing consumers to opt out of such tracking. But Jonathan Mayer of Stanford's Center for Internet and Society, who has been active in that push, says "Do Not Track efforts are stalled out." They ground to a halt when the Digital Advertising Alliance, a trade group representing online ad companies, abandoned the effort in September after clashes over the proposed policy. One of the primary issues of contention was whether consumers would be able to opt out of all tracking, or just not be served advertisements based on tracking. Some browsers, such as Apple's Safari, automatically block a type of code known as "third-party cookies," which are often placed by companies that advertise on the site being visited. Other browsers such as Mozilla's Firefox are also experimenting with that idea. But such settings won't prevent users from receiving cookies directly from the primary sites they visit or services they use. Google's PREF Cookie Google assigns a unique PREF cookie anytime someone's browser makes a connection to any of the company's Web properties or services. This can occur when consumers directly use Google services such as Search or Maps, or when they visit Web sites that contain embedded "widgets" for the company's social media platform Google Plus. That cookie contains a code that allows Google to uniquely track users to "personalize ads" and measure how they use other Google products. Given the widespread use of Google services and widgets, most Web users are likely to have a Google PREF cookie even if they've never visited a Google property directly. That PREF cookie is specifically mentioned in an internal NSA slide, which reference the NSA using GooglePREFID, their shorthand for the unique numeric identifier contained within Google's PREF cookie. Special Source Operations (SSO) is an NSA division that works with private companies to scoop up data as it flows over the Internet's backbone and from technology companies' own systems. The slide indicates that SSO was sharing information containing "logins, cookies, and GooglePREFID" with another NSA division called Tailored Access Operations, which engages in offensive hacking operations. SSO also shares the information with the British intelligence agency GCHQ. "This shows a link between the sort of tracking that's done by Web sites for analytics and advertising and NSA exploitation activities," says Ed Felten, a computer scientist at Princeton University. "By allowing themselves to be tracked for analytic or advertising at least some users are making themselves more vulnerable to exploitation." This isn't the first time Google cookies have been highlighted in the NSA's attempts to identify targets to hack. A presentation released in October by the Guardian called "Tor Stinks" indicates that the agency was using cookies for DoubleClick.net, Google's third-party advertising service, in an attempt to identify users of the Internet anonymization tool Tor when they switched to regular browsing. "It's similar in the sense that you see the use of an unique ID in the cookie to allow an eavesdropper to connect the activities of a user over time," says Felten. Leaked location data Another slide indicates that the NSA is collecting location data transmitted by mobile apps to support ad-targeting efforts in bulk. The NSA program, code-named HAPPYFOOT, helps the NSA to map Internet addresses to physical locations more precisely than is possible with traditional Internet geolocation services. Many mobile apps and operating systems use location-based services to help users find restaurants or establishments nearby. In fact, even when GPS is disabled, most smart phones silently determine their location in the background using signals from Wi-Fi networks or cellular towers. And apps that do not need geo-location data may still collect it anyway to share with third-party advertisers. Just last week, the Federal Trade Commission announced a settlement for a seemingly innocuous flashlight app that allegedly leaked user location information to advertisers without consumers' knowledge. Apps transmit their locations to Google and other Internet companies because ads tied to a precise physical location can be more lucrative than generic ads. But in the process, they appear to tip off the NSA to a mobile device's precise physical location. That makes it easier for the spy agency to engage in the sophisticated tracking techniques the Post described in a story Dec. 4. Implications for privacy The disclosures about NSA practices reveal the dilemma facing online companies, which have faced a backlash against tracking for commercial purposes and their role in government surveillance. "If data is used and it stops the next 9/11 our fellow citizens wouldn't have any problem with it no matter what it is," says Stuart P. Ingis, General Counsel at the Digital Advertising Association. But he says that it is a balancing act to pursue those bad actors "while at the same time preserving the civil liberties." Other defenders of online advertising companies have argued it is unfair to conflate private companies' ad-tracking activities with the NSA activities revealed in the Snowden leaks. Marvin Ammori, a lawyer who advises technology companies including Google on surveillance issues, wrote in USA Today that "limiting bulk data collection by private companies - whether they advertise or not - would do little or nothing to limit the NSA." Felten disagrees, noting that the latest documents show that "the unique identifiers that are being placed on users' computers are not only being used by analytic and advertising companies, but also being used by the NSA for targeting." He also says that there are things those companies could do to protect their users from the type of attacks described in the slides, like "not sending tracking IDs, or at least not sending them in the clear" without a layer of encryption. Similarly, he says, "browser makers can help by giving users better control over the use of third-party tracking cookies and by making sure that their browsers are not sending unique IDs as a side effect of their safe-browsing behavior." Stanford's Mayer says the revelations suggest the need for limits on the data that companies collect about consumers. "There's increasingly a sense that giving consumers control over the information they share with companies is all the more important," he says, "because you're also giving them control over the information they share with government." Soltani is an independent security researcher and consultant. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 11 07:35:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Dec 2013 08:35:31 -0500 Subject: [Infowarrior] - OT: Why Do Forecasters Keep Forecasting? Message-ID: <3FBC0838-ACE3-4F00-834B-A029403F9E82@infowarrior.org> Why Do Forecasters Keep Forecasting? By Barry Ritholtz Dec 11, 2013 7:15 AM ET http://www.bloomberg.com/news/2013-12-11/why-do-forecasters-keep-forecasting-.html "He who lives by the crystal ball soon learns to eat ground glass." -- Edgar Fiedler Its that time of year again! All of your favorite prognosticators will soon be trotting out their favorite (albeit worthless) prognostications. You are advised to ignore them with extreme prejudice. This has been a peeve of mine for quite some time, going back to "The Folly of Forecasting" and, more recently, "Get ahead of forecaster folly." I was reminded of this courtesy of a commentary by Robert Seawright, chief information officer of Madison Avenue Securities. It had the delightful tongue-in-cheek title, "Missed It By *This* Much." Seawright notes that the ?one forecast that is almost certain to be correct is that market forecasts are almost certain to be wrong.? His table, which I have reproduced here, reveals just how true that was for S&P 500 predictions in 2013. As of yesterday, the best of the major broker forecasts was only off by about 12 percent, the worst by 30 percent. All told the seers' average miss was a full 17.5 percent. The simple truth is that, as a species, you humans are terrible about making predictions. Forget forecasting big events that are not in your control, such as the economy or the market, you cannot even forecast your own behavior. If you could, the fitness and diet industries would be bankrupt. Back in 2007 (when I still participated in this silliness), I ended up winning a Wall Street Journal contest for such predictions. Ironic for someone who does not believe in them. At the time, I noted that getting incredibly lucky and nailing the numbers was based purely on chance. To be blunt, it was nothing more than dumb luck, and much to the chagrin of my employer at the time, I told CNBC anchor Mark Haines as much. On occasion, I still get the occasional TV anchor asking me questions such as, ?Where will the Dow be in 1 year?? It is amusing to respond honestly -- ?I haven?t the slightest idea? -- and see their faces contort. Regardless, the true danger of forecasting is not that you will be wrong -- the odds are you will -- but rather the natural tendency to stick to a forecast regardless. Instead of adjusting to changing conditions, we have the odd tendency to marry the old prediction. Ned Davis summed this up in his book "Being Right or Making Money." There is a tendency to want to be right, to want your prediction to come true. Once you let go of this hope to be correct in the face of mounting evidence to the contrary, you can change your positioning to reflect reality instead of wishes. Hence, our advice for the silly season: Ignore the forecasts, and instead, make money. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 07:59:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 08:59:38 -0500 Subject: [Infowarrior] - Follow the money on intel contributions to Congress Message-ID: <1CC8BB8B-913C-475F-8252-DB6487852458@infowarrior.org> Lawmakers who oversee government surveillance programs receive millions from intelligence companies December 13, 2013 | Joe Schoffstall Every member who sits on the committees that oversee government intelligence operations has received campaign contributions from the top twenty largest intelligence companies in the United States, according to a new report. Amid the NSA scandal, the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence ? the committees in charge of oversight ? denied stricter reform attempts to the NSA programs and instead propelled legislation aimed at restoring their trust. The committees are intended to keep waste, fraud, and abuse in check given most of these programs are hidden from the general public. Every single member on the committees received campaign contributions from the largest intelligence companies in the U.S. performing services for the the government. A report from Maplight, a nonpartisan research organization that reveals money in politics, highlights the donations from political action committees (PACs) and individuals from the intelligence services companies to these members. The report shows donations amount to over $3.7 million from 2005-2013. Rep. Dutch Ruppersberger (D- Md.), the highest ranking Democrat on the House committee, received the most amount of money. He was given $363,600 with $124,350 of this coming from a single company ? Northrop Grumman. As the Center for Public Integrity notes, Rep. Ruppersberger?s Maryland district includes the NSA. He is also a member of the ?Gang of Eight? and receives extremely detailed intelligence reports that many other members do not receive. The second highest amount was given to Sen. Barbara Mikulski (D- Md.) who received $210,150. Sen. Mikulski also happens to be chairwomen of the Senate Appropriations Committee ? a committee which allocates federal funds to a majority of government programs, including intelligence. Rep. Frank LoBiondo (R-N.J.) was given $205,345 ? he is the second highest ranking Republican on the House Armed Services Tactical Air and Land Forces Subcommittee. Rep. James Langevin (D- R.I.) received $200,850 from intelligence companies? PACs, top executives, and lobbyists. Langevin is the second highest ranking Democrat on the House Armed Services Intelligence Subcommittee. L-3 Communications, Lockheed Martin, CACI International, GTCR Golder Rauner L.L.C., SAIC Inc, Mission Essential, and Booz Allen Hamilton are among the top companies to contribute to committee members. Here are the top 20 intelligence companies to hand out donations: < - > http://capitolcityproject.com/watchdog-lawmakers-oversee-government-surveillance-programs-receive-millions-intelligence-companies/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 07:59:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 08:59:42 -0500 Subject: [Infowarrior] - Committee That Grilled Guardian Editor Over Snowden Documents Won't Get To Question Intelligence Boss Message-ID: Committee That Grilled Guardian Editor Over Snowden Documents Won't Get To Question Intelligence Boss http://www.techdirt.com/articles/20131211/19020925539/committee-that-grilled-guardian-editor-over-snowden-documents-wont-get-to-question-intelligence-boss.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 07:59:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 08:59:47 -0500 Subject: [Infowarrior] - =?windows-1252?q?Was_Yesterday_Twitter=92s_New_Co?= =?windows-1252?q?ke_Moment=3F?= Message-ID: <07CE4959-8EC2-4414-AA24-59C21635A6C9@infowarrior.org> Twitter?s New Coke Moment http://www.thereformedbroker.com/2013/12/13/twitters-new-coke-moment/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 08:04:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 09:04:56 -0500 Subject: [Infowarrior] - Pirate Bay moves to Ascension Island Message-ID: <877AD8CC-8CE8-41AE-B256-3C56F1B01B6B@infowarrior.org> Pirate Bay moves to Ascension Island following domain name seizure http://rt.com/news/pirate-bay-ascension-island-027/ Published time: December 10, 2013 22:16 Edited time: December 12, 2013 15:36 Under pressure once again from the entertainment industry, The Pirate Bay has upped sticks and moved to a new .AC domain, based on the isolated volcanic Ascension Island in the South Atlantic Ocean. The move comes after the website?s previous domain registry in Sint Maarten - a Dutch protectorate - was seized. The Pirate Bay team said the website?s former .SX domain appears to have been seized overnight, TorrentFreak reported. Operators quickly relocated to the piratebay.ac web address, which uses the Ascension Island?s country code top-level domain (ccTLD). The Ascension Island domain is controlled by the UK. The Pirate Bay stressed that the island is not its final destination, adding that it will soon set sail for safer shores. British authorities are not fans of The Pirate Bay; the website is routinely blocked by UK ISPs, according to the Inquirer, a European site for computer news. TorrentFreak speculated that the domain seizure may be connected to the Dutch anti-piracy group BREIN, which represents a number of copyright holders in the music, film, and gaming industries. Last month, BREIN sent an email to The Pirate Bay?s founder, Fredrik Neij, telling him that the site infringes on the rights of copyright holders worldwide. The .SX domain name is controlled by the Netherlands, so BREIN has jurisdiction over it. ?We expressly point out that by registering domain names and using these and/or allowing these to be used by The Pirate Bay, you infringe on the rights of the Rights Owners. Therefore the Rights Owners hold you liable for the damages that they have suffered and will suffer from your actions,? the letter states. The letter gave The Pirate Bay until November 22 to shut down its website, and threatened a 25,000 euro (US$34,400) per day fine if the site remained online. It is not clear whether BREIN is behind the current domain seizure, or if a new court order has been issued. ?The AC domain is directly connected to the UK, so it?s just a quick stop there,? a Pirate Bay insider told TorrentFreak. The next destination for the infamous torrent site is the Peruvian .PE registry, which will become its fifth domain name in 2013. Once based in Sweden but fearing seizure by Swedish authorities, the site moved to Greenland, then to Iceland, before acquiring its .SX domain. http://rt.com/news/pirate-bay-ascension-island-027/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 09:34:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 10:34:16 -0500 Subject: [Infowarrior] - GCHQ Forced Secure Email Service PrivateSky to Shut Down Message-ID: <0401D67C-A066-4AF8-A953-2FB940CF5E78@infowarrior.org> GCHQ Forced Secure Email Service PrivateSky to Shut Down http://www.ibtimes.co.uk/articles/529392/20131211/gchq-forced-privatesky-secure-email-service-offline.htm --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 09:40:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 10:40:03 -0500 Subject: [Infowarrior] - WH will not split NSA and Cyber Command Message-ID: <5456B025-28F1-4E27-B928-655BF00CE48B@infowarrior.org> White House to preserve controversial policy on NSA, Cyber Command leadership By Ellen Nakashima http://www.washingtonpost.com/world/national-security/white-house-to-preserve-controversial-policy-on-nsa-cyber-command-leadership/2013/12/13/4bb56a48-6403-11e3-a373-0f9f2d1c2b61_print.html The Obama administration has decided to preserve a controversial arrangement by which a single military official is permitted to direct both the National Security Agency and the military?s cyberwarfare command, U.S. officials said. The decision by President Obama comes amid signs that the White House is not inclined to impose significant new restraints on the NSA?s activities ? especially its collection of data on virtually every phone call Americans make ? although it is likely to impose additional privacy protection measures. Some officials, including the top U.S. intelligence official, had argued that the NSA and Cyber Command should be placed under separate leadership to ensure greater accountability and avoid an undue concentration of power. ?Following a thorough interagency review, the administration has decided that keeping the positions of NSA Director and Cyber Command Commander together as one, dual-hatted position is the most effective approach to accomplishing both agencies? missions,? White House spokeswoman Caitlin Hayden said in an e-mail to The Washington Post. The announcement comes as an external panel appointed by Obama readies a report on NSA surveillance and the White House nears completion of its own internal review. ?The big picture is there?s not going to be that much [additional] constraint,? said one U.S. official, speaking on the condition of anonymity to discuss internal deliberations. ?They?re really not hurting [the NSA] that much.? NSA officials declined to comment. Hayden said the internal review focuses on the NSA?s activities around the world with a special emphasis on collection of intelligence about heads of state, coordination with closest allies and partners, and the issue of whether the process of setting national intelligence priorities should be modified. She declined to discuss details, saying the review was ongoing. Some officials familiar with the decision to keep one person in charge of both the NSA and Cyber Command expressed disappointment. ?It?s a mistake,? said one U.S. official. ?Cyber Command and NSA each needs its own full-time head, and [Obama] could have continued the coordination and close working relationship between the two organizations without them being led by the same individual.? The current NSA director, Gen. Keith B. Alexander, is due to retire in March after more than eight years at the helm. He has long advocated maintaining the ?dual hat? arrangement for the NSA and Cyber Command, arguing that the cyber unit depends heavily on the NSA?s capabilities for its own operations. ?NSA plays a unique role in supporting Cyber Command?s mission, providing critical support for target access and development, including linguists, analysts, cryptanalytic capabilities, and sophisticated technological infrastructure,? Hayden said. ?Without the dual-hat arrangement, elaborate procedures would have to be put in place to ensure that effective coordination continued and avoid creating duplicative capabilities in each organization.? In interagency deliberations in recent weeks, some officials have also advocated for placing a civilian in charge of the NSA. The external review panel was also prepared to recommend such a step, according to one official. But the cyber organization must be headed by a military official, so the NSA?s director will continue to be a military officer, as has been the tradition since it was launched in 1952. Cyber Command was established in 2009 but reached full operational capability in 2010. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 13 09:44:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Dec 2013 10:44:45 -0500 Subject: [Infowarrior] - =?windows-1252?q?Meet_the_Robot_Telemarketer_Who_?= =?windows-1252?q?Denies_She=92s_A_Robot?= Message-ID: (c/o KRG) Meet the Robot Telemarketer Who Denies She?s A Robot http://newsfeed.time.com/2013/12/10/meet-the-robot-telemarketer-who-denies-shes-a-robot/#ixzz2nN0hGTc8 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 15 18:57:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Dec 2013 19:57:13 -0500 Subject: [Infowarrior] - Former Google lawyer Michelle Lee to run USPTO Message-ID: 13 December 2013 Last updated at 06:12 ET Former Google lawyer Michelle Lee to run US patent office http://www.bbc.co.uk/news/technology-25363266?print=true Google's former top patent lawyer has been put in charge of America's patent and trademark office (USPTO). Michelle Lee was made deputy director of the USPTO this week and will run the agency while it seeks a new boss. Currently head of the Silicon Valley office of the patent agency, Ms Lee starts her new job on 13 January. Ms Lee joined the patent office after leaving Google in June 2012 but said the opinions of her former employer would not guide her work. Google, like many other tech firms, has clashed with rivals over the technologies used in many of its products. In particular, Google has fought rivals in court for the right to use some innovations in its smartphones. The agency is seeking a new head after the former director left to join a private legal practice in February and then the acting director stepped down in late November. 'Frivolous' lawsuits One of the USPTO's priorities should be tackling its huge backlog of patents, said Ms Lee. Statistics released by the agency reveal that currently there are almost 600,000 patents awaiting assessment by its examiners. In addition, said Ms Lee, she would work to improve the quality of patents being approved in a bid to reduce the number of "frivolous" lawsuits kicked off when firms are granted the rights to overly broad technological innovations. Many tech firms have been embroiled in legal fights with so-called "patent trolls", who win approval for an idea and then seek large licence payments from firms they claim are using their technology without permission. On 5 December, the US House of Representatives approved a bill known as the Innovation Act, which aims to make it harder for trolls to get their patent applications approved and forces them to supply more detailed evidence of infringements. The act must now be approved by the US Senate before it becomes law. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 15 18:57:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Dec 2013 19:57:17 -0500 Subject: [Infowarrior] - France Broadens Its Surveillance Power Message-ID: <66E184A2-EBD5-473C-AE3C-76658182CF9A@infowarrior.org> France Broadens Its Surveillance Power http://www.nytimes.com/2013/12/15/world/europe/france-broadens-its-surveillance-power.html PARIS ? For all their indignation last summer, when the scope of the United States? mass data collection began to be made public, the French are hardly innocents in the realm of electronic surveillance. Within days of the reports about the National Security Agency?s activities, it was revealed that French intelligence services operated a similar system, with similarly minimal oversight. And last week, with little public debate, the legislature approved a law that critics feared would markedly expand electronic surveillance of French residents and businesses. The provision, quietly passed as part of a routine military spending bill, defines the conditions under which intelligence agencies may gain access to or record telephone conversations, emails, Internet activity, personal location data and other electronic communications. The law provides for no judicial oversight and allows electronic surveillance for a broad range of purposes, including ?national security,? the protection of France?s ?scientific and economic potential? and prevention of ?terrorism? or ?criminality.? In an unusual alliance, Internet and corporate groups, human rights organizations and a small number of lawmakers have opposed the law as a threat to business or an encroachment on individual rights. The government argues that the law, which does not take effect until 2015, does little to expand intelligence powers. Rather, officials say, those powers have been in place for years, and the law creates rules where there had been none, notably with regard to real-time location tracking. While conceding that the new law ?does effectively expand the existing regime to adapt it to the missions and reality of our intelligence services,? Defense Minister Jean-Yves Le Drian told the Senate that ?it especially reinforces oversight as compared with the current situation.? In effect, analysts say, the government has either staked out rights to a vast new range of surveillance practices, or acknowledged that it has already been collecting far more data, under far less regulated circumstances, than people realized. Neither prospect is terribly comforting to the law?s opponents. ?We feel that anything can be placed under the heading ?national security,? ? said Cl?mence Bectarte, a lawyer for the International Federation for Human Rights. The law, she said, expanded the list of state administrations authorized to request electronic surveillance, for example to include the budget ministry. ?There should have been a parliamentary commission and a real public debate,? she said. French intelligence agencies have little experience publicly justifying their practices. Parliamentary oversight did not begin until 2007. The Association des Services Internet Communautaires, or @sic, an advocacy group whose members include AOL, eBay, Facebook, Google, Microsoft and several top French Internet companies, discovered the new legislation essentially by chance. ?There was no consultation at all,? said Giuseppe de Martino, @sic?s director and an executive at Dailymotion, a French online video service. ?No one said anything about it to us.? The National Commission for Information Technology and Freedoms, a state administration meant to protect the rights and privacy of citizens, said it was not consulted on the contentious elements of the bill, though it was asked to review other provisions. The government denied any effort to shield the law from public scrutiny. The bill went through four votes in Parliament, noted one government official. ?Not exactly discreet, as maneuvers go,? he said, speaking on condition of anonymity because he was not authorized to speak publicly. @sic said the law could give the authorities blanket rights to seize ?all documents stocked in a ?cloud? service subscribed by a given Internet user,? for instance. Currently, such a seizure would require a warrant, the group argued. ?We don?t know what this is going to mean in practice,? Mr. de Martino said. ?But now the doors are open.? French intelligence services are already reputed to be rapacious collectors of foreign industrial secrets, and there is some concern the law could discourage international investment. Internet service companies worry that users may begin to turn away from the Internet or share their personal information less freely. But Jean-Pierre Sueur, a senator from President Fran?ois Hollande?s Socialist Party, said identical provisions have been in place since the passage of an electronic intercepts law in 1991. ?If they?re angry about this, they ought to have been angry for 23 years,? Mr. Sueur said. The new law created ?only additional guarantees,? he said, and stricter rules for the 200,000 or so intercept operations conducted by French intelligence services each year. He rejected calls for judicial oversight, saying, ?In the context of the antiterror fight, day to day, it?s impossible.? Alain Juillet, president of the Academy of Economic Intelligence and a former intelligence director for France?s foreign intelligence service, said the law?s value was ?that it puts a framework where there wasn?t one before. Before, there was nothing; it was total freedom,? he said. Laurent Borredon, a reporter for Le Monde, qualified that endorsement. ?If one can reproach the parliamentarians for something,? he wrote last week, ?it?s to have regulated the tip of an iceberg whose depth we?re only barely beginning to measure today.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 15 18:57:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Dec 2013 19:57:24 -0500 Subject: [Infowarrior] - Boston Police indefinitely suspends license plate reader program Message-ID: Boston Police indefinitely suspends license plate reader program BPD's scanners saw a stolen motorcycle 59 times over 5 months and police did nothing. http://arstechnica.com/tech-policy/2013/12/boston-police-indefinitely-suspends-license-plate-reader-program/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 15 18:57:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Dec 2013 19:57:28 -0500 Subject: [Infowarrior] - How the NSA Piggy-Backs on Third-Party Trackers Message-ID: How the NSA Piggy-Backs on Third-Party Trackers By Edward Felten and Jonathan Mayer http://www.slate.com/blogs/future_tense/2013/12/13/nsa_surveillance_and_third_party_trackers_how_cookies_help_government_spies.html Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There?s no central system for identifying or locating individuals, so it?s hard to keep track of who is online and what they?re up to. What?s a spy agency to do? One option is to plant a unique tag on every computer and smartphone, stamp every Internet message with the sender?s tag, and then capture the tagged traffic. Perhaps in a massive database with a quirky all-caps codename. But a project of that scale can?t be kept secret, and if it?s done openly the public will surely object. Luckily (for the spies) there?s an easier way: free ride on the private sector, which does its own pervasive tagging and monitoring. That?s precisely what the National Security Agency has been up to, as confirmed most recently by a front-page story in Wednesday?s Washington Post.Other countries? spy agencies are probably doing the same thing. Companies track users for many reasons, such as to remember a login, to target ads, or to learn how users navigate. They usually do this by tagging each computer or smartphone with a tracking ID: a random-looking unique identifier, which is often stored in a browser cookie. Which companies are keeping tabs on you? You probably expect to be tracked by the sites you visit and the apps you run. But these ?first parties? often pull in tracking content from unrelated ?third parties,? most of which you probably have never heard of. Slate?s home page, for example, references at least a dozen third-party trackers. When we viewed the Post?s story about the NSA, our browser was directed to 39 third-party trackers, including one located in Japan. (This isn?t unusual, and Slate and the Post make no secret of it.) Spooks can easily watch these tracking IDs as they flit across the Net, unprotected by any encryption, and then use the IDs to build the mother of all tracking databases. The NSA collects vast amounts of international Internet traffic, and it retains the metadata?including tracking IDs?for at least a year. Unique identifiers solve many surveillance problems. What if several users share an Internet connection? Use tracking IDs to tell them apart. What if a user moves from home to a coffee shop or between cell towers? Follow the tracking IDs. What if you need to pinpoint a computer break-in? Aim at the target?s tracking IDs. None of this requires the cooperation?or even awareness?of the tracking companies. Geolocation is yet another freebie from the private sector. An Internet address provides only a rough estimate of a device?s location; greater precision requires access to hardware features like GPS or Wifi. What spy agency would risk tapping directly into devices? GPS or Wifi chips? They don?t need to?advertising and analytics software queries the onboard sensors, then phones home with an unencrypted and precise location. One NSA program, HAPPYFOOT, appears specifically designed to take advantage of this data. The proliferation of third-party trackers also increases the reach of Internet surveillance. No government, not even the United States, can monitor every network path. Most Web pages include multiple third parties, each typically contacted through a different route, giving spies more places to capture user activity. What?s more, the largest third parties are in the United States, where the NSA?s technical capabilities are at their zenith. Even if you?re outside the United States and viewing a local webpage, for example, there might be a tipoff to an American advertiser. And the NSA. If online services don?t like this, they can go beyond lobbying for legal changes?useful as that is?and upgrade their technology. Tracking servers can switch to HTTPS, the secure, encrypted version of the Web?s protocol. The expert consensus seems to be that even the NSA cannot accomplish mass surveillance of encrypted network traffic; HTTPS would put tracking IDs beyond a bulk eavesdropper?s reach. But technical security is not enough. The NSA can legally compel an American company to disclose records about any foreigner, with no individualized judicial review and scant transparency. The legal process is slower and more cumbersome than technical surveillance, to be sure, but still leaves much of the globe at risk. And the NSA has demonstrated it knows how to expedite the legal process using technology?that?s precisely what the PRISM program does. As long as companies collect and retain tracking data, there will be a risk of disclosure through legal process, and users, especially those overseas, will be wary. Edward Felten is a professor of computer science and public affairs at Princeton University and the director of Princeton?s Center for Information Technology Policy. He served as chief technologist for the Federal Trade Commission in 2011?2012. Jonathan Mayer is a doctoral student in computer science at Stanford University, where he received his law degree in 2013. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 15 18:57:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Dec 2013 19:57:44 -0500 Subject: [Infowarrior] - The age of invention is over Message-ID: The age of invention is over December 15, 2013 http://bitar.io/the-age-of-invention-is-over/ The age of invention is over. What new companies have really put forth a new invention on the market? Look closely enough, and you?ll see that the most successful products and startups today are not original ideas, but iterations on previous ideas. Not much is new. Everything is just an upgrade of the old. Every new generation of people refuse to live by the rules and ideas of previous generations, and are therefore always in effort to replace what they did not have any say-so in. The ?old generations?, whether of people or products, have not been brought up to the standards of today, and when the new steps in and shows them how it should be done, we call this disrupting. Uber disrupted the taxi industry. Chipotle disrupted the fast food industry Tesla disrupted the automobile industry Nest disrupted the thermostat industry Simple disrupted the banking industry iPhone disrupted the mobile phone industry Tuft & Needle is disrupting the mattress industry Robinhood.io is disrupting the stock trade industry None is new; all is just new and improved iteration. Rather than creating a new tool or concept that will needlessly make life easier, disrupt something that already exists but can be done better. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 15 21:51:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Dec 2013 22:51:34 -0500 Subject: [Infowarrior] - 60 Minutes' on Snowden and NSA.... Message-ID: <9F8EA8CC-F5AE-4D2D-8B4F-D3933A3EC1F9@infowarrior.org> CBS did a 2-segment piece on '60 Minutes' about Snowden and NSA this evening. It wss a totally one-sided regurgitation of the usual talking points, with the segments morphing from discussing Snowden's actions to how NSA will save us from cybergeddon and needs to keep its various authorities & capabilities. Regardless of your views on the underlying issues, the complete lack of any contrary interviews/viewpoints during these segments was, in my view, irresponsible journalism by CBS, and essentially made tonight's 'story' nothing more than a timely piece of glorified USG cheerleading masquerading as "journalism." More @ http://www.cbsnews.com/news/nsa-speaks-out-on-snowden-spying/ "Journalism" by CBS is something of an oxymoron in 2013, it seems. Side Note: The questionable "intelligence review" commission presents its report to the White House soon, which likely will set off more public discussions about NSA and surveillance activities. Thus, I suspect the timing of this CBS piece -- and the surprising seniority and 'exclusivity' of both interviewees and venues provided by NSA is not entirely coincidental. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 16 06:31:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Dec 2013 07:31:02 -0500 Subject: [Infowarrior] - US lawmakers ask trade czar to stem data threats Message-ID: <6D7D1AD3-604C-44DB-A4D2-BF85162F22A8@infowarrior.org> US lawmakers ask trade czar to stem data threats By MARCY GORDON ? Dec. 16, 2013 7:02 AM EST http://bigstory.ap.org/article/us-lawmakers-ask-trade-czar-stem-data-threats WASHINGTON (AP) ? Members of Congress want the Obama administration to demand that U.S. allies back away from proposed restrictions on international data transmissions, saying those actions could hurt U.S. companies. Some nations are seeking to tighten the flow of data after reports this fall of the National Security Agency conducting massive information-gathering efforts abroad. Germany has asked European Union officials to consider restrictions that would prevent U.S. companies from processing commercial and personal data from customers in Europe. That could affect the flow of information and hurt U.S. businesses such as Google, Facebook, Apple and Amazon. Other proposals could affect the development of cloud computing. A bipartisan group of House members ? 12 Democrats and six Republicans ? has sent a letter to U.S. Trade Representative Michael Froman, insisting that nations abandon such efforts as a condition of pending trade pacts. "These policies threaten to harm American and international businesses," the lawmakers said in a letter dated Friday. The letter's primary authors were Reps. Michael McCaul, R-Texas, and Doris Matsui, D-Calif., co-chairs of the Congressional High Tech Caucus. The letter also cited measures ordered by President Dilma Rousseff in Brazil to make the country's online system more independent from the U.S. and other countries. Asked about the letter, Froman's office said, "We are confident that we will be able to respect privacy protections on both sides of the Atlantic as we advance our common digital trade agenda." "The United States and the European Union have one of the most substantial data transfer networks in the world, and businesses on both sides of the Atlantic depend on the ability to transfer data seamlessly across borders to conduct their global business operations," the trade representative's office said in a statement. It called the existing U.S.-EU agreement "a vital bridge." This fall, reports surfaced that the NSA has been monitoring the cell phones of a number of world leaders, including German Chancellor Angela Merkel. Other reports based on documents leaked by former NSA contractor Edward Snowden have portrayed agency spying on foreign governments, companies and tens of millions of telephone calls in Europe. The backlash over the spying could threaten a sweeping free-trade pact with the European Union, which is aimed at adding about $138 billion a year to both regions' economies. That deal is one of President Barack Obama's top trans-Atlantic goals. The fallout also could hurt America's existing trade agreement with Europe, which generates tens of billions of dollars in trans-Atlantic business annually. EU officials have said the trust needed for trade negotiations has been shattered. Chinese and Southeast Asian governments have demanded an explanation from U.S. authorities on the NSA surveillance. The lawmakers are urging Froman "to remind our trading partners around the world that all governments and all segments of the economy benefit from cross-border data flows." They are asking Obama's trade czar to keep the issue prominently on the table in ongoing talks on two landmark trade agreements: with the European Union and with a group of countries across the Asia-Pacific region. Lawmakers sent the letter a week after a coalition of businesses including Google, Apple, Yahoo, Facebook and Microsoft penned its own, asking Obama to curb the surveillance programs. Silicon Valley has been fighting in the courts and in Congress for changes that would allow them to disclose more information about the secret government orders they receive. Several companies are introducing more encryption technology to shield their users' data from government spies and other prying eyes. The tech companies are straining to counter any perception that they voluntarily give the government access to users' email and other sensitive data. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 16 11:00:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Dec 2013 12:00:18 -0500 Subject: [Infowarrior] - Bruce Schneier to leave employer BT Message-ID: <2F21011D-3DF8-4FD3-802B-3C28F662E431@infowarrior.org> Security guru Bruce Schneier to leave employer BT http://www.theregister.co.uk/2013/12/16/bruce_schneier_leaves_bt/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 16 16:00:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Dec 2013 17:00:11 -0500 Subject: [Infowarrior] - Judge: NSA phone program likely unconstitutional Message-ID: <005BF20B-1279-4229-8C38-1BC0A3FC62E9@infowarrior.org> Judge: NSA phone program likely unconstitutional By: Josh Gerstein December 16, 2013 01:36 PM EST http://dyn.politico.com/printstory.cfm?uuid=100CEA3B-A39D-4105-9B2B-395546B29A92 A federal judge ruled Monday that the National Security Agency program which collects information on nearly all telephone calls made to, from or within the United States is likely unconstitutional. U.S. District Court Judge Richard Leon found that the program appears to violate the Fourth Amendment ban on unreasonable searches and seizures. He also said the Justice Department had failed to demonstrate that collecting the information had helped to head off terrorist attacks. Acting on a lawsuit brought by conservative legal activist Larry Klayman, Leon issued a preliminary injunction barring the NSA from collecting so-called metadata pertaining to the Verizon accounts of Klayman and one of his clients. However, the judge stayed the order to allow for an appeal. ?I cannot imagine a more ?indiscriminate? and ?arbitrary invasion? than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying it and analyzing it without judicial approval,? wrote Leon, an appointee of President George W. Bush. The preliminary injunction Leon granted Monday does not require him to make a definitive ruling on the constitutional questions in the case, but does take account of which side he believes is more likely to prevail. Leon?s 68-page opinion is the first significant legal setback for the NSA?s surveillance program since it was disclosed in June in news stories based on leaks from former NSA contractor Edward Snowden. For seven years, the metadata program has been approved repeatedly by numerous judges on the Foreign Intelligence Surveillance Court and found constitutional by at least one judge sitting in a criminal case. The Justice Department persuaded those courts that the collection of information on the time and length of calls, as well as the numbers called, did not amount to a search under the Fourth Amendment because that information is routinely available to telephone companies for billing purposes and is shared with those firms voluntarily. Government lawyers and the judges who found the NSA program legal pointed to a 1979 Supreme Court ruling, Smith v. Maryland, which found no search warrant was needed by police to install a device which recorded the numbers dialed on a particular phone line. But Leon said the three-decade-old precedent was not applicable to a program like the NSA?s because of its sophistication and because telephone use has become far more intense in recent years. (Also on POLITICO: Military keeps cyber control at NSA) ?The ubiquity of phones has dramatically altered the quantity of information that is now available and, more importantly, what that information can tell the Government about people?s lives,? the judge wrote. ?I cannot possibly navigate these uncharted Fourth Amendment waters using as my North Star a case that predates the rise of cell phones.? The judge went on to conclude that the searches involved in the NSA metadata program were likely not permissible under the Fourth Amendment in part because there was little evidence the program has actually prevented terrorism. ?I have significant doubts about the efficacy of the metadata collection program as a means of conducting time-sensitive investigations in cases involving imminent threats of terrorism,? Leon wrote. ?The government does not cite a single instance in which analysis of the NSA?s bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature.? (Also on POLITICO: W.H. declines to split NSA, Cyber Command) The judge?s ruling was issued just before White House press secretary Jay Carney took the podium for the daily press briefing. Carney said he was unaware of the decision and he referred inquiries to the Justice Department. ?We are reviewing the court?s decision,? DOJ spokesman Andrew Ames said. Similar lawsuits challenging the program are pending in at least three other federal courts around the country. In addition, criminal defendants are beginning to challenge the program after the Justice Department disclosed it had played a role in investigating their cases. Critics of the NSA program leapt on Leon?s decision as evidence that the legal foundation of the surveillance effort is deeply flawed. ?The ruling underscores what I have argued for years: The bulk collection of Americans? phone records conflicts with Americans? privacy rights under the U.S. Constitution and has failed to make us safer,? Sen. Mark Udall (D-Colo.) said in a statement urging passage of legislation ending the so-called bulk collection program. ?We can protect our national security without trampling our constitutional liberties,? he added. At a hearing last month, Leon said he knew that his decision would be far from the last word on the issue, which is almost certain to wind up at the Supreme Court. However, he added some flair to his opinion Monday, referring at one point to the Beatles and at another to Federalist Papers author James Madison, who later became president. ?Surely, such a program infringes on ?that degree of privacy? that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ?the abridgement of freedom of the people by gradual and silent encroachments by those in power? would be aghast,? the judge wrote. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 16 18:32:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Dec 2013 19:32:15 -0500 Subject: [Infowarrior] - NSA goes on 60 Minutes: the definitive facts behind CBS's flawed report Message-ID: <8F06508B-3DDC-494C-9190-1D3625C7CC15@infowarrior.org> NSA goes on 60 Minutes: the definitive facts behind CBS's flawed report Our take on five things the spy agency would like the public to believe about its vast surveillance powers ? Spencer Ackerman in Washington ? theguardian.com, Monday 16 December 2013 13.56 EST ? Jump to comments (63) http://www.theguardian.com/world/2013/dec/16/nsa-surveillance-60-minutes-cbs-facts The National Security Agency is telling its story like never before. Never mind whether that story is, well, true. On Sunday night, CBS?s 60 Minutes ran a remarkable piece that provided NSA officials, from director Keith Alexander to junior analysts, with a long, televised forum to push back against criticism of the powerful spy agency. It?s an opening salvo in an unprecedented push from the agency to win public confidence at a time when both White House reviews and pending legislation would restrict the NSA?s powers. But mixed in among the dramatic footage of Alexander receiving threat briefings and junior analysts solving Rubik?s cubes in 90 seconds were a number of dubious claims: from the extent of surveillance to collecting on Google and Yahoo data centers to an online ?kill-switch? for the global financial system developed by China. Reporter John Miller, a former official with the Office of the Director of National Intelligence and an ex-FBI spokesman, allowed these claims to go unchallenged. The Guardian, not so much. Here?s our take: Surveillance is just about what you say and what you write If there?s a consistent thread to the NSA?s public defense of itself, it?s that the stuff NSA collects from Americans in bulk doesn?t actually impact their privacy. After all, as Keith Alexander told Miller, it?s just metadata ? data about your phone calls, not what you said on the phone. ?There's no reason that we would listen to the phone calls of Americans,? Alexander told Miller. "There?s no intelligence value in that. There's no reason that we'd want to read their email. There is no intelligence value in that ? How do you know when the bad guy who's using those same communications that my daughters use, is in the United States trying to do something bad? The least intrusive way of doing that is metadata.? When Miller said the bulk metadata collection ?sounds like spying on Americans?, Alexander replied: ?Right, and that?s wrong. That?s absolutely wrong.? Notice the tension here. It?s the metadata ? who you called, who called you, for how long, how frequently you communicate ? that has intelligence value, not, in Alexander?s telling, what you actually say on the phone. The NSA is relying for its defense on a public conception of surveillance as the interception of the content of your communications, even while it?s saying that what?s actually important is your network of connections ? which the agency is very, very interested in collecting. Senator Ron Wyden, an intelligence committee member who has emerged as a leading opponent of bulk collection, says the metadata provides NSA with a ?human relations database?. For many, surveillance occurs when someone else collects anything on their interactions, movements, or communications, rather than when that other party collects certain kinds of information. And it hardly makes sense to say, as Alexander did, that surveillance on Americans doesn?t occur when NSA collects the sort of information that it believes actually has intelligence value. Snowden and the NSA?s hiring boom The NSA, for obvious reasons, isn?t fond of whistleblower Edward Snowden. It portrayed him to 60 Minutes as a weirdo. He wore ?a hood that covered the computer screen and covered his head and shoulders?, NSA official Richard Ledgett said. He allegedly stole answers to a test to gain NSA employment and boasted about its hires of young geniuses ready to tackle NSA?s persistent intelligence and data challenges. The obvious question here is why the NSA considers it exculpatory to say an obvious eccentric was able to abscond with an unprecedented amount of data. That sounds uncomfortably like an admission that the NSA is less able to safeguard its vast storehouses of information than it lets on. Let?s also pause to savor the irony of a spy agency complaining that one of its employees cheated on an employment test. (Meanwhile, for an alternative take on Snowden, an anonymous NSA colleague told Forbes that Snowden was a ?genius among geniuses? and said the NSA offered him a job at its elite Tailored Access Operations directorate.) Then there are all the smart codebreakers, analysts, officials and contractors that make up the NSA?s estimated workforce of 35,000 people. An intelligence agency that large, with a workforce that?s only grown since 9/11, is going to find it increasingly hard to keep data secure from future Edward Snowdens in the next cubicle. The NSA says it?s implementing new measures post-Snowden to limit data access. But even after Snowden, the NSA told the New York Times this weekend it has yet to fully understand the depths of its vulnerabilities. NSA surveillance. Photograph: Alex Milan Tracy/NurPhoto/Corbis Edward Snowden. As there are some concerns that a live linkup could allow the NSA to pinpoint his location, his answers may have to be pre-recorded. Photograph: Sunshinepress/Getty Images The Chinese financial sector kill-switch Among the more eye-opening claims made by NSA is that it detected what CBS terms the ?BIOS Plot? ? an attempt by China to launch malicious code in the guise of a firmware update that would have targeted computers apparently linked to the US financial system, rendering them pieces of junk. ?Think about the impact of that across the entire globe,? NSA cyber-defense official Debora Plunkett told 60 Minutes. ?It could literally take down the US economy.? There are as many red flags surrounding the BIOS Plot as there are in all of China. First, the vast majority of cyber-intrusions in the US, particularly from China, are espionage operations, in which the culprits exfiltrate data rather than destroy computers. Second, the US economy is too vast, diversified, and chaotic to have a single point of cyber-failure. Third, China?s economy is so tied to the US?s that Beijing would ultimately damage itself by mass-bricking US computers. Fourth, while malware can indeed turn a computer into scrap metal, no one has ever developed a cyber-weapon with the destructive capability of Plunkett?s scenario. In 2004, for instance, Berkeley computer-science researcher Nicholas Weaver analyzed vulnerabilities to self-replicating malicious network attacks, including BIOS vulnerabilities, and concluded that a ?worst-case worm? could cause ?$50bn or more in direct economic damage?. That?s a lot, but not enough to ?literally take down? the US economy. Matt Blaze, a computer and information sciences professor at the University of Pennsylvania, said that BIOS could be overwritten by malware, bricking an unsuspecting computer. But the vagueness of the description of the ?BIOS Plot? made him suspicious. ?It would take significant resources ? and an extraordinary bit of co-ordination and luck ? to actually deploy malware that could do this at scale,? Blaze said. ?And it's not clear how you'd ?thwart? such a scheme if you found out about it if you were NSA, since it's basically a combination of a large number of vulnerabilities spread among a zillion computers rather than one big problem that can be fixed with a single patch.? The lack of specificity made cybersecurity expert Robert David Graham dubious that the plot NSA claimed to discover matched the one it described on TV. ?All they are doing is repeating what Wikipedia says about BIOS,? Graham blogged, ?acting as techie talk layered onto the discussion to make it believable, much like how Star Trek episodes talk about warp cores and Jeffries Tubes.? NSA isn?t collecting data transiting between Google and Yahoo data centers, except when it is Since it doesn?t own or operate any of the world?s telecommunications infrastructure, the NSA is significantly dependent on tech and telecommunications companies, such as Google and Yahoo. So when the Washington Post reported, based on Snowden documents, that the NSA intercepts data transiting between Google and Yahoo?s foreign data centers, the companies reacted with horror at what they considered a breach of trust ? one that occurred without any court orders. Alexander pushed back against the Post?s story to 60 Minutes. ?That's not correct. We do target terrorist communications. And terrorists use communications from Google, from Yahoo, and from other service providers. So our objective is to collect those communications no matter where they are. But we're not going into a facility or targeting Google as an entity or Yahoo as an entity. But we will collect those communications of terrorists that flow on that network.? If you take away Alexander?s ?that?s not correct? line, the rest of his answer sounds remarkably like a confirmation of what the Post reported. ?I think he confirmed it, feigning denial,? reporter Barton Gellman tweeted. Indeed, the Post didn't say the NSA went into a Google data facility or organized an operation going after Yahoo ?as an entity?. Instead, it reported that NSA takes advantage of security vulnerabilities on data from Google and Yahoo customers as the data transits between its centers. The documents published by the Post indicate NSA got 181m records in a single month that way. How many of those were from ?terrorists? remains unknown. The disclosure created a major tension between the two tech giants and NSA, since both companies are involved in the NSA?s Prism effort at collecting foreign online communications, and all sides have said that court orders compel that collection. Google and Yahoo are unhappy about giving NSA data through the front door while the agency collects more through the back. And NSA lawyers have stated publicly that US companies like Google and Yahoo are ?US persons?, meaning they have fourth amendment protections that may be implicated in the data-center transit collection. The NSA wasn?t trying to break the law that got broken Give Miller credit for at least mentioning that ?a judge on the Fisa court? overseeing US surveillance was alarmed that the NSA ?systematically transgressed? the agreed-upon limitations on its abilities to query its databases. Alexander?s response: ?There was nobody willfully or knowingly trying to break the law.? Actually, two different Fisa court judges ? John Bates and Reggie Walton, the current presiding judge ? raised major concerns about the way the NSA searches through its vast data troves on multiple occasions. Bates found that ?virtually every? record generated under a now-defunct NSA program that collected Americans? internet metadata in bulk included information that ?was not authorized for collection?. In a different case, in 2011, Bates assessed that the discovery of thousands of American emails in NSA content databases designed to collect foreign data meant the ?volume and nature of the information [NSA] has been collecting is fundamentally different from what the court had been led to believe?. And for most of 2009, Walton prevented the NSA from searching through its domestic phone data hives because it found ?daily? violations of its restrictions. Very few people think the NSA is staffed by mustache-twirling villains who view the law as an obstacle to be overcome. The real concern is two-fold. First, even if NSA doesn?t mean to break the law, the way its data dragnets work in practice incline toward overcollection. During a damage-control conference call in August, an anonymous US intelligence official told reporters that the technical problem bothering Bates in 2011 persists today. The NSA even conceded to Walton in 2009 that ?from a technical standpoint, there was no single person who had a complete understanding? of the technical ?architecture? of NSA?s phone data collection. Second, there is a fundamental discrepancy in power between the Fisa court and the NSA. The court?s judges have lamented that they possess an inability to independently determine how the NSA?s programs work, and if they?re in compliance with the limits the judges secretly impose. That leaves them at the mercy of NSA, the director of national intelligence, and the Justice Department to self-report violations. When the facts of the collection and the querying are sufficiently divergent from what the court understands ? something the court only learns about when it is told ? that can become a matter of law. In other words, it can be simultaneously true that NSA doesn?t intend to break the law and that NSA?s significant technical capabilities break the law anyway. Malice isn?t the real issue. Overbroad tools are. But that?s not something that NSA had to address during its prime-time spotlight inaugurating its publicity tour. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 17 06:42:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Dec 2013 07:42:01 -0500 Subject: [Infowarrior] - Snowden offers to help Brazil over US spying in return for asylum Message-ID: Edward Snowden offers to help Brazil over US spying in return for asylum NSA whistleblower says in letter he is willing to help in wake of revelations that President Dilma Rousseff's phone was hacked ? Paul Owen and agencies ? theguardian.com, Tuesday 17 December 2013 06.45 EST http://www.theguardian.com/world/2013/dec/17/edward-snowden-brazil-spying-asylum Edward Snowden has offered to help Brazil investigate US spying on its soil in exchange for political asylum, in an open letter from the NSA whistleblower to the Brazilian people published by the Folha de S Paulo newspaper. "I've expressed my willingness to assist where it's appropriate and legal, but, unfortunately, the US government has been working hard to limit my ability to do so," Snowden said in the letter. "Until a country grants me permanent political asylum, the US government will continue to interfere with my ability to speak out," he said. Snowden ? currently living in Russia, where he has been granted a year's asylum until next summer ? said he had been impressed by the Brazilian government's strong criticism of the NSA spy programme targeting internet and telecommunications worldwide, including monitoring the mobile phone of the Brazilian president, Dilma Rousseff. Rousseff has been one of the most vocal critics of the spying revealed by Snowden. In September she launched a blistering attack on US espionage at the UN general assembly, with Barack Obama waiting in the wings to speak to next. The following month, she cancelled a visit to Washington that was to include a state dinner, and she has joined Germany in pushing for the UN to adopt a symbolic resolution that seeks to extend personal privacy rights to all people. Rousseff has also ordered her government to take measures including laying fibre-optic lines directly to Europe and South American nations in an effort to "divorce" Brazil from the US-centric backbone of the internet that experts say has facilitated NSA spying. Brazilian senators have asked for Snowden's help during hearings about the NSA programme's aggressive targeting of Brazil, an important transit hub for transatlantic fibre-optic cables. In his letter, Snowden used Brazilian examples to explain the extent of the US surveillance he had revealed. "Today, if you carry a cellphone in S?o Paulo, the NSA can track where you are, and it does ? it does so 5bn times a day worldwide. "When a person in Florian?polis visits a website, the NSA keeps track of when it happened and what they did on that site. If a mother in Porto Alegre calls her son to wish him luck with his exam, the NSA can save the data for five years or longer. The agency can keep records of who has an affair or visits porn sites, in case it needs to damage the reputations of its targets." He added: "Six months ago, I revealed that the NSA wanted to listen to the whole world. Now the whole world is listening, and also talking back. And the NSA does not like what it is hearing." Snowden's offer comes a day after the White House dashed hopes that the US might be considering an amnesty for the whistleblower, insisting he should still return to the US to stand trial. Asked about weekend comments by senior NSA official Richard Ledgett suggesting that an amnesty was "worth talking about" if Snowden returned the missing NSA documents, White House spokesman Jay Carney said: "Our position has not changed on that matter ? at all. He [Ledgett] was expressing his personal opinion; these decisions are made by the Department of Justice." Also on Monday a US district judge ruled that the NSA's bulk collection of millions of Americans' telephone records probably violates the US constitution's ban on unreasonable search. The case is likely to go all the way the supreme court for a final decision. Snowden responded to that decision with a public statement that said: "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans' rights. It is the first of many." The Guardian first published accounts of the NSA's spy programmes in June, based on some of the thousands of documents Snowden handed over to the Brazil-based American journalist Glenn Greenwald and his reporting partner Laura Poitras, a US filmmaker. Early morning calls to Brazil's presidential office and to the foreign ministry for comment were not answered. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 17 06:43:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Dec 2013 07:43:40 -0500 Subject: [Infowarrior] - Obama to Meet With Tech Giants Over Surveillance, Obamacare Message-ID: <9CEBA931-C5F3-46CE-AEA4-50C41CBEFD8D@infowarrior.org> Obama to Meet With Tech Giants Over Surveillance, Obamacare http://blogs.wsj.com/washwire/2013/12/16/obama-to-meet-with-tech-giants-over-surveillance-obamacare/?mod=WSJ__MIDDLENexttoWhatsNewsThird WASHINGTON?President Barack Obama, facing growing pressure from Silicon Valley, will meet Tuesday with executives from Google Inc.GOOG +1.14%, Facebook Inc.FB +0.91% and other technology and telecommunications giants to discuss their concerns about America?s surveillance operations. According to the White House, Mr. Obama will also meet with the executives to talk about progress with the troubled online federal marketplace, HealthCare.gov, and ways the government and technology industry can partner to boost economic growth. The meeting comes a week after a group of technology companies jointly penned a letter to lash out at the Obama administration for collecting information on Americans. The companies said they wanted to see greater oversight of the government?s surveillance operations and limits on the government?s authority to compel companies to disclose data about their customers. The letter followed a wave of disclosures about U.S. spying operations by Edward Snowden, a former government contractor now in Russia. The president will also talk about the national security concerns prompted by the leaks and their effect on the economy. The administration has been reviewing U.S. spying operations and considering steps to protect the privacy and civil liberties of Americans. Last week, a presidential task force submitted to the White House more than 40 recommendations to overhaul the National Security Agency. Mr. Obama?s chief spokesman, Jay Carney, said the White House was reviewing the report and would make public the full report in January. All told, 15 executives are expected at the meeting including Apple Chief Executive Tim Cook, Netflix Inc. Chief Executive Reed Hastings and Google Executive Chairman Eric Schmidt. ? Tim Cook, CEO, Apple ? Dick Costolo, CEO, Twitter ? Chad Dickerson, CEO, Etsy ? Reed Hastings, Co-Founder & CEO, Netflix ? Drew Houston, Founder & CEO, Dropbox ? Marissa Mayer, President and CEO, Yahoo! ? Burke Norton, Chief Legal Officer, Salesforce ? Mark Pincus, Founder, Chief Product Officer & Chairman, Zynga ? Shervin Pishevar, Co-Founder & Co-CEO, Sherpa Global ? Brian Roberts, Chairman & CEO, Comcast ? Erika Rottenberg, Vice President, General Counsel and Secretary, LinkedIn ? Sheryl Sandberg, COO, Facebook ? Eric Schmidt, Executive Chairman, Google ? Brad Smith, Executive Vice President and General Counsel, Microsoft --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 17 07:17:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Dec 2013 08:17:13 -0500 Subject: [Infowarrior] - On the ground in the red light camera wars Message-ID: Perfect enforcement: On the ground in the red light camera wars http://arstechnica.com/tech-policy/2013/12/perfect-enforcement-on-the-ground-in-the-red-light-camera-wars/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 17 07:20:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Dec 2013 08:20:38 -0500 Subject: [Infowarrior] - =?windows-1252?q?Customs_Asked_to_Leak_Kim_Dotcom?= =?windows-1252?q?_Secrets_to_FBI_for_=93Brownie_Points=94?= Message-ID: <7281ADC1-DDA5-4CCE-B114-D3B0EA983125@infowarrior.org> Customs Asked to Leak Kim Dotcom Secrets to FBI for ?Brownie Points? ? Ernesto ? December 17, 2013 The ongoing case against Kim Dotcom and Megaupload continues to reveal unusual levels of surveillance. This week an email released after a freedom of information request reveals that a customs official offered ?brownie points? for leaking sensitive information about Kim Dotcom to the FBI. The scandal follows on from last week?s news that Dotcom is still being spied on. While not much has happened recently in the U.S. case against Megaupload and Kim Dotcom, across the pond the scandals keep stacking up. Last week the judge overseeing the extradition case said that it was likely that the Megaupload founder was still being spied on. This surveillance would include sensitive conversations with his legal team..... < -- > http://torrentfreak.com/customs-asked-to-leak-kim-dotcom-secrets-to-fbi-for-brownie-points-131217/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 17 07:39:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Dec 2013 08:39:16 -0500 Subject: [Infowarrior] - The tough hit the NSA didn't see coming Message-ID: <4700089D-0E88-456F-A2FF-F7E389271049@infowarrior.org> (Of course, these are all recommendations -- the WH is not under any obligation to act upon them, and if anything, I suspect POTUS will just say this will help "public discussions" on these issues and move on to other things, as usual . --rick) Slobberknockered How a toothless bureaucratic commission went all Snowden on the NSA. By MATTHEW M. AID December 16, 2013 http://www.politico.com/magazine/story/2013/12/nsa-panel-report-snowden-slobberknockered-101208.html Edward J. Snowden must be pleased with what he started. A group appointed by President Barack Obama in August to review the National Security Agency?s hugely controversial spying operations has finished its work, and, based on the early leaks and my own conversations, the resulting report is going to be a doozy. Expectations for the panel have been extremely low since its creation. According to administration and congressional officials I spoke with over the past three weeks, senior leaders of the U.S. intelligence community, and especially the NSA, were supremely confident back in August that their support in the White House was rock-solid and that any changes the panel might propose would be, in the words of one official, ?largely cosmetic.? Clearly, they were overconfident. The Review Group?s preliminary findings and recommendations are anything but cosmetic. The still-classified report of the five-person panel, whose official moniker is the Review Group on Intelligence and Communications Technology, recommends sweeping and far-reaching changes in the way the NSA conducts its electronic surveillance operations, from a greater degree of executive-branch oversight of the agency?s operations to the imposition of new limits on what data it can collect, especially inside the United States?a move almost certain to anger the NSA and its supporters inside the U.S. intelligence community. But the report also recommends that the agency be allowed to continue some of the most controversial of these operations, which will not please its critics on Capitol Hill and among privacy advocacy groups. The result is that nobody in Washington will be entirely happy with the report?s findings. ?There is something in this report for everybody to hate,? a weary White House aide who has read the classified version of the Review Group?s report told me. But the intelligence community will likely be unhappiest of all. U.S. intelligence officials I spoke with were clearly shocked by the Review Group?s recommendations, with one official admitting that he felt ?slobbernockered? by some of the things the panel was reportedly recommending. It was supposed to be a group that wouldn?t rock the boat: former CIA No. 2 Michael Morrell, national security insider Richard Clarke, former Obama official Cass Sunstein, and two professors with establishment ties, Georgia Institute of Technology?s Peter Swire and the University of Chicago?s Geoffrey Stone. To make the agency?s predicament even worse, a federal judge ruled Monday that the NSA?s collection of the telephone records of Americans was almost certainly unconstitutional. In my conversations, a number of senior American officials blamed the changed political climate in Washington for the report?s overall reformist thrust. Reflecting on the dramatic changes that have taken place since the first newspaper stories based on Snowden?s leaked materials began appearing back in June, one U.S. official noted that the NSA?s once-solid support inside the White House and on Capitol Hill has waned since the panel was created in August, and that the once cordial relationship between the White House and NSA has become distinctly ?chilly? over the past two months. NSA officials became concerned this fall when their memos were increasingly ignored and their phone calls to key officials in Washington, especially at the State Department, were not returned. And more ominously, rumors began to reach NSA headquarters at Fort Meade, Maryland, that the review panel had been given new marching orders to be robust and searching in its report. ?We got the distinct impression that we were now lepers in Washington,? a senior NSA official recalled, adding, ?Putting as much distance as possible between the White House and us was the order of the day.? Intelligence officials confirm that it is true that over the past two months, thanks to the steady drumbeat of shocking newspaper expos?s about the agency?s activities, the NSA has lost a good deal of support in the White House, the Pentagon and the State Department, and on Capitol Hill. At the same time, the agency?s once harmonious relationship with this country?s largest high-tech companies, such as Microsoft, Google and Yahoo, is now a shattered smoking ruin, NSA officials fret. Only the ?big three? American telecommunications companies?AT&T, Verizon and Sprint?appear to remain firmly supportive, and even they are beginning to put some distance between themselves and the NSA as shareholders ask pointed questions about their clandestine relationship with the agency. In this political climate, it was perhaps inevitable that the Review Group would recommend making substantive changes in the way the NSA operates. ?We had to go this route,? a Review Group staffer told me in an interview. ?If we did not recommend placing some additional controls and checks and balances on the NSA?s operations, the high-tech companies were going to kill us and Congress was going to burn the house down. Besides, our report is non-binding, so who knows what the White House is going to accept and what they are going to toss out.? When asked what he thought NSA?s reaction to the panel?s recommendations was going to be, this source said, ?Well, I?m not going to get any Christmas cards from [NSA director] Keith Alexander this year, but I think I can live with that.? What?s making the NSA so nervous? The Review Group, I?m told, agreed with the NSA that its highly controversial collection of bulk telephone records?including the date, time, length and number on the call (which the NSA refers to as ?metadata?)?should continue unabated. But the panel urges significant changes in how these records are collected and stored. The committee recommends that the NSA no longer be allowed to collect these records directly from the ?big three? American telecommunications companies, as has been the case since the Sept. 11, 2001, attacks. Instead, if the Review Group has its way, these telephone records would be kept for a limited period of time either by the telephone companies or by a ?trusted independent third-party entity,? and the NSA would only be allowed access to these records if it could demonstrate a clear and pressing need. The panel also generally agrees that the NSA?s electronic surveillance operations must be reined in. According to White House and intelligence officials who have read the report, the Review Group recommends that the White House impose severe limitations on some of the NSA?s signals intelligence (SIGINT) collection operations, and that additional checks and balances on the agency?s most sensitive activities be put in place to prevent further damaging disclosures, such as the October press reports disclosing that the agency spied on the cell phone calls of German Chancellor Angela Merkel. Critics also won a victory on the need for more high-level oversight. Although the report does not say so explicitly, the Review Group also concluded that the House and Senate intelligence committees have not provided robust supervision of NSA?s activities. According to one Review Group staff member, the panel was struck by a recent admission by the U.S. intelligence community?s inspector general that he did not possess sufficient manpower to adequately oversee NSA?s electronic surveillance programs, which led the panel?s members to conclude that oversight of NSA?s activities should be moved to the West Wing of the White House. The committee?s report also seeks to address the concerns of America?s friends and allies overseas by recommending that the White House establish clear and concise rules to protect the privacy of ordinary foreign citizens whose telephone calls and emails are currently being sucked up by the NSA?s global dragnet. The agency is bound to strenuously resist this proposal, as is the rest of the intelligence community, which has privately argued that foreigners do not, and should not, enjoy the same constitutional protections as American citizens. The Review Group didn?t stop there. It also recommends what amounts to a complete overhaul of how the NSA is led, structured and operates. One source says it calls for separating U.S. Cyber Command from the control of NSA; another says it recommends that all future NSA directors be civilians rather than generals or admirals, as has been the case since the agency was created in 1952. It is not yet clear if this latter recommendation will be resisted by the Pentagon, which has steadfastly defended its control over the agency over the past six decades. The Review Group also proposes that the U.S. intelligence community make public on a regular basis as much information as can feasibly be released about the number and types of secret electronic surveillance warrants approved by the FISA Court, as well as the declassification of more information about previous FISA Court rulings relating to NSA surveillance activities. And finally, the panel recommends that the NSA immediately revamp its internal security practices so as to prevent another Snowden-like individual from getting access to sensitive SIGINT data, including the reimposition of the ?need-to-know? standard, which would restrict intelligence community employees? access to the information they need to do their jobs, and that information only. For all that the report hits the NSA, a senior White House official who read it admitted that the agency?s critics will not be entirely pleased with its findings. It does not, this official said, recommend halting NSA?s most controversial surveillance operations; the panel does not deal with the thorny issue of demands by the high-tech companies for a more limited and discriminating use of subpoenas, court orders and FISA Court warrants by the FBI and the NSA. Nor does it make any substantive recommendations about reforming the FISA Court, which critics claim has rubberstamped virtually all of the NSA?s electronic surveillance requests. The $64,000 question now becomes how the NSA and the rest of the U.S. intelligence community will react. The officials I spoke with clearly felt blindsided by the report, which they expected to be, as one of them put it, ?a walk in the park.? Instead, it was anything but. Matthew M. Aid is author of Intel Wars: The Seret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency Read more: http://www.politico.com/magazine/story/2013/12/nsa-panel-report-snowden-slobberknockered-101208_Page2.html#ixzz2njsrxvtz --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 17 16:12:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Dec 2013 17:12:41 -0500 Subject: [Infowarrior] - =?windows-1252?q?How_feds_use_one_=93seed=94_and_?= =?windows-1252?q?3_=93hops=94_to_spy_on_nearly_everyone?= Message-ID: <157051B4-95F4-4455-94A8-15C9BC8A5519@infowarrior.org> How feds use one ?seed? and 3 ?hops? to spy on nearly everyone http://gigaom.com/2013/12/17/how-feds-use-one-seed-and-3-hops-to-spy-on-nearly-everyone/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 18 11:05:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Dec 2013 12:05:33 -0500 Subject: [Infowarrior] - Congress tells DOD to appoint Cyber Czar Message-ID: <2A3CCB2E-F21A-4F0E-83CD-4D791341BBCB@infowarrior.org> (c/o JH. Because the role of 'czar' on cyber stuff has worked so well in the civilian side over the years, right? --rick) CONGRESS DIRECTS THE PENTAGON TO APPOINT A CYBER CZAR By Bob Brewin December 17, 2013 http://www.nextgov.com/defense/2013/12/congress-directs-pentagon-appoint-cyber-czar/75630/ In the 2014 National Defense Authorization Act passed by House lawmakers last week, Congress required the Defense Department appoint a high level Principal Cyber Advisor with a broad oversight portfolio that includes offensive and defensive cyber missions, resources, personnel, acquisition and technology. A Senate vote on the bill is expected this week. The new cyber advisor will have ?overall supervision? of all Defense cyber operations and will oversee a team that will integrate the cyber expertise of the four services, combatant commands and Defense agencies. Defense Secretary Chuck Hagel is to select the new cyber advisor from the Office of the Under Secretary of Defense for Policy. Earlier this week, the Pentagon announced its intention to add a new high-level cyber post, Defense One reported yesterday. Nextgov and Defense One are both Atlantic Media publications. Congress also directed the Pentagon to conduct a broad analysis of its cyber operations to include manpower requirements, education and training, the potential for offering bonuses for cyber personnel and the use of ?virtual deployments? to support operations. The mission analysis also should assess cyber forces? current and future equipping needs as well as the department?s dependence on industry partners, foreign allies and other outside entities to perform cyber operations. The bill calls for the services, in conjunction with Cyber Command, to determine whether cyber missions could be performed by National Guard and Reserve units and personnel, including domestic cyber missions. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Dec 18 16:13:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Dec 2013 17:13:00 -0500 Subject: [Infowarrior] - PDF Report: WH Review Group on Intelligence and Communications Technologies Message-ID: <22059001-55E4-4569-8835-D7301EA6C7F2@infowarrior.org> Dear Mr. President: We are honored to present you with the Final Report of the Review Group on Intelligence and Communications Technologies. Consistent with your memorandum of August 27, 2013, our recommendations are designed to protect our national security and advance our foreign policy while also respecting our longstanding commitment to privacy and civil liberties, recognizing our need to maintain the public trust (including the trust of our friends and allies abroad), and reducing the risk of unauthorized disclosures. We have emphasized the need to develop principles designed to create strong foundations for the future. Although we have explored past and current practices, and while that exploration has informed our recommendations, this Report should not be taken as a general review of, or as an attempt to provide a detailed assessment of, those practices. Nor have we generally engaged budgetary questions (although some of our recommendations would have budgetary implications). < - > http://apps.washingtonpost.com/g/page/world/nsa-review-boards-report/674/ Report @ http://www.scribd.com/doc/192387819/NSA-review-board-s-report From rforno at infowarrior.org Wed Dec 18 18:54:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Dec 2013 19:54:57 -0500 Subject: [Infowarrior] - iSeeYou: Disabling the MacBook Webcam Indicator LED Message-ID: <37D549D2-8E00-4449-B0C7-E19DA6D67A16@infowarrior.org> iSeeYou: Disabling the MacBook Webcam Indicator LED https://jscholarship.library.jhu.edu/handle/1774.2/36569 Title: iSeeYou: Disabling the MacBook Webcam Indicator LED Author: Brocker, Matthew; Checkoway, Stephen Abstract: The ubiquitous webcam indicator LED is an important privacy feature which provides a visual cue that the camera is turned on. We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non- root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight?s firmware from user space. URI: http://jhir.library.jhu.edu/handle/1774.2/36569 Date: 2013-12-11 Series: Department of Computer Science, December 2013;Technical Report 13-02 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 19 11:28:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Dec 2013 12:28:23 -0500 Subject: [Infowarrior] - Ecuador files phony DMCA claims against critics Message-ID: <4652DE83-7515-41A7-BA83-75F3D3E3F680@infowarrior.org> Glenn Garvin commentary: Phony copyright claims exploit holes in U.S. Internet law Thursday December 19, 2013 5:35 AM http://www.dispatch.com/content/stories/editorials/2013/12/19/phony-copyright-claims-exploit-holes-in-u-s--internet-law.html Ecuador, having bargained away virtually all its oil production to China in return for low-interest loans to finance President Rafael Correa?s spendthrift populism, is in dire need of a new export. And the president seems to have found one: tyrannical censorship of his critics. Correa?s increasingly novel inventions for suppressing free speech in his own country are doubtless the subject of much envious chatter whenever Iran, North Korea and the rest of the fellows get together for meetings of Despots R Us. His latest wrinkle: a proposed law that would criminalize wisecracks on Facebook, enforced by placing video cameras in every cybercafe in Ecuador. But now Correa has gone international. He?s using phony copyright claims to force American companies such as YouTube and Google to remove videos and documents that criticize his government. Last month, more than 140 videos posted by Chevron abruptly vanished from YouTube, replaced by notices that said they were yanked due to copyright-infringement claims by a Spanish video-distribution company called Filmin. Filmin didn?t specify what copyrights it owns on the videos for the excellent reason that it doesn?t have any. Nearly all of them were outtakes from a film called Crude, a documentary about an Ecuadorian lawsuit against Chevron over oil-drilling pollution. Chevron?s attorneys won the legal right to view and disseminate the outtakes, which show various sleazy acts of behind-the-scenes collaboration between the plaintiffs, the Ecuadorian government and the supposedly neutral judicial authorities hearing the case. But YouTube, like many Internet companies, doesn?t want to get dragged into a potentially expensive and time-consuming lawsuit over somebody else?s copyrights. So it simply took down Chevron?s videos without investigating Filmin?s claim. What was Filmin?s motive? Adam Steinbaugh, a law-school graduate who writes an excellent blog about law and technology, discovered that Filmin is linked with another Spanish company called Ares Rights that frequently acts as a hired gun for Ecuador, filing numerous copyright complaints, ranging from dubious to absurd, against critics of Correa?s government. Using a U.S. law known as the Digital Millenium Copyright Act, Ares has claimed it owns everything from a mock wanted poster for the father of a Correa cabinet member accused of raping a child to a left-wing documentary criticizing the government for granting mining concessions to foreign companies. (We pause here for a government-mandated warning that too much irony may be bad for your blood. Irony No. 1: Among the many documents Ecuador has tried to get kicked off the Internet is a series of reports from the country?s intelligence agency about its spying on, yes, the Internet. Which leads us to Irony No. 2: WikiLeaker-in-Chief Julian Assange is holed up in Ecuador?s embassy in London, seeking political asylum for leaking U.S. government documents on, yes, the Internet.) A lot of people may find it difficult to get worked up about Correa pushing around a multinational corporation like Chevron, which is certainly big enough to defend itself. But that misses the point. If Correa is willing to mess with a $200 billion corporation on the Internet, then he?s certainly not going to hesitate to mess with you. Rosie Gray, a reporter for Buzzfeed.com, learned that when she published a story based on leaked government documents that revealed Correa is trying to buy surveillance drones and telecommunications devices that would allow his spies to monkey with people?s cellphones. Ecuador promptly filed a copyright-infringement notice that got the documents supporting her story removed from the Internet. Gray posted them on a different site, and Ecuador got them yanked again. ?It was a pretty ham-fisted attempt to intimidate us and put the genie back in the bottle,? Gray told me this week. Only on her third try did she find a site, DocumentCloud.com, with the spine to stand up to Correa. There?s another reason to care about this: If Correa gets away with using the Digital Millenium Copyright Act to jerk around his enemies, it won?t be long until others follow suit. ?And it won?t always be a foreign state,? says blogger Steinbaugh. ?This abuse is growing. Any person or corporation can misuse this law to punish someone who criticizes them. It?s a real weakness in the law, which offers no incentive for Internet companies to question copyright-infringement claims, no matter how doubtful they are.? Unlike bananas and oil, this is an Ecuadorian export we can do without. Glenn Garvin writes for The Miami Herald. ggarvin at miamiherald.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 19 15:29:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Dec 2013 16:29:52 -0500 Subject: [Infowarrior] - Verizon to publish reports on surveillance requests, wants to detail NSA efforts Message-ID: Verizon to publish reports on surveillance requests, wants to detail NSA efforts By Cecilia Kang http://www.washingtonpost.com/business/technology/verizon-to-publish-reports-on-surveillance-requests-wants-to-detail-nsa-efforts/2013/12/19/d9b38a06-68e4-11e3-a0b9-249bbb34602c_print.html Verizon Communications said Thursday that it will begin to publish reports early next year on the number of government requests it receives for customer data, setting a significant precedent for the telecommunications industry that has kept that information private. Verizon, the nation?s biggest wireless provider, has been under immense pressure from shareholders and privacy groups after revelations that the National Security Agency obtained mountains of private information from the company as well as other telecommunication firms, including AT&T, according to leaked documents by former NSA contractor Edward Snowden. Those disclosures have damaged the reputation of U.S. communications companies around the world. Privacy advocates have long complained that the telecom industry is far more cooperative with government surveillance efforts than technology firms such as Google and Twitter. The company will become the first in the telecom industry to provide details on the practice of government demands for data. Internet companies such as Microsoft, Facebook and Apple already publish transparency reports that include how many federal, state and local demands for data they receive. Such transparency reports offer only broad ranges of government requests, including those from local police departments, the FBI and the NSA. The reports do not provide an agency-by-agency breakdown, though several companies have gone to court for the right to offer more detailed information. Bound by court orders by the Foreign Intelligence Surveillance Act, these companies have so far been prevented from detailing the number of requests by the NSA. But Verizon said it is in talks with government officials to do so. ?In the past year, there has been greater focus than ever on the use of legal demands by governments around the world to obtain customer data,? Randal S. Milch, Verizon?s general counsel, said in a blog post. ?Like others in the industry, the aim of our transparency report is to keep our customers informed about government requests for their data and how we respond to those requests. Verizon calls on governments around the world to provide more information on the types and amounts of data they collect and the legal processes that apply when they do so,? Milch said. Verizon said its first report on 2013 data will be released early next year and updates will be done semi-annually. Shareholders of AT&T and Verizon have demanded the companies disclose NSA data requests, saying the firms? participation in an NSA surveillance program has hurt their reputation with customers. Stockholders and a number of privacy advocates applauded Verizon?s most recent move and urged the rest of the telecom industry to follow suit. ?They are first telecom company to do this which is significant and we are gratified that at least initially Verizon seems to be taking the steps we put forward in our resolutions for Verizon and AT&T,? said Jonas Kron, a senior vice president for Trillium Asset Management. Trillium filed a shareholder resolution to Verizon?s board, demanding transparency reports. Sen. Ed Markey (D-Mass.) has also called for greater public disclosure of data requests by government. In the past two years, Markey privately obtained the data through his own investigation of telecommunications companies. ?For the past two years, I have queried the major wireless carriers for this information, and the data they have provided to me has been eye-opening. We clearly need more sunlight in this area,? Markey said in a statement. Follow The Post?s new tech blog, The Switch, where technology and policy connect. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 19 17:25:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Dec 2013 18:25:59 -0500 Subject: [Infowarrior] - Testing time for Chinese media as party tightens control Message-ID: <8635546E-57AC-4423-ABF8-67745F0B7402@infowarrior.org> Testing time for Chinese media as party tightens control By Natalie Thomas BEIJING Wed Dec 18, 2013 10:01pm EST http://www.reuters.com/article/2013/12/19/china-media-idUSL3N0JQ1FI20131219 Dec 19 (Reuters) - Early next year, Chinese journalists will have to pass a new ideology exam to keep their press cards, in what reporters say is another example of the ruling Communist Party's increasing control over the media under President Xi Jinping. It is the first time reporters have been required to take such a test en masse, state media has said. The exam will be based on a 700-page manual being sold in bookshops. The manual is peppered with directives such as "it is absolutely not permitted for published reports to feature any comments that go against the party line", and "the relationship between the party and the news media is one of leader and the led". The impact of increased control in the past year has been chilling, half a dozen reporters at Chinese state media told Reuters, mostly on condition of anonymity to avoid repercussions for talking to the foreign media without permission. "The tightening is very obvious in newspapers that have an impact on public opinion. These days there are lots of things they aren't allowed to report," said a journalist at a current affairs magazine. China has also intensified efforts to curb the work of foreign news organisations. Both the New York Times Co and Bloomberg News have not been given new journalist visas for more than a year after they published stories about the wealth of family members of former Chinese Premier Wen Jiabao and President Xi Jinping, respectively. The General Administration of Press and Publication, a key media regulator, has said via state media that the aim of the exam and accompanying training is to "increase the overall quality of China's journalists and encourage them to establish socialism as their core system of values". It did not respond to questions from Reuters about the exam or press freedom in China. "FIGHT TO THE DEATH" Traditionally, Chinese state media has been the key vehicle for party propaganda. But reforms over the past decade that have allowed greater media commercialisation and limited increases in editorial independence, combined with the rise of social media, have weakened government control, academics said. China media watchers point to a flurry of editorials after Xi spoke to propaganda officials in August as evidence of concern within the party that control over public discourse was slipping. The official Beijing Daily described the party's struggle to win hearts and minds as a "fight to the death". Some reporters and academics, however, trace the start of the tougher attitude to a strike lasting several days in January by journalists at an outspoken newspaper, the Southern Weekly, after censors scrapped a New Year editorial calling for China to enshrine constitutional rights. Xi had taken over the Communist Party only several weeks earlier. "This was a shock to Xi Jinping's leadership (circle)," said Xiao Qiang, a China media expert at the University of California at Berkeley. "They own these newspapers. That makes it an internal, public rebellion, which made the censorship and media control mechanism look really bad." The strike ended after local propaganda officials promised to take a lighter hand with censorship. While journalists there would not talk publicly about the matter, some senior reporters have since left the paper, two sources familiar with the matter said, adding they did not know why. The Southern Weekly declined to comment. MARXIST NEWS VALUES Journalists will have to do a minimum 18 hours of training on topics including Marxist news values and Socialism with Chinese Characteristics, as well as journalism ethics before sitting the exam in January or February. Reporters who fail the test will have to re-sit the exam and undergo the training again. It's not clear what happens to reporters who refuse to take it. While in theory all reporters in China need a press card to report, many do so without one, said Zhan Jiang, a journalism professor at the Beijing Foreign Studies University. Recent scandals in the Chinese media had also raised some questions about the industry's professionalism, Zhan said. A reporter for the Guangzhou-based New Express tabloid was arrested in October after confessing on state television to accepting bribes for fabricating more than a dozen stories about Changsha-based Zoomlion Heavy Industry Science and Technology Co Ltd. The reporter wrote that Zoomlion had engaged in sales fraud and exaggerated its profits, accusations strongly denied by the state-owned construction equipment maker. "It's hard to say if this is really to improve the actions of journalists, or to control them. You don't know what (the authorities) are thinking," Zhan said. Reporters had little doubt about the aim of the exam. "The purpose of this kind of control is just to wear you down, to make you feel like political control is inescapable," said a reporter for a newspaper in the booming southern city of Guangzhou. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 06:37:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 07:37:00 -0500 Subject: [Infowarrior] - Friday fun: The Codewords Before Christmas Message-ID: <75125056-2F81-450D-A85A-185F75C13B10@infowarrior.org> 'Twas the Codewords Before Christmas (with apologies to Clement Clarke Moore) http://infowarrior.org/users/rforno/The-Codewords-Before-Christmas.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 06:50:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 07:50:19 -0500 Subject: [Infowarrior] - Lavabit Proceedings Unsealed Message-ID: <012BFF65-4C48-4175-8A22-3B0F3ADD28F7@infowarrior.org> (via Cryptome) Lavabit Proceedings Unsealed http://cryptome.org/2013/12/lavabit-027.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 06:55:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 07:55:43 -0500 Subject: [Infowarrior] - =?windows-1252?q?Court_Rebukes_White_House_Over_?= =?windows-1252?q?=93Secret_Law=94?= Message-ID: <138481EC-BC6D-4922-A247-B2CDD22A31DD@infowarrior.org> Court Rebukes White House Over ?Secret Law? http://blogs.fas.org/secrecy/2013/12/ppd-secret-law/ DC District Judge Ellen Segal Huvelle yesterday ordered the Obama Administration to release a copy of an unclassified presidential directive, and she said the attempt to withhold it represented an improper exercise of ?secret law.? The Obama White House has a ?limitless? view of its authority to withhold presidential communications from the public, she wrote, but that view is wrong. ?The government appears to adopt the cavalier attitude that the President should be permitted to convey orders throughout the Executive Branch without public oversight? to engage in what is in effect governance by ?secret law?,? Judge Huvelle wrote in her December 17 opinion. ?The Court finds equally troubling the government?s complementary suggestion that ?effective? governance requires that a President?s substantive and non-classified directives to Executive Branch agencies remain concealed from public scrutiny,? she wrote. Judge Huvelle ordered the Administration to provide the directive to the non-profit Center for Effective Government, which had filed suit under the Freedom of Information Act for its release. The directive in question, Presidential Policy Directive (PPD) 6, ?is a widely-publicized, non-classified Presidential Policy Directive on issues of foreign aid and development that has been distributed broadly within the Executive Branch and used by recipient agencies to guide decision-making,? the Judge noted. ?Even though issued as a directive, the PPD-6 carries the force of law as policy guidance to be implemented by recipient agencies, and it is the functional equivalent of an Executive Order.? ?Never before has a court had to consider whether the [presidential communications] privilege protects from disclosure under FOIA a final, non-classified, presidential directive.? The Center for Effective Government had argued that ?PPD-6 is not protected by the presidential communications privilege because it was not made in the course of making decisions, but instead is the final decision itself?.? In response, the government contended that PPD-6 ?is protected by the privilege because, regardless of how widely the document has been distributed within the Executive Branch, it originated with the President?.? Significantly, Judge Huvelle insisted on examining the document herself in camera instead of simply relying on the Administration?s characterization of the document. Having done so, she found that it ?is not ?revelatory of the President?s deliberations? such that its public disclosure would undermine future decision-making.? She criticized the government for ?the unbounded nature? of its claim. ?In the government?s view, it can shield from disclosure under FOIA any presidential communication, even those ? like the PPD-6 ? that carry the force of law, simply because the communication originated with the President?. The Court rejects the government?s limitless approach?.? Several significant points emerge from this episode. First, President Obama?s declared commitment to ?creating an unprecedented level of openness in Government? has not been internalized even by the President?s own staff. This latest case of ?unbounded? secrecy cannot be blamed on the CIA or an overzealous Justice Department attorney. It is entirely an Obama White House production, based on a White House policy choice. Second, and relatedly, it has proved to be an error to expect the executive branch to unilaterally impose transparency on itself. To do so is to ignore, or to wish away, the Administration?s own conflicting interests in secrecy and disclosure. Instead, it is the role of the other branches of government to check the executive and to compel appropriate disclosure. But that does not happen spontaneously either. In this case, it required a Freedom of Information Act lawsuit to be brought by the Center for Effective Government, which was superbly represented by attorneys Julie Murray and Adina Rosenbaum of Public Citizen. An official Fact Sheet on PPD-6 (which has not yet been released) is available here. The Electronic Privacy Information Center is currently pursuing release of another presidential directive, the Bush Administration?s NSPD-54 on cyber security. In October, Judge Beryl Howell unexpectedly ruled that that directive was exempt from disclosure because, she said, it was not an ?agency record? that would be subject to the FOIA. Her opinion came as a surprise and was not persuasive to everyone. In a footnote in yesterday?s ruling, Judge Huvelle said that the arguments over the two directives were sufficiently distinguishable that ?this Court need not decide if it will follow Judge Howell?s rationale?? suggesting that if pressed, she might not have done so. Yesterday, EPIC filed a notice of its intent to appeal the decision. Coincidentally, the Department of Defense yesterday renewed until January 2015 its guidance implementing Presidential Policy Directive 19 on Protecting Whistleblowers with Access to Classified Information. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 11:01:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 12:01:44 -0500 Subject: [Infowarrior] - When Vladimir Putin Is Envious Of Your Surveillance State, You've Gone Too Far Message-ID: <79F9E75E-EC43-4B3D-9497-46CDFA405C58@infowarrior.org> When Vladimir Putin Is Envious Of Your Surveillance State, You've Gone Too Far from the that's-quite-a-statement dept http://www.techdirt.com/articles/20131219/17464625641/when-vladimir-putin-is-envious-your-surveillance-state-youve-gone-too-far.shtml Russian President Vladimir Putin gave a big press conference on Thursday, and spent some time talking about President Obama, Ed Snowden and the various US surveillance programs that have been revealed. Putin appeared to be quite supportive of the surveillance programs, saying that he believes that the US's surveillance programs are a "necessity" and "mainly directed at fighting terrorism," so there's not a real problem with them. He even defended collecting data on everyone "because you have to monitor not only a specific terrorist suspect, but rather his whole network of relationships." That Vladimir Putin would appreciate vast spying power is hardly a surprise. But this claim is raising some eyebrows: "How do I feel about Obama after Snowden's revelations? I envy him because he can do this without incurring any consequences." Did you catch that? Putin, the former head of the KGB, and very well known for using Russian intelligence services to his strong advantage is envious that President Obama has all this surveillance capabilities at his fingertips and that all of this can be revealed "without incurring any consequences." It seems like there should be a general rule of thumb: when Vladimir Putin is envious of your surveillance state, you've gone too far. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 11:09:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 12:09:01 -0500 Subject: [Infowarrior] - GCHQ and NSA targeted charities, Germans, Israeli PM and EU chief Message-ID: <59FDB35D-D451-4231-BA7F-38E4E6A83D07@infowarrior.org> GCHQ and NSA targeted charities, Germans, Israeli PM and EU chief ? Unicef and M?decins du Monde were on surveillance list ? Targets went well beyond potential criminals and terrorists ? Revelations could cause embarrassment at EU summit http://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 14:08:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 15:08:02 -0500 Subject: [Infowarrior] - FBI Agent Tries To Register Copyright On Top Secret Interrogation Manual... Making It Available To Anyone Message-ID: <9A830C39-B484-4BCA-841E-22EF6745D28E@infowarrior.org> FBI Agent Tries To Register Copyright On Top Secret Interrogation Manual... Making It Available To Anyone from the copyright-uber-alles dept Here's a bizarre one on so many levels. The FBI has a top secret 70-page "interrogation manual." For years, the ACLU has been trying to get its hands on a copy, finally receiving a heavily redacted one. However, it turns out that if the good folks at the ACLU had just decided to wander over to the Library of Congress, they could have seen a totally unredacted copy of the entire manual, as could anyone else with a library card. Why? Because in this bizarre age we live in, in which people seem to think it's important to copyright absolutely everything the senior FBI official who authored the manual decided that he should try to register a copyright on it, and submitted it to the Library of Congress as a part of the registration process, whereby it becomes available to anyone who stops by and asks for it. This is idiotic on multiple levels. First, as is well known, documents produced by federal government employees are automatically public domain, meaning that you cannot copyright them. Second, of course, why the hell would this FBI supervisory special agent think it even made the least bit of sense to try to get a copyright, let alone submit a copy of the top secret manual to the Library of Congress? Then, of course, there's the issue that even if it was possible to put a copyright on this document (and, again, there's not), it would almost certainly belong not to the individual FBI agent, but to the government itself. Not only can't this guy get a copyright, but there's no reason for him to try to get a copyright (what, is he going to sell the book?), and then revealing the manual to anyone, let alone an operation whose basic entire purpose is to catalog the works and make them available to the public is quite incredible. Mother Jones, who went and found the manual at the Library of Congress, quotes a few people who are reasonably shocked that this happened..... < -- > http://www.techdirt.com/articles/20131220/10200525651/fbi-agent-tries-to-register-copyright-top-secret-interrogation-manual-making-it-available-to-anyone.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 16:01:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 17:01:59 -0500 Subject: [Infowarrior] - NSA linked to RSA and BSafe vuln Message-ID: <9C6BBDE8-4C8A-4806-B163-0F4D8C90B6BF@infowarrior.org> Exclusive: Secret contract tied NSA and security industry pioneer By Joseph Menn SAN FRANCISCO Fri Dec 20, 2013 4:20pm EST http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 (Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned. Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products. Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show. The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products. RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness. RSA and EMC declined to answer questions for this story, but RSA said in a statement: "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own." The NSA declined to comment. The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators. The NSA came under attack this week in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that "encryption is an essential basis for trust on the Internet," and called for a halt to any NSA efforts to undermine it. Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA's corporate evolution away from pure cryptography products as one of the reasons it occurred. But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance. "They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption. STORIED HISTORY Started by MIT professors in the 1970s and led for years by ex-Marine Jim Bidzos, RSA and its core algorithm were both named for the last initials of the three founders, who revolutionized cryptography. Little known to the public, RSA's encryption tools have been licensed by most large technology companies, which in turn use them to protect computers used by hundreds of millions of people. At the core of RSA's products was a technology known as public key cryptography. Instead of using the same key for encoding and then decoding a message, there are two keys related to each other mathematically. The first, publicly available key is used to encode a message for someone, who then uses a second, private key to reveal it. From RSA's earliest days, the U.S. intelligence establishment worried it would not be able to crack well-engineered public key cryptography. Martin Hellman, a former Stanford researcher who led the team that first invented the technique, said NSA experts tried to talk him and others into believing that the keys did not have to be as large as they planned. The stakes rose when more technology companies adopted RSA's methods and Internet use began to soar. The Clinton administration embraced the Clipper Chip, envisioned as a mandatory component in phones and computers to enable officials to overcome encryption with a warrant. RSA led a fierce public campaign against the effort, distributing posters with a foundering sailing ship and the words "Sink Clipper!" A key argument against the chip was that overseas buyers would shun U.S. technology products if they were ready-made for spying. Some companies say that is just what has happened in the wake of the Snowden disclosures. The White House abandoned the Clipper Chip and instead relied on export controls to prevent the best cryptography from crossing U.S. borders. RSA once again rallied the industry, and it set up an Australian division that could ship what it wanted. "We became the tip of the spear, so to speak, in this fight against government efforts," Bidzos recalled in an oral history. RSA EVOLVES RSA and others claimed victory when export restrictions relaxed. But the NSA was determined to read what it wanted, and the quest gained urgency after the September 11, 2001 attacks. RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said. And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total. "When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on." By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers. New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request. An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard. RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings. RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists. "The labs group had played a very intricate role at BSafe, and they were basically gone," said labs veteran Michael Wenocur, who left in 1999. Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door." After reports of the back door in September, RSA urged its customers to stop using the Dual Elliptic Curve number generator. But unlike the Clipper Chip fight two decades ago, the company is saying little in public, and it declined to discuss how the NSA entanglements have affected its relationships with customers. The White House, meanwhile, says it will consider this week's panel recommendation that any efforts to subvert cryptography be abandoned. (Reporting by Joseph Menn; Editing by Jonathan Weber and Grant McCool) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 20 20:52:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Dec 2013 21:52:49 -0500 Subject: [Infowarrior] - USG drops objection to publishing secret opinion Message-ID: <9C81CDC6-67CB-47A0-AB92-6565F03DDC9C@infowarrior.org> Govt drops objection to publishing secret opinion By FREDERIC J. FROMMER ? Dec. 20, 2013 8:18 PM EST http://bigstory.ap.org/article/govt-drops-objection-publishing-secret-opinion WASHINGTON (AP) ? The Obama administration has dropped its objection to the publication of a secret court opinion on the law that authorizes the National Security Agency's bulk collection of millions of Americans' telephone records. The Justice Department told the Foreign Intelligence Surveillance Court in a filing Friday that the department won't object if the court decides to publish nonclassified portions of its opinion that don't harm an ongoing law enforcement investigation. The American Civil Liberties Union and the Media Freedom and Information Access Clinic at Yale Law School had asked the court to release opinions on the meaning, scope and/or constitutionality of a legal provision under which the records are collected ? Section 215 of the USA Patriot Act. The government located such an opinion, dated Feb. 19, and a judge on the FISA Court, F. Dennis Saylor, ordered the department to conduct a declassification review of it, with proposed redactions, to "inform the court's decision whether to publish it." Last month, the Justice Department told the court that the administration determined the opinion should be withheld in full and a public version cannot be provided, without providing any explanation. In response, Saylor directed the government to provide a "detailed explanation" of that conclusion. The deadline for that government filing was Friday. In its latest filing, the Justice Department explained the reason for its initial reluctance to have the opinion published: It relates to the subject of an FBI counterterrorism investigation. Some information in the opinion could tip off the subject or his associates, the Justice Department said. "However, upon review and as a discretionary matter," the government said, it decided to drop its objection to the court publishing parts of the opinion, as long as they're not classified and don't jeopardize the investigation. Alex Abdo, a staff attorney at the ACLU National Security Project, said in an email: "We welcome the government's decision to agree to release portions of the court's opinion. But we are troubled that the government agreed to release this information only when required to justify itself to a court. At the very least, this demonstrates the importance of judicial scrutiny in the face of government claims of secrecy." Friday's filing comes a few days after a federal judge ruled that the phone collection program is likely unconstitutional. Also Friday, President Barack Obama suggested that he may be ready to make changes to the program to ease the public's concern about privacy. "There are ways we can do it, potentially, that gives people greater assurance that there are checks and balances ? that there's sufficient oversight and sufficient transparency," Obama said at a news conference. Programs like the bulk collection of phone records "could be redesigned in ways that give you the same information when you need it without creating these potentials for abuse." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 21 20:07:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Dec 2013 21:07:59 -0500 Subject: [Infowarrior] - WH Tries to Prevent Judge From Ruling on Surveillance Efforts Message-ID: <01E9712B-50B9-48FC-B40B-502ACC935E06@infowarrior.org> December 21, 2013 White House Tries to Prevent Judge From Ruling on Surveillance Efforts By CHARLIE SAVAGE and DAVID E. SANGER http://www.nytimes.com/2013/12/22/us/white-house-tries-to-prevent-judge-from-ruling-on-surveillance-efforts.html WASHINGTON ? The Obama administration moved late Friday to prevent a federal judge in California from ruling on the constitutionality of warrantless surveillance programs authorized during the Bush administration, telling a court that recent disclosures about National Security Agency spying were not enough to undermine its claim that litigating the case would jeopardize state secrets. In a set of filings in the two long-running cases in the Northern District of California, the government acknowledged for the first time that the N.S.A. started systematically collecting data about Americans? emails and phone calls in 2001, alongside its program of wiretapping certain calls without warrants. The government had long argued that disclosure of these and other secrets would put the country at risk if they came out in court. But the government said that despite recent leaks by Edward J. Snowden, the former N.S.A. contractor, that made public a fuller scope of the surveillance and data collection programs put in place after the Sept. 11 attacks, sensitive secrets remained at risk in any courtroom discussion of their details ? like whether the plaintiffs were targets of intelligence collection or whether particular telecommunications providers like AT&T and Verizon had helped the agency. ?Disclosure of this still-classified information regarding the scope and operational details of N.S.A. intelligence activities implicated by plaintiffs? allegations could be expected to cause extremely grave damage to the national security of the United States,? wrote the director of national intelligence, James R. Clapper Jr. So, he said, he was continuing to assert the state secrets privilege, which allows the government to seek to block information from being used in court even if that means the case must be dismissed. The Justice Department wants the judge to dismiss the matter without ruling on whether the programs violated the First or Fourth Amendment. The filings also included similar declarations from earlier stages of the California litigation, which were classified at the time and shown only to the court but were declassified on Friday. The judge, Jeffrey S. White of the Northern District of California, had ordered the government to evaluate how the disclosures since Mr. Snowden?s leaks had affected its earlier invocations of the state secrets privilege. The plaintiffs have until late January to file a response. Cindy Cohn, the legal director for the Electronic Frontier Foundation, which is leading one of the cases, called the government?s assertion ?very troubling.? She said that despite the Snowden revelations, it was still essentially saying, ?We can?t say whether the American people have been spied on by their government.? Mr. Clapper?s unclassified affidavit to the court ? he also filed a classified version, the documents state ? contrasts sharply with the findings of President Obama?s advisory committee on signals intelligence, which said in a report made public on Wednesday that the collection of bulk telephone data was of little proven value. The panel?s experts concluded that ?there has been no instance in which N.S.A. could say with confidence that the outcome would have been different? in a terror investigation without the collection of the telephone data. ?Moreover, now that the existence of the program has been disclosed publicly, we suspect that it is likely to be less useful still.? Mr. Clapper, however, suggested that the program was one of many that needed to continue, and he discussed a litany of threats, mostly emanating from Al Qaeda and its affiliates, that he said made the program vital. He argued that revealing additional details, including whom it targets or how companies like AT&T and Verizon have given the N.S.A. access to its equipment and data, would be harmful. ?Disclosing or confirming further details about these activities could seriously undermine an important tool ? metadata collection and analysis ? for tracking possible terrorist plots,? he wrote, and could reveal methodology, thus ?helping foreign adversaries evade detection.? Still, Mr. Clapper?s description of the program as ?an important tool? for tracking possible plots was a downgrade in rhetorical urgency. In earlier, now-declassified court filings, he and other officials had portrayed it as ?an essential tool.? Mr. Obama, in a news conference on Friday, strongly suggested that he was looking for a way to split the difference between these two views. He stopped short of endorsing the advisory group?s recommendation that the data should be held by telecommunications companies or a private consortium that has yet to be created. ?Just because we can do something doesn?t mean we necessarily should,? he said, repeating a line he has used often. The newly declassified affidavits discuss a now-familiar list of threats to the United States coming from Al Qaeda and groups that share some of its ideology, including a plot in 2006 to blow up airliners over the Atlantic Ocean and the attempted car bombing in Times Square in 2010. But one of the documents makes reference to a renewed effort by Al Qaeda to obtain a nuclear weapon after 2005. It did not cite evidence. The California litigation over warrantless surveillance represents the remnants of a wave of lawsuits filed in 2006 after The New York Times revealed that the Bush administration had authorized a program of wiretapping without warrants. Most of the initial suits were filed against telecommunications companies and were dismissed after Congress passed a law retroactively immunizing them for participating in the programs. One of the lawsuits had also named the N.S.A. as a defendant, and in 2008 the Electronic Frontier Foundation refiled a case against the N.S.A. and a series of government officials, challenging the range of domestic surveillance and data collection activities. Several of the claims in those cases have been dismissed, but the First and Fourth Amendment ones remain. The new filings came five days after another judge, Richard J. Leon of Federal District Court in the District of Columbia, ruled ? in a case filed shortly after Mr. Snowden?s first reported disclosures ? that the call-logging program in its current form probably violated the Fourth Amendment and called it ?almost Orwellian.? The government is expected to appeal that decision. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 22 19:17:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Dec 2013 20:17:17 -0500 Subject: [Infowarrior] - RSA Response to Media Claims Regarding NSA Relationship Message-ID: <06D7D83F-508F-4E44-8CC0-BFA199887081@infowarrior.org> (c/o Jericho) RSA Response to Media Claims Regarding NSA Relationship https://blogs.rsa.com/news-media-2/rsa-response/ December 22, 2013 Recent press coverage has asserted that RSA entered into a ?secret contract? with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation. We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security. Key points about our use of Dual EC DRBG in BSAFE are as follows: ? We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption. ? This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs. ? We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion. ? When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media. RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA?s products, or introducing potential ?backdoors? into our products for anyone?s use. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 22 20:57:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Dec 2013 21:57:04 -0500 Subject: [Infowarrior] - =?windows-1252?q?When_=9160_Minutes=92_Checks_Its?= =?windows-1252?q?_Journalistic_Skepticism_at_the_Door?= Message-ID: When ?60 Minutes? Checks Its Journalistic Skepticism at the Door By DAVID CARR http://www.nytimes.com/2013/12/23/business/media/when-60-minutes-checks-its-journalistic-skepticism-at-the-door.html Last week, a study commissioned by the president concluded that the National Security Agency had reached too far into the private lives of Americans. The study, which came after a series of journalistic revelations exposing the agency?s surveillance practices, recommended numerous reforms that would curb the N.S.A.?s prerogatives. President Obama said he was ?open to many? of the suggestions. It was exactly the kind of news-making moment that ?60 Minutes? ? America?s leading purveyor of serious television news ? has often been responsible for creating. For more than four decades, the program has exposed C.I.A. abuses, rogue military contractors and hundreds of corporate villains. But where was ?60 Minutes? on the N.S.A. story? The Sunday before the damning study, the program produced a segment that scanned as a friendly infomercial for the agency. Reported by John Miller, a CBS News reporter, the piece included extensive interviews with Gen. Keith Alexander, the director of the N.S.A. In a scene that served as something of a metaphor for the whole segment, the producers negotiated access to the Black Chamber, a supersecret area where the nation?s top code breakers work. The door is briefly opened, we see a deserted office hall that looks like any other and then the door is closed. We get a look in, but we learn nothing. Coming as it does on the heels of the now-discredited Benghazi report ? in which ?60 Minutes? said it was fooled by an eyewitness who was apparently nothing of the kind ? the N.S.A. segment raises the question of whether the program has not just temporarily lost its mojo, but its skepticism as well. It didn?t help that the day after the piece aired, a federal judge ruled that the agency?s program of collecting phone records was most likely unconstitutional. In between its coverage of Benghazi and the N.S.A., ?60 Minutes? drew criticism for letting Amazon promote a drone delivery program that is years from actually happening, if it happens at all. It was a fanciful look at the commercial future, though Charlie Rose, the reporter, also asked Jeff Bezos, the chief executive of Amazon, some tough questions: whether providing cloud services to the C.I.A. was a conflict, and whether its ?ruthless? pursuit of market share was fair. Let?s stipulate that ?60 Minutes? has been and continues to be a journalistic treasure, which just this year has done hard-hitting pieces on the damaging practices of credit report agencies, the high rate of suicide among returning veterans, and how tainted pain medication that caused fungal meningitis killed dozens and sickened hundreds. Mr. Rose also landed an interview with the Syrian president, Bashar al-Assad, about chemical weapons. At a time when both the definition and execution of news has dimmed, ?60 Minutes? stands out. Historically, the news that ?60 Minutes? was in the lobby or on the phone has struck fear in the hearts of both the stalwart and the venal. The show made its targets quake and audiences thrill as it did the hard, often amazing work of creating consequence and accountability. But in the last few months, there have been significant lapses into credulousness, when reporters have been more ?gee whiz? than ?what gives?? The news that ?60 Minutes? is calling could be viewed as less ominous and more of an opportunity. More than once this year, the show has traded skepticism for access. When it comes to the access game, everyone, even ?60 Minutes,? plays ball on occasion. When it seeks to lighten things up, as it did with Taylor Swift, or Maggie Smith of ?Downton Abbey,? no one expects hidden cameras or brutal interrogations. Everyone, including the audience, knows the score. But viewers expect the show to bring its A game, and deserve it, when it takes on a huge issue like the N.S.A., to serve as a stand-in for the American people and ask the uncomfortable questions. Mr. Miller is a former high-ranking official in the Office of the Director of National Intelligence and a former spokesman of the F.B.I. whose worldview is built on going after bad guys and keeping the rest of us safe. In his report, Mr. Alexander was allowed to parse his responses, suggesting that the collection and retention of telephone metadata from Americans is not a big deal ? it is ? and that the agency is ?not collecting everybody?s email, we?re not collecting everybody?s phone things.? The report delivered to the president last week said that the agency was doing a great deal of both and that it should stop. After taking over ?60 Minutes? from Don Hewitt less than 10 years ago, Jeffrey Fager has managed to maintain the journalistic momentum of the news division?s crown jewel. In 2011, he was named chairman of CBS News, and since then has earned high marks for helping restore hard news at the evening news program and developing a distinct identity for ?CBS This Morning? by emphasizing topical coverage. But people inside and outside the news division have questioned whether those dual roles are stretching him too thin. An internal CBS investigation into the Benghazi fiasco cited fundamental lapses in execution, including missed opportunities to check the story of Dylan Davies, a contractor who had told conflicting accounts about his whereabouts on the night of the attacks on the American diplomatic mission. Of course, any news organization can be fooled ? The New York Times famously fell short with its reports of supposed weapons of mass destruction in the run-up to the Iraq war ? but it was hard to watch the N.S.A. segment and not wonder who was minding the store. On what planet is it fine for someone like Mr. Miller, a former federal law enforcement official, to be the one to do a big segment on a major government security agency? Mr. Miller got the story because the N.S.A. said yes to his pitch ? why would it not? ? but other journalists at ?60 Minutes? without his potential conflicts were interested as well. No matter how the deal was brokered, the optics were terrible and the N.S.A. got its hands on a megaphone with nary a critic in sight. Mr. Fager would not speak on the record, perhaps in part because he was pummeled after initially defending the Benghazi broadcast; when it fell apart, he was forced to put Lara Logan, the reporter, and the producer on leave. But while declining to comment, he made it clear that he very much had his eye on the ball at ?60 Minutes? and pushed back against any notion of institutional malaise. Mr. Miller was more than happy to explain his N.S.A. segment, which he said he would not change if he had the chance. As a reporter, he has a blend of insider knowledge and careful inquiry that has been lauded by many, including me, especially during the school shootings in Newtown, Conn. He is nothing if not confident, dismissing his critics as ankle-biting, agenda-ridden bloggers who could not be compelled to get out of their pajamas and do actual reporting. ?I fully reject the criticism from you and others,? he told me. ?The N.S.A. story has been a fairly one-way dialogue. There has been no conversation and when you do hear from the N.S.A., it is in a terse, highly vetted statement.? ?We went there, we asked every question we wanted to, listened to the answers, followed up as we wished, and our audience can decide what and who they believe. As we constructed it, the N.S.A. was a story about a debate, not a villain, and we added to that debate with important information. I fail to understand how a shrill argument for the sake of creating televised drama would have accomplished anything.? Mr. Miller is a highly respected reporter, and stand-up enough to come on the phone and defend his work. (He is reportedly heading back into government to work for his former boss, William Bratton, in the New York City Police Department.) But I?m pretty sure that the credentials that make him valuable on a mass shooting are the same ones that create a conflict on the N.S.A. segment. And Ms. Logan, who raced past conflicting information to a predetermined conclusion and pulled the program into a ditch in the process, should get more than Christmas off for her lapses. The DNA of ?60 Minutes? is adversarial, investigative and most of all accurate. It would be a cheap and easy trick to roll Mike Wallace back from the grave for the sake of contrast, but of course the N.S.A. would not have let him near the place. Maybe that is the point. ?60 Minutes? is a calling, not an assignment, and the program should not be the kind of outfit that leaves its skepticism at the door to get inside. Email: carr at nytimes.com; Twitter: @carr2n --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 06:51:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 07:51:54 -0500 Subject: [Infowarrior] - RSA denial sidesteps claim it was paid to use compromised encryption by default Message-ID: <8B99D5FF-97F0-4A4A-BDD2-2B6F3CEA99BB@infowarrior.org> RSA denial sidesteps claim it was paid to use compromised encryption by default By Aaron Souppouris on December 23, 2013 06:22 am http://www.theverge.com/2013/12/23/5237788/rsa-nsa-backdoor-non-denial Security firm RSA has denied it entered into a contract that it knew would give the NSA a backdoor into its BSAFE security system. Last week, Reuters claimed the NSA paid RSA $10 million to make an algorithm called "Dual EC DRBG" the preferred, or default system in BSAFE. The security giant says that, although it has worked with the NSA, the relationship has never been a secret, and the relationship has been with the "explicit goal" of strengthening security. In a tightly worded blog post, RSA also gives a timeline of the backdoor debacle. It says it decided to use the random number generator Dual EC DRBG based on advice from the National Institute of Standards (NIST) that deemed the generator safe. It says the algorithm was "only one of multiple choices available within BSAFE toolkits," and adds that, although concerns were raised in 2007 about a possible backdoor in the standard, it "continued to rely upon NIST as the arbiter of that discussion." When NIST eventually recommended against Dual EC DRBG back in September, RSA passed that guidance on to its customers. The company closes its argument saying it has "never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use. Although RSA's argument appears solid, there are a number of potential 'backdoors' in its wording. First, it never denies the claim that the NSA paid $10 million to include Dual EC DRBG as the default algorithm in BSAFE. Second, by noting its reliance on NIST for decision-making, RSA essentially admits that it was aware of the claims and never passed them on to its customers. Finally, it doesn't explain why it continued to use the now-suspect generator as a default algorithm in BSAFE, rather than downgrading it to optional status and using one of its aforementioned "multiple choices available" as a default instead. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 06:55:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 07:55:46 -0500 Subject: [Infowarrior] - =?windows-1252?q?The_decade-long_quest_to_stop_?= =?windows-1252?q?=93Spamford=94_Wallace?= Message-ID: <04F0F2FE-16B5-4EFD-B556-45FB8FF6F09F@infowarrior.org> The decade-long quest to stop ?Spamford? Wallace After a spate of lawsuits dating back to the late 90s, the feds step in. http://arstechnica.com/tech-policy/2013/12/the-decade-long-quest-to-stop-spamford-wallace/2/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 07:03:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 08:03:44 -0500 Subject: [Infowarrior] - TSA from an expert perspective. Message-ID: <0B963F17-117D-43E1-9F6A-BD0E19074067@infowarrior.org> (c/o AJM) TSA from an expert perspective http://www.cracked.com/blog/7-reasons-tsa-sucks-a-security-experts-perspective/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 07:03:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 08:03:51 -0500 Subject: [Infowarrior] - TSA confiscates photographer's blower because it could be filled with gunpowder and used as a missile Message-ID: TSA confiscates photographer's blower because it could be filled with gunpowder and used as a missile Cory Doctorow at 2:00 pm Sun, Dec 22, 2013 http://boingboing.net/2013/12/22/tsa-confiscates-photographer.html In a photography forum, Surapon recounts the sad story of how the TSA took away his Giottos AA1900 Rocket Air Blaster, a blower for removing dust from equipment, at an airport in New York. According to him, he was on his way back to North Carolina from Greece when the TSA flagged his camera-case for manual inspection. The TSA agent reportedly produced the rocket-shaped blower, and then he and a colleague grimly pronounced the dangers of this object, should it be filled with gunpowder and then launched like a rocket through the cockpit. Since then, Surapon assiduously sliced the decorative fins off his blowers, and has had no further trouble from the TSA. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 11:43:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 12:43:05 -0500 Subject: [Infowarrior] - Mikhail Kalashnikov, Whose AK-47 Fuels War Worldwide, Dies at 94 Message-ID: Mikhail Kalashnikov, Whose AK-47 Fuels War Worldwide, Dies at 94 By Laurence Arnold and Henry Meyer - Dec 23, 2013 http://www.bloomberg.com/news/print/2013-12-23/mikhail-kalashnikov-whose-ak-47-fuels-war-worldwide-dies-at-94.html Mikhail Kalashnikov, inventor of the world?s most popular assault rifle, the AK-47, a simple and durable weapon of war used by tens of millions in about 100 countries, has died. He was 94. He died today after a long illness, Elena Filatova, a spokeswoman at Kalashnikov Concern, the plant named after the inventor, said in an interview. He lived in Izhevsk in the Ural Mountains, the town that produces his rifles. The Automatic Kalashnikov -- Avtomat Kalashnikova, or AK-47, for the year its design was finalized -- became prized by governments and rebels alike for its low cost, ease of use, light weight and resistance to corrosion and jamming. The Soviet Army made the weapon standard issue in 1949, as did most Warsaw Pact countries and dozens of liberation armies in Africa, Asia and Latin America during the Cold War. The AK-47 was used in at least 40 of 60 large armed conflicts since 1945, Alexander Uzhanov, an associate fellow at the Academy of Military Science in Moscow, wrote in a 2009 biography of Kalashnikov. More than 100 million AK-47s have been sold worldwide, half of them counterfeit, according to Rosoboronexport, Russia?s state arms exporter. Al-Qaeda leader Osama bin Laden posed next to the rifle in videos he released to the public before he was killed in 2011. Mozambique, an African nation that endured a long civil war after gaining independence from Portugal in 1975, includes an image of the AK-47 on its flag. Design Process Kalashnikov said he came up with the AK-47?s design while recuperating from wounds suffered when invading Germans shelled the tank he was driving during the Battle of Bryansk in 1941. He long insisted that his goal had been to design a rifle to help the Soviet Union fend off a German invasion -- not to arm extremists or criminals. ?I didn?t put it in the hands of bandits and terrorists, and it?s not my fault that it has mushroomed uncontrollably across the globe,? he said, according to a 2006 Associated Press story. ?Can I be blamed that they consider it the most reliable weapon?? Sturdy and dependable, the AK-47 can fire 600 bullets a minute and is so easy to handle that Soviet schoolchildren were taught to assemble it with their eyes closed and child soldiers in African conflict zones are seen carrying them. The Soviet Union awarded AK-47 licenses to 18 countries during the Cold War, including China, Poland, Romania, Bulgaria, East Germany and Egypt. Many of them continued to make the weapon illegally after their permits expired, then-Deputy Prime Minister Sergei Ivanov said in 2008 in calling for a crackdown on black-market production. Other countries produced copies of the weapon without any license. Saiga Brand In the U.S., officially licensed civilian versions of the AK-47 are sold under the brand name Saiga. AK-47s were used in two mass shootings in 1989, in a Stockton, California, schoolyard and a Louisville, Kentucky, printing plant, according to AP. U.S. lawmakers outlawed the AK-47 and all other AK models in the assault-weapons ban signed into law by President Bill Clinton in 1994. The law expired in 2004. Congress and President Barack Obama are again considering new limits on weapons such as the AK-47, in the wake of the Dec. 14, 2012, massacre of schoolchildren in Newtown, Connecticut. The weapon used by the killer in that case, Adam Lanza, was a Bushmaster AR-15, another type of semiautomatic, or self-loading, rifle. While Kalashnikov said he never made money from his namesake weapon, he did gain a degree of celebrity. Presidential Praise ?What you?ve done has made Russian weapons one of our best national brands,? Dmitry Medvedev, then Russia?s president, said during a 2009 meeting with Kalashnikov in the Kremlin to mark his 90th birthday. ?Kalashnikov is one of the most famous Russian words.? The Soviet Union?s official account of Kalashnikov and his firearm was heavy in patriotic appeal, at the expense of accuracy, according to C.J. Chivers?s 2010 book, ?The Gun.? ?The carefully packaged history of Soviet times, a cheerful parable for the proletariat, was that the weapon sprang from the mind of a gifted if unlettered sergeant who wanted to present his nation an instrument for its defense,? Chivers wrote. ?This was a message made in the Communist Party?s propaganda mills. It required redaction and lies.? In fact, the AK-47 ?was the result of state process and collective work, the output not of a man but of committees,? he wrote. Kalashnikov fought back when challenged on his role in designing the famous firearm. ?Mendacious Accusations? ?Certain people would like to cast doubt on the paternity of the AK-47,? Kalashnikov wrote in ?The Gun That Changed the World? (2006), originally published in France in 2003. Citing one newspaper article that had accused him of copying the work of competitors, he wrote, ?I?m 83 years old, but unfortunately I?m still here to reply to those mendacious accusations!? Mikhail Timofeyevich Kalashnikov was born on Nov. 10, 1919, in Kurya, a village in the Altai region of south-central Russia. He was the eighth of 18 children of the former Alexandra Frolovna, a religious Cossack, like her husband, Timofey, Chivers wrote in his book. Mikhail, one of only eight of the children to survive childhood, was weak, small and prone to illness, according to Chivers. Poetry was an early interest, and remained so throughout his life. The Kalashnikov family, repressed as ?kulaks,? or relatively affluent peasants, was relocated to western Siberia when Kalashnikov was 10, following Josef Stalin?s decree that turned private farms into collectivized state enterprises. Kalashnikov was drafted into the Red Army and during World War II was wounded while commanding a tank struck by a German shell. Refined Design During his recovery, he studied firearms and tried his hand at new designs. Though his early ideas were rejected by the Red Army, he won assignments to military institutes, a weapons-testing facility and an arms-design center, where, in 1947, he and his chief deputy, Sasha Zaitsev, refined his design into what became the AK-47. In subsequent decades, Kalashnikov designed more than 150 modifications of the rifle, and other guns. In recent years he still worked four days a week at Izhmash, the company that produces the AK-47, according to an interview he gave in 2009 to Rossiyskaya Gazeta, the government?s newspaper of record. Izhmash is a subsidiary of Russian Technologies Corp., the Russian weapons and technology company formed by the government in 2007 and recently renamed Rostec. With his wife, Ekaterina, who died in 1977, Kalashnikov had four children -- a son, Viktor, who has promoted his father?s creation at international arms fairs, and daughters Nelli, Elena and Natalia, who died in 1983. To contact the reporters on this story: Laurence Arnold in Washington at larnold4 at bloomberg.net; Henry Meyer in Moscow at hmeyer4 at bloomberg.net To contact the editor responsible for this story: Charles W. Stevens at cstevens at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 17:12:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 18:12:59 -0500 Subject: [Infowarrior] - Mikko withdraws from RSA Message-ID: <92932857-2FFC-44EE-B137-8C0E3F46074F@infowarrior.org> (c/o Weld) An Open Letter to the Chiefs of EMC and RSA Posted by Mikko @ 21:46 GMT 23rd of December 2013 http://www.f-secure.com/weblog/archives/00002651.html An Open Letter to: Joseph M. Tucci - Chairman and Chief Executive Officer, EMC Art Coviello - Executive Chairman, RSA Dear Joseph and Art, I don?t expect you to know who I am. I?ve been working with computer security since 1991. Nowadays I do quite a bit of public speaking on the topic. In fact, I have spoken eight times at either RSA Conference USA, RSA Conference Europe or RSA Conference Japan. You?ve even featured my picture on the walls of your conference walls among the 'industry experts'. On December 20th, Reuters broke a story alleging that your company accepted a random number generator from the National Security Agency, and set it as the default option in one of the your products, in exchange of $10 million. Your company has issued a statement on the topic, but you have not denied this particular claim. Eventually, NSA?s random number generator was found to be flawed on purpose, in effect creating a back door. You had kept on using the generator for years despite widespread speculation that NSA had backdoored it. As my reaction to this, I?m cancelling my talk at the RSA Conference USA 2014 in San Francisco in February 2014. Aptly enough, the talk I won?t be delivering at RSA 2014 was titled "Governments as Malware Authors". I don?t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA. In fact, I'm not expecting other conference speakers to cancel. Most of your speakers are american anyway ? why would they care about surveillance that?s not targeted at them but at non-americans. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I?m a foreigner. And I?m withdrawing my support from your event. Sincerely, Mikko Hypponen Chief Research Officer F-Secure --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 17:16:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 18:16:41 -0500 Subject: [Infowarrior] - Alan Turing pardoned Message-ID: <339F9A90-5B46-43FB-BAA9-B5F165F7BE95@infowarrior.org> (Queen?s Pardon @http://cryptome.org/2013/12/turing-pardon.pdf Alan Turing gets his royal pardon for 'gross indecency' ? 61 years after he poisoned himself Oliver Wright Monday 23 December 2013 http://www.independent.co.uk/news/uk/home-news/alan-turing-gets-his-royal-pardon-for-gross-indecency--61-years-after-he-poisoned-himself-9023116.html He was the father of modern computing whose work on the Enigma code at Bletchley Park is said to have shortened the Second World War. But he was also gay and in those less enlightened times was chemically castrated by an ungrateful nation after being convicted of ?gross indecency? with a man in 1952. Now, nearly 60 years after his suicide from cyanide poisoning at the age of 41, Alan Turing has been officially pardoned by the Queen under the little-known Royal Prerogative of Mercy. The pardon comes after a change of heart by ministers who had previously insisted that Turing was properly convicted of what at the time was a criminal offence. A pardon is usually granted only when the person is innocent of the offence and where a request has been made by someone with a vested interest, such as a family member. But Turing?s pardon has been issued without either requirement being met. It follows a sustained campaign by scientists, including Stephen Hawking, and a petition to Government signed by more 37,000. Announcing the change of heart, the Justice Secretary Chris Grayling said Turing deserved to be ?remembered and recognised for his fantastic contribution to the war effort? and not for his later criminal conviction. ?His later life was overshadowed by his conviction for homosexual activity, a sentence we would now consider unjust and discriminatory and which has now been repealed,? he said. ?A pardon from the Queen is a fitting tribute to an exceptional man.? The pardon under the Royal Prerogative of Mercy will come into effect today. Since 1945, only three high-profile pardons have been granted in England and Wales under the Royal Prerogative: to Timothy Evans, Derek Bentley and Michael Shields. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 23 21:05:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Dec 2013 22:05:05 -0500 Subject: [Infowarrior] - =?windows-1252?q?OT=3A_=91Duck_Dynasty=92_vs=2E_t?= =?windows-1252?q?he_Dixie_Chicks?= Message-ID: <89645543-2F8E-4807-89D4-9F46F5BA804B@infowarrior.org> ?Duck Dynasty? vs. the Dixie Chicks By Matthew Bruenig December 23, 2013 8:12PM http://www.suntimes.com/news/otherviews/24564387-452/duck-dynasty-vs-the-dixie-chicks.html In March of 2003, the drumbeat for war in Iraq had reached a fevered pitch. Despite massive protests throughout the world, over 70 percent of Americans supported the invasion. In that month, presidential approval also shot over 70 percent, the highest it would be for the remainder of George W. Bush?s tenure in office. Despite these currents, Natalie Maines of the Dixie Chicks spoke out during a London show on the eve of the war, saying ?Just so you know, we?re on the good side with y?all. We do not want this war, this violence, and we?re ashamed that the president of the United States is from Texas.? When media reports about the concert got back to the United States, all hell broke loose. Their record sales plummeted, they fell down the Billboard charts and a full -scale boycott swept through their largely right-wing country music fan base. Country radio stations across the U.S. pulled them from circulation, with radio network giant Cumulus banning the Dixie Chicks from its more than 250 local stations. Former fans gathered to burn previously purchased CDs and even, in one media spectacle, crush them with a giant farm tractor. Unsurprisingly, conservatives welcomed this effort to economically discipline political speech. President Bush himself said of the debacle: ?The Dixie Chicks are free to speak their mind. They can say what they want to say . . . they shouldn?t have their feelings hurt just because some people don?t want to buy their records when they speak out. . . . Freedom is a two-way street. ? For Bush and other conservative cheerleaders of the war, you can speak your mind all you want, but you should be subject to private economic disciplining if you say something unpopular. That?s just the dialectic of freedom working itself out. This is all well and good except conservatives don?t actually believe this. Their support for economically coercing the speech of popular entertainers is curiously contingent upon the content of the speech in question. Take the firestorm surrounding the comments ?Duck Dynasty? star Phil Robertson made to GQ this week. Among other things, Robertson explained that blacks in the Jim Crow south were contented with American apartheid and that homosexuality is both sinful and utterly disgusting. The cable network that runs his hit television show responded to these comments by putting him on hiatus. So we have here a perfect analogue to the Dixie Chicks spectacle: a popular entertainer said something offensive and outrageous to many, and an economic actor punished him for doing so. Strangely enough, conservatives found the economic disciplining of Phil Robertson to be a kind of unjust censorship that is antithetical to the spirit of free speech. Bobby Jindal said the TV network?s disciplining ran counter to the free speech protections of the First Amendment to the constitution. Sarah Palin also expressed dismay at the threat this poses to free speech, and called opponents of Phil Robertson intolerant haters. Herman Cain described the suspension as ?crap? that is ?out of control.? And on and on it goes. It is not mysterious why conservatives think the Phil Robertson disciplining is rights-infringing but think the Dixie Chicks disciplining was not. They support what Phil Robertson had to say, but oppose what the Dixie Chicks had to say. Despite their pretensions to the contrary, conservatives, and most people in general for that matter, do not care about content-neutral procedural fairness. They care about winning their stuff and beating the other side?s stuff. What?s surprising to me is that anyone even takes arguments of this sort seriously to begin with. Surely at some basic level, everyone realizes that content-neutral pleas for certain procedural rights are almost always motivated by something else. Liberals hate the filibuster when Senate Republicans use it to block Obama nominations, but love it when Wendy Davis uses it to protect abortion rights. Conservatives love states? rights when they are arguing against some national economic program, but hate it when a state has end-of-life policies they disagree with. Various leftists support yelling over New York City police Commissioner Ray Kelly, but panned Tea Party disruptions of congressional town halls as harassment. Most of the time, proclaimed commitments to uncoerced free speech, minority parliamentary power, states? rights and any other content-neutral procedural rule are not serious. Some people are seriously concerned about process for its own sake, but such people are few and far between. Everyone else has a substantive agenda and merely stakes out the short-term positions on content-neutral procedural justice that further that agenda. Filibusters are good when they block what I dislike, but bad when they block what I like. States rights are good when states do what I like, but bad when they do what I dislike. Private economic coercion of expression is good when it shuts down comments I dislike, but bad when it shuts down comments I like. And so on. Given this reality, why do we even play the game where we pretend to believe in some sort of content-neutral procedural justice rules? Who are we trying to fool? What?s the use of having shell arguments about process that everyone knows are driven by core disagreements on substantive agendas? I don?t get it. Matthew Bruenig is freelancer who regularly writes on politics for Salon, where this essay was posted. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 24 07:24:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Dec 2013 08:24:36 -0500 Subject: [Infowarrior] - Holiday Greetings from Infowarrior-L Message-ID: <457BCF67-4B97-46F9-A3BD-3D9078FAE96D@infowarrior.org> An Infowarrior-L tradition at the holidays, drawn from classic BBC political satire: Sir Humphrey: "I wonder if I might crave your momentary indulgence in order to discharge a by no means disagreeable obligation which has, over the years, become more or less established practice in government service as we approach the terminal period of the year ? calendar, of course, not financial ? in fact, not to put too fine a point on it, Week Fifty-One ? and submit to you, with all appropriate deference, for your consideration at a convenient juncture, a sincere and sanguine expectation ? indeed confidence ? indeed one might go so far as to say hope ? that the aforementioned period may be, at the end of the day, when all relevant factors have been taken into consideration, susceptible to being deemed to be such as to merit a final verdict of having been by no means unsatisfactory in its overall outcome and, in the final analysis, to give grounds for being judged, on mature reflection, to have been conducive to generating a degree of gratification which will be seen in retrospect to have been significantly higher than the general average." ... Jim Hacker [confused]: "Are you trying to say "Happy Christmas," Humphrey?" Sir Humphrey [surprised]: "Yes, Minister!" Video @ http://www.youtube.com/watch?v=vShJa6GobFQ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 24 19:57:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Dec 2013 20:57:11 -0500 Subject: [Infowarrior] - A New Twist in International Relations: The Corporate Keep-My-Data-Out-of-the-U.S. Clause Message-ID: A New Twist in International Relations: The Corporate Keep-My-Data-Out-of-the-U.S. Clause By Jordan Robertson - Dec 24, 2013 http://www.bloomberg.com/news/print/2013-12-24/a-new-twist-in-international-relations-the-corporate-keep-my-data-out-of-the-u-s-clause.html By now, we've heard from tech companies such as Facebook, Google and Cisco Systems that the National Security Agency's spying poses a threat to their international business and, in Cisco's case, is already hurting it. So what does that threat look like, exactly, at ground level? Some companies are apparently so concerned about the NSA snooping on their data that they're requiring - in writing - that their technology suppliers store their data outside the U.S. In Canada, a pharmaceutical company and government agency have now both added language to that effect to their contracts with suppliers, as did a grocery chain in the U.K., according to J.J. Thompson, chief executive officer of Rook Consulting, an Indianapolis, Indiana-based security-consulting firm. He declined to name the companies, which are using Rook to manage the segmentation and keep the data out of the U.S. Thompson said the language began appearing in contracts over the past couple weeks, and could be an early indicator of things to come as businesses adapt to a landscape altered by former NSA contractor Edward Snowden's leaks. Documents leaked by Snowden indicate that the NSA has tapped fiber-optic cables abroad, circumvented or cracked encryption and is massively collecting telephone records and Internet traffic. Facebook, Google, Apple and Yahoo were among 15 technology companies that asked President Barack Obama Dec. 17 to restrain the spy programs. Cisco said Nov. 13 that NSA spying has caused delays to networking equipment orders. U.S.-based technology companies face a serious threat. The NSA disclosures may reduce U.S. technology sales overseas by as much as $180 billion, or 25 percent of information technology services, by 2016, according to Forrester Research Inc., a group in Cambridge, Massachusetts. Some large tech firms have used the revelations as a public relations opportunity, casting themselves as defenders of individual privacy and a bulwark against government encroachment. The approach has elicited accusations of hypocrisy from privacy advocates who say that many tech companies are eroding privacy, as we reported Monday. It's not all doom and gloom, however. Thompson's comments show that some U.S. firms stand to benefit from distrust of the U.S. government, and that a new model may be in the offing for protecting sensitive data from the NSA's prying eyes. There's a worry in this approach, though. Keeping the data out of the U.S. makes intuitive sense, and limits the likelihood that U.S. firms bound by U.S. laws will disclose it to the government. However, if the scandal has proven nothing else, it's that the NSA isn't bound by geography. And bucking the childhood admonishment, it certainly doesn't do the polite thing and always ask permission first either. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Dec 26 21:26:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Dec 2013 22:26:35 -0500 Subject: [Infowarrior] - Pill could spare 500,000 the agony of Alzheimer's Message-ID: Pill could spare 500,000 the agony of Alzheimer's: Treatment can reduce crucial component of the disease by 90% By Jenny Hope http://www.dailymail.co.uk/health/article-2529689/Pill-spare-500-000-agony-Alzheimers-Treatment-reduce-crucial-component-disease-90.html PUBLISHED: 19:02 EST, 26 December 2013 | UPDATED: 19:02 EST, 26 December Experts say 'exciting' research on a drug to combat brain plaques could lead to a generally available pill within five years A new Alzheimer?s drug that could reduce a crucial component of the disease by 90 per cent is to be tested on thousands of patients. Experts say ?exciting? research on a drug to combat brain plaques could lead to a generally available pill within five years. If the trials are successful, the drug would help around 400,000-500,000 Britons deemed at ?high risk? of developing Alzheimer?s because they have memory problems in late middle age. In patients with Alzheimer?s, clumps or plaques of a substance called amyloid beta protein stick to brain cells, leading to changes in memory, mood and behaviour. Results from a previous three-month study of 200 patients, and earlier studies, show the drug reduces these amyloid plaques by up to 90 per cent. Both healthy volunteers and Alzheimer?s patients took the drug without any serious side effects. The new trials will involve more than 3,000 patients in 21 countries, including the UK. The first 18-month phase of the study will enrol 1,960 patients with mild to moderate Alzheimer?s, a group that already has significant plaque build-up. The second study, lasting two years, will be carried out on 1,500 patients who are at an earlier stage, with memory difficulties. Dr Craig Ritchie of Imperial College, one of the international team of researchers, said the drug ? presently called MK-8931 ? is being developed as a pill so that it will be easy to take. ?If the trials prove it works, it will have to go through licensing procedures, so it will probably take about five years to become available. ?Around 80 per cent of those developing Alzheimer?s would be eligible, getting on for 400,000 to half a million people,? he said. The drug, known as a BACE inhibitor (Beta Amyloid precursor protein site-Cleaving Enzyme inhibitor), is an enzyme that removes the sticky amyloid. The trials must show the anti-amyloid effect actually makes a difference to patients with the disease and prevents it from developing in those who merely have memory problems. There have been fears that amyloid might be a by-product of the disease rather than its cause. Dr Ritchie, who is honorary consultant at the West London Mental Health NHS Trust, said the strategy adopted by this drug is completely new. He explained: ?The aim is to intervene before symptoms take hold. If the trials are successful, the drug would help around 400,000-500,000 Britons deemed at 'high risk' of developing Alzheimer's ?People with memory problems aren?t definitely going to get Alzheimer?s but there?s a high likelihood it will affect two-thirds to three-quarters. ?Other BACE inhibitors have not got far in development. ?Stopping the formation of plaque early on, when the clumps are small and most toxic, is a fresh approach. ?There is a great deal of excitement around this in the academic and medical community but there is a huge amount of work to do.? James Pickett, head of research at the Alzheimer?s Society, said: ?Previous BACE inhibitors have failed at this hurdle before, though there are important differences between this latest drug and the one that entered previous trials.? Dr Eric Karran, director of research at Alzheimer?s Research UK, said: ?We know Alzheimer?s starts long before symptoms appear, and it?s likely treatments will have more chance of success if given early, so it?s positive to see this drug will be tested in people with early signs of the disease. ?We await the results of these trials with great interest.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 07:24:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 08:24:49 -0500 Subject: [Infowarrior] - Researchers publish Snapchat vuln code Message-ID: <51A5A04A-DF59-440E-8564-6FFE11CA9FDB@infowarrior.org> Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignored After having its security disclosure go ignored since August, Gibson Security has published Snapchat's previously undocumented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts. The Australian hackers announced its publication of Snapchat's API and the two exploits on the GibSec Twitter account on Christmas Eve ? which by time difference is Christmas Day in Australia. < - > http://www.zdnet.com/researchers-publish-snapchat-code-allowing-phone-number-matching-after-exploit-disclosures-ignored-7000024629/ Code @ http://gibsonsec.org/snapchat/fulldisclosure/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 07:25:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 08:25:41 -0500 Subject: [Infowarrior] - The BBC's best practices for verifying user-generated content Message-ID: <233C3A3A-8898-4C47-AB81-8F43DC48A4DC@infowarrior.org> The BBC's best practices for verifying user-generated content 12/24/13 by Margaret Looney http://ijnet.org/blog/bbcs-best-practices-verifying-user-generated-content Social media have set the stage for newsrooms to tap into user-generated content for their breaking news coverage. But the easier it becomes to gather content from users, the harder it can be to verify, especially on deadline. The BBC's UGC Hub has been sourcing, checking and verifying, and distributing content since its inception in 2005, and has had to shift its approach over the years. Some of the latest BBC stories to include UGC content were Typhoon Haiyan, Nelson Mandela's death and the use of chemical weapons in Syria. "Rapidly changing user behavior has meant the team has had to be agile and constantly rethink the way it works, as well as test and adopt new tools to help us," wrote Trushar Barot, assistant editor of the Hub in this BBC Academy post. To stay ahead of technology, the BBC is constantly trying out new tools. The newsroom has used NewsWhip, Banjo, Reddit and many other platforms to source UGC. BBC also added a "postform" to the bottom of certain stories calling out for on-the-scene content, such as eyewitness feedback, text, video and expert accounts, from non-reporters. When it comes to verifying information or multimedia from a breaking news spot, reaching out to the source at the scene is a common first step. While checking basic facts, BBC journalists take care to treat the source with respect and consideration, given that many breaking news scenes can be traumatic in nature. Barot talks more about the ethics of reaching out to UGC providers in this video. When journalists can't contact the source directly, the BBC journalists use techniques like examining exif data of images with free tools like FotoForensics. They use websites like Fake Follower Check to check the veracity of users' social media accounts, or Pipl to track down other social media accounts of the same user. Once all the necessary steps are taken to verify the content, the BBC begins to distribute it across all its platforms. Journalists use a system called ENPS to send out UGC alerts to keep all reporters who are working on the story in the loop. The alerts will only include contact details of the source after producers or reporters express interest in the content, and after getting permission from the source to be contacted for on-air interviews. Any specific requests for credit attribution will also be passed on to the journalists who will use the content. In cases where they haven't reached the source, as is the case with videos coming out of Syria that are nearly impossible to verify, the UCG hub provides boilerplate language for the journalists to use. Here's an example used in the case of the Syria videos: ?Caution: We are confident this footage is genuine, but because of its nature and source, we cannot be certain. Any use MUST include cautionary wording in cues/scripts/captions, such as: 'The BBC has not been able to fully authenticate this footage, but based on additional checks made on it, it is believed to be genuine.' ? Via BBC Academy. IJNet Editorial Assistant Margaret Looney writes about the latest media trends, reporting tools and journalism resources. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 11:19:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 12:19:42 -0500 Subject: [Infowarrior] - N.S.A. Phone Surveillance Is Lawful, Federal Judge Rules Message-ID: <8644FC78-10AB-49E1-9D98-55252ABA98EE@infowarrior.org> (Not read the opinion yet, but based on the comments of the judge in this article, he's generally clueless about such things. --rick) N.S.A. Phone Surveillance Is Lawful, Federal Judge Rules By MICHAEL S. SCHMIDT Published: December 27, 2013 http://www.nytimes.com/2013/12/28/us/nsa-phone-surveillance-is-lawful-federal-judge-rules.html?hp&_r=0 WASHINGTON ? A federal judge in New York on Friday ruled that the National Security Agency?s program that is systematically keeping phone records of all Americans is lawful, creating a conflict among lower courts and increasing the likelihood that the issue will be resolved by the Supreme Court. In the ruling, Judge William Pauley, of the United States District Court for the Southern District of New York, granted a motion filed by the federal government to dismiss a challenge to the program brought by the American Civil Liberties Union, which had attempted to halt the program. Judge Pauley said that protections under the Fourth Amendment do not apply to records held by third parties, like phone companies. ?This blunt tool only works because it collects everything,? Judge Pauley said in the ruling. ?While robust discussions are underway across the nation, in Congress and at the White House, the question for this court is whether the government?s bulk telephony metadata program is lawful. This court finds it is,? he added. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 15:22:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 16:22:26 -0500 Subject: [Infowarrior] - =?windows-1252?q?OT=3A_Dave_Barry=92s_Review_of_2?= =?windows-1252?q?013?= Message-ID: <3D98730B-31C0-4FA5-AC98-ED748EA9EF6F@infowarrior.org> Beware the Bermudan Army. ;) ?rick Dave Barry?s Review of 2013, the Year of the Zombies http://www.washingtonpost.com/lifestyle/magazine/dave-barrys-review-of-2013-the-year-of-the-zombies/2013/12/20/c7cfa5fe-5dc2-11e3-bc56-c6ca94801fac_story.html?hpid=z1 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 18:50:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 19:50:10 -0500 Subject: [Infowarrior] - =?windows-1252?q?Greenwald_=40_CCC=3A_=91A_Lot=92?= =?windows-1252?q?_More_NSA_Documents_to_Come?= Message-ID: <3F15EB97-C548-4A3E-A37F-5D29D140CA2F@infowarrior.org> Glenn Greenwald: ?A Lot? More NSA Documents to Come ? By John Borland ? 12.27.13 ? 5:49 PM http://www.wired.com/threatlevel/2013/12/greenwald-lot-nsa-documents-come/ Nearly seven months after journalist and privacy activist Glenn Greenwald publicized Edward Snowden?s first revelations of the vast scope of the NSA?s digital surveillance, his life has changed absolutely. Living in Brazil, he is advised not to travel. He?s a hero to privacy activists, and demonized by governments and national security agencies. And in a video keynote address to the Chaos Communication Congress (CCC) in Hamburg today, he promised that he and Edward Snowden aren?t anywhere near finished. ?There are a lot more stories to come, a lot more documents that will be covered,? Greenwald said. ?It?s important that we understand what it is we?re publishing, so what we say about them is accurate.? Greenwald?s role as keynote speaker at a conference attended in large part by programmers and hardware hackers was sign of how badly the half-year of revelations of digital surveillance by the NSA and its allies has shaken the hacker and privacy communities. Much of the CCC?s four days of talks and workshops are dedicated to exploring the implications of Snowden and Greenwald?s revelations, from discussions about NSA attacks on the Tor private-communications network to a call by Julian Assange for hackers to fight back against the intelligence agencies. ?This is a digital agent orange. It took the leaves from the forest where we used to live and flourish,? said Tim Pritlove, one of the annual event?s organizers. In his keynote speech, former Guardian columnist Greenwald paid rueful due to his own onetime lack of encryption skills, but said that most journalists covering national security had been no different as recently as a year ago. That has now changed, both among journalists and the interested general public, he said. ?One of most significant outcomes of the last few months has been the increased awareness of the importance of encryption and privacy,? he said. ?It?s a remarkable sea change.? But even outrage won?t change policy through traditional democratic processes, he said. The power of the NSA and the security establishment is too strong, and democratic governments are proving unable to resist the seduction of surveillance-derived knowledge. More promising have been signs of allies showing genuine signs of indignation, and indications that important companies are feeling economic effects as a result. Most recently, he said, Boeing lost a $4 billion contract in Brazil in part because of that country?s anger at the extent of U.S spying. ?Power sectors don?t get persuaded by lofty arguments. It?s important to devise ways to raise the costs to the systematic invasion of our privacy,? he said. ?When it?s no longer we in fear of them, but they in fear of us, that?s when these policies will change.? After six months of stories based on Snowden?s revelations now published, and more to come, Greenwald said a single theme had overshadowed any of the stories? individual elements. ?It is literally true, without hyperbole, that the goal of the NSA and its partners in the English-speaking world is to eliminate privacy globally,? he said. ?They want to make sure there is no communication that evades their net.? He said he was working on a new story indicating that the NSA was ?obsessed? by the idea that people could still use some Internet devices and mobile phones on airplanes without being recorded. ?The very idea that human beings can communicate for even a few moments without their ability to monitor is intolerable.? While much of the public reaction to the stories has been encouraging, he directed bitter criticism at the governments of countries that had protested the U.S. government?s actions, but had done nothing to help Snowden, who remains in Russia under certain threat of prosecution should he return to the United States. ?For Germany or Brazil to defy the United States, there is a cost to that. But there was even greater cost to Edward Snowden to come forward in defense of your rights, and he did it anyway,? Greenwald said. ?They have an ethical and moral obligation to do what he did for them, which is to protect his rights.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 21:21:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 22:21:08 -0500 Subject: [Infowarrior] - Sherlock Holmes Is in the Public Domain, American Judge Rules Message-ID: December 27, 2013, 10:16 am Sherlock Holmes Is in the Public Domain, American Judge Rules http://artsbeat.blogs.nytimes.com/2013/12/27/sherlock-holmes-is-in-the-public-domain-american-judge-rules/ By JENNIFER SCHUESSLER In the more than 125 years since he first appeared, Sherlock Holmes has popped up everywhere from fan fiction set in outer space to screen adaptations like CBS?s ?Elementary,? set in contemporary Manhattan. But now, following a legal ruling, the deerstalker-wearing detective is headed to another destination: the public domain. A federal judge has issued a declarative judgment stating that Holmes, Watson, 221B Baker Street, the dastardly Professor Moriarty and other elements included in the 50 Holmes works that Arthur Conan Doyle published before Jan. 1, 1923, are no longer covered by United States copyright law, and can therefore be freely used by others without paying any licensing fee to the writer?s estate. The ruling came in response to a civil complaint filed in February by Leslie S. Klinger, the editor of the three-volume, nearly 3,000-page ?New Annotated Sherlock Holmes? and a number of other Holmes-related books. The complaint stemmed from ?In the Company of Sherlock Holmes,? a collection of new Holmes stories written by different authors and edited by Mr. Klinger and Laurie R. King, herself the author of a mystery series featuring Mary Russell, Holmes?s wife. Mr. Klinger and Ms. King had paid a $5,000 licensing fee for a previous Holmes-inspired collection. But in the complaint, Mr. Klinger said that the publisher of ?In the Company of Sherlock Holmes,? Pegasus Books, had declined to go forward after receiving a letter from the Conan Doyle Estate Ltd., a business entity organized in Britain, suggesting that the estate would prevent the new book from being sold by Amazon, Barnes & Noble and ?similar retailers? unless it received another fee. Chief Judge Rub?n Castillo of the United States District Court of the Northern District of Illinois, Eastern Division, stated that elements introduced in Holmes stories published after 1923 ? such as the fact that Watson played rugby for Blackheath, or had a second wife ? remain under copyright in the United States. (All of the Holmes stories are already in the public domain in Britain.) But the judge rejected what he called the estate?s ?novel legal argument? that the characters remain under copyright because, it claimed, they were not truly completed until Conan Doyle published his last Holmes story in 1927. ?Klinger and the public may use the pre-1923 story elements without seeking a license,? the judge wrote. The decision comes at a moment when Holmes is a newly lucrative commercial property, thanks to the show ?Elementary,? the BBC series ?Sherlock? (which is shown in the United States as part of PBS?s ?Masterpiece?) and the Warner Bros. movie franchise; all three have entered into licensing agreements with the estate. The BBC declined to comment on the effect of the decision on its agreement for ?Sherlock,? whose third season begins on PBS on Jan. 19. Warner Bros. had no comment on the ruling. A CBS spokesman said, ?The decision will not affect CBS?s production or distribution of ?Elementary.? ? Benjamin W. Allison, a lawyer for the Conan Doyle Estate, said that it was exploring an appeal but asserted that the ruling did not imperil any existing licensing agreements or the estate?s separate claims under trademark law. Mr. Allison also reiterated the estate?s argument that the ?highly delineated? Holmes and Watson characters depend on elements introduced in the post-1923 stories, which remain protected, and which he said went beyond simple matters like Watson?s athletic career. ?Those stories are set at a variety of points in Sherlock?s fictional life, not just the end of his life,? he said. ?They develop the two men?s characters in ways that almost any use of the characters depends on.? Mr. Klinger said he planned to go ahead with ?In the Company of Sherlock Holmes,? which he said carefully avoided any post-1923 elements. And he praised the ruling for opening the way for other creators, many of whom had previously paid fees to the estate but had rallied to Mr. Klinger?s cause under the Twitter hashtag #FreeSherlock. ?Sherlock Holmes belongs to the world, and this ruling clearly establishes that,? he said. ?People want to celebrate Holmes and Watson, and now they can do that without fear.? This post has been revised to reflect the following correction: Correction: December 27, 2013 An earlier version of this post gave an incorrect title for a three-volume collection edited by Leslie S. Klinger. It is ?The New Annotated Sherlock Holmes," not ?The Complete Annotated Sherlock Holmes.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Dec 27 21:46:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Dec 2013 22:46:16 -0500 Subject: [Infowarrior] - Cryptocat for iPhone rejected by Apple Message-ID: Encrypted chat service Cryptocat for iPhone rejected by Apple By Josh Lowensohn on December 27, 2013 09:15 pm \ http://www.theverge.com/2013/12/27/5249402/encrypted-chat-service-cryptocat-for-iphone-rejected-by-apple Encrypted chat service Cryptocat has spent the past two years blocking outsiders from reading private conversations, and now it's facing a block of its own trying to get onto Apple's App Store. Developer Nadim Kobeissi took to Twitter today to blast the iPhone and iPad maker for unjustly rejecting Cryptocat for iPhone, software that was announced earlier this month. Kobeissi says he's under a non-disclosure agreement as part of the Apple developer program and cannot go into specifics, but claims that the reasons the company gave for its rejection were "illegitimate," and could threaten similar apps. "One of the reasons for Cryptocat for iPhone's rejection by Apple strongly implies that any other encrypted group chat app can be rejected," Kobeissi said in a follow-up tweet. Cryptocat made waves for offering a simple way to let two people chat while using end-to-end encryption. The service gained international attention (and some notoriety) in light of government eavesdropping, and its use in countries where free speech was limited. That's come with some costs: Kobeissi says he's gone through extra security screenings when traveling; and fearing intrusion from the Canadian government earlier this year, he moved Cryptocat's entire network to a Swedish nuclear bunker. One thing that makes all this curious is that Cryptocat's already available on Apple's App Store for OS X, which has similar content guideline requirements. Developers need to meet those rules before software can be distributed to users, though unlike on desktop machines, Apple does not allow users to buy or install software from elsewhere on iOS. Apple did not respond to a request for comment on the rejection, which Kobeissi says he might legally challenge. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 28 10:17:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Dec 2013 11:17:27 -0500 Subject: [Infowarrior] - Internet Archive starts preserving classic game consoles on the web Message-ID: Internet Archive starts preserving classic game consoles on the web BY Jon Fingas http://www.engadget.com/2013/12/26/internet-archive-console-living-room/ Many gamers won't load a console emulator for much more than a brief nostalgia kick. The Internet Archive has loftier goals, however. It's expanding its Historical Software Collection to include the free-to-play Console Living Room beta, which recreates classic '70s and '80s systems on the web for the sake of the historical record. The initial library includes hundreds of games for the Astrocade, Atari 2600, Atari 7800, ColecoVision and Magnavox Odyssey. There are gaps in the catalog, and sound isn't working; the CLR isn't yet a match for a conventional software emulator, let alone the real thing. The Internet Archive promises to address both problems in the near future, though, and it shouldn't be long before its collection delivers a complete vintage gaming experience... minus the old-fashioned tube TV. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 28 10:28:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Dec 2013 11:28:55 -0500 Subject: [Infowarrior] - 100 more DC car-revenue cameras going live on Mon Message-ID: <07E856DD-5BF2-4276-A6B9-00681F00CBA3@infowarrior.org> FYI?. Nearly 100 D.C. traffic cameras to start ticketing http://www.wtop.com/?nid=41&sid=3532045 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Dec 28 10:50:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Dec 2013 11:50:57 -0500 Subject: [Infowarrior] - FinCEN Issues Bitcoin-Friendly Ruling for Miners Message-ID: FinCEN Issues Bitcoin-Friendly Ruling for Miners -By Milly Bitcoin? - December 27, 2013 The US Department of Treasury, Financial Crimes Enforcement Network (FinCEN) has issues ruling that clears up an issue for Bitcoin mining. The issue involves whether someone who mines Bitcoins for themselves can trade them for cash at an exchange or spend them directly without being classified as a Money Services Business (MSB) and register with FinCEN. Many miners were concerned that the rules would require compliance with extensive regulations (see Jerry Brito, FinCEN explicitly stated in a personal letter that bitcoin miners need to register with FinCEN). The rules could require miners to have things like an auditor on staff making it impossible for individuals to mine Bitcoins and stay within the regulations. Atlantic City Bitcoin operates several ASICs miners at its facility in New Jersey and asked FinCEN to clarify the rules. The owner of AC Bitcoin is a former federal employee who worked on anti-terrorism and security programs and took early retirement to work on Bitcoin. According to the formal Administrative Ruling miners do not have to register with FinCEN as previously thought as long as they mine for themselves. AC Bitcoin had frequent contact with FinCEN staff and pointed out that if FinCEN had required miners to register they would need to comply with the ?Administrative Procedures Act? which would require them to consider public comments before making the requirement. FinCEN ruled ... < ? > http://cointext.com/fincen-issues-bitcoin-friendly-ruling-for-miners/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 29 08:22:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Dec 2013 09:22:29 -0500 Subject: [Infowarrior] - Spiegel: Inside NSA's TAO Message-ID: <256DD33F-08B7-45DF-8065-7CA8ED3C165B@infowarrior.org> 12/29/2013 09:18 AM Inside TAO Documents Reveal Top NSA Hacking Unit By SPIEGEL Staff The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting. In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410. In the United States, a country of cars and commuters, the mysterious garage door problem quickly became an issue for local politicians. Ultimately, the municipal government solved the riddle. Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again. It was thanks to the garage door opener episode that Texans learned just how far the NSA's work had encroached upon their daily lives. For quite some time now, the intelligence agency has maintained a branch with around 2,000 employees at Lackland Air Force Base, also in San Antonio. In 2005, the agency took over a former Sony computer chip plant in the western part of the city. A brisk pace of construction commenced inside this enormous compound. The acquisition of the former chip factory at Sony Place was part of a massive expansion the agency began after the events of Sept. 11, 2001. < ? > http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-druck.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 29 08:24:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Dec 2013 09:24:38 -0500 Subject: [Infowarrior] - ANT: Catalog Advertises NSA Toolbox Message-ID: <251B40A5-A831-468E-AC12-1E86C52788F9@infowarrior.org> 12/29/2013 09:19 AM Shopping for Spy Gear Catalog Advertises NSA Toolbox By Jacob Appelbaum, Judith Horchert and Christian St?cker http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994-druck.html After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices. Editor's note: This article accompanies our main feature story on the NSA's Tailored Access Operations unit. You can read it here. When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency. Specialists at the intelligence organization succeeded years ago in penetrating the company's digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell. A 50-Page Catalog These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000. In the case of Juniper, the name of this particular digital lock pick is "FEEDTROUGH." This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades." In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH "has been deployed on many target platforms." Master Carpenters The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role in the intelligence agency's ability to establish a global covert network that operates alongside the Internet. Some of the equipment available is quite inexpensive. A rigged monitor cable that allows "TAO personnel to see what is displayed on the targeted monitor," for example, is available for just $30. But an "active GSM base station" -- a tool that makes it possible to mimic a mobile phone tower and thus monitor cell phones -- costs a full $40,000. Computer bugging devices disguised as normal USB plugs, capable of sending and receiving data via radio undetected, are available in packs of 50 for over $1 million. 'Persistence' The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access. Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies. Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment. There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. "Cisco does not work with any government to modify our equipment, nor to implement any so-called security 'back doors' in our products," the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company "respects and complies with the laws of all countries in which it operates." Many of the items in the software solutions catalog date from 2008, and some of the target server systems that are listed are no longer on the market today. At the same time, it's not as if the hackers within the ANT division have been sleeping on the job. They have continued to develop their arsenal. Some pages in the 2008 catalog, for example, list new systems for which no tools yet exist. However, the authors promise they are already hard at work developing new tools and that they will be "pursued for a future release". URL: ? http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Dec 29 15:40:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Dec 2013 16:40:39 -0500 Subject: [Infowarrior] - New Law All but Bars Russian GPS Sites in U.S. Message-ID: <52C096D7.7000006@infowarrior.org> December 28, 2013 New Law All but Bars Russian GPS Sites in U.S. By ERIC SCHMITT and MICHAEL S. SCHMIDT http://www.nytimes.com/2013/12/29/world/europe/new-law-all-but-bars-russian-gps-sites-in-us.html WASHINGTON ? Tucked into the mammoth defense budget bill that President Obama signed into law on Thursday is a measure that virtually bars Russia from building about a half-dozen monitor stations on American soil that critics fear Moscow could use to spy on the United States or worse. Russia first broached the idea of erecting the domed antenna structures here nearly two years ago, saying they would significantly improve the accuracy and reliability of its version of the Global Positioning System, the American satellite network that steers bomb-bearing warplanes to their targets and wayward motorists to their destinations. Congressional Republicans, however, harbored suspicions that Russia had nefarious motives behind its plan, which the State Department supported as a means to mend bruised relations between the two rival nations. The Pentagon and the Central Intelligence Agency sided with congressional critics, concerned about handing the Russians an opening to snoop on the United States within its borders. The monitor stations have been a high priority of President Vladimir V. Putin for years as a means to improve Moscow?s global positioning network ? known as Glonass, for Global Navigation Satellite System ? not only to benefit the Russian military and civilian sectors but also to compete globally with GPS. As the White House sought to reconcile the internal squabbling among government agencies, skeptical members of the intelligence and armed services committees in Congress intervened in recent weeks to deal a near-crippling blow to the prospect of Glonass stations in the United States. Under the new law, unless the secretary of defense and the director of national intelligence certify to Congress that the monitor stations would not be used to spy on the United States or improve the effectiveness of Russian weaponry ? or unless they waive that requirement altogether on national security grounds ? the plan is dead. ?The idea was to make it next to impossible, if not impossible, to do this,? said a House Republican aide involved in the legislative process, who spoke on condition of anonymity because of committee rules prohibiting officials from talking publicly to the news media. ?We also took the State Department out of the loop since they were the ones who caused all the trouble in the first place.? The snub to the Kremlin?s request came as the White House received a State Department report on Friday trumpeting United States-Russian cooperation in a wide range of areas, including national security and science. Glonass did not make the cut. American relations with Russia are now at a nadir because of Moscow?s granting asylum to Edward J. Snowden, the former National Security Agency contractor, and its backing of President Bashar al-Assad of Syria. Administration officials on Friday sought to play down the significance of the new constraints, saying that discussions with the Russians continue but that no decisions have been reached. The Pentagon and the Office of the Director of National Intelligence referred questions to the State Department, which is taking the lead on the issue for the government. A State Department statement said, ?Any decision taken will be in compliance with all relevant legislation.? A spokesman for the Russian Embassy in Washington did not return phone or email messages. The Russian effort is part of a larger race by several countries, including China and European Union nations, to perfect their own global positioning systems and challenge the dominance of the American GPS. ?There isn?t any question that their system would be more accurate and reliable if they had some stations somewhere in the northern half of the Western Hemisphere,? said Ralph Braibanti, a former director of the State Department?s Office of Space and Advanced Technology. ?The more stations you have, the more corrections you can make, and the more reliable the system you have.? Mr. Braibanti said that rebuffing the Russians would deal a blow to efforts by the State Department to work with other countries to make their positioning systems more accurate. ?There is a significant argument in favor of going the extra mile to accommodate what the Russians feel are their needs,? he said, because it would improve all systems amid demands from consumers for more accurate GPS readings, he said. After The New York Times reported in November that there were divisions between the State Department and the intelligence agencies about whether to allow the Russian structures, congressional Republicans publicly opposed acquiescing to the Russians? request. The new law requires the certification from the Pentagon and intelligence agencies or a waiver from the defense secretary and director of national security to ensure that any data collected or transmitted from the monitor stations are not encrypted; that anyone involved in building, operating or maintaining the structures is an American; and that none of the stations are near ?sensitive United States national security sites.? The waiver would also require that the stations not pose a cyberespionage threat or weaken the American GPS technology for consumers. ?The provision,? said Roger Zakheim, a former general counsel of the House Armed Services Committee, ?certainly creates a high bar for the secretary of defense and the director of national intelligence to authorize or permit this type of construction.? -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 30 07:45:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Dec 2013 08:45:27 -0500 Subject: [Infowarrior] - Greenwald Says NSA, GCHQ Dismayed They Don't Have Access To In-Flight Internet Communication Message-ID: Glenn Greenwald Says NSA, GCHQ Dismayed They Don't Have Access To In-Flight Internet Communication from the one-that-got-away? dept http://www.techdirt.com/articles/20131228/15454925708/glenn-greenwald-says-nsa-gchq-dismayed-they-dont-have-access-to-in-flight-internet-communication.shtml Glenn Greenwald gave a video keynote speech to the Chaos Communication Congress last Friday. Most of his talk revolved around the Snowden leaks, of which he says there's plenty more to come. (The most conservative estimate puts the total number of pages taken by Snowden at ~58,000, of which less than 900 have been released. Cryptome's running count puts it at 799 pages as of Dec. 24th -- 1.4% of the most conservative total.) According to Greenwald, an upcoming story at his new venture will focus on one area the surveillance mesh has failed to cover -- one that's driving the NSA and GCHQ crazy. He said he was working on a new story indicating that the NSA was ?obsessed? by the idea that people could still use some Internet devices and mobile phones on airplanes without being recorded. ?The very idea that human beings can communicate for even a few moments without their ability to monitor is intolerable.? I can imagine this must be very irritating for the two agencies. Somewhere someone (many someones) will be generating data that isn't immediately being harvested. I'm sure there's a "fix" on the way to plug this "security hole." It's not as if government intelligence agencies are going to sit idly by while a government regulatory agency (inadvertently) creates airborne data havens by loosening restrictions on electronic devices. Whatever's preventing the NSA and GCHQ from making a grab for in-flight data and communications isn't a technological issue. In-flight WiFi and other internet connections have been available for years. All data necessarily flows in and out of airborne choke points, which would make it very easy for the agencies to collect, store and retrieve the data later. No, what's holding the agencies back is likely a lack of justification for patching up this hole in its collections. The metadata being generated may not be protected by the Fourth Amendment, but there's no simple way to collect and minimize this very mobile form of domestic communication. International flights would perhaps provide some leeway for collection. Once the flight is out of domestic airspace or is connecting with foreign communications towers, etc., it could be argued that the data is fair game. Playing the "national security" card is a non-starter. To claim potential terrorists are using in-flight connections to communicate without fear of surveillance is to call into question the skills of those providing security on the ground, putting the DHS in the awkward position of explaining why its TSA agents are allowing suspected terrorists to board planes. It also would require officials to believe that terrorists would be willing to risk discovery by airport security in exchange for a few hours of surveillance-free internet usage. None of this is very plausible, and deploying arguments along this line would paint the agencies as data-obsessed paranoiacs, not exactly the sort of image they wish to portray at this point in history. We do know the NSA collects data on flyers via flight reservation systems and Passenger Name Records (PNRs) created and compiled by airlines. This would give the agency some idea who's flying and where, and there's little doubt it would like to take a look at any communications occurring during these flights. I suppose if it wanted to pull the data retroactively it could, provided it could convince the FISA court the data would be relevant to terrorism-related investigations. The TSA could be tasked with linking device info with passenger records, but there's probably no unobtrusive way to achieve this goal. Because of this, it would be simpler for the agencies to require the airlines to trap communications data and hold it for a certain length of time. PNRs could then be matched with flights and that specific data harvested and pored through for possibly "relevant" communications. Again, this would involve many more entities and tons of domestic citizens' metadata and communications, something that would have been a tough sell five years ago, much less in today's Security vs. Privacy climate. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 30 07:49:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Dec 2013 08:49:09 -0500 Subject: [Infowarrior] - Matt Blaze on RSA-NSA Scheming Message-ID: How Worried Should We Be About the Alleged RSA-NSA Scheming? ? By Matt Blaze ? 12.27.13 http://www.wired.com/opinion/2013/12/what-we-really-lost-with-the-rsa-nsa-revelations/ A Reuters news story published a week ago raised disturbing questions about the relationship between the NSA and RSA Security (now a division of EMC), a prominent vendor of cryptographic technologies. The article claims that RSA entered into a $10 million contract that required, among other things, that RSA make the (not yet standardized) DUAL_EC_DRBG random number generator the default in its widely used BSAFE cryptographic library. BSAFE is used internally for RSA?s products as well as by other vendors, who license it from RSA to develop their own products around it. A couple days later, RSA issued a response, in which it denies that it deliberately weakened its products, but is silent about most of the claims in the Reuters piece. Random numbers in cryptographic libraries are a big deal. The security of many of the most widely used cryptographic protocols ? particularly those involved in key generation and initial session setup ? utterly depends on an unpredictable source of random numbers. If that source is predictable to an adversary, the security of the entire system collapses completely. And DUAL_EC_DRBG is widely and very credibly suspected of containing a subtle backdoor that allows the NSA1 to predict its output under certain conditions. It?s still unclear exactly why RSA agreed to make DUAL_EC_DRBG the default in BSAFE ? whether they understood from the outset that it was likely compromised or were somehow hoodwinked by NSA. But it is clear that it remained BSAFE?s default random number generator from 2004 until September of this year; there?s an instructive timeline and analysis unraveling what happened here. RSA says it trusted the NSA in 2004, and that it ?continued to rely upon? NIST (the federal agency concerned with, among other things, cryptographic standards for the federal government) as the ?arbiter? of the algorithm?s security after concerns about a backdoor were publicly raised in 2007. I believe RSA richly deserves criticism for, at best, abdicating its responsibility to customers to critically evaluate what it sells. But that?s not the main point of this post. Rather, the central question here is: Just how worried we should be about the NSA?s apparent sabotage of BSAFE?s random numbers? Unfortunately, right now the answer is not very comforting. What Exactly Has Been Compromised Here? DUAL_EC_DRBG lies in a peculiar corner of a peculiar class of random number generators. Its algorithm is deterministic, which means here that its output is entirely determined by an initial ?seed? parameter (that has to come from some other source of random bits that, for security, must be unpredictable and kept secret). If you know the seed value, you can re-run the algorithm and get the same random output every time. So if an adversary learns the seed value, the random numbers aren?t secure. This isn?t in and of itself a problem; in fact, any purely algorithmic random number generator has this property. (These algorithms are also sometimes called ?pseudorandom? for that reason.) The critical thing for security purposes is that it not be possible to ?reverse? the algorithm to discover the seed value or otherwise predict future output bits just by looking at the random output. There are a number of widely-analyzed cryptographic pseudorandom number generators that have been developed by the crypto community. Typically, they?re built on other cryptographic algorithms, such as secret-key ciphers or hash functions. But DUAL_EC_DRBG is somewhat unusual because it?s based not on a secret key cipher or hash function but on the public key (?number theoretic?) technique called elliptic curve cryptography. Public key cryptography is an unusual choice for a random number generator function because it is much slower than corresponding secret key techniques; each random bit requires much more computation to produce than it would in a generator based on traditional secret key techniques. Under limited circumstances, however, there may be legitimate reasons for a designer to prefer a public-key based random number generator (having to do with specific hardware designs or other algorithms a system uses). So standardizing a public-key based scheme as an option is not in and of itself an unreasonable thing to do. NIST held a public workshop in 2004 at which DUAL_EC_DRBG was proposed for consideration as a standard. (That?s around when RSA incorporated it as the default for BSAFE.) NIST officially recommended it as a standard option in 2006. Unfortunately, however, DUAL_EC_DRBG?s design turns out to have a serious potential flaw depending on how it is used. One of its parameters, called ?Q? in the standard, turns out to have the property that if it is chosen in a certain way, whoever selected it can have a secret backdoor that allows them to reverse the algorithm and discover the seed. (This property of Q appears to have first been noted by Daniel Brown in 2006.) And a fixed value of Q is specified in the standard, with no explanation of how it was selected. That this could provide the NSA with an effective backdoor to predict DUAL_EC_DRBG?s output was observed in a talk at the 2007 CRYPTO conference by Dan Shumow and Niels Ferguson of Microsoft. This was a very serious observation that should have concerned anyone using the scheme for random numbers. But RSA not only continued to maintain support for DUAL_EC_DRBG in BSAFE, it remained the default random number generator. This means that any programmer employing the library who wasn?t explicitly trying to use a different algorithm would end up with DUAL_EC_DRBG. Further evidence suggesting that NSA compromised DUAL_EC_DRBG emerged in September 2013, when the Snowden documents revealed that NSA had invested effort into influencing certain cryptographic standards to allow them to easily break them. DUAL_EC_DRBG wasn?t explicitly named, but the mysterious selection of its ?Q? parameter fits the bill perfectly ? and it has been widely assumed that this (and possibly other) standards are what are being referred to here. This means that DUAL_EC_DRBG is, in effect, a master key cryptosystem (MKCS), in which the designer ? the U.S. government in this case ? knows a secret backdoor (how Q was generated) that allows it to reverse the algorithm ? but that would be hard (in cryptographic terms) for someone else to discover and exploit just by looking at the standard. I gave a talk at the CRYPTO ?95 rump session in which Joan Feigenbaum and Tom Leighton and I formalized the MKCS concept and concluded that, in practice, they need to be based on public key techniques; DUAL_EC_DRBG fits the bill exactly. The Implications of an NSA Backdoor Here? So assuming that there is, indeed, an NSA backdoor in DUAL_EC_DRBG, what does that mean for the security of the systems that use it? It?s a bit nuanced, so stick with me here. First the good news: Given the public specification, the secret parameters of the ?Q?-based backdoor are hard to find if you didn?t actually generate Q yourself. It?s not that it?s hard to see that that there might be secret backdoor parameters. What?s hard to find is their actual values so you can exploit it yourself. How hard? As hard as the underlying problem, called EC Discrete Logarithm, which is believed to be infeasible to solve in practice. So that means that ?only? the NSA, or whoever selected Q, is likely to have the secret required to break it, unless they?ve shared these values with someone else. (You only have to do the hard calculation once, but it?s believed to be a very hard problem, even for an entity with vast resources.) Also, even if you know the secret behind Q (as NSA is presumed to) ? not every system that uses DUAL_EC_DRBG is automatically vulnerable. Exploiting the backdoor requires that the system expose a certain number of bits of output in the ?clear?. Many cryptographic systems do this, but not all do. It depends on the specifics of the protocol and its implementation, which varies widely. Which brings us to several pieces of rather bad news. The first, needless to say, is that even if only the NSA can exploit the backdoor, not everyone trusts the NSA. Especially in light of the recent (and ongoing) Snowden document leaks. (And, because the ?secret? is essentially a small set of numbers, one cannot exclude the possibility that the NSA might have shared the backdoor with some of its Five Eyes partners in other countries.) This is especially bad news for any developers using BSAFE who aspire to reach the international market. It may be possible to make the case, however credulously, that U.S. citizens should trust the NSA not to abuse their encrypted data. But that case is much harder to make to potential customers outside the U.S. who do not enjoy whatever procedural and legal protections NSA affords Americans whose traffic it intercepts. So the bad news for BSAFE is bad news for the U.S. software market generally, at least when it comes to software with security implications. Also, we can?t exclude the possibility that the secret backdoor parameters could someday leak, walking out the NSA?s secure doors with some future Snowden ? but who might not have our best interests at heart. Another piece of bad news is that random number generators are used everywhere in cryptographic protocols. Even though the DUAL_EC_DRBG backdoor can?t always be exploited, it is going to be extremely difficult, sometimes impossible, to be certain whether all the various systems we rely on are vulnerable. Random numbers are used not just in secure communications protocols (like SSL), but in encrypted file storage, authentication, and, perhaps most worrying, in the generation of keys and certificates. And keys stay vulnerable even after the software that generated them is replaced. BSAFE shipped with the vulnerable algorithm as a default for almost a full decade. * * * If the NSA sabotaged a secure random number generator in a widely used commercial library, it used an extremely blunt instrument. It wasn?t narrowly focused on a particular system used by its targets, or even any particular system at all. Indeed, just as we will have a hard time unraveling just what has been compromised, the NSA could not have predicted everything it will end up compromising. It is the doomsday nuclear option of cryptographic backdoors, forever contaminating whatever it comes into contact with ? whether friend or foe. There?s far more at stake here than NSA?s reputation or RSA?s and other U.S. business interests, however. We urgently need NSA and RSA to come clean with the public so we can begin to unravel the damage that?s been done to the basic mechanisms of trust in our online world. 1 Corrections after publish date [12/27/2013]: An earlier version of this story included ?(or anyone else)? here. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 30 12:38:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Dec 2013 13:38:52 -0500 Subject: [Infowarrior] - State Dept. whistleblower has email hacked, deleted Message-ID: <52C1BDBC.6050603@infowarrior.org> State Dept. whistleblower has email hacked, deleted By S.A. Miller December 30, 2013 | 3:11am http://nypost.com/2013/12/30/state-dept-whistleblower-has-email-hacked-deleted/ WASHINGTON ? The personal e-mail account of a State Department whis?tle??blower was hacked, and four years worth of messages ? some detailing alleged wrongdoing at the agency ? were deleted, The Post has learned. The computer attack targeted the Gmail account of Diplomatic Security Service criminal investigator Richard Higbie, his lawyer, Cary Schulman, confirmed. ?They took all of his e-mails and then they deleted them all,? said Schulman. He said that he could not prove who was responsible for the hack job, but said the attack was ?sophisticated? and called the targeting of Higbie ?alarming.? ?Obviously, somebody is not happy with something he?s doing and wanted to get that information and also cause him an inability in the future to have ready access to that,? Schulman said. The e-mails included evidence about misconduct by top officials at the department, communications with other potential whistleblowers there, and correspondence with members of Congress who are investigating the allegations, Schulman said. They also include correspondence between Higbie and Schulman about legal strategy, the lawyer said. Schulman said he could not provide details about the evidence deleted with the e-mails. Higbie has asked the FBI in Dallas, where he lives, to investigate the hacking, which occurred this month. Higbie played a key role in helping fellow whistleblower Aurelia Fedenisn, a former investigator for the department?s inspector general, reveal in June a pattern of alleged coverups by top department officials. The alleged coverups included keeping quiet separate IG investigations that found that members of then-Secretary Hillary Rodham Clinton?s security detail had engaged hookers and that the Belgian ambassador had solicited underage prostitutes. These were among a string of investigations by the service, responsible for protecting dignitaries and investigating crimes within the department, that were allegedly derailed by senior officials, including one instance of interference by Clinton Chief of Staff Cheryl Mills. Since the revelations in June, the department again mostly swept the cases under the rug. Higbie, a senior criminal investigator and the second-highest-ranking agent with the service?s Dallas office, also has an employment lawsuit against the department, alleging it retaliated against him. The hacking of Higbie?s e-mail follows a mysterious break-in at Schulman?s Dallas law firm in July, shortly after the whistleblower allegations came to light. The burglar sawed a hole through the wall from an adjoining office and stole three computers, but left behind other valuables. Although cops arrested a petty thief for the crime, Schulman said, ?We feel like we?re in a movie. It?s nuts. It makes us wonder . . . . maybe we?ve got something we don?t even realize or maybe they?re worried about something.? -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 30 15:48:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Dec 2013 16:48:07 -0500 Subject: [Infowarrior] - Another twist in weev's court proceedings Message-ID: <52C1EA17.2010206@infowarrior.org> Appeals Court Says Feds Can File Oversized Brief In Weev Case, But His Defense Has To Keep Its Reply Short from the due-process! dept http://www.techdirt.com/articles/20131224/14451025691/appeals-court-says-feds-can-file-oversized-brief-weev-case-his-defense-has-to-keep-its-reply-short.shtml The case against Andrew "weev" Auernheimer is already crazy enough. He's been charged by the feds with a violation of the Computer Fraud and Abuse Act (CFAA) for finding a huge security hole created by AT&T. Still, a court found him guilty. The appeal is ongoing, with the DOJ basically arguing that weev broke a rule that it made up. And, now, the third circuit appeals court is apparently stacking the deck against weev. The government had made a request to file an "oversized" brief to present their case. In response, weev's lawyers requested the ability to file an "oversized" brief in reply to the government's brief. The DOJ did not oppose this request. Yet, the court approved the government's request while denying the defense request. In short: the government can file a giant brief throwing the kitchen sink of legal theories at weev, while weev's team is limited in how much space it has to reply. No matter what you think of weev, who seemed to take joy in pissing off just about everyone, at the very least you'd think he deserved the right to present a full response to the claims made against him by the government. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 30 15:58:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Dec 2013 16:58:03 -0500 Subject: [Infowarrior] - The Startling Array of Hacking Tools In NSA's Armory Message-ID: <52C1EC6B.9030506@infowarrior.org> The Startling Array of Hacking Tools In NSA's Armory http://it.slashdot.org/story/13/12/30/1646227/the-startling-array-of-hacking-tools-in-nsas-armory The primary documents w/more details are on the net and are easily discoverable for those interested. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Dec 30 16:12:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Dec 2013 17:12:52 -0500 Subject: [Infowarrior] - Ruling In Favor Of NSA's Program Relied On Claims In 9/11 Report That Aren't Actually In That Report Message-ID: <52C1EFE4.6040302@infowarrior.org> Ruling In Favor Of NSA's Program Relied On Claims In 9/11 Report That Aren't Actually In That Report http://www.techdirt.com/articles/20131230/11062925713/judge-who-ruled-favor-nsa-relied-911-report-that-doesnt-even-mention-what-he-claims-it-does.shtml -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 31 07:50:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Dec 2013 08:50:35 -0500 Subject: [Infowarrior] - MoD tightens security at American spy bases linked to drone strikes Message-ID: Exclusive: MoD tightens security at American spy bases linked to drone strikes Cahal Milmo Monday 30 December 2013 http://www.independent.co.uk/news/uk/politics/mod-tightens-security-at-american-spy-bases-linked-to-drone-strikes-9030864.html The Ministry of Defence is set to introduce ?draconian? new powers to tighten security and limit access to US airbases in Britain implicated in mass surveillance and drone strikes, The Independent can reveal. The measures, which include powers to arrest for offences ranging from taking photographs to failing to clean up dog mess, would be put in place through a little-known project to overhaul the by-laws surrounding military facilities across the country. Among the sites where the new rules are set to be imposed are two US Air Force bases used as key communication hubs for clandestine eavesdropping. The Independent revealed earlier this year that RAF Croughton, near Milton Keynes, is used to funnel back to Washington data from a global network of spy bases in US embassies, including the secret Berlin facility alleged to have been used by the National Security Agency to listen in on the phone of the German Chancellor Angela Merkel. The base, which serves as a relay centre for CIA agent communications, is also at the centre of concerns that it may be used as a support site for US drone strikes operated from Camp Lemonnier in Djibouti against Yemeni targets. Along with RAF Menwith Hill listening station in North Yorkshire, the base is understood to be one of Washington?s key intelligence facilities in Britain, although the MoD insists USAF staff at RAF Croughton ?neither fly nor control any remotely piloted aircraft?. Until now neither RAF Croughton, nor its adjacent site, RAF Barford St John, which is also used as a signal relay station, have been subject to military land by-laws, despite being military bases for more than 60 years. During the Second World War, Barford St John was used as a top secret test facility for Britain?s first generation of jet fighters. It currently hosts an array of transmitter masts maintained by US military personnel. But the two bases now feature on a list of nearly 150 military facilities where by-laws are being introduced or revised amid criticism that the new rules are being used to impose unprecedented levels of secrecy around sensitive sites. Similar revised by-laws for RAF Menwith Hill and nearby RAF Fylingdales, a US radar station earmarked for use in Washington?s missile defence system, are expected to be produced in the coming months. Jennifer Gibson, of the human rights group Reprieve, said: ?These by-laws have been designed to prevent any transparency about what activities take place at RAF Croughton and Barford St John. There is strong evidence that Croughton plays a role in the US drone campaign. But instead of coming clean with the public, the Ministry of Defence has decided to help the US further by drafting draconian by-laws that give the military the power to arrest dog walkers who stray in the general vicinity of the base. It must be asked what is going on at RAF Croughton and elsewhere and why is the UK helping the US cover it up?? Proposals for new by-laws for RAF Croughton and Barford St John were published earlier this year by the MoD. It is understood that up to 38 other military sites where no by-laws currently exist are also being reviewed. The new regulations designate an outer ?controlled area? around each facility, where a wide-ranging list of banned activities applies, and an inner ?protected area? with more stringent restrictions. Among the 20 activities to be banned within the controlled area are camping ?in tents, caravans, trees or otherwise?, digging, engaging in ?any trade or business? or grazing any animal. Also among the offences, which can result in an individual being ?taken into custody without warrant?, is a failure to pick up dog waste or causing damage to ?any crops, turfs, plants, roots or trees?. The list of 10 banned actions within the protected area includes a prohibition on taking ?any visual image of any person or thing?. The MoD insisted it is merely bringing up to date a disparate set of by-laws which were first introduced in 1892, and seeking to bring about a ?layered? set of legislation which will increase public access to some military land. The German interior ministry has pledged to raise in talks with London and Washington the revelations concerning the alleged eavesdropping on Mrs Merkel?s phone and the use of RAF Croughton. Exemptions for breaking the rules which have applied previously have also been reviewed. The last set of laws drawn up for RAF Fylingdales in 1986 states that no offence is committed if it is ?proved that an act or omission was unavoidable by the exercise of reasonable care?. The proposed new rules contained no such exemption. An MoD spokesman said the clause would be restored to the by-laws. Lindis Percy, a veteran peace protester and founder of the Campaign for the Accountability of American Airbases (CAAB), said: ?Byelaws have not been used around other bases for years and yet they are now being brought in for these locations. Why? Does this mean an expansion of both bases? As usual there is a cloak of secrecy thrown around these US occupied and controlled bases as to what they are planning.? Many ?critical? military bases are also already protected by measures in the 2005 Serious Organised Crime and Police Act (SOCPA), which introduced an offence of criminal trespass on bases, punishable by up to a year of imprisonment. The MoD said it had ensured there was a ?wide-ranging? public consultation in each location to be subject of the new byelaws. A spokesman said: ?The Ministry of Defence is the second-largest public landowner in the UK and has a commitment to encouraging responsible safe public access across its land, where this is compatible with operational activities.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 31 13:17:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Dec 2013 14:17:00 -0500 Subject: [Infowarrior] - Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Message-ID: Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Is Unaware Of Alleged DROPOUTJEEP Snooping Program Posted 2 hours ago by Matthew Panzarino (@panzer) Apple has contacted TechCrunch with a statement about the DROPOUTJEEP NSA program that detailed a system by which the organization claimed it could snoop on iPhone users. Apple says that it has never worked with the NSA to create any ?backdoors? that would allow that kind of monitoring, and that it was unaware of any programs to do so. Here is the full statement from Apple: "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers? privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple?s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who?s behind them." < -- > http://techcrunch.com/2013/12/31/apple-says-it-has-never-worked-with-nsa-to-create-iphone-backdoors-is-unaware-of-alleged-dropoutjeep-snooping-program/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 31 13:33:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Dec 2013 14:33:51 -0500 Subject: [Infowarrior] - 'Most Transparent' Administration Once Again Irritates A Federal Judge By Refusing To Cough Up A Requested Document Message-ID: 'Most Transparent' Administration Once Again Irritates A Federal Judge By Refusing To Cough Up A Requested Document http://www.techdirt.com/articles/20131219/16143625638/most-transparent-administration-once-again-irritates-federal-judge-refusing-to-cough-up-requested-document.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 31 19:06:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Dec 2013 20:06:19 -0500 Subject: [Infowarrior] - Court Rules No Suspicion Needed for Laptop Searches at Border Message-ID: <52C36A0B.4090104@infowarrior.org> Court Rules No Suspicion Needed for Laptop Searches at Border https://www.aclu.org/national-security-technology-and-liberty/court-rules-no-suspicion-needed-laptop-searches-border Decision Dismisses ACLU Lawsuit Challenging DHS Search Policy as Unconstitutional December 31, 2013 FOR IMMEDIATE RELEASE CONTACT: 212-549-2666, media at aclu.org BROOKLYN ? A federal court today dismissed a lawsuit arguing that the government should not be able to search and copy people?s laptops, cell phones, and other devices at border checkpoints without reasonable suspicion. An appeal is being considered. Government documents show that thousands of innocent American citizens are searched when they return from trips abroad. "We're disappointed in today's decision, which allows the government to conduct intrusive searches of Americans' laptops and other electronics at the border without any suspicion that those devices contain evidence of wrongdoing," said Catherine Crump, the American Civil Liberties Union attorney who argued the case in July 2011. "Suspicionless searches of devices containing vast amounts of personal information cannot meet the standard set by the Fourth Amendment, which prohibits unreasonable searches and seizures. Unfortunately, these searches are part of a broader pattern of aggressive government surveillance that collects information on too many innocent people, under lax standards, and without adequate oversight." The ACLU, the New York Civil Liberties Union, and the National Association of Criminal Defense Lawyers filed the lawsuit in September 2010 against the Department of Homeland Security. DHS asserts the right to look though the contents of a traveler's electronic devices, and to keep the devices or copy the contents in order to continue searching them once the traveler has been allowed to enter the U.S., regardless of whether the traveler is suspected of any wrongdoing. The lawsuit was filed on behalf of Pascal Abidor, a dual French-American citizen who had his laptop searched and confiscated at the Canadian border; the National Press Photographers Association, whose members include television and still photographers, editors, students and representatives of the photojournalism industry; and the NACDL, which has attorney members in 25 countries. Abidor was travelling from Montreal to New York on an Amtrak train in May 2010 when he had his laptop searched and confiscated by customs officers. Abidor, an Islamic Studies Ph.D. student at McGill University, was questioned, taken off the train in handcuffs, and held in a cell for several hours before being released without charge. When his laptop was returned 11 days later, there was evidence that many of his personal files had been searched, including photos and chats with his girlfriend. In June, in response to an ACLU Freedom of Information Act request, DHS released its December 2011 Civil Rights/Civil Liberties Impact Assessment of its electronics search policy, concluding that suspicionless searches do not violate the First or Fourth Amendments. The report said that a reasonable suspicion standard is inadvisable because it could lead to litigation and the forced divulgence of national security information, and would prevent border officers from acting on inchoate "hunches," a method that it says has sometimes proved fruitful. Today?s ruling is available at: aclu.org/sites/default/files/assets/abidor_decision.pdf -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 31 19:11:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Dec 2013 20:11:16 -0500 Subject: [Infowarrior] - Should NSA Cases Be Judged by the Standards of a 1970s Robbery? Message-ID: <52C36B34.6070402@infowarrior.org> What You Need to Know about the Third-Party Doctrine And what it will likely mean as the NSA lawsuits work their way through the courts. http://www.theatlantic.com/technology/archive/2013/12/what-you-need-to-know-about-the-third-party-doctrine/282721/ -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Dec 31 23:29:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 01 Jan 2014 00:29:55 -0500 Subject: [Infowarrior] - Snapchat user info database leaks Message-ID: <52C3A7D3.9010805@infowarrior.org> Snapchat user info database leaks, claims to hold most numbers and usernames BY Richard Lawler 58 minutes ago Last week security researchers published a way to skim Snapchat's full database, and it appears someone did it before the vulnerability was addressed. A website called SnapchatDB! has appeared posting SQL/CSV files that it claims contain the username and associated phone number for a "vast majority" of the service's users, with the last two digits of the numbers obscured. That amounts to 4.6 million pairs, although actually downloading the files to actually use them or verify the claim seems impossible, presumably due to an overload of traffic. We don't know who is behind the website (its WHOIS record is hidden by WHOISGuard), but the homepage claims this release is happening to "raise awareness" of the fact that companies with our private information should be more careful with it. As the site mentions, even the info included could be enough to figure out someone's phone number from their username (if it's also used publicly on Twitter, for example), especially problematic for those with unlisted numbers. They also have not ruled out releasing the uncensored database "under certain circumstances," so if you've ever used the service, this may be something to keep an eye out for. http://www.engadget.com/2013/12/31/snapchat-user-info-leak/ -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.