From rforno at infowarrior.org Fri Feb 1 06:44:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Feb 2013 07:44:11 -0500 Subject: [Infowarrior] - RIAA bigwig is now #2 at the Copyright Office Message-ID: <4550E9E3-7ECF-4E9B-8374-9DFB423AADCC@infowarrior.org> (And the inbred nature of the copyright cartel continues. ---rick) RIAA bigwig who architected anti-technology lawsuits is now #2 at the Copyright Office Cory Doctorow at 8:17 pm Thu, Jan 31 Karyn Temple Claggett is the new Associate Register of Copyright and Director of Policy & International Affairs for the Copyright Office. Her previous gig was litigating for the RIAA, shutting down technologies like Grokster, which had widespread, non-infringing uses (the standard in the law since the Betamax Supreme Court decision in 1982). http://boingboing.net/2013/01/31/riaa-bigwig-who-architected-an.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 1 06:50:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Feb 2013 07:50:46 -0500 Subject: [Infowarrior] - 6-Year-Old Expelled for Bringing Plastic Gun to School Message-ID: <175A8FFF-23B9-4377-84DD-83565436FA23@infowarrior.org> Where the effing-eff is common sense in America? (Please don't answer that.) --rick http://www.wltx.com/news/article/219116/2/6-Year-Old-Expelled-for-Bringing-Toy-Gun-to-School Print - 6-Year-Old Expelled for Bringing Plastic Gun to School | wltx.com wltx.com 10:16 PM, Jan 30, 2013 Sumter, SC (WLTX) - A kindergartner at Alice Drive Elementary in Sumter has been expelled from school for bringing a clear plastic gun to class. Naomi McKinney, who's six-year-old, was expelled on January 7th. UPDATE: Girl Allowed Back in Class The problem began when Naomi grabbed her brother's Airsoft gun to bring in for show and tell. "I chose to bring it to school because I thought I could show my friends it because they might like seeing it," Naomi explains. Her dad, Hank, says he and her mother didn't see what she choose to bring until getting a call from the school. "The school needed me down there that my daughter was fixing to be expelled," he says. "I got in the car and rushed down there and when I got in there the principal told me that she had a gun at school and she pulls it out and it is a little clear plastic gun." News19 asked the Sumter County School District for a picture or description of the gun but said they would not release that information because it is part of the child's discipline record, which they do not disclose. "You have to show some kind of judgment," Hank McKinney says. "I know there is a lot going on with guns and schools and that is tragic but a six year old bringing a toy to school doesn't know better." Instead of being in school, Naomi now is spending her time at her dad's furniture store. The Sumter County School District weapon policy says the presence of weapons or look-a-likes is not allowed, stating the board will expel any student who brings a weapon to school. "I'm sorry anything can be a weapon," Hank says. "A pencil is more of a weapon than the toy gun she brought to school." The Mckinneys tried to appeal to the discipline hearing panel, but received a letter stating Naomi is not allowed on school property or at any school sponsored event on or off campus. She is subject to criminal charges if she's caught trespassing. Naomi is not allowed to be on school property, even when her parents are picking up her siblings, so they have to park off school property. "She's not interacting with her friends at school, she isn't going on field trips or anything she thought was exciting," Hank says. "It is all gone." And understanding why that is suddenly all gone has been tough for the 6 year old. "I felt bad because i didn't want to miss all my friends," Naomi says. She will be assigned a home-based instructor from the school district. The Sumter School District says they take any potential threat very seriously and will remain vigilant in creating a safe and secure environment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 1 07:22:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Feb 2013 08:22:59 -0500 Subject: [Infowarrior] - CES Ditches CNET After CBS Scandal Message-ID: CES Ditches CNET After CBS Scandal http://news.yahoo.com/ces-ditches-cnet-cbs-scandal-195056182.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 1 20:25:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Feb 2013 21:25:36 -0500 Subject: [Infowarrior] - More CBS 'excellence' on television #onlyCBS Message-ID: CBS Bans SodaStream Ad. Where's The Outrage? http://www.forbes.com/sites/willburns/2013/01/31/cbs-bans-sodastream-ad-wheres-the-outrage/print/ CBS banned SodaStream?s Super Bowl spot because, apparently, it was too much of a direct hit to two of its biggest sponsors, Coke and Pepsi. < - > Now, CBS has essentially opened the door for its biggest advertisers to forever complain about those ?annoying little competitors? that are trying to steal share. ?Take them off the air. Make them stop!? is what they will scream. ?You did it for Coke and Pepsi.? And it won?t only be CBS. All media will have to bear the burden of this biased, un-capitalistic, anti-progress, move. But, guess what? This isn?t the first time in recent months CBS has overplayed its hand. Add the fact CBS banned the Dish Network ?Hopper? and now we?ve got ourselves a trend. You heard about this, I?m sure. CBS forced the staff at CNET to change the winner of ?Best In Show? at CES this year because, presumably, the technology which had already won the honor, if successful, would mean less money for CBS. It was Dish Network?s ?Hopper? technology which allows viewers to skip entire advertising pods with one click. Forbes Contributor, Erik Kain, wrote a great expose on this scandal recently, ?CBS Forced CNET To Drop Its ?Best Of CES 2013? Winner, The Dish Hopper.? So, we can now see what drives ?CBS Standards & Practices.? It?s not freedom to express. It?s not truth in advertising. It?s not liberal causes (as Bogusky intimated, SodaStream is far better for the environment because it reduces trash). No, what drives CBS is money. Another advertising expert I called was John Elder, President of Heat Advertising. He put CBS?s intentions this way, ?If they are willing to make a public move like this involving a third party, what else is happening inside CBS that we never hear about?? < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 2 10:31:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Feb 2013 11:31:50 -0500 Subject: [Infowarrior] - House Of Representatives Bans Spotify Because P2P Tech Must Be Evil!! Message-ID: <3E9EEA5D-D0AD-4653-842A-6AED8E5FAF9C@infowarrior.org> House Of Representatives Bans Spotify Because P2P Tech Must Be Evil!! from the clueless-congress dept Hey look, here's a story on which we at Techdirt actually agree with the RIAA. Shocking, I know. It appears that, for reasons that are unclear to just about everyone, the IT folks in the House of Representatives have banned the use of the perfectly legal and authorized music service Spotify because it's P2P technology. According to a report at Politico: "To help protect House data, our IT policy generally prohibits the use of peer-to-peer (P2P) technologies while operating within the secure network," a spokesman for the Office of the Chief Administrative Officer told POLITICO this week. "While Spotify is currently not authorized, the CAO has and will continue to work with outside vendors to enable the popular services that improve member communication capabilities." Not surprisingly, this has led to complaints from Spotify, but also from the RIAA, which finds the whole thing preposterous: < - > http://www.techdirt.com/articles/20130201/13333221858/house-representatives-bans-spotify-because-p2p-tech-must-be-evil.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 2 16:43:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Feb 2013 17:43:05 -0500 Subject: [Infowarrior] - Defense blimps coming to DC Message-ID: (What terrorist threat requires defence against cruise missiles? --rick) Blimp-like aerostats are heading to D.C. area Saturday - 2/2/2013, 12:06pm ET Jamie Forzato, wtop.com WASHINGTON - The blimp-like aircraft called aerostats are designed to protect against terrorist attacks from thousands of feet above the clouds. Soon, they are coming to the Washington, D.C. area. The aerostats are filled with helium and are three-fourths of the size of a football field. They fly up to 10,000 feet above sea level while tethered to mobile stations on the ground. They carry powerful, 360-degree radars that can see threats beyond the horizon, alerting the military of potential terrorist attacks. The aircraft is also known as Raytheon's Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System, or JLENS. The Defense Department will integrate JLENS with existing surveillance programs. Reuters reports the $450 million dollar aerostats will arrive in the area by Sept. 30. They will be tested at an undisclosed location for up to three years. http://www.wtop.com/41/3216375/Defense-aerostats-head-to-DC-area --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 2 18:37:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Feb 2013 19:37:12 -0500 Subject: [Infowarrior] - Government Protects Criminals by Attacking Whistleblowers Message-ID: <50C6CAD9-E14E-470F-BA7C-B1B054081152@infowarrior.org> Government Protects Criminals by Attacking Whistleblowers It?s now obvious to everyone that ? even though criminal fraud dominates Wall Street ? the Obama administration refuses to prosecute white collar crime. Ronald Reagan, George W. Bush, George H.W. Bush and Bill Clinton each prosecuted financial crime more aggressively than Barack Obama. Of course, the lack of a fair and even-handed legal system destroys prosperity and leads to the breakdown of society. National security claims are also used to keep financial fraud secret (and people who protest runaway criminality by the big banks are targeted as terrorists). And when those in the private sector blow the whistle on potential crimes, they are targeted also. But it?s not like the government isn?t aggressively using the legal system ? it?s just using it to silence the truth. Specifically, the Obama administration has prosecuted more whistleblowers than all other presidents combined. < - > http://www.ritholtz.com/blog/2013/02/government-prosecutes-and-harasses-those-who-expose-criminal-wrongdoing/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 2 22:10:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Feb 2013 23:10:31 -0500 Subject: [Infowarrior] - PG County considers copyrighting all student/staff work Message-ID: Prince George?s considers copyright policy that takes ownership of students? work By Ovetta Wiggins http://www.washingtonpost.com/local/education/prince-georges-considers-copyright-policy-that-takes-ownership-of-students-work/2013/02/02/dc592dea-6b08-11e2-ada3-d86a4806d5ee_print.html A proposal by the Prince George?s County Board of Education to copyright work created by staff and students for school could mean that a picture drawn by a first-grader, a lesson plan developed by a teacher or an app created by a teen would belong to the school system, not the individual. The measure has some worried that by the system claiming ownership to the work of others, creativity could be stifled and there would be little incentive to come up with innovative ways to educate students. Some have questioned the legality of the proposal as it relates to students. ?There is something inherently wrong with that,? David Cahn, an education activist who regularly attends county school board meetings, said before the board?s vote to consider the policy. ?There are better ways to do this than to take away a person?s rights.? If the policy is approved, the county would become the only jurisdiction in the Washington region where the school board assumes ownership of work done by the school system?s staff and students. David Rein, a lawyer and adjunct law professor who teaches intellectual property at the University of Missouri in Kansas City, said he had never heard of a local school board enacting a policy allowing it to hold the copyright for a student?s work. Universities generally have ?sharing agreements? for work created by professors and college students, Rein said. Under those agreements, a university, professor and student typically would benefit from a project, he said. ?The way this policy is written, it essentially says if a student writes a paper, goes home and polishes it up and expands it, the school district can knock on the door and say, ?We want a piece of that,? ? Rein said. ?I can?t imagine that.? The proposal is part of a broader policy the board is reviewing that would provide guidelines for the ?use and creation? of materials developed by employees and students. The boards?s staff recommended the policy largely to address the increased use of technology in the classroom. Board Chair Verjeana M. Jacobs (District 5) said she and Vice Chair Carolyn M. Boston (District 6) attended an Apple presentation and learned how teachers can use apps to create new curricula. The proposal was designed to make it clear who owns teacher-developed curricula created while using apps on iPads that are school property, Jacobs said. It?s not unusual for a company to hold the rights to an employee?s work, copyright policy experts said. But the Prince George?s policy goes a step further by saying that work created for the school by employees during their own time and using their own materials is the school system?s property. Kevin Welner, a professor and director of the National Education Policy Center at the University of Colorado in Boulder, said the proposal appears to be revenue-driven. There is a growing secondary online market for teacher lesson plans, he said. ?I think it?s just the district saying, ?If there is some brilliant idea that one of our teachers comes up with, we want be in on that. Not only be in on that, but to have it all,? ? he said. Welner said teachers have always looked for ways to develop materials to reach their students, but ?in the brave new world of software development, there might be more opportunity to be creative in ways that could reach beyond that specific teacher?s classroom.? Still, Welner said he doesn?t see the policy affecting teacher behavior. ?Within a large district, there might be some who would invest a lot of time into something that might be marketable, but most teachers invest their time in teaching for the immediate need of their students and this wouldn?t change that,? he said. But it is the broad sweep of the proposed policy that has raised concerns. ?Works created by employees and/or students specifically for use by the Prince George?s County Public Schools or a specific school or department within PGCPS, are properties of the Board of Education even if created on the employee?s or student?s time and with the use of their materials,? the policy reads. ?Further, works created during school/work hours, with the use of school system materials, and within the scope of an employee?s position or student?s classroom work assignment(s) are the properties of the Board of Education.? Questioned about the policy after it was introduced, Jacobs said it was never the board?s ?intention to declare ownership? of students? work. ?Counsel needs to restructure the language,? Jacobs said. ?We want the district to get the recognition .?.?. not take their work.? Jacobs said last week that it was possible amendments could be made to the policy at the board?s next meeting. The board approved the policy for consideration by a vote of 8 to 1 last month but has removed the item from its agenda Thursday. School systems in the Washington region have policies that address the use of copyrighted materials, but none has rules that allow ownership of what a student creates, officials said. Some do address ownership of employees? work. The District holds common law copyright, at a minimum, to all relevant intellectual property its city and school employees create, a spokeswoman said. In Montgomery County, the school system says supplies, equipment or instructional materials that are made by a school employee using ?substantial time, facilities or materials? belonging to the system become the property of the public schools. If the activity is performed partially on private time and partially on public time, the school superintendent will approve the arrangement, according to the district?s conflict-of-interest policy. Peter Jaszi, a law professor with the Glushko-Samuelson Intellectual Property Law Clinic at American University, called the proposal in Prince George?s ?sufficiently extreme.? Jaszi said the policy sends the wrong message to students about respecting copyright. He also questioned whether the policy, as it applies to students, would be legal. He said there would have to be an agreement between the student and the board to allow the copyright of his or her work. A company or organization cannot impose copyright on ?someone by saying it is so,? Jaszi said. ?That seems to be the fundamental difficulty with this.? Cahn said he understands the board?s move regarding an employee?s work, but he called the policy affecting the students ?immoral.? ?It?s like they are exploiting the kids,? he said. For Adrienne Paul and her sister, Abigail Schiavello, who wrote a 28-page book more than a decade ago in elementary school for a project that landed them a national television interview with Rosie O?Donnell and a $10,000 check from the American Cancer Society, the policy ? had it been in effect ? would have meant they would not have been able to sell the rights to ?Our Mom Has Cancer.? Dawn Ackerman, their mother, said she would have obtained legal advice if there had been a policy like the one being considered when her daughters wrote their book about her fight against cancer 14 years ago. ?I really would have objected to that,? Ackerman said. Paul agreed, saying the policy seems to be ill-conceived. It could stifle a child?s creativity and strip students and their families of what is rightfully theirs, she said. ?I think if you paint a picture, publish a book or create an invention as a kid, your family ? certainly not the school board ? should have the rights to that,? she said. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 2 22:16:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Feb 2013 23:16:09 -0500 Subject: [Infowarrior] - Good OpEd: An America cramped by defensiveness Message-ID: An America cramped by defensiveness By Peter J. Munson http://www.washingtonpost.com/opinions/an-america-cramped-by-defensiveness/2013/02/01/ab0eff36-6c8d-11e2-bd36-c0fe61a205f6_print.html Peter J. Munson a major in the Marine Corps, is the author of ?War, Welfare & Democracy: Rethinking America?s Quest for the End of History.? The views expressed here are his own. A week before I deployed to Afghanistan in 2010, my wife and I volunteered for a few hours at our daughter?s elementary school. As we left, her teacher told the students that I was an officer in the Marine Corps about to leave on deployment. ?A nation does not survive,? he said, ?without men like that.? It was a heartfelt statement. I thought of it often while in Afghanistan; it felt most poignant when my detachment of transport aircraft flew each one of the 119 bodies out of Helmand province between June and December 2010 to make their final trip home. Near the end of our deployment, I asked my fellow Marines to always remember the fallen. I asked the living to honor the sacrifices of their dead. Not by mourning forever, nor by seeking vengeance, but by honoring their comrades? sacrifices in the choices and actions of their own lives. I asked them, in the words of Oliver Stone?s movie about another war, to find a meaning and goodness in this life. Since I returned home, a darkness has grown in me as both I and our nation have failed to live up to the sacrifices of these young men and women. I had no expectation of ?victory? in Afghanistan or Iraq, whatever that would mean. Nor did I expect some epiphany of strategic insight or remorse from the nation?s brain trust. I just found that I could not square the negativity, pettiness and paranoia in the discourse of our country?s elders with the nobility and dedication of the men and women I had seen and served with in Afghanistan. Over time, as I listened to the squabbling, I realized that about the only thing Americans agree on these days is gratitude bordering on reverence for our military. It troubled me that the sum total of consensus in our discourse is deference toward the defenders of our nation. Eventually, it dawned on me that the focus on defense was the root of our problem. After the Sept. 11, 2001, attacks, the United States sent its military off to war and fretted about post-traumatic stress disorder ? but paid little attention to the fact that America itself was traumatized. Americans became angry and withdrawn. We are fearful and paranoid because after a strike on our nation we chose to focus on defense rather than the resilience and vitality that made America great. In our defensive mind-set, we bristle at every change in a world undergoing an epochal transformation. We have little reason to be so negative. Certainly the rest of the world is gaining on us, but this represents the success of explicit U.S. policies. After World War II, the United States sought to create a world of economic interdependence and prosperity, hoping to banish the malaise that helped precipitate a global conflict. The prospect of rapid growth in the developing world was not viewed as a threat but rather offered the promise of robust markets for American goods and ingenuity. We were confident and focused on the positive tasks of expanding our economy rather than fearing change. Collectively, we have lost that positivity ? what historian Louis Mumford called an ?inner go.? Mumford was referring to the Romans, who in their decline focused only on security and stability, losing the vitality to embrace change and take risks. In our increasingly paranoiac discourse, we too have lost focus on the positive, creative tasks that continuously remake American power, resilience and vitality. We cannot agree to invest in education for our children or in infrastructure for our commerce, to rationalize the regulations that underpin our markets or to act collectively to create value. Instead, we hunker in a defensive crouch. Defense is an act of negation. It brings no victory, instead making us fearful, paranoid, angry and uncooperative. Our negative, defensive outlook has colored our politics, hampered our economy and hamstrung our strategies. Individually, many Americans retain inner go ? the unswerving view of our changing world as an endless fount of opportunity. Collectively, however, we must regain our lost focus on a positive vision for the future. We must exalt those who create value in our society: parents, teachers, workers, builders, entrepreneurs, innovators. We must go forth confident that we can lead a changing world by continuing to create, by working together and by living the sorts of fearless lives that our fallen lived. A nation cannot survive on defense alone. Militaries and wars produce nothing. They only consume ? time, lives, resources and hope. That day in the classroom in 2010, looking across the sea of young, diverse faces and hopeful eyes untainted by cynicism, I saw promise for a positive, creative America. When I decided to focus on that promise, the darkness lifted. It can lift for all of us. America, thank your military by building something worth defending. Banish the fear, paranoia and dissension. Lead again. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 3 12:50:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Feb 2013 13:50:51 -0500 Subject: [Infowarrior] - OT: (Forced) Militarism, Patriotism, and American Sports Message-ID: <62AE1E61-5911-4C42-BA02-EADF0C882F8C@infowarrior.org> When we cheer for our team, do we have to cheer for America, too? By Tricia Jenkins Tricia Jenkins is an assistant professor of film, television and digital media at Texas Christian University and the author of ?The CIA in Hollywood: How the Agency Shapes Film and Television.? http://www.washingtonpost.com/opinions/when-we-cheer-for-our-team-do-we-have-to-cheer-for-america-too/2013/01/31/cbde5fca-6965-11e2-ada3-d86a4806d5ee_print.html The customary flyover by fighter jets may be absent from this weekend?s Super Bowl; after all, the Mercedes-Benz Superdome in New Orleans is covered. But a military color guard will be on the field during the pregame ceremonies. CBS will cut to shots of troops watching the game overseas. Veterans will be recognized on the stadium?s video boards. And flag imagery will abound, as will stirring renditions of the national anthem and, most likely, ?America the Beautiful.? Sports games ? some of the only events that lead Americans to set their differences aside and sit down and watch together ? have become stages for large-scale patriotic theater. This is no accident; many of the militaristic rituals we see in stadiums and arenas across the country were deliberately designed to promote unity during times of crisis. But they?ve stuck around far longer than needed, making sports feel less like pastimes than pep rallies for our military or a particular war. During World War II, team owners introduced the national anthem and ceremonies honoring the armed forces as a way to win President Franklin Roosevelt?s support for continuing play amid the conflict. The weekend after President John F. Kennedy?s assassination in 1963, NFL Commissioner Pete Rozelle inserted moments of silence and flag ceremonies into his league?s games. The small flag decals on many athletes? uniforms arose from basketball and football organizers? desire to show unified support for the Persian Gulf War. And ?God Bless America? has replaced or supplemented ?Take Me Out to the Ballgame? during baseball?s seventh inning stretch; the New York Yankees introduced this tradition after the terrorist attacks of Sept. 11, 2001. But gestures that once offered comfort have become habit. And the patriotic displays have only gotten more inventive. College football?s national championship game last month between Notre Dame and Alabama featured Air Force paratroopers who jumped out of a plane and glided onto the field to deliver the game ball to officials. Sure, it?s a thrill for fans in the stadium. But such vaudeville quiets political dissent. When NBA player Mahmoud Abdul-Rauf refused to stand for the national anthem during the 1995-1996 season, he was suspended by the league. An American Muslim, Abdul-Rauf said that he saw the flag as a symbol of oppression and that standing for the anthem conflicted with his religious beliefs. The league barred him from playing until it came up with a compromise: He had to stand, but he was allowed to look down rather than at the flag. Likewise, Toni Smith of Manhattanville College turned her back on the flag during the national anthem in the 2002-2003 basketball season. A player of white, African American, Jewish and Native American heritage, she was protesting the coming U.S. war in Iraq and the government?s mistreatment of minorities. ?Iraq was the icing on the cake,? she said. ?But it wasn?t just the war. It was everything before that. It was everything that the flag is built on, everything that is continuing to happen and things that haven?t even happened yet.? In response, fellow students started a petition demanding that she return her financial aid, and spectators shouted obscenities at her during away games. In 2004, Toronto Blue Jays first baseman Carlos Delgado called the Iraq conflict ?the stupidest war ever? and refused to stand with his teammates when ?God Bless America? was played, often disappearing into the dugout instead. Yankees fans booed Delgado when he came to play New York and shouted ?U.S.A., U.S.A.? when he lined out. By refusing to participate in patriotic gimmickry because of their objections to U.S. policy, these athletes were exercising their constitutional right to dissent. Still, their teams, leagues and crowds tried to silence them. That?s their right, too, of course. But somehow, a country founded on rebellion finds not standing for an anthem or saluting a flag un-American. The militarism of our sporting events is particularly jarring given American ambivalence about the recent wars in Iraq and Afghanistan. In a 2010 poll, 59 percent of Americans said the war in Iraq was a mistake, and 72 percent said it was not worth the costs. In May 2012, a poll showed that support for the war in Afghanistan had dropped to a new low: Only 27 percent of Americans said they backed the conflict, and 66 percent said they opposed it. Sports fans who don?t support these wars may still applaud our returning veterans at games, of course. Some may be able to separate their support for our troops from their opposition to specific conflicts. Others may be intimidated by those around them, pressured into playing along. Still others may end up cheering the military whether they want to or not because sporting rituals now conflate it with athletics. After all, it was hard to tell whether Fighting Irish and Crimson Tide fans were celebrating the arrival of the game ball or the paratroopers who delivered it. Likewise, when the San Diego Padres take the field on Sundays dressed in camouflage jerseys, are fans rooting for their home team or the military that inspired its outfits? This militarized pageantry seems here to stay ? sports franchises benefit too much from the cheap thrills and public relations opportunities it affords. The military covers the costs of flyovers and paratroopers by logging those events as training exercises, and it hopes the theatrics will result in recruitment boosts. What comes next? Navy SEALs sneaking through the bleachers to deliver free pizzas? Beer sold in combat-boot-shaped cups? Or maybe miniature drones dropping T-shirts onto the crowds below? outlook at washpost.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 3 21:17:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Feb 2013 22:17:18 -0500 Subject: [Infowarrior] - Broad Powers Seen for Obama in Cyberstrikes Message-ID: February 3, 2013 Broad Powers Seen for Obama in Cyberstrikes By DAVID E. SANGER and THOM SHANKER http://www.nytimes.com/2013/02/04/us/broad-powers-seen-for-obama-in-cyberstrikes.html?hp&pagewanted=print WASHINGTON ? A secret legal review on the use of America?s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review. That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation?s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code ? even if there is no declared war. The rules will be highly classified, just as those governing drone strikes have been closely held. John O. Brennan, Mr. Obama?s chief counterterrorism adviser and his nominee to run the Central Intelligence Agency, played a central role in developing the administration?s policies regarding both drones and cyberwarfare, the two newest and most politically sensitive weapons in the American arsenal. Cyberweaponry is the newest and perhaps most complex arms race under way. The Pentagon has created a new Cyber Command, and computer network warfare is one of the few parts of the military budget that is expected to grow. Officials said that the new cyberpolicies had been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyberweapons. Officials spoke on condition of anonymity because they were not authorized to talk on the record. Under current rules, the military can openly carry out counterterrorism missions in nations where the United States operates under the rules of war, like Afghanistan. But the intelligence agencies have the authority to carry out clandestine drone strikes and commando raids in places like Pakistan and Yemen, which are not declared war zones. The results have provoked wide protests. Mr. Obama is known to have approved the use of cyberweapons only once, early in his presidency, when he ordered an escalating series of cyberattacks against Iran?s nuclear enrichment facilities. The operation was code-named Olympic Games, and while it began inside the Pentagon under President George W. Bush, it was quickly taken over by the National Security Agency, the largest of the intelligence agencies, under the president?s authority to conduct covert action. As the process of defining the rules of engagement began more than a year ago, one senior administration official emphasized that the United States had restrained its use of cyberweapons. ?There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,? the official said. The attacks on Iran illustrated that a nation?s infrastructure can be destroyed without bombing it or sending in saboteurs. While many potential targets are military, a country?s power grids, financial systems and communications networks can also be crippled. Even more complex, nonstate actors, like terrorists or criminal groups, can mount attacks, and it is often difficult to tell who is responsible. Some critics have said the cyberthreat is being exaggerated by contractors and consultants who see billions in potential earnings. One senior American official said that officials quickly determined that the cyberweapons were so powerful that ? like nuclear weapons ? they should be unleashed only on the direct orders of the commander in chief. A possible exception would be in cases of narrowly targeted tactical strikes by the military, like turning off an air defense system during a conventional strike against an adversary. ?There are very, very few instances in cyberoperations in which the decision will be made at a level below the president,? the official said. That means the administration has ruled out the use of ?automatic? retaliation if a cyberattack on America?s infrastructure is detected, even if the virus is traveling at network speeds. While the rules have been in development for more than two years, they are coming out at a time of greatly increased cyberattacks on American companies and critical infrastructure. The Department of Homeland Security recently announced that an American power station, which it did not name, was crippled for weeks by cyberattacks. The New York Times reported last week that it had been struck, for more than four months, by a cyberattack emanating from China. The Wall Street Journal and The Washington Post have reported similar attacks on their systems. ?While this is all described in neutral terms ? what are we going to do about cyberattacks ? the underlying question is, ?What are we going to do about China?? ? said Richard Falkenrath, a senior fellow at the Council on Foreign Relations. ?There?s a lot of signaling going on between the two countries on this subject.? International law allows any nation to defend itself from threats, and the United States has applied that concept to conduct pre-emptive attacks. Pre-emption always has been a disputed legal concept. Most recently former Mr. Bush made it a central justification for the invasion of Iraq in 2003, based on faulty intelligence about that country?s weapons of mass destruction. Pre-emption in the context of cyberwar raises a potentially bigger quandary, because a country hit by a pre-emptive cyberstrike could easily claim that it was innocent, undermining the justification for the attack. ?It would be very hard to provide evidence to the world that you hit some deadly dangerous computer code,? one senior official said. The implications of pre-emption in cyberwar were specifically analyzed at length in writing the new rules. One major issue involved in the administration?s review, according to one official involved, was defining ?what constitutes reasonable and proportionate force? in halting or retaliating against a cyberattack. During the attacks on Iran?s facilities, which the United States never acknowledged, Mr. Obama insisted that cyberweapons be targeted narrowly, so that they did not affect hospitals or power supplies. Mr. Obama frequently voiced concerns that America?s use of cyberweapons could be used by others as justification for attacks on the United States. The American effort was exposed when the cyberweapon leaked out of the Iranian enrichment center that was attacked, and the ?Stuxnet? code replicated millions of times on the Internet. Under the new guidelines, the Pentagon would not be involved in defending against ordinary cyberattacks on American companies or individuals, even though it has the largest array of cybertools. Domestically, that responsibility falls to the Department of Homeland Security, and investigations of cyberattacks or theft are carried out by the F.B.I. But the military, barred from actions within the United States without a presidential order, would become involved in cases of a major cyberattack within the United States. To maintain ambiguity in an adversary?s mind, officials have kept secret what that threshold would be; so far, Defense Secretary Leon E. Panetta has only described the ?red line? in the vaguest of terms ? as a ?cyber 9/11.? The Obama administration has urged stronger firewalls and other systems to provide a first line of defense, and then ?resiliency? in the face of cyberattacks. It failed to get Congress to pass cybersecurity legislation that would have allowed the government to mandate standards. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 4 21:11:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Feb 2013 22:11:25 -0500 Subject: [Infowarrior] - DOJ memo reveals legal case for drone strikes on Americans Message-ID: <9B0E3C94-5E03-486D-A7B2-6E830BDF7DA7@infowarrior.org> (Interesting that NBC is watermarking this document. --rick) PDF @ http://msnbcmedia.msn.com/i/msnbc/sections/news/020413_DOJ_White_Paper.pdf EXCLUSIVE: Justice Department memo reveals legal case for drone strikes on Americans By Michael Isikoff National Investigative Correspondent, NBC News A confidential Justice Department memo concludes that the U.S. government can order the killing of American citizens if they are believed to be ?senior operational leaders? of al-Qaida or ?an associated force? -- even if there is no intelligence indicating they are engaged in an active plot to attack the U.S. The 16-page memo, a copy of which was obtained by NBC News, provides new details about the legal reasoning behind one of the Obama administration?s most secretive and controversial polices: its dramatically increased use of drone strikes against al-Qaida suspects, including those aimed at American citizens, such as the September 2011 strike in Yemen that killed alleged al-Qaida operatives Anwar al-Awlaki and Samir Khan. Both were U.S. citizens who had never been indicted by the U.S. government nor charged with any crimes. The secrecy surrounding such strikes is fast emerging as a central issue in this week?s hearing of White House counterterrorism adviser John Brennan, a key architect of the drone campaign, to be CIA director. Brennan was the first administration official to publicly acknowledge drone strikes in a speech last year, calling them ?consistent with the inherent right of self-defense.? In a separate talk at the Northwestern University Law School in March, Attorney General Eric Holder specifically endorsed the constitutionality of targeted killings of Americans, saying they could be justified if government officials determine the target poses ?an imminent threat of violent attack.? But the confidential Justice Department ?white paper? introduces a more expansive definition of self-defense or imminent attack than described by Brennan or Holder in their public speeches. It refers, for example, to what it calls a ?broader concept of imminence? than actual intelligence about any ongoing plot against the U.S. homeland. ?The condition that an operational leader present an ?imminent? threat of violent attack against the United States does not require the United States to have clear evidence that a specific attack on U.S. persons and interests will take place in the immediate future,? the memo states. Instead, it says, an ?informed, high-level? official of the U.S. government may determine that the targeted American has been ?recently? involved in ?activities? posing a threat of a violent attack and ?there is no evidence suggesting that he has renounced or abandoned such activities.? The memo does not define ?recently? or ?activities.? < - > http://openchannel.nbcnews.com/_news/2013/02/04/16843014-exclusive-justice-department-memo-reveals-legal-case-for-drone-strikes-on-americans?lite --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 5 07:00:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Feb 2013 08:00:14 -0500 Subject: [Infowarrior] - UK Copyright Research Center Immediately Under Attack For Daring To Ask About Evidence Message-ID: <38A09970-5125-459A-BD0C-ECB2E51413C1@infowarrior.org> New UK Copyright Research Center Immediately Under Attack For Daring To Ask About Evidence from the what's-the-problem? dept As Techdirt reported last year, some copyright maximalists in the UK seem to be against the whole idea of basing policy on evidence. Last week saw the launch of CREATe: Creativity, Regulation, Enterprise and Technology, a new UK "research centre for copyright and new business models in the creative economy." One of the things it hopes to do is to bring some objectivity to the notoriously contentious field of copyright studies by looking at what the evidence really says; so it was perhaps inevitable that it too would meet some resistance from the extremist wing of the copyright world. What's surprising is that it seems to have happened during the launch itself, as Paul Bernal, an academic who was there, reports: < - > http://www.techdirt.com/articles/20130203/07372221866/new-uk-copyright-research-center-immediately-under-attack-daring-to-ask-about-evidence.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 5 07:09:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Feb 2013 08:09:56 -0500 Subject: [Infowarrior] - McGraw-Hill, S&P Sued by U.S. Over Mortgage-Bond Ratings Message-ID: <62B61BF3-D953-4910-856C-B8F7436F59E7@infowarrior.org> Good riddance. Sue 'em all, and while the USG is at it, why not change the federal laws that *require* certain entities like pension funds to use these for-profit "ratings" agencies analysis in determining what they can and cannot buy on behalf of their individual investors. This "ratings" scam (and it is a scam) has gone on for too long. --rick McGraw-Hill, S&P Sued by U.S. Over Mortgage-Bond Ratings By Edvard Pettersson - Feb 5, 2013 McGraw-Hill Cos. (MHP) and its Standard & Poor?s unit were sued by the U.S. over claims S&P knowingly understated the credit risks of bonds and derivatives that were central to the worst financial crisis since the Great Depression. The U.S. Justice Department filed a complaint yesterday in in Los Angeles, accusing McGraw-Hill and S&P of three types of fraud, the first federal case against a ratings company for grades related to the credit crisis. McGraw-Hill tumbled the most in 25 years yesterday when it said it expected the lawsuit. S&P issued credit ratings on more than $2.8 trillion of residential mortgage-backed securities and about $1.2 trillion of collateralized-debt obligations from September 2004 through October 2007, according to the complaint. S&P downplayed the risks on portions of the securities to gain more business from the investment banks that issued them, the U.S. said. ?It?s going to be a tricky time for rating agencies,? Fred Ponzo, a capital markets analyst at Greyspark Partners in London, said in a telephone interview. ?S&P is probably just the first to face the music.? < - > http://www.bloomberg.com/news/print/2013-02-05/u-s-files-lawsuit-against-mcgraw-hill-standard-poor-s.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 5 20:48:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Feb 2013 21:48:21 -0500 Subject: [Infowarrior] - The Many Motivations Of Movie Piracy (Notably Absent: 'I Want Everything For Free') Message-ID: <05C61770-835D-41B0-A19C-C69E38A2CCED@infowarrior.org> The Many Motivations Of Movie Piracy (Notably Absent: 'I Want Everything For Free') from the copy-culture dept http://www.techdirt.com/articles/20130201/12043621854/many-motivations-movie-piracy-notably-absent-i-want-everything-free.shtml In the recently released Copy Culture In The US & Germany survey report from the American Assembly (for which we provided the design & layout work), one small but especially interesting component is the list of reasons given for downloading TV shows and movies. The American responses were pretty evenly distributed among the various key reasons, and serve as a laundry list of things that piracy does just slightly better, or slightly more permissively, than most legitimate sources: (picture) While price was one of the top three reasons, this hardly paints a picture of penny-pinching freeloaders?rather, it shows emerging trends in media consumption that distributors and rightsholders simply can't keep ignoring. Absolutely none of these responses are surprising, because they are exactly the way people have been interacting with the majority of content online for years now. They share, they use multiple devices, they expect comprehensive access and a choice of sources, they want access as soon as possible, and they are put off by obtrusive advertising. Of course, that last item is a bit of an oddity. The knee-jerk reaction among most people is that all advertising is bad, but that seems to underestimate the amount of stuff that advertising pays for or subsidizes, and that most of us happily enjoy on a daily basis. Advertising is one of those things that only ever gets badmouthed, because you only focus on it when it's bad ? when it's good it doesn't register as advertising because it doesn't register as intrusive. The perennial buzz around Superbowl commercials and the 44-million views on Old Spice's famous viral ad support this notion pretty strongly. In the world of online television, I think there's room for both subscription models and advertising-funded models ? and even some combinations of both if balanced correctly. But until content providers start tackling the overall problem by catching up to pirate sources in the many areas where their services fall short, no model is going to succeed in defeating piracy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 6 07:14:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Feb 2013 08:14:05 -0500 Subject: [Infowarrior] - Congress considers putting limits on drone strikes Message-ID: <6CC49E25-1554-425E-BCD4-9872658A3674@infowarrior.org> (Interestingly the protests come from Democrats -- I'll believe any limits when (er if) we SEE them. You know how idiotic Congress gets trying to look strong on security. --rick) Congress considers putting limits on drone strikes By LARA JAKES | Associated Press ? 9 hrs ago http://news.yahoo.com/congress-considers-putting-limits-drone-strikes-223058057--politics.html WASHINGTON (AP) ? Uncomfortable with the Obama administration's use of deadly drones, a growing number in Congress is looking to limit America's authority to kill suspected terrorists, even U.S. citizens. The Democratic-led outcry was emboldened by the revelation in a newly surfaced Justice Department memo that shows drones can strike against a wider range of threats, with less evidence, than previously believed. The drone program, which has been used from Pakistan across the Middle East and into North Africa to find and kill an unknown number of suspected terrorists, is expected to be a top topic of debate when the Senate Intelligence Committee grills John Brennan, the White House's pick for CIA chief, at a hearing Thursday. The White House on Tuesday defended its lethal drone program by citing the very laws that some in Congress once believed were appropriate in the years immediately after the Sept. 11 attacks but now think may be too broad. "It has to be in the agenda of this Congress to reconsider the scope of action of drones and use of deadly force by the United States around the world because the original authorization of use of force, I think, is being strained to its limits," Sen. Chris Coons, D-Del., said in a recent interview. Rep. Steny Hoyer of Maryland, the No. 2 Democrat in the House, said Tuesday that "it deserves a serious look at how we make the decisions in government to take out, kill, eliminate, whatever word you want to use, not just American citizens but other citizens as well." Hoyer added: "We ought to carefully review our policies as a country." The Senate Foreign Relations Committee likely will hold hearings on U.S. drone policy, an aide said Tuesday, and Chairman Robert Menendez, D-N.J., and the panel's top Republican, Sen. Bob Corker of Tennessee, both have quietly expressed concerns about the deadly operations. And earlier this week, a group of 11 Democratic and Republican senators urged President Barack Obama to release a classified Justice Department legal opinion justifying when U.S. counterterror missions, including drone strikes, can be used to kill American citizens abroad. Without those documents, it's impossible for Congress and the public to decide "whether this authority has been properly defined, and whether the president's power to deliberately kill Americans is subject to appropriate limitations and safeguards," the senators wrote. It was a repeated request after receiving last June an unclassified Justice Department memo, which fell short of giving the senators all the information they requested. First detailed publicly by NBC News late Monday, the memo for the first time outlines the Obama administration's decision to kill al-Qaida terror suspects without any evidence that specific and imminent plots are being planned against the United States. "The threat posed by al-Qaida and its associated forces demands a broader concept of imminence in judging when a person continually planning terror attacks presents an imminent threat," concluded the document. The memo was immediately decried by civil liberties groups as "flawed" and "profoundly disturbing" ? especially in light of 2011 U.S. drone strikes in Yemen that killed three American citizens: Anwar al-Awlaki, his 16-year-old-son and Samir Khan. Al-Awlaki was linked to the planning and execution of several attacks targeting U.S. and Western interests, including the attempt to down a Detroit-bound airliner in 2009 and the plot to bomb cargo planes in 2010. His son was killed in a separate strike on a suspected al-Qaida den. Khan was an al-Qaida propagandist. White House spokesman Jay Carney, echoing comments Brennan made in a speech last April, called the strikes legal, ethical and wise and said they are covered by a law that Congress approved allowing the use of military force against al-Qaida. "And certainly, under that authority, the president acts in the United States' interest to protect the United States and its citizens from al-Qaida," Carney said Tuesday. "It is a matter of fact that Congress authorized the use of military force against al-Qaida," Carney said. "It is a matter of fact that al-Qaida is in a state of war against us and that senior leaders, operational leaders of al-Qaida are continually plotting to attack the United States, plotting to kill American citizens as they did most horrifically on September 11th of 2001." Three days after 9/11, Congress approved a law authorizing the military to use "all necessary and appropriate force" against al-Qaida and other groups believed to be helping or harboring the global terror network, including the use of drone strikes. In the decade since the attacks, U.S. intelligence officials say, al-Qaida has splintered into a number of affiliates and allied sympathizers. That means the current laws could allow military force against thousands of extremists across the Mideast and North Africa who have limited or no ability to strike the United States. Currently, both the CIA and the U.S. military are authorized to remotely pilot unmanned, missile-carrying drones against terror suspects. It's unknown exactly how many strikes have been carried out, but experts say that drone attacks in Pakistan are conducted by the CIA, while those in Yemen and Somalia, for example, are by military forces. The drones have strained diplomacy between the U.S. and the nations where the strikes are carried out, as civilians have been killed alongside the targeted terrorists, even though most nations have given Washington at least tacit agreement to carry out the attacks. A Middle Eastern diplomat said that in Yemen, for example, an uptick of U.S. drone strikes last month have killed dozens of people and upset the local public, leading some leaders in Sanaa to reconsider how often they should be used. The diplomat spoke Tuesday on condition of anonymity to avoid political retribution from the Obama administration. The Pentagon is also considering basing surveillance drones in Niger to monitor on burgeoning extremist violence in North Africa, but it's not clear if they will be armed. Scaling back the use of drones also would hamper war plans in Afghanistan after combat troops are scheduled to withdraw in 2014. Drones represent a major thrust of the post-troops campaign to help the limited number of special forces units that remain there keep the Taliban from regrouping. Brennan, who currently serves as the White House counterterrorism czar, has signaled he is prepared to turn the CIA from carrying out lethal drone strikes and hand over those missions to the U.S. military. Sen. Ron Wyden, a senior Democratic member of the Senate Intelligence panel, declared himself unsatisfied Tuesday with the Justice memo and said he will press Brennan at the confirmation hearing about the administration's current policy. The drone debate puts Obama ? himself a former civil rights lawyer ? in the awkward position of carrying out lethal attacks in secret and bucking his political allies in the Democratic Party. Democratic lawmakers were incensed by the refusal of the Republican administration of President George W. Bush to hand over classified Justice Department opinions justifying the use of waterboarding, the harsh interrogation tactic that critics call a form of torture. Obama repudiated those methods ? and released those opinions ? when he took office in 2009. The use of drones proved to have no political cost to Obama in his re-election campaign. House Intelligence Chairman Mike Rogers, R-Mich., defended the use of deadly drones, calling it "a lawful act of national self-defense." "When an individual has joined al-Qaida ? the organization responsible for the murder of thousands of Americans ? and actively plots future attacks against U.S. citizens, soldiers, and interests around the world, the U.S. government has both the authority and the obligation to defend the country against that threat," Rogers said in a statement. But Rep. Keith Ellison, said the new Justice memo could spur lawmakers into taking a fresh look at deadly drones, and what he called an outdated policy guiding them. "We are sort of running on the steam that we acquired right after our country was attacked in the most horrific act of terror in U.S. history," said Ellison, D-Minn. "We have learned much since 9/11, and now it's time to take a more sober look at where we should be with use of force." __ Follow Lara Jakes on Twitter at: https://twitter.com/larajakesAP --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 6 07:37:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Feb 2013 08:37:49 -0500 Subject: [Infowarrior] - Postal Service to Cut Saturday Mail Message-ID: <19FA814D-71C0-4AF0-AF80-E05FE4E97BEB@infowarrior.org> Postal Service to Cut Saturday Mail http://news.yahoo.com/postal-cut-saturday-mail-trim-costs-121746412.html;_ylt=A2KJ3Cd6VxJRwmwAmErQtDMD The U.S. Postal Service will stop delivering mail on Saturdays but continue to deliver packages six days a week under a plan aimed at saving about $2 billion annually, the financially struggling agency says. In an announcement scheduled for later Wednesday, the service is expected to say the Saturday mail cutback would begin in August. The move accentuates one of the agency's strong points ? package delivery has increased by 14 percent since 2010, officials say, while the delivery of letters and other mail has declined with the increasing use of email and other Internet services. Under the new plan, mail would be delivered to homes and businesses only from Monday through Friday, but would still be delivered to post office boxes on Saturdays. Post offices now open on Saturdays would remain open on Saturdays. Over the past several years, the Postal Service has advocated shifting to a five-day delivery schedule for mail and packages ? and it repeatedly but unsuccessfully appealed to Congress to approve the move. Though an independent agency, the service gets no tax dollars for its day-to-day operations but is subject to congressional control. It was not immediately clear how the service could eliminate Saturday mail without congressional approval. But the agency clearly thinks it has a majority of the American public on its side regarding the change. Material prepared for the Wednesday press conference by Patrick R. Donahoe, postmaster general and CEO, says Postal Service market research and other research has indicated that nearly 7 in 10 Americans support the switch to five-day delivery as a way for the Postal Service to reduce costs. "The Postal Service is advancing an important new approach to delivery that reflects the strong growth of our package business and responds to the financial realities resulting from America's changing mailing habits," Donahoe said in a statement prepared for the announcement. "We developed this approach by working with our customers to understand their delivery needs and by identifying creative ways to generate significant cost savings." The Postal Service is making the announcement Wednesday, more than six months before the switch, to give residential and business customers time to plan and adjust, the statement said. "The American public understands the financial challenges of the Postal Service and supports these steps as a responsible and reasonable approach to improving our financial situation," Donahoe said. "The Postal Service has a responsibility to take the steps necessary to return to long-term financial stability and ensure the continued affordability of the U.S. Mail." He said the change would mean a combination of employee reassignment and attrition and is expected to achieve cost savings of approximately $2 billion annually when fully implemented. The agency in November reported an annual loss of a record $15.9 billion for the last budget year and forecast more red ink in 2013, capping a tumultuous year in which it was forced to default on billions in retiree health benefit prepayments to avert bankruptcy. The financial losses for the fiscal year ending Sept. 30 were more than triple the $5.1 billion loss in the previous year. Having reached its borrowing limit, the mail agency is operating with little cash on hand. The agency's biggest problem ? and the majority of the red ink in 2012 ? was not due to reduced mail flow but rather to mounting mandatory costs for future retiree health benefits, which made up $11.1 billion of the losses. Without that and other related labor expenses, the mail agency sustained an operating loss of $2.4 billion, lower than the previous year. The health payments are a requirement imposed by Congress in 2006 that the post office set aside $55 billion in an account to cover future medical costs for retirees. The idea was to put $5.5 billion a year into the account for 10 years. That's $5.5 billion the post office doesn't have. No other government agency is required to make such a payment for future medical benefits. Postal authorities wanted Congress to address the issue last year, but lawmakers finished their session without getting it done. So officials are moving ahead to accelerate their own plan for cost-cutting. The Postal Service is in the midst of a major restructuring throughout its retail, delivery and mail processing operations. Since 2006, it has cut annual costs by about $15 billion, reduced the size of its career workforce by 193,000 or by 28 percent, and has consolidated more than 200 mail processing locations, officials say. They say that while the change in the delivery schedule announced Wednesday is one of the actions needed to restore the financial health of the service, they still urgently need lawmakers to act. Officials say they continue to press for legislation that will give them greater flexibility to control costs and make new revenues. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 6 15:21:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Feb 2013 16:21:22 -0500 Subject: [Infowarrior] - =?windows-1252?q?Coke_Engineers_Its_Orange_Juice?= =?windows-1252?q?=97With_an_Algorithm?= Message-ID: <34A31437-4317-490B-A23F-97D25F3547EA@infowarrior.org> Coke Engineers Its Orange Juice?With an Algorithm By Duane Stanford January 31, 2013 6:20 PM EST http://mobile.businessweek.com/articles/2013-01-31/coke-engineers-its-orange-juice-with-an-algorithm Don?t let the name fool you. Coca-Cola?s Simply Orange juice is anything but pick, squeeze, and pour. That cold glass of 100 percent liquid sunshine on the breakfast table is the product of a sophisticated industrial juice complex. Satellite imagery, complicated data algorithms, even a juice pipeline are all part of the recipe. ?You take Mother Nature and standardize it,? says Jim Horrisberger, director of procurement at Coke?s huge Auburndale (Fla.) juice packaging plant. ?Mother Nature doesn?t like to be standardized.? Coca-Cola, maker of the Minute Maid and Simply Orange brands, is using its balance sheet and distribution reach to methodically build a global juice machine. That includes the U.S., Coke?s largest market, accounting for one-third of its volume sold. PepsiCo, led by its Tropicana brand, commands a 40 percent volume share of the $4.6 billion U.S. market for not-from-concentrate juices, compared with 28 percent for Coke, according to Euromonitor. Globally, the market researcher says, Coke gets about $13 billion in revenue annually from pure juice and juice drinks. ?You see them focusing on still beverages because that?s been outgrowing sparkling drinks for several years now,? says Thomas Mullarkey, an analyst for Morningstar in Chicago. At the core of Coke?s plan in the U.S. is 100 percent not-from-concentrate OJ, for which consumers are willing to pay as much as a 25 percent premium. Yet producing the beverage is far more complicated than bottling soft drinks. Juice production is full of variables, from weather to regional consumer preference, and Coke is trying to manage each from grove to glass. In bucolic Auburndale, an hour south of Disney World, Coke has spent $114 million in recent years expanding its premier U.S. juice bottling plant, which it claims is the world?s largest. It?s here that Coke has perfected a top-secret methodology it calls Black Book to make sure consumers have consistent orange juice 12 months a year, even though the peak growing season lasts about three months. ?We basically built a flight simulator for our juice business,? says Doug Bippert, Coke?s vice president of business acceleration. Black Book isn?t really a secret formula. It?s an algorithm. Revenue Analytics consultant Bob Cross, architect of Coke?s juice model, also built the model Delta Air Lines uses to maximize its revenue per mile flown. Orange juice, says Cross, ?is definitely one of the most complex applications of business analytics. It requires analyzing up to 1 quintillion decision variables to consistently deliver the optimal blend, despite the whims of Mother Nature.? The Black Book model includes detailed data about the myriad flavors?more than 600 in all?that make up an orange, and consumer preferences. Those data are matched to a profile detailing acidity, sweetness, and other attributes of each batch of raw juice. The algorithm then tells Coke how to blend batches to replicate a certain taste and consistency, right down to pulp content. Another part of Black Book incorporates external factors such as weather patterns, expected crop yields, and cost pressures. This helps Coke plan so that supplies will be on hand as far ahead as 15 months. ?If we have a hurricane or a freeze,? Bippert says, ?we can quickly replan the business in 5 or 10 minutes just because we?ve mathematically modeled it.? Coca-Cola bought Minute Maid in 1960. The juice company had been founded during World War II by pharmaceutical engineer Jack Fox, an expert at concentrating blood serum, to make OJ concentrate for a military contract. Today frozen orange juice from concentrate makes up less than 4 percent of the entire U.S. orange juice market, according to Coke, and is a tiny piece of Minute Maid sales. Instead the beverage giant has thrown its efforts into fresh juice, doubling global volume sales from 2004 to 2011. Of Coke?s 15 brands that each generate at least $1 billion in revenue annually, four are juice-based drinks: Minute Maid globally, Simply Orange in the U.S., Minute Maid Pulpy in Asia, and Del Valle in Latin America. Coke accounted for 17 percent of the juice-related volume sold in the world?s top 22 markets, compared with 9 percent for PepsiCo, according to Nielsen data for the year ended last September. Coke?s market share grew 0.9 percentage points in the period, while PepsiCo declined by the same amount. A short walk from Coke?s Auburndale plant, massive storage tanks encased in insulated buildings rise high above the flat Florida landscape. The silos are full of fresh-squeezed juice, chilled to a slushy 30F to 34F. The tanks are owned by Coca-Cola?s Brazilian partner in the juice wars, Cutrale, the global fruit procurer that processes the oranges that go into Coke?s juice brands. Together the companies buy almost a third of the 145 million boxes of oranges grown by more than 400 Florida growers. Coke and Cutrale educate growers on best practices and ensure that oranges are grown to Coke specifications. Cutrale?s experts use satellite imaging to monitor crops in Brazil, so they can order growers to pick their fruit at the optimal time dictated by Black Book. The companies constructed a 1.2-mile underground pipeline from Cutrale?s Orlando-area processing operation to Coke?s packaging plant to transport juice that previously required 70 tanker-truck trips daily. Cutrale also constructed a $10 million facility to process and ship orange pulp. About 80 percent of those orange innards are boated frozen to China for use by brands including Minute Maid Pulpy, which was Coke?s first billion-dollar brand developed on the mainland. No part of the orange is wasted. Essential oils are bottled and sold for everything from flavoring to household cleaners. Peel is pressed into pellets for cattle feed. The raw juice is then flash-pasteurized and piped to storage tanks as large as 2 million gallons each for up to eight months. Inside the tanks, the juice is slowly agitated at the bottom so it doesn?t settle. A nitrogen gas blanket at the top keeps out rot-inducing oxygen. Batches of juice from various crops and seasons are segregated based on features such as orange type, sweetness, and acidity. In-season juice is typically mixed with off-season juice. In peak season?roughly April to June?oranges can go from grove to glass in less than 24 hours. Fiber-optic cables keep computers at Cutrale and Coke?s juice bottling plant in constant contact so juice is piped more efficiently. Inside the bottling plant, ?blend technicians? at a traffic control center carry out Black Book instructions prior to bottling. The weekly recipe is tweaked constantly. Natural flavors and fragrances captured during squeezing are added back into the juice to restore flavor lost in processing. All that tweaking doesn?t suit everyone?s taste. Alissa Hamilton, author of the 2010 book Squeezed: What You Don?t Know About Orange Juice, says most 100 percent not-from-concentrate OJ is more processed than consumers realize. She has argued for stricter labeling so they know the juice has been engineered from various batches of oranges. There?s still one part of the process that hasn?t changed with time: picking. About 95 percent of the oranges Coke uses for juices are still plucked from trees by hand. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 6 17:00:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Feb 2013 18:00:24 -0500 Subject: [Infowarrior] - CISPA will return in 2013: Ruppersberger prepping new version Message-ID: CISPA will return in 2013: Rep. Ruppersberger working with White House to prepare bill for reintroduction http://thenextweb.com/us/2013/02/06/cispa-will-return-this-year-rep-ruppersberger-working-with-white-house-to-prepare-bill-for-reintroduction/ In conversation with The Hill, Representative Charles Ruppersberger stated that he intends to re-introduce the controversial Cyber Intelligence Sharing and Protection Act in 2013. The Cyber Intelligence Sharing and Protection Act, known to most as simply ?CISPA,? was a lighting rod bill in the House last year, leading to a contentious vote in the lower chamber, and a veto threat the President over privacy concerns. The final vote for the bill was rammed through so quickly that a half dozen of its co-sponsors did not vote for the law in the end. CISPA passed the House 248 to 168. However, its lack of mandatory standards for critical infrastructure put it into a difficult spot, as the Senate majority was in favor of such standards. In the House they were, and likely remain, anathema. The political climate has shifted some since the last age of CISPA, but probably not enough to convince the House majority to vote in favor of increased regulation. As quoted on the Hillicon Valley blog, Rep. Ruppersberger has his staff speaking with the White House to ensure that when CISPA is introduced again, it won?t have another veto tossed around its neck: ?We?re working on some things?working with the White House to make sure that hopefully they can be more supportive of our bill than they were the last time.? The talks are going well, he went on to note. For a primer in the arguments in favor and opposed to CISPA, TNW?s previous reporting has you covered. However, if you so desire a top sheet, here you go: privacy groups were concerned that the bill?s conduits that would carry their personal Internet information and digital communications to the National Security Agency and other intelligence agencies lacked sufficient privacy safeguards. Naturally, the updated version of CISPA will attract heavy scrutiny when it is announced. That said, I?m not optimistic that it will have been reformed sufficiently to ensure proper privacy for the average United States citizen. Clearly, there is a firm need for clear, strong cybersecurity legislation in the United States. This is universally agreed upon. However, after the Senate?s failure on the larger issue, and the President?s apparent declination of issuing an executive order, to see the next round of legislative work originate in the House isn?t surprising But, as with the first version of CISPA before it, the House could trip out of the gate, and gum the wheels of progress. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 7 07:16:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Feb 2013 08:16:26 -0500 Subject: [Infowarrior] - Nye: The Information Revolution Gets Political Message-ID: <3EDA1D6B-988A-4B34-9DF5-C218687E942B@infowarrior.org> The Information Revolution Gets Political 07 February 2013 http://www.project-syndicate.org/print/information-technology-s-political-implications-by-joseph-s--nye NEW DELHI ? The second anniversary of the ?Arab Spring? in Egypt was marked by riots in Tahrir Square that made many observers fear that their optimistic projections in 2011 had been dashed. Part of the problem is that expectations had been distorted by a metaphor that described events in short-run terms. If, instead of ?Arab Spring,? we had spoken of ?Arab revolutions,? we might have had more realistic expectations. Revolutions unfold over decades, not seasons or years. Consider the French Revolution, which began in 1789. Who would have predicted that within a decade, an obscure Corsican soldier would lead French armies to the banks of the Nile, or that the Napoleonic Wars would disrupt Europe until 1815? If we think of the Arab revolutions, there are many surprises yet to come. So far, most Arab monarchies have had enough legitimacy, money, and force to survive the waves of popular revolt that have brought down secular republican autocrats like Egypt?s Hosni Mubarak and Libya?s Muammar el-Qaddafi, but we are only two years into the revolutionary process. Beneath the Arab political revolutions lies a deeper and longer process of radical change that is sometimes called the information revolution. We cannot yet fully grasp its implications, but it is fundamentally transforming the nature of power in the twenty-first century, in which all states exist in an environment that even the most powerful authorities cannot control as they did in the past. Governments have always worried about the flow and control of information, and our age is hardly the first to be strongly affected by dramatic changes in information technology. Gutenberg?s printing press was important to the origins of the Protestant Reformation and the ensuing wars in Europe. Today, however, a much larger part of the population, both within and among countries, has access to the power that comes from information. The current global revolution is based on rapid technological advances that have dramatically decreased the cost of creating, finding, and transmitting information. Computing power doubled roughly every 18 months for 30 years, and, by the beginning of the twenty-first century, it cost one-thousandth of what it did in the early 1970?s. If the price of automobiles had fallen as quickly as the price of semiconductors, a car today would cost $5. As recently as the 1980?s, phone calls over copper wire could carry only one page of information per second; today, a thin strand of optical fiber can transmit 90,000 volumes in a second. In 1980, a gigabyte of data storage occupied a room; now, 200 gigabytes of storage fits in your shirt pocket. Even more crucial has been the enormous drop in the cost of transmitting information, which reduces barriers to entry. As computing power has become cheaper and computers have shrunk to the size of smart phones and other portable devices, the decentralizing effects have been dramatic. Power over information is much more widely distributed today than even a few decades ago. As a result, world politics is no longer the sole province of governments. Individuals and private organizations ? including WikiLeaks, multinational corporations, NGOs, terrorists, or spontaneous social movements ? have been empowered to play a direct role. The spread of information means that informal networks are undercutting the monopoly of traditional bureaucracy, with all governments less able to control their agendas. Political leaders enjoy fewer degrees of freedom before they must respond to events, and must then communicate not only with other governments, but with civil society as well. But it would be a mistake to ?over-learn? the lessons that the Arab revolutions have taught about information, technology, and power. While the information revolution could, in principle, reduce large states? power and increase that of small states and non-state actors, politics and power are more complex than such technological determinism implies. In the middle of the twentieth century, people feared that computers and new means of communications would create the kind of central governmental control dramatized in George Orwell?s 1984. And, indeed, authoritarian governments in China, Saudi Arabia, and elsewhere have used the new technologies to try to control information. Ironically for cyber-utopians, the electronic trails created by social networks like Twitter and Facebook sometimes make the job of the secret police easier. After its initial embarrassment by Twitter in 2009, the Iranian government was able to suppress the country?s ?green? movement in 2010. Similarly, while the ?great firewall of China? is far from perfect, the government has managed thus far to cope, even as the Internet has burgeoned in the country. In other words, some aspects of the information revolution help the small, but some help the already large and powerful. Size still matters. While a hacker and a government can both create information and exploit the Internet, it matters for many purposes that large governments can deploy tens of thousands of trained people and have access to vast computing power to crack codes or intrude into other organizations. Likewise, while it is now cheap to disseminate existing information, the collection and production of new information often requires major investment, and, in many competitive situations, new information matters most. Intelligence collection is a good example, and the elaborate Stuxnet worm that disabled Iranian nuclear centrifuges seems to have been a government creation. Governments and large states still have more resources than information-empowered private actors, but the stage on which they play is more crowded. How will the ensuing drama unfold? Who will win, and who will lose? It will take decades, not a single season, to answer such questions. As events in Egypt and elsewhere have shown, we are only just beginning to comprehend the effects of the information revolution on power in this century. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 7 07:55:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Feb 2013 08:55:52 -0500 Subject: [Infowarrior] - NYT, WaPo accused of complicity as drone report reopens security debate Message-ID: US newspapers accused of complicity as drone report reopens security debate New York Times and Washington Post knew about secret drone base in Saudi Arabia but agreed not to disclose it to the public ? guardian.co.uk, Wednesday 6 February 2013 17.14 EST http://www.guardian.co.uk/media/2013/feb/06/us-newspapers-accused-complicity-drone US news organisations are facing accusations of complicity after it emerged that they bowed to pressure from the Obama administration not to disclose the existence of a secret drone base in Saudi Arabia despite knowing about it for a year. Amid renewed scrutiny over the Obama administration's secrecy over its targeted killing programme, media analysts and national security experts said the revelation that some newspapers had co-operated over the drone base had reopened the debate over the balance between freedom of information and national security. On Tuesday, following Monday's disclosure by NBC of a leaked Justice Department white paper on the case for its controversial targeted killing programme, the Washington Post revealed it had previously refrained from publishing the base's location at the behest of the Obama administration over national security concerns. The New York Times followed with its own story on the drone programme on Wednesday, and an op-ed explaining why it felt the time to publish was now. One expert described the initial decision not to publish the base's location as "shameful and craven". Dr Jack Lule, a professor of journalism and communication at Lehigh University in Pennsylvania, said that the national security implications did not merit holding on to the story. "The decision not to publish is a shameful one. The national security standard has to be very high, perhaps imminent danger," he said. "The fact that we are even having a conversation about whether it was a national security issue should have sent alarm bells off to the editors. I think the real reason was that the administration did not want to embarrass the Saudis ? and for the US news media to be complicit in that is craven." The Obama administration has resisted any effort to open up its targeted killing programme to public scrutiny. The White House legal advice on the assassinations program, including the killing of a US citizen, Anwar al-Awlaki, has been withheld from the public and Congress, despite repeated requests to make it public. The New York Times is attempting to obtain this memo though the courts, and Margaret Sullivan, the Times's public editor, used this argument in her piece on Wednesday, which said that the Times was right, at last, to publish details of the Saudi drone base. However, Lule said that in not publishing the location of the base when it had the information, the newspaper had failed in its responsibility to the public. Lule said: "We have two partners' participation in the secrecy of the drone programme: the government and the news media. If we are looking to open it up to scrutiny, where do we go?" "It happened at the top ranks of the media, too. We look to digital media, but they do not have the contacts and the resources to look at this. They should have been leading the pack in calling for less secrecy. For them to give up that post is terrible." Jane Kirtley, a professor of media ethics and law at the University of Minnesota, said the Washington Post had a long history of seeking input from government on stories which they felt may have security implications. She cited a column the Post's former editor Ben Bradlee, written in the 1990s about this issue, which generated a lot of criticism. "The argument was: what is wrong with going to the government to find out the possible impact so that we can make an informed decision? That is the argument they have made in the past." Kirtley said her own view as a lawyer would be: "The default position is to publish." Part of the problem, she said, was that the term "national security" could be used as a cover for embarrassing revelations, or information the government does not want in the public domain. "How to judge national security is the real conundrum. News organisations, as a rule, think about the consequences of their stories. The problem with dealing with national security is that it is so amorphous. Journalists are trained to be sceptical of these types of assertions. The repercussions are not always obvious, compared to, for instance, movement of ground troops in a war zone. "The comments on the Washington Post story reflect that dichotomy." Kirtley said that in such cases it is vital for a news organisation to explain to its readers why the decision was made. "To public perception, it begins to appear that those decisions were made not for national security reasons but to provide cover for the administration. That is the tightrope that news organisations walk in these situations. "The whole brouhaha has become so complex over what the implications are for John Brennan, and whether the Post has done this for political reasons. That is why it's is so important to explain to their readers why a decision was made." While the publication of the white paper itself has brought renewed scrutiny to the Obama administration's insistence on secrecy, Stephen Vladeck, a professor of law at American University who specialises in national security issues, said there was an irony. "We have a Freedom of Information Act. And, unlike Britain, we have no Official Secrets Act. But in the last decade we see less and less release of national security information. "The aftermath of 9/11 has provided a very powerful counter-argument against freedom of information. My suspicion is that, out of western democracies, the US is at the far end of the secrecy spectrum" Vladeck said that the US press, which has been responsible for some of the most important national security stories in recent years, including George W Bush's wire-tapping, the abuses at Abu Ghraib, and the existence of the CIA "black site" secret interrogation programme, had shown it could be complicit with the administrations secrecy and pushing against secrecy. "Every institution in this story has a responsibility. Our courts have been increasingly deferential to the government in FOIA actions ? for instance, in the OIC memo about Awlaki." Vladeck said that the issue would generate debate but added: "Whether it will generate anything more than debate is up to Congress." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 7 08:09:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Feb 2013 09:09:29 -0500 Subject: [Infowarrior] - Breaking the TLS and DTLS Record Protocols Message-ID: <5AB82397-0273-4EAE-9936-A0453329675C@infowarrior.org> http://www.isg.rhul.ac.uk/tls/ The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks like the Internet. It is widely used to secure web traffic and e-commerce transactions on the Internet. Datagram TLS (DTLS) is a variant of TLS that is growing in importance. We have found new attacks against TLS and DTLS that allow a Man-in-the-Middle attacker to recover plaintext from a TLS/DTLS connection when CBC-mode encryption is used. The attacks arise from a flaw in the TLS specification rather than as a bug in specific implementations. We have carried out experiments to demonstrate the feasibility of the attacks against the OpenSSL and GnuTLS implementations of TLS, and we have studied the source code of other implementations to determine whether they are likely to be vulnerable. There are effective countermeasures against our attacks and we have worked with a number of TLS and DTLS software developers to prepare patches and security advisories. http://www.isg.rhul.ac.uk/tls/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 7 12:36:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Feb 2013 13:36:32 -0500 Subject: [Infowarrior] - Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits Message-ID: <0DCE2DD0-A264-4177-99B2-74BD54941757@infowarrior.org> Canadian Chamber Of Commerce Wants To Legalize Spyware Rootkits To Help Stop 'Illegal' Activity from the this-is-a-bad-idea dept As a whole bunch of folks have been sending in, up in Canada, as part of a discussion on anti-spam laws, the Canadian Chamber of Commerce is proposing a very troubling idea: allowing rootkit spyware to be installed surreptitiously for the purpose of stopping illegal activity. As Geist notes, the last time this battle was fought, it was fresh on the heels of the Sony rootkit debacle, so there wasn't much support for these concepts. But, with a few years distance, the industry groups are trying again. Specifically they either want to remove language that prevents the surreptitious installation of spyware -- or they want specific exemptions... < - > http://www.techdirt.com/articles/20130207/03465521908/canadian-chamber-commerce-wants-to-legalize-spyware-rootkits-to-help-stop-illegal-activity.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 7 14:26:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Feb 2013 15:26:43 -0500 Subject: [Infowarrior] - DHS buying 21m more rounds of ammo Message-ID: Conspiracy theories aside, it's high time someone in the major media asked WTF is going on with yet another huge purchase of ammo by DHS. It can't be all for "training" purposes.....maybe all this is a backdoor way of reducing the # of rounds made available to citizens to try and control gun violence? ---rick US Govt betters Civilians, buys additional 21 million rounds of Ammo Thursday, 07 February 2013 http://macedoniaonline.eu/content/view/22655/61/ The US Government seems to have find a good way to spend tax payers dollars. But it isn't new roads or hospitals... it's Guns and Ammo! The US Department of Homeland Security is set to purchase a further 21.6 million rounds of ammunition to add to the 1.6 billion bullets it has already obtained over the course of the last 10 months alone, figures which have stoked concerns that the federal agency is preparing for civil unrest. A solicitation posted yesterday on the Fed Bid website details how the bullets are required for the DHS Federal Law Enforcement Training Center in Artesia, New Mexico. The solicitation asks for 10 million pistol cartridge .40 caliber 165 Grain, jacketed Hollow point bullets (100 quantities of 100,000 rounds) and 10 million 9mm 115 grain jacketed hollow point bullets (100 quantities of 100,000 rounds). The document also lists a requirement for 1.6 million pistol cartridge 9mm ball bullets (40 quantities of 40,000 rounds). An approximation of how many rounds of ammunition the DHS has now secured over the last 10 months stands at around 1.625 billion. In March 2012, ATK announced that they had agreed to provide the DHS with a maximum of 450 million bullets over four years, a story that prompted questions about why the feds were buying ammunition in such large quantities. To put that in perspective, during the height of active battle operations in Iraq, US soldiers used 5.5 million rounds of ammunition a month. Extrapolating the figures, the DHS has purchased enough bullets over the last 10 months to wage a full scale war for almost 30 years. From rforno at infowarrior.org Thu Feb 7 15:47:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Feb 2013 16:47:20 -0500 Subject: [Infowarrior] - OpEd: The Targeted Killing Memo and the Problem of Secret Law Message-ID: February 7, 2013, 2:34 pm The Targeted Killing Memo and the Problem of Secret Law By LINCOLN CAPLAN http://takingnote.blogs.nytimes.com/2013/02/07/the-targeted-killing-memo-and-the-problem-of-secret-law/?hp After NBC news published the targeted killing ?white paper,? a bipartisan group of senators led by Ron Wyden, the Democrat from Oregon, asked the White House to release the actual legal opinions outlining why the president has the right to authorize the killing of American citizens during the course of counterterrorism operations. The White House announced Wednesday that it would release to Congress classified documents on drone attacks, but it?s not yet clear whether those include the full classified 2010 memorandum presenting the Justice Department?s legal reasoning. Whatever the case may be, the White House is only prepared to share these documents with two Congressional Intelligence Committees, not all of Congress and not the public. (Intelligence personnel could black out truly sensitive material to avoid jeopardizing national security.) In other words, President Obama is still not committing to full disclosure ? which is especially disappointing since he released four detailed torture memos from the Bush years after he took office. Through his actions, or rather inaction, he is betraying a promise of his 2008 campaign as well as a fundamental element of American democracy: Openness between the government and the people it represents. Without that, there is no reliable basis for accountability. Democracy works best when the government minimizes secrecy, including by recognizing that while the mechanics of national security operations must of course remain covert, there?s no reason not to openly explain the legal basis for these operations. America re-learned this lesson six years ago, when the public realized that the Bush administration had secretly made law within the executive branch, allowing for the torture of prisoners taken in its war on terror. Until then, as I?ve written about elsewhere in more detail, the Bush administration had acted in this area outside the bounds of democracy and accountability. When its legal memo about torture surfaced, it became clear that it expressed a political view, not a legally defensible one, and wide agreement developed among experts that the case for torture was unsupported by American or international law. * During the past generation, there has been a profound disagreement about the scope of presidential power ? and, really, about the nature of American democracy. The view of the Bush administration was that the separation of powers between the federal government?s three branches gives the president exclusive control over decisions about war, regardless of contradictory law established by Congress, the Supreme Court or an international treaty signed by the United States. The view of the Clinton administration was that the separation of powers gives Congress and the president overlapping control. This is also the view of the modern Supreme Court. It means that laws arising from Congress, the court or international treaty constrain the executive branch. The Bush view meant that the president was literally unchecked: it asserted the kind of sweeping authority that the Nixon administration only threatened but that brought down that administration when the Supreme Court ruled that it wasn?t above the law. The Clinton view meant that the executive branch restrained itself and respected the views of the other branches. The Obama administration has suggested it holds the Clinton view. That is the welcome gist of the White House announcement that it will let congressional committees see classified documents presenting the administration?s legal basis for targeted killing. But partial disclosure is insufficient. Just as it was essential for Congress and the American people to read the Bush administration?s reasoning about torture, it is now essential for Congress and the people to gain access to the Obama administration?s reasoning about targeted killing. Because of its mistaken view of presidential power, the Bush administration functioned in critical ways as an autocracy, not as the executive branch checked and balanced by other branches in a democracy. It?s important for the Obama administration to confirm that it is doing the opposite. What?s at stake are not secret operations of the government but, instead, the nature and character of American governance. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 8 09:09:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Feb 2013 10:09:15 -0500 Subject: [Infowarrior] - =?windows-1252?q?Stuart_Freeborn=2C_=91Star_Wars?= =?windows-1252?q?=92_Makeup_Artist=2C_Dies_at_98?= Message-ID: Stuart Freeborn, ?Star Wars? Makeup Artist, Dies at 98 By DOUGLAS MARTIN http://www.nytimes.com/2013/02/08/movies/stuart-freeborn-star-wars-makeup-artist-dies-at-98.html Stuart Freeborn, a movie makeup artist whose alchemy helped shape the outlandish space creatures that stalk the ?Star Wars? films ? including the big-eared, big-brained little Yoda, whom he modeled after himself and Albert Einstein ? died on Tuesday in London. He was 98. George Lucas, the ?Star Wars? director, announced his death, calling him ?a makeup legend.? Mr. Freeborn worked on more than 75 movies, creating the makeup for stars like Marlene Dietrich, Burt Lancaster, Vivien Leigh and Gregory Peck. He created the looks of the three characters ? Group Capt. Lionel Mandrake of the Royal Air Force, President Muffley and the paraplegic ex-Nazi Dr. Strangelove ? Peter Sellers played in Stanley Kubrick?s 1964 black comedy, ?Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb.? Mr. Kubrick so liked the ?Strangelove? work that he asked Mr. Freeborn to create the apelike hominids in ?The Dawn of Man? sequence in the 1968 film ?2001: A Space Odyssey.? The project, taking two years for Mr. Freeborn to complete, involved crafting masks with lips and tongues that moved, realistic-looking simian teeth and body suits made from human, yak and horsehair. Mr. Lucas was so impressed with his ?Space Odyssey? work that he asked Mr. Freeborn to handle makeup duties for ?Star Wars.? He accepted the job but not before questioning whether the movie would be a box-office success. (The ?Star Wars? series has made over $4 billion.) His inspiration for the look of Yoda, a puppet, came when he looked in the mirror and saw the lumps and bumps on his own face. To convey the mental power of this master of the Jedi Order, an ancient monastic peacekeeping organization in the ?Star Wars? universe, he hit on the notion of using Einstein?s eye wrinkles. Yoda?s big ears popped out of Mr. Freeborn?s imagination. Still, he said in an interview in 2008, he had remained nervous about his idea. ?I had never modeled anything so quick,? he said. ?It?s going to be a load of rubbish.? Mr. Lucas demanded to see Yoda immediately. When Mr. Freeborn removed the cloth covering his model, he recalled, Mr. Lucas exclaimed, ?That?s it! That?s just what I want!? Mr. Freeborn also made Chewbacca, the furry 7-foot-3 co-pilot of the hero Han Solo, played by Harrison Ford. (Peter Mayhew played Chewbacca.) He made Jabba the Hutt, a large, sluglike alien that required three puppeteers to operate, for the third film in the original series, ?Return of the Jedi.? To create the bizarre crowd of extraterrestrials who gather at the ?Star Wars? cantina, Mr. Freeborn recruited his wife, Kay, and son, Graham, both makeup artists, to help. Mrs. Freeborn died last year. Mr. Freeborn?s sons, Graham, Roger and Ray, also died before him. He is survived by seven grandchildren and a number of great-grandchildren. Stuart Freeborn was born in London on Sept. 5, 1914. Even as a teenager, he yearned to work in the movie business and practiced making himself up to look like different characters. He studied chemistry to learn how to use different kinds of plastic without harming human skin. Shrugging off his father?s pleas that he follow him into the insurance business, Mr. Freeborn repeatedly applied to studios, sometimes even sneaking into them hoping to demonstrate his skills. At 25, he devised a bolder scheme: he called studio executives and the newspapers to tell the lie that the Ethiopian emperor Haile Selassie was driving around Mr. Freeborn?s London suburb. The emperor was in fact Mr. Freeborn wearing a fake beard and nose. He was detained by the police but not hired by the studios. Undaunted, he sent photos of his work to the director Alexander Korda, a leader in the British film industry. Mr. Korda hired him, and he was soon doing makeup for costume dramas and period pieces. One of his earliest credited jobs was for David Lean?s 1948 film classic, ?Oliver Twist.? For the villain Fagin ? Dickens frequently referred to him in the novel as ?the Jew? ? Mr. Freeborn offered two different noses: one cartoonishly hooked, the other of the more conventional variety. His bosses chose the hooked nose for the actor in the role, Alec Guinness, evoking an anti-Semitic stereotype and prompting accusations of anti-Semitism. The film was not shown in the United States until 1951. Mr. Freeborn said he deeply regretted the use of the image, not least, he said, because he was part Jewish. Mr. Freeborn immodestly said that there was little he could not do when it came to transforming actors into credible-looking characters. He said he more than once enlarged actresses? breasts for nude scenes. But he was never nominated for an Academy Award. His friends thought his best chance for an Oscar was for his work in ?2001,? but only ?Planet of the Apes? was recognized at the 1969 ceremony: an honorary Academy Award for its makeup artist, John Chambers. Mr. Freeborn?s supporters speculated that his apes were so realistic that the Oscar?s judges may have thought they were real. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 8 10:55:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Feb 2013 11:55:34 -0500 Subject: [Infowarrior] - EU cyber security directive considered harmful Message-ID: <69A09818-7F63-473A-BA10-E6242D56CA50@infowarrior.org> EU cyber security directive considered harmful February 8th, 2013 at 10:11 UTC by Ross Anderson http://www.lightbluetouchpaper.org/2013/02/08/eu-cyber-security-directive-considered-harmful/ Yesterday the European Commission launched its new draft directive on cybersecurity, on a webpage which omits a negative Opinion of the Impact Assessment Board. This directive had already been widely leaked, and I wrote about it in an EDRi Enditorial. There are at least two serious problems with it. The first is that it will oblige Member States to set up single ?competent authorities? for technical expertise, international liasion, security breach reporting and CERT functions. In the UK, these functions are distributed across GCHQ, MI5/CPNI, the new NCA, the ICO and various private-sector bodies. And the UK is relatively centralised; in Germany, for example, there?s a constitutional separation between police and intelligence functions. Centralisation will not just damage the separation of powers essential in any democracy, but will also harm operational effectiveness. Most of our critical infrastructure is in the hands of foreign companies, from O2 through EDF to Google; moving cybersecurity cooperation from the current loose association of private-public partnerships to a centralised, classified system will make it harder for most of them to play. Second, whereas security-breach notification laws in the USA require firms to report breaches to affected citizens, articles 14 and 15 instead require breach notification to the ?competent authority?. Notification requirements can be changed later by order (14.5-7) and the ?competent authorities? only have to tell us if they determine it?s in the ?public interest? (14.4). So instead of empowering us, it will empower the spooks. But that?s not all. Member States must ?ensure that the competent authorities have the power to require market operators and public administrations to: (a) provide information needed to assess the security of their networks and information systems, including documented security policies; and (b) undergo a security audit carried out by a qualified independent body or national authority and make the results thereof available to the competent authority? (15.2). States must also ?ensure that competent authorities have the power to issue binding instructions to market operators and public administrations? (15.3) Now as Parliament has just criticised the Home Office?s attempt to take powers to order firms like Google and Facebook to disclose user data by means of the Communications Data Bill, I hope everyone will think long and hard about the implications of passing this Directive as it stands. It?s yet another unfortunate step towards the militarisation of cyberspace. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 9 09:33:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Feb 2013 10:33:11 -0500 Subject: [Infowarrior] - =?windows-1252?q?DHS_Watchdog_OKs_=91Suspicionles?= =?windows-1252?q?s=92_Seizure_of_Electronic_Devices_Along_Border?= Message-ID: <9DBE374A-8DFA-4EB9-A630-9B627A79B54E@infowarrior.org> DHS Watchdog OKs ?Suspicionless? Seizure of Electronic Devices Along Border ? By David Kravets ? 02.08.13 ? 1:20 PM http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/?cid=co5746764 The Department of Homeland Security?s civil rights watchdog has concluded that travelers along the nation?s borders may have their electronics seized and the contents of those devices examined for any reason whatsoever ? all in the name of national security. The DHS, which secures the nation?s border, in 2009 announced that it would conduct a ?Civil Liberties Impact Assessment? of its suspicionless search-and-seizure policy pertaining to electronic devices ?within 120 days.? More than three years later, the DHS office of Civil Rights and Civil Liberties published a two-page executive summary of its findings. ?We also conclude that imposing a requirement that officers have reasonable suspicion in order to conduct a border search of an electronic device would be operationally harmful without concomitant civil rights/civil liberties benefits,? the executive summary said. The memo highlights the friction between today?s reality that electronic devices have become virtual extensions of ourselves housing everything from e-mail to instant-message chats to photos and our papers and effects ? juxtaposed against the government?s stated quest for national security. The President George W. Bush administration first announced the suspicionless, electronics search rules in 2008. The President Barack Obama administration followed up with virtually the same rules a year later. Between 2008 and 2010, 6,500 persons had their electronic devices searched along the U.S. border, according to DHS data. < - > From rforno at infowarrior.org Sat Feb 9 09:41:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Feb 2013 10:41:37 -0500 Subject: [Infowarrior] - Following a Herd of Bulls on Apple Message-ID: <2B67DFFC-6E21-4F32-BFC7-12D8C785F185@infowarrior.org> (For more on this, read the 2008 book "Full of Bull" or Josh Brown's 2012 book (name escapes me) on more of the analytical games / conflict of interest present on Wall Street. The best advice is to tune it all out and do your own homework! --- rick) Following a Herd of Bulls on Apple By JAMES B. STEWART http://www.nytimes.com/2013/02/09/business/following-a-herd-of-bulls-on-apples-stock.html Last September, Apple shares hit a record $705. And to the overwhelming majority of Wall Street analysts, that meant one thing: buy. By November, with Apple stock in the midst of a precipitous decline, they were still bullish. Fifty of 57 analysts rated it a buy or strong buy; only two rated it a sell. Apple shares continued their plunge, and this week were trading at just over $450, down 36 percent from their peak. How could professional analysts have gotten it so wrong? It wasn?t supposed to be this way. A decade ago, Congressional hearings and an investigation by Eliot Spitzer, then the New York attorney general, exposed a maze of conflicts of interest afflicting Wall Street research. There were some notorious examples of analysts who curried favor with investment banking clients and potential clients by producing favorable research, and then were paid huge bonuses out of investment banking fees. Many investors and regulators blamed analysts? overly bullish forecasts for helping to inflate the dot-com bubble that burst in 2000. After a global settlement of Mr. Spitzer?s investigation by major investment banks and the Sarbanes-Oxley reform legislation in 2002, investment banking and research operations were segregated. Conflicts had to be disclosed, and research and analyst pay was detached from investment banking revenues, among other measures. These reforms seem to have worked ? but only up to a point. Other conflicts have come to the fore, especially at large brokerage firms and investment banks. And studies have shown that analysts are prone to other influences ? like following the herd ? that can undermine their judgments. ?The reforms didn?t necessarily make analysts better at their jobs,? said Stuart C. Gilson, a professor of finance at Harvard Business School. It may be no coincidence that the only analyst who even came close to calling the peak in Apple?s stock runs his own firm and is compensated based on the accuracy of his calls. Carlo R. Besenius, founder and chief executive of Creative Global Investments, downgraded Apple to sell last Oct. 3, with shares trading at $685. In December, he lowered his price target to $420, and this week he told me he may drop it even further, to $320. Mr. Besenius founded his firm a decade ago after spending many years in research at Merrill Lynch and Lehman Brothers. ?I saw so many conflicts of interest in trading, investment banking and research, so I started a conflict-free company,? he said this week from Luxembourg, where he was born and now lives. ?Wall Street is full of conflicts. It still is and always will be. It?s incompetent at picking stocks.? Since the passage of Sarbanes-Oxley, several studies have documented a decline in the percentage of analysts? buy recommendations, albeit a modest one, while sell recommendations have increased. ?Before 2002, analyst recommendations were tilted toward optimistic at an extreme rate,? Ohad Kadan, a professor of finance at Washington University in St. Louis, and co-author of one of the studies, told me this week. ?That?s still true today, but it?s not as extreme. It?s a little more balanced.? While investment banking conflicts have been addressed, ?the most obvious conflict now is that research is funded through the trading desks,? Professor Gilson said. ?If you?re an analyst and one way your report brings in revenue is through increased trading, a buy recommendation will do this more than a sell. For a sell, you have to already own the stock to generate a trade. But anybody can potentially buy a stock. That?s one hypothesis about why you still see a disproportionate number of buy recommendations.? That may be especially true for heavily traded stocks like Apple, which generate huge commissions for Wall Street. But no one thinks conflicts alone can explain the analysts? abysmal recent Apple performance. ?There?s too much unanimity,? Bruce Greenwald, a professor of finance and asset management at Columbia Business School and a renowned value investor, told me this week. ?That?s what?s so troubling. When that many analysts are in agreement, they can?t all be conflicted.? He and other experts say there are additional documented factors that help explain why Wall Street analysts are so often wrong: they extrapolate from recent performance data; they chase momentum; they want to please their customers; and they show a tendency toward herd behavior. Which is to say, they fall into the same pitfalls that afflict most investors. ?Why aren?t they more sophisticated? You?d hope they would be,? Professor Kadan said. ?But they always fall into the same traps.? Professor Greenwald agreed. ?When something goes up, they all put out buy recommendations. Their models extrapolate past performance into the future. They chase momentum. With Apple, they were right at $600, and they were right at $650, which reinforced the trend. So why would they be wrong at $700?? Professor Kadan said that momentum investing has its adherents, and is often right, at least in the short term that many investors focus on. ?You?d hope that analysts, of all people, would be able to anticipate an abrupt reversal, but they?re not very good at it. They loved Apple at $700. I?m sure they were trying to do their best, but they?re prisoners of momentum.? Another factor is that analysts have a tendency to tell their audience what it wants to hear. ?The analysts are in the end sales people,? Professor Greenwald said. ?Their credibility depends on their not upsetting their investors too much. Everybody loved Apple, everybody did well. The bears were always wrong. It took an enormous amount of courage to fight the tide.? Professor Kadan agreed. ?Analysts tend to herd. There?s no big penalty if you?re wrong, because everyone else is wrong. You?ve got cover. You?re not going to lose your job. If you take a different opinion, either you get a big prize if you?re right, or you lose your job. An analyst needs to be really courageous to say something different from most other analysts.? Mr. Besenius, the one analyst who downgraded Apple near its peak, said, ?I?m not afraid to make big, controversial calls,? but attributed his decision less to courage than to survival. ?I?m paid based on performance,? he said. ?I have to go to my clients and explain why they should pay for my research when they can get it for nothing from the firms where they pay their trading commissions.? Mr. Besenius based his recommendation on technical factors ? as Apple hit $700, its upward momentum and trading volume were slowing ? as well as more fundamental concerns about product quality and innovation, as well as growing competition from rivals like Samsung. And there were more subjective factors. Mr. Besenius said he became uncomfortable with what he deemed Apple?s arrogance. ?I loved Steve Jobs,? he said. ?He built a great company. But he was one of the most arrogant C.E.O.?s I?ve ever met. The way he introduced new products was one big display of arrogance. He ridiculed Microsoft as ?Micro who?? That?s a good reason to be cautious. A little humility is a good thing.? (An Apple spokesman declined to comment on Mr. Besenius?s observations.) It galls Mr. Besenius that market regulators don?t measure the performance of Wall Street?s research recommendations, and he said he believed that they should require firms to disclose the track records of stocks their analysts recommend. ?They?re not being held accountable? for bad recommendations, he maintained. ?Little firms like ours have to be better than the big firms. We have to prove we can add value. Otherwise, we wouldn?t have an existence.? Apple is only one prominent example of egg on analysts? faces, and bullish Wall Street analysts were right for years ? until they were wrong. Even today, analysts remain overwhelmingly positive about Apple. This week, 44 analysts rated it a strong buy or buy, although 10 now rate it a hold, according to Thomson Reuters. Should anyone listen? Many brokers still rely on their analysts? research, and offer the analysts? reports to clients for guidance in picking stocks to buy and sell. But the Securities and Exchange Commission takes a skeptical approach. Despite the reforms it helped put in place, it warns on its Web site of continuing conflicts of interest and says flatly, ?As a general matter, investors should not rely solely on an analyst?s recommendation when deciding whether to buy, hold, or sell a stock.? It notes that many brokers aren?t allowed to contradict recommendations from their own research departments. Professor Gilson of Harvard said: ?Analysts are like movie critics. Some are good and some are bad. I find some of them extraordinarily useful. I advise my students to look to them, but you have to read their recommendations smartly with a very critical eye.? Professor Greenwald was more dismissive. ?I never pay attention to them, ? he said. ?When a dog barks, if the dog barks all the time, you stop paying attention.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 9 10:03:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Feb 2013 11:03:41 -0500 Subject: [Infowarrior] - Monster Cable Finds Itself On The Other Side Of A Trademark Case (But Still Losing) Message-ID: <9B0A3C0F-33BB-4140-BAEA-B538ABA7A2E3@infowarrior.org> Monster Cable Finds Itself On The Other Side Of A Trademark Case (But Still Losing) from the monster-trademarks dept As you're probably aware, Monster Cable is somewhat famous as a trademark bully -- at times going after completely unrelated businesses that use the word "monster" (such as a mini-golf course, an automotive parts shop and the manufacturer of deer salt blocks) despite there being no chance for confusion. So it's interesting to see what happens when it's actually being accused of trademark infringement itself. Unlike Monster's lawsuits, this one is from a company that's actually in the same space. Dolby is suing Monster for trademark infringement and last week Monster failed in its attempt to win the case via summary judgment, while Dolby partially won its summary judgment arguments. (Updated to show the logos): < - > http://www.techdirt.com/articles/20130203/23380821872/monster-cable-finds-itself-other-side-trademark-case-still-losing.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 9 10:06:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Feb 2013 11:06:34 -0500 Subject: [Infowarrior] - FBI 'stops' another of its own terror plots Message-ID: Federal Agents Arrest Man After He Attempts to Bomb Bank in Oakland http://www.fbi.gov/sanfrancisco/press-releases/2013/federal-agents-arrest-man-after-he-attempts-to-bomb-bank-in-oakland --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 9 16:14:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Feb 2013 17:14:24 -0500 Subject: [Infowarrior] - =?windows-1252?q?Pentagon=92s_1=2E8_Gigapixel_Dro?= =?windows-1252?q?ne_Camera?= Message-ID: <205C7204-88C3-44D2-9E83-88767772BA0B@infowarrior.org> (c/o JC) Could the Pentagon?s 1.8 Gigapixel Drone Camera Be Used for Domestic Surveillance? By Ryan Gallagher Posted Wednesday, Feb. 6, 2013, at 10:14 AM ET http://www.slate.com/blogs/future_tense/2013/02/06/argus_is_could_the_pentagon_s_1_8_gigapixel_drone_camera_be_used_for_domestic.html From more than 17,000 feet in the air, it can see an object as small as six inches, tracking people and vehicles across an entire city. But the latest government-funded surveillance technology might be a violation of the Constitution if it is deployed in the United States, according to civil liberties groups. Late last month, an episode of PBS?s series NOVA, ?Rise of the Drones,? revealed for the first time the capabilities of an ?ARGUS-IS??the world?s highest resolution camera. Funded by the Pentagon?s research unit DARPA, the 1.8 gigapixel ARGUS was designed to be used on drones to monitor events on the ground below. It was developed by Jiannis Antoniades, an engineer with the defense firm BAE Systems, who told Nova the technology uses a ?persistent stare? that is equivalent of having 100 Predator drones look at an area the size of a medium city at once. Merging together 368 separate image chips to create a single giant picture, it can save up to 1 million terabytes of data each day?that?s the equivalent of about 5,000 hours of high-definition footage?enabling the drone operator to ?go back in time? to hone in on a particular event in a specific time or place. And perhaps most significantly, it can also automatically track ?everything that is a moving object.? A constant eye in the sky hovering above a city, able to track movements and zoom in on any area in the past or present, could be powerful a powerful tool not just for the military in warzones?but for law enforcement agencies domestically. However, Jay Stanley, senior policy analyst for the ACLU, believes if the camera were to be deployed in the United States, it would raise legal questions. ?We hope that the courts will recognize that the Fourth Amendment should provide protection from the kind of suspicionless tracking that this technology makes possible,? he told me. Courts have previously ruled that there is no reasonable expectation of privacy in public places when it comes to surveillance. But location-tracking technologies and license-plate scanners allow for a new kind of ubiquitous retroactive monitoring by law enforcement that privacy advocates believe should require a search warrant authorized by a judge. According to Jennifer Lynch, staff attorney with the Electronic Frontier Foundation, a landmark Supreme Court judgment last year on GPS trackers may have a future bearing on the use of surveillance equipment like the ARGUS in the United States. The judgement in U.S. v. Jones held that law enforcement use of GPS devices to monitor movements constitutes a ?search,? making it difficult for police to put a tracker on a car without first obtaining a warrant because it falls under the Fourth Amendment?s protections against unreasonable searches and seizures. ?This kind of tracking from cameras could raise the same concerns,? says Lynch. ?If the cameras are never turned off and they are able to cover the area of a city and you're able to pick out a specific person or even a specific car?that's really problematic.? Whether the ARGUS will be deployed on American soil in the foreseeable future is anyone?s guess. The technology is highly secretive; in the PBS broadcast, the engineer wouldn?t comment on deployment because he said it was ?classified.? Either way, it?s almost certain to ramp up privacy concerns already simmering among lawmakers, who were last week warned about how drones could be used for stalking and voyeurism. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 10 15:23:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Feb 2013 16:23:18 -0500 Subject: [Infowarrior] - Air travel security data? TSA has no idea Message-ID: Air travel security data? TSA has no idea by Lisa Simeone on February 8, 2013 The Salt Lake Tribune has done a comprehensive, detailed analysis of TSA data, such as it is, and has concluded that . . . there isn?t much. Over two years ago, the Salt Lake Tribune made a FOIA request that the TSA release data on the number and type of prohibited items confiscated at checkpoints ? you know, those items the TSA is always bragging about in its weekly show-and-tells? The TSA has finally released the data (yes, it took them two years). And get this ? instead of releasing it in electronic form, which the SLT requested, and which, given the fact that we live in the modern world would make it easier to collate and comprehend, the TSA released reams of paper print-outs. So the SLT had to input the data into a computer by hand in order to analyze it. There?s that crack agency for you, always on the cutting edge! What the SLT found was that the TSA has, in fact, no idea what it?s doing. This isn?t opinion speaking; this is the data speaking... < -- > http://tsanewsblog.com/9229/news/air-travel-security-data-tsa-has-no-idea/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 10 15:24:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Feb 2013 16:24:31 -0500 Subject: [Infowarrior] - When Network Engineers Get Bored Message-ID: Received from multiple sources; this is quite amusing....what happens when network engineers get bored. ---rick creator explains how it was done @ http://beaglenetworks.net/ traceroute to 216.81.59.173 (216.81.59.173), 64 hops max, 52 byte packets (my local comcast stuff truncated) 6 be-14-pe04.ashburn.va.ibone.comcast.net (68.86.84.218) 12.994 ms 32.546 ms 13.536 ms 7 xe-7-0-2.was10.ip4.tinet.net (77.67.71.193) 13.520 ms 13.336 ms 11.905 ms 8 xe-4-3-0.atl11.ip4.tinet.net (141.136.108.134) 28.907 ms xe-0-0-0.atl11.ip4.tinet.net (89.149.183.141) 27.497 ms xe-3-2-0.atl11.ip4.tinet.net (89.149.182.217) 26.804 ms 9 epik-networks-gw.ip4.tinet.net (77.67.69.158) 27.701 ms 38.665 ms 28.833 ms 10 po0-3.dsr2.atl.epikip.net (216.81.59.2) 27.198 ms 30.228 ms 28.978 ms 11 * * * 12 episode.iv (206.214.251.1) 68.992 ms 83.036 ms 62.330 ms 13 a.new.hope (206.214.251.6) 61.682 ms 66.912 ms 67.868 ms 14 it.is.a.period.of.civil.war (206.214.251.9) 65.749 ms 63.444 ms 61.011 ms 15 rebel.spaceships (206.214.251.14) 62.225 ms 68.281 ms 65.904 ms 16 striking.from.a.hidden.base (206.214.251.17) 62.922 ms 64.718 ms 64.859 ms 17 have.won.their.first.victory (206.214.251.22) 68.768 ms 64.470 ms 62.302 ms 18 against.the.evil.galactic.empire (206.214.251.25) 66.251 ms 63.595 ms 67.638 ms 19 during.the.battle (206.214.251.30) 65.771 ms 65.175 ms 66.575 ms 20 rebel.spies.managed (206.214.251.33) 63.893 ms 64.068 ms 63.076 ms 21 to.steal.secret.plans (206.214.251.38) 61.547 ms 66.446 ms 66.904 ms 22 to.the.empires.ultimate.weapon (206.214.251.41) 66.105 ms 63.615 ms 67.313 ms 23 the.death.star (206.214.251.46) 60.832 ms 66.906 ms 61.690 ms 24 an.armored.space.station (206.214.251.49) 66.455 ms 65.037 ms 61.898 ms 25 * with.enough.power.to (206.214.251.54) 65.344 ms 65.389 ms 26 destroy.an.entire.planet (206.214.251.57) 69.193 ms 67.447 ms 65.516 ms 27 pursued.by.the.empires (206.214.251.62) 83.357 ms 321.633 ms 67.591 ms 28 sinister.agents (206.214.251.65) 66.329 ms 66.161 ms 67.119 ms 29 princess.leia.races.home (206.214.251.70) 62.367 ms 64.160 ms 65.144 ms 30 aboard.her.starship (206.214.251.73) 68.327 ms 65.466 ms 68.061 ms 31 custodian.of.the.stolen.plans (206.214.251.78) 96.490 ms 64.494 ms 70.163 ms 32 that.can.save.her (206.214.251.81) 67.212 ms 84.054 ms 64.955 ms 33 people.and.restore (206.214.251.86) 114.162 ms 69.279 ms 61.698 ms 34 freedom.to.the.galaxy (206.214.251.89) 61.700 ms 68.092 ms 66.449 ms 35 0-------------------0 (206.214.251.94) 67.272 ms * * 36 0------------------0 (206.214.251.97) 71.698 ms 65.880 ms 68.133 ms 37 0-----------------0 (206.214.251.102) 83.109 ms 64.756 ms 68.223 ms 38 0----------------0 (206.214.251.105) 67.240 ms * 70.247 ms 39 0---------------0 (206.214.251.110) 67.668 ms 69.372 ms 68.374 ms 40 0--------------0 (206.214.251.113) 83.016 ms 67.329 ms 66.780 ms 41 0-------------0 (206.214.251.118) 69.797 ms 65.827 ms 66.354 ms 42 0------------0 (206.214.251.121) 66.433 ms 67.976 ms 77.124 ms 43 0-----------0 (206.214.251.126) 66.587 ms 66.294 ms 68.433 ms 44 0----------0 (206.214.251.129) 67.030 ms 66.388 ms 66.447 ms 45 0---------0 (206.214.251.134) 67.484 ms 68.878 ms 66.451 ms 46 0--------0 (206.214.251.137) 66.715 ms 66.992 ms 112.820 ms 47 0-------0 (206.214.251.142) 149.482 ms 68.067 ms 68.466 ms 48 0------0 (206.214.251.145) 64.906 ms 65.864 ms 61.570 ms 49 0-----0 (206.214.251.150) 68.474 ms 83.779 ms 67.019 ms 50 0----0 (206.214.251.153) 63.166 ms 68.250 ms 66.863 ms 51 0---0 (206.214.251.158) 71.630 ms 64.969 ms 66.675 ms 52 0--0 (206.214.251.161) 64.838 ms 68.625 ms 61.709 ms 53 0-0 (206.214.251.166) 66.106 ms 66.851 ms 82.364 ms 54 00 (206.214.251.169) 68.740 ms 64.827 ms 67.384 ms 55 i (206.214.251.174) 65.902 ms 71.855 ms 69.126 ms 56 by.ryan.werber (206.214.251.177) 102.884 ms 86.868 ms 69.058 ms 57 when.ccies.get.bored (206.214.251.182) 70.274 ms 66.379 ms 66.635 ms 58 ccie.38168 (206.214.251.185) 82.098 ms 70.134 ms 73.998 ms 59 fin (206.214.251.190) 69.948 ms * --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 10 17:12:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Feb 2013 18:12:39 -0500 Subject: [Infowarrior] - OT: Ron Paul suddenly likes the UN Message-ID: Ron Paul Wants RonPaul.com So Badly That He?s Asking The UN For Help http://www.mediaite.com/online/ron-paul-wants-ronpaul-com-so-badly-that-hes-asking-the-un-for-help/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 11 17:42:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Feb 2013 18:42:32 -0500 Subject: [Infowarrior] - Linux Foundation finally gets Microsoft signature on secure UEFI bootloader Message-ID: <38E0EA2E-D56B-4FB1-A2D4-7E35D1408667@infowarrior.org> Linux Foundation finally gets Microsoft signature on secure UEFI bootloader By Sharif Sakr posted Feb 11th, 2013 at 6:10 PM http://www.engadget.com/2013/02/11/linux-foundation-secure-boot/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 12 07:26:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Feb 2013 08:26:59 -0500 Subject: [Infowarrior] - Software that tracks people on social media created by defence firm Message-ID: <0B576F75-869D-4443-9D53-290BD4F9DD78@infowarrior.org> Software that tracks people on social media created by defence firm Exclusive: Raytheon's Riot program mines social network data like a 'Google for spies', drawing ire from civil rights groups ? Ryan Gallagher ? The Guardian, Sunday 10 February 2013 10.20 EST http://www.guardian.co.uk/world/2013/feb/10/software-tracks-social-media-defence A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites. A video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare. Raytheon says it has not sold the software ? named Riot, or Rapid Information Overlay Technology ? to any clients. But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing "trillions of entities" from cyberspace. The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns. The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a "Google for spies" and tapped as a means of monitoring and control. Using Riot it is possible to gain an entire snapshot of a person's life ? their friends, the places they visit charted on a map ? in little more than a few clicks of a button. In the video obtained by the Guardian, it is explained by Raytheon's "principal investigator" Brian Urch that photographs users post on social networks sometimes contain latitude and longitude details ? automatically embedded by smartphones within "exif header data." Riot pulls out this information, showing not only the photographs posted onto social networks by individuals, but also the location at which the photographs were taken. "We're going to track one of our own employees," Urch says in the video, before bringing up pictures of "Nick," a Raytheon staff member used as an example target. With information gathered from social networks, Riot quickly reveals Nick frequently visits Washington Nationals Park, where on one occasion he snapped a photograph of himself posing with a blonde haired woman. "We know where Nick's going, we know what Nick looks like," Urch explains, "now we want to try to predict where he may be in the future." Riot can display on a spider diagram the associations and relationships between individuals online by looking at who they have communicated with over Twitter. It can also mine data from Facebook and sift GPS location information from Foursquare, a mobile phone app used by more than 25 million people to alert friends of their whereabouts. The Foursquare data can be used to display, in graph form, the top 10 places visited by tracked individuals and the times at which they visited them. The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: "So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday." Mining from public websites for law enforcement is considered legal in most countries. In February last year, for instance, the FBI requested help to develop a social-media mining application for monitoring "bad actors or groups". However, Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, said the Raytheon technology raised concerns about how troves of user data could be covertly collected without oversight or regulation. "Social networking sites are often not transparent about what information is shared and how it is shared," McCall said. "Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search." Raytheon, which made sales worth an estimated $25bn (?16bn) in 2012, did not want its Riot demonstration video to be revealed on the grounds that it says it shows a "proof of concept" product that has not been sold to any clients. Jared Adams, a spokesman for Raytheon's intelligence and information systems department, said in an email: "Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation's rapidly changing security needs. "Its innovative privacy features are the most robust that we're aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed." In December, Riot was featured in a newly published patent Raytheon is pursuing for a system designed to gather data on people from social networks, blogs and other sources to identify whether they should be judged a security risk. In April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category "big data ? analytics, algorithms." According to records published by the US government's trade controls department, the technology has been designated an "EAR99" item under export regulations, which means it "can be shipped without a licence to most destinations under most circumstances". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 12 21:07:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Feb 2013 22:07:12 -0500 Subject: [Infowarrior] - WH Statement: Executive Order on Improving Critical Infrastructure Cybersecurity Message-ID: <2D71D747-9578-4809-BE17-20274A5A899A@infowarrior.org> The White House Office of the Press Secretary For Immediate Release February 12, 2013 http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity-0 Executive Order on Improving Critical Infrastructure Cybersecurity Today, President Obama signed an Executive Order to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with our industry partners. ? Defense Industrial Base Information Sharing Program Now Open to Other Sectors: The Order expands the voluntary Enhanced Cybersecurity Services program, enabling near real time sharing of cyber threat information to assist participating critical infrastructure companies in their cyber protection efforts. ? NIST to Lead Development of Cybersecurity Framework: NIST will work collaboratively with critical infrastructure stakeholders to develop the framework relying on existing international standards, practices, and procedures that have proven to be effective. Partnering with Industry to Protect Our Most Critical Assets from Cyber Attack Today?s new Executive Order was developed in tandem with the Presidential Policy Directive on Critical Infrastructure Security and Resilience also released today. The Executive Order strengthens the U.S. Government?s partnership with critical infrastructure owners and operators to address cyber threats through: ? New information sharing programs to provide both classified and unclassified threat and attack information to U.S. companies. The Executive Order requires Federal agencies to produce unclassified reports of threats to U.S. companies and requires the reports to be shared in a timely manner. The Order also expands the Enhanced Cybersecurity Services program, enabling near real time sharing of cyber threat information to assist participating critical infrastructure companies in their cyber protection efforts. ? The development of a Cybersecurity Framework. The Executive Order directs the National Institute of Standards and Technology (NIST) to lead the development of a framework of cybersecurity practices to reduce cyber risks to critical infrastructure. NIST will work collaboratively with industry to develop the framework, relying on existing international standards, practices, and procedures that have proven to be effective. To enable technical innovation, the Cybersecurity Framework will provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services. The Executive Order also: ? Includes strong privacy and civil liberties protections based on the Fair Information Practice Principles. Agencies are required to incorporate privacy and civil liberties safeguards in their activities under this order. Those safeguards will be based upon the Fair Information Practice Principles (FIPPS) and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies will conduct regular assessments of privacy and civil liberties impacts of their activities and such assessments will be made public. ? Establishes a voluntary program to promote the adoption of the Cybersecurity Framework. The Department of Homeland Security will work with Sector-Specific Agencies like the Department of Energy and the Sector Coordinating Councils that represent industry to develop a program to assist companies with implementing the Cybersecurity Framework and to identify incentives for adoption. ? Calls for a review of existing cybersecurity regulation. Regulatory agencies will use the Cybersecurity Framework to assess their cybersecurity regulations, determine if existing requirements are sufficient, and whether any existing regulations can be eliminated as no longer effective. If the existing regulations are ineffective or insufficient, agencies will propose new, cost-effective regulations based upon the Cybersecurity Framework and in consultation with their regulated companies. Independent regulatory agencies are encouraged to leverage the Cybersecurity Framework to consider prioritized actions to mitigate cyber risks for critical infrastructure consistent with their authorities. Building on Progress In May of 2009, President Obama declared our digital infrastructure a strategic national asset and made protecting this infrastructure a national priority. As part of this effort, the Obama Administration has: ? Created the National Cybersecurity & Communications Integration Center: The NCCIC is a 24-hour, DHS-led coordinated watch and warning center that improves our nation?s ability to address threats and incidents affecting critical infrastructure, the Internet, and cyberspace. ? Issued the National Strategy for Trusted Identities in Cyberspace: The NSTIC and its programs are creating alternatives to passwords for online services that are more convenient, secure, and privacy enhancing. ? Submitted to Congress Comprehensive Cybersecurity Legislation: The Administration continues to believe that legislation is needed to fully address this threat. Existing laws do not permit the government to do all that is necessary to better protect our country. The Executive Order ensures that federal agencies and departments take steps to secure our critical infrastructure from cyber attack, as a down-payment on expected further legislative action. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 12 21:08:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Feb 2013 22:08:08 -0500 Subject: [Infowarrior] - WH Fact Sheet: Critical Infrastructure Security Message-ID: The White House Office of the Press Secretary For Immediate Release February 12, 2013 http://www.whitehouse.gov/the-press-office/2013/02/12/fact-sheet-presidential-policy-directive-critical-infrastructure-securit FACT SHEET: PRESIDENTIAL POLICY DIRECTIVE ON CRITICAL INFRASTRUCTURE SECURITY AND RESILIENCE To complement the Cyber Security Executive Order issued today, the Administration is also issuing a Presidential Policy Directive (PPD) on critical infrastructure security and resilience that updates the national approach from Homeland Security Presidential Directive 7, issued in 2003, to adjust to the new risk environment, key lessons learned, and drive toward enhanced capabilities. The Nation?s critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary for us to strengthen and maintain secure, functioning, and resilient critical infrastructure ? including the assets, networks, and systems that are vital to public confidence and the Nation?s safety, prosperity, and well-being. This endeavor is a shared responsibility among the Federal, state, local, tribal, and territorial entities, and public and private owners and operators of critical infrastructure. The Nation?s critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical and cyber spaces, and governance constructs that involve varied authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient. While there has been extensive work done to enhance both the physical and cyber security and resilience of critical infrastructure, this PPD will create a stronger alliance between these two intertwined components. The ability to leverage and integrate successes in both of these fields is crucial to the enhancement of our Nation?s security and resilience. Three strategic imperatives drive the Federal approach to strengthen critical infrastructure security and resilience: ? Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience; ? Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and ? Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure. Accomplishment of these imperatives will be through the successful completion of six key deliverables: ? Development of a description of the functional relationships within the Department of Homeland Security and across the Federal Government related to critical infrastructure security and resilience within 120 days. ? Completion of an assessment of the existing public-private partnership model and recommended options for improving the partnership within 150 days. ? Identification of baseline data and systems requirements for the Federal Government to enable efficient information exchange within 180 days. ? Development of a situational awareness capability for critical infrastructure within 240 days. ? Update the National Infrastructure Protection Plan within 240 days. ? Completion of a national critical infrastructure security and resilience research and development plan within 2 years. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 13 11:42:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Feb 2013 12:42:57 -0500 Subject: [Infowarrior] - DOD creating medal for cyber & drone warriors Message-ID: <05E90DE7-756A-4C55-9B5C-F25FDD6225B7@infowarrior.org> Pentagon creates new medal to for extraordinary work by cyber, drone warriors By Associated Press http://www.washingtonpost.com/politics/pentagon-creates-new-medal-to-for-extraordinary-work-by-cyber-drone-warriors/2013/02/13/a0e104e4-75fe-11e2-9889-60bfcbb02149_print.html WASHINGTON ? Defense officials say the Pentagon is creating a new medal that can be awarded to troops who have a direct impact on combat operations, but do it from afar. The Associated Press has learned that the new Distinguished Warfare Medal will be awarded to individuals for ?extraordinary achievement? related to a military operation. Unlike other combat medals, it does not require the recipient risk his or her life. The medal is a recognition of the evolving 21st Century warfare where troops fight wars from computers and video screens. The medal could go to service members who never set foot in a combat zone, but launch drone strikes or cyberattacks that can kill or disable an enemy. Officials spoke on condition of anonymity because the announcement has not yet been made. Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 13 14:12:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Feb 2013 15:12:24 -0500 Subject: [Infowarrior] - New CISPA is out..... Message-ID: H.R. 624 - The Cyber Intelligence Sharing and Protection Act of 2013 http://intelligence.house.gov/hr-624-bill-and-amendments A first skim through shows the infamous "Notwithstanding any other provision of law" clause is still there......I'll read more later this week, but my gut feeling is that it's (unfortunately) identical to the 2012 version. -- rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 14 08:23:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Feb 2013 09:23:58 -0500 Subject: [Infowarrior] - Thanks, Adobe. Protection for critical zero-day exploit not on by default Message-ID: <448A920B-85DC-4C87-80DE-90844DB5E39E@infowarrior.org> Thanks, Adobe. Protection for critical zero-day exploit not on by default Reader protected view: Like car airbags that work only if owners flip a switch. by Dan Goodin - Feb 14 2013, 3:41am EST http://arstechnica.com/security/2013/02/thanks-adobe-protection-for-critical-zero-day-exploit-not-on-by-default/ The recently discovered zero-day attacks targeting critical vulnerabilities in Adobe's ubiquitous Reader application are able to bypass recently added security defenses unless end users manually make changes to default settings, company officials said. According to an advisory Adobe published Wednesday night, the "protected view" feature prevents the current attacks from working?but only if it's manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the "Files from potentially unsafe locations," or even the "All files" option. Then click OK. There's also a way for administrators to enable protected view on Windows machines across their organization. The revelation is significant because it means users aren't protected when using the default version of the widely used document reader. The limitation came to light following the discovery of in-the-wild attacks against current versions of Reader, which are being exploited to surreptitiously install malware on end-user computers. The exploit is also noteworthy because its intricate code base bypasses several additional protections added just four months ago with the goal thwarting malware attacks. < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 14 08:54:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Feb 2013 09:54:28 -0500 Subject: [Infowarrior] - Russia blacklists site hosting blogs of prominent journalists Message-ID: Russia blacklists site hosting blogs of prominent journalists 4:58pm | 8 February 2013 | by Mike Rispoli https://www.accessnow.org/blog/2013/02/08/russia-blacklists-site-hosting-blogs-of-prominent-journalists The Russian government has blocked access to a blog-hosting site that publishes reports from at least two prominent independent journalists often critical of the Kremlin. The site has been added to the country?s recently established official ?internet blacklist.? LJRossia.org, also known as InsaneJournal, is ?a non-profit project created to support freedom of speech, civil society and encourage the free exchange of ideas.? The site was censored today, reportedly over two posts that contained ?child pornography elements.? But instead of blocking or removing the two posts in question, the entire site is inaccessible on at least one Russian ISP, RosTelekom. While the child pornography is deplorable, Russian activists speculate that the government has used allegations of such content as an excuse to silence political opposition. At least two prominent journalists host their blogs on LJRossia.org: Andrei Malgin, a journalist who has been very critical of the government and hosts a mirror site at LJR, and Vladimir Pribylovsky, who has been targeted for publishing a large database of government misdeeds and for disclosing official documents that expose corruption. LJR is seen as a less-regulated platform than LiveJournal, Russia?s most popular blogging network. LiveJournal is home to many well-known Russian political pundits and journalists, as well as opposition leader and political activist Alexei Navalny. LJR is based off an early open-source version of LiveJournal. Prior to today?s reports of censorship, sites on the blacklist mainly consisted of child pornography, drug use, or suicide-related posts. However, LJR is not the first main site to be blocked. In November, the government agency in charge of the blacklist, Roskomnadzor (which means ?Overseeing Russian Communications?) censored Lurkmore, a Russian-language wiki-style encyclopedia. The site was blocked for 10 days over an article about suicide, causing public uproar. Only after the post was removed was Lurkmore available again within Russia. The decision to block LJR raises numerous concerns. LJR is an independent, non-commercial outfit, meaning it has no tech firm or big business standing behind it. LJR hosts user-generated content--often critical of the government--and promotes free speech and open dialogue. It was an easy target for Roskomnadzor, signaling the agency?s willingness to go after online sites that don?t play by the rules. The biggest fear though, is that Roskomnadzor will go after big sites like LiveJournal next. Like LJR, LiveJournal is hosted outside of Russia, and is out of the Kremlin?s reach when it comes to seizing domains. However, DNS or IP blocking would easily make the site inaccessible within Russia. Activists worry that if the government will block an entire blog network because of the actions of a few individuals, that LiveJournal--home to some of Russia?s most vocal government critics and resonant independent voices--may be at greater risk than previously realized. If this is the case, than any social networks or site hosting user-generated content, such as Facebook, Google, and Twitter, may be vulnerable to filtering. The country?s popular Russian-language social networks, Vkontakte and Odnoklassniki, are seen as exempt from such targeting: activists accuse the government of imposing tight controls over content. And as both Vkontakte and Odnoklassniki are hosted in Russia, they fall under Russian legal jurisdiction, offering the goverment easy access to user data--underscoring the fact that social networks can double as highly effective surveillance tools. The censoring of independent sites like LJR allows the Russian government to exert a monopoly over user choice of web services while concentrating pressure on the remaining few. If nothing else, today?s decisions sends a clear and chilling message to Russian journalists and internet users: The government owns your internet, and will do whatever it sees fit to control it. If you don?t play by their rules, you?re offline. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 14 12:16:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Feb 2013 13:16:14 -0500 Subject: [Infowarrior] - Spammers unleash DIY phone number slurping web tool Message-ID: <1F270BA0-2B2F-4B42-A407-1F6F46827BFC@infowarrior.org> Spammers unleash DIY phone number slurping web tool By John Leyden ? Get more from this author Posted in Security, 14th February 2013 17:03 GMT http://www.theregister.co.uk/2013/02/14/phone_harvesting_service_creates_spam_menace/ Mobile spammers have released a DIY phone number harvesting tool, but instead of advertising it solely on criminals-only online hangouts, they're trying to flog it out in the open. The availability of the utility turns the simple act of submitting a mobile number to a website something that might lead to the receipt of more SMS (text message) spam. A new version of the phone number harvesting tool crawls the web and indexes mobile numbers, phone ID numbers, the names of the owner, and the associated mobile operator - among other information. Users of the tool can choose which country they want to target. The harvested information is later used for various malicious and fraudulent purposes. Key features of the tool include automatic recognition of Russian and Ukrainian mobile phone providers (based on its initial target market), indexing based on a region and city for both Russia and Ukraine, multi-threaded software allowing up to 100 ?indexing streams?, as well as an option to collect only numbers attached to a particular mobile provider. "Cybercriminals and spammers are not strangers to the concept of market segmentation," explained Dancho Danchev, a security researcher at Webroot, in a blog post. "Just like true marketers, the developer of the tool has included the option to choose a specific region within the available countries, with the idea to assist in the inevitable malicious and fraudulent activity that will result from this phone number harvesting activity." Danchev advises surfers to double-check whether any website that requests your phone number is actually listing it on the web. The phone number harvesting tool has yet to crawl through sites that require authorisation or spread outside Russia and the Ukraine, he said, but future versions are likely to expanding indexing capabilities and geographical reach, Danchev warned. The DIY phone number harvesting tool is an example of a wider trend of selling tools that once were exclusively available to sophisticated cybercriminals to less elite cybercrooks though underground forums. Services that offers a means to launch managed SMS flooding and phone ring flooding have recently become available through these forums. Both managed SMS flooding and phone ring flooding are pitched as a means to ?take care of your competitor?s phone lines? or a DDoS attack on phones instead of websites. However, these services might easily lend themselves to helping along more ambitious scams, such as flooding out a bank's call centres to prevent early reports of card fraud cash-out operations, according to Webroot. "By starting to advertise these very same malicious (DIY) tools and services on publicly accessible forums, they?re proving that they?re willing to sacrifice a certain degree of OPSEC (Operational Security) for the sake of growing their business model and attracting new customers," Danchev reports. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 14 12:44:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Feb 2013 13:44:19 -0500 Subject: [Infowarrior] - Bizarre 'Attribution' Troll Bullies Twitter Users Into Compliance With Baseless Legal Threats Message-ID: Bizarre 'Attribution' Troll Bullies Twitter Users Into Compliance With Baseless Legal Threats http://www.techdirt.com/articles/20130211/20400521946/bizarre-attribution-troll-bullies-twitter-users-into-compliance-with-baseless-legal-threats.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 15 07:03:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Feb 2013 08:03:04 -0500 Subject: [Infowarrior] - Meteorite hits Russian Urals: Fireball explosion wreaks havoc, over 500 injured (PHOTOS, VIDEO) Message-ID: <8F852F5D-0E98-4EC9-BE00-5738C4D5233E@infowarrior.org> Meteorite hits Russian Urals: Fireball explosion wreaks havoc, over 500 injured (PHOTOS, VIDEO) http://rt.com/news/meteorite-crash-urals-chelyabinsk-283/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 15 08:17:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Feb 2013 09:17:17 -0500 Subject: [Infowarrior] - The humanities are just as important as STEM classes Message-ID: <4C2F9AF6-D78B-4756-9FF4-DED7A1A62908@infowarrior.org> The humanities are just as important as STEM classes By Danielle Allen http://www.washingtonpost.com/opinions/the-humanities-are-just-as-important-as-stem-classes/2013/02/14/dea1889c-761e-11e2-aa12-e6cf1d31106b_print.html Danielle Allen is a professor of social science at the Institute for Advanced Study in Princeton, N.J. Her forthcoming book, co-edited with Rob Reich, is ?Education, Justice, and Democracy.? In his State of the Union address, President Obama announced that the Education Department would launch another competition to spur educational reform in the states. Four years ago, the Race to the Top program drove changes in state policy on charter schools, teacher tenure, and standards and accountability. Now the administration proposes a competition to ?redesign America?s high schools.? Rewards will go to schools that develop more classes ?that focus on science, technology, engineering and math ? the skills today?s employers are looking for to fill jobs right now and in the future,? the president said. We need all those classes in the STEM fields, as they are called, and as a nation we must do a better job of preparing our young people in these fields. But we don?t need to become a nation of technocrats. Let?s not forget that you can?t do well in math and engineering if you can?t read proficiently, and that reading is the province of courses in literature, language and writing. Nor can you do well in science and technology if you can?t interpret images and develop effective visualizations ? skills that are strengthened by courses in art and art history. You also can?t excel at citizenship if you can?t read, write or speak well, or understand the complexity of the world and think historically. History helps us understand the features of our worlds that are changeable and that require either reform, because they are damaging, or protection, because they are valuable but vulnerable. Duke University President Richard Brodhead likes to point out that Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff; Harold Varmus, the director of the National Cancer Institute; and Steve Jobs, the late founder of Apple, all studied the humanities. Dempsey and Varmus have degrees in English. Although Jobs dropped out, he initially attended Reed College, famous for its strong emphasis on the humanities. U.S. high schools absolutely need to innovate. But our students also need to achieve at far higher levels in the fields of the humanities, not merely in the STEM fields. Better than a challenge to states to enhance their STEM education would be a challenge to states to build curricular and pedagogic innovations that will allow them to succeed at meeting the new Common Core State Standards. An initiative of the National Governors Association, the standards seek to clarify the knowledge and skills students need for success in the workforce and in college. There are two sets of standards: one for mathematics and one for English language arts and literacy in history/?social studies, science and technical subjects. No Child Left Behind left it to states to set their own standards. But because the Common Core standards are being implemented by 45 states and the District, we will soon have an opportunity at last to compare the quality of education throughout the country. The Common Core standards recognize that literacy, the humanities and history are as important as math, science and technical subjects in preparing students for jobs and college. They will also improve our ability to prepare students for citizenship. They should, in other words, help us achieve not only college and work readiness but also participatory readiness. States are going to have a hard time rising to the level of the new standards. So we could use another competition to excite innovation ? but let?s have a competition to spur states? efforts to find ways of teaching successfully to the Common Core standards. This would entail fostering innovation and improvement for instruction in language arts and historical and civic literacy, as well as in STEM fields. We can do both. Surely we citizens should be that ambitious. Read more from Opinions: Charles Lane: Goals that blind us to the bigger picture Joshua P. Starr: Schools need a timeout on standardized tests in favor of the Common Core The Post?s View: More evidence that D.C. education reforms are working Kwame Simmons: My school?s high-tech turnaround plan Michael Gerson: Still leaving our kids behind ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 15 10:31:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Feb 2013 11:31:47 -0500 Subject: [Infowarrior] - The most important news story of the day .... Message-ID: .... at least according to the Cartoonish Noise Network, that is..... CNN's Incredibly Extensive Cruise Ship Coverage Draws Scrutiny About Network's New Direction http://www.huffingtonpost.com/2013/02/14/cnn-cruise-ship-zucker_n_2687679.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 15 13:59:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Feb 2013 14:59:51 -0500 Subject: [Infowarrior] - Federal Court of Australia confirms that human genes are patentable Message-ID: <029CE427-F549-42A0-A843-2BA8388896DC@infowarrior.org> Federal Court of Australia confirms that human genes are patentable 15-Feb-2013 http://www.watermark.com.au/watermarks-news/2013-february-15-2 In a landmark decision concerning the patentability of BRCA genes which are found in sufferers of breast and ovarian cancers, a single judge of the Federal Court of Australia has decided in Cancer Voices Australia v Myriad Genetics Inc [2013] FCA 65 (15 February 2013) that human genes are patentable. The seminal Australian 1959 decision in National Research Development Corporation v Commissioner of Patents is heavily relied upon by Nicholas J. This case set the test for patentable subject matter in Australia as being anything that is 'an artificial state of affairs that has some discernible effect and is of utility in a field of economic endeavour'. Nicholas J highlights the very sweeping scope allowed to him under this precedent stating that, even if 'an isolated nucleic acid ...may be assumed to have precisely the same chemical composition and structure as that found in the cells of some human beings', in the absence of human intervention, naturally occurring nucleic acid does not occur outside the cell, and 'isolated' nucleic acid does not exist inside the cell, and it is thus itself even an 'artificial state of affairs'. The Applicants did not challenge that the subject matter of the claims in suit had either a 'discernible effect' or 'utility in a field of economic endeavour'. The Judge distinguished this case from the US Court of Appeals decision in The Association for Molecular Pathology & Ors v United States Patent & Trademark Office and Myriad Genetics Inc. 689 F3d 1303 (2012) stating that ? the evidence in each case was different, ? the law as between the US and Australia is different, and ? so too the constitutional setting in which patent legislation operates in the US when compared to that in Australia. The application was dismissed with costs. The Applicant, Cancer Voices of Australia has disbanded, and in any event, was a body of persons likely without any commercial wherewithal to pay the costs now awarded and united only by their common interest in having genes declared unpatentable. It seems improbable that the Respondent will press for costs; more so because in Australia, due to an antagonistic relationship between it and the health sector, negative PR is likely to be seen as acutely undesirable. This situation may also mitigate against the likelihood of any appeal to the Full Federal Court. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 16 10:33:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Feb 2013 11:33:26 -0500 Subject: [Infowarrior] - Big reason to avoid MS Office 2013 Message-ID: (as if we needed one, right? --rick) http://www.engadget.com/2013/02/16/microsoft-confirms-office-2013-licenses-cant-be-transferred/ It's no secret that copies of Office 2013 bind themselves to a single computer, but Microsoft has now confirmed to Computerworld that the software's license can't be reassigned to another PC, as is possible with Office 2010. When asked whether a license could be transferred to another machine if the original rig was destroyed, lost or stolen, Microsoft replied with a frosty, "No comment." However, Redmond did mention that the productivity suite could be reinstalled on the same PC after a crash. Just how Ballmer and Co. will enforce the policy remains a bit murky, but it's pretty clear they hope folks who have a penchant for switching up computing environments will be enticed by an Office 365 subscription. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 16 11:17:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Feb 2013 12:17:30 -0500 Subject: [Infowarrior] - more on: Office 2013 licensing Message-ID: Office 2013 retail licensing change ties suite to specific PC forever 'If your computer dies, so does your Office license,' says licensing guru; move seen as prod to adopt subscription-based Office 365 Gregg Keizer February 15, 2013 (Computerworld) http://www.computerworld.com/s/article/print/9236818/Office_2013_retail_licensing_change_ties_suite_to_specific_PC_forever Microsoft yesterday confirmed that a retail copy of Office 2013 is permanently tied to the first PC on which it's installed, preventing customers from deleting the suite from one machine they own and installing it on another. The move is a change from past Office end-user licensing agreements (EULAs), experts said, and is another way Microsoft is pushing customers, especially consumers, to opt for new "rent-not-own" subscription plans. "That's a substantial shift in Microsoft licensing," said Daryl Ullman, co-founder and managing director of the Emerset Consulting Group, which specializes in helping companies negotiate software licensing deals. "Let's be frank. This is not in the consumer's best interest. They're paying more than before, because they're not getting the same benefits as before." Past practices Prior to Office 2013, which debuted last month, Microsoft's EULA for retail copies of Office plainly stated that customers could reassign a license when, for example, they replaced an aged PC with a newer model or the original machine gave out. "You may reassign the license to a different device any number of times, but not more than one time every 90 days," stated the EULA for Office Home & Student 2010, the most popular consumer version of that edition. "If you reassign, that other device becomes the 'licensed device.' If you retire the licensed device due to hardware failure, you may reassign the license sooner." That language showed in the EULAs of all retail versions of Office 2010, including Home & Business, which targets small businesses, and Professional, another business-oriented suite with even more applications. Microsoft modified the EULA for the same editions of Office 2013, however, eliminating the suite's flexibility by striking the clause about reassigning the license. In several other places in the EULAs, those same EULAs also stated, "Our software license is permanently assigned to the licensed computer." Change confirmed by Microsoft On Thursday, Microsoft confirmed that once a retail copy of Office 2013 is installed on a PC and activated -- the process of entering a 25-character "key" to prove the software was legitimately obtained -- it cannot be uninstalled and then re-installed on another machine owned by the customer. Via email, Computerworld asked Microsoft, "Once an Office 2013 retail license is assigned through activation to a PC, it's connected TO THAT PC, correct? Just as is Windows. That then means it cannot be reassigned to ANOTHER PC owned by the same individual, correct?" The response from Microsoft's public relations firm was simply, "Correct." Another question asked whether, under the retail Office 2013 EULA, customers could move the suite -- and its license -- to a replacement PC when the original was lost, stolen or destroyed. Microsoft reply: "No comment." "This is stricter language than was available before," said Paul DeGroot, principal consultant at Pica Communications, and like Ullman, a licensing guru. "According to this language, if your computer dies, so does your Office license. Microsoft has had that language in place for OEM software in the past, but not for retail licenses." OEM software is that pre-installed by a computer maker, or OEM (for "original equipment manufacturer"), such as Windows or a factory-installed copy of Office. OEM licenses differ in many aspects from copies purchased at retail, including shunting support to the OEM, and generally come with more restrictive rights. Dead PC means another Office 2013 buy The implications of Microsoft change were clear to Ullman. He posed a scenario where a customer had installed Office 2013 on a 2-year-old Windows 7 PC, then later wanted to move the suite to a newly purchased machine. Under the EULA, that would not be allowed. Instead, the customer would need to purchase another copy of Office 2013 for the new computer. "If you want to buy a new computer, you've just thrown away the cost of [that first copy of] Office," Ullman said. And he had no doubt about why Microsoft modified the EULA for Office 2013. "This is no surprise to me," Ullman said. "Microsoft has been doing the same kinds of licensing policy changes for corporations. And they've brought these same [policies] down to the consumer level. "They're very smart about maneuvering or changing licensing to meet a business goal," Ullman continued. "As I've said before, I see Microsoft as a licensing company first, and second as a technology company. It's not that they don't have good technology, but they're driven by, consumed by, licensing." Enforcement methods unclear It's unclear how, or even whether, Microsoft will enforce the install-once restriction of Office 2013. Ullman expected that the company would use its activation technology to do so, as it does to ensure Windows remains tied to a specific PC. Historically, the activation process has been somewhat relaxed, with Microsoft often allowing customers to reinstall Windows on new hardware, or radically changed hardware, after a telephone call. Yesterday, for instance, Microsoft said that if a customer's computer crashed, "They are allowed to reinstall Office on that same computer [and] if there are problems with this process, customers can contact Microsoft technical support." But the company may also more strictly administer Office 2013 than it did Office 2010. When asked how the Office 2013 EULA would be enforced, Microsoft dodged the question, and instead replied with boilerplate of, "Software piracy is a substantial global issue, and we implement a number of protocols to prevent unlawful software distribution." It doesn't take an expert to guess Microsoft's motivation for the tougher line. "They want to drive people to the new Office 365," said Jeff Muscarella, a partner with Atlanta-based consultancy NPI. "It's part of the carrot and stick," agreed Rob Horwitz of Directions on Microsoft, a research firm that focuses on the Redmond, Wash., developer. Pushing Office 365 Microsoft said almost the same. When asked why it had not told customers of the change in ways other than to simply tuck it inside the EULA, which relatively few read, its answer was revealing. "We've been very clear in all of our communications that customers seeking transferability should get Office 365 and that Office 2013 is licensed to one device," the Microsoft spokeswoman said in an email reply to questions. Perhaps. Although Microsoft has noted that Office 2013 can be installed on one, and only one PC -- a change from Office 2010, which was available to consumers and small businesses in multi-license packages -- it has not publicized the fact that once installed Office could not be moved, even to another system owned by the customer. In fact, the Office 2013 EULA issue went unreported until Melbourne's The Age noted the change in a news story titled "Does your copy of Office 2013 die with your computer?" Office 365 does boast, as Microsoft put it, "transferability." The by-subscription plans let customers pull a license from one machine and move it to anther with a few clicks on a management portal. Office 365 Home Premium, which Microsoft rolled out last month, provides five Office licenses that can be assigned and reassigned at will to a household's computers. Microsoft is to launch a line of subscription plans for small, medium and large businesses later this month. As Directions' Horwitz noted, Microsoft has both offered a carrot and brandished a stick to nudge customers to its software-by-subscription concept. Price changes One of the carrots has been pricing. Microsoft sells Office 365 Home Premium for $100 annually, or $10 monthly. For families that want Windows' Office 2013 or OS X's Office for Mac 2011 on four or more PCs or Macs, Computerworld's analysis has shown that Office 365 is a better deal than buying separate "perpetual" licenses, the buy-once-use-forever kind sold at retail. But it's wielded a stick, too. To make those perpetual licenses less attractive, Microsoft raised prices as much as 17%, and eliminated the multilicense packs of Office 2010 it sold to consumers and small businesses. The change to the perpetually licensed, retail copies of Office 2013 is another stick, the experts said. "Through licensing, Microsoft is pushing technology in the direction they want to go," said Ullman. "And they're definitely pushing customers to Office 365." And to paraphrase President Theodore Roosevelt, that stick is pretty big. For example, Computerworld's "rent versus buy" calculations, made without factoring in the EULA change, are rendered obsolete: If a customer must buy another copy of Office 2013 because of the change -- to equip a new PC, say -- Office 365 Home Premium becomes the better deal if just three PCs, rather than the earlier estimate of four, install the suite over a five-year span. As all the licensing experts pointed out, the EULA change does not affect businesses that have any of several Office volume licensing deals in place. For them, the new restriction is moot, as those deals allow flexible license reassignment. "Volume software used by business is not affected by this," said DeGroot, citing language in Microsoft's latest product use rights document. In that regard, the consumer-esque Office 365 Home Premium resembles a volume license agreement, said Ullman, who blasted Microsoft for not publicizing the EULA change. Consumers in the dark "Isn't Microsoft obligated to inform end users of this substantial change?" he asked. "I think so. As a leading technology company, I think they're obligated or at least have the responsibility to tell their customers of the change. Otherwise, consumers will simply accept [the EULA], perceiving it to be the same as what they've used for years. But only after they install it, or try to reassign it, will they discover that the use rights have changed." His criticism, he said, was based in part on Office's widespread use. "There's not a consumer or user who doesn't know of or use Office," Ullman argued. "And this change will affect millions of consumers." Microsoft has published the EULAs for Office 2013 on its website, and retains the licensing agreements for older editions as well. To read the new EULAs of the two lower-priced editions, or compare them to those for Office 2010, customers can use these direct links to download PDFs: Office Home & Student 2010, Office Home & Student 2013, Office Home and Business 2010 and Office Home & Business 2013. Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+, or subscribe to Gregg's RSS feed . His email address is gkeizer at computerworld.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 17 08:54:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Feb 2013 09:54:44 -0500 Subject: [Infowarrior] - Google asks journalists to tone down story of "massive" Google Play security flaw Message-ID: Saturday, February 16, 2013, 09:37 pm Google asks journalists to tone down story of "massive" Google Play security flaw By Daniel Eran Dilger After reporting that Google Play now distributes Android app buyers' location and contact information to developers, a journalist was contacted by the search giant with a request to tone down the story, its headline and its SEO information. < - > http://appleinsider.com/articles/13/02/16/google-asks-journalists-to-tone-down-story-of-massive-google-play-security-flaw From rforno at infowarrior.org Tue Feb 19 06:49:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Feb 2013 07:49:40 -0500 Subject: [Infowarrior] - Mandiant China APT Reports Message-ID: <6EDAEB6D-E81D-42D2-86D5-7FFDF2281C4D@infowarrior.org> APT1: Exposing One of China's Cyber Espionage Units http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. This single organization has conducted a cyber espionage campaign against a broad range of victims since at least 2006 Digital Appendix & Indicators http://intelreport.mandiant.com/Mandiant_APT1_Report_Appendix.zip Access more than 3,000 APT1 indicators including domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware in APT1's arsenal of digital weapons. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 19 06:49:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Feb 2013 07:49:46 -0500 Subject: [Infowarrior] - European Copyright Society Says Hyperlinks (And Framing) Should Not Be Infringing Message-ID: <5D1D0C78-F116-47B5-85AF-B0ECBF504C3D@infowarrior.org> European Copyright Society Says Hyperlinks (And Framing) Should Not Be Infringing from the good-for-them dept The Spanish Pirate Party points us to a recently released opinion by the European Copyright Society concerning whether or not hyperlinks themselves may be infringing. The paper was written by 19 European legal scholars, concerning a specific case before the European Court of Justice, Case C-466/12 Svensson, which is yet another case of a news aggregator being sued for daring to link its customers to relevant articles. The reporter, Mr. Svensson, argues that even though the aggregator, Retriever, only posted links, they were "making available" the work. The European Copyright Society is not buying it, noting that hyperlinking is much more akin to a footnote:.... < - > http://www.techdirt.com/articles/20130218/00185922010/european-copyright-society-says-hyperlinks-framing-should-not-be-infringing.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 19 07:15:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Feb 2013 08:15:43 -0500 Subject: [Infowarrior] - OT: Inspirational tale Message-ID: <2269A5C0-23C6-426C-BE2E-D850169F86E2@infowarrior.org> Saw this profile on 30-year-old Jessica Cox on BBC last night. Talk about turning personal adversity into audacity. And, despite the article title, she does far more than just fly..... Jessica Cox: Pilot born without arms on flying with her feet http://www.bbc.co.uk/news/magazine-21377627 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 19 13:59:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Feb 2013 14:59:10 -0500 Subject: [Infowarrior] - Apple, Macs hit by hackers who targeted Facebook Message-ID: <08587BE5-096C-4176-8222-B4C3B2D26251@infowarrior.org> Exclusive: Apple, Macs hit by hackers who targeted Facebook Tue, Feb 19, 2013, 2:58pm EST By Jim Finkle and Joseph Menn http://finance.yahoo.com/news/exclusive-apple-hit-hackers-targeted-181509138.html BOSTON/SAN FRANCISCO (Reuters) - Apple Inc was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date. Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement provided to Reuters. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. But a person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products over the past couple of years as the company gained market share over Microsoft Corp. "This is the first really big attack on Macs," said the source, who declined to be identified because the person was not authorized to discuss the matter publicly. "Apple has more on its hands than the attack on itself." Charlie Miller, a prominent expert on Apple security who is co-author of the Mac Hacker's Handbook, said the attacks show that criminal hackers are investing more time studying the Mac OS X operating system so they can attack Apple computers. For example, he noted, hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe Systems Inc's Flash software. "The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it," Miller said. NATIONAL SECURITY Cyber-security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks. Over the weekend, cyber-security specialists Mandiant reported that a secretive Chinese military unit was believed to have orchestrated a series of attacks on U.S. companies, which Beijing has strongly denied. White House spokesman Jay Carney told reporters on Tuesday that the Obama administration has repeatedly taken up its concerns about Chinese cyber-theft with Beijing, including the country's military. There was no indication as to whether the group described by Mandiant was involved in the attacks described by Apple and Facebook. An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs, saying he could not elaborate further on the statement it provided. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," the statement said. "We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple," it continued. The statement said Apple was working closely with law enforcement to find the culprits, but the spokesman would not elaborate. The Federal Bureau of Investigation declined to comment. Apple said it plans to release a piece of software on Tuesday, which it said customers can use to identify and repair Macs infected with the malware used in the attacks. (Editing by Andre Grenon, Edwin Chan and Richard Chang) From rforno at infowarrior.org Tue Feb 19 20:46:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Feb 2013 21:46:20 -0500 Subject: [Infowarrior] - US ready to strike back on China cyberattacks Message-ID: <325DFC30-8A7E-41DD-8AC6-FAE1A421D5AB@infowarrior.org> US ready to strike back on China cyberattacks By LOLITA C. BALDOR | Associated Press ? 4 hrs ago http://news.yahoo.com/us-ready-strike-back-china-cyberattacks-224303045--finance.html WASHINGTON (AP) ? As public evidence mounts that the Chinese military is responsible for stealing massive amounts of U.S. government data and corporate trade secrets, the Obama administration is poised to spell out specific trade actions it may take against Beijing or any other country guilty of cyberespionage. According to officials familiar with the plans, the White House is eyeing fines, penalties and other trade restrictions as initial, more-aggressive steps the U.S. would take in response to what top officials say has been an unrelenting campaign of cyberstealing linked to the Chinese government. The new strategy is to be released Wednesday, said the officials, who spoke on condition of anonymity because they were not authorized to speak publicly about the threatened action. The White House plans come after a Virginia-based cybersecurity firm released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. After analyzing breaches that compromised more than 140 companies, Mandiant has concluded that they can be linked People's Liberation Army's Unit 61398. Military experts believe the unit is part of the People's Liberation Army's cyber-command, which is under the direct authority of the General Staff Department, China's version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China's military. The release of Mandiant's report, complete with details on three of the alleged hackers and photographs of one of the military unit's buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage. "If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation," said former FBI executive assistant director Shawn Henry. "This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be." Henry, now president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity the government needs to focus more on how to deter the hackers and the nations that are backing them. James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China, adding that "this will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There's not an on-off switch." The Chinese government, meanwhile, has denied involvement in the cyber-attacks tracked by Mandiant. Instead, the Foreign Ministry said that China, too, is a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites. "Among the above attacks, those from the U.S. numbered the most," Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking. Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries. China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan. In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA's Unit 61398. Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit's gates. "In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and cooperation" of the Beijing government. The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes. "At some point we do have to call the Chinese out on this," said Michael Chertoff, Homeland Security secretary under President George W. Bush and now chairman of the Chertoff Group, a global security firm. "Simply rolling over and averting our eyes, I don't think is a long-term strategy." Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments. "At the government level, I see this as a tool that they can use to have discussions with the Chinese, with allies, with others who are concerned about this problem and have an open dialogue without having to worry about sensitivities around disclosing classified information," Bejtlich said. "This problem is overclassified." He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do. Mandiant's report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions. The White House would not comment on the report expected Wednesday. "We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," said Caitlin Hayden, spokeswoman for the National Security Council. "The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace." ___ Associated Press writers Christopher Bodeen, Gillian Wong, Charles Hutzler and Joe McDonald contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 20 06:33:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Feb 2013 07:33:18 -0500 Subject: [Infowarrior] - Apple FINALLY fills gaping Java hole that pwned its own devs Message-ID: (I guess a vuln, no matter how critical, just isn't important to Cupertino until it affects its employees? --rick) Apple FINALLY fills gaping Java hole that pwned its own devs By John Leyden ? Get more from this author Posted in Security, 20th February 2013 11:24 GMT http://www.theregister.co.uk/2013/02/20/apple_java_omnishambles/ Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apple's own developers, their counterparts at Facebook and scores of other Mac-using companies. The vulnerability allowed miscreants to execute malicious code outside of the limited and supposedly secure sandbox each downloaded Java applet runs in, in effect granting wider access to the underlying system. The escaped software has the same level of privileges as the logged-in user but often that's enough to compromise the box's security. Attackers were able to use this hole to infiltrate and install malware on vulnerable Mac computers at Apple, Facebook and others. That's according to Apple insiders speaking to Reuters in an unprecedented admission of security weaknesses at the iPhone maker, which until the last year or so all but dismissed malware as a Windows-only problem. Specifically, Facebook and Apple were pwned after their employees visited iPhoneDevSDK.com - a website popular with mobile developers but was booby-trapped with code to exploit the unpatched Java security hole and install a load of spyware. Reuters reports that the hack attack against Twitter earlier this month has also been linked to the same Java zero-day vulnerability. Twitter recently admitted it suffered a network security breach that exposed the login credentials of 250,000 early adopters of the social network, but it didn't say how it happened beyond advising everyone to turn off Java in their browser. All indications are that the Java browser plugin was the gateway to victims' machines for whichever hacking group pulled off the attacks against Apple and Facebook. Their identity remains elusive. Bloomberg is quoting sources who say it might be Eastern European hackers while Reuters' sources are more inclined to blame China. The motive of the attackers remains unclear. Apple's Tuesday update aligns the version of Java it supplies with Oracle's latest patch*, which was formally released yesterday as scheduled after an emergency update earlier this month. "[It's a] bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency 'pre-Patch-Tuesday' update came out to fix the hole that Apple is only now closing off," notes Paul Ducklin of Sophos in a blog post. The fact that Java security releases from Apple arrived weeks after Oracle's updates were a massive factor in the spread of the Flashback botnet last year. The malware infected over 500,000 Macs, forming a zombie network that included 274 bots traced back to Cupertino, California, home of Apple's HQ. This time around the window of Java vulnerability extended for less than three weeks instead of two months but the overall fallout from the delay in pushing out a patch quickly is arguably even more toxic. Apple released a malware removal tool for Java alongside its Java security update on Tuesday. But to use the malware removal tool you have to install Java and this is perhaps not the best idea especially since the language has become a prime target for hacking attacks of late, as Sean Sullivan of security software firm F-Secure notes. Meanwhile, three of the five components of Oracle's latest Java security update, also released on Tuesday, hit the maximum security peril rating of 10. All five of the security vulnerabilities resolved by in the latest Java update might lend themselves to remote exploitation. The critical patch update released on Tuesday includes all fixes provided in an emergency update for Oracle Java SE published at the start of February plus an additional five fixes. Oracle has scheduled its next Java SE (Java Platform, Standard Edition) critical patch update for 16 April. Java 7 Update 13 and earlier as well as Java 6 Update 39 and earlier need updating. ? * Apple maintains Java 6 for the Mac, Java 7 is maintained directly by Oracle and Mac users need to go to Oracle to install Java 7, as explained in a blog post by Wolfgang Kandek, CTO at Qualys, here. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 20 06:33:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Feb 2013 07:33:29 -0500 Subject: [Infowarrior] - WIPO Negotiations continue to be secret Message-ID: WIPO Negotiations Over Changes To Copyright For Those With Disabilities Once Again Shrouded In Secrecy from the shameful dept We've talked about the latest efforts concerning a treaty for the blind and others with disabilities, which will carve out some rules to give them slightly more rights to ignore certain copyrights in order to allow them to access some works. The negotiations have been going on for years (decades, depending on who you talk to) and the copyright maximalists absolutely hate the idea. They see it as opening the barn door for others to rush through asking for copyright law to be scaled back for them as well. There have been numerous stall tactics used and, of course, lots and lots of secrecy. < -- > Love argued that Chatham House rules could be effective (in which you can talk about what was said, just not who said it). But, of course, the US said that was unacceptable. Because, of course, the US doesn't want anyone to know about its crazy arguments, even if they're not attached to the US itself. < - > http://www.techdirt.com/articles/20130219/02445522025/wipo-negotiations-over-changes-to-copyright-those-with-disabilities-once-again-shrouded-secrecy.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 20 06:33:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Feb 2013 07:33:38 -0500 Subject: [Infowarrior] - Aaron Swartz's FBI File Message-ID: Aaron Swartz spent many years trying to get the FBI to cough up its file on him. Now that Aaron is dead, that file is automatically declassified, so FireDogLake's DSWright decided to request it, and has posted it, with a summary .... http://boingboing.net/2013/02/19/aaron-swartzs-fbi-file.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 20 06:34:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Feb 2013 07:34:33 -0500 Subject: [Infowarrior] - OT: Byron Wien Discusses Lessons Learned in His First 80 Years Message-ID: <739D690B-658F-4AE2-AF40-1B0629566D12@infowarrior.org> Blackstone's Byron Wien Discusses Lessons Learned in His First 80 Years 02/12/2013 http://www.blackstone.com/news-views/blackstone-blog/blackstone%27s-byron-wien-discusses-lessons-learned-in-his-first-80-years Here are some of the lessons I have learned in my first 80 years. I hope to continue to practice them in the next 80. ? Concentrate on finding a big idea that will make an impact on the people you want to influence. The Ten Surprises which I started doing in 1986 has been a defining product. People all over the world are aware of it and identify me with it. What they seem to like about it is that I put myself at risk by going on record with these events which I believe are probable and hold myself accountable at year-end. If you want to be successful and live a long, stimulating life, keep yourself at risk intellectually all the time. ? Network intensely. Luck plays a big role in life and there is no better way to increase your luck than by knowing as many people as possible. Nurture your network by sending articles, books and emails to people to show you?re thinking about them. Write op-eds and thought pieces for major publications. Organize discussion groups to bring your thoughtful friends together. ? Get enough sleep. Seven hours will do until you?re sixty, eight from sixty to seventy, nine thereafter which might include eight hours at night and a one hour afternoon nap. ? Evolve. Try to think of your life in phases so you can avoid a burn-out. Do the numbers crunching in the early phase of your career. Try developing concepts later on. Stay at risk throughout the process. ? Travel extensively. Try to get everywhere before you wear out. Attempt to meet local interesting people where you travel and keep in contact with them throughout your life. See them when you return to a place. ? When meeting someone new, try to find out what formative experience occurred in their lives before they were seventeen. It is my belief that some important event in everyone?s youth has an influence on everything that occurs afterwards. ? On philanthropy my approach is to try to relieve pain rather than spread joy. Music, theatre and art museums have many affluent supporters, give the best parties and it can add to your social luster in a community. They don?t need you. Social service, hospitals and educational institutions can make the world a better place and help the disadvantaged make their way toward the American dream. ? Younger people are naturally insecure and tend to overplay their accomplishments. Most people don?t become comfortable with who they are until they?re in their 40?s. By that time they can underplay their achievements and become a nicer more likeable person. Try to get to that point as soon as you can. ? Take the time to pat those who work for you on the back when they do good work. Most people are so focused on the next challenge that they fail to thank the people who support them. It is important to do this. It motivates and inspires people and encourages them to perform at a higher level. ? When someone extends a kindness to you write them a hand-written note, not an e-mail. Handwritten notes make an impact and are not quickly forgotten. ? At the beginning of every year think of ways you can do your job better than you have ever done it before. Write it down and look at what you have set out for yourself when the year is over. ? Never retire. If you work forever, you can live forever. I know there is an abundance of biological evidence against this, but I?m going with this theory anyway. The views expressed in this commentary are the personal views of Byron Wien of Blackstone Advisory Partners L.P. (together with its affiliates, ?Blackstone?) and do not necessarily reflect the views of Blackstone itself. The views expressed reflect the current views of Mr. Wien as of the date hereof and neither Mr. Wien nor Blackstone undertakes to advise you of any changes in the views expressed herein --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 20 13:50:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Feb 2013 14:50:04 -0500 Subject: [Infowarrior] - RIAA Still Can't Figure Out How To Use Google's DMCA Tools, Blames Google Message-ID: <456C2D1E-4AE4-418A-B971-EE92CC8669B0@infowarrior.org> RIAA Still Can't Figure Out How To Use Google's DMCA Tools, Blames Google from the but-of-course dept This will hardly comes as a surprise, but the RIAA and other "anti-piracy groups" are still complaining that Google "isn't doing enough" to prop up their old and obsolete business models. The latest complaint? That Google's system only accepts a mere 10,000 DMCA takedowns per day and somehow that's just not enough. It turns out that this isn't actually true, but we'll get to that in a moment. Much of the article focuses on Dutch extremist anti-piracy group BREIN saying that the limit needs to go away. But there is this bizarre statement from the RIAA as well: < - > http://www.techdirt.com/articles/20130219/13482922031/riaa-still-cant-figure-out-how-to-use-googles-dmca-tools-blames-google.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 21 06:50:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Feb 2013 07:50:17 -0500 Subject: [Infowarrior] - Rumsfeld Memo Reveals Iraq War Started Under False Pretenses Message-ID: <6A9EB01B-9D47-444D-A0A2-17CC8E6AFCB6@infowarrior.org> Rumsfeld Memo Reveals Iraq War Started Under False Pretenses http://www.ritholtz.com/blog/2013/02/iraq-war-started-under-false-pretenses/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 07:43:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 08:43:30 -0500 Subject: [Infowarrior] - Security No-Man's Land Message-ID: <20412661-ED0E-474C-B113-7CE571E69620@infowarrior.org> (IMHO the last para is spot-on. --rick) Security No-Man's Land As the industry descends on the RSA Conference to discuss the latest and greatest in security, the underserved midmarket continues to struggle with basic blocking and tackling. The industry machinery is not built to solve that problem Jan 28, 2013 | 12:32 PM | 1 Comment By Mike Rothman Dark Reading http://www.darkreading.com/blog/240147127/security-no-man-s-land.html I'm not much of a tennis player, but I remember from my lessons as a kid that area between the baseline and the service boxes is a bad place to be. A hard ground stroke will get past you, and you aren't close enough to volley. If you get caught in no-man's land, then your chances of winning the point are not very good. In the security practice, we have our own version of no-man's land, and that's midsize companies. Wendy Nather refers to these folks as being below the "Security Poverty Line." These folks have a couple hundred to a couple thousand employees. That's big enough to have real data interesting to attackers, but not big enough to have a dedicated security staff and the resources they need to really protect anything. These folks are caught between the baseline and the service box. They default to compliance mandates like PCI-DSS because they don't know any better. And the attackers seem to sneak those passing shots by them on a seemingly regular basis. In a few weeks the security industry will descend on San Francisco for its self-aggrandizing, antennae-rubbing annual ritual, the RSA Conference. We'll see all sorts of shiny objects and companies claiming to block this and block that. If you believe the hype, then you'd think we're actually winning the battles out there. A security n00b leaves RSA figuring that buying the latest overhyped widget will fix the issue. We all know the folly of that thought. The problem is the security industry, in general, in the personification of the largest industry conference, caters to the large enterprise. What's another box in yet another rack? The seven-figure CISO signs the PO for two. They'll try anything, and they should. What's the issue taking technology that is largely a science experiment and throwing a bunch of bodies at it to make it kind of functional? Those folks have the resources, and they can't take the risk they'll miss something that could help. But that's not representative of most of the world, and certainly not those in security no-man's land. Back when I was on the vendor side, I'd joke about how 800 security companies chased 1,000 customers -- meaning most of the effort was focus on the 1,000 largest customers in the world. But I wasn't joking. Every VP of sales talks about how it takes the same amount of work to sell to a Fortune-class enterprise as it does to sell into the midmarket. They aren't wrong, and it leaves a huge gap in the applicable solutions for the midmarket. Well, that's not exactly true. A lot of service providers now offer SecaaS (yes, a terribly unfortunate acronym) to get smaller companies out of the business of monitoring firewalls or blocking spam. You are starting to see more purpose-built security products for the midmarket, which is helpful, but it's not a solution. Too many of these offerings are dumbed-down enterprise products, which doesn't really solve the midmarket company's problem. What folks in security no-man's land need most of all is a security program. They need an adviser to guide them through the program. They need someone to help them prioritize what they need to do right now. They have some resources, but not a lot. They don't want or need someone to do everything for them. And they certainly don't need a shiny object to stop the attack du jour. They don't need a box pusher to install whatever gear has the best distributor incentive that month. They need a partner -- someone to help them with blocking and tackling. Dan Geer is exactly right in his recent column talking about these midmarket security challenges. I really like Dan's idea about a "mentor" to help the midsize company figure how to prioritize their controls. With the advent of maturing packet capture and security analytics with a little dose of Moore's Law thrown in, it's close to being possible to monitor a modestly sized network for a couple of days and figure out what needs to be fixed first, second, and third. To be clear, folks in security no-man's land don't go to the RSA Conference, probably don't read security pubs, or follow the security echo chamber on Twitter. They are too busy fighting fires and trying to keep things operational. And that's fine. But all of the industry gatherings just remind me that the industry's machinery is geared toward the large enterprise, not the unfortunate 5 million other companies in the world that really need the help. Mike Rothman is President of Securosis and author of The Pragmatic CSO --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 07:48:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 08:48:04 -0500 Subject: [Infowarrior] - Politico on WH media access/practices Message-ID: Obama, the puppet master By: Jim VandeHei and Mike Allen February 18, 2013 10:29 PM EST President Barack Obama is a master at limiting, shaping and manipulating media coverage of himself and his White House. Not for the reason that conservatives suspect: namely, that a liberal press willingly and eagerly allows itself to get manipulated. Instead, the mastery mostly flows from a White House that has taken old tricks for shaping coverage (staged leaks, friendly interviews) and put them on steroids using new ones (social media, content creation, precision targeting). And it?s an equal opportunity strategy: Media across the ideological spectrum are left scrambling for access. The results are transformational. With more technology, and fewer resources at many media companies, the balance of power between the White House and press has tipped unmistakably toward the government. This is an arguably dangerous development, and one that the Obama White House ? fluent in digital media and no fan of the mainstream press ? has exploited cleverly and ruthlessly. And future presidents from both parties will undoubtedly copy and expand on this approach. ?The balance of power used to be much more in favor of the mainstream press,? said Mike McCurry, who was press secretary to President Bill Clinton during the Monica Lewinsky scandal. Nowadays, he said, ?The White House gets away with stuff I would never have dreamed of doing. When I talk to White House reporters now, they say it?s really tough to do business with people who don?t see the need to be cooperative.? < - > http://dyn.politico.com/printstory.cfm?uuid=A22E8106-D4AF-436E-84DB-77354D107AA4 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 07:53:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 08:53:27 -0500 Subject: [Infowarrior] - Obama Cyber Order Gives U.S. Lamakers Cover on Standards Message-ID: <3488BA7F-16E3-43F1-B173-A13556551195@infowarrior.org> Obama Cyber Order Gives U.S. Lamakers Cover on Standards By Chris Strohm and Eric Engleman - Feb 21, 2013 http://www.bloomberg.com/news/print/2013-02-22/obama-cyber-order-gives-u-s-lamakers-cover-on-standards.html President Barack Obama?s order to boost U.S. cybersecurity amid reports of widespread Chinese hacking provides political cover to lawmakers who oppose government regulation to improve computer defenses. While the president portrayed his move as countering Congress?s inaction, his cybersecurity standards for companies operating vital national infrastructure are voluntary, not mandatory as called for by an Obama-backed Senate bill that failed last year. Still, the order may let Democrats and Republicans declare standards a moot point. ?The executive order takes pressure off the Senate and will allow us to get agreement on a voluntary information sharing bill that will solve 90 percent of the most sophisticated cyber threats that we face,? House Intelligence Committee Chairman Mike Rogers, a Michigan Republican, said in an interview. ?The executive order tones down the political rhetoric that was caught up in election year politics.? A report this week from computer security firm Mandiant Corp. that pointed to the Chinese army as the source of hacking attacks on U.S. companies hasn?t changed minds in Washington on cybersecurity approaches, said Jacob Olcott, a principal at Good Harbor Consulting, an Arlington, Virginia-based security risk company. Republicans led by Senator John McCain of Arizona blocked the Senate bill last year, saying it would burden companies with regulations. On Pause ?The debate about critical infrastructure regulation seems to be on pause for the foreseeable future,? said Olcott, former counsel to Senate Commerce Committee Chairman Jay Rockefeller, a West Virginia Democrat. The fact that such requirements are off the table ?when everybody knows there?s a real threat out there should say a lot.? The Mandiant report didn?t tell lawmakers anything they didn?t already know, Representative Michael McCaul, a Texas Republican and chairman of the House Homeland Security Committee, said in an interview. ?The report reveals a page in a phone book of threats,? McCaul said. ?What I?m interested in is a bill that can pass through the Senate and get signed by the White House.? Rogers and the House Intelligence Committee?s top Democrat, C.A. ?Dutch? Ruppersberger of Maryland, reintroduced a proposal Feb. 13 to give legal protection for companies that share cyber threat information with each other and the government. The bill passed the House last April and failed to advance in the Senate after Obama threatened a veto, saying the measure didn?t go far enough to boost computer defenses and failed to protect privacy of consumer data. ?Move Forward? No effort has been made to reintroduce the Obama-backed Senate bill that failed. That effort was led by Joe Lieberman, the Connecticut Independent who has since retired. Obama?s order, issued Feb. 12 as he began his State of the Union speech, directs the government to develop voluntary standards for companies operating infrastructure such as power grids and air-traffic-control systems. It instructs U.S. agencies to consider putting the standards into existing rules. Senator Tom Carper, the Delaware Democrat who succeeded Lieberman as chairman of the Senate Homeland Security and Governmental Affairs Committee, said Congress should approve legislation to ?complement? the executive order without specifying what actions should be taken. Obama?s order was important because vital U.S. services are under attack and the nation can?t afford to delay, Carper said in an e-mail. ?Developing and passing legislation of this nature does take time, but I am hopeful that we can move forward with a hearing on this important topic in the near future,? he said. ?Blind Spots? While not commenting on specific bills, administration officials have pressed for legislation to encourage companies to share cyber threat information with the government, something they say only Congress can do. ?The government is often unaware of malicious activity targeting our critical infrastructure,? General Keith Alexander, director of the National Security Agency and U.S. Cyber Command, said at a Feb. 13 event at the Commerce Department. These ?blind spots? prevent the government from protecting companies and the nation, he said. The administration supports ?targeted liability protections? to protect companies that share cyber threat information with the government and each other, and take part in voluntary standards, Michael Daniel, the White House cybersecurity coordinator, said Feb. 15 at the Center for Strategic and International Studies in Washington. Privacy Concerns Caitlin Hayden, a White House spokeswoman, said yesterday in an e-mail that any cybersecurity measure advanced by Congress must also incorporate privacy and civil-liberties protections that define the types of information that can be shared and ensuring adequate oversight. The American Civil Liberties Union and other groups oppose the Rogers-Ruppersberger bill, saying it doesn?t have adequate safeguards for consumer privacy and could allow sensitive personal information to be passed to the National Security Agency and other military agencies. ?There?s no need to rush into something like CISPA,? Michelle Richardson, ACLU legislative counsel, said in an interview, referring to the Rogers bill by its title, the Cyber Intelligence Sharing and Protection Act. The U.S. Chamber of Commerce, the nation?s largest business lobby, believes the executive orders give companies and lawmakers ?a chance to see what works and what doesn?t without the need for new mandates,? Ann Beauchesne, the Chamber?s vice president of national security and emergency preparedness, said in an e-mailed statement. The Chamber lobbied against the Obama-backed Senate bill and supports the Rogers-Ruppersberger legislation. ?Congress must continue to work on bipartisan legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against cyber attacks,? Beauchesne said. To contact the reporters on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net; Eric Engleman in Washington at eengleman1 at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 07:59:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 08:59:30 -0500 Subject: [Infowarrior] - Please let this come to be.... Message-ID: ... and return western stock markets to relative sanity from the HFT and algo-driven insane circus casino they've become in recent years. --rick February 21, 2013 A Tax That May Change the Trading Game By FLOYD NORRIS http://www.nytimes.com/2013/02/22/business/a-tax-that-could-change-the-trading-game.html To the dismay of the United States government ? not to mention Wall Street ? much of Europe seems poised to begin taxing financial trading as soon as next year. The idea is hardly new, but until now financial markets and institutions have been able to ward off any such tax in most major markets. The financiers claimed a tax would hurt economic growth and raise the cost of capital for companies. They said it would drive trading to other countries, leaving the country that adopted it with less revenue and fewer jobs. But those arguments have not proved persuasive in Europe, which thinks it has found a way to keep institutions from avoiding the tax. If Europe proves to be correct, it could turn out to be a seminal moment in the relation of governments to large financial institutions. The tax would be tiny for investors who buy and hold, but could prove to be significant for traders who place millions of orders a day. Under the proposal, a trade of shares worth 10,000 euros would face a tax of one-tenth of 1 percent, or 10 euros. A trade of a derivative would face a tax of one-hundredth of 1 percent. But that tax would be applied to the notional value, which can be very large relative to the cost of the derivative. So a credit-default swap on 1 million euros of debt would have a tax of 100 euros, or about 0.4 percent of the annual premium on such a swap. I?ll get to how Europe thinks it can prevent widespread evasion in a minute. But for now, assume the Europeans could accomplish that. And assume, as European officials say they hope will happen, that the tax spreads to other major markets, something Europe is trying to encourage by offering to share the tax revenue with other countries that impose a similar tax. What would happen? It would not destroy markets that have good reason to exist ? that is, markets that serve actual investors. The tax would be far smaller than the fixed commissions that American investors once took for granted, and even less than the costs implicit in the fact that until decimalization arrived in 2001, that most stocks could move only in increments of one-eighth of a dollar, or 12.5 cents. Markets, and the American economy, managed to prosper. But there would nevertheless be significant changes ? changes that might be for the better in some ways. High-frequency trading, which was encouraged by allowing prices to move in increments of a penny or less, and by technological advances, would be discouraged. So too would be some of the strategies used by hedge funds that involve trades expected to yield very narrow ? but presumably very safe ? profits. To make such trades worth doing, funds borrow a lot of money and make the trades using very little equity. That is a strategy that is guaranteed to work ? or to blow up disastrously if markets do not act as expected. Discouraging it might be a good thing. One objective, says Algirdas Semeta, the European Union commissioner in charge of tax policy, ?is to reorient the financial system back to financing the real economy.? But can Europe pull it off? Will trading simply migrate to other jurisdictions, such as the United States and Britain, which want nothing to do with the tax? Europeans seem confident. The tax would be owed no matter where the trade took place, as long as a European security or European institution was involved. The law has been written so broadly that if a French bank bought shares in an American company on the New York Stock Exchange, the tax would be owed. Manfred Bergmann, the European Commission director for indirect taxation and tax administration and a primary designer of the tax plan, calls it a ?Triple A approach ? all markets, all actors and all products.? To get out of the tax, a financial institution would have to do more than simply move its headquarters out of the 11 countries that now plan to impose the tax. It would also have to forgo serving clients in any of those countries and trading in securities or derivatives from any of the countries. Officials are confident that no major institution will be willing to forsake such large markets as France, Germany, Italy and Spain. The other countries that have at least preliminarily agreed to impose the tax are Belgium, Austria, Greece, Portugal, Slovakia, Slovenia and Estonia. The scope of the tax is very broad. The proposal has exceptions for currency trading and the physical trading of commodities, but not for derivatives like currency or commodity futures contracts. When a company sold newly issued securities to investors, that transaction would not be taxed, but subsequent market trades would be. Over-the-counter trades would be subject to tax just as would transactions on a stock exchange, as long as a financial institution ? a term that is also defined very broadly ? was involved. You could sell your shares in Daimler to a friend without paying tax, but not if you got a broker involved. There is every chance that markets from other countries will not be very cooperative, meaning that to learn if a German bank traded in New York the authorities might have to rely on the bank to report it to them. But then there would be the risk that the tax authorities would learn of it otherwise, perhaps through an audit or from a report by an Italian bank that happened to be on the other side of that trade. Mr. Bergmann, himself an economist, compared that to ?the prisoners? dilemma,? a classic concept in economics in which two people arrested for a crime would do best if neither confessed, but either would do very badly if he did not confess while the other did. If the authorities did find out, it would be tax fraud under the proposed law. The tax would be split, in normal circumstances, between the countries whose institutions were involved. In that German trade with an Italian institution, the two countries would share. But if one of the countries had no such tax, all the money would go to the other government. Some in Europe hope that the lure of that cash might eventually tempt Americans. Europe thinks it can bring in 31 billion euros ? about $41 billion at current exchange rates ? from the tax. The United States presumably could collect more if it adopted a similar tax, including some of the money that will now go to European countries. Legislation such as this probably would have gone nowhere before the financial crisis. The fact this now seems to be on the verge of enactment, perhaps to go into effect as soon as next year, reflects the widespread scorn for, and anger at, banks. Allocating capital is a major ? perhaps the most important ? job of a financial system, and the banks failed spectacularly at that. Money went to mortgage loans for properties that never should have been built and that were ?sold? to people who could not afford them. Now the European Commission says it is time to ensure that ?financial institutions make a fair and substantial contribution to covering the costs of the crisis.? A secondary benefit is said to be ?creating appropriate disincentives for transactions that do not enhance the efficiency of financial markets, thereby complementing regulatory measures to avoid future crises.? Will it work? It appears that Europe is going to find out. Perhaps it will turn out that the dire warnings of disaster that have come from banks, who say such a tax will make capital more expensive for companies that need it and damage already stumbling economies, will prove to be no more accurate than the financial models those same banks used to justify the lending orgy that went so spectacularly wrong. Floyd Norris comments on finance and the economy at nytimes.com/economix. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 08:00:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 09:00:06 -0500 Subject: [Infowarrior] - US gov't to air-drop toxic mice on Guam snakes Message-ID: <9317E588-5E38-4017-880B-53B5FAB494C6@infowarrior.org> (c/o JH) US gov't to air-drop toxic mice on Guam snakes To battle a slithery enemy, US to air-drop mice laced with drugs toxic to Guam tree snakes By Eric Talmadge, Associated Press | Associated Press ? 7 hrs ago http://news.yahoo.com/us-govt-air-drop-toxic-065326367.html ANDERSEN AIR FORCE BASE, Guam (AP) -- Dead mice laced with painkillers are about to rain down on Guam's jungle canopy. They are scientists' prescription for a headache that has caused the tiny U.S. territory misery for more than 60 years: the brown tree snake. Most of Guam's native bird species are extinct because of the snake, which reached the island's thick jungles by hitching rides from the South Pacific on U.S. military ships shortly after World War II. There may be 2 million of the reptiles on Guam now, decimating wildlife, biting residents and even knocking out electricity by slithering onto power lines. More than 3,000 miles away, environmental officials in Hawaii have long feared a similar invasion ? which in their case likely would be a "snakes on a plane" scenario. That would cost the state many vulnerable species and billions of dollars, but the risk will fall if Guam's air-drop strategy succeeds. "We are taking this to a new phase," said Daniel Vice, assistant state director of U.S. Department of Agriculture's Wildlife Services in Hawaii, Guam, and the Pacific Islands. "There really is no other place in the world with a snake problem like Guam." Brown tree snakes are generally a few feet (1 meter) long but can grow to be more than 10 feet (3 meters) in length. Most of Guam's native birds were defenseless against the nocturnal, tree-based predators, and within a few decades of the reptile's arrival, nearly all of them were wiped out. The snakes can also climb power poles and wires, causing blackouts, or slither into homes and bite people, including babies; they use venom on their prey but it is not lethal to humans. The infestation and the toll it has taken on native wildlife have tarnished Guam's image as a tourism haven, though the snakes are rarely seen outside their jungle habitat. The solution to this headache, fittingly enough, is acetaminophen, the active ingredient in painkillers including Tylenol. The strategy takes advantage of the snake's two big weaknesses. Unlike most snakes, brown tree snakes are happy to eat prey they didn't kill themselves, and they are highly vulnerable to acetaminophen, which is harmless to humans. The upcoming mice drop is targeted to hit snakes near Guam's sprawling Andersen Air Force Base, which is surrounded by heavy foliage and if compromised would offer the snakes a potential ticket off the island. Using helicopters, the dead neonatal mice will be dropped by hand, one by one. U.S. government scientists have been perfecting the mice-drop strategy for more than a decade with support from the Department of Defense and the Department of the Interior. To keep the mice bait from dropping all the way to the ground, where it could be eaten by other animals or attract insects as they rot, researchers have developed a flotation device with streamers designed to catch in the branches of the forest foliage, where the snakes live and feed. Experts say the impact on other species will be minimal, particularly since the snakes have themselves wiped out the birds that might have been most at risk. "One concern was that crows may eat mice with the toxicant," said William Pitt, of the U.S. National Wildlife Research Center's Hawaii Field Station. "However, there are no longer wild crows on Guam. We will continue to refine methods to increase efficiency and limit any potential non-target hazards." The mouse drop is set to start in April or May. Vice said the goal is not to eradicate the snakes, but to control and contain them. Just as the snakes found their way to Guam, they could stow away on a ship, or more likely the cargo hold of an airplane, and begin breeding on other islands around the Pacific or even the U.S. West Coast. That "snakes on a plane" scenario has officials in Hawaii on edge. The islands of Hawaii, like Guam, lack the predators that could keep a brown tree snake population in check. Native Hawaiian birds "literally don't know what to do when they see a snake coming," said Christy Martin, a spokeswoman for the Coordinating Group on Alien Pest Species, a partnership of Hawaii government agencies and private organizations. A 2010 study conducted by the National Wildlife Research Center found brown tree snakes would cause between $593 million and $2.14 billion in economic damage each year if they became established in Hawaii like they are on Guam. Power outages would cause the most damage, followed by a projected decline in tourism. The cost of treating snake bites would account for a small share. "Once we get snakes here, we're never going to be able to fix the situation," Martin said. Though the snakes are native to Australia and Papua New Guinea, Guam is much closer to Hawaii and its snake population is much more dense, meaning it is the primary threat for snake stowaways. So far, Guam's containment seems to be working. Only a few brown tree snakes have ever been found in Hawaii, and none over the past 17 years. "If we continue doing what we are doing, the chance of success is very high," Vice said. "If what we are doing stops, I think the possibility of the snakes getting to Hawaii is inevitable." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 15:10:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 16:10:58 -0500 Subject: [Infowarrior] - Cyber-Security: Stand Down, for Now, Congress Message-ID: http://nation.time.com/2013/02/22/cyber-security-stand-down-for-now-congress/ February 22, 2013 Cyber-Security: Stand Down, for Now, Congress By Jerry Brito Washington, it seems, can?t get no satisfaction. After years of often-alarmist rhetoric about the threat of deadly cyber-attacks ? and repeated calls for government to ?do something? to address the threat ? President Obama has finally issued a comprehensive executive order on cyber-security. Yet the reaction from politicians of both parties is that we still need new legislation. We don?t. The order takes a balanced approach that Congress should allow to work before it decides it needs to ?strengthen? it. Obama?s order establishes a process for the government to share unclassified cyber-threat information with industry. It also expands a program that allows for the sharing of classified information with participating critical infrastructure operators. House Republicans favor such an information-sharing approach because it eschews regulation. It makes sense for the government to share relevant intelligence with private-sector companies, and then allow them to protect themselves as they see fit. After all, they are the targets of the cyber-attacks. They have the greatest incentive to protect themselves ? as well as the best knowledge about their own systems ? and they should therefore have the flexibility to secure themselves not according to a government rule book, but by whatever means they deem most effective. Given that the executive order provides for information-sharing, why do Republicans think they still need to pass the Cybersecurity Intelligence Sharing and Protection Act (CISPA), reintroduced in the House the day after the President issued his order? What does CISPA add? The answer is that it gives businesses immunity from suit and criminal prosecution based on any information shared with the government. But we don?t need such blanket immunity to make information-sharing work. Businesses are not prohibited from sharing information with the government, except by privacy statutes and by any contractual promises they may have made to their customers and users. Privacy laws exist for good reason, however, and if Congress feels those laws are getting in the way of security, it should amend them as needed ? not give the private sector a free pass for any violations that happen in the name of cyber-security. Businesses should also be expected to keep their promises to users. If they want to share information they previously promised they would keep private, companies should renegotiate their contracts or update their privacy policies. Still, there are critics who believe that the private sector doesn?t know what it?s doing, and that information sharing is not enough. Not to worry; the executive order has them covered, too. The order directs the National Institute of Standards and Technology (NIST) to work with critical infrastructure operators to develop cyber-security best practices, and it directs the Department of Homeland Security to establish a voluntary program to encourage operators to adopt those standards. It also orders federal agencies to review their existing cyber-security rules to see if they are on par with the NIST-developed framework, and to update them if needed. As a result, we will likely see new sector-specific regulations to beef up the cyber-security of critical infrastructure. Nevertheless, some Democrats ? including the President ? favor new legislation that would mandate cyber-security standards. But there is no need. First, Congress should allow the NIST- and DHS-led effort to play out. Why resort to a top-down and unnecessarily divisive approach before seeing how a cooperative effort works? Second, critical infrastructure operators will always have to abide by the new regulations that sector-specific regulators, such as the Nuclear Regulatory Commission, will surely promulgate. And those sector-specific rules will be better- suited to the covered industries than the type of one-size-fits-all law Congress would likely enact. Finally, to the extent sector-specific regulators find that they don?t have the authority to deal with critical infrastructure operators that refuse to protect themselves, Congress can always come back and give them that power, safe in the knowledge it hasn?t overreached. Now that President Obama has acted on cyber-security, Congress doesn?t need to. Yet guided by their worst impulses ? to extend protections to business, or to exert bureaucratic control ? members of Congress will insist that it is imperative they get in on the action. If they do, they will undoubtedly be saddling us with a host of unintended consequences that we will come to regret later. Jerry Brito is a senior research fellow at the Mercatus Center at George Mason University, and director of its Technology Policy Program. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 15:57:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 16:57:54 -0500 Subject: [Infowarrior] - WH backs open access to all federal research Message-ID: Obama Administration backs open access to all federal research Papers available one year after publication, data behind them preserved. by John Timmer - Feb 22 2013, 4:03pm EST http://arstechnica.com/science/2013/02/obama-administration-backs-open-access-to-all-federal-research/ Today, John Holdren, the head of the White House Office of Science and Technology Policy, announced that the administration is adopting a policy that would see nearly all of the science papers produced through federal funding made accessible to the public within a year of their publication. The new rules would apply to any agency that has a research budget of over $100 million, and it would include measures for preserving any digital data that was associated with the research. A similar policy has already been adopted by the National Institutes of Health, and there were indications that the administration had been considering this measure for some time. It was perhaps pushed along by a "We the People" petition that succeeded under the previous standards, reaching 65,000 signatures (100,000 are now needed). Still, Holdren's announcement finally clarifies the intended plan. The one-year term for publications to remain behind paywalls is only a guideline, and agencies can shift the limit based on the publishing issues faced by their particular fields. As further protection for publishers, each agency must develop, "procedures the agency will take to help prevent the unauthorized mass redistribution of scholarly publications." At the same time, however, the plan calls for agencies to provide strategies for helping the public search for and find the papers and to make metadata available for aggregation and analysis. Given all that, it's not clear whether "unauthorized mass distribution" would even be necessary. In addition to the publications, the plan calls for agencies to preserve "digitally formatted scientific data resulting from unclassified research" and to make that accessible too. This won't include things like lab notebooks or draft versions of the papers, but it might include databases and images that were essential to the analysis. Overall, the goal is a good one, as it should help provide the public with access to the research it paid for, and scientists will have a greater ability to find and link their research with past work. The big challenge, however, is that it's all supposed to be done without any additional spending. Preservation of data and sharing it in a usable form aren't always cheap. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 22 17:19:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Feb 2013 18:19:07 -0500 Subject: [Infowarrior] - Six Strikes Officially Begins On Monday Message-ID: <505905CE-20BE-445E-B7CC-C5AF18211B51@infowarrior.org> Six Strikes Officially Begins On Monday from the warm-up-your-vpns dept http://www.techdirt.com/articles/20130222/14191722072/six-strikes-officially-begins-monday.shtml Kevin Collier over at the DailyDot claims he's got it on good authority that the "six strikes" system, officially known as the Copyright Alert System, officially kicks off on Monday, many months later than scheduled. For whatever reason, the organization behind the program, the Center for Copyright Information, has been insisting for some time that there was no official rollout date, and the various ISPs would be individually choosing when to turn on the random assortment of punishment mechanisms made available to copyright holders based entirely on accusations, not conviction or other proof. Apparently, what they meant was that everyone would roll it out in a single week, but on different days. Because that makes so much sense. The ISPs?industry giants AT&T, Cablevision, Comcast, Time Warner, and Verizon?will launch their versions of the CAS on different days throughout the week. Comcast is expected to be the first, on Monday. So, now we get to watch people get falsely accused, those with open WiFi suddenly have to fear bogus slow downs to their networks and other assorted collateral damage. Oh, and does anyone actually expect to see a sudden spike in "sales"? Oh, and the Center for Copyright Information has put up a snazzy new website and video over some non-descript smooth jazz that I'm sure they licensed, and which practically screams the following basic message (note: message paraphrased): "Hey, we're just your friendly neighborhood copyright maximalists, out here trying to make friends and, oh, oops, we just wanted to let you know, in the friendliest way possible, that we think you're lying, thieving pirates, and we'd really like it if you stopped, or we might have to make your internet connection completely useless. But we don't want to have to do that, because we're all friends here, enjoying the internet. Isn't the internet great?" The video makes a few blatantly ridiculous claims, including suggesting that they have some foolproof technology for seeing whenever you infringe. They claim that the system is designed to "support the creative work that we all love and enjoy." Which is kind of amusing, since nothing in the system is about giving people a reason to buy. Just a reason to get pissed off at ISPs and copyright holders for making accusations. I'm sure that's going to convince so many people to buy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 23 15:01:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Feb 2013 16:01:54 -0500 Subject: [Infowarrior] - 3/7 in DC: Cyber Statecraft After Catastrophes Message-ID: The Cyber 9/12 Project: Cyber Statecraft After Catastrophes Thursday, March 7, 2013 8:00 a.m.-1:30 p.m. The Knight Studio at the Newseum 555 Pennsylvania Ave., NW Please join the Atlantic Council and Science Applications International Corporation (SAIC) for the second scenario-driven, interactive conference to discuss the day-after response to a cyber incident. The conference will be held at the Knight Studio at the Newseum (555 Pennsylvania Avenue, NW) on the morning of March 7. During this high-level public event, a small group of experts will represent various sectors, including government, finance, telecom, and press to discuss the decision-making process in light of a serious cyber security breach. During the course of the half-day conference, the scenario will continue to evolve, forcing experts to focus on key priorities and sector-specific concerns during a major cyber attack against the United States. The goal of the conference is to encourage greater dialogue about the intricate decision-making process various sectors must face during a serious cyber conflict, and shine light on the need for greater conversation on how to respond to cyber security issues. If you have any questions regarding the conference, or would like to RSVP, please email the Cyber Statecraft Initiative at cyber at acus.org. This event is open for press coverage, but space is limited. Please contact press at acus.org with press inquiries. Program (As of February 14) 8:00 a.m. Registration and Breakfast 8:30 Welcome Remarks by: Frederick Kempe, President and CEO, Atlantic Council Anthony Moraco, President, ISR Group, SAIC 8:45 Description of Events & Intro of Speakers and Observers 9:00 Cyber Scenario Injects 1 and 2 Moderated by: Jason Healey, Director, Cyber Statecraft Initiative, Atlantic Council 10:25 Discussion with Observers & Social Media Responses 10:40 Break 11:00 Cyber Scenario Injects 3 and 4 Moderated by: Jason Healey 12:30 Discussion with Observers and Social Media Responses 1:00 Lessons Learned and Concluding Remarks This conference is generously sponsored by Featuring Dmitri Alperovitch Co-Founder and CTO CrowdStrike Tom Bossert President Civil Defense Solutions Steven Chabinsky SVP Legal Affairs and Chief Risk Officer CrowdStrike Frank Cilluffo Associate Vice President and Director of Homeland Security Policy Institute The George Washington University Matt Devost President & CEO FusionX LLC Siobhan Gorman National Security and Intelligence Correspondent The Wall Street Journal Jason Healey Director, Cyber Statecraft Initiative Atlantic Council Deborah Lee James Executive Vice President, Communications and Government Affairs SAIC Frederick Kempe President and CEO Atlantic Council Anthony Moraco President, Intelligence, Surveillance and Reconnaissance Group SAIC Jeff Moss Founder and Director Black Hat Barry Pavel Director, Brent Scowcroft Center on International Security Atlantic Council Neal Pollard Director PricewaterhouseCoopers Greg Rattray CEO and Founding Partner Delta Risk Paul Twomey Founder Argo P at cific Robert Zitz Senior Vice President and Chief Systems Architect SAIC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 25 09:42:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Feb 2013 10:42:15 -0500 Subject: [Infowarrior] - The scam of inkjet printing supplies Message-ID: <414AEC69-964F-4F7E-9AD0-B6090AB409CB@infowarrior.org> Printer ink cartridges: why you're paying more but getting a lot less Big printer companies are accused of 'squeezing ever-increasing amounts of cash out of the poor consumer' ? David Robinson ? The Guardian, Friday 22 February 2013 http://www.guardian.co.uk/money/2013/feb/23/printer-ink-cartridges-paying-more-getting-less It's a busy morning at Cartridge World in Aylesbury, part of a chain of almost 200 outlets across the UK that sell branded and refilled printer cartridges. It's a thriving business. The shop has seen turnover double in the past five years. But store owner Martin Dyckhoff says customers come to him time and again with the same complaint: the branded inkjet cartridges they have bought run out of ink too quickly. The sky-high price of printer ink ? measure for measure more expensive than vintage champagne ? has been well documented. Less well-known is the fact that the amount of ink in the average cartridge has shrunk dramatically. "Newer cartridges contain a fraction of the ink a similar product contained a decade ago," Dyckhoff says. "The amount can be minuscule." For example, the Epson T032 colour cartridge (released in 2002) is the same size as the Epson colour T089 (released in 2008). But the T032 contains 16ml of ink and the T089 contains just 3.5ml of ink. It's a similar story with Hewlett Packard (HP) cartridges. A decade ago, the best-selling HP cartridge had 42ml of ink and sold for about ?20. Today, the standard printer cartridges made by HP may contain as little as 5ml of ink but sell for about ?13. Cut open a HP inkjet cartridge and you'll find what is going on. The size of the sponges inside, which hold the ink, have progressively reduced over the years. The rest of the cartridge is now simply empty space. In Epson cartridges, meanwhile, the ink tank has been systematically reduced in size. "The strategy has been to nudge the consumer towards a high frequency of purchases," says David Connett, editor of The Recycler, a trade magazine covering the remanufacturing industry. "The big printer manufacturers have reduced the amount of ink in a cartridge, encrypted the chip technology, and used aggressive marketing tactics to discourage refills." Chris Brooks, technical director of industry group the UK Cartridge Remanufacturers Association, is more forthright: "The big printer companies do all they can to squeeze ever-increasing amounts of cash out of the poor consumer in exchange for less ink." Worst value, say the experts, are the colour cartridges. All three leading players, including Canon, sell single tri-colour cartridges ? cyan, magenta and yellow ? often with less than 2ml of ink per colour. "They're very bad value because when one of the three colours runs out the entire cartridge stops working," Dyckhoff says. "We always recommend people buy a printer with a separate cartridge for each colour." HP300 printer ink cartridge from 2002 (left) and 2010 (right). Photograph: David Robinson The shrinking amount of ink in cartridges has enabled manufacturers to offer a remarkable new product ? called "XL" (extra large) but almost exactly the same size as the standard cartridge. For example, HP makes the HP300, which contains 5ml of black ink and sells for about ?13. It also makes the HP300XL, which has more ink ? about 16ml ? and sells for around ?20-?25. But both are nearly identical in size. Indeed, some makers' "XL" cartridges may contain less ink than standard cartridges issued a few years ago. XL cartridges are an "insult" to the consumer, says Patrick Stead of cartridge recycler Environmental Business Products: "HP sells half-full cartridges, then sticks an 'XL' on, fills them up, and sells them for even more money. The difference in manufacturing costs is pennies. It's a shocking rip-off." The printer companies dispute that they are squeezing consumers to ramp up profits. "Focusing on any single factor such as the point of purchase, the up-front cost of the cartridge or printer, the cost per page, or the millilitres of ink in a given cartridge is not an accurate way to measure the cost of printing," HP said in a statement. It says consumers should focus on the cost per page of printing. It claims that on its Officejet Pro models, ink costs on a per-page basis have been maintained at the same levels since 2009. Epson, meanwhile, argues that print heads are more efficient compared with 10 years ago because of advances in technology. "They are able to produce a greater number of pages with an equivalent amount of ink," the company said in a statement. Of the leading manufacturers, Canon has been the least aggressive in its ink reduction, but volumes have still shrunk. Its recent PGI-525BK inkjet cartridge, for example, contains 19ml of ink compared with its 26ml BCI-3BK issued in 2005. The company has also introduced standard and XL cartridges. Critics accept there have been improvements in technology and modern print heads are more efficient. "But these improvements cannot justify a five-fold decrease in the amount of ink in a cartridge," Brooks says. "The cost of printer ink is the lowest it's ever been, a few euros for a litre. Many cartridges cost less than 50p to make. The mark-up is enormous. The consumer is paying far more pro-rata today than a decade ago for cartridges containing very little ink." There is an intense battle between manufacturers (HP, Epson and Canon) and "remanufacturers", represented by Brooks, who refill cartridges to sell at a discount. Remanufacturers have grabbed a third of UK sales, at the same time as counterfeit cartridges from China are flooding into the country. In addition, aggressive competition from new entrants such as Kodak, which threw itself into the market in the mid-2000s offering cheap plastic printers and even cheaper cartridges, has eaten into their bottom line. (Kodak said last year that it was pulling out of the inkjet market.) "The big three have seen a year-on-year erosion of their market share," Brooks says. "They had to do something drastic." The response has been to sell cheaper printers and recoup the money on low-ink cartridges, which consumers have to replace more often. A decade ago, the average household printer cost upwards of ?150, but today they retail for as little as ?30. Many new printers come with "start-up" cartridges that contain tiny amounts of ink so the owner has to buy new cartridges almost immediately. Others have embedded technology to block cheap refills. "The logic is simple," Stead says. "Once a consumer buys a HP printer they have to buy HP cartridges, no matter what they cost." Save while you print ? Beware really cheap cartridges, which run out in no time. XL cartridges cost more but do provide better value in the long run. ? Don't buy printers with single tri-colour cartridges. When one colour runs out the entire cartridge stops working even if there is plenty of ink left in the other two chambers. Buy a printer with a separate cartridge for each colour. ? A DIY kit ? ?5.47 at Asda, ?8 at Tesco ? provides enough ink to refill a cartridge up to six times. Jettec and JR have kits with 90ml of black ink, enough to fill some cartridges 45 times, for ?8-?10. But DIY refilling can be an incredibly messy business. ? Buy refilled cartridges, saving 20%-70% on branded originals. Try cartridgeworld.co.uk and viking-direct.co.uk. ? If you print mostly black-and-white documents, a laser printer uses toner, which lasts longer than ink. Page yield is in thousands rather than hundreds. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 25 10:48:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Feb 2013 11:48:44 -0500 Subject: [Infowarrior] - =?windows-1252?q?=93Six_Strikes=94_Anti-Piracy_Sc?= =?windows-1252?q?heme_Starts_Today=2C_With_Mystery_Punishments?= Message-ID: (Fire up your VPNs, people!! --rick) ?Six Strikes? Anti-Piracy Scheme Starts Today, With Mystery Punishments ? Ernesto ? February 25, 2013 http://torrentfreak.com/six-strikes-anti-piracy-scheme-starts-130225/ Today the controversial ?six-strikes? anti-piracy system kicks off in the United States. Soon the first BitTorrent users will receive so-called copyright alerts from their Internet provider and after multiple warnings subscribers will be punished. But, what these punishments entail remains a bit of a mystery. None of the participating ISPs have officially announced how they will treat repeat infringers and the CCI doesn?t have this information either. Today the MPAA and RIAA, helped by five major Internet providers in the United States, will start to warn BitTorrent pirates. The parties launched the Center for Copyright Information (CCI) and agreed on a system through which copyright infringers are warned that their behavior is unacceptable. After five or six warnings ISPs may then take a variety of repressive measures. The scheme was initially announced during the summer of 2011 and after a series of delays it goes live today. ?Over the course of the next several days our participating ISPs will begin rolling out the system,? CCI Executive Director Jill Lesser just announced. ?Practically speaking, this means our content partners will begin sending notices of alleged P2P copyright infringement to ISPs, and the ISPs will begin forwarding those notices in the form of Copyright Alerts to consumers,? she adds. Strangely enough, none of the Internet providers has officially announced what mitigation measures they will take to punish repeated infringers. TorrentFreak asked CCI to fill us in, but the organization doesn?t have this information either. ?Unfortunately the ISPs have not yet provided us with the exact mitigation measures,? a CCI spokesperson told us. From leaked information we previously learned that AT&T will block users? access to some of the most frequently visited websites on the Internet, until they complete a copyright course. Verizon will slow down the connection speeds of repeated pirates, and Time Warner Cable will temporarily interrupt people?s ability to browse the Internet. The two remaining providers, Cablevison and Comcast, are expected to take similar measures. None of the ISPs will permanently disconnect repeat infringers as part of the plan. Some skeptics have pointed out that the copyright alert system wont have much effect since there are many ways to beat the system. BitTorrent users, for example, can protect their privacy and prevent monitoring by using a VPN, proxy or seedbox. Alternatively, some determined pirates may switch to other platforms that are not monitored, including Usenet, cyberlockers, streaming sites or offline swapping. Those who use private BitTorrent trackers may be safe for now, but monitoring company MarkMonitor was advised to start eyeing these sites as well. For CCI and their partners these workarounds are not a major problem. They have said from the start that the program aims to educate the public, in particular more casual file-sharers. While the copyright alert system is much more reasonable than the equivalents in France and New Zealand, there is the worrying possibility that it will be used to gather evidence to start legal action against individuals. As we reported previously, Internet providers will have to inform copyright holders about which IP-addresses are repeatedly flagged. The MPAA and RIAA can then use this information to ask the court for a subpoena, so they can obtain the personal details of the account holder. This possibility was also confirmed by leaked documents from AT&T. ?After the fifth alert, the content owner may pursue legal action against the customer, and may seek a court order requiring AT&T to turn over personal information to assist the litigation,? AT&T explained. There?s no concrete indication that repeated infringers will be taken to court, and if this happens it?s not part of the copyright alert system. More on this, and the other missing details on the ?six strikes? system, will become clear during the coming months. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 26 08:42:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Feb 2013 09:42:01 -0500 Subject: [Infowarrior] - Non-profit responds to Ferrari lawsuit threat Message-ID: Non-profit Responds To Threatened Lawsuit From Ferrari By 'Remaking' Video To Hide The Ferrari http://www.techdirt.com/articles/20130224/22430522090/non-profit-responds-to-threatened-lawsuit-ferrari-remaking-video-to-hide-ferrari.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 26 08:42:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Feb 2013 09:42:26 -0500 Subject: [Infowarrior] - Reinventing the CIP Wheel again Message-ID: <01666CBD-8BC5-47B7-A93A-C501820F17F1@infowarrior.org> More talking about the problem and what to do about it than actually *doing* anything about it. 2013 governmental recommendation, meet 1997 governmental recommendation.....among other years, too. -- rick [Federal Register Volume 78, Number 38 (Tuesday, February 26, 2013)] "The National Institute of Standards and Technology (NIST) is conducting a comprehensive review to develop a framework to reduce cyber risks to critical infrastructure \1\ (the ``Cybersecurity Framework'' or ``Framework''). The Framework will consist of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks." http://cryptome.org/2013/02/nist13-0226.htm --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 26 10:24:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Feb 2013 11:24:53 -0500 Subject: [Infowarrior] - SCOTUS won't allow challenge to surveillance law Message-ID: <47B4E85C-FF7F-447B-91CC-133FB18258A8@infowarrior.org> Feb 26, 11:02 AM EST Court won't allow challenge to surveillance law By JESSE J. HOLLAND Associated Press http://hosted.ap.org/dynamic/stories/U/US_SUPREME_COURT_SURVEILLANCE WASHINGTON (AP) -- A sharply-divided Supreme Court on Tuesday threw out an attempt by U.S. citizens to challenge the expansion of a surveillance law used to monitor conversations of foreign spies and terrorist suspects. With a 5-4 vote, the high court ruled that a group of American lawyers, journalists and organizations can't sue to challenge the 2008 expansion of the Foreign Intelligence Surveillance Act (FISA) because they can't prove that the government will monitor their conversations along with those of potential foreign terrorist and intelligence targets. Justices "have been reluctant to endorse standing theories that require guesswork," said Justice Samuel Alito, who wrote for the court's majority. The Foreign Intelligence Surveillance Act, or FISA, was enacted in 1978. It allows the government to monitor conversations of foreign spies and terrorist suspects abroad for intelligence purposes. The 2008 FISA amendments allow the government to obtain from a secret court broad, yearlong intercept orders, raising the prospect that phone calls and emails between those foreign targets and innocent Americans in this country would be swept under the umbrella of surveillance. Without proof that the law would directly affect them, Americans can't sue, Alito said in the ruling. Despite their documented fears and the expense of activities that some Americans have taken to be sure they don't get caught up in government monitoring, they "have set forth no specific facts demonstrating that the communications of their foreign contacts will be targeted," he added. Alito also said the FISA expansion merely authorizes, but does not mandate or direct, the government monitoring. Because of that, he said, "respondents' allegations are necessarily conjectural. Simply put, respondents can only speculate as to how the attorney general and the Director of National Intelligence will exercise their discretion in determining which communications to target." Alito was joined in his decision by Chief Justice John Roberts and Justices Anthony Kennedy, Antonin Scalia and Clarence Thomas. Justice Stephen Breyer, writing in dissent, said that he would have allowed the lawsuit to move forward because he thinks "the government has a strong motive to listen to conversations of the kind described." "We need only assume that the government is doing its job (to find out about, and combat terrorism) in order to conclude that there is a high probability that the government will intercept at least some electronic communication to which at least some of the plaintiffs are party," Breyer said. "The majority is wrong when it describes the harm threatened plaintiffs as "speculative," Breyer said. He was joined in his dissent by Justices Ruth Bader Ginsburg, Sonia Sotomayor and Elena Kagan. A federal judge originally threw out the lawsuit, saying the plaintiffs lacked standing to sue. But the 2nd U.S. Circuit Court of Appeals reinstated the lawsuit. The Supreme Court was not considering the constitutionality of the expansion, only whether lawyers could file a lawsuit to challenge it in federal court. Alito re-emphasized that point, saying the decision did not insulate the FISA expansion from judicial review, and he suggested a couple of ways a challenge could be brought to court, including a scenario in which an American lawyer actually did get swept up in FISA monitoring. "It is possible that the monitoring of the target's conversations with his or her attorney would provide grounds for a claim of standing on the part of the attorney," Alito said. "Such an attorney would certainly have a stronger evidentiary basis for establishing standing than do respondents in the present case." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 26 11:03:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Feb 2013 12:03:10 -0500 Subject: [Infowarrior] - U. of Phoenix Expects to Be Placed on Probation by Its Accreditor Message-ID: <179CD6E3-6537-4B97-9D27-C6ADE7C0836B@infowarrior.org> February 25, 2013 U. of Phoenix Expects to Be Placed on Probation by Its Accreditor By Eric Kelderman http://chronicle.com/article/U-of-Phoenix-Expects/137565/ The University of Phoenix expects to be placed on probation by its accreditor this spring, the university's parent corporation announced on Monday. The proprietary college, which enrolls students both online and at more than 100 campuses across the country, is accredited by the Higher Learning Commission of the North Central Association of Colleges and Schools, one of the nation's six regional accrediting organizations. The university's owner, the Apollo Group Inc., made the announcement in a filing with the U.S. Securities and Exchange Commission, saying that a team of reviewers from the Higher Learning Commission had concluded that the university had insufficient autonomy from its corporate parent. Aside from the governance issue, the university was largely in compliance with the accreditor's standards, the filing said, though a draft report from the accrediting team also raised concerns about graduation and retention rates, assessing student learning, and the university's reliance on federal student aid, among other things. Accreditors also recommended probation for Western International University, another subsidiary of the Apollo Group. The recommendation to place Phoenix on probation was something of a surprise because Apollo announced in January that it expected the accreditor to put the university on notice, a less-serious status. In a written response to the draft recommendation, Mark Brenner, chief of staff for the Apollo Group, said that the company would appeal the recommendations for both universities, but would also work closely with the accreditor to resolve the problems. "We are confident that University of Phoenix and Western International University will be successful in achieving institutional reaffirmation," said Mr. Brenner in a written statement. Another Crackdown If the Higher Learning Commission's Board of Trustees approves putting Phoenix on probation, the university will probably have until the fall of 2014 to come into compliance with the accreditor's standards. The accreditation team also recommended that the university submit a report within three months outlining its plan to resolve the accreditor's concerns. While it's unlikely that the Higher Learning Commission will eventually reject the university's accreditation, the recommendations mark the latest action by the accreditor to crack down on for-profit colleges. In 2010 the commission rejected the sale of a small nonprofit college to a group of investors?the kind of sale that had been approved by the commission several times in previous years. The institution, Dana College in Nebraska, was forced to shut down. The commission has also taken a hard line on universities owned by Argosy Inc. and Bridgepoint Inc., which have most of their corporate operations outside the 19-state region that the accreditor oversees. The two companies subsequently applied for their colleges to be accredited by the Western Association of Schools and Colleges, another regional accreditor. After the Western Association rejected Bridgepoint's application to accredit Ashford University, the Higher Learning Commission used that organization's findings to put Ashford under "special monitoring" status. The accreditor is expected to decide this month if it will continue to accredit the college, with or without some sanction, or, in an extreme move, withdraw accreditation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 27 06:21:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Feb 2013 07:21:15 -0500 Subject: [Infowarrior] - Proposed (Goofy) Ban Could Kill Aerial Photography Message-ID: (c/o AJR) 4 hours ago 4 Comments http://fstoppers.com/proposed-ban-could-kill-aerial-photography David Bickley Proposed Ban Could Kill Aerial Photography Many states are struggling with how to deal with drone technology, more specifically ?mini-drones? and the adoption of UAV?s by law enforcement. Spurred by this, Senator Neal Kurk has recently proposed a bill to squash any sort of aerial imagery. The bill says this: "A person is guilty of a class A misdemeanor if such person knowingly creates or assists in creating an image of the exterior of any residential dwelling in this state where such image is created by or with the assistance of a satellite, drone, or any device that is not supported by the ground. This prohibition shall not apply where the image does not reveal forms identifiable as human beings or man-made objects. In this paragraph, ?dwelling? means any building, structure, or portion thereof which is occupied as, or designed or intended for occupancy as, a residence by one or more individuals." Does anything strike you as strange about this? First, the bill is offered up as a way to protect citizens from being spied on or documented. Most complaints from citizens revolve around the government?s use of these devices, not aerial photographers or even services like Google maps. Yet, the bill specifically excludes government officials and entities which effectively ignores the public?s actual subject of complaint. Second, is the section about ?forms identifiable as human beings or man-made objects.? That means no buildings, but would also include roads, power lines, vehicles, dumpsters, or even a rogue sock sitting in a field. What about man-made lakes? What makes a low altitude aerial photograph so different from one taken on the ground of the same subject? What if I?m coming in on a flight and snap a photo out the window of the city lights below me? Third is the fact that this is effectively a proposed ban on many people?s hobbies, and is some cases professions. What is the point of this ban in the end? Is it truly necessary? I could see banning aerial photography of government buildings, that makes sense. This blanket ban seems to be very poorly thought out to say the least. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 27 06:45:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Feb 2013 07:45:50 -0500 Subject: [Infowarrior] - OT: Inside the Battle of Hoth Message-ID: Amusing tactical analysis with classic military-history-esque graphics. Inside the Battle of Hoth http://www.wired.com/dangerroom/2013/02/battle-of-hoth/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 27 14:37:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Feb 2013 15:37:29 -0500 Subject: [Infowarrior] - Stop Calling Electronic Espionage Cyberwar Message-ID: <5CB36ED1-B4DB-444E-90B3-EBCDE1140FA2@infowarrior.org> Stop Calling Electronic Espionage Cyberwar http://www.techdirt.com/articles/20130226/10001622118/stop-calling-electronic-espionage-cyberwar.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 27 14:39:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Feb 2013 15:39:51 -0500 Subject: [Infowarrior] - =?windows-1252?q?Ragtime=3A_NSA=92s_Secret_Domest?= =?windows-1252?q?ic_Intelligence_Program_Revealed?= Message-ID: Ragtime: Code name of NSA?s Secret Domestic Intelligence Program Revealed in New Book ?Deep State? uncovers new details about the agency?s secretive and hugely controversial surveillance programs. By Shane Harris Published February 27, 2013 http://www.washingtonian.com/blogs/dead_drop/surveillance-state/ragtime-codename-of-nsas-secret-domestic-intelligence-program-revealed-in-new-book.php More than a decade after the 9/11 terrorist attacks, a set of extraordinary and secretive surveillance programs conducted by the National Security Agency has been institutionalized, and they have grown. These special programs are conducted under the code name Ragtime, and are divided into several subcomponents, according to the new book Deep State: Inside the Government Secrecy Industry, by Marc Ambinder and D.B. Grady. (I purchased a copy this morning.) The authors, both journalists who cowrote a previous book about special operations in the military, have dug deep into the code names and operational nitty gritty of the NSA's secretive and hugely controversial surveillance programs, and they've come up with impressive new details. Ragtime, which appears in official reports by the abbreviation RT, consists of four parts. Ragtime-A involves US-based interception of all foreign-to-foreign counterterrorism-related data; Ragtime-B deals with data from foreign governments that transits through the US; Ragtime-C deals with counterproliferation actvities; and then there's Ragtime-P, which will probably be of greatest interest to those who continue to demand more information from the NSA about what it does in the United States. P stands for Patriot Act. Ragtime-P is the remnant of the original President?s Surveillance Program, the name given to so-called "warrantless wiretapping" activities after 9/11, in which one end of a phone call or an e-mail terminated inside the United States. That collection has since been brought under law, but civil liberties groups, journalists, and legal scholars continue to seek more information about what it entailed, who was targeted, and what authorities exist today for domestic intelligence-gathering. Deep State has some answers. Only about three dozen NSA officials have access to Ragtime's intercept data on domestic counter-terrorism collection. That's a tiny handful of the agency's workforce, which has been pegged at about 30,000 people. As many as 50 companies have provided data to this domestic collection program, the authors report. If the NSA wants to collect information on a specific target, it needs one additional piece of evidence besides its own "link-analysis" protocols, a computerized analysis that assigns probability scores to each potential target. This is essentially a way to use a computer data-mining program to help determine whether someone is a national security threat. But the authors find that this isn't sufficient if NSA wants to collect on said target. And while the authors found that the Foreign Intelligence Surveillance Court rarely rejects Ragtime-P requests, it often asks the NSA to provide more information before approving them. How the surveillance is approved tells us a lot about the breadth of the NSA's intelligence gathering. The court and the Attorney General both certify a slate of approved targets under Ragtime-P, the authors find. That includes a certain amount of "bulk data"?such as phone call logs and records?that can be collected around those targets. An NSA official told the authors that Ragtime-P can process as many as 50 different data sets at one time. What happens next looks like a 21st-century data assembly line. At the NSA's headquarters in Fort Meade, Maryland, a program called Xkeyscore processes all intercepted electronic signals before sending them to different "production lines" that deal with specific issues. Here, we find another array of code names. Pinwale is the main NSA database for recorded signals intercepts, the authors report. Within it, there are various keyword compartments, which the NSA calls "selectors." Metadata (things like the "To" and "From" field on an e-mail) is stored in a database called Marina. It generally stays there for five years. In a database called Maui there is "finished reporting," the transcripts and analysis of calls. (Metadata never goes here, the authors found.) As all this is happening, there are dozens of other NSA signals activity lines, called SIGADS, processing data. There's Anchory, an all-source database for communications intelligence; Homebase, which lets NSA analysts coordinate their searches based on priorities set by the Director of National Intelligence; Airgap, which deals with missions that are a priority for the Department of Defense; Wrangler, an electronic intelligence line; Tinman, which handles air warning and surveillance; and more. Lest you get confused by this swirl of code names and acronyms, keep this image in mind of the NSA as a data-analysis factory. Based on my own reporting, the agency is collecting so much information every day that without a regimented, factory-like system, analysts would never have the chance to look at it all. Indeed, they don't analyze much of it. Computers handle a chunk, but a lot of information remains stored for future analysis. So who is monitoring this vast production to ensure that the communications of innocent Americans aren't spied on? Ambinder and Grady report that for the NSA's terrorism-related programs, the agency's general counsel's office regularly reveals "target folders," which contain the identities of those individuals who are under surveillance, "to make sure the program complied with the instruction to surveil those reasonably assumed to have connections to al-Qaeda." That the NSA is policing itself may come as small comfort to many critics of the Obama administration's intelligence programs. The size of the "compliance staff" that monitors this activity is only about four or five people, depending on what's available in the budget at any moment, the authors report. They also say that we cannot know whether the program is pushing beyond the boundaries of the law. However, outside the closed circle of about three dozen NSA employees who are read in to Ragtime, there more than 1,000 people "outside the NSA are privy to the full details of the program." If NSA is breaking the law, "how much longer can that secret last?" the authors ask. We have a preceding example to test this hypothesis, albeit in a limited fashion. In 2004, the senior leadership of the Justice Department and the FBI threatened to resign over what they saw as illegal collection activities at the NSA, collection activities that are still going on under Ragtime and under new surveillance law. Back then, James Comey, acting as Attorney General while John Ashcroft was in the hospital, refused to sign a set of certifications provided by the Justice Department to Internet, financial, and data companies, the authors report. Why? Comey believed that the justification for providing bulk data to the NSA wasn't sufficient. The administration's tortured logic "drove him bonkers. There was just no way to justify this," the authors report, quoting people who have spoken to Comey, who has never publicly said why he objected. Interestingly, the authors find that the parts of the program he was objecting to didn't implicate the Foreign Intelligence Surveillance Act. This comports with my own reporting in my book, The Watchers. The NSA was making "mirrors" of telecommunications databases, so that analysts could go through the data and mine it for clues. As it has been explained to me, the problem here dealt with how the government viewed its legal authorities to access data stored in computers, and whether analysts could dip back into it without specific authorizations. Importantly, this data consisted of that so-called "bulk data." It wasn't recorded phone calls or the text of e-mails. That information was governed by FISA--or should have been--because it was considered "content" under law, and that requires a warrant to obtain. The White House panicked when Comey and Ashcroft refused to sign off, Ambinder and Grady report, fearing that the companies on which NSA was depending for information would cut the agency off if they didn't get a signed order from the Attorney General himself. It took six months for the administration to reshape the program so that it comported with "interpretation of the metatdata provisions" that were promulgated by the Justice Department's Office of Legal Counsel. Had these officials resigned, it's unthinkable that the secrets of NSA's intelligence gathering activities would have stayed hidden. A year later, in 2005, they were revealed in part by the New York Times. Here, too, Ambinder and Grady have some new insights. It turns out that while the NSA's director, General Michael Hayden, was publicly excoriating the newspaper for disclosing the classified activities, he was privately glad that they withheld what he considered key operational details. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 27 16:31:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Feb 2013 17:31:48 -0500 Subject: [Infowarrior] - READ: petition to redefine 'milk' Message-ID: U.S. dairy industry petitions FDA to approve aspartame as hidden, unlabeled additive in milk, yogurt, eggnog and cream http://www.naturalnews.com/039244_milk_aspartame_FDA_petition.html#ixzz2M5mFDyrx < - > the International Dairy Foods Association (IDFA) and the National Milk Producers Federation (NMPF) have filed a petition with the FDA asking the FDA to alter the definition of "milk" to secretly include chemical sweeteners such as aspartame and sucralose. Importantly, none of these additives need to be listed on the label. They will simply be swept under the definition of "milk," so that when a company lists "milk" on the label, it automatically includes aspartame or sucralose. And if you're trying to avoid aspartame, you'll have no way of doing so because it won't be listed on the label. This isn't only for milk, either: It's also for yogurt, cream, sour cream, eggnog, whipping cream and a total of 17 products, all of which are listed in the petition at FDA.gov. < - > Learn more: http://www.naturalnews.com/039244_milk_aspartame_FDA_petition.html#ixzz2M8pADJr1 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 28 06:46:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Feb 2013 07:46:18 -0500 Subject: [Infowarrior] - Malware does some public good. (I think.) Message-ID: Moscow's speed cameras 'knackered' by MYSTERY malware Infection spread from cops to traffic gear - report By John Leyden ? Get more from this author Posted in Security, 28th February 2013 12:06 GMT http://www.theregister.co.uk/2013/02/28/malware_hobbles_moscow_speed_cams/ Malware has infected a Russian police computer network, knackering speed cameras in and around Moscow, according to reports. Broadsheet daily newspaper Izvestia reckons a server operated by the Office of Traffic Police was infiltrated by an unidentified Trojan. The infection has had a knock-on effect on the Arrow-ST system used to monitor key highways in and around the Russian capital, we're told. Cleaning up the mess has been complicated by the transfer of a government contract for the equipment's maintenance: SK Region, the supplier of the kit, handed the reins over to IntechGeoTrans earlier this year. The cameras should bring in 100 million roubles ($3.2m) per month in speeding fines, but the network apparently hasn't been working properly for at least two weeks. Some reports suggested it went wrong as early as the start of February. All this has sparked a massive political row: politicians blamed IntechGeoTrans for not sorting out the problem, but the company claimed it inherited a system in a state of chronic disrepair. A virus infection may be a secondary cause of failure at many of the 144 camera sites on the network: inspections of the gear at 13 locations revealed evidence that cameras were not connected to a power supply. Dirty glass lenses and corroded metal was also discovered. Site visits also uncovered malware on the hard disks within one of the cameras, which prevented the transfer of data. It appears initial cleanup attempts by IntechGeoTrans failed to remove the infection properly and the matter was handed over to anti-virus experts at Kaspersky Labs. Izvestia suggested that the malware got onto speed cameras as a result of infection of the traffic police system. A Google translation of Izvestia's coverage can be found here. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 28 06:48:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Feb 2013 07:48:13 -0500 Subject: [Infowarrior] - Big Food Is Making Us Sick Message-ID: <6BF3E162-923D-4464-8D9C-255353673DAA@infowarrior.org> Big Food Is Making Us Sick http://www.ritholtz.com/blog/2013/02/big-food-is-making-us-sick/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 28 07:37:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Feb 2013 08:37:14 -0500 Subject: [Infowarrior] - China now accuses US of cyberattacks Message-ID: <34AC63F8-F2E8-4F84-ACF3-2EE9C2F35315@infowarrior.org> 28 February 2013 Last updated at 07:04 ET US hackers attacked military websites, says China's defence ministry http://www.bbc.co.uk/news/world-asia-china-21615448 Hackers from the US have repeatedly launched attacks on two Chinese military websites, including that of the Defence Ministry, officials say. The sites were subject to about 144,000 hacking attacks each month last year, two thirds of which came from the US, according to China's defence ministry. The issue of cyber hacking has strained relations between the two countries. Earlier this month a US cyber security firm said a secretive Chinese military unit was behind "prolific hacking". Mandiant said that Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world. The White House has said that it has taken its concerns about cyber-theft to the highest levels of China's government. China denied the allegations, saying it was also the victim of cyber attacks. The US is yet to respond to these latest allegations from China. Attacks 'increased' "The Defence Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established," defence ministry spokesman Geng Yansheng is quoted by Reuters news agency as saying at a monthly press conference. He added that the number of attacks on these sites had steadily increased over the years. An analysis of the IP addresses involved showed that officials had ascertained that attacks from the US accounted for 62.9 percent of the attacks made on these two website in 2012, according to Mr Geng. He also said that reported US plans to expand its cyber warfare capabilities were unlikely to foster international collaboration. "We hope that the U.S. side can explain and clarify this," he said. It is believed to be the first time that Chinese officials have provided such details about alleged US-based attacks on their own systems. However, Beijing has been accused by several governments, foreign companies and organisations of carrying out extensive cyber espionage for many years, seeking to gather information and to control China's image. In late January, the New York Times said that hackers from China had "persistently" infiltrated the paper over the previous four months, saying the attacks had coincided with its reports into the wealth of the family of Chinese Premier Wen Jiabao. At the time China's foreign ministry dismissed those accusations as "groundless". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 28 08:16:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Feb 2013 09:16:52 -0500 Subject: [Infowarrior] - Lawmakers, vet groups panning Pentagon's new medal Message-ID: Lawmakers, vet groups panning Pentagon's new medal Thursday - 2/28/2013, 9:12am ET KEVIN FREKING Associated Press http://www.wtop.com/209/3235524/New-military-medal-trumps-Purple-Heart WASHINGTON (AP) -- The military's new medal for cyber warriors should get a demotion, according to veterans groups and lawmakers who say it shouldn't outrank such revered honors as the Bronze Star and the Purple Heart. The Distinguished Warfare Medal, announced by the Defense Department two weeks ago, is a sign of the changing nature of war, in which attacks conducted remotely have played an increasingly important role in gathering intelligence and killing enemy fighters and terrorists. It will recognize extraordinary achievement related to a military operation occurring after Sept. 11, 2001. But the Veterans of Foreign War and other groups say that ranking it ahead of the Bronze Star and Purple Heart is an injustice to those who served on the front-lines. On Wednesday, his first day on the job, Defense Secretary Chuck Hagel received a letter from the VFW about the medal, the first combat-related award to be created since World War II. John Hamilton, the group's commander in chief, said it's important to recognize drone pilots and others. "But medals that can only be earned in combat must outrank new medals earned in the rear," he said. Members of Congress are also getting involved. Five veterans now serving in the House introduced a bill that would prohibit the Defense Department from rating the medal equal to or higher than the Purple Heart. A medal's order of precedence refers to how it is supposed to be displayed, with the Medal of Honor getting top billing among nearly 60 medals and ribbons. Rep. Duncan Hunter, R-Calif., said that putting oneself in harm's way automatically raises the bar for a medal in a way that others cannot match no matter what amazing things they do. "It's still different if your lives are on the line. You got to differentiate and we'd like DOD to do that so I don't have to do this," said Hunter, who served two combat tours in Iraq and one in Afghanistan. There is no indication the Pentagon is rethinking the award or its ranking. "The Defense Department remains committed to honoring the remotely piloted aircraft operators and the cyber warriors as appropriate," said Pentagon spokesman George Little. "This is recognition of their significant contributions and the changing nature of warfare." The secretaries of the Army, Navy and Air Force are developing the criteria for the medal for each of the military services that will lay out what someone would have to do in order to qualify. The medal has been designed, but it has not yet been minted or created. Once the criteria are finalized, then troops can be nominated for the award. The backlash to the Pentagon's announcement includes an online petition to the White House that has been signed by more than 15,000 people. The petition calls the medal "an injustice to those who served and risked their lives" and says it should not be allowed to move forward as planned. The organizers need to get to 100,000 signatures to elicit a formal response from the administration, a threshold established by the Obama administration. John Bircher, a spokesman for the Military Order of the Purple Heart, said the veterans groups are not objecting to the medal at all -- just the ranking. He said some medals ranked ahead of the Purple Heart are achievement medals that can be earned outside of war time. What bothers many veterans is that the new Distinguished Warfare Medal appears be a war-time medal that trumps acts of valor, which he finds insulting. He said it's extremely rare for veterans' service organizations to publicly chastise the Defense Department, but the new medal risks being looked down upon by veterans. "These guys work relentless hours, and are dedicated and good at what they do, but it's completely different from the hardships of serving in combat and being on the battlefield," Bircher said. A spokesman for Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said the general has made clear that there will be very high standards for the award, which requires approval at the top service levels. The spokesman, Marine Col. David Lapan, said Dempsey believes the medal will be infrequently awarded because the bar for qualifying is so high. It is widely expected that the award could be handed out and the public may never know about it because the actions envisioned in the types of cyber, intelligence or drone operations that might qualify for the honor would often be classified as top secret. ___ Associated Press writers Lolita Baldor and Donna Cassata contributed to this report. Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.