From rforno at infowarrior.org Mon Jul 1 07:14:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jul 2013 08:14:10 -0400 Subject: [Infowarrior] - Misinformation on classified NSA programs includes statements by senior U.S. officials Message-ID: <50A9353E-A799-4913-ADE5-DF63772B34D4@infowarrior.org> Misinformation on classified NSA programs includes statements by senior U.S. officials By Greg Miller http://www.washingtonpost.com/world/national-security/misinformation-on-classified-nsa-programs-includes-statements-by-senior-us-officials/2013/06/30/7b5103a2-e028-11e2-b2d4-ea6d8f477a01_print.html Amid the cascading disclosures about National Security Agency surveillance programs, the top lawyer in the U.S. intelligence community opened his remarks at a rare public appearance last week with a lament about how much of the information being spilled was wrong. ?A lie can get halfway around the world before the truth gets its boots on,? said Robert Litt, citing a line often attributed to Mark Twain. ?Unfortunately, there?s been a lot of misinformation that?s come out about these programs.? The remark by Litt, general counsel for the Office of the Director of National Intelligence, was aimed at news organizations. But details that have emerged from the exposure of hundreds of pages of previously classified NSA documents indicate that public assertions about these programs by senior U.S. officials have also often been misleading, erroneous or simply false. The same day Litt spoke, the NSA quietly removed from its Web site a fact sheet about its collection activities because it contained inaccuracies discovered by lawmakers. A week earlier, President Obama, in a television interview, asserted that oversight of the surveillance programs was ?transparent? because of the involvement of a special court, even though that court?s sessions and decisions are sealed from the public. ?It is transparent,? Obama said of the oversight process. ?That?s why we set up the FISA court.? A remark by Litt?s boss, Director of National Intelligence James R. Clapper Jr., has perhaps drawn the most attention. Asked during a congressional hearing in March whether the NSA collected data on millions of Americans, Clapper replied, ?No, sir.? U.S. officials have cited a variety of factors to explain the discrepancies, including the challenge of speaking publicly and definitively about programs that remain classified and involve procedures and technical systems that are highly complex. Jane Harman, a former ranking Democrat on the House Intelligence Committee, said that speaking about secret programs can be a ?minefield? for public officials. ?Are people deliberately misleading other people? I suppose it can happen,? Harman said in an interview. Facts can be obscured through ?selective declassification that means you put out some pieces but not others,? she said. ?But I assume most people are acting in good faith.? Acknowledging the ?heated controversy? over his remark, Clapper sent a letter to the Senate Intelligence Committee on June 21 saying that he had misunderstood the question he had been asked. ?I have thought long and hard to re-create what went through my mind at the time,? Clapper said in the previously undisclosed letter. ?My response was clearly erroneous ? for which I apologize.? Beyond inadvertent missteps, however, an examination of public statements over a period of years suggests that officials have often relied on legalistic parsing and carefully hedged characterizations in discussing the NSA?s collection of communications. Obama?s assurances have hinged, for example, on a term ? targeting ? that has a specific meaning for U.S. spy agencies that would elude most ordinary citizens. ?What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails,? Obama said in his June 17 interview on PBS?s ?Charlie Rose Show.? But even if it is not allowed to target U.S. citizens, the NSA has significant latitude to collect and keep the contents of e-mails and other communications of U.S. citizens that are swept up as part of the agency?s court-approved monitoring of a target overseas. The law allows the NSA to examine such messages and share them with other agencies if it determines that the information contained is evidence of a crime, conveys a serious threat or is necessary to understand foreign intelligence. The threshold for scrutinizing other data not regarded as content but still potentially revealing is lower than it is for the contents of communications. A 2009 report by the NSA inspector general and obtained by The Washington Post indicates that the agency for years examined metadata on e-mails flowing into and out of the United States, including ?the sender and recipient e-mail addresses.? President George W. Bush at times engaged in similarly careful phrasing to defend surveillance programs in the years after the Sept. 11, 2001, attacks. In 2004, while calling for renewal of the Patriot Act, Bush sought to assuage critics by saying ?the government can?t move on wiretaps or roving wiretaps without getting a court order.? At the time, it had not yet been publicly disclosed that Bush had secretly authorized NSA surveillance of communications between U.S. residents and contacts overseas while bypassing the Foreign Intelligence Surveillance Court. When the wiretapping operation was exposed in the news media two years later, Bush defended it as a program ?that listens to a few numbers, called from outside of the United States, and of known al-Qaeda or affiliate people.? Subsequent revelations have made clear that the scope was far greater than his words would suggest. News accounts of the NSA programs have also contained inaccuracies, in some cases because of the source materials. Classified NSA slides that were published by The Post indicated that the NSA was able to tap directly into the servers of Google, Microsoft, Apple and other technology companies. The companies denied that they allowed direct access to their equipment, although they did not dispute that they cooperated with the NSA. Current and former U.S. officials have defended the programs, and some have called for greater transparency as a way of allaying concerns. ?I?m convinced, the more the American people know exactly what it is we are doing in this balance between privacy and security ? the more they know, the more comfortable they will feel,? Michael V. Hayden, former director of the NSA and CIA, told ?Face the Nation? on Sunday. ?Frankly, I think we ought to be doing a bit more to explain what it is we?re doing, why, and the very tight safeguards under which we?re operating.? For now, the crumbling secrecy surrounding the programs has underscored the extent to which obscuring their dimensions had served government interests beyond the importance of the intelligence they produced. Secret court rulings that allowed the NSA to gather phone records enabled the spy service to assemble a massive database on Americans? phone records without public debate or the risk of political blowback. The binding secrecy built into the PRISM program of tracking international e-mail allowed the NSA to compel powerful technology companies to comply with requests for information about their users while keeping them essentially powerless to protest. The careful depiction of NSA programs also served diplomatic ends. Until recently, the United States had positioned itself as such an innocent victim of cyber intrusions by Russia and China that the State Department issued a secret demarche, or official diplomatic communication, in January scolding Beijing. That posture became more problematic after leaks by the former NSA contractor and acknowledged source of the NSA leaks, Edward Snowden, who fled to Hong Kong and is thought to be stuck at Sheremetyevo International Airport in Moscow. Clapper?s testimony before the Senate Intelligence Committee in March has drawn comparisons to other cases in which U.S. intelligence officials faced, under oath, questions that to answer truthfully would require exposing a classified program. In 1973, then-CIA Director Richard Helms denied agency involvement in CIA operations in Chile, a falsehood that led to him pleading no contest four years later to misdemeanor charges of misleading Congress. There is no indication that lawmakers have contemplated pursuing such a course against Clapper, in part because he subsequently corrected his claim, although there is disagreement over how quickly he did so. Sen. Ron Wyden (D-Ore.), who had asked Clapper the question about information collection on Americans, said in a recent statement that the director had failed to clarify the remark promptly despite being asked to do so. Clapper disputed that in his note to the committee, saying his ?staff acknowledged the error to Senator Wyden?s staff soon after the hearing.? In early June, after the NSA leaks had brought renewed attention to Clapper?s ?No, sir,? Clapper cited the difficulty of answering a question about a classified program and said in an interview on NBC News that he had responded in the ?least most untruthful manner.? He made a new attempt to explain the exchange in his June 21 correspondence, which included a hand-written note to Wyden saying that an attached letter was addressed to the committee chairman but that he ?wanted [Wyden] to see this first.? Clapper said he thought Wyden was referring to NSA surveillance of e-mail traffic involving overseas targets, not the separate program in which the agency is authorized to collect records of Americans? phone calls that include the numbers and duration of calls but not individuals? names or the contents of their calls. Referring to his appearances before Congress over several decades, Clapper concluded by saying that ?mistakes will happen, and when I make one, I correct it.? Julie Tate contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 1 07:18:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jul 2013 08:18:28 -0400 Subject: [Infowarrior] - "Infrastructure Analyst" and Snowden Message-ID: <2E2F3738-939A-4EBC-B748-63F5878394D3@infowarrior.org> Job Title Key to Inner Access Held by Snowden By SCOTT SHANE and DAVID E. SANGER Published: June 30, 2013 http://www.nytimes.com/2013/07/01/us/job-title-key-to-inner-access-held-by-snowden.html WASHINGTON ? Intelligence officials refer to Edward J. Snowden?s job as a National Security Agency contractor as ?systems administrator? ? a bland name for the specialists who keep the computers humming. But his last job before leaking classified documents about N.S.A. surveillance, he told the news organization The Guardian, was actually ?infrastructure analyst.? It is a title that officials have carefully avoided mentioning, perhaps for fear of inviting questions about the agency?s aggressive tactics: an infrastructure analyst at the N.S.A., like a burglar casing an apartment building, looks for new ways to break into Internet and telephone traffic around the world. That assignment helps explain how Mr. Snowden got hold of documents laying bare the top-secret capabilities of the nation?s largest intelligence agency, setting off a far-reaching political and diplomatic crisis for the Obama administration. Even as some members of Congress have challenged the N.S.A.?s collection of logs of nearly every phone call Americans make, European officials furiously protested on Sunday after Mr. Snowden?s disclosure that the N.S.A. has bugged European Union offices in Washington and Brussels and, with its British counterpart, has tapped the Continent?s major fiber-optic communications cables. On Sunday evening, The Guardian posted an article saying documents leaked by Mr. Snowden show 38 embassies and missions on a list of United States electronic surveillance targets. Some of those offices belong to allies like France, Italy, Japan and Mexico, The Guardian said. Mr. Snowden, who planned his leaks for at least a year, has said he took the infrastructure analyst position with Booz Allen Hamilton in Hawaii in March, evidently taking a pay cut, to gain access to a fresh supply of documents. ?My position with Booz Allen Hamilton granted me access to lists of machines all over the world the N.S.A. hacked,? he told The South China Morning Post before leaving Hong Kong a week ago for Moscow, where he has been in limbo in the transit area of Sheremetyevo airport. ?That is why I accepted that position about three months ago.? A close reading of Mr. Snowden?s documents shows the extent to which the eavesdropping agency now has two new roles: It is a data cruncher, with an appetite to sweep up, and hold for years, a staggering variety of information. And it is an intelligence force armed with cyberweapons, assigned not just to monitor foreign computers but also, if necessary, to attack. After the 2001 terrorist attacks, the documents suggest, the N.S.A. decided it was too risky to wait for leads on specific suspects before going after relevant phone and Internet records. So it followed the example of the hoarder who justifies stacks of paper because someday, somehow, a single page could prove vitally important. The agency began amassing databases of ?metadata? ? logs of all telephone calls collected from the major carriers and similar data on e-mail traffic. The e-mail program was halted in 2011, though it appears possible that the same data is now gathered in some other way. The documents show that America?s phone and Internet companies grew leery of N.S.A. demands as the years passed after 9/11, fearing that customers might be angry to find out their records were shared with the government. More and more, the companies? lawyers insisted on legal orders to compel them to comply. So the N.S.A. came up with a solution: store the data itself. That is evidently what gave birth to a vast data storage center that the N.S.A. is building in Utah, exploiting the declining cost of storage and the advance of sophisticated search software. Those huge databases were once called ?bit buckets? in the industry ? collections of electronic bits waiting to be sifted. ?They park stuff in storage in the hopes that they will eventually have time to get to it,? said James Lewis, a cyberexpert at the Center for Strategic and International Studies, ?or that they?ll find something that they need to go back and look for in the masses of data.? But, he added, ?most of it sits and is never looked at by anyone.? Indeed, an obscure passage in one of the Snowden documents ? rules for collecting Internet data that the Obama administration wrote in secret in 2009 and that the Foreign Intelligence Surveillance Court approved ? suggested that the government was concerned about its ability to process all the data it was collecting. So it got the court to approve an exception allowing the government to hold on to that information if it could not keep up. The rules said that ?the communications that may be retained? for up to five years ?include electronic communications acquired because of the limitation on the N.S.A.?s ability to filter communications.? As one private expert who sometimes advises the N.S.A. on this technology put it: ?This means that if you can?t desalinate all the seawater at once, you get to hold on to the ocean until you figure it out.? Collecting that ocean requires the brazen efforts of tens of thousands of technicians like Mr. Snowden. On Thursday, President Obama played down Mr. Snowden?s importance, perhaps concerned that the manhunt was itself damaging the image and diplomatic relations of the United States. ?No, I?m not going to be scrambling jets to get a 29-year-old hacker,? the president said during a stop in Senegal. Mr. Obama presumably meant the term to be dismissive, suggesting that Mr. Snowden (who turned 30 on June 21) was a young computer delinquent. But as an N.S.A. infrastructure analyst, Mr. Snowden was, in a sense, part of the United States? biggest and most skilled team of hackers. The N.S.A., Mr. Snowden?s documents show, has worked with its British counterpart, Government Communications Headquarters, to tap into hundreds of fiber-optic cables that cross the Atlantic or go on into Europe, with the N.S.A. helping sort the data. The disclosure revived old concerns that the British might be helping the N.S.A. evade American privacy protections, an accusation that American officials flatly deny. And a secret presidential directive on cyberactivities unveiled by Mr. Snowden ? discussing the primary new task of the N.S.A. and its military counterpart, Cyber Command ? makes clear that when the agency?s technicians probe for vulnerabilities to collect intelligence, they also study foreign communications and computer systems to identify potential targets for a future cyberwar. Infrastructure analysts like Mr. Snowden, in other words, are not just looking for electronic back doors into Chinese computers or Iranian mobile networks to steal secrets. They have a new double purpose: building a target list in case American leaders in a future conflict want to wipe out the computers? hard drives or shut down the phone system. Mr. Snowden?s collection of pilfered N.S.A. documents has cast an awkward light on officials? past assurances to Congress and the public about their concern about Americans? privacy. It was only in March that James R. Clapper Jr., the director of national intelligence, told a Senate committee that the N.S.A. did not collect data on millions of Americans. Mr. Snowden?s records forced Mr. Clapper to backtrack, admitting his statement was false. Last week, two senators challenged even the accuracy of a fact sheet prepared by the N.S.A. to counter Mr. Snowden?s claims about the phone data and Internet collection programs. Agency officials did not defend themselves; the fact sheet simply disappeared, without explanation, from the agency?s Web site. Newly disclosed slides from an N.S.A. PowerPoint presentation on the agency?s Prism database of Internet data, posted on Saturday by The Washington Post, reveal that the F.B.I. plays a role as middleman between the N.S.A. and Internet companies like Google and Yahoo. The arrangement provides the N.S.A. with a defense, however nominal, against claims that it spies on United States soil. Even in the unaccustomed spotlight after the N.S.A. revelations, intelligence officials have concealed more than they have revealed in careful comments, fearful of alerting potential eavesdropping targets to agency methods. They invariably discuss the N.S.A.?s role in preventing terrorist attacks, an agency priority that the public can easily grasp. In fact, as Mr. Snowden?s documents have shown, the omnivorous agency?s operations range far beyond terrorism, targeting foreigners of any conceivable interest. British eavesdroppers working with the N.S.A. penetrated London meetings of the Group of 20 industrialized nations, partly by luring delegates to fake Internet cafes, and the N.S.A. hacked into computers at Chinese universities. At Fort Meade, on the N.S.A.?s heavily guarded campus off the Baltimore-Washington Parkway in Maryland, such disclosures are seen as devastating tip-offs to targets. The disclosure in Mr. Snowden?s documents that Skype is cooperating with orders to turn over data to the N.S.A., for example, undermined a widespread myth that the agency could not intercept the voice-over-Internet service. Warned, in effect, by Mr. Snowden, foreign officials, drug cartel leaders and terrorists may become far more careful about how, and how much, they communicate. ?We?re seeing indications that several terrorist groups are changing their communications behavior based on these disclosures,? one intelligence official said last week, speaking on the condition of anonymity. ?We?re going to miss tidbits that could be useful in stopping the next plot.? Mr. Snowden?s breach is an unplanned test of the N.S.A.?s decades-old conviction that it can operate effectively only under absolute secrecy. The agency is conducting a damage assessment ? a routine step after major leaks ? but the assessment itself is likely to remain classified. The N.S.A.?s assessment of Mr. Snowden?s case will likely also consider what has become, for intelligence officials, a chilling consideration: there are thousands of people of his generation and computer skills at the agency, hired in recent years to keep up with the communications boom. The officials fear that some of them, like young computer aficionados outside the agency, might share Mr. Snowden?s professed libertarian streak and skepticism of the government?s secret power. Intelligence bosses are keeping a closer eye on them now, hoping that there is not another self-appointed whistle-blower in their midst. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 1 07:36:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jul 2013 08:36:09 -0400 Subject: [Infowarrior] - Metadata's value, visualised Message-ID: Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet. By pushing the play button, you will set off on a trip through Malte Spitz's life. The speed controller allows you to adjust how fast you travel, the pause button will let you stop at interesting points. In addition, a calendar at the bottom shows when he was in a particular location and can be used to jump to a specific time period. Each column corresponds to one day. < -- > http://www.zeit.de/datenschutz/malte-spitz-data-retention/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 2 08:13:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jul 2013 09:13:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?Sen=2E_Durbin=3A_It=92s_time_to_?= =?windows-1252?q?say_who=92s_a_real_reporter?= Message-ID: Sen. Dick Durbin: It?s time to say who?s a real reporter BY SEN. DICK DURBIN June 26, 2013 6:32PM Updated: June 27, 2013 2:20AM http://www.suntimes.com/news/otherviews/20978789-452/sen-dick-durbin-its-time-to-say-whos-a-real-reporter.html Is each of Twitter?s 141 million users in the United States a journalist? How about the 164 million Facebook users? What about bloggers, people posting on Instagram, or users of online message boards like Reddit? In 1972 ? long before anyone had conceived of tweets or Facebook updates ? the Supreme Court, in Branzburg v. Hayes, considered whether journalists have a special privilege under the First Amendment to withhold the identity of their sources. Paul Branzburg, a reporter in Louisville, Ky., had written a series of articles about drug use in Kentucky that included anonymous quotes from drug users and a photograph of a pair of hands holding hashish. A grand jury ordered Branzburg to reveal the names of his sources. He refused and was held in contempt. In Branzburg?s case, the Supreme Court ruled that there was no absolute privilege for journalists to refuse to reveal sources to a grand jury. The ruling did, however, seem to recognize a qualified privilege for journalists. Today, some federal courts recognize a qualified privilege for journalists, while others do not. The vagueness of this decision has led 49 states, including Illinois, to recognize a journalist privilege by statute or common law. These laws state that a protected journalist cannot be compelled to disclose sources or documents unless a judge determines there is an extraordinary circumstance or compelling public interest. But who should be considered to be a journalist? For a few years now, a bill to protect journalists from revealing their sources and documents has been making its way through Congress. With no current federal statute recognizing a privilege for journalists, the so-called ?media shield? law attempts to establish one. Everyone, regardless of the mode of expression, has a constitutionally protected right to free speech. But when it comes to freedom of the press, I believe we must define a journalist and the constitutional and statutory protections those journalists should receive. The media informs the public and holds government accountable. Journalists should have reasonable legal protections to do their important work. But not every blogger, tweeter or Facebook user is a ?journalist.? While social media allows tens of millions of people to share information publicly, it does not entitle them to special legal protections to ignore requests for documents or information from grand juries, judges or other law enforcement personnel. A journalist gathers information for a media outlet that disseminates the information through a broadly defined ?medium? ? including newspaper, nonfiction book, wire service, magazine, news website, television, radio or motion picture ? for public use. This broad definition covers every form of legitimate journalism. To those who feel politicians shouldn?t define who a journalist is, I?d remind them that they likely live in one of the 49 states, like Illinois, where elected officials have already made that decision. The leaks of classified information about the NSA?s surveillance operations and an ongoing Justice Department investigation into who disclosed secret documents to the Associated Press have brought this issue back to the forefront and raised important questions about the freedom of speech, freedom of the press and how our nation defines journalism. It?s long past time for Congress to create a federal law that defines and protects journalists. Dick Durbin, a Democrat, is the senior senator from Illinois. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 2 08:17:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jul 2013 09:17:06 -0400 Subject: [Infowarrior] - Bitcoin mutual fund planned Message-ID: Venture Capital July 1, 2013, 8:53 pmComment Winklevoss Twins Plan First Fund for Bitcoins By NATHANIEL POPPER and PETER LATTMAN http://dealbook.nytimes.com/2013/07/01/first-name-in-the-first-fund-for-bitcoins-winklevoss/ Bitcoin has been promoted as an alternative crypto-currency that exists outside the realms of governments and central banks. Now, two backers of the digital money are seeking to bring bitcoin into the investing mainstream ? if they win the approval of the United States government. Cameron and Tyler Winklevoss, the twins best known for their part in the history of Facebook, filed a proposal with securities regulators on Monday that would allow any investor to trade bitcoins, just as if they were stocks. The plan involves an exchange-traded fund, which usually tracks a basket of stocks or a commodity, but in this case would hold only bitcoins. It is part of a broader effort to remove the stigma hovering over bitcoin and other online money endeavors, which have faced a barrage of regulatory questions and enforcement actions. Recently the world?s largest trading exchange for bitcoins, Mt.Gox, filed with the Treasury Department to register itself as a money services business and comply with money-laundering laws. The proposal from the twins, who already have sizable bitcoin holdings, is an audacious one: the Winklevoss Bitcoin Trust could send digital money from the realm of computer programmers, Internet entrepreneurs and a small circle of professional investors like themselves into the hands of retail investors ? virtually anyone with a brokerage account. ?The trust brings bitcoin to Main Street and mainstream investors to bitcoin,? said Tyler Winklevoss, co-founder of Math-Based Asset Services, which would operate the proposed fund. ?It eliminates the friction of buying and reduces the risks associated with storing bitcoin while offering similar investment attributes to direct ownership.? Their proposal has the advantage of coming from the desk of Kathleen Moriarty, a lawyer at Katten Muchin, who played a leading role in the creation of the first exchange-traded fund and popular gold- and silver-backed E.T.F.?s. But it is far from certain that securities regulators will approve. Even if they do, such a fund would face major challenges, including the current bottlenecks that stop bitcoins from being easily bought and sold. ?There are so many ways it could go wrong,? said Ugo Egbunike, a senior specialist in exchange-traded funds at the data company Index Universe. On Monday, several market participants suggested that the proposal was a long shot that was merely an attempt to legitimize the digital currency. But Cameron Winklevoss expressed confidence that regulators would bless the new investment. ?We have assembled a team that has successfully launched novel products before, and we firmly believe in the chances of success for this product,? he said. The filing is the latest eye-catching development in bitcoin?s history since it was founded by an anonymous hacker, or hackers, in 2009. Unlike traditional money, bitcoins exist in no physical form and are not backed by a central bank. Instead, the coins are created by a network of users who solve complex mathematical problems ? a method known as ?mining? ? to generate bitcoins. Only a finite number of bitcoins can be created ? 21 million ? with the current count at about 11 million. A limited number of stores and Web sites are accepting bitcoin as payment, but for now it is primarily a vehicle for speculators. ?The value of bitcoins is determined by the value that various market participants place on bitcoins through their transactions,? the brothers? filing says. The currency grabbed the attention of global markets in April when the value of a single bitcoin spiked to more than $250 from $110, before plummeting. While there were questions about the survival of the currency, the value of a bitcoin has recently hovered around $100, making the total market worth about $1 billion. During the April swoon, the Winklevosses went public with their own bitcoin hoard, amounting to about 1 percent of all outstanding coins, or about $10 million. Bitcoins can currently only be bought and sold on informal computer networks and on online marketplaces that require substantial technological savvy and are far more complicated than traditional exchanges. The inaccessibility, and the limited quantity of bitcoins, appeal to users who are skeptical of governments and central banks. But it has made the system vulnerable at times to hackers and technology flaws. An exchange-traded fund would make it significantly easier to gain exposure to bitcoins, just as commodities-based funds have made investing in gold, silver and other precious metals more accessible. The Winklevoss fund would buy one bitcoin for every five shares, making the value of a single share worth about a fifth of a single bitcoin. Regulated trading desks would have to handle the daily buying and selling of the shares. The company operated by the Winklevosses would have a proprietary method for storing the fund?s bitcoin holdings and would charge an annual management fee, which is not specified in the filing. Monday?s submission comes at a precarious time for digital money. In May, the operators of another online currency, Liberty Reserve, were indicted on charges that they facilitated billions of dollars of money laundering. Both before and after that, state and federal regulators were scrutinizing many players in the growing bitcoin economy, including the largest place to buy and sell the coins, the Tokyo-based Mt.Gox. Before Mt.Gox registered with the Treasury Department?s Financial Crimes Enforcement Network, some of its accounts in the United States were frozen. The company temporarily stopped its American customers from cashing out while it said it was ?making improvements.? Mt.Gox?s difficulties highlight the risks that could confront the owner of shares in a bitcoin fund. The securities filing made Monday has 18 pages of ?risk factors,? noting, among other concerns, the heavy presence of speculators and ?an uncertain regulatory landscape.? Mr. Egbunike said regulators may hesitate to approve the proposal because of the questions surrounding bitcoins and recent scrutiny of exchange-traded funds more broadly. While such funds have made the buying and selling of commodities and other complicated financial assets easier for retail investors, they have given these investors access to products that they may not understand. For current bitcoin aficionados, an E.T.F. could diminish the currency?s free-spirited appeal. But even if the Winklevosses? proposal fails, some industry experts said that it marks a significant signpost in the push to give virtual currencies at least a veneer of respectability. ?Digital currencies are not going away,? said Carol Van Cleef, the head of law firm Patton Boggs?s emerging-payments practice. ?And as bitcoin rises in popularity, you?re going to see traditional financial products and serv --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 2 08:22:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jul 2013 09:22:11 -0400 Subject: [Infowarrior] - Snowden's Asylum Status Message-ID: <7831E46F-B332-42FC-A2B5-1F8CFAC59AC2@infowarrior.org> Snowden Withdraws Russia Asylum Request, As Nine Countries Deny Application Submitted by Tyler Durden on 07/02/2013 09:13 -0400 Things are turning from bad to worse for the real-life version of The Terminal's Edward Snowden, who a day after applying to 21 countries for political asylum has been flooded with rejection letters near and far, even as he was forced to cancel his application to his current host nation, Russia, after being told he would have to stop leaking secrets as a condition to stay. More from the FT: "The 30-year-old fugitive?s options narrowed further on Tuesday when China reacted coolly to the idea of him moving there, Poland rejected an application and other European nations said asylum requests had to be made in the country." Of the 21 applicants listed yesterday, so far 9 countries have rejected his asylum status application. These include: ? Austria ? Brazil ? Ecuador ? Finland ? India ? Ireland ? Norway ? Poland ? Spain And with Russia now out of the running too, 10 out of 21 on the original list are out. The bulk of these countries rejected the application on a technicality, claiming that the applicant must be on their soil before he or she can be granted asylum status. The countries still remaining on the eligible list include: ? Bolivia ? China ? Cuba ? France ? Germany ? Iceland ? Italy ? the Netherlands ? Nicaragua ? Switzerland ? Venezuela Of the above 11 Venezuela appears to be his best bet: ?[Snowden] deserves the world?s protection. He has not asked us for it yet. When he does we will give our answer,? Venezuela's new president M?duro told Reuters during a visit to Moscow. ?We think this young person has done something very important for humanity, has done a favour to humanity, has spoken great truths to deconstruct a world that?.?.?.?is controlled by an imperialist American elite.? Maduro added that his government had yet to receive a request, despite it being on the WikiLeaks list, but that he sympathised with the man wanted by Washington on spying charges. What is shocking is how quickly Snowden's original destination, Ecuador, flipped a U-turn on his request. One wonders just what revealing pictures of Maduro the NSA must have in its Utah facility. < - > http://www.zerohedge.com/news/2013-07-02/snowden-withdraws-russia-asylum-request-nine-countries-deny-application From rforno at infowarrior.org Tue Jul 2 10:27:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jul 2013 11:27:15 -0400 Subject: [Infowarrior] - Must read: America's founders would be horrified at this United States of Surveillance Message-ID: <727A6F05-27E4-48A3-9EAF-91A6E9549459@infowarrior.org> America's founders would be horrified at this United States of Surveillance How did we become so fearful and timid that we've given away essential liberties? Some are even afraid to speak up ? Dan Gillmor ? guardian.co.uk, Tuesday 2 July 2013 11.05 EDT ? Jump to comments (6) http://www.guardian.co.uk/commentisfree/2013/jul/02/july-fourth-america-liberty-not-same I'm a longtime subscriber to an Internet mail list that features items from smart, thoughtful people. The list editor forwards items he personally finds interesting, often related to technology and/or civil liberties. Not long after the Guardian and Washington Post first started publishing the leaks describing the National Security Agency's vast surveillance dragnet, an item appeared about a White House petition urging President Obama to pardon Edward Snowden. The post brought this reply, among others: "Once upon a time I would have signed a White House petition to this administration with no qualms. Now, however, a chilling thought occurs: what 'watch lists' will signing a petition like this put me on? NSA? IRS? It's not a paranoid question anymore, in the United States of Surveillance." As we Americans watch our parades and fire up our grills this 4 July, the 237th anniversary of the Declaration of Independence ? the seminal document of the United States ? we should take the time to ask ourselves some related questions: how did we come to this state of mind and behavior? How did we become so fearful and timid that we've given away essential liberties? Do we realize what we're giving up? What would the nation's founders think of us? No one with common sense believes Obama is planning to become a dictator. But the mail list question question was indeed not paranoid ? because Obama, building on the initiatives of his immediate predecessors, has helped create the foundation for a future police state. This has happened with bipartisan support from patriotic but short-sighted members of Congress and, sad to say, the general public. The American media have played an essential role. For decades, newspaper editors and television programmers, especially local ones, have chased readers and ratings by spewing panic-inducing "journalism" and entertainment that helped foster support for anti-liberty policies. Ignorance, sometimes willful, has long been part of the media equation. Journalists have consistently highlighted the sensational. They've ignored statistical realities to hype anecdotal ? and extremely rare ? events that invite us to worry about vanishingly tiny risks and while shrugging off vastly more likely ones. And then, confronted with evidence of a war on journalism by the people running our government, powerful journalists suggest that their peers ? no, their betters ? who had the guts to expose government crimes are criminals. Do they have a clue why the First Amendment is all about? Do they fathom the meaning of liberty? The founders, for all their dramatic flaws, knew what liberty meant. They created a system of power-sharing and competition, knowing that investing too much authority in any institution was an invitation to despotism. Above all, they knew that liberty doesn't just imply taking risks; it absolutely requires taking risks. Among other protections, the Bill of Rights enshrined an unruly but vital free press and guaranteed that some criminals would escape punishment in order to protect the rest of us from too much government power. How many of those first 10 amendments would be approved by Congress and the states today? Depressingly few, one suspects. We're afraid. America has gone through spasms of liberty-crushing policies before, almost always amid real or perceived national emergencies. We've come out of them, to one degree or another, with the recognition that we had a Constitution worth protecting and defending, to paraphrase the oath federal office holders take but have so casually ignored in recent years. What's different this time is the surveillance infrastructure, plus the countless crimes our lawmakers have invented in federal and state codes. As many people have noted, we can all be charged with something if government wants to find something ? the Justice Department under Bush and Obama has insisted that simply violating an online terms of service is a felony, for example. And now that our communications are being recorded and stored (you should take that for granted, despite weaselly government denials), those somethings will be available to people looking for them if they decide you are a nuisance. That is the foundation for tyranny, maybe not in the immediate future but, unless we find a way to turn back, someday soon enough. You may believe there's no possibility of America turning into a thugocracy, that the amassed information ? conversations, business dealings, personal health and financial data, media consumption, gun records and so much more ? will never be systematically misused that way. But even if you do, ask yourself this: if a young employee of one of the countless private companies administering the surveillance state could get access to so much for idealistic reasons, how vulnerable is this material to people with baser motives? Do you suppose corporate spies or foreign security services might be able to tempt some of the holders of this information with money, or find others who are vulnerable to blackmail? We're creating the ultimate treasure chest of information, and it's value is nearly limitless. America's founders would be horrified at what we've done, and what we've become. They would have denounced our secret laws, Kafka-esque "no fly lists" and so many other recent creations of power-grabbing presidents emboldened by feeble lawmakers and compliant courts. While they wouldn't have understood the modern concept of privacy ? though they've have wanted to protect it once they did understand ? they would have engineered checks and balances to prevent today's wholesale abuses, made so much worse by active corporate participation, reluctant or not, in the digital dragnets. I live in California. My senior US senator, Dianne Feinstein, is a former prosecutor and acts like it. In her no doubt sincere desire to protect Americans from harm, she has been a consistent Democratic enabler of untrammeled presidential and law-enforcement powers. She calls Edward Snowden, a whistleblower who unquestionably broke the law, a traitor. But he pulled back the curtain on an increasingly lawless surveillance state. She has helped shred the Bill of Rights. Who, in the end, will have done more to "preserve and protect the Constitution"? For me, that's an easy call. Will we confront what's happening and move now to change our trajectory? There are glimmerings of rationality amid the fear-mongering, including the public's growing understanding ? despite politicans' foot-dragging and the media's longstanding refusal to do its job on this issue, like so many others ? that the war on (some) drugs has been an international catastrophe and, at home, a useful tool for those who'd curb liberty. Obama says he wants to have a "conversation" about surveillance, even though his administration works mightily to keep so much of its workings ? on these and other matters ? secret from the American public, Congress and the judiciary other than opaque, rubber-stamp courts. What we really need is a larger conversation about state power and the actual risks we face, with context and clarity. In the process we need to confront the people who amass power and profits by fueling the ever-expanding, increasingly militarized surveillance state, and insist that they explain and justify what they're doing. Their "trust us" nostrums are hollow. I don't know what the American public will conclude if we ever have that conversation. I would do whatever I could to help everyone understand that a surveillance society is profoundly un-American. I implore journalists to be part of the truth-telling, to take a stand for the Bill of Rights by doing their jobs as the founders intended. If we're to preserve the risk-filled but noble American experiment of trusting people with liberty, we'd all best get started. I'm proudly American, in large part because we've so often faced hard facts and ultimately, if belatedly, done what's right. I have faith that the American people want the unadorned truth and will think through what's at stake this time ? and that they'll take to heart Benjamin Franklin's eternally wise admonition: "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 2 20:50:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jul 2013 21:50:07 -0400 Subject: [Infowarrior] - DNI: 'I forgot about the Patriot Act' Message-ID: Clapper: I gave 'erroneous' answer because I forgot about Patriot Act Intelligence chief tries to explain false Senate testimony by saying he 'simply didn't think' of NSA efforts to collect phone data ? Spencer Ackerman ? guardian.co.uk, Tuesday 2 July 2013 15.59 EDT ? Jump to comments (95) http://www.guardian.co.uk/world/2013/jul/02/james-clapper-senate-erroneous The most senior US intelligence official told a Senate oversight panel that he ?simply didn?t think? of the National Security Agency?s efforts to collect the phone records of millions of Americans when he testified in March that it did ?not wittingly? snoop on their communications. James Clapper, the director of national intelligence, made the comments in a letter to the Senate intelligence committee, released in full for the first time on Tuesday. Portions of the letter, in which Clapper apologised for giving ?clearly erroneous? testimony at a March hearing of the committee, were first reported by the Washington Post on Monday. Clapper had previously said that his answer to the committee was the ?least untruthful? one he could publicly provide. In the full letter, Clapper attempted to explain the false testimony by saying that his recollection failed him. ?I simply didn?t think of Section 215 of the Patriot Act,? he wrote to committee chairwoman Dianne Feinstein (Democrat, California) on 21 June, referring to the legal provision cited to justify the mass collection of Americans? phone data, first disclosed by the Guardian. Clapper is under intense pressure from legislators displeased by his March testimony to the Senate intelligence committee?s Ron Wyden (Democrat, Oregon) that the NSA did ?not wittingly? collect, as Wyden put it, ?any type of data at all on millions or hundreds of millions of Americans.? In his newly released letter, Clapper told Feinstein that his remarks were ?clearly erroneous,? and he issued them because he was thinking instead of a different aspect of surveillance, the internet content collection of persons NSA believes to be foreigners outside of the United States. ?I apologize,? Clapper wrote. ?While my staff acknowledged the error to Senator Wyden?s staff soon after the hearing, I can now openly correct it because the existence of the metadata program has been declassified.? In statements for the past month, Wyden and his staff have said they told Clapper before the fateful hearing that he would face the question, and contacted his staff afterward to correct the record. ?The ODNI [Office of the Director of National Intelligence] acknowledged that the statement was inaccurate but refused to correct the public record when given the opportunity. Senator Wyden's staff informed the ODNI that this was a serious concern,? Wyden spokesman Tom Caiazza said on Monday. Clapper?s letter does not acknowledge that he had earlier told Andrea Mitchell of NBC News that he provided Wyden with the ?least most untruthful? answer he could publicly offer, likening the question ?in retrospect? to a ?stop beating your wife kind of question.? A spokesman for Clapper declined to comment on the discrepancy. Clapper has said in the past that public testimony on intelligence matters places spymasters in difficult positions. ?An open hearing on intelligence matters is something of a contradiction in terms,? Clapper told the Senate intelligence panel on March 12, while saying he believed it was ?important to keep the American public informed.? Clapper is under fire from legislators critical of his truthfulness. On Friday, 26 senators ? more than a quarter of the Senate ? signed a letter to Clapper suggesting that the surveillance may go beyond phone records and online communications, extending under interpretations of the Patriot Act to ?credit card purchases, pharmacy records, library records, firearms sales records? and more. But Clapper has his supporters as well. In addition to the White House, which is standing beside him, a former NSA lawyer and inspector general, Joel Brenner, wrote on Tuesday that Wyden engaged in a ?vicious tactic? that ?sandbagged? Clapper. Wyden ?lacked the courage of his conviction,? Brenner wrote on the influential national-security blog Lawfare, and placed Clapper ?in the impossible position of answering a question that he could not address truthfully and fully without breaking his oath not to divulge classified information.? It is unclear when Clapper will publicly testify next. He sat out the House intelligence committee?s June 19 hearing on the NSA surveillance. Aides to Feinstein said that no hearing with Clapper is currently scheduled, although Feinstein is open to one. The next opportunity for one might come as early as next week. Clapper told Mitchell on June 9 that Feinstein had asked him to look at ?ways where we can refine these [surveillance] processes and limit the exposure to Americans? private communications,? adding that ?we owe her an answer in about a month.? A spokesman for Clapper had no comment on the director?s progress in examining restrictions to the surveillance efforts. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 3 07:45:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jul 2013 08:45:34 -0400 Subject: [Infowarrior] - State Department utilizing college talent virtually Message-ID: State Department utilizing college talent virtually http://www.federalnewsradio.com/?nid=526&sid=3377538 Tuesday - 7/2/2013, 4:43pm EDT By Melissa Dawkins Special to Federal News Radio Employees and contractors of the State Department and the U.S. Agency for International Development can now post nonsensitive online projects for college-student volunteers to complete. Anyone with a State.gov or USAID.gov email address can sign up and post any short "challenge" that does not require a security clearance or any special permissions to complete. Students enrolled in colleges and universities then work remotely on a volunteer basis to complete the online projects. Any student with a .edu email address can sign up to volunteer on the microtasks. The State Department launched the microvolunteering platform as the "world's first entirely-online student foreign service" through the Virtual Student Foreign Service (VSFS) program. The Robertson Foundation for Government, a nonprofit family foundation that encourages U.S. graduate students to pursue careers in the federal government, supports the website. State Department employees and college volunteers are connected via Sparked.com, an independent microtasking platform. On the site, employees and contractors post "challenges" to interested volunteer students. They may delegate almost any task to student volunteers, as long as the assignment follows a few guidelines. No clearance is required to post "challenges," according to the website. Most tasks are designed for students to complete in two minutes to two hours. The microvolunteering initiative grew out of VSFS's eInternship program ? administered by the Bureau of Information Resource Management's Office of eDiplomacy ? which selects qualified undergraduate, graduate, and post-graduate students to partner with U.S. diplomatic posts overseas while the students work remotely on digital-based diplomacy projects. While any U.S. student can volunteer to do short tasks through the Sparked.com platform, students must go through an application process to be selected for an eInternship. eInterns complete longer projects as part of their nine-month program. Applications for the 2013-2014 school year eInternships opened July 2 on USAJobs.gov, and VSFS will continue to accept submissions through July 20. Prospective applicants indicate projects they're interested in and the selected eInterns complete projects assigned by Foreign Service Officers. Selected students intern online for 5 to 10 hours per week through the fall and spring semesters. These students complete all assignments from their college or university campuses; eInterns don't travel abroad or to the State Department. Many of the available eInternships have a social media, digital media or online component. Bilingual interns may also help with translation tasks. In addition to the State Department and USAID, the Agriculture and Commerce departments, the U.S. Commercial Service, the Board of Governors (BBG), the Education Department, the Smithsonian Institution, EducationUSA, the American Foreign Service Association (AFSA) and the Interior Department all have positions available for eInterns for the 2013-2014 VSFS internship program. VSFS has 276 projects available for virtual interns selected for the 2013-2014 program. Only U.S. citizens are considered for eInternships. Neither students selected for eInternships, nor students completing microvolunteer projects through VSFS, receive monetary compensation. In 2009, Secretary of State Hillary Clinton launched the eInternship program. The microvolunteering program was introduced in 2012. Last year, the State Department and participating agencies had 343 eIntern positions in conjunction with 44 different countries. Melissa Dawkins is an intern for Federal News Radio --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 3 08:37:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jul 2013 09:37:26 -0400 Subject: [Infowarrior] - More Sony DRM nuttiness Message-ID: <2ACC5239-2F1B-4714-A72D-F4CD92CF71B5@infowarrior.org> Sony: New Video Players Should Be Internet Connected to Beat Pirates ? Andy ? July 3, 2013 http://torrentfreak.com/sony-video-players-should-be-internet-connected-to-beat-pirates-130703/ The Anti-Piracy and Content Protection Summit in Los Angeles last week had a number of interesting speakers, not least Sony Pictures CTO Spencer Stephens. With Sony just confirming that its new 4K player will debut in weeks, Stephens has revealed his wish-list for future 4K content protection. In addition to watermarking files with the identity of the user, the Sony CTO says that 4K players should have an Internet connection in order authenticate each video playback. Earlier this year, Sony announced its new FMP-X1 4K Ultra HD Media Player in preparation for bringing the highest quality video available into homes around the world. 4K video will bring a resolution of 3840 ? 2160 to the market, with the 4K referencing the almost-4000 pixel horizontal resolution. Just this week Sony confirmed that its new device, which is only compatible with Sony?s own 4K TVs, will be arriving in homes from July 15th . Priced at $699, the player will require activation via the 4KActivation.com website. Sony also named its new online 4K content distribution service which is due to launch later in the year. Video Unlimited 4K will offer movies and TV shows for direct download to its 4K player. How the studios intend to protect their 4K content from piracy going forward has not been publicly outlined. However, during last week?s Anti-Piracy and Content Protection Summit in Los Angeles, Sony Pictures CTO Spencer Stephens gave a presentation which included his company?s wish-list for 4K DRM. Bill Rosenblatt, who spoke at the summit for his company GiantSteps Media, notes that Stephens described the introduction of 4K as an opportunity to start with a fresh anti-piracy design. This, along with Sony?s ?wish-list?, suggests that the final approach is yet to be agreed. Nevertheless, at this stage Sony appears to be clear on its DRM requirements. Although fairly predictable, they aren?t going to win them many fans. After the infamous cracking of HDCP, Sony is backing HDCP 2.2 (spec here, pdf) to protect the digital outputs of its devices from unauthorized video capture. HDCP 2.2 also has a ?localization? feature, which limits the distance over which an HDCP player will feed content to a receiver such as a TV. This should stop people playing HDCP-protected content over the Internet. Next, Sony wants each video title to be unique, meaning that the cracking of one piece of content doesn?t open up the floodgates to everything else. The company also wants video playback to take place in a Trusted Execution Environment (TEE), ensuring that sensitive data is processed and protected in a secure manner while allowing software upgrades. And now the intrusive stuff. Sony says it wants 4K content to be watermarked with the identity of the device or user who downloaded it, meaning that should the above countermeasures become cracked at some point, it will be possible to trace content back to its original owner. It won?t necessarily follow that those individuals are responsible for any ?leak? but they could forever associated with that content if it should. Of particular interest given all the fuss over Xbox One?s former requirement to be connected to the Internet on a daily basis (and Sony?s response of needing no such thing for PS4), is Sony?s final wish-list item for 4K. If the company has its way, all 4K players will need to authenticate themselves online before each and every playback. This will enable content providers to identify both unauthorized content and hacked players. However, if you are a legitimate customer with no Internet connection ? permanently or temporarily ? content will not play on your 4K device. It?s becoming increasingly clear that content providers are viewing the Internet as a means to remain in constant contact with ?their? hardware and content wherever it may be. Going forward that will provide an unprecedented level of control. At least, that?s the plan. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 3 13:53:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jul 2013 14:53:30 -0400 Subject: [Infowarrior] - Anti-NSA Web Protests On July 4th Message-ID: WordPress.org, Reddit, Mozilla & Others Will Participate In Anti-NSA Web Protests On July 4th Sarah Perez posted 41 mins ago http://techcrunch.com/2013/07/03/wordpress-org-reddit-mozilla-others-will-participate-in-anti-nsa-web-protests-on-july-4th/ A number of high-profile websites will be taking part in an online protest tomorrow against the National Security Agency (NSA)?s surveillance of online activity and phone calls. The protest is organized by non-profit organization Fight for the Future, and will see participation from thousands of sites, including WordPress.org, Namecheap, Reddit, 4chan, Mozilla, Fark, TOR, Cheezburger, Demand Progress, MoveOn, and EFF, among others. However, none of the tech companies ? like Facebook or Google ? whose cooperation with the NSA was outed in the PRISM reveal will be involved in tomorrow?s events. The online protest is being described as a website and media takeover, where visitors will see the 4th Amendment plastered over sites in banners. There are also a number of blog posts planned, as well as proposed TV ads (see below). In WordPress?s case, the open source WordPress community will be involved, but WordPress.com users supported by Automattic will not be affected, unless they choose to participate themselves by blogging or posting banners of their own. The online component to this project was built by Fight for the Future, which also runs related efforts at the Internet Defense League and the ?take action now? site callforfreedom.org, which will serve as the main landing page for tomorrow?s campaign. The group has also helped build StopWatching.Us, a movement backed by a number of technical and political organizations, including also Mozilla, the Electronic Frontier Foundation, Reddit, and the ACLU. Fight for the Future likens tomorrow?s event to the previous anti-SOPA protests, which rallied Internet users against a misguided bill known as the ?Stop Online Piracy Act,? that had been criticized due to how it would harm existing web companies? ability to do business in the name of fighting piracy. Those protests were more dramatic in nature, seeing complete blackouts of websites and other content on sites like Wikipedia, Reddit, Flickr, and others, before Congress dropped the bill. No sites will be blacked out tomorrow, but rather the campaign will direct visitors to a website where they?ll be prompted to sign an online petition, call Congress, make donations to fund TV campaigns, or even join offline protests in the real world, put together by a group called Restore the Fourth. This organization, a grassroots, nonpartisan movement, is planning to hold protests in over 100 cities across the U.S., tying the July 4th holiday to the Fourth Amendment which states: ?the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated?? The StopWatching.Us campaign, which will benefit from the exposure raised by the online protests, has already gained over 539,769 signatures (as of the time of writing) on its petition to U.S. Congress demanding that a special committee be formed to investigate the PRISM allegations. Its letter asks for ?legal reforms to rein in spying and that public officials responsible for this unconstitutional surveillance be held accountable for their actions,? including specifically a reform of Section 215 of the Patriot Act (the section that allowed the NSA to get phone records from all the major U.S. phone companies) reform of the FISA Amendment, and changes to the state secrets privilege. According to Fight for the Future co-founder Tiffiniy Cheng, the momentum from the related online movements will be combined. ?We?re going to deliver [our signatures] to Congress, and combine the total number with the StopWatching.Us petition numbers,? she says. ?There has been an in-person delivery early on with the StopWatching.Us numbers, we?ll probably do another.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 3 16:18:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jul 2013 17:18:21 -0400 Subject: [Infowarrior] - Douglas Engelbart, Computer Mouse Creator, Dies at 88 Message-ID: <434E6B9D-90E2-4AE6-B5E2-BCFE6390971C@infowarrior.org> Douglas Engelbart, Computer Mouse Creator, Dies at 88 http://www.bloomberg.com/news/print/2013-07-03/douglas-engelbart-computer-mouse-creator-visionary-dies-at-88.html By Laurence Arnold - Jul 3, 2013 (Corrects date of death to yesterday in second paragraph.) Douglas Engelbart, the visionary electrical engineer who invented the computer mouse decades before the influx of personal computers into homes and workplaces, has died. He was 88. He died yesterday at his home in Atherton, California, the New York Times reported, citing his wife, Karen O?Leary Engelbart. The cause was kidney failure. Engelbart?s work at the Stanford Research Institute, today?s SRI International, resulted in 21 patents. The last one, No. 3,541,541, filed in 1967 and granted in 1970, was for the computer mouse, or as it was described in technical terms: ?An X-Y position indicator control for movement by the hand over any surface to move a cursor over the display on a cathode ray tube, the indicator control generating signals indicating its position to cause a cursor to be displayed on the tube at the corresponding position.? He had devised the palm-sized, wheel-based instrument in 1963 as a way to move a computer-screen cursor by means other than arrows on a keyboard. Other alternatives being weighed at the time were a light-pen pointed at the screen, a tracking ball and a joystick. ?I remember how my head went back to a device called a planimeter,? another wheel-based device used by engineers to measure irregular geometric areas, he recalled in a 1987 oral-history interview with Stanford University Libraries. His colleague William English, SRI?s chief engineer, led the tinkering and testing of the cursor controller, which was carved from wood and used two perpendicular wheels rather than the roller ball included in subsequent incarnations. English built the first prototype in 1964. Historic Demo On Dec. 9, 1968, at a computer conference in San Francisco, Engelbart unveiled his team?s work in a presentation that became known in tech circles as ?the mother of all demos.? During the 90-minute session, linked to his lab by a homemade modem, Engelbart showed off then-novel feats including interactive computing, video conferencing, windows display and hypertext -- plus the rectangular, three-button controller he used to control the cursor on the screen. ?I don?t know why we call it a mouse,? he told his audience that day. ?Sometimes I apologize. It started that way and we never did change it.? The rationale for the name, he said in other interviews, was quite simple: the device resembled the rodent, with its cord as a tail. He said nobody on his team could remember who used the term first. Debut Appearance The computer mouse burst into public consciousness in the 1980s after being refined at Xerox Corp. (XRX)?s Palo Alto Research Center, debuting with little commercial success as part of the Xerox Star computer in 1981, then finally becoming an integral part of computers sold by Apple Inc. (AAPL) and International Business Machines Corp. Over the next three decades the mouse was offered in a rainbow of colors and in different styles: cordless, optical rather than mechanical, designed for left-handed use, ergonomically correct. Logitech International SA (LOGN), the world?s biggest computer mouse maker, introduced its first mouse for retail in 1985 and shipped its 500 millionth in 2003 and its billionth in 2008. ?Isn?t that unbelievable?? Engelbart said in a 2004 interview with BusinessWeek, describing his invention?s lasting ubiquity. ?My first thought was that you?d think someone would have come up with a more appropriately dignified name for it by now.? Engineering Revolution Engelbart earned no royalties from his invention. He did win, in 1997, the $500,000 Lemelson-MIT Prize for inventors, and in 2000, he received the National Medal of Technology and Innovation from President Bill Clinton. ?More than any other person,? said the award citation, ?he created the personal computing component of the computer revolution.? Douglas Carl Engelbart was born on Jan. 30, 1925, near Portland, Oregon, the middle child of three of Carl Engelbart, a radio salesman and repairman, and the former Gladys Munson. After two years of college, he was drafted and spent two years in the U.S. Navy, from 1944 to 1946. During a layover on the South Pacific island of Leyte, on the way to his posting in the Philippines as an electronic radar technician, Engelbart found a Red Cross library -- ?a genuine native hut, up on stilts, with a thatched roof,? he recalled. ?You came up a little ladder or stairs, and inside it was very clean and neat. It had bamboo poles and was just really nice looking. There were lots of books, and nobody else there.? Chance Encounter It was in that unusual academic venue, he recalled, that he encountered ?As We May Think,? an essay in the Atlantic Monthly by Vannevar Bush, head of U.S. wartime scientific research and development. In it, Bush predicted technological advancements that would lead to breakthroughs in human knowledge, including ?a future device for individual use, which is a sort of mechanized private file and library,? on which a person ?stores all his books, records, and communications, and which is mechanized so that it may be consulted with exceeding speed and flexibility.? Engelbart recalled, ?I remember being thrilled. Just the whole concept of helping people work and think that way just excited me.? Earliest Computers After the war, he received a bachelor?s degree in electrical engineering at Oregon State University, in Corvallis, Oregon, in 1948. He spent three years at the federal Ames Research Center in Mountain View, California, then four years at the University of California-Berkeley, where he earned a Ph.D. in engineering and contributed to building one of the earliest digital computers. According to a biography written by his daughter, Christina Engelbart, by then he was envisioning ?people sitting in front of cathode-ray-tube displays, ?flying around? in an information space where they could formulate and portray their concepts in ways that could better harness sensory, perceptual and cognitive capabilities heretofore gone untapped. Then they would communicate and collectively organize their ideas with incredible speed and flexibility.? Engelbart joined SRI in 1957 and began accumulating patents, some tracing to his graduate work. He became director of the institute?s laboratory, which he named the Augmentation Research Center. Arpanet Beginnings In 1962 he produced his own influential paper, ?Augmenting Human Intellect: A Conceptual Framework,? for the U.S. Air Force Office of Scientific Research, building off Bush?s work of two decades earlier. The paper earned him a share of research funds distributed through the Defense Department?s Advanced Research Projects Agency, first known as ARPA, then DARPA. The Engelbart-led lab at SRI contributed to creation of the Arpanet computer network, a predecessor of the Internet. In 1988, Engelbart left his research job at McDonnell Douglas Corp. and, with daughter Christina, set up a nonprofit foundation to advocate his ideas for improving collective knowledge. The foundation started as the Bootstrap Institute and in 2008 became the Doug Engelbart Institute. Engelbart had four children -- daughters Gerda, Diana and Christina, and son Norman -- with his first wife, the former Ballard Fish, who died in 1997. He married the former Karen O?Leary in 2008. To contact the reporter on this story: Laurence Arnold in Washington at larnold4 at bloomberg.net To contact the editor responsible for this story: Charles W. Stevens at cstevens at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 3 18:43:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jul 2013 19:43:18 -0400 Subject: [Infowarrior] - UK waives fitness test for cybersoldiers Message-ID: <44A8DB67-1C31-4824-9C5F-7E952A6D145C@infowarrior.org> http://www.wtop.com/681/3378556/Britain-waives-fitness-test-for-cybersoldiers Britain waives fitness test for cybersoldiers Wednesday - 7/3/2013, 6:08pm ET LONDON (AP) -- Flabby keyboard jockeys, stringy coders, and out-of-shape hackers: The British military wants you. British Defense Minister Philip Hammond told lawmakers Wednesday that military physical aptitude tests won't apply to computer experts working as reservists. He says the military will "specifically be recruiting cyberreservists, who will not necessarily have to have the same levels of fitness or deployability as reservists in general." Britain, like other countries, is boosting its electronic capabilities as attention increasingly turns to the twin threats of cyberespionage and cybersabotage. The U.K. is already active in the world of hacking. Documents recently leaked by U.S. intelligence worker Edward Snowden have revealed details of alleged aggressive British cyberattacks against other coun --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 3 18:48:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jul 2013 19:48:11 -0400 Subject: [Infowarrior] - Mastercard and Visa Start Banning VPN Providers Message-ID: <1AD6CE26-8504-4569-ADD7-1DDF7DCECCF5@infowarrior.org> Mastercard and Visa Start Banning VPN Providers ? Ernesto ? July 3, 2013 https://torrentfreak.com/mastercard-and-visa-start-banning-vpn-providers-130703/ Following the introduction of restrictions against file-sharing services, Mastercard and Visa have now started to take action against VPN providers. This week, Swedish payment provider Payson cut access to anonymizing services after being ordered to do so by the credit card companies. VPN provider iPredator is one of the affected customers and founder Peter Sunde says that they are considering legal action to get the service unblocked. Payment providers are increasingly taking action against sites and services that are linked to copyright infringement. There?s an unwritten rule that Mastercard and Visa don?t accept file-hosting sites that have an affiliate program and PayPal has thrown out nearly all cyberlockers in recent months. It now turns out that these policies have carried over to VPN providers and other anonymizing services. Before the weekend customers of the popular Swedish payment service provider Payson received an email stating that VPN services are no longer allowed to accept Visa and Mastercard payments due to a recent policy change. ?Payson has restrictions against anonymization (including VPN services). As a result Payson can unfortunately no longer give your customers the option to finance payments via their cards (VISA or MasterCard),? the email states, adding that they still accept bank transfers as deposits. The new policy went into effect on Monday, leaving customers with a two-day window to find a solution. While the email remains vague about why this drastic decision was taken, in a telephone call Payson confirmed that it was complying with an urgent requirement from Visa and Mastercard to stop accepting payments for VPN services. One of these customers is the iPredator VPN, launched by Pirate Bay co-founder Peter Sunde and friends. Sunde tells TorrentFreak that he is baffled by the decision, which he believes may be an effort to prevent the public from covering their tracks online and preventing government spying. ?It means that US companies are forcing non-American companies not to allow people to protest their privacy and be anonymous, and thus the NSA can spy even more. It?s just INSANE,? Sunde says. Sunde explains that iPredator will always have plenty of other payment options, but sees it as an outrage that Mastercard and Visa have apparently decided to ban a perfectly legal technology. ?For iPredator there are always other payment methods, like Bitcoin, but it?s insane to censor a totally legit system that is there to avoid censorship and surveillance,? Sunde says. Despite these alternatives, Sunde is not going to stand idly by. He informs TorrentFreak that Ipredator considering taking legal action, citing the Wikileaks win against the credit card companies as a favorable precedent. Ipredator is far from the only VPN provider that is affected by the policy change. Anonine, Mullvad, VPNTunnel, Privatvpn and several others are also using Payson?s services. At this point it?s unclear why the two companies are taking a stand against anonymizing services. It seems likely that an industry or authority has been pushing for the policy change behind the scenes. However, with privacy high on the agenda with the PRISM scandal, the move comes at an odd time. TorrentFreak has reached out to Mastercard and Visa but we have yet to hear back from the companies. We are not aware of any other payment service providers who have taken action against VPN providers, so the scope of the actions are unknown at this point. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 4 19:30:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Jul 2013 20:30:43 -0400 Subject: [Infowarrior] - EU strengthens cybercrime penalties Message-ID: Sentences for cyber crime and snooping to be tougher across EU STRASBOURG, France | Thu Jul 4, 2013 1:13pm EDT http://www.reuters.com/article/2013/07/04/net-us-eu-cybercrime-idUSBRE9630LD20130704 (Reuters) - EU lawmakers agreed on Thursday to toughen criminal penalties across the European Union for cyber attacks, especially those that include harming critical national infrastructure and hijacking computers to steal sensitive data. The 28 EU member states currently have a patchwork of varying tariffs for cyber crime. The decision mandates national maximum sentences of at least two years in prison for attempting to illegally access information systems. The maximum penalty for attacks against infrastructure such as power plants, transport, or government networks will be set at five years or more, higher than the current tariff in most member states. The decision also increases the penalties for illegally intercepting communications, or producing and selling tools to do this. Cyber criminals often infect computers to form armies of zombie PCs known as "botnets" by sending spam emails containing malicious links and attachments, and by infecting legitimate websites with computer viruses. Some botnet creators rent or sell infected machines on underground markets to other cyber criminals looking to engage in a wide variety of activities including credit card theft and attacks on government websites. In June, Microsoft helped to break up one of the world's largest cyber crime botnets, believed to have stolen more than $500 million from bank accounts. Under the new EU rules, companies that benefit from botnets or hire hackers to steal secrets will be liable for any offences committed on their behalf. The European Parliament in Strasbourg voted 541 to 91 with nine abstentions on the proposal by the European Commission, the EU executive. However, Denmark has chosen to opt out of the rules, wanting to keep its own system in place. EU governments now have two years to translate the decision into national law. (Reporting by Ethan Bilby in Brussels; Editing by Kevin Liffey) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 4 19:30:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Jul 2013 20:30:48 -0400 Subject: [Infowarrior] - OpEd: We can handle the truth on NSA spying Message-ID: <6285B87A-6A92-4398-8DED-CD429818E107@infowarrior.org> We can handle the truth on NSA spying By Eugene Robinson http://www.washingtonpost.com/opinions/eugene-robinson-we-can-handle-the-truth-on-nsa-spying/2013/07/04/76ef2c92-e408-11e2-a11e-c2ea876a8f30_print.html I don?t believe government officials when they say the National Security Agency?s (NSA) surveillance programs do not invade our privacy. The record suggests that you shouldn?t believe them, either. It pains me to sound like some Rand Paul acolyte. I promise I?m not wearing a tinfoil hat or scanning the leaden sky for black helicopters. I just wish our government would start treating us like adults ? more important, like participants in a democracy ? and stop lying. We can handle the truth. The starkest lie came in March at a Senate intelligence committee hearing, when Sen. Ron Wyden (D-Ore.) asked Director of National Intelligence James Clapper a simple question: ?Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?? Clapper replied, ?No, sir.? As we?ve learned from Edward Snowden, a former analyst for an NSA contractor, Clapper?s answer was patently false. The agency collects metadata ? essentially, a detailed log ? of many and perhaps all of our domestic phone calls. Lying to Congress is a serious offense; baseball legend Roger Clemens was tried ? and acquitted ? on criminal charges for allegedly lying about steroid use at a congressional hearing. The chance that Clapper will face similar peril, however, is approximately zero. Following Snowden?s revelations, Clapper said that an honest answer to Wyden?s question would have required him to divulge highly classified secrets, so he gave the ?least untruthful? answer he could come up with. Clapper apparently believes that ?least? is a synonym for ?most.? In a recent letter to the Senate intelligence committee, Clapper said he thought Wyden was asking about the content of domestic communications ? which the NSA says it does not collect ?wittingly,? for what that?s worth ? rather than about the metadata. ?Thus, my response was clearly erroneous,? Clapper wrote, ?for which I apologize.? He sounded like the cheating husband, caught in flagrante by his wife, who feigns surprise and says, ?What mistress? Oh, you mean that mistress.? Clapper?s defenders say Wyden unfairly asked a question that he knew the director could not answer. But Wyden says he sent the question to Clapper?s office a day in advance ? and gave him the chance to amend his answer afterward. Also untrue is President Obama?s assertion that the NSA surveillance programs are ?transparent.? They are, in fact, completely opaque ? or were, until Snowden started leaking the agency?s secrets. By what authority does the government collect data on our private communications? We don?t know. More accurately, we?re not permitted to know. A provision of the Patriot Act allows the FBI to seek warrants ?requiring the production of any tangible things (including books, records, papers, documents and other items) for an investigation to protect against international terrorism or clandestine intelligence activities.? Seizing records that pertain to an investigation is not the same thing as compiling a comprehensive log of billions of domestic phone calls. How has the law been stretched ? I mean, interpreted ? to accommodate the NSA?s wish to compile a record of our contacts, associations and movements? The government refuses to tell us. We know that permission for this surveillance was granted by one or more judges of the Foreign Intelligence Surveillance Court. But the court?s proceedings and rulings are secret. We don?t know what argument the government made in seeking permission to conduct this kind of vacuum-cleaner surveillance. We don?t know what the court?s legal reasoning was in granting the authority. We don?t know whether the court considers other laws so elastic. We do know that the court?s secret hearings are not adversarial, meaning that there is no push-back from advocates of civil liberties. And we know that since its inception the court has approved more than 30,000 government requests for surveillance warrants and refused only 11. I accept that the administration officials, Justice Department lawyers, federal judges, FBI agents and NSA analysts involved in the phone surveillance and other programs are acting in good faith. The same is true of members of the House and Senate intelligence committees, who are supposed to be providing oversight. But honorable intentions are not enough ? especially when we know that much of what these honorable officials have told us is false. The biggest lie of all? That the American people don?t even deserve to be told what their laws mean, much less how those laws are being used. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 4 19:30:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Jul 2013 20:30:51 -0400 Subject: [Infowarrior] - Crowds across America protest NSA in 'Restore the Fourth' movement Message-ID: <0089365F-33C8-43C7-B75C-96D9E19F5940@infowarrior.org> Crowds across America protest NSA in 'Restore the Fourth' movement Published July 04, 2013 FoxNews.com http://www.foxnews.com/us/2013/07/04/crowds-across-america-protest-nsa-in-restore-fourth-movement/ Crowds across the U.S. gathered Thursday to protest the federal government?s surveillance of the American public ? recently highlighted by leaker Edward Snowden ? as part of pro-Forth Amendment rallies, chanting ?NSA go away!? More than 400 people gathered in New York and Washington D.C., while around 300 people were estimated to be in San Francisco. Protests were also scheduled in 100 other cities, according to the organizers, ?Restore the Fourth,? who describe themselves as a grassroots, non-partisan movement. The organization estimated that national turnout would be around 10,000 people, Reuters reports. ?Our demands are very simple: We think these programs which violate the constitutional rights of Americans need to end,? Ben Doernberg, an organizer of the New York City protest, told Fox News. The Fourth Amendment protects Americans from unlawful search and seizure. The online community also rallied around the protests Thursday, as websites like Boing Boing! Posted messages about the National Security Agency. "Happy 4th of July! Immediately stop your unconstitutional spying on the world's internet users -- The People," a statement on the website said, according to Reuters. The NSA said on its own website that it does ?not object to any lawful, peaceful protest.? ?NSA and its employees work diligently and lawfully every day, around the clock, to protect the nation and its people,? the website said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 5 19:26:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Jul 2013 20:26:26 -0400 Subject: [Infowarrior] - Nicaragua Offers Political Asylum To Snowden Message-ID: <55E2FA6A-6BE4-46D8-B6E1-48ECD4F178E3@infowarrior.org> Nicaragua Offers Political Asylum To Snowden 12:36am UK, Saturday 06 July 2013 http://news.sky.com/story/1112194/nicaragua-offers-political-asylum-to-snowden US intelligence leaker Edward Snowden has been told he could be welcomed in Nicaragua after he applied to another six countries for asylum. Speaking at a public event on Friday, Nicaraguan President Daniel Ortega said his government was willing to grant political asylum to the former NSA contractor "if circumstances permit it". He added: "We are open, respectful of the right to asylum, and it is clear that if circumstances permit it, we would receive Snowden with pleasure and give him asylum here in Nicaragua." Mr Ortega said his government had received an asylum application at its embassy in Moscow. Snowden is believed to be holed up at a Moscow airport looking for a country that will give him safe haven as the US wants to extradite him to face espionage charges. The 30-year-old has previously asked 21 countries for asylum but most said he must be on their soil for his application to be accepted. WikiLeaks revealed he had applied to more countries. A tweet from the anti-secrecy website said: "Edward Snowden has applied to another six countries for asylum. "They will not be named at this time due to attempted US interference." The message appeared to be an allusion to the drama surrounding the flight of Bolivian President Evo Morales, whose plane was recently abruptly rerouted to Austria over suspicions Snowden was aboard. Washington has revoked the passport of Snowden, who is seeking to evade US justice for leaking details about a vast US electronic surveillance programme to collect phone and Internet data. He also revealed evidence of the spying activities of British eavesdropping agency GCHQ - including its scanning of vast amounts of emails and other internet traffic by tapping cable networks. A bid by Snowden for Icelandic citizenship failed when the country's parliament voted not to debate it before the summer recess. Russia has shown signs of growing impatience over Snowden's stay in the country. Its deputy foreign minister said on Thursday that Snowden had not sought asylum in the country and needed to choose a place to go. Moscow has made clear that the longer he stays, the greater the risk of the diplomatic standoff over his fate causing lasting damage to relations with Washington. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 5 19:26:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Jul 2013 20:26:31 -0400 Subject: [Infowarrior] - Snowden offered asylum in Venezuela Message-ID: <4D09EEF2-6600-4870-AEE4-40B5E3C78C0E@infowarrior.org> NSA whistleblower Edward Snowden offered asylum in Venezuela By Richard Lawler posted Jul 5th, 2013 at 8:13 PM 0 Now that PRISM leaker Edward Snowden has spent a few days in Russia with a US extradition request looming over him, WikiLeaks legal advisor Sarah Harrison has submitted asylum applications and requests for asylum assistance to a raft of countries on his behalf. The first to step up to the plate is apparently Venezuela, as it's reported president Nicolas Maduro has rejected US requests for extradition and will offer him political and humanitarian asylum. http://www.engadget.com/2013/07/05/edward-snowden-asylum/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 5 19:26:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Jul 2013 20:26:39 -0400 Subject: [Infowarrior] - =?windows-1252?q?Edward_Snowden_is_a_whistleblowe?= =?windows-1252?q?r=2C_not_a_spy_=96_but_do_our_leaders_care=3F?= Message-ID: Edward Snowden is a whistleblower, not a spy ? but do our leaders care? Legislators and journalists alike have been cavalier in their condemnations of the man responsible for the NSA leaks ? Spencer Ackerman in Washington ? guardian.co.uk, Friday 5 July 2013 13.03 EDT http://www.guardian.co.uk/world/2013/jul/05/edward-snowden-nsa-whistleblower-spy According to US legislators and journalists, the surveillance whistleblower Edward Snowden actively aided America's enemies. They are just missing one essential element for the meme to take flight: evidence. An op-ed by Representative Mike Pompeo (Republican, Kansas) proclaiming Snowden, who provided disclosed widespread surveillance on phone records and internet communications by the National Security Agency, "not a whistleblower" is indicative of the emerging narrative. Writing in the Wichita Eagle on 30 June Pompeo, a member of the House intelligence committee, wrote that Snowden "has provided intelligence to America's adversaries". Pompeo correctly notes in his op-ed that "facts are important". Yet when asked for the evidence justifying the claim that Snowden gave intelligence to American adversaries, his spokesman, JP Freire, cited Snowden's leak of NSA documents. Those documents, however, were provided to the Guardian and the Washington Post, not al-Qaeda or North Korea. It's true that information published in the press can be read by anyone, including people who mean America harm. But to conflate that with actively handing information to foreign adversaries is to foreclose on the crucial distinction between a whistleblower and a spy, and makes journalists the handmaidens of enemies of the state. Yet powerful legislators are eager to make that conflation about Snowden. The Twitter account of Representative Mike Rogers (Republican, Michigan), the chairman of the House intelligence committee, on 18 June placed Snowden and accused WikiLeaks source Bradley Manning in the same company as Aldrich Ames and Robert Hanssen, two infamous CIA and FBI double-agents. (The tweet appears to have been deleted.) When I asked about the conflation, Rogers' Twitter account responded: "All 4 gave critical national security information to our enemies. Each did it in different ways but the result was the same." Never to be outdone, Peter King, a New York Republican and former chair of the House homeland security committee, proclaimed Snowden a "defector" on 10 June. Days later, Snowden left Hong Kong to seek asylum in an undetermined country ? a curious move for a defector to make. Once elected and appointed leaders casually conflate leaking and espionage, it is a matter of time before journalists take the cue. For insight into the "fear and isolation that NSA leaker Edward Snowden is living through", CNN turned to Christopher Boyce ? who sold US secrets to the USSR before becoming a bank robber. There are understandable suspicions that Snowden may have aided foreign intelligence services in order to aid in his escape from American criminal justice. While some have speculated that the Russian or Chinese intelligence services might have snuck a look at the highly sensitive intelligence material Snowden is carrying, that material is heavily encrypted. For what it's worth, in a Guardian webchat I asked Snowden directly if he would trade access to his documents for asylum. He said he would not. Perhaps Snowden lied. Perhaps he might change his mind. But all of that is far off in the realm of speculation. As things stand now, there is no evidence Snowden has aided any US adversary or intelligence service, wittingly or not. Even the Obama administration has stopped short of terming Snowden a spy, even in the course of attacking his character. (Yes, he was indicted under the Espionage Act, but the actual charges against him are theft of government property, unauthorized communication of national defense information, and willful communication of classified intelligence information to an unauthorized person.) In an email meant to discredit Snowden in the press, an anonymous "senior administration official" told reporters on 24 June that Snowden's ostensible idealism "is belied by the protectors he has potentially chosen: China, Russia, Cuba, Venezuela and Ecuador". That's something to remember the next time Washington wants to talk about its commitment to human rights while cooperating with, say, China and Russia. When asked directly if there was any evidence that Snowden had cooperated with any intelligence service or American adversary, the administration and Congress declined to provide any. The office of the director of national intelligence, James Clapper, declined to comment for this story. The Justice Department and the House intelligence committee didn't even respond to inquiries. By all means, consider Snowden a hero, a traitor or a complex individual with a mixture of motives and interests. Lots of opinions about Snowden are valid. He is a necessarily polarizing figure. The information he revealed speaks to some of the most basic questions about the boundaries between the citizen and the state, as well as persistent and real anxieties about terrorism. What isn't valid is the blithe assertion, absent evidence, that the former NSA contractor actively collaborated with America's enemies. Snowden made classified information about widespread surveillance available to the American public. That's a curious definition of an enemy for US legislators to adopt. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 5 19:29:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Jul 2013 20:29:47 -0400 Subject: [Infowarrior] - AT&T Considers Selling Your Browsing History, Location, And More To Advertisers Message-ID: <3D67929B-EC8A-4A15-A940-C593308163FE@infowarrior.org> AT&T Considers Selling Your Browsing History, Location, And More To Advertisers. Here?s How To Opt Out Greg Kumparak Good news, everyone! Wait, no. Not that one. The other one. Bad news, everyone! AT&T is considering selling your usage data (location, web browsing history, etc.) to advertisers, having seemingly decided that it?s been too long since everyone was mad at them. They noted the plan in a preview of an upcoming change to their privacy policy published earlier this week. AT&T is quick to point out that other companies, like Verizon, have been doing this for a while. (Oh, okay ? as long as everyone else?s data is getting thrown about, too, I guess it?s okay. Cough.) They also note that Facebook and Google do similar things, somehow forgetting that those users generally aren?t already paying those guys $100 a month for a phone that can only make or receive calls when it feels like it. If there?s any upside, it?s that AT&T is promising to anonymize and aggregate the data before they sell it. It?s just too bad that ?anonymizing? large chunks of data doesn?t really work. At least you?ll be getting a sweet discount on your bill since AT&T is making a bit of change slingin? your daterbits around, right? Just kidding, you won?t. They?re just going to use it to show you ?more relevant advertising?. Fortunately, it?s not too hard to opt out ? you just have to know to do it, and then dig around AT&T?s site to find the link. Don?t feel like digging? Here?s the link you?ll need: http://att.com/cmpchoice . Sign in, opt out, and you?re done. If you feel like digging a bit deeper, here?s AT&T?s entire page about opting-out of things like this. And for all of you who might?ve just learned that your carrier probably does something similar: < - > http://techcrunch.com/2013/07/05/att-considers-selling-your-browsing-history-location-and-more-to-advertisers-heres-how-to-opt-out/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 6 10:58:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 6 Jul 2013 11:58:31 -0400 Subject: [Infowarrior] - Bolivia would offer Snowden asylum Message-ID: 3 Latin American countries offering asylum in 24 hours....this is what happens when you interfere with the travel activities of other world leaders, disrespect them, and/or carry on as if your views/desires are the only ones that matter in the world. --rick Bolivia's Morales says he would grant asylum to Snowden if asked LA PAZ | Sat Jul 6, 2013 11:24am EDT http://www.reuters.com/article/2013/07/06/us-usa-security-snowden-bolivia-idUSBRE96509120130706 (Reuters) - Bolivian President Evo Morales said on Saturday he would grant asylum, if requested, to former U.S. intelligence agency contractor Edward Snowden. Morales' offer came after two other leftist Latin American leaders - Venezuela's Nicolas Maduro and Nicaragua's Daniel Ortega - also said they would help the U.S. fugitive, who is believed to be holed up in the transit area of a Moscow international airport. (Reporting by Daniel Ramos; Writing by Louise Egan; Editing by Eric Beech) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 6 12:19:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 6 Jul 2013 13:19:39 -0400 Subject: [Infowarrior] - How to make the Patriot Act more patriotic Message-ID: (I would go with 'repeal' but I'm in the minority. --rick) How to make the Patriot Act more patriotic By Jeffrey Rosen http://www.washingtonpost.com/opinions/how-to-make-the-patriot-act-more-patriotic/2013/07/04/064ddfa0-de6e-11e2-b197-f248b21f94c4_print.html Jeffrey Rosen is president of the National Constitution Center in Philadelphia and a law professor at George Washington University. The problem with the government?s handling of surveillance since Sept. 11, 2001, comes down to the choice of the naked machine over the blob machine. In 2002, the Transportation Safety Administration had to pick between two airport screening technologies: one that showed graphic images of a passenger?s naked body and one that represented the body as a nondescript blob, with arrows pointing to the areas that required secondary screening. Because both technologies promised the same amount of security, while one also protected privacy, you would think the choice between them would be a no-brainer. In fact, both the Bush and the Obama administrations supported the wide deployment of the naked machine over the blob machine. It took a political protest ? represented by the Patrick Henry of the anti-body-scanner movement, the gentleman who in 2010 exclaimed to a TSA agent, ?Don?t touch my junk? ? to persuade the Obama administration and Congress to reconsider. This year, the TSA removed the invasive technology from major airports and replaced it with more privacy-protective machines. Yet we remain unnecessarily exposed. Repeatedly, our government has chosen technologies, policies and laws that reveal innocent information without making us demonstrably safer. The massive telephone and Internet surveillance programs disclosed last month are the most recent examples. But the tendency goes back at least as far as the USA Patriot Act, passed in the anxious weeks after Sept. 11, 2001, with only one dissenting vote in the Senate. Defenders of the Patriot Act say it has prevented terrorism. But a better Patriot Act might have avoided national scandals over not only airport scanners and phone metadata but also wiretapping and library records. A better law could have dispensed with the ?trust us? mentality and mitigated the erosion of trust in government. It could have put us in a better position to detect terrorism and other serious crimes without threatening privacy. Here?s what some of the most controversial passages of the Patriot Act should have said from the start ? and how they could be amended. Section 215 and records searches Before the Patriot Act, the government could conduct warrantless surveillance only to seize a limited set of records, such as business records, and only when the target was a suspected spy, terrorist or ?agent of a foreign power.? Section 215 broadened the exception to warrant requirements dramatically, allowing the government to seize from anyone ?any tangible things? ? that is, any data, including e-mails, financial records and travel itineraries ? arguably relevant to a terrorism investigation, regardless of whether the target is a suspected terrorist. Now, even Patriot Act sponsor Rep. Jim Sensenbrenner (R-Wis.) argues that Section 215 should be revised. As Sensenbrenner suggests, it should be amended to require a warrant, or ?specific and articulable facts? giving reason to believe that someone is an ?agent of a foreign power,? before the seizure of phone records or any other private data. That would avoid the hoovering of information and focus surveillance on suspicious targets. The director of national intelligence has suggested that the secret Foreign Intelligence Surveillance Court has already imposed a version of this requirement on the government. But fundamental constitutional protections should be enacted by Congress, not imposed in secret by unaccountable judges. Section 218 and foreign intelligence surveillance While Section 215 deals with data held by citizens and noncitizens alike, Section 218 covers foreign intelligence searches targeting noncitizens. Before the Patriot Act, such searches ? authorized by that secret court ? were allowed only in the small category of cases whose ?primary purpose? was to gather intelligence about terrorism suspects. Section 218 lowered the bar, allowing those secret searches whenever a ?significant purpose? is intelligence-gathering and whenever the evidence might be relevant to a terrorism investigation. This more relaxed standard was expanded by the 2008 FISA Amendments Act, which retroactively authorized President George W. Bush?s warrantless wiretapping program by allowing the NSA warrantless access to the data of Americans communicating with overseas ?targets? as long as the conversations allegedly dealt with ?foreign intelligence information.? In the PRISM surveillance program, the government insists that its algorithms can filter out the data of U.S. citizens not related to ?foreign intelligence information? with 51 percent accuracy ? but this assurance is not enough to protect Fourth Amendment values. To satisfy the Constitution, Congress should amend Section 218 by restoring the requirement that the ?primary purpose? of foreign intelligence surveillance searches is to gather information related to particular terrorism suspects. The law should require foreign intelligence surveillance judges to review the content of individual surveillance applications, rather than simply the targeting and minimization procedures. It should prevent the government from amassing and sharing huge databases of private information collected through programmatic surveillance, regardless of whether the targets are at home or abroad. And Congress should limit foreign intelligence surveillance to communications related to terrorism, not ?foreign affairs,? broadly defined. Sections 411 and 412, detention and deportation The most controversial treatment of non-U.S. citizens after Sept. 11 ? indefinite detention at Guantanamo ? initially occurred without congressional authorization. After the Supreme Court repudiated the Bush administration?s claim that it could detain alleged enemy combatants on its own say-so, Congress authorized the detention and trial of enemy combatants in military tribunals. Still, the Patriot Act itself explicitly expanded the government?s power over noncitizens in several ways. Section 411 allows the government to deport noncitizens who associate with terrorists, even unknowingly. And Section 412 allows the attorney general to detain foreigners if he has ?reasonable grounds to believe? that they threaten national security. This essentially imposes guilt by association, even if you aren?t aware that you?re associating with terrorists. And it threatens the liberty of both citizens and foreigners in an age when any international call or e-mail might involve someone connected to terrorism through six degrees of separation. Congress should tighten the standards for deportation, detention and surveillance so that neither citizens nor noncitizens can be targeted in any way for unknowing association of any kind. Twelve years after the Patriot Act was passed, we?ve learned that cutting constitutional corners is both unnecessary and counterproductive. By ensuring that the courts and Congress review all requests for mass surveillance, foreign and domestic, these amendments could cure the defects of the Patriot Act while preserving its benefits. In other words, Congress can, like the blob machine, protect privacy and security at the same time. From rforno at infowarrior.org Sat Jul 6 19:25:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 6 Jul 2013 20:25:32 -0400 Subject: [Infowarrior] - NSA/GCHQ metadata reassurances are breathtakingly cynical Message-ID: <806FBF3F-93D0-43B4-AD82-356DEE5D98E1@infowarrior.org> The NSA/GCHQ metadata reassurances are breathtakingly cynical The public is being told that the NSA and GCHQ have 'only' been collecting metadata, not content. That's nothing to be thankful for ? John Naughton ? The Observer, Saturday 6 July 2013 http://www.guardian.co.uk/technology/2013/jul/07/nsa-gchq-metadata-reassurances Over the past two weeks, I have lost count of the number of officials and government ministers who, when challenged about internet surveillance by GCHQ and the NSA, try to reassure their citizens by saying that the spooks are "only" collecting metadata, not "content". Only two conclusions are possible from this: either the relevant spokespersons are unbelievably dumb or they are displaying a breathtaking contempt for their citizenry. In a way, it doesn't matter which conclusion one draws. The fact is that, as I argued two weeks ago, the metadata is what the spooks want for the simple reason that it's machine-readable and therefore searchable. It's what makes comprehensive internet-scale surveillance possible. Why hasn't there been greater public outrage about the cynicism of the "just metadata" mantra? One explanation is that most people imagine that metadata isn't really very revealing and so they're not unduly bothered by what NSA and its overseas franchises are doing. If that is indeed what they believe, then my humble suggestion is that they think again. We already know how detailed an account of an individual's daily life can be constructed from metadata extracted from a mobile phone. What people may not realise is how informative the metadata extracted from their email logs can be. In an attempt to illustrate this, MIT researcher Ethan Zuckerman published an extraordinary blog post last Wednesday. Entitled "Me and my metadata", it explains what happened when two of his students wrote a program to analyse his Gmail account and create from the metadata therein a visualisation of his social network (and of his private life), which he then publishes and discusses in detail. En passant, it's worth saying that this is a remarkably public-spirited thing to do; not many researchers would have Zuckerman's courage. "The largest node in the graph, the person I exchange the most email with, is my wife, Rachel," he writes. "I find this reassuring, but [the researchers] have told me that people's romantic partners are rarely their largest node. Because I travel a lot, Rachel and I have a heavily email-dependent relationship, but many people's romantic relationships are conducted mostly face to face and don't show up clearly in metadata. But the prominence of Rachel in the graph is, for me, a reminder that one of the reasons we might be concerned about metadata is that it shows strong relationships, whether those relationships are widely known or are secret." There's lots more in this vein. The graph reveals different intensities in his communications with various students, for example, which might reflect their different communication preferences (maybe they prefer face-to-face talks rather than email), or it might indicate that some are getting more supervisory attention than others. And so on. "My point here," Zuckerman writes, "isn't to elucidate all the peculiarities of my social network (indeed, analysing these diagrams is a bit like analysing your dreams ? fascinating to you, but off-putting to everyone else). It's to make the case that this metadata paints a very revealing portrait of oneself." Spot on. Now do a personal thought-experiment: add to your email metadata the data from your mobile phone and finally your clickstream ? the log of every website you've visited, ever ? all of which are available to the spooks without a warrant. And then ask yourself whether you're still unconcerned about GCHQ or the NSA or anyone else (for example the French Interior Ministry, when you're on vacation) scooping up "just" your metadata. Even though ? naturally ? you've nothing to hide. Not even the fact that you sometimes visit, er, sports websites at work? Or that you have a lot of email traffic with someone who doesn't appear to be either a co-worker or a family member? How have we stumbled into this Orwellian nightmare? One reason is the naivete/ignorance of legislators who swallowed the spooks' line that metadata-hoovering was just an updating of older powers to access logs of (analogue) telephone calls. Another is that our political masters didn't appreciate the capability of digital computing and communications technology. A third is that democratic governments everywhere were so spooked by 9/11 that they were easy meat for bureaucratic empire-builders in the security establishment. But the most important reason is that all this was set up in secret with inadequate legislative oversight that was further emasculated by lying and deception on the part of spooks and their bosses. And, as any farmer knows, strange things grow in the dark. Gmail users can see their metadata links at https://immersion.media.mit.edu/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 6 21:46:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 6 Jul 2013 22:46:25 -0400 Subject: [Infowarrior] - The USG's 'Team Telecom' of surveillance Message-ID: <050A9FBA-B07A-4363-A503-2D47E44C275D@infowarrior.org> Agreements with private companies protect U.S. access to cables? data for surveillance By Craig Timberg and Ellen Nakashima http://www.washingtonpost.com/business/technology/agreements-with-private-companies-protect-us-access-to-cables-data-for-surveillance/2013/07/06/aa5d017a-df77-11e2-b2d4-ea6d8f477a01_print.html The U.S. government had a problem: Spying in the digital age required access to the fiber-optic cables traversing the world?s oceans, carrying torrents of data at the speed of light. And one of the biggest operators of those cables was being sold to an Asian firm, potentially complicating American surveillance efforts. Enter ?Team Telecom.? In months of private talks, the team of lawyers from the FBI and the departments of Defense, Justice and Homeland Security demanded that the company maintain what amounted to an internal corporate cell of American citizens with government clearances. Among their jobs, documents show, was ensuring that surveillance requests got fulfilled quickly and confidentially. This ?Network Security Agreement,? signed in September 2003 by Global Crossing, became a model for other deals over the past decade as foreign investors increasingly acquired pieces of the world?s telecommunications infrastructure. The publicly available agreements offer a window into efforts by U.S. officials to safeguard their ability to conduct surveillance through the fiber-optic networks that carry a huge majority of the world?s voice and Internet traffic. The agreements, whose main purpose is to secure the U.S. telecommunications networks against foreign spying and other actions that could harm national security, do not authorize surveillance. But they ensure that when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely, say people familiar with the deals. Negotiating leverage has come from a seemingly mundane government power: the authority of the Federal Communications Commission to approve cable licenses. In deals involving a foreign company, say people familiar with the process, the FCC has held up approval for many months while the squadron of lawyers dubbed Team Telecom developed security agreements that went beyond what?s required by the laws governing electronic eavesdropping. The security agreement for Global Crossing, whose fiber-optic network connected 27 nations and four continents, required the company to have a ?Network Operations Center? on U.S. soil that could be visited by government officials with 30 minutes of warning. Surveillance requests, meanwhile, had to be handled by U.S. citizens screened by the government and sworn to secrecy ? in many cases prohibiting information from being shared even with the company?s executives and directors. ?Our telecommunications companies have no real independence in standing up to the requests of government or in revealing data,? said Susan Crawford, a Yeshiva University law professor and former Obama White House official. ?This is yet another example where that?s the case.? The full extent of the National Security Agency?s access to fiber-optic cables remains classified. The Office of the Director of National Intelligence issued a statement saying that legally authorized data collection ?has been one of our most important tools for the protection of the nation?s ? and our allies? ? security. Our use of these authorities has been properly classified to maximize the potential for effective collection against foreign terrorists and other adversaries.? It added, ?As always, the Intelligence and law enforcement communities will continue to work with all members of Congress to ensure the proper balance of privacy and protection for American citizens.? Collecting information Documents obtained by The Washington Post and Britain?s Guardian newspaper in recent weeks make clear how the revolution in information technology sparked a revolution in surveillance, allowing the U.S. government and its allies to monitor potential threats with a reach impossible only a few years earlier. Yet any access to fiber-optic cables allows for possible privacy intrusions into Americans? personal communications, civil libertarians say. As people worldwide chat, browse and post images through online services, much of the information flows within the technological reach of U.S. surveillance. Though laws, procedural rules and internal policies limit how that information can be collected and used, the data from billions of devices worldwide flow through Internet choke points that the United States and its allies are capable of monitoring. This broad-based surveillance of fiber-optic networks runs parallel to the NSA?s PRISM program, which allows analysts to access data from nine major Internet companies, including Google, Facebook, Microsoft, Yahoo, AOL and Apple, according to classified NSA PowerPoint slides. (The companies have said the collection is legal and limited.) One NSA slide titled, ?Two Types of Collection,? shows both PRISM and a separate effort labeled ?Upstream? and lists four code names: Fairview, Stormbrew, Blarney and Oakstar. A diagram superimposed on a crude map of undersea cable networks describes the Upstream program as collecting ?communications on fiber cables and infrastructure as data flows past.? The slide has yellow arrows pointing to both Upstream and PRISM and says, ?You Should Use Both.? It also has a header saying ?FAA 702 Operations,? a reference to a section of the amended Foreign Intelligence Surveillance Act that governs surveillance of foreign targets related to suspected terrorism and other foreign intelligence. Under that provision, the government may serve a court order on a company compelling it to reach into its networks for data on multiple targets who are foreigners reasonably believed to be overseas. At an Internet gateway, the government may specify a number of e-mail addresses of foreigners to be targeted without the court signing off on each one. When the NSA is collecting the communications of a foreign, overseas target who is speaking or e-mailing with an American, that American?s e-mail or phone call is considered to be ?incidentally? collected. It is considered ?inadvertently? collected if the target actually turns out to be an American, according to program rules and people familiar with them. The extent of incidental and inadvertent collection has not been disclosed, leading some lawmakers to demand disclosure of estimates of how many Americans? communications have been gathered. No senior intelligence officials have answered that question publicly. Using software that scans traffic and ?sniffs out? the targeted e-mail address, the company can pull out e-mail traffic automatically to turn over to the government, according to several former government officials and industry experts. It is unclear how effective that approach is compared with collecting from a ?downstream? tech company such as Google or Facebook, but the existence of separate programs collecting data from both technology companies and telecommunications systems underscores the reach of government intelligence agencies. ?People need to realize that there are many ways for the government to get vast amounts of e-mail,? said Chris Soghoian, a technology expert with the American Civil Liberties Union. Controlling the data flow The drive for new intelligence sources after the Sept. 11, 2001, attacks relied on a key insight: American companies controlled most of the Internet?s essential pipes, giving ample opportunities to tap the torrents of data flowing by. Even terrorists bent on destruction of the United States, it turned out, talked to each other on Web-based programs such as Microsoft?s Hotmail. Yet even data not handled by U.S.-based companies generally flowed across parts of the American telecommunications infrastructure. Most important were the fiber-optic cables that largely have replaced the copper telephone wires and the satellite and microwave transmissions that, in an earlier era, were the most important targets for government surveillance. Fiber-optic cables, many of which lie along the ocean floor, provide higher-quality transmission and greater capacity than earlier technology, with the latest able to carry thousands of gigabits per second. The world?s hundreds of undersea cables now carry 99 percent of all intercontinental data, a category that includes most international phone calls, as well, says TeleGeography, a global research firm. The fiber-optic networks have become a rich source of data for intelligence agencies. The Guardian newspaper reported last month that the Government Communications Headquarters, the British equivalent of the NSA, taps and stores data flowing through the fiber-optic cables touching that nation, a major transit point for data between Europe and the Americas. That program, code-named Tempora, shares data with the NSA, the newspaper said. Tapping undersea transmission cables had been a key U.S. surveillance tactic for decades, dating back to the era when copper lines carrying sensitive telephone communications could be accessed by listening devices divers could place on the outside of a cable?s housing, said naval historian Norman Polmar, author of ?Spy Book: The Encyclopedia of Espionage.? ?The U.S. has had four submarines that have been outfitted for these special missions,? he said. But the fiber-optic lines ? each no thicker than a quarter ? were far more difficult to tap successfully than earlier generations of undersea technology, and interception operations ran the risk of alerting cable operators that their network had been breached. It?s much easier to collect information from any of dozens of cable landing stations around the world ? where data transmissions are sorted into separate streams ? or in some cases from network operations centers that oversee the entire system, say those familiar with the technology who spoke on the condition of anonymity to discuss sensitive intelligence matters. Expanding powers In the aftermath of the Sept. 11 attacks, the NSA said its collection of communications inside the United States was constrained by statute, according to a draft report by the agency?s inspector general in 2009, which was obtained by The Post and the Guardian. The NSA had legal authority to conduct electronic surveillance on foreigners overseas, but the agency was barred from collecting such information on cables as it flowed into and through the United States without individual warrants for each target. ?By 2001, Internet communications were used worldwide, underseas cables carried huge volumes of communications, and a large amount of the world?s communications passed through the United States,? the report said. ?Because of language used in the [Foreign Intelligence Surveillance] Act in 1978, NSA was required to obtain court orders to target e-mail accounts used by non-U.S. persons outside the United States if it intended to intercept the communications at a webmail service within the United States. Large numbers of terrorists were using such accounts in 2001.? As a result, after White House and CIA officials consulted with the NSA director, President George W. Bush, through a presidential order, expanded the NSA?s legal authority to collect communications inside the United States. The President?s Surveillance Program, the report said, ?significantly increased [NSA?s] access to transiting foreign communications.? Gen. Michael Hayden, then the NSA director, described that information as ?the real gold of the program? that led to the identification of threats within the United States, according to the inspector general?s report. Elements of the President?s Surveillance Program became public in 2005, when the New York Times reported the government?s ability to intercept e-mail and phone call content inside the United States without court warrants, sparking controversy. The FISA court began oversight of those program elements in 2007. As these debates were playing out within the government, Team Telecom was making certain that surveillance capacity was not undermined by rising foreign ownership of the fiber-optic cables that the NSA was using. The Global Crossing deal created particular concerns. The company had laid an extensive network of undersea cables in the world, but it went bankrupt in 2002 after struggling to handle more than $12 billion in debt. Two companies, one from Singapore and a second from Hong Kong, struck a deal to buy a majority stake in Global Crossing, but U.S. government lawyers immediately objected as part of routine review of foreign investment into critical U.S. infrastructure. President Gerald Ford in 1975 had created an interagency group ? the Committee on Foreign Investment in the United States, or CFIUS ? to review deals that might harm U.S. national security. Team Telecom grew out of that review process. Those executive branch powers were expanded several times over the decades and became even more urgent after the Sept. 11 attacks, when the Defense Department became an important player in discussions with telecommunications companies. The Hong Kong company soon withdrew from the Global Crossing deal, under pressure from Team Telecom, which was worried that the Chinese government might gain access to U.S. surveillance requests and infrastructure, according to people familiar with the negotiations. Singapore Technologies Telemedia eventually agreed to a slate of concessions, including allowing half of the board of directors of a new subsidiary managing the undersea cable network to consist of American citizens with security clearances. They would oversee a head of network operations, a head of global security, a general counsel and a human resources officer ? all of whom also would be U.S. citizens with security clearances. The FBI and the departments of Defense, Justice and Homeland Security had the power to object to any appointments to those jobs or to the directors who had to be U.S. citizens. U.S. law already required that telecommunications companies doing business in the United States comply with surveillance requests, both domestic and international. But the security agreement established the systems to ensure that compliance and to make sure foreign governments would not gain visibility into the working of American telecommunications systems ? or surveillance systems, said Andrew D. Lipman, a telecommunications lawyer who has represented Global Crossing and other firms in negotiating such deals. ?These Network Security Agreements flesh out the details,? he said. Lipman, a partner with Bingham McCutchen, based in Washington, said the talks with Team Telecom typically involve little give and take. ?It?s like negotiating with the Motor Vehicle Department,? he said. Singapore Technologies Telemedia sold Global Crossing in 2011 to Level 3 Communications, a company based in Colorado. But the Singaporean company maintained a minority ownership stake, helping trigger a new round of review by Team Telecom and a new Network Security Agreement that added several new conditions. A spokesman for Level 3 Communications declined to comment for this article. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 7 09:45:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Jul 2013 10:45:17 -0400 Subject: [Infowarrior] - Snowden: NSA 'In Bed Together with the Germans' Message-ID: <70991E01-2C7F-4DF9-84E7-A1E0971C6F60@infowarrior.org> 07/07/2013 08:36 AM Snowden Interview NSA 'In Bed Together with the Germans' In an interview, Edward Snowden accuses the National Security Agency of partnering with Germany and other governments in its spying activities. New information also indicates close working ties between the German foreign intelligence agency and the American authority. In an interview to be published in this week's issue of SPIEGEL, American intelligence agency whistleblower Edward Snowden criticizes the methods and power of the National Security Agency. Snowden said the NSA people are "in bed together with the Germans." He added that the NSA's "Foreign Affairs Directorate" is responsible for partnerships with other countries. The partnerships are organized in a way that authorities in other countries can "insulate their political leaders from the backlash" in the event it becomes public "how grievously they're violating global privacy." Telecommunications companies partner with the NSA and people are "normally selected for targeting" based on their "Facebook or webmail content." The interview was conducted by American cryptography expert Jacob Appelbaum and documentary filmmaker Laura Poitras with the help of encrypted e-mails shortly before Snowden became known globally for his whistleblowing. SPIEGEL reporting also indicates that cooperation between the NSA and Germany's foreign intelligence service, the BND, is more intensive than previously known. NSA, for example, provides "analysis tools" for the BND's signals monitoring of foreign data streams that travel through Germany. Among the BND's focuses are the Middle East route through which data packets from crisis regions travel. In total, SPIEGEL reported that the BND pulls data from five different nodes that are then analyzed at the foreign intelligence service's headquarters in Pullach near Munich. BND head Gerhard Schindler confirmed the partnership during a meeting with members of the German parliament's control committee for intelligence issues. The Federal Office for the Protection of the Constitution, which is responsible for counter-espionage, is currently investigating whether the NSA has gained access to Internet traffic traveling through Germany. According to information provided by Hans-Georg Maassen, the president of the Office for the Protection of the Constitution, an initial analysis failed to provide clarity on the issue. "So far, we have no information that Internet nodes in Germany have been spied on by the NSA," Maassen told SPIEGEL. At the same time, a new US Army base being built in Germany that is also to be used by the NSA has been approved by German authorities. Currently, a new Consolidated Intelligence center is being built in Wiesbaden. The bug-proof offices and a high-tech control center are being built for $124 million. As soon as the Wiesbaden facility is completed, a complex currently being used in Darmstadt wil be closed. The facilities are being built exclusively by American citizens who have security clearances. Even the material being used to construct the buildings originates from the United States and is guarded throughout the shipping process to Germany. SPIEGEL URL: http://www.spiegel.de/international/world/edward-snowden-accuses-germany-of-aiding-nsa-in-spying-efforts-a-909847.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 7 17:39:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Jul 2013 18:39:57 -0400 Subject: [Infowarrior] - =?windows-1252?q?Edward_Snowden=92s_nightmare_com?= =?windows-1252?q?es_true?= Message-ID: <8718BA5B-D289-438D-8630-EE6C47D92C97@infowarrior.org> Edward Snowden?s nightmare comes true By: Philip Ewing July 5, 2013 05:01 AM EDT http://dyn.politico.com/printstory.cfm?uuid=13FF78AA-91F5-44C0-A8CE-26E071CC1C01 Edward Snowden?s nightmare may be coming true. Not exile; not the danger of imprisonment or prosecution; and not his newfound association with dictators, lawyers and impresarios. Snowden?s worst fear, by his own account, was that ?nothing will change.? ?People will see in the media all these disclosures, they?ll know the lengths the government is going to grant themselves powers, unilaterally, to create greater control over American society and global society,? he told The Guardian last month after he?d asked it to identify him as its source. ?But they won?t be willing to take the risks necessary to stand up and fight to change things, to force their representatives to actually take a stand in their interests.? One month after The Guardian?s first story, which revealed an order from the secret Foreign Intelligence Surveillance Court authorizing the National Security Agency to collect the phone records of every Verizon customer, there has been no public movement in Washington to stop the court from issuing another such order. Congress has no intelligence reform bill that would rein in the phone tracking, or Internet monitoring, or cyberattack planning, or any of the other secret government workings that Snowden?s disclosures have revealed. There is no modern day Sen. Frank Church ready to convene historic hearings about the intelligence community, like the ones Church ran in the 1970s, proceedings that radically transformed the U.S. intelligence services. Far from having been surprised by Snowden?s disclosures, today?s intelligence committee leaders stepped right up to defend the NSA?s surveillance programs. From Republicans, led by House Intelligence Committee Chairman Mike Rogers, to Democrats, including Senate Intelligence Committee Chairwoman Dianne Feinstein, they?ve been nearly unanimous in their support. ?I feel I have an obligation to do everything I can to keep this country safe,? Feinstein told The New York Times. ?So put that in your pipe and smoke it.? In short, the workings of the NSA and its partner intelligence agencies ? which, Snowden said, threaten to become ?turn-key tyranny? ? continue unabated. ?It?s very concerning,? said Jack Lerner, a law professor at the University of Southern California who specializes in privacy and national security. ?I?ve seen surveys that already show some changing attitudes, however I?ve also seen a Pew survey that said there?s still a pretty strong majority in favor of essentially letting the NSA do this.? Not that Lerner agrees it should ? ?There?re no checks and balances on the way they?re using it. There?s no guarantee they?re not listening on phone sex calls, or people they know, or public figures, or journalists.? He remembered a former NSA worker alleging the agency had monitored then-Sen. Barack Obama?s communications in the mid-2000s. But as far as a potential intelligence reform bill, or a public groundswell of opposition to the government?s surveillance apparatus ? there?s been nothing of the kind. Snowden has achieved folk hero status in some quarters and his disclosures have unquestionably caused headaches for the White House, particularly with European allies, tensions that could create future complications. But so far, he has achieved nothing close to the goal of ?summoning the American people to confront the growing danger of tyranny,? as Snowden?s father put it in an open letter on Tuesday. Members of Congress have not only ignored Snowden?s call to arms but complain that his leaks have set back their ability to do their normal work. Texas Republican Rep. Mac Thornberry, vice chairman of the House Armed Services Committee and a backer of cybersecurity reform, lamented to POLITICO last week that Snowden had slowed what was already sluggish progress on both cyber and defense appropriations bills. ?I do worry that the passion or the headline of the moment could cause us to do something that would be a mistake, and I think that?s part of the reason [House Homeland Security Chairman Mike] McCaul decided to slow down a little bit on his bill. Obviously we?re not doing defense approps this week. We want to not just have a knee-jerk reaction to this event even though it is a big deal,? Thornberry said. Speaking separately, McCaul said there is ?no question? as to the ?impact it?s had on cybersecurity legislation,? although he stressed how important it was for Congress to eventually pass a bill that would help the government and private sector share information about cyberthreats. One problem, from Snowden?s perspective, is that although his disclosures did have the effect of provoking a national discussion about surveillance, including unprecedented concessions from NSA, Congress and the White House ? many Americans weren?t outraged. In fact, in polls done in the month since The Guardian?s first story, majorities of respondents have said they accept the phone-tracking program, though Internet and email monitoring are less popular. A CNN poll found that 56 percent of those surveyed found the phone-tracking ?acceptable;? about 58 percent told Gallup they approved of government monitoring as part of the effort against preventing terrorist attacks. Another problem, from activists? perspective, is Snowden himself. The spy movie, globe-trotting storyline about his flight from the U.S. to Hong Kong and then to Russia ? and then his diplomatic limbo in Moscow?s Sheremetyevo Airport ? have made the storyline since his leaks as much about him as about government surveillance. Nicaragua and Venezuela on Friday night became the first countries to offer National Security Agency whistleblower Edward Snowden asylum. ?It?s like a magician?s misdirection ? everybody?s focused on Snowden. It?s a chase story,? said Peter Earnest, director of the International Spy Museum. ?My kids used to read ?Where?s Waldo? when they were growing up ? this has all the aspects of that.? A 36-year CIA veteran, Earnest said he was struck by how much of the media and public attention has focused on Snowden and how little had settled on the NSA and other programs that America?s top spies have had to acknowledge. On Thursday, Director of National Intelligence James Clapper even apologized to Feinstein in a public letter for giving her committee ?erroneous? information. ?People seem very muted in their reaction to what he?s disclosed,? Earnest said of Snowden. ?You know, you tell people the nature of these programs, some of the others, and people say, ?So??? But even though torches and pitchforks never appeared outside NSA headquarters, privacy advocates and intelligence community critics say they feel that Snowden has, in fact, changed the game. The Guardian columnist Glenn Greenwald, whom Snowden has made the beneficiary of many of his leaks, wrote a whole column dedicated to the idea that Snowden had not leaked in vain. Greenwald wrote that in his initial conversations with Snowden, the then-NSA contractor told him he wanted to spark a ?debate? about surveillance ? which he certainly did ? as compared to Snowden?s later hopes that the disclosures would prompt people to ?stand up and fight.? And the American Civil Liberties Union is suing the government to get access to more court information related to the interception of communications, arguing that Snowden?s disclosures reveal the huge scale involved with NSA monitoring ? even if no one can say for certain exactly how many people are involved. ?It?s definitely at the high end of the scale,? ACLU attorney Patrick Toomey told POLITICO. ?It could be in the tens of thousands, or even in the millions of people, but we don?t know enough about their targeting to know more.? If Americans can find that out, or at least know more than they do today ? and more than they did before The Guardian began its series of stories ? Snowden?s disclosures will have been worth it, activists say. And there?s the distinct possibility ? both Greenwald and Snowden have said as much ? that still more bombshells are coming. If that keeps the NSA in the headlines, more Americans could object. ?One of the things for people who obsess about this stuff, like I do, is we don?t know what we?re buying and we don?t know what we?re paying for this service,? Lerner said. ?We?re paying with our privacy, and we had a sense that we?re not paying very much ? but we?re learning that maybe there is a cost, and maybe the cost is more than we thought it was.? Juana Summers and Tony Romm contributed to this report. ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 7 17:45:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Jul 2013 18:45:19 -0400 Subject: [Infowarrior] - How Military Counterinsurgency Software Is Being Adapted To Tackle Gang Violence Message-ID: <52447322-7701-43E7-8220-3647ECB74A54@infowarrior.org> The Physics arXiv Blog July 4, 2013 How Military Counterinsurgency Software Is Being Adapted To Tackle Gang Violence in Mainland USA http://www.technologyreview.com/view/516701/how-military-counterinsurgency-software-is-being-adapted-to-tackle-gang-violence-in/ Analysts believe that insurgents in Afghanistan form similar networks to street gangs in the US. So the software for analysing these networks abroad ought to work just as well at home, say military researchers In the last 10 years or so, researchers have revolutionised the way military analysts think about insurgency and the groups of people involved in it. Their key insight is that insurgency tends to run in families and in social networks that are held together by common beliefs. So it makes sense to study the social networks that insurgents form. And indeed that?s exactly what various military analysts have begun to do, including those in the US Army. A few years ago, a group of West Point cadets and offices developed some software for gathering information about the links between the people who make and distribute improvised explosive devices. In testing this tool in Afghanistan, they found they could perform the same tasks as a traditional analyst in just a fraction of the time. Now the US Army is adapting this technology to help the police tackle gang violence. Damon Paulo and buddies at the US Military Academy at West Point say there are a number of similarities between gang members and insurgents and that similar tools ought to be equally effective in tackling both. To that end, these guys have created a piece of software called the Organizational, Relationship, and Contact Analyzer or ORCA, which analyses the data from police arrests to create a social network of links between gang members. The new software has a number of interesting features. First it visualises the networks that gang members create, giving police analysts a better insight into these organisations. It also enables them to identify influential members of each gang and to discover subgroups, such as ?corner crews? that deal in drugs at the corners of certain streets within their area. The software can also assess the probability that an individual may be a member of a particular gang, even if he or she has not admitted membership. That?s possible by analysing that person?s relationship to other individuals who are known gang members. The software can also find individuals known as connectors who link one gang with another and who may play an important role in selling drugs from one group to another, for example. Paulo and co have tested the software on a police dataset of more than 5400 arrests over a three-year period. They judge individuals to be linked in the network if they are arrested at the same time. This dataset revealed over 11,000 relationship among. From this, ORCA created a social network consisting of 1468 individuals who are members of 18 gangs. It was also able to identify so-called ?seed sets?, small groups within a gang who are highly connected and therefore highly influential. This approach has also highlighted another aspect of gang culture. The size of the seed sets varies from one gang to another and this turns out to be a useful measure of how centralised the organisation is. Gangs with smaller seed sets are clearly more centralised. What?s more, ORCA also shows that decentralised gangs have more clearly defined subgroups, such as corner crews. So this feature, known as modularity, is another measure of centralisation. ?Police of?cers working in the district have told us that gangs of Racial Group A are known for a more centralized organizational structure while gangs of Racial Group B have adopted a decentralized model,? say Paulo and co adding that the results of their analysis seem to clearly show this. Perhaps most impressive of all, Paulo and co say they did all of the number crunching for this dataset on a standard Windows 8 laptop in just 34 seconds. The team is currently working to introduce a software in a major metropolitan police department throughout the summer of 2013. However, there is more work ahead. The next stage is to introduce geographic data into the analysis so that analysts can study how gangs are organised throughout the district. The team also wants to introduce a temporal element to examine how gangs change over time, an important factor since gang members are known to switch allegiances and to regularly start new gangs. There is clearly some value for the police in this work. ?Currently the police are employing this analysis for one district. There are plans to expand to other districts in late 2013,? say Paulo and co. All that means that the counterinsurgency techniques used by the US Army in Afghanistan may soon be in operation in the urban streets of mainland USA. Ref: arxiv.org/abs/1306.6834: Social Network Intelligence Analysis to Combat Street Gang Violence --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 06:43:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 07:43:39 -0400 Subject: [Infowarrior] - DHS releases 'keyword' triggers for email surveillance Message-ID: Revealed: Hundreds of words to avoid using online if you don't want the government spying on you (and they include 'pork', 'cloud' and 'Mexico') ? Department of Homeland Security forced to release list following freedom of information request ? Agency insists it only looks for evidence of genuine threats to the U.S. and not for signs of general dissent < - > http://www.dailymail.co.uk/news/article-2150281/REVEALED-Hundreds-words-avoid-using-online-dont-want-government-spying-you.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 06:56:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 07:56:28 -0400 Subject: [Infowarrior] - Inside the Electronic Frontier Foundation Message-ID: <17B9B743-8216-4475-97DE-AB01BAEDDC7A@infowarrior.org> Inside the Electronic Frontier Foundation Posted at 5:30pm on Wednesday July 3rd 2013 Inside the EFF Mike Saunders investigates how the Electronic Frontier Foundation (EFF) is protecting us from dodgy megacorps and surveillance-happy governments. Our freedom to share information, speak our minds, come up with new ideas and keep our lives private is being threatened. Governments are continually seeking new ways to monitor what we?re doing, while big businesses are constantly trying to lock us into their products. Bit by bit, our freedoms are being eroded. Popular media often makes comparisons between our current situation and George Orwell?s 1984, which many people find hyperbolic. But think about it for a minute: governments are tapping our phone lines, reading our emails, and watching our online movements. Social media sites and search engines are building up giant databases of our browsing and purchasing habits. And all of this takes place against a backdrop of perpetual so-called terrorist threats, politicians in bed with media executives, and an ultra-wealthy elite getting even richer. < - > http://www.tuxradar.com/content/inside-electronic-frontier-foundation --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 07:02:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 08:02:23 -0400 Subject: [Infowarrior] - =?windows-1252?q?Institutional_Investors_Don=92t_?= =?windows-1252?q?Trust_the_Exchanges?= Message-ID: <92FAF648-3B0C-4310-A4EF-90505127F661@infowarrior.org> Institutional Investors Don?t Trust the Exchanges by Guest Author - July 8th, 2013, 6:00am The head of US Market Regulation for Nasdaq, John Zecca, just published a one page article titled ?A Level Playing Field For Surveillance? . In his article, Mr. Zecca is calling for increased surveillance of dark pools. Specifically, Mr. Zecca states: ?To ensure overall market integrity, it is critical to subject all trading venues, including regulated exchanges and dark pools, to the same rigorous transparency and market surveillance standards. Because ATSs are not obligated to provide FINRA with full information on their order book activity, FINRA does not receive as much data from dark pools and other ATSs as it gets from exchanges. As a result, there are opportunities to enhance FINRA?s surveillance of these market centers. Exchanges must file their operating rules with the SEC, but dark pools only have to provide a description of their order handling process, their customer base and their subscriber requirements. Most regulators agree that the quality of surveillance cannot vary by venue. Transparency and complete information aggregated across markets is the best remedy to protect investors.? Considering that almost 40% of stocks trade off exchange, we agree with most of what Mr. Zecca calls for in his article. But at the same time, we can?t help but wonder if the rise of dark pool trading was actually caused by the stock exchanges themselves. Many institutional investors are frustrated by the games that currently go on at the exchanges. They are frustrated by the constant penny jumping and flickering quotes that do not provide any real liquidity. They are frustrated by the endless amount of fee changes that exchanges file for to encourage rebate arbitrage in the hopes of increasing their market share. They are frustrated by the seemingly unlimited order type combinations which allow for queue jumping. They are frustrated that information on their own orders is being packaged and sold in exchange proprietary data feeds to HFT traders. To make matters worse, institutional investors feel that they can?t trust the exchanges. And why should they. Within the last year, three exchanges have been fined over $20 million by the SEC for regulatory infractions. Rather than seeing exchanges as protectors of their order flow, institutional investors now fear information on their order flow is being leaked by the exchanges. Is it any wonder that institutional investors have turned to dark pools as a way to try to protect their order flow? While we agree with Mr. Zecca and Nasdaq that more surveillance is necessary for dark pools, we also think that their words would carry much more weight if they lead by example and stopped some of the shenanigans that have been going on at the lit venues. Otherwise, as the old saying goes, people in glass houses shouldn?t throw stones. - See more at: http://blog.themistrading.com/exchanges-live-in-glass-houses/#sthash.NUODova7.dpuf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 07:05:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 08:05:57 -0400 Subject: [Infowarrior] - Secret move keeps bin Laden records in the shadows Message-ID: Secret move keeps bin Laden records in the shadows Jul 8, 3:31 AM (ET) By RICHARD LARDNER http://apnews.myway.com/article/20130708/DA7D6LJ82.html WASHINGTON (AP) - The nation's top special operations commander ordered military files about the Navy SEAL raid on Osama bin Laden's hideout to be purged from Defense Department computers and sent to the CIA, where they could be more easily shielded from ever being made public. The secret move, described briefly in a draft report by the Pentagon's inspector general, set off no alarms within the Obama administration even though it appears to have sidestepped federal rules and perhaps also the Freedom of Information Act. An acknowledgement by Adm. William McRaven of his actions was quietly removed from the final version of an inspector general's report published weeks ago. A spokesman for the admiral declined to comment. The CIA, noting that the bin Laden mission was overseen by then-CIA Director Leon Panetta before he became defense secretary, said that the SEALs were effectively assigned to work temporarily for the CIA, which has presidential authority to conduct covert operations. "Documents related to the raid were handled in a manner consistent with the fact that the operation was conducted under the direction of the CIA director," agency spokesman Preston Golson said in an emailed statement. "Records of a CIA operation such as the (bin Laden) raid, which were created during the conduct of the operation by persons acting under the authority of the CIA Director, are CIA records." Golson said it is "absolutely false" that records were moved to the CIA to avoid the legal requirements of the Freedom of Information Act. The records transfer was part of an effort by McRaven to protect the names of the personnel involved in the raid, according to the inspector general's draft report. But secretly moving the records allowed the Pentagon to tell The Associated Press that it couldn't find any documents inside the Defense Department that AP had requested more than two years ago, and could represent a new strategy for the U.S. government to shield even its most sensitive activities from public scrutiny. "Welcome to the shell game in place of open government," said Thomas Blanton, director of the National Security Archive, a private research institute at George Washington University. "Guess which shell the records are under. If you guess the right shell, we might show them to you. It's ridiculous." < - > The Defense Department in November 2012 released copies of 10 emails totaling 31 pages found in the Carl Vinson's computer systems. The messages were heavily censored and described how bin Laden's body was prepared for burial. These records were not among those purged and then moved to the CIA. Pentagon spokesman Lt. Col. James Gregory said the messages from the Carl Vinson "were not relating to the mission itself and were the property of the Navy." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 11:23:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 12:23:23 -0400 Subject: [Infowarrior] - A dark magic: The rise of the robot traders Message-ID: (c/o TM) 7 July 2013 Last updated at 19:08 ET A dark magic: The rise of the robot traders By Laurence Knight Business reporter, BBC News http://www.bbc.co.uk/news/business-23095938 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 12:25:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 13:25:05 -0400 Subject: [Infowarrior] - 2013 Maryland Cyber Challenge Announcement Message-ID: <2AAFF1F8-7925-489B-A616-7488F9B29F8F@infowarrior.org> (Disclosure: I coordinate the Challenge, now in its third year. --rick) SAIC, The State Of Maryland, And UMBC Announce 2013 Maryland Cyber Challenge http://finance.yahoo.com/news/saic-state-maryland-umbc-announce-115000158.html Cyber Competition Drives Education and Careers in Cybersecurity MCLEAN, Va., July 8, 2013 /PRNewswire/ ? Science Applications International Corporation (SAIC) (NYSE: SAI), Maryland's Department of Business and Economic Development (DBED), and the University of Maryland, Baltimore County (UMBC) announced the third annual 2013 statewide cyber competition, the Maryland Cyber Challenge?, will be held October 8 through October 9 at the Baltimore Convention Center in Baltimore, Maryland. Registration is now open for aspiring cyber warriors from around the nation to compete at the Maryland event, located in the growing epicenter for the cybersecurity industry. The Maryland Cyber Challenge? is designed to attract more students and young professionals to pursue careers in cybersecurity and is held in conjunction with the CyberMaryland2013 Conference and Cyber Hall of Fame. It is the premier statewide cyber competition showcasing today's students and tomorrow's technologists with three levels of competition: high school, college and professional. Teams will have the opportunity to develop and improve their cybersecurity skills in a real-world environment. Founders of the event include SAIC, UMBC, DBED, the National Cyber Security Alliance (NCSA), and the Tech Council of Maryland (TCM). Orientation sessions for teams in each of three divisions ? high school, collegiate and industry and government professionals ? will be held at UMBC in July and August. Two qualifying rounds will be conducted online using SAIC's Cyber Network Exercise System (CyberNEXS?), a scalable training, exercise and certification system that has successfully sharpened the cybersecurity skills of more than 15,000 students and professionals globally. CyberNEXS? is expected to be a part of planned solutions company Leidos, Inc., following SAIC's planned separation into two independent, publicly traded companies, subject to board of directors approval, as announced Aug. 30, 2012. The final rounds of the challenge will be held at the conference as part of Maryland's activities to recognize the 10th anniversary of National Cyber Security Awareness Month. High school teams will compete in a cyber-defense challenge, while collegiate and professional teams will go head-to-head in a "capture the flag" scenario. Winners of each division will be announced on October 9 during the CyberMaryland Conference. The CyberMaryland Conference is a two day event designed to showcase industry innovations, create a platform for discussing cyber policy, recognize cyber pioneers and groom the next generation of IT experts. The goal of the event is to further demonstrate why Maryland is considered the nation's epicenter for information security excellence. In 2012, the Conference attracted over 800 cyber leaders and professionals from across the country. This included federal, state and local government agency leaders, educators, private industry CTOs, CISOs, analysts and technologists, cyber security entrepreneurs and investors. Conference registration will open in the coming weeks. For more information, go to https://www.fbcinc.com/e/cybermdconference/. More details about the event will be announced in the coming weeks ahead. Quick Facts: ? Started in 2011 as the Maryland Cyber Challenge and Conference ? Open to competitors nationwide ? Three divisions include high school, college and professional ? Team size: 3-6 ? Powered by the SAIC CyberNEXS competition engine ? Technical focus: vulnerability mitigation, computer forensics, cyber defense and capture the flag ? Approximately 700 competitors across 115 teams in the past two years ? More than $160K in awards distributed over the past two years by the National Security Agency and SAIC Key Dates: ? Orientation sessions and practice rounds will begin in July 2013 ? Qualification Round 1 for all divisions is tentatively September 21, 2013 ? Qualification Round 2 is tentatively September 26 ? Cram sessions for final teams will be held the week of September 30, 2013 ? Finals are in person October 8-9, 2013 at the Baltimore Convention Center ? Winners and awards will be announced at the completion of finals Supporting Quotes: State of Maryland "In Maryland, we are committed to advancing cyber innovation and growing our Innovation Economy," said Governor O'Malley. "The Maryland Cyber Challenge showcases the work of our State's highly-skilled and talented students and professionals whose work helps to establish Maryland as the nation's epicenter for cybersecurity." UMBC "The Maryland Cyber Challenge enables us to support the robust cyber industry in our State and to excite young Marylanders about defending our nation's cyber systems," said Freeman A. Hrabowski. "We are delighted to again have strong partners in cultivating new talent and promoting this crucial industry." SAIC "The growing cybersecurity field is becoming a standard specialty within STEM education. Future cyber experts can become better skilled to help protect our nation's critical information infrastructure," said Lou Von Thaer, SAIC senior vice president and sector president. "By bringing together great minds to take on challenges, whether policy or technical, we contribute directly to protect national security, advance education and grow careers." National Cyber Security Alliance "As 21st Century innovation continues to be affected by cyber issues, careers in cybersecurity are more important than ever before," said Michael Kaiser, executive director of the National Cyber Security Alliance. "We're thrilled to see activities like the Maryland Cyber Challenge that develop and intrigue young minds to consider the profession and look forward to an inspiring event where we hope many participants walk-away with a strong desire to pursue the field." Follow the Maryland Cyber Challenge: LinkedIn: www.linkedin.com/pub/maryland-cyber-challenge-and-competition/33/207/a11 Facebook: https://www.facebook.com/MarylandCyberChallenge YouTube:http://www.youtube.com/watch?v=K4kXNfa64xI Twitter: @MarylandCyber Website: www.marylandcyberchallenge.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 13:01:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 14:01:21 -0400 Subject: [Infowarrior] - SCOTUS asked to halt NSA phone surveillance Message-ID: <3F763ACF-A4A0-4026-9BD6-2DD152100156@infowarrior.org> Supreme Court asked to halt NSA phone surveillance Privacy group can't petition secret court, so it goes straight to Supreme Court. by Jon Brodkin - July 8 2013, 1:15pm EDT http://arstechnica.com/tech-policy/2013/07/supreme-court-asked-to-halt-nsa-phone-surveillance/ The Electronic Privacy Information Center (EPIC) today filed an emergency petition with the Supreme Court to stop the National Security Agency (NSA) from collecting the telephone records of millions of Americans. The petition (PDF) asks the Supreme Court to vacate the Foreign Intelligence Surveillance Court (FISC) ruling that "ordered Verizon to disclose records to the National Security Agency for all telephone communications 'wholly within the United States, including local telephone calls.'" The order does not permit the NSA to listen to phone calls, but it does allow the agency to gather metadata such as the phone numbers of conversation participants, length of calls, time of conversations, location data, telephone calling card numbers, and unique phone identifiers. EPIC explains in the petition that it is appealing directly to the Supreme Court because it cannot appeal to the secretive FISC?and no other court has the power to vacate a FISC order. "The plain terms of the Foreign Intelligence Surveillance Act (FISA) and the rules of the FISC bar EPIC from seeking relief before the FISC or Court of Review," EPIC wrote. "The FISC may only review business record orders upon petition from the recipient or the Government." While the ruling that EPIC targets in its Supreme Court petition is from April 25 of this year, FISC rulings permitting broader collection of Americans' data go back years. As the Wall Street Journal reported yesterday, the NSA was able to gather phone data on millions of Americans because of classified FISC rulings in which the court redefined the word "relevant" in the context of surveillance to permit gathering of data on people even when they are not suspected of a crime. "This change?which specifically enabled the surveillance recently revealed by former NSA contractor Edward Snowden?was made by the secret Foreign Intelligence Surveillance Court, a group of judges responsible for making decisions about government surveillance in national-security cases," the Journal reported. "In classified orders starting in the mid-2000s, the court accepted that 'relevant' could be broadened to permit an entire database of records on millions of people, in contrast to a more conservative interpretation widely applied in criminal cases, in which only some of those records would likely be allowed, according to people familiar with the ruling." EPIC's Supreme Court petition argues that "[i]t is simply not possible that every phone record in the possession of a telecommunications firm could be relevant to an authorized investigation." The telephone surveillance order exceeds the scope of FISC's jurisdiction under the FISA law, the petition argues. "[T]he statute requires that production orders be supported by 'reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation,'" EPIC wrote. "It is simply unreasonable to conclude that all telephone records for all Verizon customers in the United States could be relevant to an investigation." EPIC is asking the Supreme Court for a "writ of mandamus," which the Cornell Law school notes is "an order from a court to an inferior government official ordering the government official to properly fulfill their official duties or correct an abuse of discretion." EPIC's petition notes that telephone metadata "can be directly linked to each user?s identity and reveal their contacts, clients, associates, and even the physical location." EPIC itself is a Verizon customer and said its attorneys conduct "privileged and confidential communications" with government officials, members of Congress, and journalists. Because of EPIC lawsuits filed against the NSA, FBI, and other government bodies, "EPIC is in active litigation against the very agencies tracking EPIC?s privileged attorney-client communications," the group wrote. Although the NSA collects data on the communications of all Verizon users (and presumably those of other companies as well), the database can only be queried "when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization," US Director of National Intelligence James Clapper wrote last month. "The collection is broad in scope because more narrow collection would limit our ability to screen for and identify terrorism-related communications," Clapper wrote. "Acquiring this information allows us to make connections related to terrorist activities over time. The FISA Court specifically approved this method of collection as lawful, subject to stringent restrictions." The EPIC petition is one of several challenges to the NSA's data collection. The American Civil Liberties Union (ACLU) last month filed a lawsuit seeking publication of FISC decisions on surveillance powers. In response, the Obama Administration defended the secrecy of the rulings. A week ago, 26 US senators demanded "public answers" on the extent of the NSA spy program. And a legal challenge similar to EPIC's is unfolding in the UK, where Privacy International said it is trying to stop the UK government's "indiscriminate interception and storing of huge amounts of data via tapping undersea fibre optic cables." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 13:51:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 14:51:50 -0400 Subject: [Infowarrior] - DOJ Says Public Has No Right To Know About The Secret Laws The Feds Use To Spy On Us Message-ID: <55A8D3A2-7CC5-487E-AE34-02AF7E581F9D@infowarrior.org> DOJ Says Public Has No Right To Know About The Secret Laws The Feds Use To Spy On Us from the what,-you-want-to-know-that-stuff? dept So, we were just discussing the insanity of the FISA court (FISC) basically acting as a shadow Supreme Court, making broad rulings in total secrecy that have created a secret body of law that the public is not allowed to know about. Given increasing revelations about these shadow laws, the ACLU and other public interest groups are trying, yet again, to get access to some of these key rulings. All along, they've been extremely careful to note that they're not asking FISC to reveal specific foreign intelligence issues, operations or targets: merely the parts of the rulings that identify what the law is -- i.e., how it's being interpreted by the courts. Because that seems rather fundamental to a functioning democracy. However, as you might expect, the Justice Department has now hit back with a new filing that says, flat out, the public has no right to know what the secret court is ruling on and how it's codifying secret laws. The argument is, basically, that because FISC rulings have almost always been secret, then it's perfectly reasonable that they're secret. In other words, it's perfectly legal for secret laws to remain secret, because they're secret. Later it also argues that actually revealing the law would be (oooooooh, scary!) dangerous. Let's make this simple: yes, revealing specific details of various surveillance efforts and targets could create security issues, no doubt. But revealing how a United States' law is interpreted can never by itself create a national security issue. And that's all that's being asked of here. The DOJ is being incredibly dishonest and disingenuous in conflating the two issues, arguing that because the FISC deals with intelligence operations, that its rulings on the interpretation of the law must also be secret. But that's wrong. You can reveal the basic interpretation of the law without revealing the specific intelligence efforts and methods. The only reason to keep the interpretation of the law a secret is because it'll be a huge embarrassment and show widespread abuse. http://www.techdirt.com/articles/20130708/01055723732/doj-says-public-has-no-right-to-know-about-secret-laws-feds-use-to-spy-us.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 14:02:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 15:02:37 -0400 Subject: [Infowarrior] - Dead Among Those Interviewed in Faulty Background Checks Message-ID: Dead Among Those Interviewed in Faulty Background Checks By Chris Strohm and Nick Taborek - Jul 8, 2013 Anthony J. Domico, a former contractor hired to check the backgrounds of U.S. government workers, filed a 2006 report with the results of an investigation. There was just one snag: A person he claimed to have interviewed had been dead for more than a decade. Domico, who had worked for contractors CACI International Inc. (CACI) and Systems Application & Technologies Inc., found himself the subject of a federal probe. Domico is among 20 investigators who have pleaded guilty or have been convicted of falsifying such reports since 2006. Half of them worked for companies such as Altegrity Inc., which performed a background check on national-security contractor Edward Snowden. The cases may represent a fraction of the fabrications in a government vetting process with little oversight, according to lawmakers and U.S. watchdog officials. < - > http://www.bloomberg.com/news/print/2013-07-08/dead-among-those-interviewed-in-faulty-background-checks.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 17:22:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 18:22:58 -0400 Subject: [Infowarrior] - Court Rejects 'State Secrets' Excuse For Why Feds Want Out Of Lawsuit Over NSA Warrantless Wiretapping Message-ID: <1E64EB39-7132-4A59-8085-023E3800DD0C@infowarrior.org> Court Rejects 'State Secrets' Excuse For Why Feds Want Out Of Lawsuit Over NSA Warrantless Wiretapping from the bogus-excuses dept While there have been a number of new revelations lately about the NSA's surveillance efforts, there have been some long-running on-going legal disputes about it as well. One of the biggest is Jewel vs. the NSA. When we last checked in on that case, the appeals court had sent the case back to the district court, rejecting many of the reasons that the district court had initially dumped the lawsuit. The key question for the district court was whether or not the feds could claim "state secrets" to dump the case again... and the court has just ruled and rejected that excuse, claiming that the government has not successfully shown that there are state secrets that mean the case cannot move forward.... < - > http://www.techdirt.com/articles/20130708/14275123739/court-rejects-state-secrets-excuse-why-feds-want-out-lawsuit-over-nsa-warrantless-wiretapping.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 17:25:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 18:25:25 -0400 Subject: [Infowarrior] - Fwd: Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan References: Message-ID: > From: Paul F. > Subject: Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan > > > American-made devices used for Internet monitoring have been detected > on government and commercial computer networks in Iran and Sudan, in > apparent violation of U.S. sanctions that ban the sale of goods, > services or technology to the autocratic states, according to new > research. " > > "Several of the devices, manufactured by California-based Blue Coat > Systems, were also discovered in Syria. Although Blue Coat tools have > been identified in Syria in the past, the new research indicates that > the government of President Bashar al-Assad has more of the monitoring > devices than previously known." > > http://www.washingtonpost.com/world/national-security/report-web-monitoring-devices-made-by-us-firm-blue-coat-detected-in-iran-sudan/2013/07/08/09877ad6-e7cf-11e2-a301-ea5a8116d211_story.html > From rforno at infowarrior.org Mon Jul 8 19:03:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 20:03:25 -0400 Subject: [Infowarrior] - US agency baffled by modern technology, destroys mice to get rid of viruses Message-ID: US agency baffled by modern technology, destroys mice to get rid of viruses $170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction. by Peter Bright - July 8 2013, 7:00pm EDT http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/ The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering low growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a potential malware infection within the two agencies' systems. The NOAA isolated and cleaned up the problem within a few weeks. The EDA, however, responded by cutting its systems off from the rest of the world?disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally-held databases. It then recruited in an outside security contractor to look for malware and provide assurances that not only were EDA's systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines. EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped?sparing $3 million of equipment?because the agency had run out of money to pay for destroying the hardware. The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year. The full grim story was detailed in Department of Commerce audit released last month, subsequently reported by Federal News Radio. The EDA's overreaction is, well, a little alarming. Although not entirely to blame?the Department of Commerce's initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day)?the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandings?it shut down its e-mail servers because some of the e-mails on the servers contained malware, even though this posed no risk to the servers themselves?and a general sense of alarmism. The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common-or-garden untargeted criminal attacks. The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 8 19:53:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jul 2013 20:53:34 -0400 Subject: [Infowarrior] - US Emergency Alert System is hackable Message-ID: <6DF9E3C4-C8DF-4733-9AFA-41BA1830BB7F@infowarrior.org> We interrupt this program to warn the Emergency Alert System is hackable Publicly available SSH key makes it possible to hijack nation's warning system. by Dan Goodin - July 8 2013, 7:45pm EDT http://arstechnica.com/security/2013/07/we-interrupt-this-program-to-warn-the-emergency-alert-system-is-hackable/ The US Emergency Alert System, which interrupts live TV and radio broadcasts with information about national emergencies in progress, is vulnerable to attacks that allow hackers to remotely disseminate bogus reports and tamper with gear, security researchers warned. The remote takeover vulnerability affects the DASDEC-I and DASDEC-II application servers made by a company called Digital Alert Systems. It stems from the a recent firmware update that mistakenly included the private secure shell (SSH) key, according to an advisory published Monday by researchers from security firm IOActive. Administrators use such keys to remotely log in to a server to gain unfettered "root" access. The publication of the key makes it trivial for hackers to gain unauthorized access on Digital Alert System appliances that run default settings on older firmware. "An attacker who gains control of one or more DASDEC systems can disrupt these stations' ability to transmit and could disseminate false emergency information over a large geographic area," the IOActive advisory warned. "In addition, depending on the configuration of this and other devices, these messages could be forwarded and mirrored by other DASDEC systems." Other advisories warning of the vulnerability were published here and here by the Industry Control Systems Cyber Emergency Response Team and the US CERT. The US CERT advisory, which also warns against vulnerabilities in the One-Net E189 Emergency Alert System device sold by Digital Alert Systems parent company Monroe Electronics, was published two weeks ago. The warnings come five months after hackers took over the emergency alert system of a Montana TV station and broadcast a bogus emergency bulletin warning TV viewers of an imminent zombie apocalypse. Devices used by stations in Michigan, California, Tennessee, and New Mexico were also reportedly commandeered. "Civil authorities in your area have reported that the bodies of the dead are rising from the grave and attacking the living," at least one of the prank messages said. The advisories from IOActive and the CERT groups didn't say if the February attacks were carried out by exploiting the SSH key vulnerability. The Emergency Alerting System is designed to enable the US president to deliver speeches to the entire country within 10 minutes of a disaster occurring. Application servers such as the DASDEC-I and DASDEC-II interrupt regular programming broadcast by TV and radio stations and relay an emergency message, which is preceded and followed by alert tones. In addition to tampering with the delivery of legitimate emergency messages, attackers who use the SSH key to log in to vulnerable systems could make unauthorized changes to the server and glean potentially sensitive configure information that could lead to additional hacks. Stations that use vulnerable gear should upgrade to version 2.0-2, which is available by sending an e-mail to suport at digitalalertsystems.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 9 07:08:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jul 2013 08:08:06 -0400 Subject: [Infowarrior] - Mozilla, Professors, Scientists, Researchers Stand Up for Weev Message-ID: <8B9ECB0A-9620-44CA-A63E-A0F84318DEB5@infowarrior.org> Mozilla, Professors, Scientists, Researchers Stand Up for Weev By Jennifer Granick on July 8, 2013 at 8:42 pm Today the Mozilla Foundation joined an illustrious group of computer scientists and privacy researchers in an amicus brief the Center for Internet and Society filed in the United States Court of Appeals for the Third Circuit. Jonathan Mayer and I wrote the brief, arguing that weev's conviction in U.S. v. Andrew Auernheimer should be reversed. In the case, weev and his co-defendant noticed that AT&T?s website published iPad users? email addresses when someone entered a URL that included an iPad?s unique identification number. The co-defendant created a script to keep entering random numbers to emulate the iPad IDs and got more than 114,000 email addresses as a result. Weev disclosed this security hole by telling journalists about the discovery and shared the list with Gawker. At trial, weev was convicted of violating the Computer Fraud and Abuse Act (CFAA) and sentenced to 41 months. In the brief, we show that legitimate, highly valuable security and privacy research commonly employs techniques that are essentially identical to what Auernheimer did in this case. Most importantly, like Auernheimer, researchers cannot always conduct testing with the approval of a computer system?s owner. Such independent research is of great value to academics, government regulators and the public even when ? often especially when ? conducted without permission and contrary to the website owner?s subjective wishes. Businesses often have substantial economic, legal, and reputational interests in keeping their security flaws, privacy missteps, and other product or service shortcomings quiet. But these private, commercial desires are frequently at odds with the public interest and should not receive the force of criminal law. Such an application of the CFAA would greatly harm privacy and security and give private parties enormous power to enforce their parochial concerns against the public?s interest. We hope that our brief will clarify the technical issues in the case and sensitize the Court to the ways that its ruling could help or harm security, privacy and user freedom online. It was a real honor to get to represent this set of amici in the case. < - > http://cyberlaw.stanford.edu/blog/2013/07/mozilla-professors-scientists-researchers-stand-weev Brief PDF @ http://cyberlaw.stanford.edu/files/blogs/2013.07.08%20USA%20v.%20Auernheimer%20amicus%20brief%20final%20for%20filing.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 9 07:16:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jul 2013 08:16:05 -0400 Subject: [Infowarrior] - NYSE takes over LIBOR Message-ID: <87C9133E-179E-46C9-953E-42F2E8132C47@infowarrior.org> NYSE Euronext Will Take Over Administration of Libor From BBA By Lindsay Fortado and Nandini Sukumar - Jul 9, 2013 http://www.bloomberg.com/news/print/2013-07-09/nyse-euronext-said-to-take-on-oversight-of-libor-from-u-k-bba.html Britain is poised to hand over administration of the London interbank offered rate to the operator of the New York Stock Exchange as regulators try to revive confidence in the scandal-hit benchmark. NYSE Euronext (NYX) will replace the British Bankers? Association, the lobby group that started the benchmark more than two decades ago, as Libor?s administrator, in early 2014, according to a statement today. Britain?s Financial Conduct Authority began regulating Libor, the benchmark for more than $300 trillion of securities, in April as part of the overhaul. The New York-based purchaser already operates Liffe, Europe?s second-largest derivatives exchange, which offers derivatives based on Libor. A government review recommended last year that the BBA should be stripped of responsibility for Libor after regulators found banks had tried to manipulate it to profit from bets on derivatives. ?The fact they are handing this to a derivatives exchange is a surprise,? Peter Lenardos, a financials and exchange analyst at RBC Capital Markets in London, said by telephone today. ?It just doesn?t seem independent enough. They are taking the setting of Libor from the banks and giving it to an exchange not known as a benchmark provider.? Barclays Plc (BARC), UBS AG and Royal Bank of Scotland Group Plc (RBS) have been fined more than $2.5 billion by U.S. and U.K. regulators for rate-rigging, and more than a dozen more firms are being probed worldwide. Government Review The U.K. government formally started the search for a replacement body to set Libor in February after the BBA formally voted to relinquish operation of the benchmark. A seven-member panel including Sarah Hogg, outgoing chairman of the Financial Reporting Council, FCA Chief Executive Officer Martin Wheatley, and the Bank of England?s Paul Fisher recommended the new administrator. ?This change will play a vital role in restoring the international credibility of Libor,? Hogg said in a statement today. NYSE Euronext Rate Administration Ltd. will be a U.K. based company, and will be regulated in the U.K. by the Financial Conduct Authority, the panel said. The rate is at present calculated by a poll carried out daily by Thomson Reuters Corp. for the BBA that asks firms to estimate how much it would cost to borrow from each other for different periods and in different currencies. The top and bottom quartiles of quotes are excluded, and those left are averaged and published for individual currencies before noon in London. Under rules introduced by the FCA, the administrators of the rate and banks that participate will have to appoint a person approved by the regulator to oversee compliance. The BBA has also stopped quoting Libor for two currencies and eight maturities in a bid to make the benchmark less vulnerable to manipulation. ?Big Bang? Bloomberg LP, the parent of Bloomberg News, has proposed an alternative to Libor dubbed the Bloomberg Interbank Offered Rate, or Blibor. It would use data from a variety of financial transactions to better reflect participating banks? real cost of credit. James Dunseath, a spokesman for NYSE in London, declined to comment. Officials at the BBA and Treasury also declined to comment. IntercontinentalExchange Inc. is in the process of acquiring NYSE Euronext. Libor was first published by the BBA in 1986, the year the British Prime Minister?s ?Big Bang? program of deregulation fueled a boom in London?s bond and syndicated-loan markets. Originally intended to be a simple benchmark that borrowers and lenders could use to price loans, the rate grew in importance as it was adopted as the basis for setting interest rates from mortgages and student loans to derivatives. The BBA, whose members are among the world?s largest banks including those who contribute to Libor, was criticised by policy makers in the U.K. and the U.S. for failing to address concerns about the rate-setting first raised by then New York Fed President Timothy F. Geithner in 2008. To contact the reporters on this story: Lindsay Fortado in London at lfortado at bloomberg.net To contact the editor responsible for this story: Anthony Aarons at aaarons at bloomberg.net Andrew Rummer at arummer at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 9 16:15:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jul 2013 17:15:17 -0400 Subject: [Infowarrior] - Former FISA judge: Fix the FISC Message-ID: <1455B690-6F25-453D-8BA9-AFC24C45C8C0@infowarrior.org> US must fix secret Fisa courts, says top judge who granted surveillance orders James Robertson breaks ranks and says he was shocked to hear of changes to allow broader authorisation of NSA programs ? Dan Roberts in Washington ? guardian.co.uk, Tuesday 9 July 2013 17.15 EDT http://www.guardian.co.uk/law/2013/jul/09/fisa-courts-judge-nsa-surveillance A former federal judge who granted government surveillance requests has broken ranks to criticise the system of secret courts as unfit for purpose in the wake of recent revelations by NSA whistleblower Edward Snowden. James Robertson, who retired from the District of Columbia circuit in 2010, was one of a select group of judges who presided over the so-called Fisa courts, set up under the Foreign Intelligence Surveillance Act, which are intended to provide legal oversight and protect against unnecessary privacy intrusions. But he says he was shocked to hear of recent changes to allow more sweeping authorisations of programmes such as the gathering of US phone records, and called for a reform of the system to allow counter-arguments to be heard. Speaking as a witness during the first public hearings into the Snowden revelations, Judge Robertson said that without an adversarial debate the courts should not be expected to create a secret body of law that authorised such broad surveillance programmes. "A judge has to hear both sides of a case before deciding," he told members of a Privacy and Civil Liberties Oversight Board (PCLOB) recently appointed by President Obama. "What Fisa does is not adjudication, but approval. This works just fine when it deals with individual applications for warrants, but the 2008 amendment has turned the Fisa court into administrative agency making rules for others to follow." "It is not the bailiwick of judges to make policy," he added. The comments, during the morning session of a PCLOB public workshop held in a Washington hotel, are the most serious criticism yet from a recently serving Fisa judge. Until now, Fisa judges have mainly spoken anonymously to defend the court process. Robertson says he was generally impressed with how "careful, fastidious and scrupulous" the court process had been, but felt the so-called ex parte system (where only the government is able to make its case to the judge) needed urgent reform. "This process needs an adversary. If it's not the ACLU or Amnesty, perhaps the PCLOB can be that adversary." Members of the oversight board, which has previously been criticised by Congress as an ineffective watchdog, shook their heads and rolled their eyes when this suggestion was made. Later on Tuesday afternoon, the workshop also heard from a number of other experts who called for the decisions of the Fisa courts to be made public. James Baker, a Department of Justice lawyer who has represented the government in surveillance requests before the Fisa court, said that an unclassified summary of its findings could be produced fairly easily in future cases, although it would be harder do this retrospectively. He said this was preferable to trying to redact existing orders. "Not everything that the Fisa court does is reflected in a [written] opinion," he said. "If the court writes the summary, it can write what it wants to say." A panel of technical experts also gave evidence that legal attempts to separate US citizens from foreign surveillance targets online were increasingly flawed, because of the difficulty of identifying geographic locations in an era of cloud computing and virtual private networks. Steven Bellovin, a computer expert at Columbia University, revealed that the NSA had even patented a system of locating addresses by triangulating round-trip times for data packets to travel between known internet nodes, but said such technology still often failed to separate foreign and domestic internet traffic. The quartet who gave evidence argued that technological solutions to protecting privacy were necessarily limited and less preferable than introducing better policy checks and balances. Nevertheless, the day-long PCLOB "workshop" produced little sign that the oversight board was preparing to propose radical new policy in its report to President Obama. James Dempsey, a PCLOB member, criticised civil liberties campaigners for not doing more to suggest alternative ways for the government to gather intelligence. He also suggested the scale of intelligence that needed to be collected made it difficult to see how authorities could go back to granting individual warrants rather than blanket approvals. Rachel Brand, another seemingly unsympathetic board member, concluded: "There is nothing that is more harmful to civil liberties than terrorism. This discussion here has been quite sterile because we have not been talking about terrorism." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 9 18:12:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jul 2013 19:12:07 -0400 Subject: [Infowarrior] - USG Foreign Teleco Providers Network Security Agreements Message-ID: U.S. Government Foreign Telecommunications Providers Network Security Agreements http://publicintelligence.net/us-nsas/ The following are Network Security Agreements (NSAs) entered into with foreign communications infrastructure providers ensuring U.S. government agencies the ability to access communications data when legally requested. The agreements range in date from 1999 to 2011 and involve a rotating group of government agencies including the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Justice (DoJ), Department of Defense (DoD) and sometimes the Department of the Treasury. According to the Washington Post, the agreements require companies to maintain what amounts to an ?internal corporate cell of American citizens with government clearances? ensuring that ?when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely.? The agreements are arranged by date and the government and corporate parties are listed for each agreement. The list is not necessarily complete. If you can find other public examples of Network Security Agreements with any of the companies listed below or others, please let us know. A ZIP archive containing all of the agreements is also available for download (39.2 MB). http://publicintelligence.net/us-nsas/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 06:40:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 07:40:41 -0400 Subject: [Infowarrior] - Pathetic DOD procurement practices Message-ID: ...put this up there with the 400-buck toilet seats and 1200-buck lugnuts. ---rick A brand-new U.S. military headquarters in Afghanistan. And nobody to use it. By Rajiv Chandrasekaran http://www.washingtonpost.com/world/national-security/a-brand-new-us-military-headquarters-in-afghanistan-and-nobody-to-use-it/2013/07/09/2bb73728-e8cd-11e2-a301-ea5a8116d211_print.html The U.S. military has erected a 64,000-square-foot headquarters building on the dusty moonscape of southwestern Afghanistan that comes with all the tools to wage a modern war. A vast operations center with tiered seating. A briefing theater. Spacious offices. Fancy chairs. Powerful air conditioning. Everything, that is, except troops. The windowless, two-story structure, which is larger than a football field, was completed this year at a cost of $34 million. But the military has no plans to ever use it. Commanders in the area, who insisted three years ago that they did not need the building, now are in the process of withdrawing forces and see no reason to move into the new facility. For many senior officers, the unused headquarters has come to symbolize the staggering cost of Pentagon mismanagement: As American troops pack up to return home, U.S.-funded contractors are placing the finishing touches on projects that are no longer required or pulling the plug after investing millions of dollars. In Kandahar province, the U.S. military recently completed a $45 million facility to repair armored vehicles and other complex pieces of equipment. The space is now being used as a staging ground to sort through equipment that is being shipped out of the country. In northern Afghanistan, the State Department last year abandoned plans to occupy a large building it had intended to use as a consulate. After spending more than $80 million and signing a 10-year lease, officials determined the facility was too vulnerable to attacks. But some senior officers see the giant headquarters as the whitest elephant in a war littered with wasteful, dysfunctional and unnecessary projects funded by American taxpayers. A hulking presence at the center of Camp Leatherneck in Helmand province, it has become the butt of jokes among Marines stationed there and an object lesson for senior officers in Kabul and Washington. The top Marine commander in Helmand sent a memo to the U.S. headquarters in Kabul three years ago stating that the new structure was unnecessary. But his assessment was ignored or disregarded by officers issuing contracts for construction projects, according to senior military officials familiar with the issue. The building?s amenities also have prompted alarm among senior officers. A two-star Marine general who has toured the facility called it ?better appointed than any Marine headquarters anywhere in the world.? A two-star Army general said the operations center is as large as those at the U.S. Central Command or the supreme allied headquarters in Europe. ?What the hell were they thinking?? the Army general said. ?There was never any justification to build something this fancy.? Both generals spoke on the condition of anonymity. In a letter sent Monday to Defense Secretary Chuck Hagel, the special inspector general for the reconstruction of Afghanistan, John F. Sopko, called it ?the best constructed building I have seen in my travels to Afghanistan.? ?Unfortunately, it is unused, unoccupied, and presumably will never be used for its intended purpose,? Sopko wrote. ?This is an example of what is wrong with military construction in general ? once a project is started, it is very difficult to stop.? A Pentagon spokesman said Hagel?s office intends to provide a formal response to Sopko before commenting further on the project. The headquarters has its origin in 2009, when President Obama decided to surge more troops to southern Afghanistan to beat back Taliban insurgents. Army planners in South Carolina and at the Pentagon determined that Camp Leatherneck, which had been selected as the headquarters for Marine forces in the south, required a sophisticated command-and-control facility. When Marine officers in Helmand heard of the plans, they objected. The commander at the time, then-Maj. Gen. Richard P. Mills, believed his plywood-walled headquarters was sufficient and made that clear to his superiors in Kabul. His assessment went unheeded. Staff officers in Kabul drafted specifications for the building and asked Air Force contracting officers to find a private company to construct it. The construction order went to a British firm, AMEC Earth and Environment, which began work in November 2011, according to military documents. By then, Obama had announced the end of the surge. The bulk of the withdrawal would occur in Helmand. As the Marine presence in the southwest went from 20,000 to about 7,000 in 2012, workers laid the foundation, placed the beams and strung electrical wire. The building was designed to accommodate about 1,500 personnel. There are now fewer than 400 headquarters-level staff on the base. Even after Obama decided to remove an additional 34,000 troops this year, the project continued apace. Cubicles filled the floor. Theater seats arrived. The contractor made modifications to address problems with emergency exits. It was not until this spring that U.S. generals in Kabul decided to call a halt to the project. The decision was made before additional millions were spent on computer gear for the building but not soon enough to cancel crates of furniture. ?It?s terribly embarrassing,? the two-star Army general said. The Pentagon, Sopko wrote to Hagel, needs to determine ?all of the facts on how we reached this $34 million dilemma and what can be done to prevent it from happening again.? The military, which has opened a formal investigation into the decisions that led to the contract, is considering two options for the building: demolishing it or giving it to the Afghan army. Although the handoff sounds appealing, U.S. officials doubt the Afghans will be able to sustain the structure. It has complex heating and air-conditioning systems that demand significant amounts of electricity, which, in turn, require costly fuel purchases for generators. The building is wired for 110-volt appliances, not the 220-volt equipment used by Afghans. And, the officials note, the U.S. military recently built a new headquarters building on the Afghan base that adjoins Leatherneck. ?Both alternatives for how to resolve this issue are troubling,? Sopko said. Based on his conversations with military officials, he said one of the options now seems to be gaining traction: ?The building will probably be demolished.? Ernesto Londo?o contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 06:41:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 07:41:14 -0400 Subject: [Infowarrior] - NSA Surveillance Leaks, and More from CRS Message-ID: <99E3A55D-849A-4BC1-B9ED-0AE40B12A090@infowarrior.org> NSA Surveillance Leaks, and More from CRS http://blogs.fas.org/secrecy/2013/07/nsa-surv/ A new report from the Congressional Research Service summarizes for Congress what is publicly known about the two National Security Agency surveillance programs that were disclosed by Edward Snowden and reported last month by The Guardian and The Washington Post. ?Since these programs were publicly disclosed over the course of two days in June, there has been confusion about what information is being collected and what authorities the NSA is acting under. This report clarifies the differences between the two programs and identifies potential issues that may help Members of Congress assess legislative proposals pertaining to NSA surveillance authorities.? The CRS report does not present any new factual material concerning the surveillance programs. But it identifies some outstanding questions about them ? the word ?unclear? is used several times ? and it formulates topics for congressional consideration. See NSA Surveillance Leaks: Background and Issues for Congress, July 2, 2013. http://blogs.fas.org/secrecy/2013/07/nsa-surv/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 06:45:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 07:45:06 -0400 Subject: [Infowarrior] - Obama's Insider Threat Program Message-ID: <473A3480-39B8-4072-BCA7-243F5AD8A161@infowarrior.org> Linchpin for Obama?s plan to predict future leakers unproven, isn?t likely to work, experts say By Jonathan S. Landay and Marisa Taylor | McClatchy Washington Bureau http://www.mcclatchydc.com/2013/07/09/196211/linchpin-for-obamas-plan-to-predict.html#.Ud1It1OJcZw WASHINGTON ? In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents. The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for ?high-risk persons or behaviors? among co-workers. Those who fail to report them could face penalties, including criminal charges. Obama mandated the program in an October 2011 executive order after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and gave them to WikiLeaks, the anti-government secrecy group. The order covers virtually every federal department and agency, including the Peace Corps, the Department of Education and others not directly involved in national security. Under the program, which is being implemented with little public attention, security investigations can be launched when government employees showing ?indicators of insider threat behavior? are reported by co-workers, according to previously undisclosed administration documents obtained by McClatchy. Investigations also can be triggered when ?suspicious user behavior? is detected by computer network monitoring and reported to ?insider threat personnel.? Federal employees and contractors are asked to pay particular attention to the lifestyles, attitudes and behaviors ? like financial troubles, odd working hours or unexplained travel ? of co-workers as a way to predict whether they might do ?harm to the United States.? Managers of special insider threat offices will have ?regular, timely, and, if possible, electronic, access? to employees? personnel, payroll, disciplinary and ?personal contact? files, as well as records of their use of classified and unclassified computer networks, polygraph results, travel reports and financial disclosure forms. Over the years, numerous studies of public and private workers who?ve been caught spying, leaking classified information, stealing corporate secrets or engaging in sabotage have identified psychological profiles that could offer clues to possible threats. Administration officials want government workers trained to look for such indicators and report them so the next violation can be stopped before it happens. ?In past espionage cases, we find people saw things that may have helped identify a spy, but never reported it,? said Gene Barlow, a spokesman for the Office of the National Counterintelligence Executive, which oversees government efforts to detect threats like spies and computer hackers and is helping implement the Insider Threat Program. ?That is why the awareness effort of the program is to teach people not only what types of activity to report, but how to report it and why it is so important to report it.? But even the government?s top scientific advisers have questioned these techniques. Those experts say that trying to predict future acts through behavioral monitoring is unproven and could result in illegal ethnic and racial profiling and privacy violations. ?There is no consensus in the relevant scientific community nor on the committee regarding whether any behavioral surveillance or physiological monitoring techniques are ready for use at all,? concluded a 2008 National Research Council report on detecting terrorists. TSA officers watch for suspicious behavior at airports (Carey Wagner/Sun Sentinel/MCT) ?Doing something similar about predicting future leakers seems even more speculative,? Stephen Fienberg, a professor of statistics and social science at Carnegie Mellon University in Pittsburgh and a member of the committee that wrote the report, told McClatchy. The emphasis on individual lifestyles, attitudes and behaviors comes at a time when growing numbers of Americans must submit to extensive background checks, polygraph tests and security investigations to be hired or to keep government or federal contracting jobs. The U.S. government is one of the world?s largest employers, overseeing an ever-expanding ocean of information. While the Insider Threat Program mandates that the nearly 5 million federal workers and contractors with clearances undergo training in recognizing suspicious behavior indicators, it allows individual departments and agencies to extend the requirement to their entire workforces, something the Army already has done. Training should address ?current and potential threats in the work and personal environment? and focus on ?the importance of detecting potential insider threats by cleared employees and reporting suspected activity to insider threat personnel and other designated officials,? says one of the documents obtained by McClatchy. The White House, the Justice Department, the Peace Corps and the departments of Health and Human Services, Homeland Security and Education refused to answer questions about the program?s implementation. Instead, they issued virtually identical email statements directing inquiries to the Office of the Director of National Intelligence, declined to comment or didn?t respond. Caitlin Hayden, a spokeswoman for the White House National Security Council, said in her statement that the Insider Threat Program includes extra safeguards for ?civil rights, civil liberties and privacy,? but she didn?t elaborate. Manning?s leaks to WikiLeaks, she added, showed that at the time protections of classified materials were ?inadequate and put our nation?s security at risk.? Reply from the National Security Council Even so, the new effort failed to prevent former National Security Agency contractor Edward Snowden from taking top-secret documents detailing the agency?s domestic and international communications monitoring programs and leaking them to The Guardian and The Washington Post newspapers. The initiative goes beyond classified information leaks. It includes as insider threats ?damage to the United States through espionage, terrorism, unauthorized disclosure of national security information or through the loss or degradation of departmental resources or capabilities,? according to a document setting ?Minimum Standards for Executive Branch Insider Threat Programs.? McClatchy obtained a copy of the document, which was produced by an Insider Threat Task Force that was set up under Obama?s order and is headed by Director of National Intelligence James Clapper and Attorney General Eric Holder. McClatchy also obtained the group?s final policy guidance. The White House, the Justice Department and the Office of the Director of National Intelligence declined requests for both documents, neither of which is classified. Although agencies and departments are still setting up their programs, some employees already are being urged to watch co-workers for ?indicators? that include stress, divorce and financial problems. When asked about the ineffectiveness of behavior profiling, Barlow said the policy ?does not mandate? that employees report behavior indicators. ?It simply educates employees about basic activities or behavior that might suggest a person is up to improper activity,? he said. ?These do not require special talents. If you see someone reading classified documents they should not be reading, especially if this happens multiple times and the person appears nervous that you saw him, that is activity that is suspicious and should be reported,? Barlow said. ?The insider threat team then looks at the surrounding facts and draws the conclusions about the activity.? Departments and agencies, however, are given leeway to go beyond the White House?s basic requirements, prompting the Defense Department in its strategy to mandate that workers with clearances ?must recognize the potential harm caused by unauthorized disclosures and be aware of the penalties they could face.? It equates unauthorized disclosures of classified information to ?aiding the enemies of the United States.? All departments and agencies involved in the program must closely track their employees? online activities. The information gathered by monitoring, the administration documents say, ?could be used against them in criminal, security, or administrative proceedings.? Experts who research such efforts say suspicious behaviors include accessing information that someone doesn?t need or isn?t authorized to see or downloading materials onto removable storage devices like thumb drives when such devices are restricted or prohibited. ?If you normally print 20 documents a week, well, what happens if the next week or the following week you have to print 50 documents or 100 documents? That could be at variance from your normal activity that could be identified and might be investigated,? said Randy Trzeciak, acting manager of the Computer Emergency Response Team Insider Threat Center at Carnegie Mellon University?s Software Engineering Institute. ?We?ve come up with patterns that we believe organizations might be able to consider when determining when someone might be progressing down the path to harm the organization,? said Trzeciak, whose organization has analyzed more than 800 cases and works with the government and private sector on cyber security. But research and other programs that rely on profiling show it remains unproven, could make employees more resistant to reporting violations and might lead to spurious allegations. The Pentagon, U.S. intelligence agencies and the Department of Homeland Security have spent tens of millions of dollars on an array of research projects. Yet after several decades, they still haven?t developed a list of behaviors they can use to definitively identify the tiny fraction of workers who might some day violate national security laws. ?We are back to the needle-in-a-haystack problem,? said Fienberg, the Carnegie Mellon professor. ?We have not found any silver bullets,? said Deana Caputo, the lead behavioral scientist at MITRE Corp., a nonprofit company working on insider threat efforts for U.S. defense, intelligence and law enforcement agencies. ?We don?t have actually any really good profiles or pictures of a bad guy, a good guy gone bad or even the bad guy walking in to do bad things from the very beginning.? Different agencies and departments have different lists of behavior indicators. Most have adopted the traditional red flags for espionage. They include financial stress, disregard for security practices, unexplained foreign travel, unusual work hours and unexplained or sudden wealth. But agencies and their consultants have added their own indicators. For instance, an FBI insider threat detection guide warns private security personnel and managers to watch for ?a desire to help the ?underdog? or a particular cause,? a ?James Bond Wannabe? and a ?divided loyalty: allegiance to another person or company or to a country besides the United States.? A report by the Deloitte consulting firm identifies ?several key trends that are making all organizations particularly susceptible to insider threat today.? These trends include an increasingly disgruntled, post-Great Recession workforce and the entry of younger, ?Gen Y? employees who were ?raised on the Internet? and are ?highly involved in social networking.? Report from Deloitte Some government programs that have embraced behavioral indicators have been condemned as failures. Perhaps the most heavily criticized is the Transportation Security Administration?s Screening of Passengers by Observation Techniques, or SPOT, program. The program, which has cost $878 million and employs 2,800 people, uses ?behavior detection officers? to identify potential terrorists by scrutinizing airline passengers for signs of ?stress, fear or deception.? DHS? inspector general excoriated the program, saying in a May 2013 report, ?TSA cannot ensure that passengers at United States airports are screened objectively, show that the program is cost-effective or reasonably justify the program?s expansion.? Interviews and internal complaints obtained by The New York Times quoted TSA officers as saying SPOT has led to ethnic and racial profiling by emphasizing certain profiles. They include Middle Easterners, Hispanics traveling to Miami and African-Americans wearing baseball caps backward. Another problem with having employees report co-workers? suspicious behaviors: They aren?t sure which ones represent security threats. ?Employees in the field are not averse to reporting genuine security infractions. In fact, under appropriate conditions they are quite willing to act as eyes and ears for the government,? said a 2005 study by the Pentagon?s Defense Personnel Security Research Center. ?They are simply confused about precisely what is important enough to report. Many government workers anguish over reporting gray-area behaviors.? Even so, the Pentagon is forging ahead with training Defense Department and contractor managers and security officials to set up insider threat offices, with one company emphasizing how its course is designed for novices. ?The Establishing an Insider Threat Program for Your Organization Course will take no more than 90 minutes to complete,? says the proposal. Officials with the Army, the only government department contacted by McClatchy that agreed to discuss the issue, acknowledged that identifying potential insider threats is more complicated than relying on a list of behaviors. Response from the Army ?What we really point out is if you?re in doubt, report, because that?s what the investigative personnel are there to do, is to get the bottom of ?is this just noise or is this something that is really going on??? said Larry Gillis, a senior Army counterintelligence and security official. The Army implemented a tough program a year before Obama?s executive order after Maj. Nidal Hasan, a U.S.-born Muslim, allegedly killed 13 people in a 2009 rampage at Fort Hood, Texas. Hasan, who has not gone on trial, has said he was defending the Afghan Taliban. Gillis said the Army didn?t want a program that would ?get people to snitch on each other,? nor did it want to encourage stereotyping. ?We don?t have the luxury to make up reasons to throw soldiers out,? Gillis said. ?It?s a big deal to remove a soldier from service over some minor issue. We don?t want to ruin a career over some false accusation.? But some current and former U.S. officials and experts worry that Obama?s Insider Threat Program could lead to false or retaliatory accusations across the entire government, in part because security officials are granted access to information outside their usual purview. These current and former U.S. officials and experts also ridiculed as overly zealous and simplistic the idea of using reports of suspicious behavior to predict potential insider threats. It takes years for professional spy-hunters to learn their craft, and relying on the observations of inexperienced people could lead to baseless and discriminatory investigations, they said. ?Anyone is an amateur looking at behavior here,? said Thomas Fingar, a former State Department intelligence chief who chaired the National Intelligence Council, which prepares top-secret intelligence analyses for the president, from 2005 to 2008. Co-workers, Fingar said, should ?be attentive? to colleagues? personal problems in order to refer them to counseling, not to report them as potential security violators. ?It?s simply because they are colleagues, fellow human beings,? he said. Eric Feldman, a former inspector general of the National Reconnaissance Office, the super-secret agency that oversees U.S. spy satellites, expressed concern that relying on workers to report colleagues? suspicious behaviors to security officials could create ?a repressive kind of culture.? ?The answer to it is not to have a Stasi-like response,? said Feldman, referring to the feared secret police of communist East Germany. ?You?ve removed that firewall between employees seeking help and the threat that any employee who seeks help could be immediately retaliated against by this insider threat office.? Email: jlanday at mcclatchydc.com or mtaylor at mcclatchydc.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 06:47:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 07:47:25 -0400 Subject: [Infowarrior] - The price of surveillance: Gov't pays to snoop Message-ID: <915D170B-10B6-423C-A6E6-DDD4B981C7BE@infowarrior.org> Jul 10, 6:07 AM EDT The price of surveillance: Gov't pays to snoop By ANNE FLAHERTY Associated Press http://hosted.ap.org/dynamic/stories/U/US_PRICE_OF_SURVEILLANCE WASHINGTON (AP) -- How much are your private conversations worth to the government? Turns out, it can be a lot, depending on the technology. In the era of intense government surveillance and secret court orders, a murky multimillion-dollar market has emerged. Paid for by U.S. tax dollars, but with little public scrutiny, surveillance fees charged in secret by technology and phone companies can vary wildly. AT&T, for example, imposes a $325 "activation fee" for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Rep. Edward Markey, D-Mass. Meanwhile, email records like those amassed by the National Security Agency through a program revealed by former NSA systems analyst Edward Snowden probably were collected for free or very cheaply. Facebook says it doesn't charge the government for access. And while Microsoft, Yahoo and Google won't say how much they charge, the American Civil Liberties Union found that email records can be turned over for as little as $25. Industry says it doesn't profit from the hundreds of thousands of government eavesdropping requests it receives each year, and civil liberties groups want businesses to charge. They worry that government surveillance will become too cheap as companies automate their responses. And if companies gave away customer records for free, wouldn't that encourage uncalled-for surveillance? But privacy advocates also want companies to be upfront about what they charge and alert customers after an investigation has concluded that their communications were monitored. "What we don't want is surveillance to become a profit center," said Christopher Soghoian, the ACLU's principal technologist. But "it's always better to charge $1. It creates friction, and it creates transparency" because it generates a paper trail that can be tracked. Regardless of price, the surveillance business is growing. The U.S. government long has enjoyed access to phone networks and high-speed Internet traffic under the U.S. Communications Assistance for Law Enforcement Act to catch suspected criminals and terrorists. More recently, the FBI has pushed technology companies like Google and Skype to guarantee access to real-time communications on their services. And, as shown by recent disclosures about the NSA's surveillance practices, the U.S. intelligence community has an intense interest in analyzing data and content that flow through American technology companies to gather foreign intelligence. The FBI said it could not say how much it spends on industry reimbursements because payments are made through a variety of programs, field offices and case funds. In an emailed statement, the agency said when charges are questionable, it requests an explanation and tries to work with the carrier to understand its cost structure. Technology companies have been a focus of law enforcement and the intelligence community since 1994, when Congress allotted $500 million to reimburse phone companies to retrofit their equipment to accommodate wiretaps on the new digital networks. But as the number of law enforcement requests for data grew and carriers upgraded their technology, the cost of accommodating government surveillance requests increased. AT&T, for example, said it devotes roughly 100 employees to review each request and hand over data. Likewise, Verizon said its team of 70 employees works around the clock, seven days a week to handle the quarter-million requests it gets each year. To discourage gratuitous requests and to prevent losing money, industry turned to a section of federal law that allows companies to be reimbursed for the cost of "searching for, assembling, reproducing and otherwise providing" communications content or records on behalf of the government. The costs must be "reasonably necessary" and "mutually agreed" upon with the government. From there, phone companies developed detailed fee schedules and began billing law enforcement much as they do customers. In its letter to Markey, AT&T estimated that it collected $24 million in government reimbursements between 2007 and 2011. Verizon, which had the highest fees but says it doesn't charge in every case, reported a similar amount, collecting between $3 million and $5 million a year during the same period. Companies also began to automate their systems to make it easier. The ACLU's Soghoian found in 2009 that Sprint had created a website allowing law enforcement to track the location data of its wireless customers for only $30 a month to accommodate the approximately 8 million requests it received in one year. Most companies agree not to charge in emergency cases like tracking an abducted child. They aren't allowed to charge for phone logs that reveal who called a line and how long they talked - such as the documents the Justice Department obtained about phones at The Associated Press during a leaks investigation - because that information is easily generated from automated billing systems. Still, the fees can add up quickly. The average wiretap is estimated to cost $50,000, a figure that includes reimbursements as well as other operational costs. One narcotics case in New York in 2011 cost the government $2.9 million alone. The system is not a true market-based solution, said Al Gidari, a partner at the law firm Perkins Coie who represents technology and telecommunications companies on privacy and security issues. If the FBI or NSA needs data, those agencies would pay whatever it takes. But Gidari said it's likely that phone and technology companies undercharge because they don't want to risk being accused of making a false claim against the government, which carries stiff penalties. Online companies in particular tend to undercharge because they don't have established accounting systems, and hiring staff to track costs is more expensive than not charging the government at all, he said. "Government doesn't have the manpower to wade through irrelevant material any more than providers have the bandwidth to bury them in records," Gidari said. "In reality, there is a pretty good equilibrium and balance, with the exception of phone records," which are free. Not everyone agrees. In 2009, then-New York criminal prosecutor John Prather sued several major telecommunications carriers in federal court in Northern California in 2009, including AT&T, Verizon and Sprint, for overcharging federal and state police agencies. In his complaint, Prather said phone companies have the technical ability to turn on a switch, duplicate call information and pass it along to law enforcement with little effort. Instead, Prather says his staff, while he was working as a city prosecutor, would receive convoluted bills with extraneous fees. The case is pending. "They were monstrously more than what the telecoms could ever hope to charge for similar services in an open, competitive market, and the costs charged to the governments by telecoms did not represent reasonable prices as defined in the code of federal regulations," the lawsuit said. The phone companies have asked the judge to dismiss the case. Prather's lawsuit claims whistle-blower status. If he wins, he stands to collect a percentage - estimated anywhere from 12 percent to 25 percent - of the money recovered from the companies. --- Follow Anne Flaherty on Twitter at https://twitter.com/AnneKFlaherty --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 12:24:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 13:24:03 -0400 Subject: [Infowarrior] - SEC Votes to Lift Ban on Hedge Fund Advertising Message-ID: <824288F0-0FAE-4ED3-BE56-FB43156E977A@infowarrior.org> Most hedge funds barely can beat the market's benchmark index anyway, so there is little real value investing in a hedge fund other than to FEEL like you're part of something exclusive and "in the know." Guess the more folks they can get paying 2-and-20[1] for meager if any returns is one way the hedgies can survive as a business. After all, there's a new muppet born every minute! --rick [1] 2% "administrative fee per year" and then 20% of any (key word) profits. http://www.cnbc.com/id/100791405 SEC Votes to Lift Ban on Hedge Fund Advertising BUSINESS NEWS The Associated Press | Wednesday, 10 Jul 2013 | 12:44 PM ET For the first time, hedge funds will be allowed to advertise to the general public under a rule adopted Wednesday by federal regulators. The Securities and Exchange Commission voted 4-1 to lift a decades-old ban that prevents hedge funds, private equity firms and other private investments from marketing their investments to a wide audience. Hedge funds are still allowed to sell securities only to an exclusive group of investors: those with a net worth of at least $1 million excluding their primary residence, or annual income of more than $200,000 in each of the two most recent years. About 7.4 percent of U.S. households have a net worth of $1 million or more. The change, which takes effect in about 60 days, was mandated by legislation enacted last year. The law also makes it easier for small startup companies to raise capital without having to comply immediately with SEC reporting rules. Hedge funds are investment pools that use complex trades to seek big returns. They command trillions of dollars in assets. The ban on general advertising has been in effect since 1933, during the Great Depression. Companies and funds must verify that investors meet the financial requirements for the investments. And the SEC adopted a rule that bars convicted felons and individuals sanctioned by federal securities and banking regulators from participating in offerings. Investor advocates have expressed concern that allowing hedge funds and similar investments to advertise could increase the potential for fraud. It "will make fraud easier by allowing fraudsters to cast a wider net for victims," Commissioner Luis Aguilar said at the meeting. His was the only commissioner to dissent. The SEC proposed to monitor the advertising and collect data on how it affects the market for private securities offerings. And on a 3-2 vote, the SEC advanced a separate rule that would require companies selling shares of hedge funds or other private investments to notify the agency 15 days before a sale and also after the sale is completed. Companies and funds also would have to provide detailed information about the types of investors who purchased the shares and how their financial qualifications were verified. Republican Commissioners Troy Paredes and Daniel Gallagher voted against the proposal requiring advance notice of a sale. The public has 60 days to comment on. After that, the agency can take it up for a final vote. ?The Associated Press. ? 2013 CNBC.com URL: http://www.cnbc.com/100791405 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 15:54:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 16:54:56 -0400 Subject: [Infowarrior] - NSA Oversight Bill May Severely Damage The Ability To Challenge National Security Letters Message-ID: <8C96DF6B-87E7-4E88-A34B-BDE9A65DD58E@infowarrior.org> NSA Oversight Bill Introduced By Sen. Leahy May Severely Damage The Ability To Challenge National Security Letters http://www.techdirt.com/articles/20130709/13112923749/nsa-oversight-bill-introduced-sen-leahy-may-severely-damage-ability-to-challenge-national-security-letters.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 10 17:21:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jul 2013 18:21:55 -0400 Subject: [Infowarrior] - Apple conspired to raise e-book prices, judge rules (updated) Message-ID: <68468672-98E2-4B94-BEC8-0ABC7A090118@infowarrior.org> (c/o AJR) Apple conspired to raise e-book prices, judge rules (updated) Second trial will decide how much it has to pay. http://arstechnica.com/tech-policy/2013/07/apple-guilty-of-conspiring-to-raise-e-book-prices/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 06:49:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 07:49:41 -0400 Subject: [Infowarrior] - DEFCON 'disinvites' the Feds Message-ID: (Not likely to happen, but it makes a statement, anyway. ---rick) http://www.defcon.org/ Feds, we need some time apart. Posted 7.10.13 For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect. When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year. This will give everybody time to think about how we got here, and what comes next. The Dark Tangent --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 07:13:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 08:13:14 -0400 Subject: [Infowarrior] - =?utf-8?q?Lawmakers_say_administration=E2=80=99s_?= =?utf-8?q?lack_of_candor_on_surveillance_weakens_oversight?= Message-ID: (Then where were they until now? Those who have not spoken up until recently are just as guilty/complicit as those they're allegedly concerened with now, --rick) Lawmakers say administration?s lack of candor on surveillance weakens oversight By Peter Wallsten http://www.washingtonpost.com/politics/lawmakers-say-administrations-lack-of-candor-on-surveillance-weakens-oversight/2013/07/10/8275d8c8-e97a-11e2-aa9f-c03a72e2d342_print.html Lawmakers tasked with overseeing national security policy say a pattern of misleading testimony by senior Obama administration officials has weakened Congress?s ability to rein in government surveillance. Members of Congress say officials have either denied the existence of a broad program that collects data on millions of Americans or, more commonly, made statements that left some lawmakers with the impression that the government was conducting only narrow, targeted surveillance operations. The most recent example came on March 12, when James R. Clapper, director of national intelligence, told the Senate Intelligence Committee that the government was not collecting information about millions of Americans. He later acknowledged that the statement was ?erroneous? and apologized, citing a misunderstanding. On three occasions since 2009, top Justice Department officials said the government?s ability to collect business records in terrorism cases is generally similar to that of law enforcement officials during a grand jury investigation. That comparison, some lawmakers now say, signaled to them that data was being gathered on a case-by-case basis, rather than the records of millions of Americans? daily communications being vacuumed up in bulk. In addition, two Democratic members of the Senate Intelligence Committee say that even in top-secret briefings, officials ?significantly exaggerated? the effectiveness of at least one program that collected data on Americans? e-mail usage. The administration?s claims are being reexamined in light of disclosures by National Security Agency contractor Edward Snowden, reported by The Washington Post and Britain?s Guardian newspaper, of broad government surveillance of Americans? Internet and phone use authorized under secret interpretations of law. At least two Republican lawmakers have called for the removal of Clapper, who denied the widespread surveillance of Americans while under questioning by Sen. Ron Wyden (D-Ore.) and issued his apology after the surveillance programs became public two months later. A letter to Clapper sent two weeks ago from 26 senators from both parties complained about a series of statements from senior officials that ?had the effect of misleading the public? and that will ?undermine trust in government more broadly.? Some Democrats and civil libertarians have expressed disappointment in what they say is a pattern of excessive secrecy from President Obama. He had pledged to run a more transparent administration than his predecessor, George W. Bush, who signed off on the NSA?s controversial warrantless wiretapping program and, with the authorization of the Foreign Intelligence Surveillance Court, launched the bulk data-collection program that has continued. ?The national security state has grown so that any administration is now not upfront with Congress,? said Rep. Jerrold Nadler (D-N.Y.), a senior member of the House Judiciary Committee. ?It?s an imbalance that?s grown in our government, and one that we have to cleanse.? Administration officials say they have been as transparent as they could be in disclosing information about sensitive classified programs. All House and Senate members were invited to two classified briefings in 2010 and 2011 at which the programs were discussed, officials said. Defenders of the surveillance programs in Congress, including Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Rep. Mike Rogers (R-Mich.), chairman of the House intelligence panel, have said the programs were fully explained. Senate Majority Leader Harry M. Reid (D-Nev.) pointed to ?many, many meetings? where surveillance was discussed and said members had ?every opportunity to be aware of these programs.? But some lawmakers say they feel that many of the administration?s public statements ? often couched in terms that offered assurances of the government?s respect for civil liberties and privacy ? seemed designed to mislead Americans and avoid congressional scrutiny. Wyden said that a number of administration statements have made it ?impossible for the public or Congress to have a genuinely informed debate? about government surveillance. The Oregon senator, whose membership on the Senate Intelligence Committee gives him access to the classified court rulings authorizing broad surveillance, has tried in recent years to force a public discussion of what he has called ?secret law.? ?These statements gave the public a false impression of how these authorities were actually being interpreted,? Wyden said. ?The disclosures of the last few weeks have made it clear that a secret body of law authorizing secret surveillance overseen by a largely secret court has infringed on Americans? civil liberties and privacy rights without offering the public the ability to judge for themselves whether these broad powers are appropriate or necessary.? At the time that Justice Department officials appeared at public hearings in 2009 and 2011, the White House was pushing Congress to reauthorize provisions of the USA Patriot Act, including Section 215, which allows for the collection of ?business records? and has since drawn attention as the justification for the bulk surveillance of phone records. Two top Justice Department officials ? Todd M. Hinnen and David S. Kris ? told lawmakers in separate appearances that the government?s authority in national security cases was ?roughly analogous? to that available to FBI agents investigating crimes using grand jury subpoenas. Both officials cited data showing the number of surveillance orders that had been issued under the law, and both offered a caution, as Hinnen said in 2009, that, ?as many members are aware,? a portion of the orders ?were used to support important and highly sensitive intelligence collections.? Both invited lawmakers to learn more in classified sessions. Hinnen, now a lawyer in private practice, said in an interview that the analogy was a direct reference to a provision in the business records law that says the government can collect information only if that data ?can be obtained with a subpoena .?.?. issued by a court of the United States in aid of a grand jury investigation.? Senior lawmakers have also cited the grand jury analogy, including Feinstein, who said in 2011 that the law ?provides the government the same authority in national security investigations to obtain physical records that exist in an ordinary criminal case through a grand jury subpoena.? Brian Fallon, a Justice Department spokesman, on Wednesday stood by the officials? testimony. ?The statute itself describes the program in this way,? he said. Still, some lawmakers now say the testimony offered no clear indication that all Americans were subject to surveillance under the administration?s broad standard. ?I don?t know if it was an outright lie, but it was certainly misleading to what was going on,? said Nadler, who was chairman of the committee that heard from Hinnen in 2009. Rep. F. James Sensenbrenner Jr. (R-Wis.), a key author of the Patriot Act who presided over a 2011 House hearing where Hinnen appeared, wrote this month to Attorney General Eric H. Holder Jr. that the Justice Department?s description ?left the committee with the impression that the administration was using the business records provision sparingly and for specific materials.? In an interview, Sensenbrenner, former chairman of the House Judiciary Committee, said he had thought that he and his colleagues had created a sufficiently narrow standard for seeking information. The provision allows the government to collect only data that is ?relevant? to an authorized terrorism investigation. Some lawmakers, warning of government abuse, tried unsuccessfully in 2005 to tighten the standard. The relevancy requirement ?was intended to be limiting,? Sensenbrenner said. ?Instead, what we?re hearing now is that ?relevant? was expanding.? Sensenbrenner called it a ?stretch of the English language? for the administration to consider millions of Americans? phone records to be ?relevant.? Sensenbrenner, who had access to multiple classified briefings as a member of the Judiciary Committee, said he does not typically attend such sessions. He called the practice of classified briefings a ?rope-a-dope operation? in which lawmakers are given information and then forbidden from speaking out about it. Members are not permitted to discuss information disclosed in classified briefings. ?It?s the same old game they use to suck members in,? he said. Referring to public testimony from officials, Sensenbrenner added: ?How can we do good oversight if we don?t get truthful and non-misleading testimony?? The allegation of misleading statements even during classified sessions comes from Wyden and Sen. Mark Udall (D-Colo.), colleagues on the Senate Intelligence Committee. Their concerns arose from closed-door discussions in 2011 regarding a top-secret program that was collecting data about Americans? e-mail usage. The existence of the e-mail surveillance program, which was shut down in 2011, was first disclosed publicly late last month in The Post and the Guardian. After that disclosure, Wyden and Udall took the unusual step of releasing a statement describing classified interactions with intelligence officials. The senators said they had been ?quite familiar? with the program and had devoted much of their time in 2011 to questioning officials about it. ?Intelligence officials have noted that the bulk email records program was discussed with both Congress and the Foreign Intelligence Surveillance Court,? Wyden and Udall said. ?In our judgment it is also important to note that intelligence agencies made statements to both Congress and the court that significantly exaggerated this program?s effectiveness.? The senators said that their experience demonstrated that intelligence agencies? assessments ?are not always accurate.? The senators added that their exchanges with officials about the e-mail program ?led us to be skeptical of claims about the value of the bulk phone records collection program in particular,? a reference to administration arguments that the ongoing surveillance efforts have been crucial in thwarting terror plots. ?We believe that the broader lesson here is that even though intelligence officials may be well-intentioned, assertions from intelligence agencies about the value and effectiveness of particular programs should not simply be accepted at face value by policymakers or oversight bodies any more than statements about the usefulness of other government programs should be taken at face value when they are made by other government officials,? the senators added. Wyden?s March question to Clapper was part of a broader effort on the senator?s part to use carefully worded public statements and questions to draw attention to the existence of classified programs ? and the administration?s lack of transparency ? without revealing secret information in the process. Clapper?s statement prompted some lawmakers to allege what Rep. Justin Amash (R-Mich.) called a ?double standard? in which a top official could deliver false testimony without fear of penalty. ?If the administration has a policy to lie to Congress about classified materials in unclassified hearings, then you have to ask yourself what value the hearings have and whether or not anyone else is doing it,? said Rep. Mick Mulvaney (R-S.C.). Some are calling for a major overhaul of the current oversight system, including the intelligence committees and the surveillance court, which were created in the late 1970s amid growing concern about U.S. spy practices following Watergate, the Vietnam War and revelations about CIA efforts to overthrow foreign governments. Congress ?tried to make agencies which have to operate in secret accountable nevertheless to the law,? said former vice president Walter F. Mondale, who as a senator was a member of the Church Committee, which led the efforts to overhaul the system. Now, Mondale said, ?that system has totally collapsed.? He said Clapper?s willingness to mislead the public during Senate testimony ?is what happens when there?s no accountability. .?.?. What is the consequence of fibbing to the American people?? Alice Crites contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 07:15:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 08:15:06 -0400 Subject: [Infowarrior] - Public Opinion Shifts on Security-Liberty Balance Message-ID: <7854AA8D-745A-4C6B-AB1F-831E2A081AB7@infowarrior.org> July 10, 2013, 3:50 pm Public Opinion Shifts on Security-Liberty Balance By NATE SILVER http://fivethirtyeight.blogs.nytimes.com/2013/07/10/public-opinion-shifts-on-security-liberty-balance/?pagewanted=print A new Quinnipiac poll has found a significant shift in public opinion on the trade-off between civil liberties and national security. In the new survey, released on Wednesday, 45 percent of the public said they thought the government?s antiterrorism policies have ?gone too far in restricting the average person?s civil liberties? ? as compared with 40 percent who said they have ?not gone far enough to adequately protect the country.? By comparison, in a January 2010 Quinnipiac poll that posed the same question, only 25 percent of the public said the government had gone too far in restricting civil liberties, while 63 percent said it hadn?t gone far enough to protect the country. Although the shift in opinion is apparent among virtually all demographic groups, it has been somewhat more pronounced among Republicans, who may be growing more skeptical about President Obama?s national security policies. Whereas, in the 2010 survey, 17 percent of Republicans said the government had gone too far to restrict civil liberties while 72 percent said it had not gone far enough to protect the country, the numbers among G.O.P. voters were nearly even in the new poll, with 41 percent saying that antiterrorism programs had gone too far and 46 percent saying they haven?t gone far enough. We generally caution against reading too much into a single poll result. But there are several reasons to think that the shift detected by the Quinnipiac poll is meaningful. First, the magnitude of the change was considerably larger than the margin of error in the poll. Second, the poll applied exactly the same question wording in both 2010 and 2013, making a direct comparison more reliable. Third, this was a well-constructed survey question, describing both the benefit (protecting the country) and the cost (restricting civil liberties) of antiterrorism programs in a balanced way. What is less clear how much of the shift was triggered by the recent disclosures about the National Security Administration?s domestic surveillance programs, as opposed to reflecting a longer-term trend in public opinion. A Fox News poll conducted in April, just after the Boston Marathon bombings but before the N.S.A. story broke, found that only 43 percent of the public was ?willing to give up some of your personal freedom in order to reduce the threat of terrorism? ? considerably lower than in other instances of the survey. However, Fox News had last posed this question in 2006. Either way, it seems safe to conclude that the climate of public opinion on this issue has changed considerably since the years closely following the Sept. 11 attacks. The Quinnipiac poll also asked about Edward J. Snowden, the former N.S.A. contractor who disclosed details about the agency?s programs to newspapers. The Quinnipiac poll, in contrast to other recent surveys, found ostensibly sympathetic views toward Mr. Snowden, with 34 percent of respondents describing him as ?more of a traitor? while 55 percent said he was ?more of a whistle-blower.? Whereas I find Quinnipiac?s broader question on national security to be quite meaningful, I?m not sure that the one about Mr. Snowden tells us very much. The problem is that the sympathetic response toward him in the poll may reflect a sympathetically worded question. The poll described Mr. Snowden as ?the national security consultant who released information to the media about the phone scanning program.? However, Mr. Snowden has also released information to the news media about other N.S.A. activities, such as those it has conducted in China. Some Americans may be pleased by Mr. Snowden?s disclosures about how the N.S.A. conducted surveillance against U.S. citizens ? but displeased that he has also disclosed details about its international surveillance. The Quinnipiac poll should probably have described a fuller spectrum of the information that Mr. Snowden has released. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 07:22:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 08:22:28 -0400 Subject: [Infowarrior] - What Mystery Threat Has the U.S. Navy So Nervous? Message-ID: <49486099-666B-4D68-A770-E8FF49C0038C@infowarrior.org> (c/o JH) What Mystery Threat Has the U.S. Navy So Nervous? A new threat prompts a crash development of defenses for U.S. Navy ships. By Joe Pappalardo July 10, 2013 3:26 PM http://www.popularmechanics.com/technology/military/missile-defense/what-mystery-threat-has-the-us-navy-so-nervous-15678966 The Department of Defense produces reams of procurement documents, and the vast majority of them are mind-numbingly dull. And then there is Justification and Approval document No. 1312, which the Navy quietly issued in January. This request, the kind of document the Pentagon generates to seek permission to award a contract without competition, seeks an electronic warfare system that can protect ships from "a newly discovered threat." The document uses very grave language to justify the $65 million procurement, citing a "need to provide a protective capability to naval ships and their crews in a critically short time frame." The first units would be installed on ships by March 2014. Personnel with the Naval Research Lab denied comment, saying scientists "have nothing to provide concerning this research at this time." However, the document reveals some details that allow the public a glimpse of the cat-and-mouse cycles behind the development of military technology. At issue here is the AN/SLQ electronic warfare system, which is installed on virtually all Navy vessels. The system has a couple of vital jobs, the first of which is the detection of incoming antiship missiles. The AN/SLQ sees the missiles coming, and its powerful radar can also jam the missiles' targeting sensors. Wise militaries prepare for new threats, but they are emerging at a hectic pace, especially in the digital fields of sensors, radar, countermeasures, and guidance. The Navy's apparent hurry means there's something out there that the AN/SLQ may not be able to handle, and it's probably being developed in China. At the end of 2009 the commander of the U.S. Pacific Fleet issued a call for engineering help by issuing an Urgent Operational Need Statement to "develop, fabricate, and install an embarkable prototype" to counter the mysterious threat. (Embarkable means it can be transferred from ship to ship, as needed.) The Naval Research Lab answered the plea for help. It and defense contractor ITT Exelis designed a prototype countermeasure and tested it by 2012. The system is composed of four electronic warfare units (presumably to cover 360 degrees around the ship), a control panel, and electronic interfaces. Now it's time to graduate the prototype to a fleet-ready product, and the Navy says there's no time to solicit bids on the project to see whether other firms can do it more cheaply. The contract calls for 24 of the systems to be delivered by 2015. It's not much of a deductive leap to suppose that China is behind the threat that has the Pentagon so worried. China has been developing a slew of ways to keep U.S. warships far from their shores (and those of Japan and Taiwan's). These include cyber-attacks, small submarines with fast-missiles, and?most recently?the promise of antiship ballistic missiles. China made public its work on the DF-21 ballistic antiship missile about the same time as the Navy's request. That's pretty neat coincidence, but there's no proof this is the threat. The worrisome new technology that prompted this effort could just as easily have been an upgrade to the tracking sensors of an existing antiship missile, such as the supersonic YJ-12 or CJ-20. Either way, there is a new threat in the Pacific and engineers are trying to keep the balance of power tipped toward the U.S. Navy. Read more: What Mystery Threat Has the U.S. Navy So Nervous? - Popular Mechanics Follow us: @PopMech on Twitter | popularmechanics on Facebook Visit us at PopularMechanics.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 14:28:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 15:28:30 -0400 Subject: [Infowarrior] - Revealed: how Microsoft handed the NSA access to encrypted messages Message-ID: <7257A143-CB05-4942-A485-425CD8C8E3DA@infowarrior.org> Revealed: how Microsoft handed the NSA access to encrypted messages ? Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and Dominic Rushe ? guardian.co.uk, Thursday 11 July 2013 13.53 EDT http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian. The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month. The documents show that: ? Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal; ? The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail; ? The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide; ? Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases; ? Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio; ? Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport". The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion. In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers". In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo. Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas. Since Prism's existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems. Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority." Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content." But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing. The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism. The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year. Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012." Two months later, in February this year, Microsoft officially launched the Outlook.com portal. Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption." Microsoft's co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI ? which acts as the liaison between the intelligence agencies and Silicon Valley on Prism ? to allow Prism access without separate authorization to its cloud storage service SkyDrive. The document describes how this access "means that analysts will no longer have to make a special request to SSO for this ? a process step that many analysts may not have known about". The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established." A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes." The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users. One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says. Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011. According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general. The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system." ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google." The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies. The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism". The document continues: "The FBI and CIA then can request a copy of Prism collection of any selector?" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!" In its statement to the Guardian, Microsoft said: We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues. In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said: The articles describe court-ordered surveillance ? and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy. They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 15:25:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 16:25:49 -0400 Subject: [Infowarrior] - The best investment advice you'll never get Message-ID: The best investment advice you'll never get Mark Dowie | January 18, 2008 For 35 years, Bay Area finance revolutionaries have been pushing a personal investing strategy that brokers despise and hope you ignore. < - > http://www.modernluxury.com/san-francisco/story/the-best-investment-advice-youll-never-get --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 15:27:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 16:27:26 -0400 Subject: [Infowarrior] - Congresswoman Claims 'Fair Use' And 'Transparency' Are Just 'Buzz Terms' Message-ID: <2E5F77C4-9DDD-43EC-99E5-79574BBF9022@infowarrior.org> Congresswoman Claims 'Fair Use' And 'Transparency' Are Just 'Buzz Terms' http://www.techdirt.com/blog/innovation/articles/20130711/02274723762/congresswoman-claims-fair-use-transparency-are-just-buzz-terms.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 17:22:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 18:22:08 -0400 Subject: [Infowarrior] - =?windows-1252?q?How_Acceptable_Was_Anonymous_Spe?= =?windows-1252?q?culation_About_Snowden=92s_Laptops=3F?= Message-ID: <569B3F39-8A55-4E99-8883-631920D5DEAA@infowarrior.org> July 11, 2013, 5:19 pm 5 Comments How Acceptable Was Anonymous Speculation About Snowden?s Laptops? By MARGARET SULLIVAN NYT Public Editor http://publiceditor.blogs.nytimes.com/2013/07/11/how-acceptable-was-anonymous-speculation-about-snowdens-laptops/ It?s the story that just won?t quit: The tale of Edward J. Snowden and his leak of classified information about the United States government?s secret surveillance of citizens. Rife with skirmishes and subplots, overflowing with schadenfreude, one-upsmanship and bruised egos, it?s also a matter of extraordinary national and global importance. One of the latest developments is the question of whether Mr. Snowden ? as was suggested in a Times article on June 24 ? may have unwittingly provided classified information to China. The Times article, the essence of which looked at the reasons that China allowed Mr. Snowden to leave Hong Kong, included this sentence about two-thirds of the way down: ?Two Western intelligence experts, who worked for major government spy agencies, said that they believed that the Chinese government had managed to drain the contents of the four laptops that Mr. Snowden said he brought to Hong Kong, and that he said were with him during his stay at a Hong Kong hotel.? Mr. Snowden denied that his laptops were compromised by the Chinese (or the Russians): ?I never gave any information to either government and they never took anything from my laptops,? he said in an interview with Glenn Greenwald, the columnist for The Guardian who broke much of the biggest news over the past month as a chief recipient of Mr. Snowden?s information. In that piece, Mr. Greenwald takes The Times to task for printing that ?incendiary? speculation. ?In lieu of any evidence, The New York Times circulated this obviously significant assertion,? he said, by ?citing two anonymous sources saying they ?believed? this happened.? He continued: ?From there, it predictably spread everywhere as truth.? The New Yorker soon repeated it, citing The Times. ?It was then used to demonize Snowden? in a wide variety of venues, Mr. Greenwald wrote. (The Huffington Posts?s Michael Calderone reported on this topic on Wednesday.) Paul E. King, a Times reader in Fort Worth, said he was disturbed by what he read in Mr. Greenwald?s column, and he raised good questions, wanting to know about The Times?s standards on the use of anonymous sources. He also was concerned about the way such information in The Times can be manipulated for political purposes. (For example, government sources have reason to want to portray Mr. Snowden as a traitor.) I asked The Times?s foreign editor, Joseph Kahn, about how the sourcing was handled and about Mr. Greenwald?s criticism. Mr. Kahn said that it?s important to see this passage in the story for what it is: An exploration of what might have happened, based on experts who did not claim to have direct knowledge. He also noted that, in a front-page article last year, The Times detailed the ways in which the Chinese government is able to penetrate digital devices; such cyber theft is a common enough practice that American government and business officials traveling in China take extraordinary measures to prevent it. The recent article, he noted, said that the sources ?believed, not that they were told.? The Times provided further context and conditionality, he said, in the next sentence: ?If that were the case, they said, China would no longer need or want to have Mr. Snowden remain in Hong Kong.? ?It?s a couple of steps removed from a strong assertion,? he said. Mr. Kahn was not the direct editor on the article and he said that foreign desk editors did not press the reporters to know their sources, nor did he think they needed to do so. That practice arises, he said, when an anonymous source is the basis for an article?s premise or a central assertion. ?I don?t think any of us saw this set of beliefs as being worthy of that high level of scrutiny,? he said. Because of a concurrent discussion of another, related article, Mr. Kahn does know who one of the two sources is and remains confident of that person?s knowledge and reliability. In retrospect, knowing how the passage has been exaggerated and spun, would Mr. Kahn have wanted to see it handled differently? ?It?s Monday morning quarterbacking,? he said, but The Times could have added a sentence that made it clear that the sources did not have direct, specific information of what happened with Mr. Snowden?s laptops. Mr. Greenwald?s argument is worth thinking hard about. Two sentences in the middle of a Times article on such a sensitive subject ? though they may be off the central point ? have the power to sway the discussion or damage a reputation. What The Times writes can quickly, and sometimes harmfully, become pundit fodder. ?The way it gets picked up is hard for us to control,? Mr. Kahn said. ?Obviously, we have to think about it.? He?s right. So is the reader, Mr. King, who wrote: ?I read the Times for the truth. I can read publication of speculation almost anywhere.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 18:16:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 19:16:33 -0400 Subject: [Infowarrior] - 'Underwear bomber' was working for the CIA Message-ID: <16C3ABBC-C1B6-4EDF-9B02-786E691CFEC2@infowarrior.org> 'Underwear bomber' was working for the CIA Bomber involved in plot to attack US-bound jet was working as an informer with Saudi intelligence and the CIA, it has emerged ? Paul Harris and Ed Pilkington in New York ? The Guardian, Tuesday 8 May 2012 http://www.guardian.co.uk/world/2012/may/09/underwear-bomber-working-for-cia 'Underwear bomber' involved in a plot to attack jet was in fact working as an undercover informer with the CIA, it has emerged. Photograph: Yahya Arhab/EPA A would-be "underwear bomber" involved in a plot to attack a US-based jet was in fact working as an undercover informer with Saudi intelligence and the CIA, it has emerged. The revelation is the latest twist in an increasingly bizarre story about the disruption of an apparent attempt by al-Qaida to strike at a high-profile American target using a sophisticated device hidden in the clothing of an attacker. The plot, which the White House said on Monday had involved the seizing of an underwear bomb by authorities in the Middle East sometime in the last 10 days, had caused alarm throughout the US. It has also been linked to a suspected US drone strike in Yemen where two Yemeni members of al-Qaida were killed by a missile attack on their car on Sunday, one of them a senior militant, Fahd Mohammed Ahmed al-Quso. But the news that the individual at the heart of the bomb plot was in fact an informer for US intelligence is likely to raise just as many questions as it answers. Citing US and Yemeni officials, Associated Press reported that the unnamed informant was working under cover for the Saudis and the CIA when he was given the bomb, which was of a new non-metallic type aimed at getting past airport security. The informant then turned the device over to his handlers and has left Yemen, the officials told the news agency. The LA Times, which first broke the news that the plot had been a "sting operation", said that the bomb plan had also provided the intelligence leads that allowed the strike on Quso. Earlier John Brennan, Barack Obama's top counter-terrorism adviser and a former CIA official, told ABC's Good Morning America that authorities are "confident that neither the device nor the intended user of this device pose a threat to us". US officials have said the plot was detected in its early stages and that no American airliner was ever at risk. The FBI is conducting forensic tests on the bomb as a first step towards discovering whether it would have cleared existing airport scanning systems. Dianne Feinstein, the Democratic senator for California who heads the Senate intelligence committee, gave an early hint when she said that she had been briefed about the device which she called "undetectable". But AP quoted an unnamed US official as saying current detection methods probably would have spotted the shape of the explosive in the latest device. Just how major an escalation in threat is posed by the bomb remains unclear. Security sources have told news agencies that it was a step up in levels of sophistication from the original underwear bomb that was used in a failed attempt to blow up an airliner over Detroit on Christmas Day in 2009. The device used a more refined detonation system, and Brennan said "it was a threat from a standpoint of the design". When it comes to who made the device the focus is on an al-Qaida's offshoot, Al-Qaida in the Arabian Peninsula (AQAP). Matthew Levitt, a counter-terrorism expert at the Washington Institute, said that the interception of the plot amounted to a significant achievement for US security agencies. He said: "The FBI is holding the device, which suggests that this was done by having boots on the ground. This was a sophisticated operation that shows we are making in-roads in serious places." Levitt, who was involved as a senior analyst in the FBI's investigation into 9/11, said that it was natural to be sceptical in a presidential election year about security announcements. "But this was not political, it didn't come from the White House and my sense was that it was a really unique success," he said. Levitt said that the spotlight would now be even more intense on Ibrahim Hassan al-Asiri, AQAP's assumed bomb-making chief, who is thought to be hiding out in Yemen. Asiri is believed to have been the creator of the Detroit underwear bomb as well as explosives that were packed into printer cartridges bound for Chicago in 2010. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 11 19:20:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jul 2013 20:20:56 -0400 Subject: [Infowarrior] - Russian guard service reverts to typewriters after NSA leaks Message-ID: Russian guard service reverts to typewriters after NSA leaks Leaks by US whistleblower Edward Snowden have fuelled Russian suspicions over electronic communications ? Miriam Elder ? guardian.co.uk, Thursday 11 July 2013 11.42 EDT http://www.guardian.co.uk/world/2013/jul/11/russia-reverts-paper-nsa-leaks In the wake of the US surveillance scandal revealed by the US whistleblower Edward Snowden, Russia is planning to adopt a foolproof means of avoiding global electronic snooping: by reverting to paper. The Federal Guard Service (FSO), a powerful body tasked with protecting Russia's highest-ranking officials, has recently put in an order for 20 Triumph Adler typewriters, the Izvestiya newspaper reported. Each typewriter creates a unique "handwriting", allowing its source to be traced, the report said. "After the scandal with the spread of secret documents by WikiLeaks, the revelations of Edward Snowden, reports of listening to Dmitry Medvedev during his visit to the G20 summit in London, the practice of creating paper documents will expand," a source inside the FSO was quoted as saying. Documents leaked by Snowden last month said US spies based in the UK intercepted top-secret communications by Medvedev, then president and now prime minister, during his London visit in April 2009. Russian officials were furious about the reports. The revelations by Snowden, currently believed to be in Moscow's Sheremtyevo airport, fed Russian fears over the dangers of the internet and electronic communications. "Many documents are still not created in electronic format," Izvestiya's source said. "This practice continues inside the defence ministry, the emergency situations ministry and the security services." Much of the country's sprawling bureaucracy appears stuck in time, resigned to using telegrams and faxes for most communications. "From the point of view of ensuring security, any form of electronic communication is vulnerable," Nikolai Kovalev, an MP and former head of the Federal Security Service, told Izvestiya. "Any information can be taken from computers. Of course there exists means of protection, but there is no 100% guarantee that they will work. So from the point of view of keeping secrets, the most primitive method is preferred: a human hand with a pen or a typewriter." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 07:41:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 08:41:58 -0400 Subject: [Infowarrior] - Snowden: US preventing me claiming asylum Message-ID: <5A603EB6-7B2A-47FC-A6AC-1308C18429F7@infowarrior.org> Edward Snowden: US officials are preventing me claiming asylum NSA whistleblower calls meeting with Amnesty International and Human Rights Watch at Sheremetyevo airport ? Peter Walker and agencies ? guardian.co.uk, Friday 12 July 2013 04.49 EDT http://www.guardian.co.uk/world/2013/jul/12/edward-snowden-amnesty-international The NSA surveillance whistleblower Edward Snowden has said US officials are waging a campaign to prevent him from taking up asylum offers as he called a meeting in Moscow airport with human rights groups. In a letter sent to groups including Human Rights Watch and Amnesty International, the former intelligence agency contractor claimed there was "an unlawful campaign by officials in the US government to deny my right to seek and enjoy ? asylum under article 14 of the Universal Declaration of Human Rights" and invited them to meet him at 5pm local time. "The scale of threatening behaviour is without precedent: never before in history have states conspired to force to the ground a sovereign president's plane to effect a search for a political refugee," he wrote to the groups. "This dangerous escalation represents a threat not just to the dignity of Latin America or my own personal security, but to the basic right shared by every living person to live free from persecution." Reuters quoted an airport official as saying Snowden would meet the groups on Friday afternoon in the transit area of Sheremetyevo, where he has remained since flying to Russia from Hong Kong on 23 June. The 30-year-old former NSA employee is trying to negotiate asylum elsewhere to avoid facing charges in the US, including espionage, for divulging details about US electronic surveillance programmes. "I can confirm that such a meeting will take place," an airport spokeswoman said. Reuters said Amnesty and Transparency International had been invited to meet Snowden, with the former confirming it would attend. Sergei Nikitin, the head of Amnesty International Russia, said: "Yes, I have received a brief email. It said that he would like to meet with a representative of a human rights organisation ? there was not much information there. I'm planning to go." Tanya Lokshina of Human Rights Watch confirmed she had been invited to the meeting and posted Snowden's letter on Facebook. In the emailed letter ? which Lokshina said she could not independently verify as coming from Snowden ? the former intelligence worker said he had been "extremely fortunate to enjoy and accept many offers of support and asylum from brave countries around the world". He added: "These nations have my gratitude, and I hope to travel to each of them to extend my personal thanks to their people and leaders. By refusing to compromise their principles in the face of intimidation, they have earned the respect of the world. "Unfortunately, in recent weeks we have witnessed an unlawful campaign by officials in the US government to deny my right to seek and enjoy this asylum." The email ends with an invitation for rights groups to meet him at the airport at 5pm (2pm BST). Snowden is still believed to be weighing up his options. Late on Thursday, Venezuela's foreign minister said the country had yet to receive a formal response to its offer of asylum. "We communicated last week. We made an offer and so far we haven't received a reply," Elias Jaua told Reuters during a regional foreign ministers' meeting in Uruguay. Venezuela is one of three countries to offer asylum to Snowden, along with Bolivia and Nicaragua. In a separate email to Reuters, Snowden confirmed that the meeting with human rights groups would go ahead but said it would be closed to the press. He said he planned to speak to the media later. The letter told the groups to bring identification and meet at 4.30pm at Sheremetyevo airport in Terminal F, "in the centre of the arrival hall [where] someone from airport staff will be waiting there to receive you with a sign labelled G9". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 09:46:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 10:46:56 -0400 Subject: [Infowarrior] - Reuters: Big Sis to step down today Message-ID: <396F18F0-EDA3-4148-B0FC-F989D5CC36F4@infowarrior.org> Report: Napolitano to Resign 10:00 AM, Jul 12, 2013 ? By DANIEL HALPER Reuters reports Homeland Security Secretary Janet Napolitano will resign today: http://www.weeklystandard.com/blogs/napolitano-resign_739290.html UPDATE: Here's the statement from Napolitano: ?For more than four years I have had the privilege of serving President Obama and his Administration as the Secretary of Homeland Security. The opportunity to work with the dedicated men and women of the Department of Homeland Security, who serve on the frontlines of our nation?s efforts to protect our communities and families from harm, has been the highlight of my professional career. We have worked together to minimize threats of all kinds to the American public. The Department has improved the safety of travelers; implemented smart steps that make our immigration system more fair and focused while deploying record resources to protect our nation?s borders; worked with states to build resiliency and make our nation?s emergency and disaster response capabilities more robust; and partnered with the private sector to improve our cybersecurity. After four plus years of focusing on these challenges, I will be nominated as the next President of the University of California to play a role in educating our nation?s next generation of leaders. I thank President Obama for the chance to serve our nation during this important chapter in our history, and I know the Department of Homeland Security will continue to perform its important duties with the honor and focus that the American public expects.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 12:06:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 13:06:49 -0400 Subject: [Infowarrior] - DRM-Plus, Or How Eidos Is Treating Anyone With A Jail-Broken iPad Like A Criminal Message-ID: <9A4CE1B5-6239-498D-BD9C-92247F41BEE2@infowarrior.org> DRM-Plus, Or How Eidos Is Treating Anyone With A Jail-Broken iPad Like A Criminal http://www.techdirt.com/articles/20130711/12193523772/drm-plus-how-eidos-is-treating-anyone-with-jail-broken-ipad-like-criminal.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 13:26:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 14:26:26 -0400 Subject: [Infowarrior] - Text of Snowden's Moscow Statement Message-ID: <7B78D632-CCC4-46A3-A36C-9CA0A49BB760@infowarrior.org> Statement by Edward Snowden to human rights groups at Moscow?s Sheremetyevo airport Friday July 12, 15:00 UTC http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/12/full-text-of-snowdens-new-statement-i-had-the-power-to-change-peoples-fates/ Hello. My name is Ed Snowden. A little over one month ago, I had family, a home in paradise, and I lived in great comfort. I also had the capability without any warrant to search for, seize, and read your communications. Anyone?s communications at any time. That is the power to change people?s fates. It is also a serious violation of the law. The 4th and 5th Amendments to the Constitution of my country, Article 12 of the Universal Declaration of Human Rights, and numerous statutes and treaties forbid such systems of massive, pervasive surveillance. While the US Constitution marks these programs as illegal, my government argues that secret court rulings, which the world is not permitted to see, somehow legitimize an illegal affair. These rulings simply corrupt the most basic notion of justice ? that it must be seen to be done. The immoral cannot be made moral through the use of secret law. I believe in the principle declared at Nuremberg in 1945: "Individuals have international duties which transcend the national obligations of obedience. Therefore individual citizens have the duty to violate domestic laws to prevent crimes against peace and humanity from occurring." Accordingly, I did what I believed right and began a campaign to correct this wrongdoing. I did not seek to enrich myself. I did not seek to sell US secrets. I did not partner with any foreign government to guarantee my safety. Instead, I took what I knew to the public, so what affects all of us can be discussed by all of us in the light of day, and I asked the world for justice. That moral decision to tell the public about spying that affects all of us has been costly, but it was the right thing to do and I have no regrets. Since that time, the government and intelligence services of the United States of America have attempted to make an example of me, a warning to all others who might speak out as I have. I have been made stateless and hounded for my act of political expression. The United States Government has placed me on no-fly lists. It demanded Hong Kong return me outside of the framework of its laws, in direct violation of the principle of non-refoulement ? the Law of Nations. It has threatened with sanctions countries who would stand up for my human rights and the UN asylum system. It has even taken the unprecedented step of ordering military allies to ground a Latin American president?s plane in search for a political refugee. These dangerous escalations represent a threat not just to the dignity of Latin America, but to the basic rights shared by every person, every nation, to live free from persecution, and to seek and enjoy asylum. Yet even in the face of this historically disproportionate aggression, countries around the world have offered support and asylum. These nations, including Russia, Venezuela, Bolivia, Nicaragua, and Ecuador have my gratitude and respect for being the first to stand against human rights violations carried out by the powerful rather than the powerless. By refusing to compromise their principles in the face of intimidation, they have earned the respect of the world. It is my intention to travel to each of these countries to extend my personal thanks to their people and leaders. I announce today my formal acceptance of all offers of support or asylum I have been extended and all others that may be offered in the future. With, for example, the grant of asylum provided by Venezuela?s President Maduro, my asylee status is now formal, and no state has a basis by which to limit or interfere with my right to enjoy that asylum. As we have seen, however, some governments in Western European and North American states have demonstrated a willingness to act outside the law, and this behavior persists today. This unlawful threat makes it impossible for me to travel to Latin America and enjoy the asylum granted there in accordance with our shared rights. This willingness by powerful states to act extra-legally represents a threat to all of us, and must not be allowed to succeed. Accordingly, I ask for your assistance in requesting guarantees of safe passage from the relevant nations in securing my travel to Latin America, as well as requesting asylum in Russia until such time as these states accede to law and my legal travel is permitted. I will be submitting my request to Russia today, and hope it will be accepted favorably. If you have any questions, I will answer what I can. Thank you. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 13:37:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 14:37:57 -0400 Subject: [Infowarrior] - Compare: Clapper v. Snowden Message-ID: <4833C208-37D9-496C-A5AB-4E0440B466E6@infowarrior.org> Compare: Clapper 'Unscathed' After Lying About Surveillance; Snowden 'Stateless' & 'Hounded' For Revealing Those Lies http://www.techdirt.com/articles/20130712/10024623779/compare-clapper-unscathed-after-lying-about-surveillance-snowden-stateless-hounded-revealing-those-lies.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 13:39:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 14:39:29 -0400 Subject: [Infowarrior] - Hulu sale is off Message-ID: <2FDE52A6-2676-4821-B434-DF86D9F7763F@infowarrior.org> Owners call off Hulu sale, to inject cash instead 1 hour ago Arts & EntertainmentMediaHuluNBC http://news.yahoo.com/owners-call-off-hulu-sale-inject-cash-instead-172806784.html LOS ANGELES (AP) ? The on-again, off-again sale of Hulu is off again. The parent companies of ABC, NBC and Fox said Friday that they would stay owners of Hulu, while providing a cash infusion of about $750 million to ensure future growth. The owners had accepted formal bids for the online video service last week. The announcement Friday suggests the bids were too low. 21st Century Fox President Chase Carey says this was the "best path forward" for Hulu. Hulu, which carries recent reruns of TV shows from ABC, Fox, NBC and other networks, has more than 4 million paying subscribers, as well as a free service. Last year, the service brought in about $690 million in revenue. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 13:40:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 14:40:58 -0400 Subject: [Infowarrior] - Navy completes 1st unmanned carrier landing Message-ID: (c/o DG. Why am I reminded of that movie 'Stealth' from a few years ago? --rick) Navy completes 1st unmanned carrier landing . ABOARD THE USS GEORGE H.W. BUSH (AP) ? The Navy successfully landed a drone the size of a fighter jet aboard an aircraft carrier for the first time Wednesday, showcasing the military's capability to have a computer program perform one of the most difficult tasks that a pilot is asked to do. The landing of the X-47B experimental aircraft means the Navy can move forward with its plans to develop another unmanned aircraft that will join the fleet alongside traditional airplanes to provide around-the-clock surveillance while also possessing a strike capability. It also would pave the way for the U.S. to launch unmanned aircraft without the need to obtain permission from other countries to use their bases. < - > http://news.yahoo.com/navy-completes-1st-unmanned-carrier-landing-200130982.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 17:40:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 18:40:48 -0400 Subject: [Infowarrior] - Amazon "1 Button" Chrome extension exploit Message-ID: <9A8BE285-09E1-4C83-804D-A6621E77BB35@infowarrior.org> Thursday, July 11, 2013 Jealous of PRISM? Use "Amazon 1 Button" Chrome extension to sniff all HTTPS websites! tldr: Insecure browser addons may leak all your encrypted SSL traffic, exploits included So, Snowden let the cat out of the bag. They're listening - the news are so big, that feds are no longer welcome at DEFCON. But let's all be honest - who doesn't like to snoop into other person's secrets? We all know how to set up rogue AP and use ettercap. Setting up your own wall of sheep is trivial. I think we can safely assume - plaintext traffic is dead easy to sniff and modify. The real deal though is in the encrypted traffic. In browser's world that means all the juicy stuff is sent over HTTPS. Though intercepting HTTPS connections is possible, we can only do it via: ? hacking the CA ? social engineering (install the certificate) ? relying on click-through syndrome for SSL warnings Too hard. Let's try some side channels. Let me show you how you can view all SSL encrypted data, via exploiting Amazon 1Button App installed on your victims' browsers. < - > http://blog.kotowicz.net/2013/07/jealous-of-prism-use-amazon-1-button.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 18:06:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 19:06:41 -0400 Subject: [Infowarrior] - DRM-Plus update: SquareNix reverses course Message-ID: <5891FE9A-86E7-47D7-812E-96D2BA859FD4@infowarrior.org> Square Enix Reverses Course on 'Deus Ex' Anti-Jailbreak Code Friday July 12, 2013 1:14 pm PDT by Jordan Golson http://www.macrumors.com/2013/07/12/square-enix-reverses-course-on-deus-ex-anti-jailbreak-code/ Yesterday it was reported that users who purchased the new game Deus Ex: The Fall were unable to properly play the game on jailbroken devices because of an anti-piracy measure. Users were prevented from firing any guns, a key part of the game. Today, Square Enix has apologized for not properly communicating that the game would not work on jailbroken devices and has announced that it will rectify the issue in a future software update, Eurogamer reports. Publisher Square Enix issued this statement: We have not been clear in our communication earlier this week when we launched Deus Ex: The Fall. We did not state clearly that the game would not support jailbroken devices and so we will be switching this off via an update, so that all the supported iOS devices will be able to play the game in the near future. We feel it's the right thing to do in this situation and apologise for any inconvenience this may have caused. No customer should be out of pocket when we were not clear from the start, so we'll get the game updated as soon as possible so that everyone who wants to play Deus Ex: The Fall can do regardless of whether their device is jailbroken or not. As soon as this update is live we will communicate this via the Eidos Montreal Community channels. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 12 20:39:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jul 2013 21:39:17 -0400 Subject: [Infowarrior] - Guy sues Apple; wants them to protect him from pr0n Message-ID: Some Guy Is Suing Apple Because He Wants Apple to Protect Him from Porn http://gizmodo.com/some-guy-is-suing-apple-because-he-wants-apple-to-prote-762470824 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 13 13:02:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Jul 2013 14:02:59 -0400 Subject: [Infowarrior] - The Differences Between Obama And Bush On NSA Surveillance, According To Virtual Obama Message-ID: <7B4D869B-E27F-4FE8-A9B9-579DFBB80BEA@infowarrior.org> The Differences Between Obama And Bush On NSA Surveillance, According To Virtual Obama from the watch-this dept It feels like it's been a while since I've seen Xtranormal videos, but someone who shall remain nameless has put together a rather hysterical video of President Obama explaining why massive NSA surveillance under his watch is different than when it was done by President George W. Bush. As you may recall, President Obama criticized these programs while he was "Candidate Obama," but has now expanded them massively. This video explains why -- and is likely to make you laugh: < - > http://www.techdirt.com/articles/20130710/13582823759/differences-between-obama-bush-nsa-surveillance-according-to-virtual-obama.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 13 15:34:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Jul 2013 16:34:41 -0400 Subject: [Infowarrior] - Greenwald: Snowden better not be harmed Message-ID: <2FA1C542-CA61-4C36-8EBA-407FF1392133@infowarrior.org> Snowden documents could be 'worst nightmare' for U.S. - journalist http://in.reuters.com/article/2013/07/13/usa-security-snowden-greenwald-idINDEE96C05520130713 BUENOS AIRES | Sat Jul 13, 2013 9:29pm IST (Reuters) - Fugitive former U.S. spy contractor Edward Snowden controls dangerous information that could become the United States' "worst nightmare" if revealed, a journalist familiar with the data said in a newspaper interview. Glenn Greenwald, the Guardian journalist who first published the documents Snowden leaked, said in a newspaper interview published on Saturday that the U.S. government should be careful in its pursuit of the former computer analyst. "Snowden has enough information to cause harm to the U.S. government in a single minute than any other person has ever had," Greenwald said in an interview in Rio de Janeiro with the Argentinian daily La Nacion. "The U.S. government should be on its knees every day begging that nothing happen to Snowden, because if something does happen to him, all the information will be revealed and it could be its worst nightmare." Snowden, who is sought by Washington on espionage charges after revealing details of secret surveillance programs, has been stranded at a Moscow airport since June 23 and is now seeking refuge in Russia until he can secure safe passage to Latin America, where several counties have offered him asylum. Greenwald told Reuters on Tuesday that Snowden would likely accept asylum in Venezuela, one of three Latin American countries that have made that offer. Snowden's leaks on U.S. spying secrets, including eavesdropping on global email traffic, have upset Washington's friends and foes alike. Latin American leaders lashed out at the United States after Greenwald reported in a Brazilian newspaper that the U.S. targeted most of the region with spying programs that monitored Internet traffic. Washington has urged nations not to give Snowden safe passage. Greenwald said in his interview with La Nacion that documents Snowden has tucked away in different parts of the world detail which U.S. spy programs capture transmissions in Latin America and how they work. "One way of intercepting communications is through a telephone company in the United States that has contracts with telecommunications companies in most Latin American countries," Greenwald said, without specifying which company. (Writing by Mitra Taj; Editing by Sandra Maler) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 13 18:02:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Jul 2013 19:02:49 -0400 Subject: [Infowarrior] - Nations Buying as Hackers Sell Computer Flaws Message-ID: Nations Buying as Hackers Sell Computer Flaws Gianni Cipriano for The New York Times http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html By NICOLE PERLROTH and DAVID E. SANGER Published: July 13, 2013 On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs ? not the island?s many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit. Donato Ferrante, a partner in the business. Such ventures are booming worldwide. The hackers, Luigi Auriemma, 32, and Donato Ferrante, 28, sell technical details of such vulnerabilities to countries that want to break into the computer systems of foreign adversaries. The two will not reveal the clients of their company, ReVuln, but big buyers of services like theirs include the National Security Agency ? which seeks the flaws for America?s growing arsenal of cyberweapons ? and American adversaries like the Revolutionary Guards of Iran. All over the world, from South Africa to South Korea, business is booming in what hackers call ?zero days,? the coding flaws in software like Microsoft Windows that can give a buyer unfettered access to a computer and any business, agency or individual dependent on one. Just a few years ago, hackers like Mr. Auriemma and Mr. Ferrante would have sold the knowledge of coding flaws to companies like Microsoft and Apple, which would fix them. Last month, Microsoft sharply increased the amount it was willing to pay for such flaws, raising its top offer to $150,000. But increasingly the businesses are being outbid by countries with the goal of exploiting the flaws in pursuit of the kind of success, albeit temporary, that the United States and Israel achieved three summers ago when they attacked Iran?s nuclear enrichment program with a computer worm that became known as ?Stuxnet.? The flaws get their name from the fact that once discovered, ?zero days? exist for the user of the computer system to fix them before hackers can take advantage of the vulnerability. A ?zero-day exploit? occurs when hackers or governments strike by using the flaw before anyone else knows it exists, like a burglar who finds, after months of probing, that there is a previously undiscovered way to break into a house without sounding an alarm. ?Governments are starting to say, ?In order to best protect my country, I need to find vulnerabilities in other countries,? ? said Howard Schmidt, a former White House cybersecurity coordinator. ?The problem is that we all fundamentally become less secure.? A zero-day bug could be as simple as a hacker?s discovering an online account that asks for a password but does not actually require typing one to get in. Bypassing the system by hitting the ?Enter? key becomes a zero-day exploit. The average attack persists for almost a year ? 312 days ? before it is detected, according to Symantec, the maker of antivirus software. Until then it can be exploited or ?weaponized? by both criminals and governments to spy on, steal from or attack their target. Ten years ago, hackers would hand knowledge of such flaws to Microsoft and Google free, in exchange for a T-shirt or perhaps for an honorable mention on a company?s Web site. Even today, so-called patriotic hackers in China regularly hand over the information to the government. Now, the market for information about computer vulnerabilities has turned into a gold rush. Disclosures by Edward J. Snowden, the former N.S.A. consultant who leaked classified documents, made it clear that the United States is among the buyers of programming flaws. But it is hardly alone. Israel, Britain, Russia, India and Brazil are some of the biggest spenders. North Korea is in the market, as are some Middle Eastern intelligence services. Countries in the Asian Pacific, including Malaysia and Singapore, are buying, too, according to the Center for Strategic and International Studies in Washington. To connect sellers and buyers, dozens of well-connected brokers now market information on the flaws in exchange for a 15 percent cut. Some hackers get a deal collecting royalty fees for every month their flaw is not discovered, according to several people involved in the market. Some individual brokers, like one in Bangkok who goes by ?the Grugq? on Twitter, are well known. But after the Grugq spoke to Forbes last year, his business took a hit from the publicity, according to a person familiar with the impact, primarily because buyers demand confidentiality. A broker?s approach need not be subtle. ?Need code execution exploit urgent,? read the subject line of an e-mail sent from one contractor?s intermediary last year to Billy Rios, a former security engineer at Microsoft and Google who is now a director at Cylance, a security start-up. ?Dear Friend,? the e-mail began. ?Do you have any code execution exploit for Windows 7, Mac, for applications like Browser, Office, Adobe, SWF any.? ?If yes,? the e-mail continued, ?payment is not an issue.? For start-ups eager to displace more established military contractors, selling vulnerabilities ? and expertise about how to use them ? has become a lucrative opportunity. Firms like Vupen in Montpellier, France; Netragard in Acton, Mass.; Exodus Intelligence in Austin, Tex.; and ReVuln, Mr. Auriemma?s and Mr. Ferrante?s Maltese firm, freely advertise that they sell knowledge of the flaws for cyberespionage and in some cases for cyberweapons. Outside Washington, a Virginia start-up named Endgame ? in which a former director of the N.S.A. is playing a major role ? is more elusive about its abilities. But it has developed a number of tools that it sells primarily to the United States government to discover vulnerabilities, which can be used for fighting cyberespionage and for offensive purposes. Like ReVuln, none of the companies will disclose the names of their customers. But Adriel Desautels, the founder of Netragard, said that his clients were ?strictly U.S. based? and that Netragard?s ?exploit acquisition program? had doubled in size in the past three years. The average flaw now sells from around $35,000 to $160,000. Chaouki Bekrar, the founder of Vupen, said his company did not sell to countries that are ?subject to European Union, United States or United Nations restrictions or embargoes.? He also said revenue was doubling every year as demand surged. Vupen charges customers an annual $100,000 subscription fee to shop through its catalog, and then charges per sale. Costs depend on the sophistication of the vulnerability and the pervasiveness of the operating system. ReVuln specializes in finding remote vulnerabilities in industrial control systems that can be used to access ? or disrupt ? water treatment facilities, oil and gas pipelines and power plants. ?They are engaging in willful blindness,? said Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union. Many technology companies have started ?bug bounty? programs in which they pay hackers to tell them about bugs in their systems rather than have the hackers keep the flaws to themselves ? or worse, sell them on the black market. Nearly a decade ago the Mozilla Foundation started one of the first bounty programs to pay for bugs in its Firefox browser. Since then, Google, Facebook and PayPal have all followed suit. In recent months, bounties have soared. In 2010, Google started paying hackers up to $3,133.70 ? the number is hacker code for ?elite? ? for bugs in its Web browser Chrome. Last month, Google increased its cash prize to $20,000 for flaws found in some of its widely used products. Facebook began a similar program in 2011 and has since paid out $1 million. (One payout included $2,500 to a 13-year-old. The most it has paid for a single bug is $20,000.) ?The program undermines the incentive to hold on to a bug that might be worth nothing in a day,? said Joe Sullivan, Facebook?s chief security officer. It had also had the unintended effect of encouraging ethical hackers to turn in others who planned to use its bugs for malicious use. ?We?ve seen people back-stab other hackers by ratting out a bug that another person planned to use maliciously,? he said. Microsoft, which had long resisted such a program, did an about-face last month when it announced that it would pay hackers as much as $150,000 for information about a single flaw, if they also provided a way to defend against it. Apple still has no such program, but its vulnerabilities are some of the most coveted. In one case, a zero-day exploit in Apple?s iOS operating system sold for $500,000, according to two people briefed on the sale. Still, said Mr. Soghoian of the A.C.L.U., ?The bounties pale in comparison to what the government pays.? The military establishment, he said, ?created Frankenstein by feeding the market.? In many ways, the United States government created the market. When the United States and Israel used a series of flaws ? including one in a Windows font program ? to unleash what became known as the Stuxnet worm, a sophisticated cyberweapon used to temporarily cripple Iran?s ability to enrich uranium, it showed the world what was possible. It also became a catalyst for a cyberarms race. When the Stuxnet code leaked out of the Natanz nuclear enrichment plant in Iran in the summer of 2010, the flaws suddenly took on new value. Subsequent discoveries of sophisticated state-sponsored computer viruses named Flame and Duqu that used flaws to spy on computers in Iran have only fueled interest. ?I think it is fair to say that no one anticipated where this was going,? said one person who was involved in the early American and Israeli strategy. ?And today, no one is sure where it is going to end up.? In a prescient paper in 2007, Charlie Miller, a former N.S.A. employee, described the profitable alternatives for hackers who may have otherwise turned their information about flaws over to the vendor free, or sold it for a few thousand dollars to programs like Tipping Point?s Zero Day Initiative, now run by Hewlett-Packard, which used them to enhance their security research. He described how one American government agency offered him $10,000 for a Linux bug. He asked another for $80,000, which agreed ?too quickly,? Mr. Miller wrote. ?I had probably not asked for enough.? Because the bug did not work with a particular flavor of Linux, Mr. Miller eventually sold it for $50,000. But the take-away for him and his fellow hackers was clear: There was serious money to be made selling the flaws. At their conventions, hackers started flashing signs that read, ?No more free bugs.? Hackers like Mr. Auriemma, who once gave away their bugs to software vendors and antivirus makers, now sound like union organizers declaring their rights. ?Providing professional work for free to a vendor is unethical,? Mr. Auriemma said. ?Providing professional work almost for free to security companies that make their business with your research is even more unethical.? Experts say there is limited incentive to regulate a market in which government agencies are some of the biggest participants. ?If you try to limit who you do business with, there?s the possibility you will get shut out,? said Mr. Schmidt, the former White House cybersecurity coordinator. ?If someone comes to you with a bug that could affect millions of devices and says, ?You would be the only one to have this if you pay my fee,? there will always be someone inclined to pay it.? ?Unfortunately,? he said, ?dancing with the devil in cyberspace has been pretty common.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 14 22:04:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Jul 2013 23:04:31 -0400 Subject: [Infowarrior] - Cheat-Sheet On NSA Spying Message-ID: <829B365F-658E-43B4-AC3E-7C8AE8A1786E@infowarrior.org> Cheat-Sheet On NSA Spying http://www.ritholtz.com/blog/2013/07/cheat-sheet-on-nsa-spying/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 15 07:16:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Jul 2013 08:16:05 -0400 Subject: [Infowarrior] - =?windows-1252?q?OT=3A__Mos_Eisley_Cantina_Karaok?= =?windows-1252?q?e=92_feat=2E_Billy_Dee_Williams=2C_Patton_Oswalt_=26_Jas?= =?windows-1252?q?on_Schwartzman!?= Message-ID: <566B632C-651C-4A50-A46D-A48598C2B455@infowarrior.org> Something to start your Monday off on a light note...... Mos Eisley Cantina Karaoke? feat. Billy Dee Williams, Patton Oswalt & Jason Schwartzman! http://www.geeksaresexy.net/2013/07/15/mos-eisley-cantina-karaoke-feat-billy-dee-williams-patton-oswalt-jason-schwartzman-video/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 15 07:16:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Jul 2013 08:16:53 -0400 Subject: [Infowarrior] - Anyone But Larry Summers . . . Message-ID: <9821742C-1E3C-47D9-91A4-888B2D8556EF@infowarrior.org> Anyone But Larry Summers . . . by Barry Ritholtz - July 15th, 2013, 7:25am http://www.ritholtz.com/blog/2013/07/anyone-but-larry-summers/ At a dinner last week, the discussion turned to who will replace Fed Chair Ben Bernanke. The consensus was Janet Yellen was the front runner, Roger Ferguson was the long shot . . . and then Lawrence Summers? name arose. Longtime readers know I have little respect for the former Treasury Secretary and Harvard President. Despite his alleged brilliance, he seems to have the worst judgment of any economist ever in existence. Granted, discussing economists with poor judgement is an embarrassment of riches, bit Summers manages to surpass the crowd in leaps and bounds. He is essentially a smarter version of Alan Greenspan, only lacking Greenspan?s keen judgment and humility (that was sarcasm). Consider Summers brilliant track record: ? He has consistently argued for privatization and deregulation of the financial sector ? He oversaw the repeal of Glass-Steagall via the passage of the Gramm-Leach-Bliley Act ? He approved the (previously illegal) merger between Citibank and Travelers ? He oversaw and indeed encouraged concentration in the financial sector, leading tot he rise of the mega TBTF banks. ? He successfully fought Brooksley Born, then chair of the Commodity Futures Trading Commission, to rein in financial derivatives ? He oversaw passage of the Commodity Futures Modernization Act of 2000, preventing any regulation of derivatives,; This also exempted derivatives from state insurance oversight and antigambling laws. ? Thanks to Summers, derivatives have no minimum reserve requirements, no disclosure obligations, zero transparency, and no exchange listing or reporting requirements. He then compounded his errors by pushing for a small, ineffective stimulus plan. Note we have not even got to his issues with woman, science, his boorish head strong personality, and his other professional failings. Whats next after we put Larry Summers in charge of the Fed? Where else can he fail upwards toward? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 15 07:23:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Jul 2013 08:23:53 -0400 Subject: [Infowarrior] - NSA Leaks Stir Plans in Russia to Control Net Message-ID: <16108CEB-7A53-4889-9880-9C253EBCD61E@infowarrior.org> As Milton Mueller noted last night, "US policy has gone from promoting internet freedom to becoming its worst enemy " ---rick N.S.A. Leaks Stir Plans in Russia to Control Net By ANDREW E. KRAMER Published: July 14, 2013 http://www.nytimes.com/2013/07/15/business/global/nsa-leaks-stir-plans-in-russia-to-control-net.html?ref=global-home&_r=0 MOSCOW ? Edward J. Snowden, the former National Security Agency contractor, fled the United States saying he did not want to live in a surveillance state. But now the Russians are using his very presence here ? on Friday Mr. Snowden said he intended to remain in Russia for some time while seeking asylum elsewhere ? to push for tighter controls over the Internet. Two members of Russia?s Parliament have cited Mr. Snowden?s leaks about N.S.A. spying as arguments to compel global Internet companies like Google and Microsoft to comply more closely with Russian rules on personal data storage. These rules, rights groups say, might help safeguard personal data but also would open a back door for Russian law enforcement into services like Gmail. ?We need to quickly put these huge transnational companies like Google, Microsoft and Facebook under national controls,? Ruslan Gattarov, a member of the upper chamber of the Russian Parliament, or Federation Council, said in an interview. ?This is the lesson Snowden taught us.? In the United States, the documents leaked by Mr. Snowden highlighted the increasingly close ties between the N.S.A. and the biggest high-tech companies. His documents revealed how Microsoft, Facebook, Google and other companies have cooperated with the agency. If anything, requests by law enforcement agencies in Russia, with its long history of people bugging, informing and spying on one another, poses an even more stark quandary for companies like Google and Facebook. American information technology companies operating in Russia routinely face demands from law enforcement to reveal user data, and have less recourse than in the United States to resist in the courts. The Russian reaction may surprise Mr. Snowden most of all. In an interview with The Guardian, he said he unveiled details of N.S.A. surveillance because ?I don?t want to live in a world where there is no privacy and therefore no room for intellectual exploration and creativity.? In a series of leaks to The Guardian, The Washington Post and other newspapers, Mr. Snowden provided documents showing the N.S.A. collected logs of Americans? phone calls and intercepted foreigners? Internet communications, with help from American companies, through a program called Prism. The Russians, who with only minimal success, had for years sought to make these companies provide law enforcement access to data within Russia, reacted angrily. Mr. Gattarov formed an ad hoc committee in response to Mr. Snowden?s leaks. Ostensibly with the goal of safeguarding Russian citizens? private lives and letters from spying, the committee revived a long-simmering Russian initiative to transfer control of Internet technical standards and domain name assignments from two nongovernmental groups that control them today to an arm of the United Nations, the International Telecommunications Union. The committee also recommended that Russia require foreign companies to comply with its law on personal data, which can require using encryption programs that are licensed by the Federal Security Service, the successor agency to the K.G.B. Sergei Zheleznyak, a deputy speaker of the Russian Parliament in President Vladimir V. Putin?s United Russia party, has suggested legislation requiring e-mail and social networking companies retain the data of Russian clients on servers inside Russia, where they would be subject to domestic law enforcement search warrants. The Russian Senate is also proposing the creation of a United Nations agency to monitor collection and use of personal data, akin to the International Atomic Energy Agency, which oversees nuclear materials, to keep tabs on firms like Facebook and Google that harvest personal data. Many independent advocates for Internet freedom have for years, however, characterized the Russian policy proposals as deeply worrying, for their potential to hamper free communication across borders and expose political dissidents inside authoritarian states to persecution. Even before Mr. Snowden arrived in the transit zone of Moscow?s Sheremetyevo Airport, Russia had been pressing for such controls. Its proposals had found some support among other governments that wanted greater access to social networking and e-mail data, but which did not ban such services outright, as China does. In this light, Mr. Snowden?s arrival here and his decision to extend his stay, announced Friday, seemed to have aided their cause.Brazil?s foreign minister, Antonio Patriota, for example, a week ago endorsed the Russian proposal to transfer some control over Internet technical standards to the United Nations telecommunications agency. In Russia, a cottage industry already exists of companies licensed by the F.S.B. to make software applications that replace Microsoft?s built-in encryption on Windows. A Russian law requires this for government employees and several other categories of users. About two million Windows machines have had this change made in Russia, according to CryptoPro, one of the companies that makes the security agency?s licensed encryption key. For Russian-based technology companies, the pressure is even more intense. In an updated version of the K.G.B.?s using steam to open letters in the mail, the security agency ordered Yandex, Russia?s largest search engine, to reveal the identities of people who had made online donations to an opposition leader, Aleksei A. Navalny. Yandex complied; later, these people received harassing phone calls from a Kremlin youth group. Google, in response to Mr. Gattarov?s criticism of the company, said in a statement that its privacy policies were now in compliance with Russian laws but did not comment on the proposal to require the company to shift its servers to Russian territory. Facebook issued a statement saying, ?We think it would be better for people if the result of all of this debate is greater transparency and accountability for governments seeking private data, rather than more government secrecy and access to this personal information.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 15 09:56:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Jul 2013 10:56:44 -0400 Subject: [Infowarrior] - Media Continues to Focus on Snowden Rather Than the Information He's Revealed Message-ID: Media Continues to Focus on Snowden Rather Than the Information He's Revealed https://pressfreedomfoundation.org/blog/2013/07/media-continues-focus-snowden-rather-information-hes-revealed --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 15 16:03:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Jul 2013 17:03:15 -0400 Subject: [Infowarrior] - DHS Memo to Employees on WaPo article Message-ID: (Head. Sand. Stick the former into the latter, please. --rick) DHS warns employees not to read leaked NSA information By Josh Hicks, Updated: July 15, 2013 http://www.washingtonpost.com/blogs/federal-eye/wp/2013/07/15/dhs-warns-employees-not-to-read-leaked-nsa-information/?print=1 The Department of Homeland Security has warned its employees that the government may penalize them for opening a Washington Post article containing a classified slide that shows how the National Security Agency eavesdrops on international communications. An internal memo from DHS headquarters told workers on Friday that viewing the document from an ?unclassified government workstation? could lead to administrative or legal action. ?You may be violating your non-disclosure agreement in which you sign that you will protect classified national security information,? the communication said. The memo said workers who view the article through an unclassified workstation should report the incident as a ?classified data spillage.? The NSA is a Defense Department agency, meaning it does not fall under the jurisdiction of Homeland Security. It was not immediately clear whether all federal agencies released similar warnings to their employees. Below is the full text of the memo: "From: LARSEN, MARK R Sent: Friday, July 12, 2013 9:50 AM Subject: SECURITY ALERT ***Washington Post Article*** Importance: High FYSA?From DHS HQ Per the National Cybersecurity Communications Integration Center: There is a recent article on the Washington Post?s Website that has a clickable link titled ?The NSA Slide you never seen? that must not be opened on an Unclassified government workstation. This link opens up a classified document which will raise the classification level of your Unclassified workstation to the classification of the slide which is reported to be TS/NF. If opened on an Unclassified system, you are obligated to report this to the SSO as a Classified Data Spillage (Opssecurity at hq.dhs.gov >). Again, please exercise good judgment when visiting these webpages and clicking on such links. You may be violating your Non-Disclosure Agreement in which you sign that you will protect Classified National Security Information. You may be subject to any administrative or legal action from the Government." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 15 21:12:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Jul 2013 22:12:18 -0400 Subject: [Infowarrior] - Yahoo wins motion to declassify FISA docs in PRISM case Message-ID: <8D37C38A-9E96-49D2-889E-2855675C3DD6@infowarrior.org> Yahoo wins motion to declassify court documents in PRISM case Ruling will allow the Internet company to publicly reveal it challenged a U.S. government order to participate in the National Security Agency's controversial data collection program. by Steven Musil July 15, 2013 5:34 PM PDT http://news.cnet.com/8301-1023_3-57593871-93/yahoo-wins-motion-to-declassify-court-documents-in-prism-case/ Yahoo has won a motion from a secretive court that allows it to publicly reveal its efforts to avoid becoming part of PRISM, the National Security Agency's controversial data collection program. The U.S. Foreign Intelligence Surveillance Court ruled Monday that the Justice Department must unseal documents from a classified 2008 case that Yahoo has said will demonstrate the Internet company "objected strenuously" to providing the government with customer data. "The Government shall conduct a declassification review of this Court's Memorandum Opinion of [Yahoo's case] and the legal briefs submitted by the parties to this Court," the ruling read. "After such review, the Court anticipates publishing that Memorandum Opinion in a form that redacts any properly classified information." The ruling, first noted by the Daily Dot, gives the Justice Department two weeks to provide estimates on how long it expects the review process to take. A Yahoo spokesperson said the company was "very pleased" with the court's decision. "Once those documents are made public, we believe they will contribute constructively to the ongoing public discussion around online privacy," the representative said in a statement. Because the 2008 case was conducted in a court under the Foreign Intelligence Surveillance Act (FISA), details of the dispute were never made public beyond a heavily redacted court order and Yahoo was not even allowed to reveal that it was involved in the case. Monday's order was made by the same court that Yahoo originally petitioned five years ago to review the government's order over concerns it violated its users' Fourth Amendment rights against unreasonable searches and seizures. The court responded at the time that the company's concerns were "overblown" and that "incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment." Google, Apple, Yahoo, Microsoft, Facebook, and other Internet companies were left reeling after a pair of articles last month alleged that they provided the NSA with "direct access" to their servers through a so-called PRISM program. Subsequent reporting by CNET revealed that this was not the case, and the Washington Post backtracked from its original story on PRISM. Yahoo has previously denied the allegations regarding participation in the program, calling them "categorically false." Legally barred from discussing their participation in the program, Google and Microsoft have petitioned the Foreign Intelligence Surveillance Court to lift a gag order prohibiting them from disclosing more information about government requests they receive for customer data. To date, the companies have released only totals that combine legal requests made under FISA with others related to criminal investigations involving fraud, homicide, and kidnapping, making it impossible to determine how many FISA requests they have received. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 16 07:08:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Jul 2013 08:08:44 -0400 Subject: [Infowarrior] - Regarding DOJ's new 'media spying' policy Message-ID: <2738BAA1-F2B0-4932-8F34-E4110705DC86@infowarrior.org> DOJ's New 'Less Likely To Spy On Press' Rules Only Apply To Whoever DOJ Feels Is Really 'News Media' from the seems-like-a-big-loophole dept http://www.techdirt.com/articles/20130714/00195923791/dojs-new-less-likely-to-spy-press-rules-only-apply-to-whoever-doj-feels-is-really-news-media.shtml We recently mentioned that the DOJ has put out its revamped guidelines in which the organization promises to be a little more careful before spying on journalists and their sources (and friends, colleagues and family...). However, as some are pointing out, the guidelines appear to be pretty careful about defining "the press" to only mean "people who work for big media organizations." Everyone else is fair game. DIOG does include online news in its definition of media (PDF 157). ?News media? includes persons and organizations that gather, report or publish news, whether through traditional means (e.g., newspapers, radio, magazines, news service) or the on-line or wireless equivalent. A ?member of the media? is a person who gathers, reports, or publishes news through the news media. But then it goes on to exclude bloggers from those included in the term ?news media.? The definition does not, however, include a person or entity who posts information or opinion on the Internet in blogs, chat rooms or social networking sites, such as YouTube, Facebook, or MySpace, unless that person or entity falls within the definition of a member of the media or a news organization under the other provisions within this section (e.g., a national news reporter who posts on his/her personal blog). Then it goes onto lay out what I will call the ?WikiLeaks exception.? As the term is used in the DIOG, ?news media? is not intended to include persons and entities that simply make information available. Instead, it is intended to apply to a person or entity that gathers information of potential interest to a segment of the general public, uses editorial skills to turn raw materials into a distinct work, and distributes that work to an audience, as a journalism professional. This kind of issue keeps coming up with the discussions around a "media shield" law, in which politicians keep suggesting that we need an official designation for who is and who is not a journalist. Of course, as we've been saying for years, that's silly and antiquated. You could easily write such a shield law to be about protecting journalism rather than journalists. That's because, these days, almost anyone can do journalism, if the opportunity presents itself. If someone is trying to bring important information to the public, that's a journalism role, and those actions should be protected, no matter who the employer might be. The government's continued insistence that it somehow needs to define who is and who is not a journalist seems like it's not just a mistake from a policy perspective, but also something that (perhaps on purpose) leaves open a giant loophole to spy on lots of people the government probably shouldn't be spying on. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 07:10:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 08:10:55 -0400 Subject: [Infowarrior] - Microsoft: U.S. Constitution is 'suffering' from NSA secrecy Message-ID: <898388F8-B475-4AC1-BCCE-42F6C30C9117@infowarrior.org> Microsoft: U.S. Constitution is 'suffering' from NSA secrecy A strongly worded letter from Microsoft's general counsel to Attorney General Eric Holder says secrecy about National Security Agency surveillance is harming fundamental "constitutional principles." by Declan McCullagh July 16, 2013 12:27 PM PDT http://news.cnet.com/8301-13578_3-57594011-38/microsoft-u.s-constitution-is-suffering-from-nsa-secrecy/ Microsoft General Counsel Brad Smith says Microsoft asked the Justice Department to let it divulge more information to clear its name -- but was rebuffed last week. (Credit: Getty Images) Microsoft on Tuesday asked the Obama administration to allow it to reveal details about how it responds to orders from the U.S. government for user account data. Brad Smith, Microsoft's general counsel, sent a strongly worded letter to Attorney General Eric Holder this afternoon saying there is "no longer a compelling government interest" in preventing companies "from sharing more information" about how they respond. That's especially true, the letter said, when this information is likely to help "allay public concerns" about warrantless surveillance. The letter appears to be a response to a report last Thursday in the Guardian, based on internal National Security Agency documents provided by Edward Snowden, that said the government can intercept Skype calls and encrypted Outlook.com messages. That's a change from 2008, when the then eBay-owned Skype told CNET it "would not be able to comply" with a wiretapping court order. "The Constitution itself is suffering" from ongoing secrecy, Smith said in his letter to Holder, adding that "it will take the personal involvement of you or the President to set things right." Last week, according to Smith, Microsoft requested permission to divulge more information in an effort to clear its name, but the Justice Department "rejected" the request. Microsoft said in a separate blog post by Smith today that: "We do not provide any government with the ability to break the [Outlook.com] encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency." Under U.S. law and similar laws in other countries, companies can be compelled to turn over confidential user data in some circumstances. In the United States, those demands arise through court orders that the FBI and other law enforcement agencies obtain for criminal investigations, as well as through Foreign Intelligence Surveillance Act (FISA) orders issued in a separate process for terrorist and counterespionage investigations. (PRISM is an NSA software utility used to collate data gathered through FISA orders.) Microsoft's blog post also said, referring to Skype calls, that "we will not provide governments with direct or unfettered access to customer data or encryption keys." The company said it responds only to orders for "specific accounts and identifiers" and never provides "blanket or indiscriminate access to Microsoft's customer data" -- a challenge to some claims of direct access to servers. It also said that changes it made to Skype in 2012 to shift to in-house hosting of super nodes, which may have allowed the service to become wiretap-compliant, were done for technical reasons, not to facilitate surveillance. CNET reported last Friday that the U.S. government has threatened Internet companies with installing surveillance devices on their networks if they do not help with surveillance requests. The article disclosed that Microsoft had created a wiretap compliance system to respond to legal orders for surveillance directed at Hotmail accounts -- a process that prevented government surveillance devices from being installed. The government has previously installed surveillance devices on networks owned by Verizon Business and EarthLink. Microsoft has asked the Foreign Intelligence Surveillance Court for permission to disclose "aggregate statistics" regarding the number of FISA orders it receives, including orders feeding into PRISM. That request (PDF) was filed on June 19. The Justice Department has been delaying the proceedings, initially saying it would respond by July 9 and then asking (PDF) for a deadline extension to July 23. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 07:13:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 08:13:20 -0400 Subject: [Infowarrior] - OT: Elizabeth Warren, the antidote to CNBC Message-ID: <62F41B0B-9CAD-4816-AA66-FCA8DC1D7C02@infowarrior.org> (Massachusetts friends, I do admire your senator! --rick) Elizabeth Warren, the antidote to CNBC http://www.cjr.org/the_audit/elizabeth_warren_is_the_antido.php --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 10:08:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 11:08:49 -0400 Subject: [Infowarrior] - License Plate Readers Track You for Profit Message-ID: License Plate Readers Track You for Profit http://www.wired.com/threatlevel/2013/07/license-plate-readers/ ACLU Report http://www.wired.com/images_blogs/threatlevel/2013/07/YouAreBeingTracked.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 10:23:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 11:23:31 -0400 Subject: [Infowarrior] - RFI: Apple Mail help Message-ID: Does anyone have leads or AppleScript, Automator, or other application ideas that allows users to strip certain attachments from incoming mail in Apple Mail on 10.8? I am working with some folks whose company throws in "image001.png" corporate sig file image on each message .... which means it's impossible to quickly see if there's a "real" attachment on the note or just the stupid .sig image w/o opening the message itself. Unfortunately on this particular system it's not something I can do (easily) on the server-side via procmail, so I'm looking for ways of filtering those particular attachments out on the client side within Mail. TIA. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 10:51:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 11:51:05 -0400 Subject: [Infowarrior] - Ruling That Struck Down Military Detention Power Rejected Message-ID: Ruling That Struck Down Military Detention Power Rejected By Chris Dolmetsch - Jul 17, 2013 11:30 AM ET http://www.bloomberg.com/news/2013-07-17/ruling-that-struck-down-military-detention-power-rejected.html A federal judge?s ruling that struck down a controversial U.S. military-detention law as unconstitutional was overturned by an appeals court in New York because the plaintiffs lacked legal standing to challenge it. A group including former New York Times reporter Christopher Hedges sued President Barack Obama and Secretary of Defense Leon Panetta in January, claiming the law may subject them to detention for acts protected by the U.S. Constitution, including writing and advocacy. U.S. District Judge Katherine Forrest in September struck down parts of the law which allow for the U.S. to detain people providing support to al-Qaeda and the Taliban, on the grounds that it violates the First and Fifth amendments. The government appealed, arguing that her injunction blocking enforcement of those provisions, known as Section 1021, posed a threat to national security. The U.S. Court of Appeals in New York today overturned Forrest?s decision in a 60-page ruling and lifted her injunction, saying that Hedges and another plaintiff weren?t eligible to challenge the law because it ?simply says nothing about the government?s authority to detain citizens.? ?And while Section 1021 does have a real bearing on those who are neither citizens nor lawful resident aliens and who are apprehended abroad, the non-citizen plaintiffs also have failed to establish standing because they have not shown a sufficient threat that the government will detain them under Section 1021,? the court said. Military Force Section 1021 of the National Defense Authorization Act of 2012 affirmed the president?s authority to detain people under an earlier law, the Authorization for Use of Military Force, passed in the wake of the Sept. 11, 2001, terrorist attacks. Those who may be held include people who ?substantially supported? al-Qaeda and the Taliban. The case is Hedges v. Obama, 12-cv-00331, U.S. District Court, Southern District of New York (Manhattan). The appeal is 12-3176, U.S. Court of Appeals for the Second Circuit (Manhattan). To contact the reporter on this story: Chris Dolmetsch in New York State Supreme Court at 8969 or cdolmetsch at bloomberg.net To contact the editor responsible for this story: Andrew Dunn at adunn8 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 11:33:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 12:33:57 -0400 Subject: [Infowarrior] - Former Top NSA Lawyer Blames Civil Libertarians For 9/11, Says Hype About NSA May Lead To A Repeat Message-ID: <5142CF00-6B10-4120-AA16-11C9ABE9FBEE@infowarrior.org> (in response to his prepared testimony on the Hill today.... --rick) Former Top NSA Lawyer Blames Civil Libertarians For 9/11, Says Hype About NSA May Lead To A Repeat http://www.techdirt.com/articles/20130717/00560223831/former-top-nsa-lawyer-blames-civil-libertarians-911-says-hype-about-nsa-may-lead-to-repeat.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 14:46:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 15:46:02 -0400 Subject: [Infowarrior] - NSA warned to rein in surveillance as agency reveals even greater scope Message-ID: <488EFA40-2563-42BB-AFDE-76AF4FFD871F@infowarrior.org> NSA warned to rein in surveillance as agency reveals even greater scope NSA officials testify to angry House panel that agency can perform 'three-hop queries' through Americans' data and records ? Spencer Ackerman in Washington ? guardian.co.uk, Wednesday 17 July 2013 15.19 EDT http://www.guardian.co.uk/world/2013/jul/17/nsa-surveillance-house-hearing?CMP=twt_gu The National Security Agency revealed to an angry congressional panel on Wednesday that its analysis of phone records and online behavior goes exponentially beyond what it had previously disclosed. John C Inglis, the deputy director of the surveillance agency, told a member of the House judiciary committee that NSA analysts can perform "a second or third hop query" through its collections of telephone data and internet records in order to find connections to terrorist organizations. "Hops" refers to a technical term indicating connections between people. A three-hop query means that the NSA can look at data not only from a suspected terrorist, but from everyone that suspect communicated with, and then from everyone those people communicated with, and then from everyone all of those people communicated with. Inglis did not elaborate, nor did the members of the House panel ? many of whom expressed concern and even anger at the NSA ? explore the legal and privacy implications of the breadth of "three-hop" analysis. But Inglis and other intelligence and law enforcement officials testifying before the committee said that the NSA's ability to query the data follows rules set by the secret Fisa court, although about two dozen NSA officials determine for themselves when those criteria are satisified. A document published last month by the Guardian detailing the history of the NSA's post-9/11 bulk surveillance on telephone and internet data refer to one- or two-hop analysis performed by NSA. The document, provided by ex-NSA contractor Edward Snowden, does not explicitly mention three-hop analysis, nor does it clearly suggest that such analysis occurs. Wednesday's hearing was the second major public congressional hearing about the NSA's surveillance activities since the Guardian and the Washington Post disclosed some of them in early June. Unlike the previous hearing on June 18 before the House intelligence committee, members of the House judiciary committee aggressively questioned senior officials from the NSA, FBI, Justice Department and Office of the Director of National Intelligence. One senior member of the panel, congressman James Sensenbrenner, the author of the 2001 Patriot Act, warned the officials that unless they rein in the scope of their surveillance on Americans' phone records, "There are not the votes in the House of Representatives" to renew the provision after its 2015 expiration. "You're going to lose it entirely," Sensenbrenner said. Inglis and deputy attorney general James Cole repeatedly argued that the NSA's surveillance was limited because it only searches through its databases of phone records when it has a "reasonable, articulable suspicion" of a connection to terrorism. But several members of the committee, of both parties, said they were concerned not merely about the analysis of the phone records but about NSA's collection of millions of Americans' phone data in the first place, without an individual suspicion of connections to terrorism. "The statute says 'collection'," congressman Jerrold Nadler told Cole. "You're trying to confuse us by talking use." Congressman Ted Poe, a judge, said: "I hope as we move forward as a Congress we rein in the idea that it's OK to bruise the spirit of the constitution in the name of national security." Inglis, Cole and Robert Litt, the senior legal counsel for the Office of the Director of National Intelligence, also argued that the surveillance activities were restricted by the oversight of Congress and the Fisa court. Legislators challenged both contentions. Congressman Spencer Bachus said he "was not aware at all" of the extent of the surveillance, since the NSA programs were briefed only to the intelligence committees of the House and Senate. Congresswoman Zoe Lofgren revealed that an annual report provided to Congress by the government about the phone-records collection, something cited by intelligence officials as an example of their disclosures to Congress, is "less than a single page and not more than eight sentences". Congressman Hakeem Jeffries, challenged Litt's contention that the Fisa court was "not a rubber stamp" by way of a baseball analogy. Jeffries noted that some of the greatest hitters in baseball history ? the Cardinals' Stan Musial, the Red Sox's Ted Williams, the Tigers' Ty Cobb and the Yankees' Babe Ruth ? did not hit more than four balls safely per 10 times at bat, for career batting averages ranging from Musial's .331 to Cobb's .366. He then noted that the Fisa court approves over 99% of government requests for surveillance ? which would give the government a lifetime batting average of .999 ? saying: "But you've taken the position that the Fisa court is an independent check." Litt, continuing the analogy, said that when the government submits a surveillance request or "throws a pitch", the Fisa court "says 'throw a little bit higher, a little more inside'" rather than ruling it out of the strike zone. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 20:29:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 21:29:14 -0400 Subject: [Infowarrior] - Fox News Warns Al-Qaeda Could 'Hack Your Car & Crash It' Message-ID: (Here we are, back to the Cheney 1% solution -- if something has a 1% chance of happening we need to act like it's got a 100% it will happen. *facepalm* --rick) Fox News Warns Al-Qaeda Could 'Hack Your Car & Crash It' http://videocafe.crooksandliars.com/david/fox-news-warns-al-qaeda-could-hack-your-car- Fox News on Tuesday advised viewers to revert to vehicles from the 1960s or even a "horse and buggy" because Al-Qaeda terrorists could take over the computer in their car and make it crash. In a segment titled "Al Qaeda Behind the Wheel: How Terrorists Could Crash Your Car," cyberterrorism analyst Morgan Wright said that it was a "fact" that "you can take control of a car" through systems like General Motor's OnStar. "My concern is when they not only just hack the car, they hack the systems that control these cars or have access to them," Wright noted. "A lot of people say that's farfetched, but one of my examples, you know, on Sept. 10th, 2001, we thought it was farfetched to fly four airplanes into a building, never thought it could happen. So, never say never." < - > Lee then wondered how concerned -- on a scale of one to ten -- should people be about terrorists hacking cars. "Right now, I'd say on a scale of one to ten, it's a one and a half," Wright admitted. "There's only one car out there right now, the Infinity Q50 that has a true steering-by-wire system that you could actually -- if you could access to it -- could actually control the vehicle." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 17 20:39:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jul 2013 21:39:27 -0400 Subject: [Infowarrior] - =?windows-1252?q?New_=91injection_secrecy=92_law_?= =?windows-1252?q?threatens_First_Amendment_rights_in_Georgia?= Message-ID: <743CBD41-A1E9-4A1C-8367-42090372D238@infowarrior.org> 02:55 PM - July 17, 2013 New ?injection secrecy? law threatens First Amendment rights in Georgia It deems information about lethal injections state secrets By Andrew Cohen http://www.cjr.org/behind_the_news/georgia_lethal_injections_shie.php The pending execution of a cognitively disabled man in Georgia has brought to national light a new law there that has profound first amendment implications for journalists covering death penalty cases. The so-called ?Lethal Injection Secrecy Act,? passed in March, makes the identities of those companies and individuals who make and supply lethal injection drugs a ?state secret? that may be shielded from disclosure to the public, the media, or even the judiciary. As a result of the measure, information about the purity and potency of the drugs that are to be used to carry out executions in the state are beyond the public?s reach. So are the identities of the doctors hired by the state to oversee executions. The shield law was enacted at the request of the state?s Department of Corrections after Georgia officials were roundly criticized in 2011 and 2012 for seeking lethal injection drugs from unlicensed sources as they scrambled to replace diminishing supplies. In 2011, for example, the Drug Enforcement Administration seized Georgia?s supply of ?lethal injection? drugs because of federal concerns about how those drugs were obtained by state officials. The measure also directly benefits the dwindling number of pharmaceutical companies that produce and distribute the lethal drugs and that have been the subject of protests and boycotts for their role in the increasingly controversial practice of lethal injections. The Injection Secrecy Act came into effect on July 1 and was immediately invoked by state officials in the case of Warren Hill, a convicted murderer who claims he cannot be executed because he is ?mentally retarded? (a legal term of art) and thus falls within the protections of Atkins v. Virginia. In that 2002 United States Supreme Court decision, the justices, by a vote of 6-3, declared that executing the mentally disabled violates the Eighth Amendment?s prohibition against ?cruel and unusual? punishment. Georgia officials waited until the Injection Secrecy law was in effect, then scheduled Hill?s execution for July 15, relying on the new law to shield from Hill?s attorneys material information about the drugs to be used in Hill?s execution. Last week, after Hill?s execution had been set for this past Monday, state officials revealed to his lawyers that they ?had entered into agreements with an unknown compounding pharmacy and an unknown prescriber of drugs in order to procure pentobarbital,? a lethal drug to be used in Hill?s execution. But state officials, citing the new law, refused to provide any information about the identities or professional qualifications of the supplier or prescriber (or any information about the drug itself). So, on Monday, the day Hill was supposed to be given the lethal dose, his attorneys went to court in Fulton County, GA, seeking to enjoin the execution on the grounds that the Injection Secrecy law violates the Eighth Amendment and separation-of-powers principles. ?Without any information regarding the origin or makers of the drug the Department of Corrections is planning to use to execute him,? the lawyers said, ?Mr. Hill is left with no means for determining whether the drugs for his lethal injection are safe and will reliably perform their function, or if they are tainted, counterfeited, expired, or compromised in some other way.? The trial judge delayed the execution, at least until Thursday, when she will continue to hear argument over the new state law. Nothing the State (or a state) does more profoundly impacts the public interest than when it seeks to take a life. Nowhere is the media?s interest in transparency and accountability more important than in capital cases. Hill?s lawyers did not challenge the law on First Amendment grounds. But it won?t be long before such a challenge is made to a law that so tangibly impairs the freedom of the press to report on matters of life and death. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 18 07:34:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Jul 2013 08:34:33 -0400 Subject: [Infowarrior] - TSA searches valet parked cars at airport Message-ID: <142DDAA1-674E-4D6E-8CE9-77EF5C8AF8A2@infowarrior.org> TSA searches valet parked car Posted at: 07/17/2013 6:46 PM | Updated at: 07/18/2013 7:25 AM By: Berkeley Brean | WHEC.com http://www.whec.com/news/stories/S3101080.shtml?cat=566 Rochester, N.Y. -- She says she had no warning that someone was going to search her car after she left to catch her flight. So the woman contacted News10NBC. We found out it happened to her because she valet parked her car. Those are the only cars that get inspected. So if security feels it is necessary to search some cars in the name of safety, why not search all of them? Laurie Iacuzza walked to her waiting car at the Greater Rochester International Airport after returning from a trip and that's when she found it -- a notice saying her car was inspected after she left for her flight. She said, ?I was furious. They never mentioned it to me when I booked the valet or when I picked up the car or when I dropped it off.? Iacuzza's car was inspected by valet attendants on orders from the TSA. But why only valet parked cars? That's what News10NBC wanted to ask the TSA director about. We reached him by phone. Berkeley Brean asked, ?Are the cars in the short term lots and long term lots getting searched as well?? John McCaffery, TSA, said, ?No, those vehicles that are in the garage, short term long term parking, even if they carry pretty large amounts of explosives, they would not cause damage to the front of the airport. But for those who use the valet, the car could be there for a half hour or an hour so there is a vulnerability.? News10NBC went to the valet parking and one of the attendants showed us the notice they put in the cars. We asked, ?You're required, they tell you, you have to search the car?? Valet Parking Attendant Frank Dettorre said, ?I have to do it.? We also noticed a large sign that alerts customers that their vehicle will be inspected. The sign is on the kiosk window. Iacuzza says it was not there when she dropped off her car. ?I think the public should be aware of the fact that if their car is going to be searched, they should be informed of it.? Iacuzza said she doesn't mind the security measure. She just wants to be told if her car is getting searched. News10NBC asked the owner of the company that runs the valet parking when they put up the sign but he wouldn't answer. TSA says this is part of its overall security plan and that it's a proactive move. The attendants said they've only been doing it for about a month. Have a story you want our news team to investigate? Call us at 585-232-1010, click here to send us an e-mail or leave us a Facebook post or tweet. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 18 19:21:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Jul 2013 20:21:04 -0400 Subject: [Infowarrior] - Military to Deploy Units Devoted to Cyber Operations Message-ID: <185325EC-BA14-42F2-9D53-768A767A263B@infowarrior.org> Military to Deploy Units Devoted to Cyber Operations By DAVID E. SANGER Published: July 18, 2013 http://www.nytimes.com/2013/07/19/us/military-to-deploy-units-devoted-to-cyber-operations.html ASPEN, Colo. ? The Defense Department?s second-ranking official said on Thursday that the military is about to deploy roughly 4,000 people in the Pentagon?s first units devoted to conducting cyberoffense and defense operations, a new mission that formalizes America?s use of a class of weapons that the Obama administration has rarely discussed in public. ?I wanted to start this fast,? the official, Ashton B. Carter, the deputy secretary of defense, said at the opening of the Aspen Security Forum, an annual meeting on domestic security. Even at a time of budget cutbacks, he said, ?We?re spending everything we think we can spend wisely? on developing the skills to conduct and defend against cyberattacks from abroad. The New York Times is a media sponsor of the forum. In a wide-ranging interview, Mr. Carter also said that after examining how Edward J. Snowden, a former contractor for the National Security Agency, downloaded top-secret material about American surveillance programs, the Defense Department had already ordered new protections against what he called ?the insider threat.? First among the new procedures is a ?two-man rule,? based on the model of how nuclear weapons are handled, which requires two computer systems administrators to be working simultaneously when they are inside systems that contain highly classified material. No individual, he said, would be able to download the material without the other one signing off, much as two technicians must sign off on work on warheads. ?This was a failure to defend our own networks," Mr. Carter said of the Snowden case. ?It was not an outsider hacking in, but an insider.? The lesson, he said, was that even systems administrators, who have wide-ranging access, must not be able to operate ?all by themselves.? Mr. Carter, a physicist and former Harvard professor who has worked at the Pentagon since the beginning of the Obama administration, blamed the problem largely on decisions made after the investigations into the intelligence failures surrounding the Sept. 11, 2001, terrorist attacks. Those attacks were blamed in large part on the reluctance of intelligence agencies and the Federal Bureau of Investigation to share information. Now, he said, the sharing had gone too far, because the United States puts ?enormous amounts of information? in one place, a practice that may be accelerated as agencies put more data into cloud systems. That enabled Mr. Snowden, working largely from an N.S.A. outpost in Hawaii, to download everything from details of the PRISM surveillance system to the text of a secret order from the Foreign Intelligence Surveillance Court, whose rulings are supposed to remain classified. The question of whether intelligence-sharing had gone too far ? away from traditional compartmentalization ? was debated in 2010 after the revelations by WikiLeaks, based on huge databases that were downloaded by Pfc. Bradley Manning. At the time, the Defense Department promised changes, including putting in alarm systems that would be activated when large amounts of data were downloaded by an individual. Mr. Carter strongly suggested that those changes, which also included Pentagon videos and 250,000 State Department cables, were insufficient. But his call to recompartmentalize is bound to raise questions about whether the government is restoring a system that, ultimately, was blamed for many of the failures to ?connect the dots? before the Sept. 11 attacks, when the FBI and the intelligence agencies were barely sharing critical information. The description of the Pentagon?s new cyberteams ? which will be under the command of Gen. Keith B. Alexander of the Army, who directs the N.S.A. as well as the United States Cyber Command ? was the most detailed yet of one of the military?s most closely held projects. The administration recently conceded that it was developing cyberweapons. The best-known example is the covert effort called ?Olympic Games,? which the Bush administration used against Iran?s nuclear program. The Obama administration accelerated the program, but suffered a major setback when a computer worm, later named Stuxnet, escaped from the Natanz nuclear enrichment plant in Iran and replicated itself on the Web, where the Iranians and others could download the code that was developed by the N.S.A. and Israel?s Unit 8200, the equivalent of the N.S.A. Future operations run by Cyber Command, Mr. Carter suggested, would be focused on the teams. ?The teams are new, and they are in addition to the N.S.A. work force,? he said. While they may ultimately be modeled on Special Operations, which provide fighting expertise to supplement traditional forces, for now the cyberforce will be drawn from members of the military services. The cyberforces are inexpensive, Mr. Carter argued. But their very existence, which General Alexander alluded to in Congressional testimony this year, is bound to be cited by other nations that are justifying the creation of their own cyberunits. The People?s Liberation Army in China has a major effort under way; its Unit 61398 has been accused of stealing corporate secrets and intellectual property from American companies, as well as planning for potential attacks on American infrastructure. Iran has created its own cybercorps, which has been blamed for attacks on Saudi Aramco, a major oil producer, and American banks. Twenty-seven of the 40 new teams will focus on cyberdefenses, General Alexander has said. Thirteen will be directed toward the creation of new cyberweapons. Included among the documents that Mr. Snowden made public was a presidential directive, signed by Mr. Obama last fall, providing guidelines for conducting both defensive and offensive operations. It reserves to the president the decision about whether to conduct cyberattacks. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 05:56:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 06:56:36 -0400 Subject: [Infowarrior] - Yahoo removes Adult Tumblr blogs Message-ID: <2B70406B-6524-421E-BFD0-1986E1126A48@infowarrior.org> (Article also says links are removed from major search engines, too. Is Yahoo being acquired by Disney sometime soon? --rick) Adult Tumblr blogs now removed from every form of search possible Summary: Rather than leave adult content alone Yahoo's Tumblr has eliminated its Erotica category, disabled search engine indexing for adult blogs, and removed adult Tumblrs from all internal search. Users are furious. By Violet Blue for Pulp Tech | July 19, 2013 -- 08:10 GMT (01:10 PDT) < - > http://www.zdnet.com/adult-tumblr-blogs-now-removed-from-every-form-of-search-possible-7000018295/ From rforno at infowarrior.org Fri Jul 19 06:04:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 07:04:01 -0400 Subject: [Infowarrior] - MIT blocking release of Aaron Swartz's Secret Service files Message-ID: <8B99EDF7-13D2-43C6-9D2F-50F3C302AA19@infowarrior.org> MIT blocking release of Aaron Swartz's Secret Service files Cory Doctorow at 8:31 pm Thu, Jul 18, 2013 My friend Aaron Swartz's suicide, just over six months ago, brought attention to MIT's role in his prosecution over downloading scholarly articles from their network. JSTOR, the service that hosted the files Aaron was accused of downloading, dropped its case against him, and it was widely reported that the only reason the Justice Department was able to go ahead with its threats of decades of time in prison for Aaron was MIT's insistence on pressing the case against him. MIT's administration was so shaken by the negative publicity following Aaron's death that they commissioned professor Hal Abelson (a good guy, in my experience) to investigate the university's role in his prosecution. Now, though, MIT has blocked a Freedom of Information Act suit by Wired's Kevin Poulsen aimed at forcing the Secret Service to release their files on Aaron. A court recently ordered the Secret Service to stop screwing around and release Aaron's file, but before that could happen, MIT intervened, arguing that if the world could see the files, they would know the names of the MIT employees who insisted that Aaron deserved to go to jail for what amounted to checking too many books out of the library. MIT argues that its employees would potentially face retaliation (though not, presumably, threats of felony prosecutions, million-dollar fines, and decades in prison) if their names were known. < - > http://boingboing.net/2013/07/18/mit-blocking-release-of-aaron.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 06:05:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 07:05:01 -0400 Subject: [Infowarrior] - Huawei tells Hayden: 'put up or shut up' Message-ID: <0E82BD47-F40F-473E-807F-FF616AEE7630@infowarrior.org> Huawei tells ex-CIA director, UK government to 'put up or shut up' about spying claims By Steve Dent posted Jul 19th, 2013 at 6:28 AM 8 Though Huawei seems to spend just about as much time denying spying claims as it does building handsets and telecom equipment, it's just taken that rhetoric up a notch. The company's vice president, William Plummer, just demanded the US and UK "shut up" about such allegations unless they can prove them. That's in response to a recent statement from former CIA head Michael Hayden, who accused the company of sharing "extensive knowledge of the foreign telecommunications systems" it worked on with the Chinese government. UK watchdogs also piled on, saying they would conduct a review of Huawei's new Cyber Security Evaluation Center over a lack of information about its links to the Chinese government. The beleaguered outfit responded that "these tired, unsubstantiated, defamatory remarks are sad distractions from real-world concerns related to espionage, industrial and otherwise." Those remarks show that Huawei's hit a whole new level of frustration, but given recent White House accusations against China, it's not likely to get any better. http://www.engadget.com/2013/07/19/huawei-tells-ex-cia-director-uk-government-to-shut-up/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 06:10:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 07:10:30 -0400 Subject: [Infowarrior] - Why Doesn't Skype Protect You Against Eavesdropping? Message-ID: <0D30F08E-F368-4EE0-833A-A1ED97C5EF75@infowarrior.org> Why Doesn't Skype Protect You Against Eavesdropping? http://gizmodo.com/why-doesnt-skype-protect-you-against-eavesdropping-835286370 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 06:36:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 07:36:56 -0400 Subject: [Infowarrior] - NSA Puts Limits on Systems Staff in Wake of Snowden Leaks Message-ID: (Harmon's comment @ the end is spot-on but wrong: Yes, Snowden isn't involved in 'making policy' but he was involved with technologies whose capabilities certainly DID 'formulate [surveillance] policy' so to speak. --rick) NSA Puts Limits on Systems Staff in Wake of Snowden Leaks By Terry Atlas - Jul 19, 2013 http://www.bloomberg.com/news/print/2013-07-19/nsa-puts-limits-on-systems-staff-in-wake-of-snowden-leaks.html The U.S. National Security Agency is imposing new restrictions on systems administrators and other personnel following ?irreversible damage? caused by fugitive former contractor Edward Snowden, the NSA director said. Without providing details, Army General Keith Alexander said he has seen signs that Snowden?s exposure of classified surveillance programs hurt U.S. intelligence efforts and made it harder for the government to thwart terrorist plots. Morale at the NSA, a Defense Department agency responsible for communications intelligence, has also been undermined by Snowden?s disclosures and the public controversy that followed, Alexander said. He praised the agency?s workforce and cited 20 NSA code-breakers who died in Afghanistan and Iraq. ?These are the heroes, not this leaker,? he said at the Aspen Security Forum in Aspen, Colorado. Alexander?s comments yesterday marked his latest effort to defend U.S. surveillance activities after Snowden?s leaks exposed top-secret NSA collection of telephone and Internet data. The revelations last month sparked an international controversy and stirred calls among members of Congress and privacy-rights advocates for the programs to be curtailed. During an earlier panel discussion at the forum, Anthony Romero, executive director of the American Civil Liberties Union, credited Snowden for igniting a much-needed public discussion about the reach of U.S. surveillance. ?He did this country a service by starting a debate that was anemic, that was left to government officials when people did not understand fully what was happening,? Romero said. ?Regardless of where you come out on it, we have now a vigorous public debate.? Plots Disrupted Alexander said it was unfortunate that much of the initial information that emerged on the once-secret programs was wrong or incomplete. He reiterated that the activities were authorized by U.S. law and subject to judicial and congressional oversight, points that he said weren?t made clear to the public. The NSA director said the programs exposed by Snowden played a role in breaking up terrorist plots and identifying people connected to terrorist groups without any major compromise in Americans? privacy rights. Last month, Alexander told U.S. lawmakers that the surveillance activities disrupted more than 50 terrorist conspiracies worldwide. Earlier at the conference, the director of the U.S. National Counterterrorism Center, Matthew Olsen, said the Snowden leaks have benefited terrorist organizers. ?We have seen, in response to the Snowden leaks, al-Qaeda and affiliated groups seeking to change their tactics, looking to see what they can learn from what is in the press and seek to change how they communicate to avoid detection,? Olsen said. ?Taking Action? Alexander said the NSA has determined which files Snowden took and said they amounted to a lot of information, though he wouldn?t say how much. ?We?re taking action to fix this? so it can?t happen again, said Alexander, who was interviewed on stage at the forum by Pete Williams of NBC News. The new security measures include restricting the use of removable media, such as thumb drives, by systems administrators to move data among network servers, Alexander said. U.S. officials have said that Snowden used a thumb drive to copy the documents he took. Alexander outlined other steps, including requiring two people to execute some activities, such as gaining access to server rooms, and speeding programs to encrypt files to make them readable only to authorized users. Phone Companies Alexander said the NSA and Congress are also weighing proposals to shift responsibility for maintaining so-called metadata on phone calls to telecommunications companies from the NSA under a court-mandated process that would ensure ther government has access when necessary. That might be done in response to public concerns about the government keeping the data itself, he said. The NSA set up that database to save information such as telephone numbers and duration of conversations -- not content of calls -- after the companies in 2009 rejected a government request that they do it, according to former Director of National Intelligence Dennis Blair. Alexander said President Barack Obama?s administration is also considering a request from a coalition of companies, privacy advocates and trade groups to let Internet and phone carriers publish the number and types of U.S. data requests they receive. He said the response depends on whether that can be done without risking damage to investigations. The 63 organizations that made the request in a letter yesterday included Google Inc. (GOOG), Facebook Inc. and Apple Inc. (AAPL); the Center for Democracy and Technology, a non-profit privacy advocate; and trade groups the Computer and Communications Industry Association and the Internet Association. Espionage Charges Amid the U.S. debate over surveillance, Snowden remains holed up in a Moscow airport as he pursues requests for asylum. The 30-year-old former employee of McLean, Virginia-based government contractor Booz Allen Hamilton Holding Corp. (BAH) faces federal charges including espionage. The U.S. is pressing Russia to expel Snowden and has revoked his passport. He applied for temporary asylum this week at Moscow?s Sheremetyevo Airport and has been confined to the transit area there since arriving from Hong Kong on June 23. While Venezuela, Nicaragua and Bolivia have indicated they?d be willing to take him in, Russian President Vladimir Putin has accused the U.S. of stranding Snowden in Moscow by pressuring other countries to prevent his travel through their airspace and to deny him refuge. The standoff has cast a shadow on preparations for a summit in early September between Putin and Obama. ?Bad Message? Romero said the ACLU hasn?t decided whether it would be willing to aid in Snowden?s legal defense if he were to return for to the U.S. for trial. He criticized White House spokesman Jay Carney for saying that Snowden isn?t a human-rights activist or whistle-blower. ?Well, who made him king of the human-rights community?? Romero said of Carney. Another panelist, Jeh Charles Johnson, a former Defense Department general counsel, said, ?It is a bad message to send to people who decide to take the law into their own hands that they are doing a public service.? Former U.S. Representative Jane Harman said Snowden shouldn?t be viewed in the same category as national-security whistle-blowers such as Daniel Ellsberg, who made public the Pentagon papers about the Vietnam War. ?This is completely different from Ellsberg,? said Harman, a California Democrat who headed the House intelligence committee. ?This is a kid who had nothing to do with formulating the policy; for my lights is totally self-centered and narcissistic.? To contact the reporter on this story: Terry Atlas in Washington at tatlas at bloomberg.net To contact the editor responsible for this story: John Walcott at jwalcott9 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 16:41:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 17:41:00 -0400 Subject: [Infowarrior] - U.S. court renews FISA authority to collect phone, online data Message-ID: <49250BB1-5607-48EE-90EE-09B61831D8A1@infowarrior.org> Does this statement count as 'transparency'?? ---rick U.S. court renews FISA authority to collect phone, online data Published: July 19, 2013 at 5:19 PM http://www.upi.com/Top_News/US/2013/07/19/US-court-renews-FISA-authority-to-collect-phone-online-data/UPI-62491374268799/?spt=hs&or=tn WASHINGTON, July 19 (UPI) -- A U.S. court reauthorized collection of telephone and online data by the federal government, the office of Director or National Intelligence said Friday. The National Security Agency has been collecting the data under a provision of the Foreign Intelligence Surveillance Act that expired Friday. "On June 6, 2013, the Director of National Intelligence declassified certain information about this telephony metadata collection program in order to provide the public with a more thorough and balanced understanding of the program," DNI James Clapper's office said in a statement Friday. "Consistent with his prior declassification decision and in light of the significant and continuing public interest in the telephony metadata collection program, the DNI has decided to declassify and disclose publicly that the government filed an application with the Foreign Intelligence Surveillance Court seeking renewal of the authority to collect telephony metadata in bulk, and that the court renewed that authority." The statement said the Obama administration is "undertaking a careful and thorough review of whether and to what extent additional information or documents pertaining to this program may be declassified, consistent with the protection of national security." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 16:45:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 17:45:15 -0400 Subject: [Infowarrior] - Telcos Refused To Sign On To 'Let Us Be Transparent About Surveillance' Letter Message-ID: Telcos Refused To Sign On To 'Let Us Be Transparent About Surveillance' Letter http://www.techdirt.com/articles/20130718/11524723851/telcos-refused-to-sign-to-let-us-be-transparent-about-surveillance-letter.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 16:53:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 17:53:24 -0400 Subject: [Infowarrior] - Counterterrorism Mission Creep Message-ID: Counterterrorism Mission Creep http://www.schneier.com/blog/archives/2013/07/counterterroris_1.html One of the assurances I keep hearing about the U.S. government's spying on American citizens is that it's only used in cases of terrorism. Terrorism is, of course, an extraordinary crime, and its horrific nature is supposed to justify permitting all sorts of excesses to prevent it. But there's a problem with this line of reasoning: mission creep. The definitions of "terrorism" and "weapon of mass destruction" are broadening, and these extraordinary powers are being used, and will continue to be used, for crimes other than terrorism. Back in 2002, the Patriot Act greatly broadened the definition of terrorism to include all sorts of "normal" violent acts as well as non-violent protests. The term "terrorist" is surprisingly broad; since the terrorist attacks of 9/11, it has been applied to people you wouldn't normally consider terrorists. The most egregious example of this are the three anti-nuclear pacifists, including an 82-year-old nun, who cut through a chain-link fence at the Oak Ridge nuclear-weapons-production facility in 2012. While they were originally arrested on a misdemeanor trespassing charge, the government kept increasing their charges as the facility's security lapses became more embarrassing. Now the protestors have been convicted of violent crimes of terrorism -- and remain in jail. Meanwhile, a Tennessee government official claimed that complaining about water quality could be considered an act of terrorism. To the government's credit, he was subsequently demoted for those remarks. The notion of making a terrorist threat is older than the current spate of anti-terrorism craziness. It basically means threatening people in order to terrorize them, and can include things like pointing a fake gun at someone, threatening to set off a bomb, and so on. A Texas high-school student recently spent five months in jail for writing the following on Facebook: "I think I'ma shoot up a kindergarten. And watch the blood of the innocent rain down. And eat the beating heart of one of them." Last year, two Irish tourists were denied entry at the Los Angeles Airport because of some misunderstood tweets. Another term that's expanded in meaning is "weapon of mass destruction." The law is surprisingly broad, and includes anything that explodes, leading political scientist and terrorism-fear skeptic John Mueller to comment: "As I understand it, not only is a grenade a weapon of mass destruction, but so is a maliciously-designed child's rocket even if it doesn't have a warhead. On the other hand, although a missile-propelled firecracker would be considered a weapon of mass destruction if its designers had wanted to think of it as a weapon, it would not be so considered if it had previously been designed for use as a weapon and then redesigned for pyrotechnic use or if it was surplus and had been sold, loaned, or given to you (under certain circumstances) by the secretary of the army .... All artillery, and virtually every muzzle-loading military long arm for that matter, legally qualifies as a WMD. It does make the bombardment of Ft. Sumter all the more sinister. To say nothing of the revelation that The Star Spangled Banner is in fact an account of a WMD attack on American shores." After the Boston Marathon bombings, one commentator described our use of the term this way: "What the United States means by terrorist violence is, in large part, 'public violence some weirdo had the gall to carry out using a weapon other than a gun.' ... Mass murderers who strike with guns (and who don't happen to be Muslim) are typically read as psychopaths disconnected from the larger political sphere." Sadly, there's a lot of truth to that. Even as the definition of terrorism broadens, we have to ask how far we will extend that arbitrary line. Already, we're using these surveillance systems in other areas. A raft of secret court rulings has recently expanded the NSA's eavesdropping powers to include "people possibly involved in nuclear proliferation, espionage and cyberattacks." A "little-noticed provision" in a 2008 law expanded the definition of "foreign intelligence" to include "weapons of mass destruction," which, as we've just seen, is surprisingly broad. A recent Atlantic essay asks, somewhat facetiously, "If PRISM is so good, why stop with terrorism?" The author's point was to discuss the value of the Fourth Amendment, even if it makes the police less efficient. But it's actually a very good question. Once the NSA's ubiquitous surveillance of all Americans is complete -- once it has the ability to collect and process all of our emails, phone calls, text messages, Facebook posts, location data, physical mail, financial transactions, and who knows what else -- why limit its use to cases of terrorism? I can easily imagine a public groundswell of support to use to help solve some other heinous crime, like a kidnapping. Or maybe a child-pornography case. From there, it's an easy step to enlist NSA surveillance in the continuing war on drugs; that's certainly important enough to warrant regular access to the NSA's databases. Or maybe to identify illegal immigrants. After all, we've already invested in this system, we might as well get as much out of it as we possibly can. Then it's a short jump to the trivial examples suggested in the Atlantic essay: speeding and illegal downloading. This "slippery slope" argument is largely speculative, but we've already started down that incline. Criminal defendants are starting to demand access to the NSA data that they believe will exonerate themselves. How can a moral government refuse this request? More humorously, the NSA might have created the best backup system ever. Technology changes slowly, but political intentions can change very quickly. In 2000, I wrote in my book Secrets and Lies about police surveillance technologies: "Once the technology is in place, there will always be the temptation to use it. And it is poor civic hygiene to install technologies that could someday facilitate a police state." Today we're installing technologies of ubiquitous surveillance, and the temptation to use them will be overwhelming. This essay originally appeared in TheAtlantic.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 19 16:56:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 17:56:38 -0400 Subject: [Infowarrior] - In Major Ruling, Court Orders Times Reporter to Testify Message-ID: <6070CFCC-9EEA-4B9F-B37D-98BFA50F60AE@infowarrior.org> In Major Ruling, Court Orders Times Reporter to Testify By CHARLIE SAVAGE Published: July 19, 2013 99 Comments WASHINGTON ? In a major decision about press freedoms, a divided federal appeals court on Friday ruled that James Risen, an author and a reporter for The New York Times, must testify in the criminal trial of a former Central Intelligence Agency official charged with providing him with classified information. In a 118-page set of opinions, two members of a three-judge panel for the United States Court of Appeals for the Fourth Circuit, in Richmond, Va. ? the court whose decisions cover the Pentagon and the C.I.A. ? ruled that the First Amendment provides no protection to reporters who receive unauthorized leaks from being forced to testify against the people suspected of leaking to them. ?Clearly, Risen?s direct, firsthand account of the criminal conduct indicted by the grand jury cannot be obtained by alternative means, as Risen is without dispute the only witness who can offer this critical testimony,? wrote Chief Judge William Byrd Traxler Jr., who was joined by Judge Albert Diaz. Mr. Risen has vowed to appeal any loss at the appeals court to the Supreme Court, and to go to prison rather than testify about his sources. On Friday, he referred a request to comment to his lawyer, Joel Kurtzberg, who wrote in an e-mail: ?We are disappointed by and disagree with the court?s decision. We are currently evaluating our next steps.? Judge Roger Gregory, the third member of the panel, filed a vigorous dissent, portraying his colleagues? decision as ?sad? and a serious threat to investigative journalism. < - > http://www.nytimes.com/2013/07/20/us/in-major-ruling-court-orders-times-reporter-to-testify.html?hp&_r=0 From rforno at infowarrior.org Fri Jul 19 17:02:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jul 2013 18:02:08 -0400 Subject: [Infowarrior] - TSA expanding Pre-Check Message-ID: <706A18E8-00D6-4D40-8E4F-C8445092B84F@infowarrior.org> TSA to expand speedier screening ? for a fee Bart Jansen, USA TODAY 3:30 p.m. EDT July 19, 2013 http://www.usatoday.com/story/travel/flights/2013/07/19/tsa-screening-pre-check-global-entry-dulles-indianapolis/2568101/ The Transportation Security Administration plans to dramatically expand its program to get travelers through airport checkpoints faster by inviting them to pay a nominal fee for voluntary background checks. TSA's Pre-check program offers travelers separate lines at checkpoints, where they leave on shoes and light coats and keep laptops in their bags. The free program operates at 40 airports and now covers members of frequent-flier programs for Alaska, American, Delta, Hawaiian, United, US Airways and Virgin America airlines. Airlines invite frequent-fliers to apply with little more than the information provided when buying a ticket. But TSA Administrator John Pistole announced Friday the agency will expand eligibility for the program to include travelers who pay a one-time fee of $85 for five years, to cover an application with identifying information such as address and birthplace, a background check and fingerprinting. Enrollment centers are initially scheduled to open in the fall at Washington's Dulles and Indianapolis airports, but the program is expected to expand at numerous locations nationwide. "This initiative will increase the number of U.S. citizens eligible to receive expedited screening, through TSA Pre-check," Pistole said. The expansion is part of Pistole's shift from blanketing everyone with the same security to focusing the most scrutiny on the riskiest travelers. By sorting out trusted travelers for less intrusive screening, the agency hopes to narrow its focus on potential terrorists. "That's our way of dealing with risk-based security and saying let's get away from the one-size-fits-all, and let's focus on the those that we can pre-screen ... so we can expedite your physical screening at the checkpoint because we have a high confidence that you are not a terrorist," Pistole said Friday at the Aspen Security Forum in Colorado. Pistole's goal is to expand the program to cover 25% of travelers by the end of the year and perhaps 50% by the end of 2014. So far, 12 million travelers have used Pre-check since it began in late 2011, but about 1.8 million people fly every day. Easing checkpoint security for more travelers is also expected to reduce criticism of TSA. At the Aspen Security Forum on Thursday, retired admiral Dennis Blair, a former director of national intelligence overseeing the National Security Agency and Central Intelligence Agency, argued that airport checkpoints inconvenienced more people than NSA collecting information about phone calls. "There has been more inconvenience and damage to Americans by the no-fly list and by taking off your shoes off in the airport than this program," Blair said of the NSA phone program. Under the expansion, Pre-check would resemble Custom and Border Protection's popular Global Entry program for international travelers. Participants in Global Entry pay a one-time fee of $100 for five years, fill out a travel questionnaire and submit to a background check and fingerprinting. If the application is approved, Global Entry participants whisk through Customs by swiping their passport at a kiosk and then handing a printed receipt to a government officer. TSA already recognizes Global Entry participants for Pre-check and that will continue. But Pre-check is an option for travelers without passports and is projected to have more enrollment centers than the 39 that Global Entry has. Pre-check application processing is expected to take about two to three weeks. Erik Hansen, director of domestic policy for the U.S. Travel Association, which promotes travel and conducts research, said the expansion is important for regular travelers who aren't frequent fliers or who don't live near a Global Entry enrollment office. "This is a huge development for Pre-check and it has big implications for ordinary travelers," Hansen said. "It's going to be something that expedites the screening process for everyone." The U.S. Travel Association surveyed travelers in 2010 and 2011 and found a willingness to pay a fee for faster screening. "If you can get the travelers who travel two to three times per year, that's the majority of the flying public," Hansen said. "If you can target them, that's going to put a lot more people through the expedited screening lane and it's going to shorten the regular screening line for everybody else." Airports, which have to find space for TSA checkpoints, also welcomed the expansion. Deborah McElroy, interim president of Airports Council International-North America, an advocacy group for airports handling 95% of travelers nationwide, said the program will mean better efficiency and customer service at many checkpoints. "ACI-NA looks forward to working with TSA to expand this program to additional airports nationwide as soon as possible," McElroy said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 21 10:28:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Jul 2013 11:28:36 -0400 Subject: [Infowarrior] - German Intelligence Used NSA Spy Program Message-ID: More @ Sp?hsystem XKeyscore: fruitful espionage tool http://www.spiegel.de/netzwelt/netzpolitik/xkeyscore-spionagewerkzeug-wird-von-bnd-und-bfv-genutzt-a-912260.html 07/20/2013 06:02 PM 'Prolific Partner' German Intelligence Used NSA Spy Program http://www.spiegel.de/international/germany/german-intelligence-agencies-used-nsa-spying-program-a-912173-druck.html Angela Merkel and her ministers claim they first learned about the US government's comprehensive spying programs from press reports. But SPIEGEL has learned that German intelligence services themselves use one of the NSA's most valuable tools. Germany's foreign intelligence service, the BND, and its domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), used a spying program of the American National Security Agency (NSA). This is evident in secret documents from the US intelligence service that have been seen by SPIEGEL journalists. The documents show that the Office for the Protection of the Constitution was equipped with a program called XKeyScore intended to "expand their ability to support NSA as we jointly prosecute CT (counterterrorism) targets." The BND is tasked with instructing the domestic intelligence agency on how to use the program, the documents say. According to an internal NSA presentation from 2008, the program is a productive espionage tool. Starting with the metadata -- or information about which data connections were made and when -- it is able, for instance, to retroactively reveal any terms the target person has typed into a search engine, the documents show. In addition, the system is able to receive a "full take" of all unfiltered data over a period of several days -- including, at least in part, the content of communications. This is relevant from a German perspective, because the documents show that of the up to 500 million data connections from Germany accessed monthly by the NSA, a major part is collected with XKeyScore (for instance, around 180 million in December 2012). The BND and BfV, when contacted by SPIEGEL, would not discuss the espionage tool. The NSA, as well, declined to comment, referring instead to the words of US President Barack Obama during his visit to Berlin and saying there was nothing to add. 'Eagerness and Desire' Furthermore, the documents show that the cooperation of the German intelligence agencies with the NSA has recently intensified. Reference is made to the "eagerness and desire" of BND head Gerhard Schindler. "The BND has been working to influence the German government to relax interpretation of the privacy laws to provide greater opportunities of intelligence sharing," the NSA noted in January. Over the course of 2012, German partners had shown a "willingness to take risks and to pursue new opportunities for cooperation with the US." In Afghanistan, it says elsewhere in the document, the BND had even proved to be the NSA's "most prolific partner" when it came to information gathering. The relationship is also close on a personal level: At the end of April, just a few weeks before the first revelations by former intelligence agency employee Edward Snowden, a 12-member high-level BND delegation was invited to the NSA to meet with various specialists on the subject of "data acquisition." URL: ? http://www.spiegel.de/international/germany/german-intelligence-agencies-used-nsa-spying-program-a-912173.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 21 10:34:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Jul 2013 11:34:54 -0400 Subject: [Infowarrior] - U.N. warns on mobile cybersecurity bugs in bid to prevent attacks Message-ID: <4904EC7F-8B5F-4423-BDFA-F5658053FCCF@infowarrior.org> U.N. warns on mobile cybersecurity bugs in bid to prevent attacks February 26, 2011. REUTERS/ ? By Jim Finkle http://news.yahoo.com/u-n-warns-mobile-cybersecurity-bugs-bid-prevent-123604059.html BOSTON (Reuters) - A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones. The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards. Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31. The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant." "These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Tour? told Reuters. He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts. A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it also reviewed the research. "We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton. Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response. "Our policy is to refrain from commenting on details relating to our customers' operations," she said. BECOMING THE SIM Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as DES. The technology is still used on at least one out of eight SIMs, or a minimum of 500 million phones, according to Nohl. The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Tour? said. Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia. "We become the SIM card. We can do anything the normal phone users can do," Nohl said in a phone interview. "If you have a MasterCard number or PayPal data on the phone, we get that too." IPHONE, ANDROID, BLACKBERRY The mobile industry has spent several decades defining common identification and security standards for SIMs to protect data for mobile payment systems and credit card numbers. SIMs are also capable of running apps. Nohl said Security Research Labs found mobile operators in many countries whose phones were vulnerable, but declined to identify them. He said mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs. All types of phones are vulnerable, including iPhones from Apple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, he said. BlackBerry's director of security response and threat analysis, Adrian Stone, said in a statement that his company proposed new SIM card standards last year to protect against the types of attacks described by Nohl, which the GSMA has adopted and advised members to implement. Apple and Google declined comment. CTIA, a U.S. mobile industry trade group based in Washington, D.C., said the new research likely posed no immediate threat. "We understand the vulnerability and are working on it," said CTIA Vice President John Marinho. "This is not what hackers are focused on. This does not seem to be something they are exploiting." (Reporting by Jim Finkle. Additional reporting by Leila Abboud. Editing by Tiffany Wu and Andre Grenon) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 22 06:38:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jul 2013 07:38:53 -0400 Subject: [Infowarrior] - =?utf-8?q?Scenario_Puts_Energy=2C_Politics_in_Hac?= =?utf-8?q?kers=E2=80=99_Cross_Hairs?= Message-ID: <4EAACBAC-1B12-4137-AC0D-44867EE607C1@infowarrior.org> Defense News July 22, 2013 Scenario Puts Energy, Politics in Hackers? Cross Hairs By JOE GOULD http://www.armytimes.com/article/20130717/NEWS04/307170004/Scenario-puts-energy-politics-hackers-cross-hairs WASHINGTON ? A US Army cyber official warns that the nation faces a possible cyberwar in which anonymous foreign computer hackers penetrate government networks and create friction between Washington and its allies, discredit elected officials, and create political and economic instability if the US fails to adapt. In a recent academic thesis, Col. Bryant Glando paints a nightmarish picture of how attacks against the US might unfold to influence its political process and national security objectives ? without a shot being fired. To avert catastrophe, Glando argues the Defense Department should elevate cyber from a primary mission to a core mission area, a new strategic approach that would provide a military advantage in cyberspace ?over all potential adversaries.? ?The threats are real,? the thesis reads, before paraphrasing military theorist Carl von Clausewitz. ?It is not a matter of if but a matter of when a nation or non-nation state develops a new type of warfare to exploit an Achilles? heel of the United States in order to achieve its own strategic objectives. The nature of war does not change, but warfare does, and those who adapt survive, and those who fail suffer the consequences.? As proposed by Glando, cyberwarfare would have a whole-of?government approach, as supported by DoD?s definition of a core mission area. The way it?s organized, he said, ?potentially degrades the ability to deter, defend, and defeat an adversary in, through, and from cyberspace. Why, because this fundamentally violates the joint principles of unity of command, economy of force, and mass as defined in US Joint Publication 3-0.? Soon to become deputy chief of US cyber Command?s J-35 Future Operations Cell, Glando is the former deputy director of the cyber?space proponent for Army Cyber Command/2nd Army, based at Fort Belvoir, Va., and a part of US Cyber Command. In the early 2000s, Glando led an Army task force that was part of the joint response to ?Titan Rain,? a series of cyber espionage attacks attributed to the Chinese and used to pilfer information from American government agencies and defense contractors. The ?Art of the Possible? The 10 years since have seen, among other incidents, the 2007 cyberattacks that swamped Esto?nian websites amid a dispute with Russia; the hacking of Ossetian media and government websites during the 2008 Georgia-South Os?setia war; the 2010 Stuxnet malware attack on an Iranian nuclear enrichment facility; and cyber espionage efforts originating from China, including spying against military, commercial, research and industrial corporations. Peering into the future, Glando?s ?art of the possible? scenario sees country ?ABC? launch a sophisticated 3 1 ?2-year string of cyberattacks against the US and country ?XYZ,? which it hopes to take over. ABC penetrates the US defense sector, sows disinformation in the American political system, attacks critical government services and fuels civil unrest with leaks and tension between Washington and its allies. Hackers, presumably from ABC, launch anonymous attacks and, at one point, steal the plans for the F-35 Joint Strike Fighter. Later, ABC reveals its plans for a similar jet. The attacks get personal, exposing the extramarital affair of a US senator who supports a bilateral defense agreement with XYZ. In an eerie case of academics imitating life, Glando?s scenario has a new Pentagon directive for counter-cyber espionage that outrages the public because it calls for increased monitoring of US public communications. Disinformation is a key part of the cyberattacks. When the hacker collective Anonymous leaks the directive online, ?Pentagon officials report that some of the information posted was incorrect or was modified. US public is outraged and demands justice. Litigation is initiated by a group of concerned US citizens to prevent this directive from being implemented.? The month before 2014 elections, unknown hackers gain access to various political websites, Twitter and Facebook accounts and manipulate the statements of key political officials on sensitive political issues. Later, US Senate and House majorities change, spurring a new emphasis on domestic issues and relations in the Western Hemisphere. Some members of Congress begin pushing ?for a new strategic shift to look inward and are requesting a review of all bilateral defense agreements.? Over the next year, a software glitch crashes a US attack helicopter, America experiences power outages, water and sewage systems in Illinois suffer power outages and XYZ?s critical infrastructure experiences outages. Cyberattacks are the implied cause. The stock market and employment numbers plummet after unknown hackers remove $2 trillion from electronic circulation. December 2016 brings the grand finale, as key military systems in XYZ and the US fail because of software glitches; utilities at US military bases near XYZ fail, which delays US forces from responding to ABC?s imminent invasion of XYZ. At home, a coordinated cyberattack on critical infrastructure within the US and XYZ shuts down key government services, ?creating chaos across the public and private sectors.? ?Country ABC launches a massive invasion of country XYZ,? the thesis reads. ?The ability of the US to respond with sufficient military power is delayed due to the crippling effects of a concentrated cyberspace warfare campaign directed against the United States, its allies and country XYZ.? Hard and Soft Power Jeffrey Carr, founder of cybersecurity consultancy Taia Global and author of ?Inside Cyber Warfare,? faulted Glando?s scenario and called the proposed solution ?irrelevant to the actual threat landscape.? He wrote in an email that the scenario ?goes from being vastly understated (a 20-minute power outage?) to vastly overstated (casting doubt in an electorate?s mind) and demonstrates a lack of understanding about what?s technically possible, not to mention realistic.? Glando responded to the criticism by agreeing that more devastating cyberattacks are possible, but said in his scenario, the adversary was using stealthier ?brown?outs? to confuse efforts to attribute the attacks and the response. Otherwise, Glando disagreed that cyberattacks could not be used to influence an electorate and cited current events. ?During the Arab Spring, modern technology was used to spur dissent, and not just in a single country,? he said. Christopher Bronk, a former diplomat with the State Department and a fellow specializing in information technology policy at Rice University?s Baker Institute, said cyber operations can enable the application of hard power and soft power, as suggested by Glando. ?The scenario has it all, the kind of kinetic attacks that makes the oil and gas industry go kaboom to influence games like, ?Oh, this country?s going to lose some senatorial support,? ? Bronk said. According to Bronk, the military must make cybersecurity part of its culture ?because computing pervades everything the military does now. It?s all ones and zeroes, and digital technology is embedded all the way down to a rifle company.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 22 06:38:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jul 2013 07:38:59 -0400 Subject: [Infowarrior] - The CIA's New Black Bag Is Digital Message-ID: (c/o ST) The CIA's New Black Bag Is Digital When the NSA can't break into your computer, these guys break into your house. http://www.foreignpolicy.com/articles/2013/07/16/the_cias_new_black_bag_is_digital_nsa_cooperation During a coffee break at an intelligence conference held in The Netherlands a few years back, a senior Scandinavian counterterrorism official regaled me with a story. One of his service's surveillance teams was conducting routine monitoring of a senior militant leader when they suddenly noticed through their high-powered surveillance cameras two men breaking into the militant's apartment. The target was at Friday evening prayers at the local mosque. But rather than ransack the apartment and steal the computer equipment and other valuables while he was away -- as any right-minded burglar would normally have done -- one of the men pulled out a disk and loaded some programs onto the resident's laptop computer while the other man kept watch at the window. The whole operation took less than two minutes, then the two trespassers fled the way they came, leaving no trace that they had ever been there. It did not take long for the official to determine that the two men were, in fact, Central Intelligence Agency (CIA) operatives conducting what is known in the U.S. intelligence community as either a "black bag job" or a "surreptitious entry" operation. Back in the Cold War, such a mission might have involved cracking safes, stealing code books, or photographing the settings on cipher machines. Today, this kind of break-in is known inside the CIA and National Security Agency as an "off-net operation," a clandestine human intelligence mission whose specific purpose is to surreptitiously gain access to the computer systems and email accounts of targets of high interest to America's spies. As we've learned in recent weeks, the National Security Agency's ability to electronically eavesdrop from afar is massive. But it is not infinite. There are times when the agency cannot gain access to the computers or gadgets they'd like to listen in on. And so they call in the CIA's black bag crew for help. The CIA's clandestine service is now conducting these sorts of black bag operations on behalf of the NSA, but at a tempo not seen since the height of the Cold War. Moreover, these missions, as well as a series of parallel signals intelligence (SIGINT) collection operations conducted by the CIA's Office of Technical Collection, have proven to be instrumental in facilitating and improving the NSA's SIGINT collection efforts in the years since the 9/11 terrorist attacks. Over the past decade specially-trained CIA clandestine operators have mounted over one hundred extremely sensitive black bag jobs designed to penetrate foreign government and military communications and computer systems, as well as the computer systems of some of the world's largest foreign multinational corporations. Spyware software has been secretly planted in computer servers; secure telephone lines have been bugged; fiber optic cables, data switching centers and telephone exchanges have been tapped; and computer backup tapes and disks have been stolen or surreptitiously copied in these operations. In other words, the CIA has become instrumental in setting up the shadowy surveillance dragnet that has now been thrown into public view. Sources within the U.S. intelligence community confirm that since 9/11, CIA clandestine operations have given the NSA access to a number of new and critically important targets around the world, especially in China and elsewhere in East Asia, as well as the Middle East, the Near East, and South Asia. (I'm not aware of any such operations here on U.S. soil.) In one particularly significant operation conducted a few years back in a strife-ridden South Asian nation, a team of CIA technical operations officers installed a sophisticated tap on a switching center servicing several fiber-optic cable trunk lines, which has allowed NSA to intercept in real time some of the most sensitive internal communications traffic by that country's general staff and top military commanders for the past several years. In another more recent case, CIA case officers broke into a home in Western Europe and surreptitiously loaded Agency-developed spyware into the personal computer of a man suspected of being a major recruiter for individuals wishing to fight with the militant group al-Nusra Front in Syria, allowing CIA operatives to read all of his email traffic and monitor his Skype calls on his computer. The fact that the NSA and CIA now work so closely together is fascinating on a number of levels. But it's particularly remarkable accomplishment, given the fact that the two agencies until fairly recently hated each others' guts. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 22 07:46:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jul 2013 08:46:47 -0400 Subject: [Infowarrior] - =?windows-1252?q?OpEd=3A_Gen=2E_Hayden=92s_Glass_?= =?windows-1252?q?House?= Message-ID: <9438FBC9-711C-4CDC-91ED-53353737AD22@infowarrior.org> Gen. Hayden?s Glass House by Ray McGovern, July 22, 2013 http://original.antiwar.com/mcgovern/2013/07/21/gen-haydens-glass-house/ Former National Security Agency Director Michael Hayden should not throw any more stones, lest his own glass house be shattered. His barrage Friday against truth-teller Edward Snowden and London Guardian journalist Glenn Greenwald invited a return rain of boulders for Hayden committing the same violations of constitutional protections that he is now excusing. Writing as ?CNN Terrorism Analyst,? Hayden read from the unctuous script previously used by ?Meet the Press? host David Gregory on June 23 when he questioned Greenwald?s status as a journalist. Hayden claimed Greenwald deserves ?the Justice Department?s characterization of a co-conspirator.? But the principal target of Hayden?s ire was Snowden. After lumping him together with despicable characters like CIA?s Aldrich Ames, Robert Hanssen of the FBI, and others who spied for the U.S.S.R. ? and then disparaging ?leakers? like Bradley Manning ? Hayden wrote, ?Snowden is in a class by himself.? But it is Michael Hayden who is in a class by himself. He was the first NSA director to betray the country?s trust by ordering wholesale violation of what was once the First Commandment at NSA: ?Thou Shalt Not Eavesdrop on Americans Without a Court Warrant.? Not to mention playing fast and loose with the Foreign Intelligence Surveillance Act of 1978 and the Fourth Amendment to the Constitution. While Hayden has implicitly offered a second-grader kind of excuse, that President George W. Bush and Vice President Dick Cheney ?made me do it,? that does not let Hayden off the hook. I have found it helpful lately to read the one-sentence Fourth Amendment during TV and radio interviews in order to provide necessary context and a backdrop against which viewers/listeners can gauge how the recent revelations about NSA operations comport, or do not, with the strictures in the amendment. Thankfully, the language is pretty straightforward and specific: ?The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.? Peer Review Former NSA directors are not normally given to criticizing the performance of their successors. We know, however, about the passionate disapproval with which two of Hayden?s predecessors reacted to the revelations in the Dec. 16, 2005 New York Times article, ?Bush Lets U.S. Spy on Callers Without Courts,? by journalists James Risen and Eric Lichtblau. Risen had ferreted out explosive information on eavesdropping (and other highly questionable operations) several months before the 2004 presidential election, disclosures that would have given American voters some important information regarding whether Bush deserved reelection or not. But the Times, in its wisdom, acquiesced to the Bush administration?s demands that the story be spiked ? not because the article was inaccurate, but precisely because it was so accurate, and embarrassing. The White House gave the Times the familiar warning that disclosure would ?damage national security.? But as 2005 drew to an end, the newspaper could wait no longer, since Risen?s book, State of War: The Secret History of the CIA and the Bush Administration, was already in galley and about to be published. The book contained, literally, chapter and verse on the illegal activity authorized by NSA Director Michael Hayden at the behest of Bush and Cheney. (And given the way court decisions are going these days, it is seeming more and more likely that James Risen is headed for jail if he insists on the First Amendment rights of a journalist and continues to refuse to divulge his sources.) When the Times finally published the story in December 2005, the Bush administration scrambled to defend the warrantless eavesdropping, a demonstrably gross violation of the Foreign Intelligence Surveillance Act (FISA) expressly forbidding eavesdropping on Americans without a court warrant. The White House immediately asked Hayden, then Deputy Director of National Intelligence, to play point man with the media, helping hapless Attorney General Alberto Gonzales defend the indefensible. Hayden?s perfidy was too much for Gen. Bill Odom, who had been NSA Director from 1985 to 1988. Odom was seething as he prepared to be interviewed on Jan. 4, 2006, by George Kenney, a former Foreign Service officer and now producer of ?Electronic Politics.? Odom blurted out, ?Hayden should have been court martialed.? And President Bush ?should be impeached,? added the general with equal fury. Odom ruled out discussing, during the interview itself, the warrantless eavesdropping revealed by the New York Times three weeks earlier. In a memorandum about the conversation, Kenney opined that Odom appeared so angry that he realized that if he started discussing the still-classified issue, he would not be able to control himself. Why was Gen. Odom so angry? Because he, like all uniformed officers (as well as many civilian officials), took an oath to support and defend the Constitution of the United States against all enemies, foreign and domestic; because he took that oath seriously; and because he had done his damndest to ensure that all NSA employees strictly observed the prohibition against eavesdropping on Americans without a warrant. Also deeply disappointed was former NSA Director Admiral Bobby Ray Inman, who led NSA from 1977 to 1981 and actually played a key role in helping shape the FISA law of 1978. (Before he retired, Inman had achieved virtual sainthood in Official Washington as one of the country?s most respected intelligence managers, although he was known for looking the other way ? or as he put it, ?pulling up his socks? ? when the powers-that-be were spinning the facts or exceeding their legal powers.) Hayden?s Record From the Bush/Cheney White House perspective, Hayden had performed quite well working with the supine mainstream media to defend the Bush/Cheney illegal eavesdropping programs. For services performed, Hayden was nominated on May 8, 2006, reportedly at Cheney?s urging, to replace CIA Director Porter Goss, who had retired abruptly on May 5 after just seven controversial months as director. So the nomination of Hayden to lead the CIA was very much on the minds of Inman, Risen and others who gathered for a public discussion at the New York Public Library that same afternoon, May 8, 2006. Participants were brought up short when Inman took strong issue with Hayden?s flouting of FISA: ?There clearly was a line in the FISA statutes which says you couldn?t do this,? said Inman, who went on to call specific attention to an ?extra sentence put in the bill that said, ?You can?t do anything that is not authorized by this bill.?? Inman spoke proudly of the earlier ethos at NSA, where ?it was deeply ingrained that you operate within the law and you get the law changed if you need to.? Risen quipped about how easy it would have been to amend the FISA statute after the 9/11 attacks when the American people were demanding revenge: ?In October 2001, you could have set up guillotines on the public streets of America.? Attorney General Gonzales, however, knew that there were still institutional obstacles to the NSA figuratively decapitating the Fourth Amendment. At a press conference on Dec. 19, 2005, three days after the Risen/Lichtblau disclosures in the New York Times, Gonzales was asked why the administration did not seek new legislation to enable it to conduct the eavesdropping program legally. He responded: ?We have had discussions with Congress in the past ? certain members of Congress ? as to whether or not FISA could be amended to allow us to adequately deal with this kind of threat, and we were advised that that would be difficult, if not impossible.? This was not the only hint at the time that the surveillance program was so huge in scope and so intrusive that even a servile Congress, typically reluctant to turn down any project labeled ?anti-terrorist,? would not have blessed it. Really, could even a doormat Congress be expected to approve ?Collect Everything?? Inman?s Short-Lived Criticism By happenstance, I found myself with a front-row seat watching honor among thieves play out, i. e., how the Washington Establishment generals and admirals cover for one other. Inman?s remarks at the New York Public Library had been written up by Steve Clemons in his blog, The Washington Note. Worse still for Hayden, Democracynow?s Amy Goodman showed video clips of Inman?s undisguised criticism of Gen. Hayden on the morning of May 17, less than a week before the Senate Intelligence Committee took up Hayden?s nomination to be CIA director. Something needed to be done ? and quickly. Specifically, Inman needed to be called to atone for his unspeakable sin of candor ? the more so since he enjoyed quasi-sainthood on both sides of the aisle in Congress. So there I sat on May 17 in the anteroom of the CNN/New York studio of Lou Dobbs, who wanted to talk to me about my mini-debate two weeks earlier with then-Defense Secretary Donald Rumsfeld on Iraq. Into the waiting room rushed a breathless Bobby Ray Inman. I am then told that he has just been given part of my time, since he needed to discuss the nomination of Michael Hayden to head the CIA. I had read Steve Clemons?s blog and was well aware of Inman?s remarks on May 8. As he rushed to don a borrowed tie, I had just enough time to give him an atta-boy for his honesty at the library and to express the hope he would stay on message with Lou Dobbs. Na?ve me! Watching the monitor I saw Inman give his highest recommendation for Gen. Hayden as supremely qualified to head the CIA. That, I thought to myself, is how the system works. Hayden?s nomination sailed through the Senate Intelligence Committee on May 23 by a vote of 12 to 3 and the full Senate on May 26 by 78 to 15. A whiff of conscience showed through during Hayden?s nomination hearing to become CIA Director, though, when he flubbed the answer to what was supposed to be a soft, fat pitch from Bush administration loyalist, Sen. Kit Bond, R-Missouri, then vice-chair of the Senate intelligence overlook committee: ?Did you believe that your primary responsibility as director of NSA was to execute a program that your NSA lawyers, the Justice Department lawyers, and White House officials all told you was legal, and that you were ordered to carry it out by the President of the United States?? Instead of the simple ?Yes? that had been scripted, Hayden paused and spoke rather poignantly ? and revealingly: ?I had to make this personal decision in early October 2001, and it was a personal decision ? I could not not do this.? Why should it have been such an enormous personal decision whether or not to obey a White House order? No one asked Hayden, but it requires no particular acuity to figure it out. This is a military officer who, like the rest of us, swore to support and defend the Constitution of the United States against all enemies, foreign and domestic; a military man well aware that one must not obey an unlawful order; and an NSA director totally familiar with the FISA restrictions. That, it seems clear, is why Hayden found it a difficult personal decision. Knowing the Law No American, save perhaps Admiral Inman and Gen. Odom, knew the FISA law better than Hayden. Nonetheless, in his testimony, Hayden conceded that he did not even require a written legal opinion from NSA lawyers as to whether the new, post-9/11 comprehensive surveillance program ? to be implemented without court warrants, without ?probable cause,? and without adequate consultation in Congress ? could pass the smell test. Hayden said he sought an oral opinion from then-NSA general counsel Robert L. Deitz, whom Hayden later brought over to CIA as a ?trusted aide? to CIA Director Hayden! (In the fall of 2007, Hayden launched Deitz on an investigation of the CIA?s own statutory Inspector General who had made the mistake of being too diligent in investigating abuses like torture). Interestingly, Hayden did not pass the smell test for Sen. Barack Obama, D-Illinois, who on May 25 took a principled stand against his nomination and voted against it the following day. In his brief but typically eloquent one-minute speech on the Senate floor, Sen. Obama was harshly critical of both Hayden and President George W. Bush. Obama insisted that ?President Bush is not above the law; no president is above the law.? His words did not ring as hollow then as they do now in retrospect. To his credit, I suppose, President-elect Obama did get rid of Hayden ? for cause, as I tried to explain in ?What?s CIA Director Hayden Hidin?? on Jan. 15, 2009. I ended that article with the following word of ?good riddance.? (It was hardly prophetic ? rather a very safe bet): ?The sooner Hayden is gone (likely to join the Fawning Corporate Media channels as an expert commentator, and to warm some seats on defense-industry corporate boards) the better. His credentials would appear good for that kind of work.? Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the Saviour in inner-city Washington. During his 27 years as a CIA analyst, he worked very closely with conscientious colleagues at NSA who, if they came upon the name of an American in an intercepted message, would razor it out of the paper before releasing it, that being the ethos at NSA then. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 22 08:08:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jul 2013 09:08:44 -0400 Subject: [Infowarrior] - UK to mandate 'family friendly' Internet by default Message-ID: <853F836B-F9F8-4540-9196-89DDB6E225A6@infowarrior.org> 22 July 2013 Last updated at 09:00 ET Online pornography to be blocked by default, PM announces http://www.bbc.co.uk/news/uk-23401076?print=true Most households in the UK will have pornography blocked by their internet provider unless they choose to receive it, David Cameron has announced. In addition, the prime minister said possessing online pornography depicting rape would become illegal in England and Wales - in line with Scotland. Mr Cameron warned in a speech that access to online pornography was "corroding childhood". The new measures will apply to both existing and new customers. Mr Cameron also called for some "horrific" internet search terms to be "blacklisted", meaning they would automatically bring up no results on websites such as Google or Bing. He told the BBC he expected a "row" with service providers who, he said in his speech, were "not doing enough to take responsibility" despite having a "moral duty" to do so. He also warned he could have to "force action" by changing the law and that, if there were "technical obstacles", firms should use their "greatest brains" to overcome them. 'Innocence' In his speech, Mr Cameron said family-friendly filters would be automatically selected for all new customers by the end of the year - although they could choose to switch them off. And millions of existing computer users would be contacted by their internet providers and told they must decide whether to use or not use "family-friendly filters" to restrict adult material. The filters would apply to all devices linked to the affected home Wi-Fi network and across the public Wi-Fi network "wherever children are likely to be present". Customers who do not click on either option - accepting or declining - will have filters activated by default, Tory MP Claire Perry, Mr Cameron's adviser on the sexualisation and commercialisation of childhood, told the BBC. The UK's biggest internet service providers have agreed to the filters scheme meaning it should cover 95% of homes. Other measures announced by the prime minister included: ? New laws so videos streamed online in the UK will be subject to the same restrictions as those sold in shops ? Search engines having until October to introduce further measures to block illegal content ? Experts from the Child Exploitation and Online Protection Centre being given more powers to examine secretive file-sharing networks ? A secure database of banned child porn images gathered by police across the country will be used to trace illegal content and the paedophiles viewing it Mr Cameron also called for warning pages to pop up with helpline numbers when people try to search for illegal content. He said: "I want to talk about the internet, the impact it is having on the innocence of our children, how online pornography is corroding childhood. "And how, in the darkest corners of the internet, there are things going on that are a direct danger to our children, and that must be stamped out. "I'm not making this speech because I want to moralise or scaremonger, but because I feel profoundly as a politician, and as a father, that the time for action has come. This is, quite simply, about how we protect our children and their innocence." But former Child Exploitation and Online Protection Centre boss Jim Gamble told BBC Radio 4's Today programme it was important to "get to the root cause" of illegal pornography, by catching those responsible for creating it. He added: "You need a real deterrent, not a pop-up that paedophiles will laugh at." But Ms Perry argued filters would make a difference, saying that the killers of schoolgirls April Jones and Tia Sharp had accessed legal pornography before moving on to images of child abuse. She added: "It's impossible to buy this material in a sex shop... but it's possible to have it served up on a computer every day." In his speech, Mr Cameron said possession of online pornography depicting rape would be made illegal. Existing legislation only covers publication of pornographic portrayals of rape, as opposed to possession. "Possession of such material is already an offence in Scotland but because of a loophole in the Criminal Justice and Immigration Act 2008, it is not an offence south of the border," Mr Cameron said. "Well I can tell you today we are changing that. We are closing the loophole - making it a criminal offence to possess internet pornography that depicts rape." The move has been welcomed by women's groups and academics who had campaigned to have "rape porn" banned. Holly Dustin, director of the End Violence Against Women Coalition, said the group was "delighted". "The coalition government has pledged to prevent abuse of women and girls, so tackling a culture that glorifies abuse is critical for achieving this," she said. "The next step is working with experts to ensure careful drafting of the law and proper resourcing to ensure the law is enforced fully." 'No safe place' Mr Cameron, who has faced criticism from Labour over cuts to Child Exploitation and Online Protection Centre's funding, insisted the centre's experts and police would be given the powers needed to keep pace with technological changes on the internet. "Let me be clear to any offender who might think otherwise: there is no such thing as a safe place on the internet to access child abuse material," he said. A spokesman for Google said: "We have a zero tolerance attitude to child sexual abuse imagery. Whenever we discover it, we respond quickly to remove and report it. "We recently donated $5m (?3.3m) to help combat this problem and are committed to continuing the dialogue with the government on these issues." According to some experts, "default on" can create a dangerous sense of complacency, says BBC technology correspondent Rory Cellan-Jones. He says internet service providers would dispute Mr Cameron's interpretation of the new measures, insisting they did not want to be seen as censors. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 22 08:33:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jul 2013 09:33:57 -0400 Subject: [Infowarrior] - Google starts placing ads directly in Gmail inboxes Message-ID: <53DDDBC7-1348-4C96-B9A5-BDA5162DC742@infowarrior.org> Google starts placing ads directly in Gmail inboxes Trying a new method of making money off its free e-mail service, the Internet giant has begun putting ads in Gmail's "promotions" category. by Stephen Shankland July 22, 2013 6:13 AM PDT Google has begun including advertisements as e-mail messages in some Gmail users' inboxes, a new step in the company's effort to turn its free services into revenue sources. The company has shown ads alongside Gmail messages for years, but these ads appear as messages that can be opened like e-mails and forwarded to others, according to Gmail users who started seeing them last week. They appear only in the new "promotions" tab of Gmail's new multi-tab interface, and they're marked with a pale yellow background and labeled "ad," similar to how Google treats some search ads that appear above or to the right of search results. The ads aren't likely to sit well with a lot of people already dealing with plenty of inbox clutter -- especially those who have appreciated Gmail's abilities to weed out spam. "Inbox tabs should only include your messages, not ads disguised as email," opined Alex Chitu on the unofficial Google Operating System blog after seeing the ads last week. < - > http://news.cnet.com/8301-1023_3-57594819-93/google-starts-placing-ads-directly-in-gmail-inboxes/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 22 12:21:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jul 2013 13:21:29 -0400 Subject: [Infowarrior] - How Does Government Secrecy Change? Message-ID: <606AF1A2-FB38-4092-A3E2-EEDA33249C7F@infowarrior.org> How Does Government Secrecy Change? http://blogs.fas.org/secrecy/2013/07/secrecy-dynamics/ Sometimes it seems that the national security classification system is static, monolithic and hopelessly inert. But in fact it is relentlessly in motion, with new secrets constantly being created as old secrets are gradually released. Two months ago, the fact that the Foreign Intelligence Surveillance Court had authorized the bulk collection and transfer of telephone metadata to the National Security Agency was a highly classified secret. But by last Friday, the Court?s renewal of that same authority for bulk collection was actually announced in a press release from the Office of the Director of National Intelligence. In the interim, of course, the previously Top Secret FIS Court order had been leaked by Edward Snowden and published by The Guardian. But Snowden did not leak the fact of the latest renewal. It was disclosed at the initiative of the ODNI. And other related disclosures may be on the way. ?The Administration is undertaking a careful and thorough review of whether and to what extent additional information or documents pertaining to this program may be declassified, consistent with the protection of national security,? the ODNI press release said. In effect, the Snowden disclosures shifted the Administration?s calculation of what should be secret and what should be public. From a secrecy policy point of view, this is as noteworthy as the disclosures themselves. (?This discussion can, and should, have taken place without the recent disclosures,? said ODNI General Counsel Robert S. Litt in a speech at the Brookings Institution on July 19 which detailed the government?s perspective on the matter. Maybe it can, and maybe it should? but it didn?t.) Setting aside the specific content of the disclosures, the shifting boundaries of national security secrecy highlight the fact that the decision to classify information is inherently a matter of judgment. And because it is an act of judgment, an official decision to classify is subject to disagreement, error, reconsideration and revision. But how exactly do judgments about secrecy change? If the factors that enter into classification judgments could be clarified, the prospects for a more rational and comprehensible secrecy policy would be improved. A better understanding of the process would also serve to focus and guide efforts to change secrecy policy. In a new paper, I tried to describe some of those factors and to draw practical conclusions from them. ?An Inquiry into the Dynamics of Government Secrecy? was just published in Harvard Civil Rights-Civil Liberties Law Review, Vol. 48, No. 2, Summer 2013. The essential point of departure is a recognition that classification of national security information is a subjective process, not a rigorously objective one. ?There appears to be no common understanding of classification levels? nor any consistent guidance as to what constitutes ?damage,? ?serious damage,? or ?exceptionally grave damage? to national security,? according to an ODNI classification study cited in the paper. ?There is wide variance in application of classification levels.? This subjectivity and lack of common understanding can produce erratic results. Different classifiers may classify the same information differently. Classification levels of particular items of information whose sensitivity would normally be expected to diminish over time will sometimes increase. Often, decisions to classify seem to be skewed by habit, political or bureaucratic self-interest, or simple error. Illogically, the same information may be treated as both classified and unclassified, even in a single document. But if classification unavoidably involves individual judgments then it stands to reason that the quality of the classification process can be improved by submitting those judgments to a form of external review. ?Precisely because classification is a subjective process, the act of introducing additional ?subjects? into the process can destabilize it in a fruitful way,? I argue in the paper. ?While individual classifiers rarely seem to change their own judgments when challenged, those individual judgments are overturned with some frequency when the opinions of other persons are consulted and integrated into the process.? That is the case, for example, with the Interagency Security Classification Appeals Panel, which now has a 17 year record of declassifying at least some information in the large majority of documents that have been presented to it on appeal after the originating agencies declined to do so on their own. ?It is possible to counter any official tendency to exploit the classification system for political or bureaucratic advantage by engaging a broader circle of participants, whose interests do not all coincide, in the classification process,? the paper suggests. ?Providing for a series of layered reviews of classification decisions ? within agencies, across the executive branch, and with the active oversight of Congress and the courts ? offers a straightforward mechanism for mitigating classification abuses.? ?By itself, this kind of approach will not resolve all disputes over what should or should not be secret. But a more consensual style of making classification decisions, with more robust opportunities for error detection and correction, would be a marked improvement over current practice.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 23 07:45:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jul 2013 08:45:20 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_Web=92s_longest_nightmare_en?= =?windows-1252?q?ds=3A_Eolas_patents_are_dead_on_appeal?= Message-ID: The Web?s longest nightmare ends: Eolas patents are dead on appeal Web pioneers united to stop "interactive web" patents at an East Texas trial. by Joe Mullin - July 22 2013, 10:41pm EDT http://arstechnica.com/tech-policy/2013/07/the-webs-longest-nightmare-ends-eolas-patents-are-dead-on-appeal/ The inventor of the Web, Tim Berners-Lee, had never testified in court before last year. In February 2012, he left Cambridge to fly down to Tyler, an east Texas city of about 100,000, to testify at a patent trial. It was the culmination of a bold campaign by a man named Michael Doyle to levy a vast patent tax on the modern web. Berners-Lee was one of several web pioneers who came through the court during the course of a four-day trial, which ultimately convinced a jury to invalidate two patents owned by Eolas, the tiny patent-holding company that Doyle and his lawyers transformed into one of the most fearsome "patent trolls" of all time. Now Eolas appears to be gone for good. The company mounted a lengthy appeal, but it was all for naught; this morning, a three-judge appeals panel affirmed the jury's verdict without comment. In 1993, Doyle was the director of a computer lab at the University of California-San Francisco. He oversaw the creation of a program that allowed doctors to view embryos online, and later claimed it was the first "interactive" use of the World Wide Web. University lawyers helped Doyle patent the creation in 1994. Doyle took the patent and created a company he called "Eolas," the Irish word for knowledge. Eolas never made a marketable product, but it ultimately launched a patent war that made Doyle a rich man. In 1999, he filed a lawsuit saying that Microsoft's Internet Explorer violated his patent on "interactive" features on the web; the suit resulted in a $540 million jury verdict. Appeals ensued but were inconclusive; the case ultimately settled out for more than $100 million, with just over $30 million going to Eolas' co-plaintiff, the University of California. Meanwhile, Eolas' original patent was getting serious attention. It was actually denounced by the web's global standard-setting body in 2003. That resulted in an unusual director-ordered reexamination at the US Patent Office, but Eolas somehow emerged unscathed. Eolas got a second patent similar to its first in 2009. By then, the business of "patent trolling" had matured and become fantastically lucrative. The company relocated to East Texas before filing suit against 20 big companies, including Apple, Perot Systems, Blockbuster, eBay, Adobe, Google, Yahoo, and Amazon. Court documents show the company was seeking more than $600 million in January 2012, a damage demand that likely had inflated to more than $1 billion by the time of trial. The ensuing patent campaign earned Doyle, and his lawyers, tens of millions of dollars. Doyle lives in Chicago, where has given interviews to local media about his philanthropic efforts, but he has steadfastly refused to discuss his inventions or the ensuing lawsuits, except when compelled to do so during litigation. By the end of the 2012 jury trial, only Google, Yahoo and JC Penney had not struck deals with Eolas. Appeal loss shuts down three other lawsuits Under Doyle's conception of his own invention, practically any modern website owed him royalties. Playing a video online or rotating an image on a shopping website were "interactive" features that infringed his patents. And unlike many "patent trolls" who simply settle for settlements just under the cost of litigation, Doyle's company had the chops, the lawyers, and the early filing date needed to extract tens of millions of dollars from the accused companies. Eolas had kept filing lawsuits even after its trial loss, with cases against Disney, ESPN, ABC, Facebook, and Wal-Mart on hold awaiting the outcome of this appeal; those are all but doomed. Those lawsuits had asserted the two invalidated patents as well as two new ones, but the two newer patents both incorporate Eolas' first patent. The patent-holding company's lawyers stayed those new cases voluntarily, acknowledging that the appeal would have a "material effect" on their case. The role of the University of California is one of the most perplexing twists in the Eolas saga. The university kept a low profile during the lead-up to trial; but once in Texas, Eolas lawyers constantly reminded the jury they were asserting "these University of California patents." A lawyer from UC's patent-licensing division described support for Eolas at trial by simply saying that the university "stands by its licensees." (Eolas was technically an exclusive licensee of the UC-owned patent, which also gives it the right to sue.) At the same time, the University of California, and the Berkeley campus in particular, was a key institution in creating early web technology. While UC lawyers cooperated with the plaintiffs, two UC Berkeley-trained computer scientists were key witnesses in the effort to demolish the Eolas patents. Pei-Yuan Wei created the pioneering Viola browser, a key piece of prior art, while he was a student at UC-Berkeley in the early 1990s. Scott Silvey, another UC-Berkeley student at that time, testified about a program he made called VPlot, which allowed users to rotate an image of an airplane using Wei's browser. VPlot and Viola were demonstrated to Sun Microsystems in May 1993, months before Doyle claimed to have conceived of his invention. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 23 07:58:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jul 2013 08:58:54 -0400 Subject: [Infowarrior] - Cisco buys Sourcefire for $2.7B Message-ID: <27CF6854-5569-497B-BAFD-F32E06025CF8@infowarrior.org> Cisco to buy security software maker Sourcefire for $2.7 billion http://news.yahoo.com/cisco-buy-security-software-maker-sourcefire-2-7-121005976.html (Reuters) - Cisco Systems Inc said it will buy software maker Sourcefire Inc for about $2.7 billion to increase its network security offerings. Cisco will pay $76 per share for the company, a premium of 28.6 percent over its closing price on Monday of $59.08. The network equipment company said the deal would likely close during the second half of 2013 and it expects the acquisition to be slightly dilutive to non-GAAP earnings in fiscal year 2014. Cisco has lost market share in network security over the past few years to smaller, more innovative rivals such as Juniper Networks Inc, Check Point Software Technologies, and Palo Alto Networks Inc. It fell behind in Web applications, social media and video streaming that call for more complex security protection than traditional firewalls provide. (Reporting by Nicola Leske in New York, Supantha Mukherjee in Bangalore; Editing by Sreejiraj Eluvangal and Maureen Bavdek) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 23 11:44:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jul 2013 12:44:39 -0400 Subject: [Infowarrior] - DIRNSA requests 'emergency briefing' to Congress Message-ID: <236FF983-0119-46D3-B8E9-B8C42969FFB2@infowarrior.org> NSA's Keith Alexander Calls Emergency Private Briefing To Lobby Against Justin Amash Amendment Curtailing Its Power Posted: 07/23/2013 10:00 am EDT | Updated: 07/23/2013 11:50 am EDT http://www.huffingtonpost.com/2013/07/23/keith-alexander-justin-amash_n_3639329.html WASHINGTON -- The National Security Agency kicked its lobbying into high gear after an amendment from Rep. Justin Amash, a libertarian Republican from Michigan, was ruled in order and will get a vote sometime this week. NSA head Gen. Keith Alexander scheduled a last-minute, members-only briefing in response to the amendment, according to an invitation distributed to members of Congress this morning and forwarded to HuffPost. "In advance of anticipated action on amendments to the DoD Appropriations bill, Ranking Member C.A. Dutch Ruppersberger of the House Intelligence Committee invites your Member to attend a question and answer session with General Keith B. Alexander of the National Security Agency," reads the invitation. The invitation warned members that they could not share what they learned with their constituents or others. "The briefing will be held at the Top Secret/SCI level and will be strictly Members-Only," reads the invite. The Amash amendment would put the House on record when it comes to NSA snooping. The language of the measure, which would be attached to the Pentagon's spending bill "Ends authority for the blanket collection of records under the Patriot Act. Bars the NSA and other agencies from using Section 215 of the Patriot Act to collect records, including telephone call records, that pertain to persons who are not subject to an investigation under Section 215." The section of the Patriot Act that Amash is targeting was the subject of the first piece in The Guardian about NSA leaker Edward Snowden's revelations. A secret intelligence court has interpreted the law to allow the NSA to collect hundreds of millions of records on every American phone call under the theory that such records might be useful in future terrorism investigations. The intelligence community has claimed that the law is useful in thwarting potential terrorist incidents. But Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee with access to classified details about the program, said there is no evidence that the data collection had been directly responsible for stopping any single plot. Civil libertarians, meanwhile, are aghast at the NSA's broad interpretation of the law, and even the bill's author said he was surprised at how it is being used. Just seven months ago the House and Senate approved a military spending bill that reauthorized the NSA's extensive foreign surveillance operations, and in 2011 the Patriot Act was reauthorized by broad margins with bipartisan support in both the House and Senate. But Amash's amendment, cosponsored by former chairman of the House Judiciary Committee and liberal Michigan Democratic Rep. John Conyers, could capitalize on a new awareness of the scope of the intelligence community's activities. The amendment could draw support from both Democrats and Republicans. Just how much is uncertain -- this is the House's first up-or-down vote on the NSA's domestic surveillance activities since Snowden made his revelations. "This is the real deal: It's our first chance to roll back the NSA's spying regime, and we don't know when we'll have another one like it," said David Segal, executive director of Demand Progress, a progressive policy group. "To invoke that expert on surveillance George W. Bush: After this vote we'll finally know who is with us in the cause to protect civil rights -- and who is against us." Speaking at an event at the Center for American Progress on domestic data collection Tuesday, Wyden said that he hasn't read Amash's amendment but was encouraged by its progress. "The fact that this has made it to the floor of the House of Representatives is unquestionably good," he said. "It is another step, as I've outlined, in the march to a real debate. We wouldn't have had that seven, eight weeks ago." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 23 15:27:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jul 2013 16:27:32 -0400 Subject: [Infowarrior] - House forces vote on amendment that would limit NSA bulk surveillance Message-ID: House forces vote on amendment that would limit NSA bulk surveillance Opposition to bulk surveillance swells with vote that would 'end authority for blanket collection of records under the Patriot Act' ? Spencer Ackerman in Washington ? guardian.co.uk, Tuesday 23 July 2013 15.26 EDT Congressional opposition to the NSA's bulk surveillance on Americans swelled on Tuesday as the US House prepared to vote on restricting the collection of US phone records and a leading Senate critic blasted a "culture of misinformation" around government surveillance. Republican congressman Justin Amash prevailed in securing a vote for his amendment to a crucial funding bill for the Department of Defense that "ends authority for the blanket collection of records under the Patriot Act." The vote could take place as early as Wednesday evening. "The people have spoken through their representatives," Amash told the Guardian on Tuesday. "This is an opportunity to vote on something that will substantially limit the ability of the NSA to collect their phone records without suspicion." It will be the first such vote held by Congress on restricting NSA surveillance after the revelations from ex-contractor Edward Snowden, published in the Guardian and the Washington Post, that detailed a fuller picture of the surveillance authorities than officials had publicly disclosed ? something blasted in a fiery Tuesday speech by Senator Ron Wyden, a prominent Democratic critic of the surveillance programs. In a sign of how crucial the NSA considers its bulk phone records collection, which a secret surveillance court reapproved on Friday, its director, General Keith Alexander, held a four-hour classified briefing with members of Congress. Alexander's meeting was listed as "top-secret" and divided into two two-hour sessions, the first for Republicans and the second for Democrats. Staffers for the legislators were not permitted to attend. Amash, who attended the briefing, described it as cordial but declined to give specifics about what was discussed. "I don't believe anyone's mind was changed one way or the other," he said. Representatives for Alexander did not respond to a request for comment. < - > http://www.guardian.co.uk/world/2013/jul/23/house-amendment-nsa-bulk-surveillance From rforno at infowarrior.org Tue Jul 23 19:35:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jul 2013 20:35:42 -0400 Subject: [Infowarrior] - Sen Wyden: Public Has Been Actively Mislead By Government Officials Over Surveillance Message-ID: <6726316A-7F2D-401C-8455-10F1D76A6B24@infowarrior.org> Senator Wyden: Public Has Been Actively Mislead By Government Officials Over Surveillance http://www.techdirt.com/articles/20130723/13325623909/senator-wyden-public-has-been-actively-mislead-government-officials-over-surveillance.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 23 20:34:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jul 2013 21:34:41 -0400 Subject: [Infowarrior] - Irony Alert: Obama Opposes Amash Amendment Because It's A 'Blunt Approach' And Not A Product Of 'Open' Process Message-ID: <889E9040-C1D5-4084-987D-E0799B3498A6@infowarrior.org> Irony Alert: Obama Opposes Amash Amendment Because It's A 'Blunt Approach' And Not A Product Of 'Open' Process from the now-they're-just-fucking-with-us,-right? dept http://www.techdirt.com/articles/20130723/17454123916/irony-alert-obama-opposes-amash-amendment-because-its-blunt-approach-not-product-open-process.shtml Okay, someone in the White House just feels like giving people who believe in protecting civil liberties a giant middle finger today. As a quick review, the President and the administration have been hiding behind secret court orders with secret interpretations of the Patriot Act and the FISA Amendments Act to use a very blunt instrument: collecting pretty much all digital data around, and keeping the whole thing totally quiet for years. In response, Rep. Justin Amash is seeking to pull funding from one of the key NSA programs -- the one that involved a secret interpretation of Section 215 of the Patriot Act by a secret court to pretend that language that clearly applied to only limited data now meant the NSA could order AT&T, Verizon, Sprint and others to hand over every call record on every phone call. And, this is a program that no one knew about until Ed Snowden leaked it to the Guardian and the Washington Post. Okay, having reinforced those basic points, check out the giant "screw you guys" the White House just pushed out in the form of a "statement" in response to the Amash Amendment. I'll bold the key guffaw-inducing lines: "In light of the recent unauthorized disclosures, the President has said that he welcomes a debate about how best to simultaneously safeguard both our national security and the privacy of our citizens. The Administration has taken various proactive steps to advance this debate including the President?s meeting with the Privacy and Civil Liberties Oversight Board, his public statements on the disclosed programs, the Office of the Director of National Intelligence?s release of its own public statements, ODNI General Counsel Bob Litt?s speech at Brookings, and ODNI?s decision to declassify and disclose publicly that the Administration filed an application with the Foreign Intelligence Surveillance Court. We look forward to continuing to discuss these critical issues with the American people and the Congress. However, we oppose the current effort in the House to hastily dismantle one of our Intelligence Community?s counterterrorism tools. This blunt approach is not the product of an informed, open, or deliberative process. We urge the House to reject the Amash Amendment, and instead move forward with an approach that appropriately takes into account the need for a reasoned review of what tools can best secure the nation." Let me repeat that again: This blunt approach is not the product of an informed, open, or deliberative process. As opposed to the blunt process of collecting all data on everyone which was arrived at via an "informed, open and deliberative process -- known as totally secretly interpreting the plain language of a law in a secret ruling from a secret court to mean something almost entirely different than what the language itself said? This is a joke, right? Only someone who really has a sick sense of humor would try to argue that a bill looking to slow down the rampant spying on pretty much all Americans comes from a lack of an "informed, open, or deliberative process" when the process to create that massive surveillance infrastructure was all done in complete darkness. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 07:02:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 08:02:04 -0400 Subject: [Infowarrior] - Tech lobbying reports barely scratch NSA issue Message-ID: Tech lobbying reports barely scratch NSA issue By: Tony Romm July 24, 2013 05:02 AM EDT http://dyn.politico.com/printstory.cfm?uuid=155E68AE-0F6A-4B2B-BA1D-79BC01647000 Tech companies have publicly petitioned Washington for the ability to disclose more about their work with the National Security Agency ? but lobbying reports don?t show the industry?s giants making a play for sweeping changes to U.S. law. Google, Facebook, Yahoo and Microsoft together spent more than $8 million to canvass lawmakers from April to June on issues like immigration and cybersecurity, according to newly released federal disclosures. But the documents also reflect they?ve largely avoided an all-out offensive on the government?s powers to seek foreign suspects? Internet communications, tech insiders tell POLITICO. Only two of those tech leaders ? Facebook and Microsoft ? even mentioned the related laws in their latest lobbying reports, due Monday. The industry?s top lobbyists say the silence speaks only to the sensitivity of the surveillance fight. ?They?re engaged on the issue on Capitol Hill, more in the sense they?re there to answer questions,? one insider told POLITICO, ?but I wouldn?t say it?s a lobbying push.? Tech companies find themselves at the center of the political war over surveillance because of their connection to PRISM, the NSA-led program tracking Internet communications first brought to light by The Guardian. In the aftermath, companies have pleaded with Washington for the ability to disclose more information. And they?ve notched some basic victories: The government has permitted many tech companies to reveal broad data about local and national investigators? record requests. But Google and Microsoft are among those still fighting the Foreign Intelligence Surveillance Court for permission to publish more about their relationship with the NSA. In the meantime, those companies and others have joined with civil liberties groups in asking Congress for more transparency. ?We further urge Congress to pass legislation requiring comprehensive transparency reporting by the federal government and clearly allowing for transparency reporting by companies without requiring companies to first seek permission from the government or the FISA Court,? they wrote in a letter last week. For all of the tech set?s legal and rhetorical manuevering, however, Silicon Valley?s biggest brands haven?t made much of a peep for sweeping restrictions on the scope of federal surveillance, multiple sources tell POLITICO. There?s no mention of any push to gut the NSA and its controversial programs in the second-quarter lobbying registrations filed by Yahoo and Google. Neither company returned comment for this story. One of Google?s outside lobbying shops, JGB & Associates, did focus generally on ?data privacy,? mentioning the Foreign Intelligence Surveillance Act briefly. The search giant spent $3.3 million in the second quarter, down a hair from the first three months of the year. Facebook, by contrast, indicated it has lobbied for ?more transparency and flexibility around national security-related orders,? according to its filing. The company, which spent just over $1 million to lobby on a full slate of issues from April to June, did not reveal whether it is backing new legislation. A spokeswoman did not comment to POLITICO. Microsoft also pushed Congress on ?transparency of the FISA,? while spending about $2.9 million in lobbying in the second quarter on an agenda that mostly included immigration reform. The company also had no comment. Most of the tech leaders focused on the broader bucket of digital privacy issues. For example, Google, Microsoft, Facebook, Yahoo and others indicated they continued lobbying in the second quarter on reforms to the Electronic Communications Privacy Act, which would extend to emails and other digital documents the same legal protections afforded to their paper-based predecessors. Many of those same companies also backed bills that safeguard cellphone location data, while keeping a close eye on other emerging issues, from cybersecurity to immigration. ?The tech companies have certainly stuck out their necks for transparency ? and some have even sued for sunshine on the surveillance demands they?ve received,? said Greg Nojeim, senior counsel at the Center for Democracy & Technology. ?It remains to be seen, though, whether they will step up and support substantive changes to the PATRIOT Act to protect their customers? privacy.? ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 07:02:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 08:02:07 -0400 Subject: [Infowarrior] - Call Congress TODAY to support Amash Amendment Message-ID: Congress Votes on an Amendment to Defund Domestic Spying: Here?s How You Can Help https://www.eff.org/deeplinks/2013/07/tomorrow-congress-votes-amendment-defund-spying-heres-how-you-can-help < - > Activists are already mobilizing support for the Amash amendment. Overnight, they?ve created a website?http://defundthensa.com?that calls on Representatives to support the Amash amendment. Because there are less than 24 hours before the vote, there is no time to send emails. If you want your Representative to support this amendment, you must call (or tweet) rather than email. Defund the NSA provides phone numbers as well a simple suggested script. See their privacy policy. < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 14:49:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 15:49:13 -0400 Subject: [Infowarrior] - Amash claims strong support for NSA amendment Message-ID: Justin Amash claims strong support for NSA amendment By: Ginger Gibson July 24, 2013 12:06 PM EDT http://dyn.politico.com/printstory.cfm?uuid=C9D569FA-BE78-4B90-AD07-556564FB101B Rep. Justin Amash said he has strong support for his amendment to the Defense appropriations bill that would defund the NSA program that collects billions of Americans phone records. ?It?s very broad and it?s broad because the American people support it,? Amash (R-Mich.) said at a panel discussion with House conservatives Wednesday morning. In unusual form, a small debate broke out about the amendment during the monthly Conversation with Conservatives event. Rep. Michele Bachmann (R-Minn.), who serves on the House Intelligence Committee, was the only member of the panel to say that she would be voting against Amash?s amendment. Bachmann made the case that the program doesn?t violate Fourth Amendment rights because the businesses own the records being obtained, not the individuals. ?There is no expectation of privacy,? Bachmann said. ?Individuals do not own the records.? Bachmann said the program, as well as the one used to monitor online conversations, are needed for security. ?I believe we need to win the war on terror, we need to defeat the goals and aims of radical jihadists,? she said. Amash countered that his amendment won?t affect the online programs and that in a modern era, arguing that businesses owns the records make all digital records accessible to the government. ?That?s like saying our emails are property of Google,? Amash said. ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 15:05:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 16:05:22 -0400 Subject: [Infowarrior] - 9CA: Broadcasters Can't Use Copyright To Block Commercial Skipping Message-ID: <39DD2D95-0159-404C-90D2-D14FD28AE53B@infowarrior.org> Court Says Broadcasters Can't Use Copyright To Block Commercial Skipping from the good-court-rulings dept This morning there was a huge victory for common sense in the Ninth Circuit appeals court ruling in the Fox v. Dish case over Dish's AutoHopper technology. As you may recall, pretty much all the major broadcasters sued Dish a year ago, claiming that its AutoHopper technology with the PrimeTime Anytime feature -- which would record the entire primetime lineup, and allow Dish customers to watch everything (starting the next day) while automatically skipping the commercials -- was infringement (and breach of contract). As we noted at the time, the broadcasters' arguments made very little sense. The basis of the argument was that skipping commercials is a form of copyright infringement. We couldn't see how skipping commercials violated the copyright in any way at all, and while Fox pretended it won the initial ruling at the district court level, the reality was that Dish won big. < - > http://www.techdirt.com/articles/20130724/10340723925/appeals-court-broadcasters-cant-use-copyright-to-block-commercial-skipping.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 15:05:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 16:05:24 -0400 Subject: [Infowarrior] - Alyssa Milano Claiming Trademark And Copyright On 'Hacktivist' Message-ID: <9BA434E5-438E-46AE-9832-5CCF6EE89729@infowarrior.org> Alyssa Milano Claiming Trademark And Copyright On 'Hacktivist' http://www.techdirt.com/articles/20130723/16570323914/alyssa-milano-claiming-trademark-copyright-hacktivist.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 15:26:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 16:26:56 -0400 Subject: [Infowarrior] - Bitcoin Ponzi scheme: SEC charges Texas man Message-ID: <488CA2E8-37F5-4258-8659-A9675479067C@infowarrior.org> (h/t anonymous) Bitcoin Ponzi scheme: SEC charges Texas man Bitcoin Ponzi scheme raised at least $4.5 million from investors in the digital currency. But SEC says Bitcoin operator used some proceeds for personal expenses, then covered withdrawals with money from new investors. < - > http://www.csmonitor.com/layout/set/print/Business/Latest-News-Wires/2013/0724/Bitcoin-Ponzi-scheme-SEC-charges-Texas-man --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 16:57:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 17:57:12 -0400 Subject: [Infowarrior] - House debating NSA programs now Message-ID: <048B9D28-D7E3-4325-BD26-04F959A7C433@infowarrior.org> http://www.c-span.org/Live-Video/C-SPAN/ @EFFLive is live-tweeting it. House presently debating the Nugent (FL) amendment -- which is what NSA supporters want to see passed instead of the Amash Amendment, which is up next. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 17:12:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 18:12:35 -0400 Subject: [Infowarrior] - Blueprints Of NSA's Ridiculously Expensive Data Center In Utah Suggest It Holds Less Info Than Thought Message-ID: <69F382CF-8CAB-405B-B6EF-7D3EF902C170@infowarrior.org> Blueprints Of NSA's Ridiculously Expensive Data Center In Utah Suggest It Holds Less Info Than Thought http://www.forbes.com/sites/kashmirhill/2013/07/24/blueprints-of-nsa-data-center-in-utah-suggest-its-storage-capacity-is-less-impressive-than-thought/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 17:53:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 18:53:42 -0400 Subject: [Infowarrior] - Amash amendment fails Message-ID: /eom --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 24 19:32:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jul 2013 20:32:58 -0400 Subject: [Infowarrior] - Roll Call of the Amash amendment vote Message-ID: Roll Call of the Amash amendment vote. Where does YOUR Congressperson fall? H R 2397 RECORDED VOTE 24-Jul-2013 6:51 PM AUTHOR(S): Amash of Michigan Amendment No. 100 QUESTION: On Agreeing to the Amendment http://clerk.house.gov/evs/2013/roll412.xml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 06:41:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 07:41:30 -0400 Subject: [Infowarrior] - USG wants vendor master crypto keys Message-ID: (Anyone remember the idea of government key-escrow from the mid-90s? Here we go again, just with a twist. ---rick) Feds put heat on Web firms for master encryption keys Whether the FBI and NSA have the legal authority to obtain the master keys that companies use for Web encryption remains an open question, but it hasn't stopped the U.S. government from trying. http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/ by Declan McCullagh July 24, 2013 4:00 AM PDT The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping. These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users. If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer. "The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity. The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do." A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would turn over a master key used for Web encryption or server-to-server e-mail encryption, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it." Google also declined to disclose whether it had received requests for encryption keys. But a spokesperson said the company has "never handed over keys" to the government, and that it carefully reviews each and every request. "We're sticklers for details -- frequently pushing back when the requests appear to be fishing expeditions or don't follow the correct process," the spokesperson said. Sarah Feinberg, a spokeswoman for Facebook, said that her employer has not received requests for encryption keys from the U.S. government or other governments. In response to a question about divulging encryption keys, Feinberg said: "We have not, and we would fight aggressively against any request for such information." Apple, Yahoo, AOL, Verizon, AT&T, Opera Software's Fastmail.fm, Time Warner Cable, and Comcast declined to respond to queries about whether they would divulge encryption keys to government agencies. Encryption used to armor Web communications was largely adopted not because of fears of NSA surveillance -- but because of the popularity of open, insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords transmitted over networks through unencrypted links, has become a fixture of computer security conventions, and Internet companies began adopting SSL in earnest about three years ago. "The requests are coming because the Internet is very rapidly changing to an encrypted model," a former Justice Department official said. "SSL has really impacted the capability of U.S. law enforcement. They're now going to the ultimate application layer provider." An FBI spokesman declined to comment, saying the bureau does not "discuss specific strategies, techniques and tools that we may use." Top secret NSA documents leaked by former government contractor Edward Snowden suggest an additional reason to ask for master encryption keys: they can aid bulk surveillance conducted through the spy agency's fiber taps. One of the leaked PRISM slides recommends that NSA analysts collect communications "upstream" of data centers operated by Apple, Microsoft, Google, Yahoo, and other Internet companies. That procedure relies on a FISA order requiring backbone providers to aid in "collection of communications on fiber cables and infrastructure as data flows past." Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he met with NSA officials and witnessed domestic Internet traffic being "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. Only NSA-cleared technicians were allowed to work on equipment in the SG3 secure room, Klein said, adding that he was told similar fiber taps existed in other major cities. But an increasing amount of Internet traffic flowing through those fiber cables is now armored against surveillance using SSL encryption. Google enabled HTTPS by default for Gmail in 2010, followed soon after by Microsoft's Hotmail. Facebook enabled encryption by default in 2012. Yahoo now offers it as an option. "Strongly encrypted data are virtually unreadable," NSA director Keith Alexander told (PDF) the Senate earlier this year. Unless, of course, the NSA can obtain an Internet company's private SSL key. With a copy of that key, a government agency that intercepts the contents of encrypted communications has the technical ability to decrypt and peruse everything it acquires in transit, although actual policies may be more restrictive. One exception to that rule relies on a clever bit of mathematics called perfect forward secrecy. PFS uses temporary individual keys, a different one for each encrypted Web session, instead of relying on a single master key. That means even a government agency with the master SSL key and the ability to passively eavesdrop on the network can't decode private communications. Google is the only major Internet company to offer PFS, though Facebook is preparing to enable it by default. Even PFS isn't complete proof against surveillance. It's possible to mount a more advanced attack, sometimes called a man-in-the-middle or active attack, and decode the contents of the communications. A Wired article in 2010 disclosed that a company called Packet Forensics was marketing to government agencies a box that would do precisely that. (There is no evidence that the NSA performs active attacks as part of routine surveillance, and even those could be detected in some circumstances.) The Packet Forensics brochure said that government agencies would "have the ability to import a copy of any legitimate key they obtain (potentially by court order)." It predicted that agents or analysts will collect their "best evidence while users are lulled into a false sense of security afforded by Web, e-mail or VOIP encryption." With a few exceptions, even if communications in transit are encrypted, Internet companies typically do not encrypt e-mail or files stored in their data centers. Those remain accessible to law enforcement or the NSA through legal processes. Leaked NSA surveillance procedures, authorized by Attorney General Eric Holder, suggest that intercepted domestic communications are typically destroyed -- unless they're encrypted. If that's the case, the procedures say, "retention of all communications that are enciphered" is permissible. It's not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies. "That's an unanswered question," said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "We don't know whether you can be compelled to do that or not." The government has attempted to use subpoenas to request copies of encryption keys in some cases, according to one person familiar with the requests. Justice Department guidelines say subpoenas may be used to obtain information "relevant" to an investigation, unless the request is "unreasonably burdensome." "I don't know anyone who would turn it over for a subpoena," said an attorney who represents Internet companies but has not fielded requests for encryption keys. Even a wiretap order in a criminal case would be insufficient, but a FISA order might be a different story, the attorney said. "I'm sure there's some logic in collecting the haystack." Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, challenged the notion that current law hands the government the power to demand master encryption keys. Even with a FISA order for the private key, Opsahl said, the amount of technical assistance that a company must provide to the NSA or other federal agencies "has a limit." Federal and state law enforcement officials have previously said encrypted communications were beginning to pose an obstacle to lawful surveillance. Valerie Caproni, the FBI's general counsel at the time, told a congressional hearing in 2011, according to a transcript: Encryption is a problem, and it is a problem that we see for certain providers... For individuals who put encryption on their traffic, we understand that there would need to be some individualized solutions if we get a wiretap order for such persons... We are suggesting that if the provider has the communications in the clear and we have a wiretap order, that the provider should give us those communications in the clear. "One of the biggest problems with compelling the [private key] is it gives you access to not just the target's communications, but all communications flowing through the system, which is exceedingly dangerous," said Stanford's Granick. Update, 11:40 a.m. PT: Adds additional comments from a Facebook representative saying the company has not received such requests. Disclosure: McCullagh is married to a Google employee not involved with this issue. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 11:27:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 12:27:26 -0400 Subject: [Infowarrior] - Democratic Leadership Says NSA Data Collection Is Fine Because You 'May Be In Communication With Terrorists' Message-ID: Democratic Leadership Says NSA Data Collection Is Fine Because You 'May Be In Communication With Terrorists' http://www.techdirt.com/articles/20130724/18313423933/democratic-leadership-says-nsa-data-collection-is-fine-because-you-may-be-communication-with-terrorists.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 11:38:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 12:38:39 -0400 Subject: [Infowarrior] - EU reevaluating data sharing agreement with US in wake of NSA leaks Message-ID: <24B66DC7-D300-4831-BD31-9B5FA3418155@infowarrior.org> EU reevaluating data sharing agreement with US in wake of NSA leaks http://arstechnica.com/tech-policy/2013/07/eu-reevaluating-data-sharing-agreement-with-us-in-wake-of-nsa-leaks/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 14:50:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 15:50:44 -0400 Subject: [Infowarrior] - Why Does Rep. Mike Rogers Always Mock The Internet And Its Users? Message-ID: <1E7DE510-D511-4BE4-8CCA-A86C3AA48944@infowarrior.org> Why Does Rep. Mike Rogers Always Mock The Internet And Its Users? from the do-you-not-care-about-the-public? dept Rep. Mike Rogers, who has long been a strong supporter of stomping on your privacy in the name of supporting his friends (and family) who are a part of the intelligence-industrial complex, seems to have a real hatred for the internet and the people who express their opinion via the internet. No wonder he was the lead sponsor of CISPA and wanted the ability to undermine the privacy promises of internet companies. Back when the CISPA debate was happening, and there was widespread grassroots opposition, Rogers dismissed it all, claiming that it was just "14-year-olds in their basement clicking around on the internet. So it should come as little surprise that when he stood up on the House floor yesterday to defend the NSA's mass collection of Americans' private information, he once again mocked the internet and its users. You can watch Rogers' impassioned speech here, which is almost entirely made up of misleading rhetoric in defense of the program, and concludes with this obnoxious sendoff: "Are we so small that we can only look at our Facebook likes today in this Chamber? Or are we going to stand up and find out how many lives we can save?" Note the implication: those supporting the Amash Amendment are those awful basement-dweller "internet" types who are tweeting and Facebooking their support -- and those people don't matter. Sorry, Rep. Rogers, but those people are the American public whose interests you're supposed to be representing. Not the interests of your wife's career opportunities, or the interests of your friends in law enforcement. A few other tidbits from his speech: He claims that "this program and others" stopped 54 terrorist attacks. Note the "and others." No one has yet shown any actual evidence that this program -- the one being debated -- did actually stop any attacks or, even when it may have been used in investigations, that it was necessary as compared to other investigative techniques and programs. Amusingly, while he conflates "this program" with "others" when talking about how important it is, earlier in the speech he goes in the other direction, focusing very narrowly on "this program." In the opening he insists that, under this program, the NSA collects "no emails, no phone calls, no names, and no addresses." Right. This program, the Section 215 "business records" collection of bulk metadata, does not include that info. But the NSA is collecting much of that info through other programs. Or, you know, through publicly available databases. We've seen many people argue that "this program" doesn't include things like names attached to phone numbers, but does anyone actually think that the NSA isn't able to do a reverse lookup to match a phone number to a name? Meanwhile, it's well known that the feds absolutely can get emails and phone calls if necessary. So, to say that because those things aren't obtained under this program, it means this program is fine, is silly -- because it's not difficult to get from this program to those others. He also exaggerates how many people have said this program is legal. Especially when it comes to Congressional oversight. As this very debate showed, many in Congress were misled into believing this program was entirely different. Furthermore, when he claims that the various Intelligence Committees in the House and the Senate "approved" of this program, claiming they "came together" and supported the program, he implies that it was universal approval, but as we've seen from Senators Wyden and Udall that's hardly the case. And I won't even get into ridiculous fear mongering mentions of 9/11 and how without this program we're back to 9/10. That's just wrong. Perhaps if Rep. Rogers actually went out and spoke to the American public, rather than insulting them, he might learn that his job is to represent them, and not the intelligence community and the big defense contractors. This isn't about getting Facebook likes. This is about the American public. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 14:50:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 15:50:53 -0400 Subject: [Infowarrior] - Amash Amendment to defund NSA surveillance fails narrowly Message-ID: <92637465-6238-475F-9408-55C168947A6D@infowarrior.org> (posted last night) Amash Amendment to defund NSA surveillance fails narrowly By Richard Forno on July 24, 2013 at 5:19 pm http://cyberlaw.stanford.edu/blog/2013/07/amash-amendment-defund-nsa-surveillance-fails-narrowly In a closely watched vote that ended within the past hour, the US House of Representatives narrowly rejected Rep. Justin Amash's (R-MI) amendment (205-217) to defund activities pertaining to the NSA's controversial blanket collection of telephone records under the 'Patriot' Act. This vote follows a set of emergency hearings requested by NSA Director General Keith Alexander yesterday as a last-ditch effort to win continued Congressional support for these programs. As expected, during the brief House debates, the usual national security bromides, fearful predictions, and a requisite invocation of "9/11" were launched against the amendment by Congressional supporters of NSA's various surveillance programs. And, of course, mention of Edward Snowden. Some memorable moments: Congressman Michelle Bachmann (R-MN), after railing against the "false narrative" being made about the NSA surveillance program in the national dialogue, proceeded to describe "metadata" as something less detailed (or dangerous) than a "local phone book" in voicing her support of it. House Intelligence Committee (HPSCI) Chairman Mike Rogers (R-MI) implored members to ignore "Facebook Likes" (which one interprets as 'public opinion') and vote to "protect the country" -- while also pinkie-swearing to consider privacy issues pertaining to NSA surveillance activities when his committee debates 2014 intelligence community funding in the fall. Rep Tom Cotton (R-AK) even suggested that 'metadata' is akin to an Excel spreadsheet, while then claiming the surveillance program is necessary because the United States is "at war" -- which is surprising, because when did Congress declare one? By contrast, the primary author of the 2001 USA 'Patriot' Act (through which NSA derives its authority to conduct some of its controversial surveillance activities) Rep. James Sensenbrenner (R-WI) vehemently supported the Amash amendment, saying the law's provisions needed to be curtailed. However, his thoughts were ignored, as were Rep. Zoe Lofgren's (D-CA) concerns that the executive branch's oversight report to Congress about activities under Section 215 of the 'Patriot' Act this year was only "eight sentences." Going into the vote, I suspected the Amash amendment would fail. Why? Moments before the Amash amendment was graciously afforded a 2-minute vote[1], a competing status-quo amendment offered by HPSCI member Mike Pompeo (R-KN) was given a typical 15-minute vote and passed with an overwhelming bipartisan tally of 409-12. However, by passing the Pompeo amendment, Members of Congress were given the political 'cover' to claim they voted on something "in response" to public concerns about the NSA's surveillance programs -- while not actually addressing the underlying issues themselves. (During the debate, @EFFLive referred to it as the 'decoy amendment.') EDIT #1: Roll call vote tally by name on the Amash Amendment consideration. Interestingly, there were 12 votes needed for passage.....and there were 12 "no votes" -- 6 Republican, 6 Democrat. Coincidence? [1] Congress routinely schedules votes of varying durations. A "15-minute" or "5-minute" vote is the norm. However, to garner enough support to pass a controversial bill, the majority may hold a vote open for hours if necessary. By contrast, it may compress the duration of a voting window to procedurally challenge those seeking to vote in favour of controversial items it disagrees with. That's a classic Congressional technique. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 15:41:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 16:41:01 -0400 Subject: [Infowarrior] - 9/11 Commission heads:It's time to debate NSA program Message-ID: <2BFCF88E-341B-48DE-B8AE-3F6C93DE2CB2@infowarrior.org> It's time to debate NSA program By: Thomas H. Kean and Lee H. Hamilton July 23, 2013 09:31 PM EDT http://dyn.politico.com/printstory.cfm?uuid=8B89BBEC-5144-462E-BE1E-706AF08E7F65 Every day, it seems, brings disturbing new revelations about the National Security Agency?s program to collect phone and email metadata, raising serious questions for our country. Reports indicate that the NSA is gathering metadata on millions of people in the United States and around the world, targeting diplomatic missions of both friends and foes. The NSA?s metadata program was put into place with virtually no public debate, a worrisome precedent made worse by erecting unnecessary barriers to public understanding via denials and misleading statements from senior administration officials. When the Congress and the courts work in secret; when massive amounts of data are collected from Americans and enterprises; when government?s power of intrusion into the lives of ordinary citizens, augmented by the awesome power of advanced technologies, is hugely expanded without public debate or discussion over seven years, then our sense of constitutional process and accountability is deeply offended. Officials insist that the right balance has been struck between security and privacy. But how would we know, when all the decisions have been made in secret, with almost no oversight? Much of this surveillance activity raises sharp questions: Is it necessary to collect and preserve this vast amount of data rather than pursue targeted individuals? Is the government using the least intrusive means to protect us? What are the rules for using metadata collected ostensibly for counterterrorism purposes in other contexts? Could more information about the program?s reach have been made available earlier? These and other vital questions must be debated in the open. A fundamental duty of our government is to keep the country safe. Spying and surveillance are instruments of national power that have an important place in U.S. national security, as the threat of terrorism is real and lethal. It is not the surveillance program per se that is concerning; we agree that authorized and monitored surveillance is necessary. It is the sheer magnitude of the program and the lack of debate that worry us. In the aftermath of the Sept. 11, 2001, terrorist attacks, security officials were galvanized by the fear of another mass casualty attack. The pendulum swung in the direction of security over privacy, giving rise to the NSA surveillance program. The terror threat has evolved over the years. We need to examine these programs and determine whether their scope is necessary today. When the government is exercising powers that may impinge on our rights, even when justified as measures essential for national security, we must be alert. Government, once granted authority, rarely relinquishes it and often expands it. Even if its actions are well intentioned, we must consider the precedent of expansive government power to be used 10, 20 or 50 years hence, when the justification may be less compelling than safeguarding lives. The administration says the program is tightly controlled, but unilateral executive branch action and assurances are not sufficient; we need constitutional checks and balances. The extremely low rate of denial of warrant requests and the fact that in the hearings only the government?s side is presented are troubling. The public would benefit from a better, more detailed understanding of the judiciary process. The Congress, the courts and the Privacy and Civil Liberties Oversight Board, which the 9/11 Commission recommended, each have critically important roles to play. This board is essential to balancing the impact of the government?s security measures in the aftermath of Sept. 11 with our civil liberties. It has taken a decade to get the board up and running. Now that the Senate has confirmed a chairman, it is time for the board to get to work in a transparent manner on this surveillance program. We are stronger as a nation when we understand what the government is doing. This does not mean sharing sensitive intelligence with the public. A public debate poses challenges when it involves classified information that dribbles out, obfuscated by misinformation. But there is certainly far more we can discuss openly. President Barack Obama has rightly called for a national discussion, which his administration and Congress should convene. It is unfortunate that this conversation begins only when an unauthorized leaker divulges secrets he has agreed, under penalty of law, to keep. But the issues are now before the public. It is time to trust the American people?s judgment about where to strike the balance between what is, after all, their security and their freedom. Thomas Kean, former governor of New Jersey, and Lee Hamilton, a former congressman from Indiana, co-chair the Bipartisan Policy Center?s Homeland Security Project. Kean was chairman and Hamilton was vice chairman of the 9/11 Commission. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 17:41:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 18:41:04 -0400 Subject: [Infowarrior] - USG looking to get user account passwords, too Message-ID: <257461B3-0D62-4001-89F2-30389F789E1D@infowarrior.org> Feds tell Web firms to turn over user account passwords by Declan McCullagh July 25, 2013 11:26 AM PDT Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form. < - > The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed. If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. "I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back." A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts. < - > http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 25 17:49:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jul 2013 18:49:46 -0400 Subject: [Infowarrior] - U.S. lawmakers want sanctions on any country taking in Snowden Message-ID: <4D7E14E9-214C-47EF-AD0D-FC8441BB8B68@infowarrior.org> U.S. lawmakers want sanctions on any country taking in Snowden 3:18pm EDT By Patricia Zengerle http://www.reuters.com/assets/print?aid=USBRE96O18220130725 WASHINGTON (Reuters) - A U.S. Senate panel voted unanimously on Thursday to seek trade or other sanctions against Russia or any other country that offers asylum to former spy agency contractor Edward Snowden, who has been holed up for weeks at a Moscow airport. The 30-member Senate Appropriations Committee adopted by consensus an amendment to a spending bill that would direct Secretary of State John Kerry to meet with congressional committees to come up with sanctions against any country that takes Snowden in. Snowden is wanted by the United States on espionage charges for revealing details of government intelligence programs. He arrived in Moscow on June 23 from Hong Kong, where he had fled to escape capture and trial in the United States. He has asked for temporary asylum in Russia until he can reach a country that will shelter him, but U.S. authorities have made clear they will be deeply disappointed if Russia lets the fugitive leave the airport. Bolivia, Nicaragua and Venezuela have said they could offer sanctuary to Snowden. Republican U.S. Senator Lindsey Graham said he introduced the amendment to try to get the attention of any country that might take in Snowden, not Russia in particular, although he noted Moscow has lined up against the United States on other issues, including the civil war in Syria. "When it comes to Russia, it's just not about Snowden. They are allying with Iran, 100,000 Syrians have been killed, they are providing weapons to Assad that are getting in the hands of Hezbollah. And really enough's enough," said Graham, who has suggested the U.S. consider boycotting the 2014 Winter Olympics in Russia. The amendment would direct Kerry to meet with congressional committees to develop sanctions options "including revocation or suspension of trade privileges and preferences." It was not immediately clear how any sanctions program would work, and the spending bill is several steps from becoming law. But the United States has a number of programs that provide international trade benefits to developing countries, including Bolivia and Venezuela, which could be affected. The country also has a free trade agreement with Nicaragua that could come under scrutiny. Josh Earnest, a White House spokesman, told reporters on Thursday that President Barack Obama's administration was having "ongoing conversations" with Russia and that authorities there had not made clear Snowden's status. (Additional reporting by Doug Palmer and Roberta Rampton; Editing by Vicki Allen) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 26 07:16:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jul 2013 08:16:31 -0400 Subject: [Infowarrior] - USG Argues Bradley Manning Was An Anarchist, As Case Closes Message-ID: Government Argues Bradley Manning Was An Anarchist, As Case Closes from the the-lies-your-government-spreads dept We haven't been covering the day to day of the Bradley Manning trial, though it has been interesting (and frustrating) to follow. However, in its closing argument, it appears that the government is trying to smear Bradley Manning and his whistleblowing every possible way: "After more than four and a half hours of proceedings, the government wrapped up its closing argument in the trial of Pfc. Bradley Manning, the soldier being prosecuted for disclosing information to WikiLeaks. Prosecutors called him an ?anarchist,? a ?hacker,? and a ?traitor? before the argument was over." Really? All three claims are flat out ridiculous. From the very beginning Manning was quite clear in his motives, which were about making sure the American public was better informed. The bogus traitor claims have been mentioned before, and seem to have no basis in reality. But the anarchy one is a new one. As Kevin Gosztola explains... < - > http://www.techdirt.com/articles/20130725/16280123948/government-argues-bradley-manning-was-anarchist-as-case-closes.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 26 09:43:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jul 2013 10:43:58 -0400 Subject: [Infowarrior] - Barnaby Jack passes Message-ID: <58E06A27-847E-4463-B7AA-49C5D8315F87@infowarrior.org> Cash-machine-hacking security extraordinaire Barnaby Jack dies Tributes flood in for researcher who exposed holes in medical gear and more By John Leyden, 26th July 2013 http://www.theregister.co.uk/2013/07/26/barnaby_jack_dies/ Barnaby Jack, the security researcher who demonstrated cash machine hacks live on stage in Las Vegas and later highlighted the insecurity of smart medical devices, has died. His death was confirmed by staff at his employer, security biz IOActive, and his sister Amberleigh Jack. His passing comes days before the opening of the Black Hat hacking convention in Vegas, where he was due to give a talk on electronic medical implants for humans. There are no details about the circumstances of his death at the time of writing. It is understood the San Francisco Medical Examiner's office said he died in the city on Thursday. His peers took to Twitter to pay tribute, and reminisce about past exploits with Jack. Dave Marcus, a senior threat researcher at McAfee, wrote: Great memory: Barnaby Jack shooting me in the face with water through a hacked insulin pump whilst doing shots. RIP Barns. You made me laugh ? Dave Marcus (@DaveMarcus) July 26, 2013 Jerry Gamblin, a network security specialist and conference speaker, added: Sad to learn @barnaby_jack has passed away. He was a much better person than he was a hacker, and that is saying something. ? Jerry Gamblin (@JGamblin) July 26, 2013 Dan Kaminsky, of Cisco, Avaya and IOActive fame, chipped in: God, the stories. Nobody caused such hilarious trouble like @barnaby_jack. You kids with your lulz are about to learn about a PRO ? Dan Kaminsky (@dakami) July 26, 2013 An IOActive spokesman told El Reg: "We are working with his family to provide a way to celebrate and remember him." Back in 2010, to highlight security flaws in selected ATMs, Jack demonstrated his cash machine "jackpotting" technique live on stage, as this video shows: His bug hunting and research covered all corners of computer security from scrutinising low-level Windows drivers to writing flaw exploitation whitepapers and articles. We'll update with more details when we have them. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 26 11:54:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jul 2013 12:54:56 -0400 Subject: [Infowarrior] - DC getting anti-missile blimps Message-ID: Don?t Be Alarmed by the Drone Blimps Hovering Over D.C. They?re Here to Stop Cruise Missiles By Brian Resnick July 26, 2013 | 8:18 a.m. http://www.nationaljournal.com/nationalsecurity/don-t-be-alarmed-by-the-drone-blimps-hovering-over-d-c-they-re-here-to-stop-cruise-missiles-20130726 If America is attacked, we might be saved by blimps. No, not state-of-the-art jet fighters that can fly well beyond the speed of sound. But blimps: lumbering, relatively jovial blimps?the manatees of aviation. Within a year, a pair of souped-up $2.7 billion blimps (price includes R&D) will be floated 10,000 feet above the District of Columbia and act as a 340-mile-wide eye in the sky, detecting incoming missiles and the like. The design and testing phase for JLENS?the (deep breath) Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System, produced by Raytheon, a major weapons manufactuer?is over, relays Program Director Doug Burgess to Popular Mechanics. Now, it is time for implementation. Or, as he puts it, "[We're] getting away from the Ph.D. engineer types running the system to the 20- or 25-year-old soldier running the system." < - > The balloons that will fly over D.C. will perform a similar function, and look remarkably similar?but swap the wire cabling for state-of-the-art radar and computer processors. And these won't be keeping out Nazi propeller planes; they'll detect more-modern threats, such as cruise missiles. According to Raytheon, the units will protect a city at 500-700 percent less than the cost to operate the reconnaissance planes necessary to maintain the same amount of coverage. They will provide a comforting amount of "minutes," rather than the current "seconds" of time for U.S. forces to decide what to do with the threat of an antiship cruise missile. The blimps, or aerostats as they are technically called, are 77 yards long, and have a range of 340 miles. They fly at 10,000 feet for 30 days at time. According to an unclassified report by the Defense Department, they've performed well in testing. "The JLENS radars successfully tracked fighter aircraft, towed targets, and cruise-missile targets, meeting accuracy requirements within margin," the report states. A test on the Great Salt Lake, reports Popular Mechanics, revealed that the JLENS can detect a swarm of boats from 100 miles away. The aircraft could potentially carry weapons, and have fire-control radar, which means they can send information that a ballistic system can interpret to aim a shot. < - > http://www.nationaljournal.com/nationalsecurity/don-t-be-alarmed-by-the-drone-blimps-hovering-over-d-c-they-re-here-to-stop-cruise-missiles-20130726 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 26 12:22:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jul 2013 13:22:09 -0400 Subject: [Infowarrior] - =?windows-1252?q?U=2ES=2E_Tells_Russia_It_Won=92t?= =?windows-1252?q?_Torture_or_Kill_Snowden?= Message-ID: <831F4288-9BEF-411B-BC0D-BFE771E8B079@infowarrior.org> U.S. Tells Russia It Won?t Torture or Kill Snowden By MICHAEL S. SCHMIDT Published: July 26, 2013 http://www.nytimes.com/2013/07/27/world/europe/edward-snowden.html?hp&_r=0 WASHINGTON ? Attorney General Eric H. Holder Jr. said in a letter sent to the Russian minister of justice this week that the United States would not seek the death penalty against Edward J. Snowden, and would issue him a passport immediately so he could travel back to the United States. The letter also offered reassurances that the United States would not torture Mr. Snowden, the former intelligence contractor who faces criminal charges of disclosing classified information and has been hiding in an airport in Moscow in order to evade the American authorities. ?We believe these assurances eliminate these asserted grounds for Mr. Snowden?s claim that he should be treated as a refugee or granted asylum, temporary or otherwise,? Mr. Holder said in the letter, which was sent to Justice Minister Aleksandr V. Konovalov. A copy of the letter was provided to The New York Times on Friday by a Justice Department official, in response to questions about communications between the United States and Russian governments about Mr. Snowden?s fate. The charges Mr. Snowden faces in the United States do not carry the death penalty, the letter said, adding that the United States would not seek the death penalty ?even if Mr. Snowden were charged with additional death penalty-eligible crimes.? Mr. Holder said that Mr. Snowden?s claims that he is unable to travel are false and that the United States was willing to issue him a special passport so he could return. ?Despite the revocation of his passport on June 22, 2013, Mr. Snowden remains a U.S. citizen,? Mr. Holder said. ?He is eligible for a limited validity passport good for direct return to the United States. The United States is willing to immediately issue such a passport to Mr. Snowden.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 26 12:22:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jul 2013 13:22:14 -0400 Subject: [Infowarrior] - Text of Holder letter to Russia on Snowden Message-ID: <4EA20864-E249-4C53-8D13-1CA26D271FBB@infowarrior.org> http://www.nytimes.com/interactive/2013/07/27/us/27holder-letter-russian-justice-minister.html July 23, 2013 His Excellency Alexander Vladimirovich Konovalov Minister of Justice The Russian Federation 14 Zhitnaya Ulitsa Moscow 1 19991 Russia Dear Mr. Minister: 1 am writing concerning the current status of Edward Snowden. As you know, Mr. Snowden has been charged with theft of government property (in violation of Title 18, United States Code, Section 641), unauthorized communication of national defense information (in violation of Title 18, United States Code, Section 793(d)), and willful communication of classified communications intelligence information to an unauthorized person (in violation of Title 18, United States Code, Section According to news reports and information provided by your government, Mr. Snowden is currently in the transit zone of the Sheremetyevo Airport. We understand from press reports and prior conversations between our governments that Mr. Snowden believes that he is unable to travel out of Russia and must therefore take steps to legalize his status. That is not accurate; he is able to travel. Despite the revocation of his passport on June 22, 2013, Mr. Snowden remains a U.S. citizen. He is eligible for a limited validity passport good for direct return to the United States. The United States is willing to immediately issue such a passport to Mr. Snowden. We also understand from press reports that Mr. Snowden has filed papers seeking temporary asylum in Russia on the grounds that if he were returned to the United States, he would be tortured and would face the death penalty. These claims are entirely without merit. Nonetheless, I can report that the United States is prepared to provide to the Russian government the following assurances regarding the treatment Mr. Snowden would face upon return to the United States: First, the United States would not seek the death penalty for Mr. Snowden should he return to the United States. The charges he faces do not carry that possibility, and the United States would not seek the death penalty even if Mr. Snowden were charged with additional, death penalty-eligible crimes. If he returns to the United States, Mr. Snowden would be brought before a civilian court convened under Article of the United States Constitution and supervised by a United States District Judge. Mr. Snowden would receive all the protections that United States law provides to persons charged with federal criminal offenses in Article courts. In particular, Mr. Snowden would be appointed (or, if he so chose, could retain) counsel. Any questioning of Mr. Snowden could be conducted only with his consent: his participation would be entirely voluntary, and his legal counsel would be present should he wish it. Mr. Snowden would have the right to a public jury trial; he would have the right to testify if he wished to do so; and the United States would have to prove his guilt beyond a reasonable doubt to a unanimous jury. If convicted, Mr. Snowden would have the right to appeal to the United States Court of Appeals. We believe that these assurances eliminate these asserted grounds for Mr. Snowden's claim that he should be treated as a refugee or granted asylum, temporary or otherwise. Please ensure that this letter reaches the head minister for the Federal Migration Service, as well as any other Russian Federation agency responsible for receiving and considering Mr. Snowden's application for asylum. Sincerely, Eric H. Holder, Jr. Attorney General --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 26 16:20:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jul 2013 17:20:49 -0400 Subject: [Infowarrior] - NSA surveillance critics to testify before Congress Message-ID: <53F5DA66-21CB-4429-97F3-9394816550AC@infowarrior.org> NSA surveillance critics to testify before Congress Democrat congressman Alan Grayson says hearing will help to stop 'constant misleading information' from intelligence chiefs ? Paul Lewis in Washington ? guardian.co.uk, Friday 26 July 2013 07.00 EDT http://www.guardian.co.uk/world/2013/jul/26/nsa-surveillance-critics-testify-congress Congress will hear testimony from critics of the National Security Agency's surveillance practices for the first time since the whistleblower Edward Snowden's explosive leaks were made public. Democrat congressman Alan Grayson, who is leading a bipartisan group of congressman organising the hearing, told the Guardian it would serve to counter the "constant misleading information" from the intelligence community. The hearing, which will take place on Wednesday, comes amid evidence of a growing congressional rebellion NSA data collection methods. On Wednesday, a vote in the House of Representatives that would have tried to curb the NSA's practice of mass collection of phone records of millions of Americans was narrowly defeated. However, it exposed broader-than-expected concern among members of Congress over US surveillance tactics. A majority of Democrat members voted in support of the amendment. Grayson, who was instrumental in fostering support among Democrats for the the amendment, said Wednesday's hearing would mark the first time critics of NSA surveillance methods have testified before Congress since Snowden's leaks were published by the Guardian and Washington Post. "I have been concerned about the fact that we have heard incessantly in recent weeks from General Keith Alexander [director of the NSA] and Mr James Clapper [director of National Intelligence] about their side of the story," he said. "We have barely heard anything in Congress from critics of the program. "We have put together an ad hoc, bipartisan hearing on domestic surveillance in on the Capitol. We plan to have critics of the program come in and give their view ? from the left and the right." Grayson said the hearing had bipartisan support, and was backed by the Republican congressman Justin Amash, whose draft the amendment that was narrowly defeated. "Mr Amash has declared an interest in the hearing. There are several others who have a libertarian bent ? largely the same people who represented the minority of Republicans who decided to vote in favour of the Amash amendment." The hearing will take place at the same time as a Senate hearing into the NSA's activities. That will feature Gen Alexander and possibly his deputy, Chris Inglis, as well as senior officials from the Department of Justice and FBI. The simultaneous timing of the hearings will lead to a notable juxtaposition between opponents and defenders of the government's surveillance activities. "Both Congress and the American people deserve to hear both sides of the story," Grayson said. "There has been constant misleading information ? and worse than that, the occasional outright lie ? from the so-called intelligence community in their extreme, almost hysterical efforts, to defend these programmes." Although not a formal committee hearing, Grayson's event will take place on Capitol Hill, and composed of a panel of around a dozen members of Congress from both parties. Grayson said those testifying would include the American Civil Liberties Union as well as representatives from the right-leaning Cato Institute. "They are both going to come in and make it clear that this programme is not authorised by existing law - and if it were authorised by existing law, that law would be unconstitutional," Grayson said. The congressman added that Glenn Greenwald, the Guardian journalist who first revealed details of the surveillance programmes leaked by Snowden, had also been invited to testify via video-link from his base in Rio. "Even today, most people in America are unaware of the fact the government is receiving a record of every call that they make, even to the local pizzeria," Grayson said. "I think that most people simply don't understand that, despite the news coverage, which my view has been extremely unfocused. There has been far too much discussion of the leaker, and not enough discussion of the leak." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 27 15:16:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 Jul 2013 16:16:55 -0400 Subject: [Infowarrior] - =?windows-1252?q?Who_Are_We_at_War_With=3F_That?= =?windows-1252?q?=92s_Classified?= Message-ID: <7116C979-41B8-4D0A-84AE-313B87AB81B8@infowarrior.org> Who Are We at War With? That?s Classified President Obama has repeatedly said the U.S. is targeting Al Qaeda and ?associated forces.? But the government won?t say who those forces are. (STAFF/AFP/Getty Images) by Cora Currier ProPublica, July 26, 2013, 10:13 a.m. http://www.propublica.org/article/who-are-we-at-war-with-thats-classified In a major national security speech this spring, President Obama said again and again that the U.S. is at war with ?Al Qaeda, the Taliban, and their associated forces.? So who exactly are those associated forces? It?s a secret. At a hearing in May, Sen. Carl Levin, D-Mich., asked the Defense Department to provide him with a current list of Al Qaeda affiliates. The Pentagon responded ? but Levin?s office told ProPublica they aren?t allowed to share it. Kathleen Long, a spokeswoman for Levin, would say only that the department?s ?answer included the information requested.? A Pentagon spokesman told ProPublica that revealing such a list could cause ?serious damage to national security.? ?Because elements that might be considered ?associated forces? can build credibility by being listed as such by the United States, we have classified the list,? said the spokesman, Lt. Col. Jim Gregory. ?We cannot afford to inflate these organizations that rely on violent extremist ideology to strengthen their ranks.? It?s not an abstract question: U.S. drone strikes and other actions frequently target ?associated forces,? as has been the case with dozens of strikes against an Al Qaeda offshoot in Yemen. During the May hearing, Michael Sheehan, Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict, said he was ?not sure there is a list per se.? Describing terrorist groups as ?murky? and ?shifting,? he said, ?it would be difficult for the Congress to get involved in trying to track the designation of which are the affiliate forces? of Al Qaeda. Sheehan said that by the Pentagon?s standard, ?sympathy is not enough?. it has to be an organized group and that group has to be in co-belligerent status with Al Qaeda operating against the United States.? The White House tied Al Qaeda in the Arabian Peninsula and ?elements? of Al Shabaab in Somalia to Al Qaeda in a recent report to Congress on military actions. But the report also included a classified annex. Jack Goldsmith, a professor at Harvard Law who served as a legal counsel during the Bush administration and has written on this question at length, told ProPublica that the Pentagon?s reasoning for keeping the affiliates secret seems weak. ?If the organizations are ?inflated? enough to be targeted with military force, why cannot they be mentioned publicly?? Goldsmith said. He added that there is ?a countervailing very important interest in the public knowing who the government is fighting against in its name." The law underpinning the U.S. war against Al Qaeda is known as the Authorization for Use of Military Force, or AUMF, and it was passed one week after the 9/11 attacks. It doesn?t actually include the words ?associated forces,? though courts and Congress have endorsed the phrase. As we explained earlier this year, the emergence of new or more loosely-aligned terrorist groups has legal scholars wondering how effectively the U.S. will be able to ?shoehorn? them into the AUMF. During the May hearing, many lawmakers expressed concern about the Pentagon?s capacious reading of the law. Sen. John McCain, R-Ariz., described it as a ?carte blanche.? Obama, in his May speech, said he looked forward ?to engaging Congress and the American people in efforts to refine, and ultimately repeal, the AUMF?s mandate.? But he didn?t give a timeframe. On Wednesday, Rep. Adam Schiff, D-Calif., introduced an amendment that would sunset the law at the end of 2014, to coincide with the U.S. withdrawal from Afghanistan. It was voted down the same day, 185 to 236. The AUMF isn?t the only thing the government relies on to take military action. In speeches and interviews Obama administration officials also bring up the president?s constitutional power to defend the country, even without congressional authorization. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 27 20:44:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 Jul 2013 21:44:15 -0400 Subject: [Infowarrior] - Obama Promise To 'Protect Whistleblowers' Just Disappeared From Change.gov Message-ID: <46E7093A-9D75-456F-8B9A-ADA23ABD1D2D@infowarrior.org> Obama Promise To 'Protect Whistleblowers' Just Disappeared From Change.gov http://www.techdirt.com/articles/20130726/01200123954/obama-promise-to-protect-whistleblowers-just-disappeared-changegov.shtml from the not-the-change-we-were-looking-for dept The folks from the Sunlight Foundation have noticed that the Change.gov website, which was set up by the Obama transition team after the election in 2008 has suddenly been scrubbed of all of its original content. They noted that the front page had pointed to the White House website for a while, but you could still access a variety of old material and agendas. They were wondering why the administration would suddenly pull all that interesting archival information... and hit upon a clue. A little bit from the "ethics agenda": "Protect Whistleblowers: Often the best source of information about waste, fraud, and abuse in government is an existing government employee committed to public integrity and willing to speak out. Such acts of courage and patriotism, which can sometimes save lives and often save taxpayer dollars, should be encouraged rather than stifled. We need to empower federal employees as watchdogs of wrongdoing and partners in performance. Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government. Obama will ensure that federal agencies expedite the process for reviewing whistleblower claims and whistleblowers have full access to courts and due process." Yeah. That statement seems a bit embarrassing at the very same time Obama's administration is threatening trade sanctions against anyone who grants asylum to Ed Snowden. Also... at the same time that we get to see how whistleblower Bradley Manning's "full access to courts and due process" will turn out. So far, it's been anything but reasonable, considering that the UN has already condemned Manning's treatment as "cruel and inhuman." And people wonder why Snowden left the country... --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 28 09:54:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 28 Jul 2013 10:54:21 -0400 Subject: [Infowarrior] - NSA Program Faces Backlash Message-ID: <041D6BD6-70F6-4ACB-AD04-58F7C9624241@infowarrior.org> Los Angeles Times July 28, 2013 NSA Program Faces Backlash http://www.latimes.com/news/nationworld/nation/la-na-nsa-politics-20130728,0,7931139.story As support for mass collection of phone records erodes, changes appear likely. By Ken Dilanian A reporter recently asked the National Security Agency's chief a blunt question: Why can't he come up with a better example of a terrorism plot foiled through the bulk collection of U.S. phone records? In the weeks since Edward Snowden disclosed that the NSA had been collecting and storing the calling histories of nearly every American, NSA Director Keith Alexander and other U.S. officials have cited only one case as having been discovered exclusively by searching those records: some San Diego men who sent $8,500 to Al Qaeda-linked militants in Somalia. Although intelligence officials and the White House continue to defend the mass data collection, support has clearly eroded among the public and in Congress. A coalition of libertarians on the right and civil liberties advocates on the left came six votes short of passing an amendment in the House last week to curtail bulk collection of phone records, but no one believes that will be the last word. Even Rep. Mike Rogers (R-Mich.) and Sen. Dianne Feinstein (D-Calif.), the House and Senate intelligence committee leaders who have defended the NSA's collection of phone records since the program was disclosed, are among those who concede that changes would probably be needed. "We will work to find additional privacy protections with this program," Rogers said during House debate over the amendment. The shift in public opinion about the government's data collection efforts is clear. A Pew Research Center survey released Friday asked Americans whether they were more concerned that government programs to combat terrorism were going too far and endangering civil liberties or that they were not going far enough and leaving the country unprotected. For the first time since Pew began asking that question in 2004, more Americans, 47%, said their greater concern was the threat to civil liberties, compared with 35% who worried the programs don't go far enough to protect the country. As recently as 2010, only a third of Americans said they worried the government's anti-terrorism efforts went too far. In part, that change may reflect the passage of time and the fading of the intense emotions generated by the Sept. 11, 2001, attacks. But much of the shift seems attributable to Snowden's disclosures, the resulting debate and the difficulty that intelligence officials have had in convincing the public that their vast and expensive data-collection efforts are actually accomplishing much. The government "has not done a good job justifying it," said Fred Cate, a privacy law expert and law professor at Indiana University. "I leave open the possibility that there are cases they can't talk about. It's also possible this is an entirely worthless program. Let's face it -- a lot of government investments are." If the government were to curtail the collection of telephone data or drop it entirely, the rollback would not be unprecedented. In 2011, according to Snowden's disclosures, the intelligence agencies quietly discontinued a then-secret program that collected email metadata on Americans -- "to" and "from" information, not content -- because it wasn't yielding much of value. U.S. intelligence officials insist the telephone program is different. They collect and store domestic records of telephone calls, they say, so that they never repeat what happened before the Sept. 11 attacks, when an Al Qaeda terrorist was calling partners in Yemen, but the NSA didn't realize the calls were coming from San Diego. But since Sept. 11, U.S. intelligence agencies have gotten better at tracking terrorists abroad and keeping them from entering the U.S. The collection of phone records may no longer be essential, according to some lawmakers who have studied the subject. Sen. Ron Wyden (D-Ore.), a longtime critic of government surveillance, said last week that he had pressed the intelligence community behind the scenes about the collection of telephone records, and that he would lead an effort to reform NSA surveillance. Rep. Adam B. Schiff (D-Burbank), a member of the House Intelligence Committee, said, "I don't think the intelligence community has been very definitive either with the public or with Congress about how often this program has played a role in stopping plots, and what sort of role it has played." For example, one of the cases that intelligence officials often mention -- and that Alexander cited in his reply to the question from Politico's Josh Gerstein during a recent conference in Aspen, Colo. -- is the investigation into a 2009 plot to target the New York subway system. But that investigation, although it apparently made use of domestic calling records, began with a tip from a less controversial NSA surveillance program aimed at foreigners. Outgoing FBI Director Robert S. Mueller III told Congress there had been 10 to 12 cases in which the phone data were important, but he offered none besides the one in San Diego, in which, he said, the collection had been "instrumental." Schiff is pushing three legislative proposals. He wants judges on the Foreign Intelligence Surveillance Court, or FISA, which holds secret proceedings to oversee the surveillance, to be appointed by the president and confirmed by the Senate. Currently, the Supreme Court's chief justice appoints sitting federal judges to the intelligence court. Almost all of its members have been Republican appointees, many with backgrounds as prosecutors or in other executive branch posts, which may incline them to favor the government, critics say. Schiff also backs a plan pushed by some former judges of the foreign intelligence court to set up a team of lawyers who could argue before the court to represent privacy interests. The judges now consider government surveillance requests in hearings with only the lawyers representing the intelligence agencies present. Schiff also wants to change the phone records program so that phone service providers keep the records, not the government. The NSA would query the records as needed with court approval, much as it does now. Administration officials have said that the government would have to pay the companies to store the vast amounts of data involved and that having the data held separately by each company would greatly increase the costs and complexity of the system. "I think there will be reforms to the FISA court, and I think there will be a restructuring of this program," Schiff said. Regardless of what happens in the near future, another date is looming: In 2015, the law that gives the government its surveillance authority will be up for renewal. For the current programs to continue, a bill would have to pass the House and Senate. Without major changes, "there are not the votes" to keep the current data collection programs running, Rep. F. James Sensenbrenner Jr. (R-Wis.) told intelligence officials at a House Judiciary Committee hearing this month. In 2001, Sensenbrenner sponsored the Patriot Act, the law under which the Justice Department says it is acting. He believes the government has stretched the law he helped write. Unless the intelligence agencies agree to changes, he warned, they're "going to lose it entirely." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 28 09:54:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 28 Jul 2013 10:54:25 -0400 Subject: [Infowarrior] - NYT Eds: Airport Security Without the Hassle Message-ID: <7FCC82C4-AA33-405B-BDF3-EDCB8D5D6746@infowarrior.org> (Been saying the same thing for years, as have many of us. ---rick) http://www.nytimes.com/2013/07/28/opinion/sunday/airport-security-without-the-hassle.html Airport Security Without the Hassle The chance of dying in an airplane is vanishingly small. The chance of being killed by a terrorist in an airplane is smaller still. Mark Stewart, a civil engineer who studies probabilistic risk, has put the odds at one in 90 million a year. Looking at these figures dispassionately, one might wonder if the Transportation Security Administration has found the right balance between safety and convenience with its notoriously burdensome airport screening procedures. The T.S.A. seems to understand that the status quo is barely tolerable for many travelers and is seeking to reduce the hassle. It recently announced that it was extending eligibility for a prescreening program called PreCheck to all American citizens. People can apply online before visiting an enrollment site in person, providing their fingerprints, passing a background check and paying $85 for a five-year term. In exchange, they will gain access to a special lane at the airport where they can keep their belts buckled, their shoes tied and their liquids in their carry-on bags (but still no more than 3.4 ounces, please). PreCheck will provide a measure of relief for anyone who signs on. But it is absurd for the T.S.A. to demand background checks and fingerprinting for what amount to small modifications in the screening routine. The agency could relax airport security for everyone without gravely endangering the traveling public. The former head of the T.S.A., Kip Hawley, has argued that the agency should allow passengers to carry on all liquids, in any quantity. As a safeguard against explosives, passengers would simply have to put their liters of Evian in gray bins and pass them through scanners. Mr. Hawley sees reasons for keeping footwear checks, but those, too, are of questionable value. Passengers do not remove their shoes in the European Union, or even in Israel, one of the world?s most security-conscious countries, with a famously stringent screening process. It is time to stop pretending that annoying protocols like these are all that stand between us and devastation. The most effective security innovation post-9/11 was also the simplest: the reinforcement of cockpit doors, which has made it virtually impossible to hijack an aircraft. As things stand, the T.S.A. asks its officers to enforce rules of questionable utility while giving them remarkably little discretion; they?re more like hall monitors than intelligence personnel. That is a huge waste of human talent and a source of inefficiency. At Heathrow Airport in London, passengers need to remove their shoes only if asked to do so by security officers. Imagine that: a screening agent entrusted with the solemn power to wave through a teenager in flip-flops en route to Honolulu. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 28 09:54:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 28 Jul 2013 10:54:32 -0400 Subject: [Infowarrior] - The Fate Of The Internet Is The Story, Not Edward Snowden Message-ID: <8DD964B6-F368-4F9F-9586-856FF7DD5EFC@infowarrior.org> The Fate Of The Internet Is The Story, Not Edward Snowden http://www.guardian.co.uk/technology/2013/jul/28/edward-snowden-death-of-internet Repeat after me: Edward Snowden is not the story. The story is what he has revealed about the hidden wiring of our networked world. This insight seems to have escaped most of the world's mainstream media, for reasons that escape me but would not have surprised Evelyn Waugh, whose contempt for journalistswas one of his few endearing characteristics. The obvious explanations are: incorrigible ignorance; the imperative to personalise stories; or gullibility in swallowing US government spin, which brands Snowden as a spy rather than a whistleblower. In a way, it doesn't matter why the media lost the scent. What matters is that they did. So as a public service, let us summarisewhat Snowden has achieved thus far. Without him, we would not know how the National Security Agency (NSA) had been able to access the emails, Facebook accounts and videos of citizens across the world; or how it had secretly acquired the phone records of millions of Americans; or how, through a secret court, it has been able to bend nine US internet companies to its demands for access to their users' data. Similarly, without Snowden, we would not be debating whether the US government should have turned surveillance into a huge, privatised business, offering data-mining contracts to private contractors such as Booz Allen Hamilton and, in the process, high-level security clearance to thousands of people who shouldn't have it. Nor would there be ? finally ? a serious debate between Europe (excluding the UK, which in these matters is just an overseas franchise of the US) and the United States about where the proper balance between freedom and security lies. These are pretty significant outcomes and they're just the first-order consequences of Snowden's activities. As far as most of our mass media are concerned, though, they have gone largely unremarked. Instead, we have been fed a constant stream of journalistic pap ? speculation about Snowden's travel plans, asylum requests, state of mind, physical appearance, etc. The "human interest" angle has trumped the real story, which is what the NSA revelations tell us about how our networked world actually works and the direction in which it is heading. As an antidote, here are some of the things we should be thinking about as a result of what we have learned so far. The first is that the days of the internet as a truly global network are numbered. It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty. Second, the issue of internet governance is about to become very contentious. Given what we now know about how the US and its satraps have been abusing their privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable. Third, as Evgeny Morozov has pointed out, the Obama administration's "internet freedom agenda" has been exposed as patronising cant. "Today," he writes, "the rhetoric of the 'internet freedom agenda' looks as trustworthy as George Bush's 'freedom agenda' after Abu Ghraib." That's all at nation-state level. But the Snowden revelations also have implications for you and me. They tell us, for example, that no US-based internet company can be trusted to protect our privacy or data. The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you're thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again. And if you think that that sounds like the paranoid fantasising of a newspaper columnist, then consider what Neelie Kroes, vice-president of the European Commission, had to say on the matter recently. "If businesses or governments think they might be spied on," she said, "they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door ? it doesn't matter ? any smart person doesn't want the information shared at all. Customers will act rationally and providers will miss out on a great opportunity." Spot on. So when your chief information officer proposes to use the Amazon or Google cloud as a data-store for your company's confidential documents, tell him where to file the proposal. In the shredder. This article originally appeared on guardian.co.uk --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: px.gif Type: image/gif Size: 43 bytes Desc: not available URL: From rforno at infowarrior.org Sun Jul 28 10:47:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 28 Jul 2013 11:47:37 -0400 Subject: [Infowarrior] - Co-founder of Russia's biggest search engine dies Message-ID: <10AD2D45-0E5B-4C4E-8966-7D4763CE1D70@infowarrior.org> Co-founder of Russia's biggest search engine dies 3 hours ago http://news.yahoo.com/co-founder-russias-biggest-search-engine-dies-114045761.html MOSCOW (AP) ? Ilya Segalovich, the co-founder of Russia's largest search engine, Yandex, has died, the company said Sunday. He was 48. Segalovich died Saturday at a London hospital, Yandex director general and fellow founder Arkady Volozh said. Volozh said in the company's blog that Segalovich was diagnosed with stomach cancer last year. He responded positively to chemical therapy, but then developed a brain cancer that caused his death. On Thursday, Yandex announced Segalovich had died but then corrected itself within hours, saying he was on life support with no brain function. Volozh said doctors removed the life support after it became clear Segalovich couldn't be saved. "The only hope we had was a diagnosis error," Volozh said. "We couldn't make a miracle. We only could offer a chance for it to happen." Segalovich's body will be brought home Wednesday, Volozh said. Funeral plans have yet to be announced. Segalovich founded Yandex in 1997 with Volozh, his school friend. The company has been a Russian success story, with a share of 62 percent of the search engine market in Russia compared with Google's 25.6 percent. Segalovich invented the engine's name, derived from Yet Another Index, and served as its chief technological officer. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 29 18:01:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jul 2013 19:01:35 -0400 Subject: [Infowarrior] - James Comey confirmed as FBI director Message-ID: James Comey confirmed as FBI director By Rachel Weiner and David Nakamura, Published: July 29 at 6:12 pm http://www.washingtonpost.com/blogs/post-politics/wp/2013/07/29/james-comey-confirmed-as-fbi-director/ The Senate has confirmed James Comey as the new director of the Federal Bureau of Investigation by a 93 to 1 margin. Sen. Rand Paul (R-Ky.) had placed a hold on Comey?s nomination over questions about the bureau?s use of drones on U.S. soil and the policies surrounding that use. After receiving a response to his concerns from the FBI detailing the ?limited? use of surveillance drones, Paul released his hold. ?The FBI today responded to my questions on domestic use of surveillance drones by saying that they don?t necessarily need a warrant to deploy this technology. I disagree with this interpretation. However, given the fact that they did respond to my concerns over drone use on U.S. soil, I have decided to release my hold on the pending FBI director nominee,? Paul said in a statement explaining his decision. The Kentucky senator had deemed previous responses to his questions insufficient. He was the only senator to vote against Comey?s confirmation; two senators voted ?present.? ?It is a shame that such an important and highly qualified nominee to lead the FBI had to wait an unprecedented 38 days to be confirmed, but I am glad that Senators finally came together to ensure that the FBI has a confirmed leader at the helm,? said Judiciary Committee Chairman Patrick Leahy (D-Vt.), who presided over Comey?s confirmation hearings. Comey, 52, a former senior Justice Department official, will replace Robert S. Mueller III, who is leaving the agency after a dozen years. Comey was at the center of some of the most bruising debates over counterterrorism during the Bush administration and established a reputation as a fierce defender of the law and the integrity of the Justice Department regardless of the political pressures of the moment. He left the Justice Department in 2005 and served as a senior vice president and general counsel at the defense contractor Lockheed Martin until 2010. In June 2010, Comey joined Bridgewater Associates, a Connecticut-based hedge fund with $75 billion in investments for clients including universities and foreign governments. Comey left the hedge fund in January and has been teaching national security law at Columbia Law School in New York. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 29 18:01:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jul 2013 19:01:41 -0400 Subject: [Infowarrior] - Alzheimer's blood test edges closer Message-ID: <149408FD-3D20-4FB2-9B60-93341B8E65FE@infowarrior.org> http://www.bbc.co.uk/news/health-23465965 28 July 2013 Last updated at 21:02 ET Alzheimer's blood test edges closer By James Gallagher Health and science reporter, BBC News Researchers believe they are closer to developing a blood test that could diagnose Alzheimer's. There is no definitive test for the brain-wasting disease. Doctors rely on cognition tests and brain scans. A technique published in the journal Genome Biology showed differences in the tiny fragments of genetic material floating in the blood could be used to identify patients. The test was accurate 93% of the time in trials on 202 people. One of the main goals of Alzheimer's research is to find ways of detecting the disease earlier. It starts years before symptoms appear and it is thought that future treatments will need to be given before large parts of the brain are destroyed. This will require new ways of testing for the condition. The team at the Saarland University, in Germany, analysed 140 microRNAs (fragments of genetic code) in patients with Alzheimer's disease and in healthy people. They found 12 microRNAs in the blood which were present in markedly different levels in people with Alzheimer's. These became the basis of their test. Early trials showed it was successful and was "able to distinguish with high diagnostic accuracies between Alzheimer's disease patients and healthy" people. However, more research to improve accuracy and to see whether it would work in the clinic is still needed before the test would be considered as a way of diagnosing patients. Dr Eric Karran, from the charity Alzheimer's Research UK, said: "This is an interesting approach to studying changes in blood in Alzheimer's and suggests that microRNAs could be playing a role in the disease. "The findings highlight the importance of continuing research efforts to understand the contribution of microRNAs to Alzheimer's, but the translation of this into a blood test for Alzheimer's in the clinic is still some way off. "A blood test to help detect Alzheimer's could be a useful addition to a doctor's diagnostic armoury, but such a test must be well validated before it's considered for use. We need to see these findings confirmed in larger samples and more work is needed to improve the test's ability to distinguish Alzheimer's from other neurological conditions." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 29 20:25:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jul 2013 21:25:04 -0400 Subject: [Infowarrior] - Western spy agencies ban Lenovo PCs on security concerns Message-ID: <0496DACA-3A59-4896-9786-9C1C901D4E59@infowarrior.org> Spy agencies ban Lenovo PCs on security concerns PUBLISHED: 27 Jul 2013 00:32:00 | UPDATED: 29 Jul 2013 12:40:39 http://www.afr.com/p/technology/spy_agencies_ban_lenovo_pcs_on_security_HVgcKTHp4bIA4ulCPqC7SL Christopher Joye, Paul Smith and John Kerin Computers manufactured by the world?s biggest personal computer maker, Lenovo, have been banned from the ?secret? and ??top secret? ?networks of the intelligence and defence services of Australia, the US, Britain, Canada, and New Zealand, because of concerns they are vulnerable to being hacked. Multiple intelligence and defence sources in Britain and Australia confirmed there is a written ban on computers made by the Chinese company being used in ?classified? networks. The ban was introduced in the mid-2000s after intensive laboratory testing of its equipment allegedly documented ?back-door? hardware and ?firmware? vulnerabilities in Lenovo chips. A Department of Defence spokesman confirmed Lenovo ?products have never been accredited for Australia?s secret or top secret ?networks. The classified ban highlights concerns about security threats posed by ?malicious circuits? and insecure firmware in chips produced in China by companies with close government ties. Firmware is the interface be?tween a computer?s hardware and its operating system. Lenovo, which is headquartered in Beijing, acquired IBM?s PC business in 2005. IBM continues to sell servers and mainframes that are accredited for secret and top-secret networks. A Defence spokesman said Lenovo had never sought accreditation. The Chinese Academy of Sciences, a government entity, owns 38 per cent of Legend Holdings, which in turn owns 34 per cent of Lenovo and is its largest shareholder. Malicious modifications to ?Lenovo?s circuitry AFR Weekend has been told British intelligence agencies? laboratories took a lead role in the research into Lenovo?s products. Members of the British and ?Australian defence and intelligence communities say that malicious modifications to ?Lenovo?s circuitry ? beyond more typical vulnerabilities or ?zero-days? in its software ? were discovered that could allow people to remotely access devices without the users? knowledge. The alleged presence of these hardware ?back doors? remains highly classified. In a statement, Lenovo said it was unaware of the ban. The company said its ?products have been found time and time again to be reliable and secure by our enterprise and public sector customers and we always ?welcome their engagement to ensure we are meeting their security needs?. Lenovo remains a significant supplier of computers for ?unclassified? government networks across western nations, including Australia and New Zealand?s defence departments. A technology expert at the ?Washington-based Brookings ?In?stitution, Professor John Villasenor, said the globalisation of the semi-conductor market has ?made it not only possible but inevitable that chips that have been intentionally and maliciously altered to contain hidden ?Trojan? circuitry will be inserted into the supply chain. ?These Trojan circuits can then be triggered months or years later to launch attacks,? he said. Hardware back doors can be very hard to detect IT security industry analyst at tech research firm IBRS, James Turner, said hardware back doors are very hard to detect if well designed. They were often created to look like a minor design or manufacturing fault, he said. To avoid detection, they are left latent until activated by a remote transmission. ?Most organisations do not have the resources to detect this style of infiltration. It takes a highly specialised laboratory to run a battery of tests to truly put hardware and ?software through its paces,? Mr Turner said. ?The fact that Lenovo kit is barred from classified networks is significant, and something the ?private sector should look at closely.? Professor Villasenor said malicious circuitry known as ?kill-switches? can be used to stop devices working and to establish back doors. French defence contractors reportedly installed kill-switches into chips that can be remotely tripped if their products fall into the wrong hands. AFR Weekend has been told the electronic eavesdropping arms of the ?five eyes? western intelligence alliance, including the National Security Agency in the US, GCHQ in the UK, and the Defence Signals Directorate in Australia, have physically ?connected parts of their secret and top secret computer networks to allow direct communications between them. This means that security bans on the use of products within the secret networks are normally implemented across all five nations. Two commonly used suppliers are Dell and Hewlett-Packard. The ban on Lenovo computers also applies to Britain?s domestic and foreign security services, MI5 and MI6, and their domestic equivalents: the Australian Security Intelligence Organisation and the Australian Secret Intelligence ?Service. Not connected with foreign ?counterparts In contrast to the other ?agencies, ASIO?s top secret network, called ?TSNet?, is compartmentalised and not connected with foreign ?counterparts because of its counter-intelligence role. All these secret-level defence and intelligence networks are ?air-gapped?, which means they are physically separated from the internet to minimise security risks. ASIO, ASIS, and DSD are colloquially known as Channel 10, The Other DFAT and The Factory. An academic expert on computer hardware implants, Professor Farinaz ?Koushanfar at Rice University?s Adaptive Computing and Embedded Systems Lab, said the NSA was ?incredibly concerned about state-sponsored malicious circuitry and the counterfeit circuitry found on a widespread basis in US defence ?systems?. ?I?ve personally met with people inside the NSA who have told me that they?ve been working on numerous real-world cases of malicious implants for years,? she said. ?But these are all highly classified programs.? Australia?s defence department runs three networks managed by the Chief Information Officer Group: the Defence Restricted Network; the Defence Secret Network; and the Top Secret Network. The DRN is not classified and is linked to the internet via secure gateways. The DSN and TSN are air-gapped and off limits to Lenovo devices. An official with clearance to access all three networks can switch between them using a diode, called the Interactive Link, connected to a single computer. Previously officials used multiple desktops connected to individual networks. Anti-China trade sentiment In 2006 it was disclosed that the US State Department had decided not to use 16,000 new Lenovo computers on classified networks because of security concerns. The change in procurement policy was attributed to anti-China trade sentiment after Lenovo?s acquisition of IBM?s PC business. Some experts argue that blocking specific companies from classified networks is not a panacea for security threats given the global nature of supply chains. Many western vendors have semiconductor fabrication plants, or ?foundries?, based in China, which exposes them to the risk of interference. Huawei Technologies made the same argument in response to the Australian government?s decision to exclude it from the National Broadband Network. Huawei says a better approach would be to evaluate all products in a single forum overseen by security agencies. The Lenovo revelations follow allegations in The Australian Financial Review last week by the former head of the CIA and NSA, Michael Hayden, that Huawei spies for the Chinese government. Huawei officials and China?s Australian embassy strenuously denied these claims. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 07:02:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 08:02:12 -0400 Subject: [Infowarrior] - "Instead of cures for cancer we got Angry Birds" Message-ID: "Instead of cures for cancer we got Angry Birds" http://peternixey.com/post/56867259886/instead-of-cures-for-cancer-we-got-angry-birds I'm Peter, a Rails developer and entrepreneur. I'm an ex-computer vision researcher, the former CEO of Clickpass and a YC alum. I now work with an awesome team building Copyin - Email Knowledge Capture ?The Valley?s brightest minds once invented things of immense significance like the first PC. But then came the internet and the pursuit of big ideas was eclipsed by a scramble for quick profits. The money pumped into hard technological problems plunged while interest in iPhone apps soared. The result? Instead of cures for cancer we got Angry Birds?. So concluded a recent article in the Sunday Times. ?Does it really matter?, ?you could working things that could save lives, why worry about dry cleaning??. Casual observers love to glance through the office windows of entrepreneurs and wonder ?if there?s so much money to be made in entrepreneurship, why don?t these folks do something that really matters?. I can perhaps understand where they?re coming from. One of my brightest friends is looking to start a new idea in advertising or property. I know that he?ll do very well in whatever he choses but it makes my heart sink to think of his talents being used to optimise advertising. I don?t expect him to stop the spread of malaria but he?s a source of creative energy in the world and it would be nice to see him use it for something that I might at least use. Asking him or any other entrepreneurs why they solved one problem and not another though is like asking a river why it doesn?t hop out and irrigate the fields above it. ?Since there?s so much water in that river why not wet my crops rather than just making a bigger plunge pool under the waterfall?. Entrepreneurs, like water follow potential gradients and asking them why they?d do otherwise is as pointless as arguing with water. Entrepreneurs follow those gradients for good reasons too. While the Sunday Times may photograph Brian Chesky hanging out in AirBnB-central they don?t photograph the entrepreneur who had to give up his company and leave penniless to look after his dying sister?s family. They don?t photograph the hundreds of young hackers holed up for years in Palo Alto with nothing to show for it. They don?t photograph the founders who watched their company fall apart as they stood locked in a legal Mexican standoff. If they did their question might change from ?why do you not cure cancer? to: ?why do you do this stuff at all??. Entrepreneurs follow potential gradients because their work is a risky business. I think the ?does it really matter? philosophy comes from two misapprehensions. The first is the assumption that markets are fungible and the second is a lack of ability to distinguish small probabilities. When you assume markets are fungible - that one can be tackled as easily as the next - you inevitably ask whether ?disrupting the dry-cleaning market? really matters when the alternative is ?feeding Africa?. These aren?t adjacent problems though, they literally and figuratively continents apart. There are already entrepreneurs tackling both problems but they are entrepreneurs with very different knowledge-sets. Getting frustrated with software entrepreneurs failing to feed Africa is like getting cross with Norman Borlaug for not doing a dwarf wheat iPhone app. These are different entrepreneurs with different skills and different available markets. When you have no way to distinguish small probabilities then all long-shots look the same. Two ?similarly unlikely? ideas may however be magnitudes apart in probability. The chances of successfully creating a new car manufacturer are incredibly small but they are still millions of times higher than those of curing cancer. To the average person though, both ideas seem vanishingly unlikely. Good entrepreneurs work with a microscope on their problem. They can magnify their field up so large that it?s visible to their naked eye. What looked like two small specks to the untrained eye looks completely different to the entrepreneur. They see one opportunity as a cell with all of its mitochondrial energy-producing goodness while the other, a million times smaller still is just as impervious as it was without the microscope. Finally, it?s worth pointing out that entrepreneurship isn?t a salaried job-rotation or an credit-option for an MBA. You don?t chose the option you fancy most and then roll on to a different one three months later. Being an entrepreneur is a nail-biting, ration-sapping, wind-bitten, multi-year unsupported journey into the unknown. Asking an entrepreneur why they took one route and not another is like tweeting a climber on K2 to ask them why they didn?t take a harder route up. You can ask by all means but if you really feel it should be climbed then you should buckle up and climb it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 07:02:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 08:02:14 -0400 Subject: [Infowarrior] - Senators Not Impressed With James Clapper's Carefully Worded Responses Message-ID: <2BB7DB2B-25B2-484F-A968-5F387A2554B5@infowarrior.org> Senators Not Impressed With James Clapper's Carefully Worded Responses http://www.techdirt.com/articles/20130729/12223823986/senators-not-impressed-with-james-clappers-carefully-worded-responses.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 12:03:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 13:03:36 -0400 Subject: [Infowarrior] - DOJ to declassify key Yahoo surveillance orders Message-ID: Justice Department to declassify key Yahoo surveillance orders Obama administration to complete declassification review of Yahoo orders by 12 September, setting stage for public release ? Spencer Ackerman in Washington ? theguardian.com, Tuesday 30 July 2013 10.34 EDT http://www.theguardian.com/world/2013/jul/30/justice-department-declassify-yahoo-surveillance-orders The Obama administration has agreed to a review that could lead to the declassification of key surveillance orders in response to a lawsuit brought by Yahoo, potentially providing one of clearest views yet into the legal mechanics of the National Security Agency. As required by judge Reggie Walton of the secret Fisa court, which oversees surveillance orders, the Justice Department will complete a declassification review of binding surveillance orders on Yahoo by 12 September, potentially setting the stage for their public release. The key document at issue, an opinion from the court from 25 April 2008, mandating Yahoo's compliance with a bulk surveillance order, will have a declassification review completed in 45 days, the Justice Department told the court in a brief letter released Tuesday morning. An additional declassification review of "briefs and materials" related to the April 2008 ruling will be complete "by Friday, September 27, 2013, 60 days from today," acting assistant attorney general for national security John Carlin told Walton in the letter, with "the other briefs and materials that the Government has identified as potentially relevant to the court's memorandum of opinion (see appendix A) on a rolling basis thereafter." It is possible the Justice Department review will not result in the declassification of the documents. If not, however, it risks the ire of a key surveillance partner, the presiding judge of the surveillance court, and powerful legislators who urge transparency. In a separate letter to senator Patrick Leahy, a Democrat from Vermont and the chairman of the Senate judiciary committee, Walton revealed that Yahoo was the only recipient of a bulk-surveillance order to plead its case before the Fisa court, after it refused to comply with a surveillance order in 2007 ? prompting the court the following year to issue the order that Yahoo wishes to have declassified. "There has been one instance in which the court heard arguments from a non-governmental party that sought to substantively contest a directive from the government," Walton wrote to Leahy in a letter dated 29 July. "Yahoo refused to comply with the directives, and the government filed a motion with this court to compel compliance," Walton continued. "The court ordered and received briefing from both parties, and rendered a decision in April 2008." It is unclear from the timetable what specifically the government will release, and how substantive it will be. Obama administration lawyers have recently said in speeches and congressional testimony that declassifying Fisa court orders is difficult since they frequently contain references to classified material. But owing to a swell of public and congressional outrage over the bulk surveillance programs, a consensus has emerged inside the government that greater transparency around the efforts is needed to forestall their cancellation. The Justice Department and office of the director of national intelligence did not respond to a request for comment. On Wednesday, Leahy, the powerful judiciary committee chairman in the Senate, will hold the committee's first hearing on the bulk surveillance since the Guardian and the Washington Post disclosed it last month, thanks to whistleblower Edward Snowden. Leahy is sponsoring a bill to shorten the lifespan of the Patriot Act and end surveillance in bulk as well as a separate effort to force greater transparency around key Fisa court rulings. Only rarely does the public see the orders issued by the secretive, 35-year-old court. But Yahoo, a partner in the NSA's collection of online communications believed to involve foreigners, prevailed upon the court to release a 2008 memorandum showing the tech giant "objected strenuously" to the government's requests for customer data. Judge Walton, the presiding judge of the court, ruled in Yahoo's favor on 15 July. Yahoo's push to show that it was compelled to participate in the internet communications collection, a program known as Prism and justified under Section 702 of the Fisa Amendments Act of 2008, was part of a backlash by the NSA's corporate partners against the disclosure of their collaboration by whistleblower Edward Snowden in the Guardian and the Washington Post. Yahoo is one of a number of Prism partners who argue that their participation in the NSA program, which collects the online habits of people believed to be non-Americans outside the United States, occurred under duress. Google and Microsoft are pressing the court to release more information about the circumstances under which they comply with the government's bulk surveillance orders. Other major tech firms have also called for additional transparency around government surveillance requests. Assuaging the telecommunications and internet firms it relies upon for surveillance is important for the NSA. Accordingly, the government took "no position" objecting to Yahoo's disclosure request when it responded to the request on 25 June. Congressional critics of the bulk surveillance efforts charge that the secret court, which rarely rejects government surveillance requests, has allowed the government to effectively rewrite the laws outside of public and often congressional view. "Because the Fisa court's rulings are secret, most Americans had no idea that the court was prepared to issue incredibly broad rulings, permitting the massive surveillance that finally made headlines last month," Senator Ron Wyden, an Oregon Democrat, said in a speech last week. "The secret rulings of the foreign intelligence surveillance court have interpreted the Patriot Act, as well as section 702 of the Fisa statute, in some surprising ways, and these rulings are kept entirely secret from the public. These rulings can be astoundingly broad. The one that authorizes the bulk collection of phone records is as broad as any I have ever seen." In addition to the chorus of voices urging the Fisa court to declassify the bulk collection orders, congressman Adam Schiff (Democrat, California), a member of the House intelligence committee, is pushing legislation that would transform the court into an adversarial body for the first time in its history, with a lawyer appointed to argue for the public's privacy interests. Schiff also advocates making the court's members presidential appointees confirmed by the Senate instead of federal judges selected by the chief justice of the US supreme court. Walton wrote to Leahy that the recipients of Fisa court orders for phone or internet records "provide multiple opportunities" for those companies to challenge the surveillance. Yet outside of Yahoo's unprecedented 2007 challenge, the only times a lawyer not representing the government have appeared before the Fisa court have not had to do with a direct effort to resist the records collection. "[T]here have been several instances ? particularly in the last several months ? in which nongovernmental parties have appeared before the court outside the context of a challenge to an individual court order or a government directive," Walton wrote. Those parties have included the ACLU, the Electronic Frontier Foundation, Google and Microsoft, mostly inquiring about additional disclosures from the court "To date, no electronic communication provider has opted to challenge a directive issued pursuant to Section 702," as Yahoo's objection in 2007 was to the statutory precursor of Section 702. ? This article was updated on 30 July 2013. The first line originally stated unequivocally that the Yahoo documents would be declassified. This has been edited for clarity. Further context was also added. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 12:16:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 13:16:02 -0400 Subject: [Infowarrior] - Manning verdict out Message-ID: via WTOP.....breaking news U.S. Army Pfc. Bradley Manning is acquitted of aiding the enemy for giving secrets to WikiLeaks, but convicted of 5 espionage counts. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 12:44:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 13:44:44 -0400 Subject: [Infowarrior] - FISA court judge: No company has ever challenged Patriot Act sharing Message-ID: <07EC54D2-BFDE-4E10-B41E-F5D7231E0482@infowarrior.org> FISA court judge: No company has ever challenged Patriot Act sharing Also: Court staff helps gov't lawyers make their applications more palatable. by Cyrus Farivar - July 30 2013, 12:59pm EDT According to one of the 11 judges that sits on the Foreign Intelligence Surveillance Court (FISC), no corporation ever served with a ?business record? court order under the Patriot Act has ever challenged one, even though the law provides them a means to do so. In other words, when the government asked Verizon to hand over call records and other metadata to the National Security Agency (NSA), the company did so without so much as a peep. Earlier this month, the Electronic Privacy Information Center filed an emergency petition to the Supreme Court to halt the entire metadata sharing program. In a new 11-page letter published Monday from FISC Presiding Judge Reggie B. Walton to Sen. Patrick Leahy (D-VT), the judge writes, ?To date no recipient of a production order has opted to invoke this section of the statute.? (Leahy is set to hold a senatorial hearing on government surveillance program this week.) < - > http://arstechnica.com/tech-policy/2013/07/fisa-court-judge-no-company-has-ever-challenged-patriot-act-sharing/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 12:51:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 13:51:16 -0400 Subject: [Infowarrior] - Manning: Guilty on 19 counts, 100+ years possible jail time: Message-ID: <460DDC7A-7FF9-4B7A-9D14-30EBC8B8B10A@infowarrior.org> (c/o AJR) Guilty on 19 counts, 100+ years possible jail time: http://rt.com/usa/manning-not-guilty-aiding-enemy-805/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 13:48:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 14:48:11 -0400 Subject: [Infowarrior] - Cops Can Track Cellphones Without Warrants, Appeals Court Rules Message-ID: <46A63D09-AAB0-40DB-8565-CD99B0C61253@infowarrior.org> Cops Can Track Cellphones Without Warrants, Appeals Court Rules ? By David Kravets ? 07.30.13 http://www.wired.com/threatlevel/2013/07/warrantless-cell-tracking/ A divided federal appeals court ruled today that the government does not need a probable-cause warrant to access mobile-phone subscribers? cell-site information, a decision reversing lower court decisions that said the location data was protected by the Fourth Amendment. The 2-1 decision by the 5th U.S. Circuit Court of Appeals is the third federal appeals court to decide the privacy issue. Adding to the possibility that the U.S. Supreme Court might take up the topic, New Jersey?s high court two weeks ago ruled that warrants were required for the location data. All the while, two federal appellate courts have taken the government?s position that court warrants are not required for the location data. And a third federal appellate court said judges had the option to demand warrants. All of which means some suspects are being convicted based on locational data of what towers their cellphones are pinging, and others are not, because some courts are requiring warrants. What?s more, the Supreme Court has not ruled on the issue. However, the justices last month rejected an appeal (.pdf) from a drug courier sentenced to 20 years after being nabbed with 1,100 pounds of marijuana in a motor home camper the authorities tracked via his mobile phone pinging cell towers for three days from Arizona to a Texas truck stop. In that case, the Supreme Court let stand the Ohio-based 6th U.S. Circuit Court of Appeals, which covers Kentucky, Michigan, Ohio and Tennessee. The appeals court ruled that probable-cause warrants were not necessary to obtain cell-site data. Meanwhile, today?s 5th Circuit ruling comes as the authorities have widely adopted using warrantless cell-tower locational tracking of criminal suspects in the wake of the Supreme Court?s ruling 18 months ago that they need probable-cause warrants from judges to affix covert GPS devices to vehicles. The 5th Circuit and 6th Circuit distinguished the case from the GPS case decided by the Supreme Court. The high court ruled that the physical act of installing a GPS device on a target?s vehicle amounted to a search, which usually necessitates a probable-cause warrant under the Fourth Amendment. In the end, the 5th Circuit, which sets law in Louisiana, Mississippi and Texas, concluded today that the locational history of a mobile phone does not enjoy constitutional protections because the government has not performed the tracking, and that the data is simply a business record owned by carriers. (.pdf) ?? cell site information is clearly a business record. The cell service provider collects and stores historical cell site data for its own business purposes, perhaps to monitor or optimize service on its network or to accurately bill its customers for the segments of its network that they use. The Government does not require service providers to record this information or store it. The providers control what they record and how long these records are retained.? The 5th Circuit litigation concerns unidentified drug suspects in which the lower court rulings said ?compelled warrantless disclosure of cell site data violates the Fourth Amendment.? The government argued that a mobile-phone company may disclose historical cell-site records created and kept by the company in its ordinary course of business, where such an order is based on a showing of ?specific and articulable facts? that there are reasonable grounds to believe that the records sought are relevant and material to an ongoing criminal investigation. A record number of Americans are embracing mobile phones, which are a de facto style of tracking device consumers willingly place in their pockets and purses. As of December, there were 326.4 million wireless subscriber accounts, exceeding the U.S. population, responsible for 2.30 trillion annual minutes of calls, according to the Wireless Association. A final case in the federal appellate courts is pending in the 4th U.S. Circuit Court of Appeals, which covers Virginia, West Virginia, North Carolina and South Carolina. That case concerns a Maryland federal judge declining last year to suppress evidence that Aaron Graham and Eric Jordan were allegedly involved in a string of Baltimore City fast-food restaurant robberies. They were arrested in connection to one robbery, and a 7-month historical look of their phone records ? obtained without a warrant ? placed them on the scene when other restaurants were robbed, the authorities said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 17:32:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 18:32:34 -0400 Subject: [Infowarrior] - =?windows-1252?q?For_Congress=2C_=91it=92s_classi?= =?windows-1252?q?fied=92_is_new_equivalent_of_=91none_of_your_business=92?= Message-ID: <5CFE0B4C-1BC9-4AF4-B30D-6AFB4BDE8C3E@infowarrior.org> McClatchy Washington Bureau Posted on Tue, Jul. 30, 2013 For Congress, ?it?s classified? is new equivalent of ?none of your business? By Ali Watkins | McClatchy Washington Bureau last updated: July 30, 2013 05:12:33 PM http://www.mcclatchydc.com/2013/07/30/v-print/198097/for-congress-its-classified-is.html WASHINGTON -- ] The Senate Select Committee on Intelligence reportedly gave its approval last week to an Obama administration plan to provide weapons to moderate rebels in Syria, but how individual members of the committee stood on the subject remains unknown. There was no public debate and no public vote when one of the most contentious topics in American foreign policy was decided ? outside of the view of constituents, who oppose the president?s plan to aid the rebels by 54 percent to 37 percent, according to a Gallup Poll last month. In fact, ask individual members of the committee, who represent 117 million people in 14 states, how they stood on the plan to use the CIA to funnel weapons to the rebels and they are likely to respond with the current equivalent of ?none of your business:? It?s classified. Those were, in fact, the words Sen. Dianne Feinstein, D-Calif., chair of the committee, used when asked a few days before the approval was granted to clarify her position for her constituents. She declined. It?s a difficult situation, she said. And, ?It?s classified.? She was not alone. In a string of interviews over days, members of both the Senate intelligence committee or its equivalent in the House were difficult to pin down on their view of providing arms to the rebels. The senators and representatives said they couldn?t give an opinion, or at least a detailed one, because the matter was classified. It?s an increasingly common stance that advocates of open government say undermines the very principle of a representative democracy. ?It?s like a pandemic in Washington, D.C., this idea that ?I don?t have to say anything, I don?t have to justify anything, because I can say it?s secret,?? said Jim Harper, director of information policy studies at the Cato Institute, a Washington-based libertarian think tank. ?Classified? has become less a safeguard for information and more a shield from accountability on tough subjects, said Steven Aftergood, the director of the Federation of American Scientists? Project on Government Secrecy. ?Classification can be a convenient pretext for avoiding difficult questions,? he said. ?There?s a lot that can be said about Syria without touching on classified, including a statement of general principles, a delineation of possible military and diplomatic options, and a preference for one or the other of them. So to jump to ?national security secrecy? right off the bat looks like an evasion.? Syria is not the only topic where public debate has been the exception because a matter was classified. Sen. Ron Wyden, D-Ore., spoke last week about the frustration he felt because he could not tell his constituents that he believed secret rulings from the Foreign Intelligence Surveillance Court had expanded the collection of telephone and Internet data far beyond what many in Congress thought they had authorized. ?Months and years went in to trying to find ways to raise public awareness about secret surveillance authorities within the confines of classification rules,? Wyden said at the Center for American Progress, a liberal Washington think tank. Had it not been for a leak of a secret court order on the collection of cellphone metadata by former National Security Agency contract worker Edward Snowden, the program might still be beyond discussion, Wyden noted. But the classification barrier may not be as watertight as committee members make it out to be. Senate Resolution 400, which established the intelligence committee in 1976, has a section specifically devoted to committee oversight of the classification system, which is directed by the executive branch. If a member of the committee feels that classified information is of valid public interest, he or she can ask that it be declassified. ?The Select Committee may, subject to provisions of this section, disclose publicly any information in the possession of such committee after a determination by such committee that the public interest would be served by such a disclosure,? the resolution reads. When Wyden was asked if he ever used that provision to attempt to get information declassified during his time on the committee, he said ?I don?t know which specific provision you?re talking about.? Certainly, trying to determine how individual committee members feel about Syria policy can be frustrating. Sens. Susan Collins, R-Maine, and Mark Warner, D-Va., refused to state a clear opinion, citing classification. Others expressed general opinions, though they would say nothing about just what the Obama administration had proposed. Sometimes it was difficult to know from their comments if they were in favor or opposed. ?I?m worried we?re behind the curve,? said Sen. Tom Coburn, R-Okla., ?(We should get involved) only if we?re ahead of the curve.? A rare exception was Sen. Angus King, an independent from Maine. He spoke candidly about his personal views on American involvement. ?We need to be involved to some extent in helping out the opposition,? he said. He called training an imperative, said anti-tank weapons need to be included in any arms shipments, and he hinted that the U.S. should consider strikes against some Syrian government resources, if that became necessary. The answer didn?t reveal any details of the administration?s plans, but it did offer a clear picture of where he stood. Later, King explained what he thought were the rules about discussion of Syria. ?I think the specifics of the administration?s plan, and the specifics of the actions of the committee, are classified, and should remain confidential,? he said. As for members? opinions, however, that?s not classified. But, he said, ?That?s their call? on whether to talk about it or not. Harper, of the Cato Institute, said the tendency for lawmakers to cite classification also sheds light on a pattern of legislative deference to the executive branch, which determines what is and isn?t classified, that undercuts the concept of checks and balances. ?The government works because of a chain of oversight,? Harper said. ?Secrecy gets in there and it breaks those chains. So the public can?t oversee Congress. Congress can?t oversee the executive branch. Within executive branch agencies, oversight breaks down. It?s utterly corrosive of democratic processes that we otherwise take for granted.? Refusing to state an opinion on a classified matter robs people of the chance to objectively assess whether an elected official is representing their interests. ?Nobody?s opinion is classified,? said Aftergood. ?There may be specific facts or details of either military operations or intelligence sources that are properly classified, but one?s opinion about current events or about preferred outcomes is absolutely not classified. ?And to say that it is is disingenuous or dishonest.? Email: awatkins at mcclatchydc.com; Twitter: @alimariewatkins --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 18:06:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 19:06:56 -0400 Subject: [Infowarrior] - Rep Rogers Staffers Claim They Can Sue Techdirt for Defamation Message-ID: <0743A714-18D8-4AFD-B0B5-83CDC7303F53@infowarrior.org> Staffers For Rep. Mike Rogers Apparently Claim They Could Sue Me For Defamation from the probably-not-a-good-idea dept http://www.techdirt.com/articles/20130730/13342024004/staffers-rep-mike-rogers-apparently-claim-they-could-sue-me-defamation.shtml I had a fun phone call with a reporter in Michigan earlier today who is apparently working on a story about Rep. Mike Rogers. In doing some research for the article, he spoke with staffers in Rogers' office about some of the things I've written about Rogers and his position on internet surveillance and cybersecurity. The reporter told me that the staffers said they're "well aware of" me, but that they felt I was "an extreme liberal" and that I was using "liberal" talking points to attack him. Also, according to this reporter, they said that they could sue me for defamation concerning things I'd said about Rogers. Yes, it's come to this. We stand by the things we've written about Rep. Rogers and find it rather unbecoming of an elected official to try to chill the free speech of those who criticize his statements and actions with implied threats of lawsuits to silence their public participation. Furthermore, it's telling that Rogers' office apparently jumps to the false conclusion that my criticisms of his statements and actions come via some sort of "partisan" prism. As I have stated repeatedly, I don't easily self-identify into the standard "left/right" political spectrum, because I don't judge things based on any sort of partisan framework. I have been equally critical of politicians who are considered "liberal" as I have been of those who are considered "conservative." My opinions are not rendered via a partisan filter, but what I consider to be what is best for this country. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 30 19:06:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jul 2013 20:06:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?China=92s_Military_Preparing_for?= =?windows-1252?q?_=91People=92s_War=92_in_Cyberspace=2C_Space?= Message-ID: <64CAB358-B2B8-4640-9382-838A731EFF8D@infowarrior.org> China?s Military Preparing for ?People?s War? in Cyberspace, Space Translated report reveals high-tech plans for cyber attacks, anti-satellite strikes BY: Bill Gertz July 30, 2013 5:00 am http://freebeacon.com/china-military-preparing-for-peoples-war-in-cyberspace-space/ China?s military is preparing for war in cyberspace involving space attacks on satellites and the use of both military and civilian personnel for a digital ?people?s war,? according to an internal Chinese defense report. ?As cyber technology continues to develop, cyber warfare has quietly begun,? the report concludes, noting that the ability to wage cyber war in space is vital for China?s military modernization. According to the report, strategic warfare in the past was built on nuclear weapons. ?But strategic warfare in the information age is cyber warfare,? the report said. ?With the reliance of information warfare on space, cyberspace will surely become a hot spot in the struggle for cyberspace control,? the report said. The new details of Chinese plans for cyber and space warfare were revealed in a report ?Study on Space Cyber Warfare? by four engineers working at a Chinese defense research center in Shanghai. The report presents a rare inside look of one of Beijing?s most secret military programs: Cyber warfare plans against the United States in a future conflict. ?Cyber warfare is not limited to military personnel. All personnel with special knowledge and skills on information system may participate in the execution of cyber warfare. Cyber warfare may truly be called a people?s warfare,? the report says. People?s War was first developed by China?s Communist founder Mao Zedong as a Marxist-Leninist insurgency and guerrilla warfare concept. The article provides evidence that Chinese military theorists are adapting Mao?s peasant uprising stratagem for a future conflict with the United States. A defense official said the report was recently circulated in military and intelligence circles. Its publication came as a surprise to many in the Pentagon because in the past, U.S. translations of Chinese military documents on similar warfighting capabilities were not translated under a directive from policy officials seeking to prevent disclosure of Chinese military writings the officials feared could upset U.S.-China relations. A Chinese government spokesman could not be reached for comment. However, Chinese spokesmen in the past have denied reports that China engages in cyber attacks. The study links China?s space warfare development programs with its extensive cyber warfare capabilities. Both programs are considered ?trump card? weapons that would allow a weaker China to defeat a militarily stronger United States in a conflict. ?Cyber warfare is an act of war that utilizes space technology; it combines space technology and cyber technology and maintains and seizes the control of cyberspace,? the study says. Because cyberspace relies on satellites, ?space will surely be the main battlefield of cyber warfare,? the report said. Satellites and space vehicles are considered the ?outer nodes? of cyber space and ?are clear targets for attack and may be approached directly,? the report said, adding that ground-based cyberspace nodes are more concealed and thus more difficult to attack. Additionally, satellites have limited defenses and anti-jamming capabilities, leaving them very vulnerable to attack. The report reveals that China?s military, which controls the country?s rapidly growing space program, is preparing to conduct space-based cyber warfare??cyber reconnaissance, jamming, and attack??from space vehicles. Space-based cyber warfare will include three categories: space cyber attack, space cyber defense, and space cyber support. The space cyber support involves reconnaissance, targeting, and intelligence gathering. ?A space cyber-attack is carried out using space technology and methods of hard kill and soft kill,? the report said. ?It ensures its own control at will while at the same time uses cyberspace to disable, weaken, disrupt, and destroy the enemy?s cyber actions or cyber installations.? Soft-kill methods are designed to disrupt or damage cyberspace links using jamming, network cyber attacks, and ?deceit? in the electromagnetic domain. The cyber attacks include launching computer viruses, theft and tampering of data, denial of service attacks, and ?detonation of [a] network bomb that can instantaneously paralyze or destroy enemy?s information network.? ?Soft kill measures are well concealed, fast in action, and the attack can be accomplished before the enemy even has time to discover it,? the report said. ?Soft kill measures are deceptive and well hidden; they are difficult to detect and monitor.? Hard-kill cyber attack weapons include missiles and other ?kinetic? weapons along with directed energy, including lasers, radio frequency weapons, and particle beam weapons. Chinese cyber warfare capabilities are one of the People?s Liberation Army?s (PLA) most closely guarded secrets, along with its anti-satellite missile and jamming program. The topic of military cyber warfare was recently discussed by U.S. and Chinese military and defense officials at a meeting earlier this month of the U.S.-China Strategic and Economic Dialogue in Washington. The Washington Free Beacon obtained a copy of the recently translated report, dated December 2012 and published in the journal Aerospace Electronic Warfare. The journal is a bimonthly publication of the Institute 8511, part of the China Aerospace Science and Industry Corp. (CASIC), a state-run missile manufacturer and high-technology aerospace research center. Institute 8511 develops electronic warfare offense and defense weapons, countermeasure technologies, and command and control systems for aircraft and missiles. The institute in the past also developed China?s DF-21D anti-ship ballistic missile, a unique weapon that uses precision guidance to attack U.S. aircraft carriers at sea. The defense official said Institute 8511 is located close to the PLA?s premier cyber warfare headquarters in Shanghai, known as Unit 61398. That unit was identified in a report last February by the security firm Mandiant as the main origin of widespread military cyber attacks on the West. According to the report, China?s goal for cyber war calls for using high-technology weapons in cyberspace to achieve military objectives. ?Since cyberspace is boundless and transcends land, sea, air, and space, cyber warfare is not constrained by territorial land or territorial sea, and there is no difference between the front and the rear of the battlefield,? the report said. ?The advantage of cyber warfare is its global nature; it has global alert, global resources, and global access.? Additionally, war in cyberspace is not constrained by nighttime, weather, or geography and can be conducted at any time, key factors that have limited conventional warfighting in the past. In line with Chinese military doctrine that calls for sudden attacks and the element of surprise, the report said cyberwarfare is ideal for rapid attacks that are difficult for an enemy to identify. ?This suddenness can often leave cyber warfare without a trace and without damaging the physical installation or personnel, and yet it can change the trend and outcome of war by affecting the operational effectiveness in an instance.? A second recently translated military report by two PLA colonels calls for China to adopt a new military doctrine called ?trump card and data link-centric warfare? that is based on the U.S. war fighting doctrine called ?network-centric warfare.? The two colonels, Sr. Col. Du Wenlong and Sr. Col. Xie Zhaohui, call for a new strategic concept designed to attack and defeat the United States using advanced command, control, communications, computers, intelligence, surveillance, and reconnaissance, what the military calls C4ISR and the key to conducting combined arms warfare. The colonels call for new weapons and other military capabilities ?to penetrate and to strike as quickly as possible ? and ensure that our military will win the warfare under the informatized conditions.? ?Should the United States military?s transformation model of ?network-centric warfare? become a success, it will undoubtedly and completely change the mode and means of warfare, making warfare even more sudden and its outcome even quicker to come, generating unmatched asymmetrical advantages,? the colonels said. ?This will inevitably greatly strengthen its arrogance, enabling it to have its own way to an even bigger extent and to promote its politics of hegemony.? Publication of the new cyber warfare report provides a more recent example of the contradiction between internal Chinese military writings and public statements. A 1999 book produced for the Pentagon?s Office of Net Assessment and edited by China specialist Michael Pillsbury first reveals the contradiction. The book, ?Chinese Views of Future Warfare,? influenced many senior Pentagon and military leaders? views of China by showing that internal Chinese military writings discussed plans for war with the United States, considered China?s main enemy. The writings contrasted sharply with frequent public statements by China that its arms buildup is purely defensive and not directed at any country. Richard Fisher, a Chinese military affairs expert, said the Chinese report reveals China?s merger of cyber warfare and space warfare efforts. Fisher said the Chinese military understands that U.S. satellites are critical to relaying computer data traffic and are vulnerable to direct attack. ?China has already demonstrated two anti-satellite weapons: ground based lasers in 2006 and then the SC-19 [anti-satellite] missile in 2007. A higher Medium Earth Orbit (MEO) capable ASAT called DN02 may have been tested recently,? Fisher said. China also is pressing for a space arms agreement at the same time it is building up its space forces, Fisher said. ?The bottom line today is that China?s first priority is building the means to win wars in space while using space diplomacy to disarm its potential enemies,? he said. U.S. cyber warfare strategy was recently disclosed in a top-secret Presidential Policy Directive-20 that was made public by former National Security Agency contractor Edward Snowden. The directive outlines the use of military cyber attacks that ?can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.? A third Chinese document from 2005 that was translated recently by the U.S. government reveals that Chinese military planners are preparing to destroy or disable up to eight Global Positioning System satellites. The satellites are critical for U.S. military precision guided missiles and bombs. ?Eliminating two groups of GPS satellites can prevent GPS satellites from providing navigation service around the clock,? the study stated. ?The effect of dropping these GPS satellites on the navigation accuracy of GPS satellites is quite obvious,? the study, ?Research on Voidness of GPS,? said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 06:54:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 07:54:28 -0400 Subject: [Infowarrior] - NSA secret court order on phone records to be made public today Message-ID: <19D7E79F-5D28-4763-91F9-AE2DA4F58120@infowarrior.org> NSA secret court order on phone records to be made public today http://www.mcclatchydc.com/2013/07/30/198090/obama-administration-to-release.html#.Ufj3wVNRYzU By KEN DILANIAN | Tribune Washington Bureau WASHINGTON ? The Obama administration plans to release previously secret court orders that set out the rules and rationale for the bulk collection of U.S. phone records as officials seek to quell growing unrest in Congress over the government's massive information dragnet. According to a senior U.S. official, the government has declassified the order by the Foreign Intelligence Surveillance Court that authorized the collection program, which began in 2007. Before that, the National Security Agency had been collecting telephone records without a court order since shortly after the terrorist attacks of Sept. 11, 2001. The now declassified order is expected to be made public Wednesday when Deputy Attorney General James Cole, NSA Deputy Director John Inglis and other officials are slated to appear before the Senate Judiciary Committee. Former NSA contractor Edward Snowden disclosed the program in June by giving the Guardian newspaper and The Washington Post a secondary order from the foreign intelligence court directed at one company, Verizon. The primary order has more details, the official said, including the rules about when the database of phone records may be queried. Since Snowden's disclosures, administration officials have been engaged in intense internal debates over how much information about the program and the secret orders of the foreign intelligence court should be released to the public. National security officials have resisted many proposals to declassify information on the program, arguing that virtually any information about it could potentially be used by terrorist groups to evade U.S. surveillance. Other administration officials have argued that Congress could kill the entire program if the administration fails to reassure the public about how the information is gathered and what protections are in place for privacy. In addition to the court order from 2007, administration officials are also planning to release two white papers on the telephone-data program that were provided to Congress in 2009 and 2011 before the House and Senate voted to reauthorize the law behind it, the senior official said, speaking on condition of anonymity because he was not authorized to be quoted. The white papers summarized the program, made clear that it included "bulk collection," and instructed the intelligence committees to provide the papers in a classified setting to all members of Congress, the official said. The release of those papers is intended to make clear that Congress had the opportunity to be fully informed, despite protests in recent weeks from some members who said they didn't understand the extent of the records collection. The administration is also mulling a plan to release the program's legal rationale, including a memorandum making the argument that the phone records of nearly every American can be considered "relevant to an investigation," under the Patriot Act. But that is still being debated, the official said. The database includes so-called "telephony metadata," on nearly every American. The data includes records of calls for each telephone number, but not names, addresses or the contents of any communication, officials have said. Intelligence agencies query the database when they identify specific phone numbers that are believed to be linked to terrorist groups. Last year, 300 phone numbers were used to query the database, officials have said. Amid polls showing public concern about NSA surveillance, key lawmakers are mulling various proposals designed to boost confidence, including changes to FISA. Some lawmakers want the phone companies, not NSA, to retain the data. One of those lawmakers, Rep. Adam Schiff, D-Calif., a member of the Intelligence Committee, praised the decision to declassify the court order as "a positive step that will help inform the public debate." "The effort to provide greater transparency must not end here, and I urge the administration to declassify key decisions of the court involving issues of constitutional dimension," he added. "I also hope the administration will support legislation to require declassification of future decisions, not just past ones - so that we can assure that a more transparent FISA court becomes standard practice for this and future administrations." ?2013 Tribune Co. Read more here: http://www.mcclatchydc.com/2013/07/30/198090/obama-administration-to-release.html#.Ufj3wVNRYzU#storylink=cpy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 08:28:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 09:28:44 -0400 Subject: [Infowarrior] - Revealed: NSA program collects 'nearly everything a user does on the internet' Message-ID: (leaked slides at the URL.....of course, *not* for USG viewing. --rick) Revealed: NSA program collects 'nearly everything a user does on the internet' ? Glenn Greenwald ? theguardian.com, Wednesday 31 July 2013 08.56 EDT http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks ? what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata. Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity. Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets. But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst. One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time. The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted. Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used. One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous." The NSA documents assert that by 2008, 300 terrorists had been captured using intelligence from XKeyscore. Analysts are warned that searching the full database for content will yield too many results to sift through. Instead they are advised to use the metadata also stored in the databases to narrow down what to review. A slide entitled "plug-ins" in a December 2012 document describes the various fields of information that can be searched. It includes "every email address seen in a session by both username and domain", "every phone number seen in a session (eg address book entries or signature block)" and user activity ? "the webmail and chat activity to include username, buddylist, machine specific cookies etc". Email monitoring In a second Guardian interview in June, Snowden elaborated on his statement about being able to read any individual's email if he had their email address. He said the claim was based in part on the email search capabilities of XKeyscore, which Snowden says he was authorized to use while working as a Booz Allen contractor for the NSA. One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites". To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought. The analyst then selects which of those returned emails they want to read by opening them in NSA reading software. The system is similar to the way in which NSA analysts generally can intercept the communications of anyone they select, including, as one NSA document put it, "communications that transit the United States and communications that terminate in the United States". One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications. Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications: Chats, browsing history and other internet activity Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media. An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages. An analyst can monitor such Facebook chats by entering the Facebook user name and a date range into a simple search screen. Analysts can search for internet browsing activities using a wide range of information, including search terms entered by the user or the websites viewed. As one slide indicates, the ability to search HTTP activity by keyword permits the analyst access to what the NSA calls "nearly everything a typical user does on the internet". The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies. The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added. William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications." The XKeyscore system is continuously collecting so much internet data that it can be stored only for short periods of time. Content remains on the system for only three to five days, while metadata is stored for 30 days. One document explains: "At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours." To solve this problem, the NSA has created a multi-tiered system that allows analysts to store "interesting" content in other databases, such as one named Pinwale which can store material for up to five years. It is the databases of XKeyscore, one document shows, that now contain the greatest amount of communications data collected by the NSA. In 2012, there were at least 41 billion total records collected and stored in XKeyscore for a single 30-day period. Legal v technical restrictions While the Fisa Amendments Act of 2008 requires an individualized warrant for the targeting of US persons, NSA analysts are permitted to intercept the communications of such individuals without a warrant if they are in contact with one of the NSA's foreign targets. The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants. "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance. An example is provided by one XKeyscore document showing an NSA target in Tehran communicating with people in Frankfurt, Amsterdam and New York. In recent years, the NSA has attempted to segregate exclusively domestic US communications in separate databases. But even NSA documents acknowledge that such efforts are imperfect, as even purely domestic communications can travel on foreign systems, and NSA tools are sometimes unable to identify the national origins of communications. Moreover, all communications between Americans and someone on foreign soil are included in the same databases as foreign-to-foreign communications, making them readily searchable without warrants. Some searches conducted by NSA analysts are periodically reviewed by their supervisors within the NSA. "It's very rare to be questioned on our searches," Snowden told the Guardian in June, "and even when we are, it's usually along the lines of: 'let's bulk up the justification'." In a letter this week to senator Ron Wyden, director of national intelligence James Clapper acknowledged that NSA analysts have exceeded even legal limits as interpreted by the NSA in domestic surveillance. Acknowledging what he called "a number of compliance problems", Clapper attributed them to "human error" or "highly sophisticated technology issues" rather than "bad faith". However, Wyden said on the Senate floor on Tuesday: "These violations are more serious than those stated by the intelligence community, and are troubling." In a statement to the Guardian, the NSA said: "NSA's activities are focused and specifically deployed against ? and only against ? legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests. "XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system. "Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks ? In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring." "Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law. "These types of programs allow us to collect the information that enables us to perform our missions successfully ? to defend the nation and to protect US and allied troops abroad." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 08:33:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 09:33:05 -0400 Subject: [Infowarrior] - =?windows-1252?q?Revealed=3A_NSA_XKeyscore_progra?= =?windows-1252?q?m_=96_full_presentation?= Message-ID: <7E6972CA-D751-4879-B3E4-A95BB78FF8D7@infowarrior.org> NOTE: not intended for USG viewing. --rick NSA XKeyscore program ? full presentation Training materials for the XKeyscore program detail how analysts can use it and other systems to mine enormous agency databases and develop intelligence from the web http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 08:35:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 09:35:53 -0400 Subject: [Infowarrior] - DNI Declassifies and Releases Telephone Metadata Collection Documents Message-ID: <914721D6-0A55-443A-BE5E-4C586C271814@infowarrior.org> July 31, 2013 DNI Clapper Declassifies and Releases Telephone Metadata Collection Documents http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/908-dni-clapper-declassifies-and-releases-telephone-metadata-collection-documents In the interest of increased transparency, the Director of National Intelligence has authorized the declassification and public release of the attached documents pertaining to the collection of telephone metadata pursuant to Section 215 of the PATRIOT Act. DNI Clapper has determined that the release of these documents is in the public interest. Cover Letter and 2009 Report on the National Security Agency?s Bulk Collection Program for USA PATRIOT Act Reauthorization Cover Letters and 2011 Report on the National Security Agency?s Bulk Collection Program for USA PATRIOT Act Reauthorization Primary Order for Business Records Collection Under Section 215 of the USA PATRIOT Act For questions related to information contained in these documents, please contact the Public Affairs office at the Office of the Director of National Intelligence at (703) 275-3700. Shawn Turner Director of Public Affairs Office of the Director of National Intelligence --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 13:43:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 14:43:55 -0400 Subject: [Infowarrior] - Senate Commerce panel approves cybersecurity bill Message-ID: (looks like another ineffective' piece of cybersecurity legislation. --rick) Senate Commerce panel approves cybersecurity bill By Jennifer Martinez - 07/30/13 03:23 PM ET http://thehill.com/blogs/hillicon-valley/technology/314433-senate-commerce-panel-approves-cybersecurity-bill The Senate Commerce Committee unanimously approved an industry-backed bill aimed at boosting the nation's cybersecurity on Tuesday, paving the way for a full Senate vote on the measure before the end of the year. The bill, authored by Senate Commerce leaders Jay Rockefeller (D-W.Va.) and John Thune (R-S.D.) would codify a section of President Obama's cybersecurity order that tasks the Commerce Department's National Institute of Standard and Technology (NIST) to work with businesses to craft a framework of cybersecurity best practices and standards. NIST has already held a set of workshops with industry groups across the country to start drafting the framework, which is due in October. The bill stays away from the thornier issues in the cybersecurity debate, such as setting security standards for companies that operate critical infrastructure and improving information-sharing about cyber threats, because they lay outside the Commerce panel's jurisdiction. Specifically, the measure does not require companies to adopt the best practices and standards that are included in NIST's final framework. The bill has received backing from a wide range of industry groups, including USTelecom and the U.S. Chamber of Commerce, for its non-regulatory approach. "Our bill takes some important steps to help our private companies and our government agencies to defend their networks against their adversaries," Rockfeller said in his opening statements at the panel's markup. "It doesn?t do everything we need to do to improve our cybersecurity, but it?s a good start and I thank Senator Thune for working with me on this urgent issue." The bill would also boost cybersecurity research and development, education and public awareness about cyber threats. Commerce panel members adopted five non-controversial amendments to the bill, which were not debated during Tuesday's markup. An amendment from Sen. Amy Klobuchar (D-Minn.) would require the Government Accountability Office to conduct a report every two years on NIST's efforts to develop standards and procedures to reduce the risk of cyberattacks against critical infrastructure. Additionally, an amendment from Sen. Mark Warner (D-Va.) that was adopted to the bill would establish research centers for cybersecurity. Last year the Senate failed twice to pass a sweeping cybersecurity bill that would have encouraged critical infrastructure companies, such as power plants and water systems, to adopt a set of cybersecurity standards into their computer systems and networks so they're protected from hackers. Senate Republicans blocked the bill, which Rockefeller co-sponsored, because they believed it would make businesses follow new costly regulations. Read more: http://thehill.com/blogs/hillicon-valley/technology/314433-senate-commerce-panel-approves-cybersecurity-bill#ixzz2adyr7tyo Follow us: @thehill on Twitter | TheHill on Facebook --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 15:55:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 16:55:53 -0400 Subject: [Infowarrior] - NSA Director Heckled During Black Hat Speech Message-ID: NSA Director Heckled At Conference As He Asks For Security Community's Understanding http://www.forbes.com/sites/andygreenberg/2013/07/31/nsa-director-heckled-at-conference-as-he-asks-for-security-communitys-understanding/ When NSA Director Keith Alexander appeared at the Las Vegas security conference Black Hat Wednesday morning, he hoped to mend the NSA?s reputation in the eyes of thousands of the conference?s hackers and security professionals. It didn?t go exactly as planned. Alexander was about a half hour into his talk when a 30-year-old security consultant named Jon McCoy shouted ?Freedom!? ?Exactly,? responded Alexander. ?We stand for freedom.? ?Bullshit!? McCoy shouted. ?Not bad,? Alexander said, as applause broke out in the crowd. ?But I think what you?re saying is that in these cases, what?s the distinction, where?s the discussion and what tools do we have to stop this.? ?No, I?m saying I don?t trust you!? shouted McCoy. ?You lied to Congress. Why would people believe you?re not lying to us right now?? another voice in the crowd added. ?I haven?t lied to Congress,? Alexander responded, visibly tensing. ?I do think it?s important for us to have this discussion. Because in my opinion, what you believe is what?s written in the press without looking at the facts. This is the greatest technical center of gravity in the world. I ask that you all look at those facts.? Alexander?s talk had begun with a plea for the hacker and security researcher community to reconsider the NSA?s role in the wake of a still-unfolding scandal revealed by the classified leaks of former Booz Allen contractor Edward Snowden. ?Their reputation has been tarnished,? he said, speaking of his NSA staff. ?But you can help us articulate the facts properly. I will answer every question to the fullest extent possible, and I promise you the truth: What I know, what we?re doing, and what I cannot tell you because we don?t want to jeopardize the future of our defense.? Alexander?s talk focused on the oversight placed on the NSA by Congress and the Foreign Intelligence Surveillance Court, which must approve the NSA?s surveillance in any case where it might target Americans. The FISC, which hears the NSA?s arguments without any opposing counsel, has been accused of offering negligible oversight of the Agency?s work. The FISC stated in April that it had received 1,789 applications for electronic surveillance, of which 1,748 others were approved without changes and only one was withdrawn. ?I?ve heard the court is a rubber stamp. I?m on the other end of that table, against that table of judges that don?t take any?I?m trying to think of a word here?from even a four-star general. They want to make sure what we?re doing comports with the constitution and the law,? Alexander said. ?I can tell you from the wire brushings I?ve received, they are not a rubber stamp.? Alexander also cited a Congressional inquiry into the NSA that found no evidence that it had engaged in any illegal use of its spying powers. But the NSA has come under continued Congressional scrutiny, including in a hearing Wednesday morning in which the Senate Judiciary committee grilled members of the intelligence community, including NSA deputy director John Inglis, over the mass collection of Americans? cell phone records. Also Wednesday morning, the Guardian published new documents leaked by Edward Snowden revealing yet another NSA program known as XKeyScore, a tool that allows the broad search of millions of individuals? emails and browsing history. In his Black Hat talk, the four-star general presented a timeline of terrorist attacks around the world, from the 1993 World Trade Center bombing to the Boston Marathon attack. He told the story of Najibullah Zazi, a terrorist accused of plotting an attack on the New York subway whose plot was foiled by the NSA?s surveillance, particularly the PRISM program that allows the NSA access to user data from Google , Microsoft , Apple , Skype, Facebook and other tech firms. Alexander also noted the 6,000 NSA cryptologists who have deployed to Afghanistan and Iraq, 20 of whom were killed in the line of duty according to Alexander. ?Think about people willing to go forward to Iraq and Afghanistan, to make sure our soldiers, airmen and marines get the intelligence they need,? he said. ?I believe these are the most noble people we have in this country.? ?We get all these allegations of what [NSA staff] could be doing,? Alexander added. ?But when people check what the NSA is doing, they?ve found zero times that?s happened. And that?s no bullshit. Those are the facts.? The crowd responded to that line with loud applause, as Alexander asked the press not to quote his swearing, noting his 15 grandchildren. ?The whole reason I came here was to ask you to help you to help us make it better,? said the general. ?And if you disagree with what we?re doing, you should help us twice as much.? ?Read the constitution!? shouted McCoy in one last heckle. ?I have. So should you,? responded Alexander to another round of applause. After the talk, I found McCoy in the crowd and asked him about his not-so-friendly debate with the general. ?His speech was pretty canned,? said McCoy. ?It?s anything you can see on Fox News any day. We?re in danger, we have to get rid of your freedom to keep you safe.? ?Everyone?s thinking this, but no one?s saying it public, so everyone thinks they?re alone,? he said. ?Ninety-eight percent of society has issues with this?But no one speaks up.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 16:41:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 17:41:03 -0400 Subject: [Infowarrior] - 9CA: College athletes can sue EA over images Message-ID: Court: College athletes can sue EA over images http://news.yahoo.com/court-college-athletes-sue-ea-over-images-211809489.html PAUL ELIAS 21 minutes ago EA Sports SAN FRANCISCO (AP) ? A federal appeals court ruled Wednesday that video game maker Electronic Arts must face legal claims by college players that it unfairly used their images without compensation. The 9th U.S. Circuit Court of Appeals said the Redwood City, Calif., company can't invoke the 1st Amendment to shield it from the players' lawsuit. The legal action was filed in 2009 by Sam Keller, a quarterback who played for Arizona State before transferring to the University of Nebraska. It argues for class action status to represent all current and former players and has been combined with a similar lawsuit filed by former UCLA basketball star Ed O'Bannon against the NCAA. EA said it plans to appeal the ruling. The company has claimed its college-based sports games were works of arts deserving freedom of expression protection. The court disagreed, ruling the avatars used in the company's basketball and football games were exact replicas of individual players. The court concluded that the company did little to transform the avatars into works of art and said EA's NCAA Football game was too realistic to be considered a new art form. "Every real football player on each team included in the game has a corresponding avatar in the game with the player's actual jersey number and virtually identical height, weight, build, skin tone, hair color, and home state," Judge Jay Bybee wrote for the divided three-judge panel. Bybee rejected EA's contention that the game was akin to a newsgathering product that restates statistical, biographical and other publicly available information. Bybee noted that EA omitted putting the names of players on the avatars. "EA can hardly be considered to be 'reporting' on Keller's career at Arizona State and Nebraska when it is not even using Keller's name in connection with his avatar in the game," Bybee concluded. Judge Sidney Thomas dissented. She warned that the majority's stance will jeopardize the rights of authors, movie makers and others to use real people in fictional settings. "Absent the use of actual footage, the motion picture 'Forrest Gump' might as well be just a box of chocolates," Thomas wrote. "Without its historical characters, 'Midnight in Paris' would be reduced to a pedestrian domestic squabble." EA no longer makes a college basketball game. The NCAA said two weeks ago that it won't seek a new contract with EA Sports when the current deal expires in June 2014. EA said it intended to continue making a college football product without NCAA logos. The decision upheld a lower court ruling. In a separate ruling, the same panel tossed out Jim Brown's lawsuit against EA, even though Brown made similar ? but not identical ? allegations as Keller. Brown argued that his inclusion in the Madden games suggested he endorsed the product. Brown's attorney Ron Katz said his client filed his lawsuit alleging a violation of the Hall of Famer's "trademark" rather than Keller's claim that EA violated his "right to publicity." Authors, filmmakers and others are allowed to use famous people's "trademarks" as long as they are creating new artwork and not seeking to profit specifically from the celebrity. The 9th Circuit said Brown, unlike Keller, needed to prove that EA explicitly mislead consumers into thinking Brown endorsed the Madden video games because of his inclusion. EA promoted a feature in older Madden games that included 50 of the greatest NFL players. "EA's statement is true and not misleading," Bybee said, noting that the NFL had named Brown one of its 50 greatest players. "As expressive works, the Madden NFL video games are entitled to the same First Amendment protection as great literature, plays, or books," the panel concluded. "Brown's likeness is artistically relevant to the games and there are no alleged facts to support the claim that EA explicitly misled consumers as to Brown's involvement with the games." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 31 17:22:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Jul 2013 18:22:36 -0400 Subject: [Infowarrior] - NSA Statement on XKEYSCORE Message-ID: NSA Statement on XKEYSCORE http://www.nsa.gov/public_info/press_room/2013/30_July_2013.shtml Press Statement on 30 July 2013 As the IC and NSA have stated previously, the implication that NSA's collection is arbitrary and unconstrained is false. NSA's activities are focused and specifically deployed against - and only against - legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interest. Public release of this classified material about NSA collection systems, without context, does nothing more than jeopardize sources and methods, and further confuse a very important issue for the country. Although it is impossible to provide full details of classified programs and still have them remain effective, we offer the following points for clarification: 1. XKEYSCORE is used as part of NSA's lawful foreign signals intelligence collection system. By the nature of NSA's mission, which is the collection of foreign intelligence, all of our analytic tools are aimed at information we collect pursuant to lawful authority to respond to foreign intelligence requirements - nothing more. 2. Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKEYSCORE, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks. Those personnel must complete appropriate training prior to being granted such access - training which must be repeated on a regular basis. This training not only covers the mechanics of the tool but also each analyst's ethical and legal obligations. In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring. 3. Our tools have stringent oversight and compliance mechanisms built in at several levels. One feature is the system's ability to limit what an analyst can do with a tool, based on the source of the collection and each analyst's defined responsibilities. Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law. These types of programs allow us to collect the information that enables us to perform our missions successfully - to defend the nation and to protect US and allied troops abroad. (For example, as of 2008, there were over 300 terrorists captured using intelligence generated from XKEYSCORE.) Continuous and selective revelations of specific techniques and tools used by NSA to pursue legitimate foreign intelligence targets is detrimental to the national security of the United States and our allies, and places at risk those we are sworn to protect - our citizens, our war fighters, and our allies. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.