From rforno at infowarrior.org Sat Jun 1 13:17:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Jun 2013 14:17:59 -0400 Subject: [Infowarrior] - Five myths about Chinese hackers Message-ID: <1217C6A2-0151-4879-A3E8-7CAC54CCBF69@infowarrior.org> While JAL makes several points I agree with, the first sentence in #2 is spot-on. But will folks take heed or admit responsibility? Of course not. Still it's good to see one of DC's regular cyber-talking-heads say it so bluntly.....too bad nobody will listen or take meaningful corrective action. --rick Five myths about Chinese hackers By James Andrew Lewis, http://www.washingtonpost.com/opinions/five-myths-about-chinese-hackers/2013/03/22/4aa07a7e-7f95-11e2-8074-b26a871b165a_print.html James Andrew Lewis is a senior fellow and director of the technology and public policy program at the Center for Strategic and International Studies. If you work in Washington ? on the Hill or on K Street, at a law firm or at a think tank ? you?ve probably been hacked. If you work at a major American company, you?ve probably been hacked, too. The penetration of U.S. computer networks by Chinese hackers has been going on for more than three decades. It?s good that it is finally getting attention, but with that spotlight have come exaggeration and myths that need to be discarded. 1. We are in a cyber cold war with China. We are not in a war ? cold, cool or hot ? with China in cyberspace. There have been none of the threats, denouncements or proxy conflicts that characterize a cold war. In fact, the administration appears to have omitted any mention of the Chinese military in recent high-profile speeches on Chinese hacking. After Treasury Secretary Jack Lew met recently with top Chinese officials in Beijing, he told reporters there that cyberattacks and cyber-espionage are a ?very serious threat to our economic interests.? ?Cyberattack? is one of the most misused terms in the discussion of Chinese hackers. With very few exceptions, China has not used force against the United States in cyberspace. What it has been doing is spying. And spying, cyber or otherwise, is not an attack or grounds for war, even if military units are the spies. Spying isn?t even a crime under international law, and it wouldn?t be in Washington?s interest to make it so. Trying to cram Chinese hackers into antiquated cold war formulas doesn?t help, either. America?s relationship with China is very different from the one it had with the Soviet Union, in which contacts were extremely limited and there was no economic interdependence. The idea of ?containment? for China is inane. How would you ?contain? a major economic partner? 2. China?s hackers are unstoppable cyberwarriors. The problem isn?t that the Chinese are so skilled; it?s that U.S. companies are so inept. A survey I published last monthfound that more than 90 percent of corporate-network penetrations required only the most basic techniques, such as sending a bogus e-mail with an infected attachment, and that 85 percent went undetected for months ? another sign of lax security. (One more sign: They were usually discovered by an outsider rather than the victimized company.) There is debate within the U.S. intelligence community about whether the Chinese have more sophisticated cyberattackers waiting in the wings or whether we?ve seen the best they can do. But it?s clear that so far, they haven?t had to bring their A-game to break into our networks. 3. China is poised to launch crippling attacks on critical U.S. infrastructure. Obama?s State of the Union address included a line about how ?our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air-traffic-control systems.? Similarly, a recent report by the security firm Mandiant suggested that China?s hackers are increasingly focused on companies with ties to U.S. critical infrastructure. In peacetime, however, China is no more likely to launch a cyberattack on American infrastructure than it is to launch a missile at us. It has no interest in provoking a war it couldn?t win or in harming an economy it depends on. Even in wartime, China would want to avoid escalation and would be more apt to launch cyberattacks on the Pacific Command or other deployed U.S. forces than on domestic American targets. China would attack civilian infrastructure only in extremis ? if the survival of its regime were threatened. 4. Cyber-espionage is causing the greatest transfer of wealth in history. This claim has been repeated by the likes of the head of U.S. Cyber Command. It?s a dramatic way to describe the theft, mainly by China, of American intellectual property, but it doesn?t make economic sense. Putting a dollar value on the loss from cyber-espionage is very difficult, and many estimates are wild guesses. A reasonable assessment would be that it costs the United States no more than $100 billion a year and perhaps much less ? what some economists would describe as a rounding error in our $15 trillion economy. This is not death by a thousand cuts. It probably isn?t even slowing the U.S. economy. Even when China steals intellectual property, it can take years to turn it into a competitive advantage. The right technical skills and manufacturing base are needed to turn advanced designs into high-end competitive products. China is still lagging in many high-tech arenas, such as semiconductors. The one area where this is not true is military technology. Chinese espionage has led to rapid improvements in that country?s stealth, submarine-quieting, nuclear weapons and sensor technologies. While the economic risk from cyber-espionage is generally overstated, the United States has probably underestimated the damage to its lead in military technology. 5. America spies on China, too, so what can we complain about? Chinese officials portray their country as a victim of hacking. Meanwhile, some American scholars question whether the United States is in a position to criticize, since it also engages in cyber-espionage. ?Perhaps the complaint is that the Chinese are doing better against our government networks than we are against theirs,? law professor Jack Goldsmith wrote. That misstates the issue. The Internet, poorly secured and poorly governed, has been a tremendous boon for spying. Every major power has taken advantage of this, but there are unwritten rules that govern espionage, and China?s behavior is out of bounds. Where Beijing crosses the line is in economic espionage: stealing secrets from foreign companies to help its own. China also outmatches all other countries in the immense scale of its spying effort, and the United States is far from the only nation to have suffered. The United States, by contrast, does not engage in economic espionage. As one Chinese official put it in recent talks at the Center for Strategic and International Studies: ?In America, military espionage is heroic and economic espionage is a crime, but in China the line is not so clear.? The United States and other countries need to make that line clearer and discourage China from crossing it. jalewis at csis.org --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 2 18:53:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Jun 2013 19:53:10 -0400 Subject: [Infowarrior] - Why you should always read the small print from Facebook Message-ID: <4BC6036B-F536-43FB-A591-2D342AC87BA3@infowarrior.org> Why you should always read the small print from Facebook A casual -- and perhaps tipsy -- reveler at a California chowder house on Saturday might not have realized that Facebook was about to photograph and record them and keep the recordings for ever. by Chris Matyszczyk June 2, 2013 2:00 PM PDT http://news.cnet.com/8301-17852_3-57587241-71/why-you-should-always-read-the-small-print-from-facebook/ Please imagine you were to spend Saturday enjoying a little reading on the beach and then, perhaps, a couple of drinks. Please imagine you decided to waft down to Northern California's Half Moon Bay and wandered into an establishment called Sam's Chowder House. You may or may not have been with someone you shouldn't have been escorting. Still, you hoped for a little privacy, a little quiet time to contemplate life's ideas and people (small and large), while staring out at the ocean. You may not have noticed the little yellow signs on the door of the chowder house. There are often little signs on glass doors. Surely they are about as meaningful as those Yelp and Zagat stickers. In this case, though, it was a good thing my mind was stone cold. For here was Facebook informing me that if I entered it would be photographing me and recording my conversations. Perhaps I should have been unsurprised. This is merely the next stage of our ever-networked world. And yet, as I read the smaller type, I saw that Facebook didn't merely intend to shoot and record with nary a privacy care. No, by entering I was giving Facebook permission to use its recordings of me, my companion and anyone else sailing into the chowder house "throughout the universe, for any purpose whatsoever, in perpetuity." Still, I could be assured that the company would, at least, allow me some rights to these recordings. Not quite. "All such photographs and sound recordings to be the sole property of Facebook." Technically, not merely of Facebook but of "its successors and assigns too." Ergo, I could be chatting about my innermost thoughts, feelings, and intentions and Facebook could give (or even sell) the recording to anybody it chooses as one of its "assigns." Would the company that is supposedly dedicated to bringing the world together assign details of my assignation to, say, someone who may not be my friend? It seems to claim that right. Oh, I know you'll tell me that this just a standard release form created by a turbo-lawyer. But you'd imagine that Facebook, the company that prides itself on its people-centricity and privacy controls, might be a little more sensitive to these things. It seems not. I have therefore contacted Facebook to ask whether the company can envisage, at any point, playing a recording of my intimate conversations to aliens from the Planet Zug. The truth is, Facebook won't have the chance. I read the small print, used the restroom and left. It's not that I don't trust Facebook. Oh, alright, it is. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 2 18:53:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Jun 2013 19:53:17 -0400 Subject: [Infowarrior] - No, I blame hackers. We have to, right? Message-ID: http://www.wtop.com/41/3344558/Squirrel-blamed-for-power-outage-at-Va-airport Squirrel blamed for power outage at Va airport Sunday - 6/2/2013, 5:39pm ET ROANOKE, Va. (AP) -- An Appalachian Power spokesman says a squirrel is responsible for a power outage at Roanoke Regional Airport. Todd Burns tells The Roanoke Times that the squirrel got into some electrical equipment and fiddled with it. The outage occurred Sunday morning and also affected customers in a part of north Roanoke. Burns says power was restored by noon. Airport spokeswoman Sherry Wallace says flights and services weren't affected by the outage. The airport used backup generators. ___ Information from: The Roanoke Times, http://www.roanoke.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 3 16:14:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jun 2013 17:14:31 -0400 Subject: [Infowarrior] - SCOTUS: Police can take DNA swabs from arrestees Message-ID: <97960834-1C46-4A08-9064-9F182C98C6DA@infowarrior.org> Court: Police can take DNA swabs from arrestees Email this Story Jun 3, 11:11 AM (ET) By JESSE J. HOLLAND http://apnews.myway.com/article/20130603/DA6MB4680.html WASHINGTON (AP) - A sharply divided Supreme Court on Monday said police can routinely take DNA from people they arrest, equating a DNA cheek swab to other common jailhouse procedures like fingerprinting. "Taking and analyzing a cheek swab of the arrestee DNA is, like fingerprinting and photographing, a legitimate police booking procedure that is reasonable under the Fourth Amendment," Justice Anthony Kennedy wrote for the court's five-justice majority. But the four dissenting justices said that the court was allowing a major change in police powers. "Make no mistake about it: because of today's decision, your DNA can be taken and entered into a national database if you are ever arrested, rightly or wrongly, and for whatever reason," conservative Justice Antonin Scalia said in a sharp dissent which he read aloud in the courtroom. At least 28 states and the federal government now take DNA swabs after arrests. But a Maryland court was one of the first to say that it was illegal for that state to take Alonzo King's DNA without approval from a judge, saying King had "a sufficiently weighty and reasonable expectation of privacy against warrantless, suspicionless searches." But the high court's decision reverses that ruling and reinstates King's rape conviction, which came after police took his DNA during an unrelated arrest. Kennedy wrote the decision, and was joined by Chief Justice John Roberts and Justices Samuel Alito, Clarence Thomas and Stephen Breyer. Scalia was joined in his dissent by Justices Ruth Bader Ginsburg, Sonia Sotomayor and Elena Kagan. Getting DNA swabs from criminals is common. All 50 states and the federal government take cheek swabs from convicted criminals to check against federal and state databanks, with the court's blessing. The fight at the Supreme Court was over whether that DNA collection could come before conviction and without a judge issuing a warrant. According to court documents, the FBI's Combined DNA Index System or CODIS - a coordinated system of federal, state and local databases of DNA profiles - already contains more than 10 million criminal profiles and 1.1 million profiles of those arrested. In the case before the court, a 53-year-old woman was raped and robbed but no one was arrested. Almost six years later, Alonzo King was arrested and charged with felony second-degree assault. Taking advantage of the Maryland law that allowed warrantless DNA tests following some felony arrests, police took a cheek swab of King's DNA, which matched a sample from the 2003 Salisbury rape. King was convicted of rape and sentenced to life in prison. King eventually pleaded guilty to a lesser charge of misdemeanor assault from his arrest, a crime for which Maryland cannot take warrantless DNA samples. The state courts said it violated King's rights for the state to take his DNA based on an arrest alone. The state Court of Appeals said King had "a sufficiently weighty and reasonable expectation of privacy against warrantless, suspicionless searches." But the high court's decision reinstates King's conviction. Maryland stopped collecting DNA after that decision, but Roberts allowed police to keep collecting DNA samples pending the high court's review. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 3 16:54:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jun 2013 17:54:26 -0400 Subject: [Infowarrior] - ARM Launches Hollywood Approved Anti-Piracy Processor Message-ID: <02558014-8F77-4339-8655-FB2F00D13698@infowarrior.org> ARM Launches Hollywood Approved Anti-Piracy Processor ? Ernesto http://torrentfreak.com/arm-launches-hollywood-approved-anti-piracy-processor-130603/ Chip manufacturer ARM has announced a Hollywood-approved video processor that enables content producers to prevent piracy on mobile platforms. The Mali-V500 video chip features hardware embedded anti-piracy capabilities which secure playback of high-definition video. According to ARM the new chip meets the toughest anti-piracy standards for mobile devices. If you have a smartphone then there?s a good chance that it comes with an ARM chip inside. The British company ARM Holdings is the market leader in smartphone processors. Today the company announced a series of new products at Computex, with one standing out in particular. Not because it includes ground breaking features that will improve the consumer experience, but through its embedded hardware DRM. Developed on Hollywood?s demand, the Mali-V500 video processor is the first mobile chip optimized to prevent high-definition video from being pirated. Until now the major movie studios have been hesitant to move some of their videos to mobile platforms since these are harder to secure. However, this will change in the future if ARM?s new processor is implemented. ?In order to protect their multi-billion dollar investments, studios and content owners are demanding hardware-backed security across all devices that play their premium content,? ARM?s director of market development Cris Porthouse notes in a blog post. ?This means that in order to support premium content mobile and other consumer embedded devices must support hardware-backed protection of content from download to display.? ARM?s Mali-V500 is the first chip of its kind to offer this kind of protection, sometimes dubbed hardware DRM. According to Porthouse the video processor offers state of the art security with support for a wide variety of DRM solutions. ?In order to meet the stringent security requirements of movie content owners, Mali-V500 has been architected to efficiently support ARM TrustZone and associated media playback use cases efficiently,? he writes. Speaking with the Financial Times, Porthouse said that Hollywood and Netflix demand hardware protection as traditional DRM solutions are no longer sufficient. ?Hollywood movie studios and major content distributors like Netflix and others are demanding for premium or early window content ? their highest-value content ? to be protected not just by digital rights management but by the hardware, all the way from download through to display.? So if it?s up to ARM your smartphone will soon be shipped with built-in DRM to keep pirates at bay. The question is, however, whether all this expensive technology will be effective in preventing movies from leaking out. Or will it mostly cause trouble for legitimate consumers, as is often the case with other forms of DRM. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 3 17:18:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jun 2013 18:18:44 -0400 Subject: [Infowarrior] - France Ready To Shut Down Hadopi As It's 'Incompatible' With Digital Economy Message-ID: France Ready To Shut Down Hadopi As It's 'Incompatible' With Digital Economy from the well,-duh dept http://www.techdirt.com/articles/20130603/00362223289/france-ready-to-shut-down-hadopi-as-its-incompatible-with-digital-economy.shtml It's amazing how frequently we still hear from entertainment industry folks or politicians pointing to Hadopi as an example of "success" in a three strikes program. Of course, the reality is that it has been a colossal failure by nearly every measure possible. The industry has had to seriously massage the statistics, but they can't deny the simple fact that it hasn't helped drive sales, which really seems like the key metric. In fact, the latest reports show that music sales -- including digital sales -- have continued to drop. Even more telling: the decline in sales in France has outpaced the decline elsewhere. In other words, nothing about Hadopi worked. Even when Hadopi finally "convicted" someone, it was someone that everyone agreed didn't pirate songs. In the meantime, French users for services not tracked by Hadopi have skyrocketed. It was only a matter of time before politicians began questioning why they were spending so much money on a system with no real benefit. The result, as we noted a few weeks ago, was a recommendation to kill off Hadopi, though potentially to replace it with other bad ideas. Either way, it looks like it's almost guaranteed that Hadopi is going away, a failure on nearly every level. What struck me as most interesting, however, is the reasoning given by the politician in charge of internet policy in France: Fleur Pellerin, the French minister in charge of Internet policy, said during a recent visit to a high-technology complex in Sweden that suspending Internet connections was incompatible with the French government?s hopes of spurring growth in the digital economy. ?Today, it?s not possible to cut off Internet access,? she said. ?It?s something like cutting off water.? Well, duh. And while that's true "today" that was also true when Hadopi was put in place, and many, many people explained that to French officials. So we've got the French government recognizing that the program was a complete disaster. It cost too much, it shut off internet access which goes against any hope of "spurring a digital economy," it put guilt on innocent parties and it did nothing to help sales. Given all of this, why is it that politicians still take the same RIAA/MPAA ideas seriously when they propose their latest braindead scheme to try to pretend they live in a different, non-digital era? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 4 06:36:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jun 2013 07:36:04 -0400 Subject: [Infowarrior] - OT: Ex-CIA Deputy Director Frank Carlucci Fell for This Scam. Would You? Message-ID: <16CE8956-D4F2-4FAA-A1C8-F0980B6A8D14@infowarrior.org> (c/o DOD) Ex-CIA Deputy Director Frank Carlucci Fell for This Scam. Would You? by Rich Smith May 31st 2013 5:00AM Updated May 31st 2013 5:58AM http://www.dailyfinance.com/2013/05/31/frank-carlucci-plastic-into-oil-scam/ Intelligence: To most of us it means smarts, wisdom, cleverness -- but when the word sits at the heart of the name "Central Intelligence Agency," it stands for vital information, and the special methods used to gather those key facts. Surprisingly, it turns out that even someone who once was the No. 2 man at the CIA can forget to pay attention to both of those versions of intelligence when it comes to investing. In Florida this week, former Deputy CIA Director (and former Secretary of Defense under President Reagan) Frank Carlucci walked into court and demanded that a Florida judge enforce judgment against a huckster who Carlucci says defrauded him out of $32 million. The huckster in question, Michael Han, and his company, West Palm Beach-based Envion, had offered the prospect of taking scraps of plastic waste, originally manufactured from oil, and converting the stuff back into oil for use as a fuel source. Basically, it was promising a form of 21st-century alchemy -- except the base material in this case was plastic instead of lead, and the product it would supposedly would be turned into wasn't real gold but "black gold." According to Carlucci's complaint, originally filed in April 2012, Han had assured Carlucci that Envion had a patent on this plastic-to-oil technology, a stable of "highly regarded directors" running the shop, a bevy of orders in backlog for sale of the "oil generator" machines that would do the conversions, and plenty of heavy-hitter investors lined up to finance the project. Unfortunately, none of that was true. More unfortunately still, Carlucci was unaware that it was not true. He got duped. In for a Penny, In for a Pound First approached by Han in 2004, Carlucci happily anted up $500,000 as his first investment in Envion -- apparently doing no due diligence, instead accepting Han's statements at face value. Further happy-talk from Han about the great strides the company was making, and Carlucci's own prospects of earning a return 50 times greater than his investment, enticed the former CIA Deputy Director to hand over millions of dollars more in subsequent years. It was not until eight years later ? 2012 -- that Carlucci began to suspect that something was up. This was after Han closed down the Washington, D.C., office of his supposedly hyper-growing company and moved the firm's headquarters to Florida. It also apparently took Carlucci those eight years to begin asking around, and investigating Han's assertions that he had such luminaries as Bill Gates, Warren Buffett, Bill Clinton, and George W. Bush investing alongside him -- with corporations Morgan Stanley (MS), Petrobras (PBR), and Russia's Gazprom beating down the door to invest as well. (Hint: He didn't, and they weren't.) Of course, by that point Carlucci was $32 million in the hole, with much of his wealth having gone to pay Han a $5 million salary, and to buy Han a $3.5 million home -- in Florida's soon-to-implode real estate market, no less. Last month, Carlucci won a judgment for $37 million in Virginia to try to collect what he could out of whatever money Han has left -- nine years too late. What's the Lesson Here for You? Now, for small investors there are a couple of possible takeaways to this story. One possible interpretation: If the former second-in-command of the CIA, and a former honest-to-goodness spy (in the early 1960s, Carlucci held an undercover CIA posting in the Congo) couldn't figure out that the company he was investing in was a fraud, what hope can we little guys, we small-fry investors, ever have? If you ask me, though, the real moral of this story is much more simple: Use your common sense. First and most obviously, if some guy walks up to you and offers you an easy way to turn your money into a 5,000 percent profit, ask yourself: If this idea is so great, then why is this guy giving it to me, instead of keeping it to himself? Second, do some due diligence. Before committing $32 million, or $32,000, or $320 to a project, do a bit of research. You don't need the resources of the Department of Defense or CIA for this. The SEC will suffice. If some guy named "Han" tells you he's got investors from Petrobras and Morgan Stanley investing in a plastic-to-oil scheme, look up Petrobras or Morgan Stanley on the SEC's website, and see if their filings say anything about their involvement in it. Third, if your suspicions are already up, you may be able to get by on even more basic research. For example, a Google search for "plastic + into oil + machine + hoax" might have turned up a link to this 2010 post on the snopes.com website -- two years before Carlucci finally caught on to his goof, and filed his lawsuit. Motley Fool contributor Rich Smith has no position in any stocks mentioned. The Motley Fool recommends Petroleo Brasileiro S.A. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 4 06:47:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jun 2013 07:47:13 -0400 Subject: [Infowarrior] - WH Comes Out Strongly Against Patent Trolls; Here Are The Details Message-ID: <33110D09-BDB0-4133-B73F-D799AD0D6417@infowarrior.org> President Obama Comes Out Strongly Against Patent Trolls; Here Are The Details from the well-that's-nice dept Back in February, we were a bit surprised during President Obama's "Fireside Hangout" when he appeared to speak out against patent trolls. Historically, most politicians had always tiptoed around the issue, in part because the pharma industry seems to view any attack on patent trolls as an existential threat -- and, frankly, because some small time patent holders can also make a lot of noise. However, it's become exceptionally clear that there's political will to take on patent trolls. We've noted five different patent law bills introduced in Congress, all targeting patent trolls in one form or another. And now, it's been reported that President Obama is going to come out strongly against patent trolling, directing the USPTO and others to fix certain issues, while also asking Congress to pass further laws to deal with patent trolling. The President will flat out note that patent trolls represent a "drain on the American economy." The announcement will directly say that "patent trolls" (yes, they use the phrase) are a problem, while also talking about the problem of patent thickets like the infamous "smartphone wars." The plan is scheduled to be released later today, but we've got a preview of the specific plan, and let's take a look at each of the suggestions quickly. I'm sure we'll be discussing the concepts in much more detail for the near future. The plan is split into two different parts: legislative actions (i.e., asking Congress to do something) and executive actions (i.e., ordering administration agencies/departments to do things). Let's start with the executive actions, since those are likely to have the more immediate impact..... < big snip with pdf > http://www.techdirt.com/articles/20130604/00412423310/president-obamas-comes-out-strongly-against-patent-trolls-here-are-details.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 4 06:49:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jun 2013 07:49:32 -0400 Subject: [Infowarrior] - Prenda pirated itself to extort victims: expert Message-ID: <9B825616-83E1-45DC-98FD-9956A1CC8C12@infowarrior.org> Porno copyright trolls Prenda: expert says they pirated their own movies to get victims to download Cory Doctorow at 8:00 pm Mon, Jun 3, 2013 The saga of porno-copyright-trolls Prenda Law (previously) just keeps getting more tawdry. Prenda is a mysterious extortionate lawsuit-threat-factory that claimed to represent pornographers when it sent thousands (and thousands!) of legal threats to people, telling them they'd get embroiled in ugly litigation that would forever tie their names to embarrassing pornography titles unless they paid hush money. Their con has unraveled in a series of legal losses. Now, one of their victims has had an expert witness file an affidavit in First Time Videos vs. Paul Oppold, a case in Florida. The expert fields an astonishing accusation: Prenda Law's principle, John Steele, is the person who uploaded the infringing pornography in the first place, listing it on BitTorrent index sites with information inviting people to download it -- people whom he then sent legal threats to for downloading those selfsame movies. < -- > http://boingboing.net/2013/06/03/porno-copyright-trolls-prenda-2.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 4 07:05:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jun 2013 08:05:00 -0400 Subject: [Infowarrior] - Top political appointees use secret email accounts Message-ID: <16EC7C45-3D77-4F69-92F1-34B3D9B9CC77@infowarrior.org> (I have no doubt this story will be deemed another "scandal" and lead to an investigatory freak-show in one of the Congressional big-tops. But then again, they're not the first to do this, right? --rick) Top political appointees use secret email accounts By JACK GILLUM | Associated Press ? 45 mins ago http://news.yahoo.com/top-political-appointees-secret-email-accounts-110629957.html WASHINGTON (AP) ? Some of President Barack Obama's political appointees, including the secretary for Health and Human Services, are using secret government email accounts they say are necessary to prevent their inboxes from being overwhelmed with unwanted messages, according to a review by The Associated Press. The scope of using the secret accounts across government remains a mystery: Most U.S. agencies have failed to turn over lists of political appointees' email addresses, which the AP sought under the Freedom of Information Act more than three months ago. The Labor Department initially asked the AP to pay more than $1 million for its email addresses. The AP asked for the addresses following last year's disclosures that the former administrator of the Environmental Protection Agency had used separate email accounts at work. The practice is separate from officials who use personal, non-government email accounts for work, which generally is discouraged ? but often happens anyway ? due to laws requiring that most federal records be preserved. The secret email accounts complicate an agency's legal responsibilities to find and turn over emails in response to congressional or internal investigations, civil lawsuits or public records requests because employees assigned to compile such responses would necessarily need to know about the accounts to search them. Secret accounts also drive perceptions that government officials are trying to hide actions or decisions. "What happens when that person doesn't work there anymore? He leaves and someone makes a request (to review emails) in two years," said Kel McClanahan, executive director of National Security Counselors, an open government group. "Who's going to know to search the other accounts? You would hope that agencies doing this would keep a list of aliases in a desk drawer, but you know that isn't happening." Agencies where the AP so far has identified secret addresses, including the Labor Department and HHS, said maintaining non-public email accounts allows senior officials to keep separate their internal messages with agency employees from emails they exchange with the public. They also said public and non-public accounts are always searched in response to official requests and the records are provided as necessary. The AP couldn't independently verify the practice. It searched hundreds of pages of government emails previously released under the open records law and found only one instance of a published email with a secret address: an email from Labor Department spokesman Carl Fillichio to 34 coworkers in 2010 was turned over to an advocacy group, Americans for Limited Government. It included as one recipient the non-public address for Seth D. Harris, currently the acting labor secretary, who maintains at least three separate email accounts. Google can't find any reference on the Internet to the secret address for HHS Secretary Kathleen Sebelius. Congressional oversight committees told the AP they were unfamiliar with the non-public government addresses identified so far by the AP. Ten agencies have not yet turned over lists of email addresses, including the Environmental Protection Agency; the Pentagon; and the departments of Veterans Affairs, Transportation, Treasury, Justice, Housing and Urban Development, Homeland Security, Commerce and Agriculture. All have said they are working on a response to the AP. White House spokesman Eric Schultz declined to comment. A Treasury Department spokeswoman, Marissa Hopkins Secreto, referred inquiries to the agency's FOIA office, which said its technology department was still searching for the email addresses. Other departments, including Homeland Security, did not respond to questions from the AP about the delays of nearly three months. The Pentagon said it may have an answer by later this summer. The Health and Human Services Department initially turned over to the AP the email addresses for roughly 240 appointees ? except none of the email accounts for Sebelius, even one for her already published on its website. After the AP objected, it turned over three of Sebelius' email addresses, including a secret one. It asked the AP not to publish the address, which it said she used to conduct day-to-day business at the department. Most of the 240 political appointees at HHS appeared to be using only public government accounts. The AP decided to publish the secret address for Sebelius ? KGS2(at)hhs.gov ? over the government's objections because the secretary is a high-ranking civil servant who oversees not only major agencies like the Centers for Medicare and Medicaid Services but also the implementation of Obama's signature health care law. Her public email address is Kathleen.Sebelius(at)hhs.gov. At least two other senior HHS officials ? including Donald Berwick, former head of the Centers for Medicare and Medicaid Services, and Gary Cohen, a deputy administrator in charge of implementing health insurance reform ? also have secret government email addresses, according to the records obtained by the AP. The Interior Department gave the AP a list of about 100 government email addresses for political appointees who work there but none for the interior secretary at the time, Ken Salazar, who has since resigned. Spokeswoman Jessica Kershaw said Salazar maintained only one email address while serving as secretary but she would not disclose it. She said the AP should ask for it under the Freedom of Information Act, which would take months longer. The Labor Department initially asked the AP to pay just over $1.03 million when the AP asked for email addresses of political appointees there. It said it needed pull 2,236 computer backup tapes from its archives and pay 50 people to pore over old records. Those costs included three weeks to identify tapes and ship them to a vendor, and pay each person $2,500 for nearly a month's work. But under the department's own FOIA rules ? which it cited in its letter to the AP ? it is prohibited from charging news organizations any costs except for photocopies after the first 100 pages. The department said it would take 14 weeks to find the emails if the AP had paid the money. Fillichio later acknowledged that the $1.03 million bill was a mistake and provided the AP with email addresses for the agency's Senate-confirmed appointees, including three addresses for Harris, the acting secretary. His secret address was harris.sd(at)dol.gov. His other accounts were one for use with labor employees and the public, and another to send mass emails to the entire Labor Department, outside groups and the public. The Labor Department said it did not object to the AP publishing any of Harris' email addresses. In addition to the email addresses, the AP also sought records government-wide about decisions to create separate email accounts. But the FOIA director at HHS, Robert Eckert, said the agency couldn't provide such emails without undergoing "an extensive and elongated department-wide search." He also said there were "no mechanisms in place to determine if such requests for the creation of secondary email accounts were submitted by the approximately 242 political appointees within HHS." Late last year, the EPA's critics ? including Republicans in Congress ? accused former EPA Administrator Lisa Jackson of using an email account under the name "Richard Windsor" to sidestep disclosure rules. The EPA said emails Jackson sent using her Windsor alias were turned over under open records requests. The agency's inspector general is investigating the use of such accounts, after being asked to do so by Congress. An EPA spokeswoman described Jackson's alternate email address as "an everyday, working email account of the administrator to communicate with staff and other government officials." It was later determined that Jackson also used the email address to correspond sometimes with environmentalists outside government and at least in some cases did not correct a misperception among outsiders they were corresponding with a government employee named Richard Windsor. Although the EPA's inspector general is investigating the agency's use of secret email accounts, it is not reviewing whether emails from Jackson's secret account were released as required under the Freedom of Information Act. The EPA's secret email accounts were revealed last fall by the Competitive Enterprise Institute, a conservative Washington think tank that was tipped off about Jackson's alias by an insider and later noticed it in documents it obtained the FOIA. The EPA said its policy was to disclose in such documents that "Richard Windsor" was actually the EPA administrator. Courts have consistently set a high bar for the government to withhold public officials' records under the federal privacy rules. A federal judge, Marilyn Hall Patel of California, said in August 2010 that "persons who have placed themselves in the public light" ? such as through politics or voluntarily participation in the public arena ? have a "significantly diminished privacy interest than others." Her ruling was part of a case in which a journalist sought FBI records, but was denied. "We're talking about an email address, and an email address given to an individual by the government to conduct official business is not private," said Aaron Mackey, a FOIA attorney with the Reporters Committee for Freedom of the Press. He said that's different than, for example, confidential information, such as a Social Security number. Under the law, citizens and foreigners may use the FOIA to compel the government to turn over copies of federal records for zero or little cost. Anyone who seeks information through the law is generally supposed to get it unless disclosure would hurt national security, violate personal privacy or expose business secrets or confidential decision-making in certain areas. Obama pledged during his first week in office to make government more transparent and open. The nation's signature open-records law, he said in a memo to his Cabinet, would be "administered with a clear presumption: In the face of doubt, openness prevails." ___ Contact the Washington investigative team at DCinvestigations(at)ap.org. Follow Jack Gillum on Twitter at http://twitter.com/jackgillum --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 4 12:17:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jun 2013 13:17:45 -0400 Subject: [Infowarrior] - Deadline Looms for Suspect to Decrypt Laptop, or Go Directly to Jail Message-ID: Deadline Looms for Suspect to Decrypt Laptop, or Go Directly to Jail ? By David Kravets ? 06.04.13 ? 9:30 AM http://www.wired.com/threatlevel/2013/06/decryption-deadline-looms/ If a judge orders you to decrypt the only existing copies of incriminating files, are your constitutional rights against compelled self-incrimination being violated? That?s the provocative question being raised as a Wisconsin man faces a deadline today either to give up his encryption keys or risk indefinite imprisonment without a trial. The defendant?s attorney, Robin Shellow of Milwaukee, said it?s ?one of the most important constitutional issues of the wired era.? Shellow is making a novel argument that the federal magistrate?s decryption order is akin to forcing her client to build a case for the government. That?s because encryption basically transforms files into unreadable text, which is then rebuilt when the proper password is entered, she said. ?Some encryption effects erasure of the encrypted data (so it ceases to exist), in which case decryption constitutes re-creation of the data, rather than simply unlocking still-existing data,? Shellow wrote in a court filing. (.pdf) In a telephone interview Monday, she said ?this area is a new way of thinking about encryption.? Though rare, decryption orders are likely to become more common as the public slowly embraces a technology that comes standard even on Apple computers. Such orders have never squarely been addressed by the Supreme Court, despite conflicting opinions in the lower courts. The latest decryption flap concerns Jeffrey Feldman, who federal authorities believe downloaded child pornography on the file-sharing e-Donkey network. They seized 15 drives and a computer from his suburban Milwaukee apartment with a search warrant. A federal magistrate has ordered Feldman to decrypt the drives by today. Feldman has refused, citing the Fifth Amendment. A federal judge could find him in contempt as early as today and jail him pending his compliance. The magistrate in the case stepped aside Monday after Shellow argued that only U.S. district court judges, not magistrates, have the legal power to issue decryption orders. As of now, the new judge in the case has not decided whether to uphold the magistrate?s order. U.S. Magistrate William Callahan Jr. initially said the Fifth Amendment right against compelled self-incrimination protected Feldman from having to unlock his drives. But last month, prosecutors convinced Callahan to change his mind. Among other reasons, the authorities were able, on their own, to decrypt one drive from Feldman?s ?storage system? and discovered more than 700,000 files, some of ?which constitute child pornography,? the magistrate said. When the magistrate ruled against the government last month, the magistrate said the authorities did not have enough evidence linking Feldman to the data, and that forcing the computer scientist to unlock it would be tantamount to requiring him to confess that it was his. But that theory is now out the door, because the data on the decrypted drive contains pictures and financial information linking Feldman to the ?storage system,? Callahan ruled last week. Among the last times an encryption order came up in court was last year, when a federal appeals court rejected an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for defendant Romano Fricosu as a co-defendant eventually supplied a password. Shellow said it was unclear whether her client even remembers the passwords to the 16 drives the authorities confiscated. ?The government is claiming that our client has the capacity to decrypt them,? Shellow said. That issue has never been addressed in court. But judges usually view forgetfulness ?as a sham or subterfuge that purposely avoids giving responsive answers.? Prosecutors did not respond for comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 06:33:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 07:33:16 -0400 Subject: [Infowarrior] - Comcast's Top Lobbyist Pens Editorial To Remind Americans That US Broadband Service Is Awesome Message-ID: <0572302F-A0B8-4CE7-AC91-2A221AE3B452@infowarrior.org> Comcast's Top Lobbyist Pens Editorial To Remind Americans That US Broadband Service Is Awesome http://www.techdirt.com/articles/20130531/10524423274/comcasts-top-lobbyist-pens-editorial-to-remind-americans-that-us-broadband-service-is-awesome.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 06:41:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 07:41:08 -0400 Subject: [Infowarrior] - Schneier: The Problems with CALEA-II Message-ID: The Problems with CALEA-II http://www.schneier.com/blog/archives/2013/06/the_problems_wi_3.html The FBI wants a new law that will make it easier to wiretap the Internet. Although its claim is that the new law will only maintain the status quo, it's really much worse than that. This law will result in less-secure Internet products and create a foreign industry in more-secure alternatives. It will impose costly burdens on affected companies. It will assist totalitarian governments in spying on their own citizens. And it won't do much to hinder actual criminals and terrorists. As the FBI sees it, the problem is that people are moving away from traditional communication systems like telephones onto computer systems like Skype. Eavesdropping on telephones used to be easy. The FBI would call the phone company, which would bring agents into a switching room and allow them to literally tap the wires with a pair of alligator clips and a tape recorder. In the 1990s, the government forced phone companies to provide an analogous capability on digital switches; but today, more and more communications happens over the Internet. What the FBI wants is the ability to eavesdrop on everything. Depending on the system, this ranges from easy to impossible. E-mail systems like Gmail are easy. The mail resides in Google's servers, and the company has an office full of people who respond to requests for lawful access to individual accounts from governments all over the world. Encrypted voice systems like Silent Circle are impossible to eavesdrop on?the calls are encrypted from one computer to the other, and there's no central node to eavesdrop from. In those cases, the only way to make the system eavesdroppable is to add a backdoor to the user software. This is precisely the FBI's proposal. Companies that refuse to comply would be fined $25,000 a day. The FBI believes it can have it both ways: that it can open systems to its eavesdropping, but keep them secure from anyone else's eavesdropping. That's just not possible. It's impossible to build a communications system that allows the FBI surreptitious access but doesn't allow similar access by others. When it comes to security, we have two options: We can build our systems to be as secure as possible from eavesdropping, or we can deliberately weaken their security. We have to choose one or the other. This is an old debate, and one we've been through many times. The NSA even has a name for it: the equities issue. In the 1980s, the equities debate was about export control of cryptography. The government deliberately weakened U.S. cryptography products because it didn't want foreign groups to have access to secure systems. Two things resulted: fewer Internet products with cryptography, to the insecurity of everybody, and a vibrant foreign security industry based on the unofficial slogan "Don't buy the U.S. stuff -- it's lousy." In 1993, the debate was about the Clipper Chip. This was another deliberately weakened security product, an encrypted telephone. The FBI convinced AT&T to add a backdoor that allowed for surreptitious wiretapping. The product was a complete failure. Again, why would anyone buy a deliberately weakened security system? In 1994, the Communications Assistance for Law Enforcement Act mandated that U.S. companies build eavesdropping capabilities into phone switches. These were sold internationally; some countries liked having the ability to spy on their citizens. Of course, so did criminals, and there were public scandals in Greece (2005) and Italy (2006) as a result. In 2012, we learned that every phone switch sold to the Department of Defense had security vulnerabilities in its surveillance system. And just this May, we learned that Chinese hackers breached Google's system for providing surveillance data for the FBI. The new FBI proposal will fail in all these ways and more. The bad guys will be able to get around the eavesdropping capability, either by building their own security systems -- not very difficult -- or buying the more-secure foreign products that will inevitably be made available. Most of the good guys, who don't understand the risks or the technology, will not know enough to bother and will be less secure. The eavesdropping functions will 1) result in more obscure -- and less secure -- product designs, and 2) be vulnerable to exploitation by criminals, spies, and everyone else. U.S. companies will be forced to compete at a disadvantage; smart customers won't buy the substandard stuff when there are more-secure foreign alternatives. Even worse, there are lots of foreign governments who want to use these sorts of systems to spy on their own citizens. Do we really want to be exporting surveillance technology to the likes of China, Syria, and Saudi Arabia? The FBI's short-sighted agenda also works against the parts of the government that are still working to secure the Internet for everyone. Initiatives within the NSA, the DOD, and DHS to do everything from securing computer operating systems to enabling anonymous web browsing will all be harmed by this. What to do, then? The FBI claims that the Internet is "going dark," and that it's simply trying to maintain the status quo of being able to eavesdrop. This characterization is disingenuous at best. We are entering a golden age of surveillance; there's more electronic communications available for eavesdropping than ever before, including whole new classes of information: location tracking, financial tracking, and vast databases of historical communications such as e-mails and text messages. The FBI's surveillance department has it better than ever. With regard to voice communications, yes, software phone calls will be harder to eavesdrop upon. (Although there are questions about Skype's security.) That's just part of the evolution of technology, and one that on balance is a positive thing. Think of it this way: We don't hand the government copies of our house keys and safe combinations. If agents want access, they get a warrant and then pick the locks or bust open the doors, just as a criminal would do. A similar system would work on computers. The FBI, with its increasingly non-transparent procedures and systems, has failed to make the case that this isn't good enough. Finally there's a general principle at work that's worth explicitly stating. All tools can be used by the good guys and the bad guys. Cars have enormous societal value, even though bank robbers can use them as getaway cars. Cash is no different. Both good guys and bad guys send e-mails, use Skype, and eat at all-night restaurants. But because society consists overwhelmingly of good guys, the good uses of these dual-use technologies greatly outweigh the bad uses. Strong Internet security makes us all safer, even though it helps the bad guys as well. And it makes no sense to harm all of us in an attempt to harm a small subset of us. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 06:43:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 07:43:25 -0400 Subject: [Infowarrior] - China has 'mountains of data' about U.S. cyber attacks: official Message-ID: China has 'mountains of data' about U.S. cyber attacks: official BEIJING | Wed Jun 5, 2013 12:24am EDT http://www.reuters.com/article/2013/06/05/us-china-usa-hacking-idUSBRE95404L20130605 (Reuters) - China's top Internet security official says he has "mountains of data" pointing to extensive U.S. hacking aimed at China, but it would be irresponsible to blame Washington for such attacks, and called for greater cooperation to fight hacking. Cyber security is a major concern for the U.S. government and is expected to be at the top of the agenda when President Barack Obama meets with Chinese President Xi Jinping in California on Thursday and Friday. Obama will tell Xi that Washington considers Beijing responsible for any cyber attacks launched from Chinese soil and must take action to curb high-tech spying, White House officials said on Tuesday. China's Internet security chief complained that Washington used the news media to raise cyber security concerns which would be better settled through communication, not confrontation. "We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem," said Huang Chengqing, director of the National Computer Network Emergency Response Technical Team/Coordination Center of China, known as CNCERT. "They advocated cases that they never let us know about," Huang said in comments on Tuesday and carried by the government-run China Daily newspaper on Wednesday. "Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems." CNCERT has instead co-operated with the United States, receiving 32 Internet security cases from the United States in the first four months of 2013, and handling most promptly, except for a few that lacked sufficient proof, Huang said. Designs for more than two dozen major U.S. weapons systems have been compromised by Chinese hackers, the Washington Post reported late last month. The compromised designs included combat aircraft and ships, as well as missile defense systems vital for Europe, Asia and the Gulf, the newspaper said, citing a report prepared for the U.S. Defense Department by the Defense Science Board. Huang did not deny the report, but suggested that if the U.S. government wants to keep weapons programs secure, it should not allow them to be accessed online. "Even following the general principle of secret-keeping, it should not have been linked to the Internet," Huang said. Cyber attacks from the United States have been as serious as the accusations from Washington, Huang said CNCERT, which issues a weekly report on cyber attacks against China, says that 4,062 U.S.-based computer servers hijacked 2.91 million mainframe computers in China. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 10:01:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 11:01:20 -0400 Subject: [Infowarrior] - Cyber Command Redefines the Art Message-ID: <9A85C431-27AA-4157-AD2B-18C441E6AFF3@infowarrior.org> Cyber Command Redefines the Art June 1, 2013 By Robert K. Ackerman http://www.afcea.org/content/?q=node/11117 The U.S. Cyber Command is developing a strategy that acknowledges the convergence of network systems by empowering a similar convergence of military disciplines to help place U.S. cyberspace operators on a level field with their malevolent counterparts. This strategy acknowledges that the structure of the cyberforce has not kept pace with technology developments. As all types of information management?networking, communications and data storage?became digitized, previously disparate disciplines assumed greater commonality. With more common aspects, these disciplines share similar vulnerabilities as well as potential solutions. Addressing the threats to participants in cyberspace, whether defense organizations or elements of the critical infrastructure, may require a melding of different military groups that historically have acted independently. Meeting these cyberchallenges will require an across-the-board approach. With this in mind, Gen. Keith B. Alexander, USA, director of the National Security Agency (NSA)/Central Security Service and commander of the U.S. Cyber Command, is calling for the evolution of a cyberteam concept that brings together the signal community, signals intelligence and the cyber community. ?They don?t operate in different spaces,? he observes. ?They operate in the same space. The issue that we?re faced with is, if they operate in the same space, why do we train them as separate teams? Why don?t we train them together at the same standard?? In the analog past, communications and computer networks were separate. Convergence has brought them together, and this requires a fundamental change in dealing with cyber issues. ?What we used to consider separate domains [in which] we used to consider our networks unique and separate, now have become one giant network connected on a global scale,? Gen. Alexander offers. The general notes that the separate community standards are different. The signal community normally trains and clears its people at the collaterally Secret level, and they are responsible for building, operating and defending. But, in exercises, the defense is weak and usually is defeated by the red team, which never uses the tools employed by offensive teams, he relates. On the other hand, intelligence teams are trained at a different standard, have Top Secret clearances and always are successful, he continues. ?What it tells you is that perhaps we should train everybody to the same standard as one team, one network.? Gen. Alexander analogizes it to the drawback of having a defensive air force and an offensive air force. ?We need one team,? he attests. ?We need to think of ourselves not as signals, not as intelligence, not as cyber, but instead as some kind of a team that puts us all together.? Currently, personnel in the signal community may assume the role of network defenders. But that does not work, the general offers. Defenders must know what the adversary is doing, and that can require direct intelligence of enemy activities. So combining signal, cyber and intelligence capabilities provides the operator with the necessary abilities to carry out the mission. The part of the intelligence community with particular involvement in cybersecurity is the signals intelligence, or SIGINT, community. The SIGINT community and the information assurance community largely constitute the NSA. Gen. Alexander offers that this approach should be applied to the services. The general notes the current military information environment is manpower intensive. The move to the Joint Information Environment (JIE) will require less manpower and will allow planners to evolve the force toward one that can operate offensively in cyberspace. Also, this current environment is service-centric. The Army defends Army communications; the Navy defends Navy communications; and the Air Force defends Air Force communications. Each can engage in some joint defense with the Defense Information Systems Agency (DISA). Yet, the general points out, a key issue remains: Who defends the nation? ?The people [who defend cyberspace] are in the services,? he points out. ?And, they are defending their own [service] networks. Gen. Keith B. Alexander, USA, is the director of the National Security Agency (NSA)/Central Security Service and the commander of the U.S. Cyber Command. ?The country didn?t bring us here to defend ourselves,? he continues. ?They brought us here to defend the country. In cyberspace, we have to do that. Cyberspace is becoming an active area in which nations will attack us. We are going to have to defend the nation in this area?that is our role. ?I think we [the United States] are going to be attacked in cyberspace more and more,? Gen. Alexander declares. ?It?s only going to get worse. The nation needs the Defense Department to be ready to defend this nation in cyberspace.? He admits this approach can be split in different ways, but whenever that happens, someone who belongs inside ends up being left out. Each service deals with cyber differently. For example, the U.S. Navy has its information dominance corps, but the service also has communications, cryptography and intelligence. The Army has its Signal Corps and separate intelligence community along with an emerging cybercorps drawing elements from the two other groups. The Air Force has its 24th Air Force under the Space Command (see "Air Force Comes to Grips With Cyber"), its Intelligence, Surveillance and Reconnaissance Agency (AFISRA) and a communications community. ?I would put them together and call that ?a series of career fields all together,?? Gen. Alexander states. ?We have combined arms; we have pilots; and we have information specialists. These information specialists cross that whole domain, and what we want to do is train them to that same standard so they can operate as a team, not as independent teams. ?It is not in our best interest to have them operating with different training standards under different commands not tightly integrated,? the general declares. Gen. Alexander allows that other technical trends are pushing this approach. The movement to the cloud, the thin virtual information technology infrastructure and the new JIE all require fewer system administrators than are needed today. He notes that the number of enclaves totals 15,000, and that number will be reduced by the migration to the cloud. This will change the entire environment into a more defensible architecture that can be patched and updated at network speed. And, secure mobile devices can be connected and brought under the same architecture for security. ?We really want to leverage a global Joint Information Environment and the joint access that a cryptologic agency like the NSA gives us,? the general says. ?You need both to operate in cyberspace. Developing and evolving a JIE force with the intelligence community will be key to pushing around our information. ?Bringing those two together and that, combined at the national level, is what provides the foundation for tactical operators to start to merge what we have at the tactical level,? he concludes. The general admits that ?it is not as clear how you take all the pieces of intelligence.? Because no easy defining lines appear, he is opting for greater inclusion, at least at the beginning. This approach will require a new transformation, Gen. Alexander offers. Nearly 200,000 people in the Defense Department are working in the information technology arena, but they need a new direction. ?We have more than enough people; the problem is they are working yesterday?s tasks?not tomorrow?s,? he expresses. ?So, I?d like to take those folks that were ?yesterday,? and get them cleared and trained for tomorrow?s task today.? The first step is to stand up teams, both offensive and defensive. The offensive teams would provide a cyber counterforce against attackers. Other teams would support combatant commands? requirements, and some would constitute cyberprotection platoons. But, Gen. Alexander emphasizes, all would be trained to the same standard as one team. ?All would be operating in a space where they have to see and be able to operate with each other,? he says. He adds that he anticipates the teams will be built out in about three years. Timing is critical for implementing these changes, the general states. ?We need to push this hard. We are going to be attacked. They are going to test us. We have to be ready for that. Because, if we fail, they are going to see a vulnerability and they are going to go after that in ways that would hurt our nation significantly.? Other changes along these same lines could benefit the force. Gen. Alexander suggests having DISA take over all theater communications as a joint task force. With one integrated team operating to one standard, DISA would provide the overlying tactical capability. Some services already have taken steps toward convergence. The Navy combined its N-2 and N-6 years ago, and Gen. Alexander offers that this example should be followed. ?Integrate them. We have to combine them. The question is how and when to do that.? He adds that this approach should be extended down to at least the company level, where intelligence companies and signal companies should be integrated into a single entity. ?The Navy needs to take a couple more steps, and the rest of the services need to take a lot more steps to catch up,? he imparts. Remaining to be determined is the most efficient way to achieve the convergence. One approach might be to integrate at the service level and push down, or alternatively begin at the bottom level and build up. Gen. Alexander offers that each approach has its advantages. ?Starting at the bottom and building up means those young officers now coming into these units will have learned it as a team and will go the rest of their career,? he notes. ?The advantage of doing it from the top down is you can direct it?it has to happen. So, some combination of that is what I think is going to need to be done.? Gen. Alexander admits the biggest challenge facing this convergence approach will be changing culture. But, it is necessary, he emphasizes. ?The mission has gone far beyond what our old missions were. Everybody is looking at their old mission and saying, ?What about that?? But nobody is looking at the new mission and saying, ?That?s the one the nation needs right now because nobody is doing it.? That?s what we need to do.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 14:25:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 15:25:20 -0400 Subject: [Infowarrior] - Fear wins again. TSA reverses knife policy. Message-ID: <8DD1FDC4-2A7D-449F-85A9-0FC6AE13B2A3@infowarrior.org> U.S. security agency scraps plan to allow small knives on planes By Deborah Charles WASHINGTON | Wed Jun 5, 2013 2:41pm EDT http://www.reuters.com/article/2013/06/05/us-usa-transportation-knives-idUSBRE95419W20130605 (Reuters) - The top U.S. transportation security official said on Wednesday that he had decided not to permit passengers to carry small knives on airplanes, after receiving a drumbeat of criticism from flight attendants and the public that easing restrictions would increase flight dangers. Transportation Security Administration head John Pistole, who had proposed to loosen rules put in place in the wake of the September 11 hijackings, told Reuters he had decided to scrap the changes. "After extensive engagement with the Aviation Security Advisory Committee, law enforcement officials, passenger advocates, and other important stakeholders, TSA will continue to enforce the current prohibited items list," Pistole said. Hijackers in the September 11 attacks used small knives to attack crew members and gain control of aircraft. Cockpits on commercial planes have since been required to have locked doors during flights. In March, the TSA said that effective April 25, it would allow knives with blades that are 2.36 inches or less to be carried onto airplanes. The proposed rules would also have allowed passengers to carry on hockey sticks, golf clubs or billiard cues. Just days before the rules were due to go into effect, the TSA delayed the change. Now, six weeks later, Pistole announced the decision to scrap the proposed rules altogether. During a congressional hearing in March, Pisotle had defended the rule changes, saying the TSA was facing budget cuts and needed to prioritize threats. He said the agency finds about 2,000 small pocket knives at checkpoints each day and each takes about two to three minutes to find and confiscate - time that could be used looking for more lethal weapons like non-metallic explosives devices. (Reporting by Deborah Charles; Editing by Philip Barbara) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 14:48:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 15:48:23 -0400 Subject: [Infowarrior] - Facebook Removes Downloads of Your Posts Message-ID: (can't confirm, not on FB. --rick) Facebook Removes Downloads of Your Posts http://www.angrymath.com/2013/06/facebook-removes-downloads-of-your-posts.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 15:59:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 16:59:34 -0400 Subject: [Infowarrior] - DHS: Laptops, Phones Can Be Searched Based on Hunches Message-ID: Dept. of Homeland Security: Laptops, Phones Can Be Searched Based on Hunches June 5, 2013 3:59 PM http://washington.cbslocal.com/2013/06/05/dept-of-homeland-security-laptops-phones-can-be-searched-based-on-hunches/ WASHINGTON (CBSDC/AP) ? U.S. border agents should continue to be allowed to search a traveler?s laptop, cellphone or other electronic device and keep copies of any data on them based on no more than a hunch, according to an internal Homeland Security Department study. It contends limiting such searches would prevent the U.S. from detecting child pornographers or terrorists and expose the government to lawsuits. The 23-page report, obtained by The Associated Press and the American Civil Liberties Union under the U.S. Freedom of Information Act, provides a rare glimpse of the Obama administration?s thinking on the long-standing but controversial practice of border agents and immigration officers searching and in some cases holding for weeks or months the digital devices of anyone trying to enter the U.S. Since his election, President Barack Obama has taken an expansive view of legal authorities in the name of national security, asserting that he can order the deaths of U.S. citizens abroad who are suspected of terrorism without involvement by courts, investigate reporters as criminals and ? in this case ? read and copy the contents of computers carried by U.S. travelers without a good reason to suspect wrongdoing. Related: Obama Appellate Bench Nominee Behind ?Driving While Black? Case The DHS study, dated December 2011, said the border searches do not violate the First or Fourth amendments, which prohibit restrictions on speech and unreasonable searches and seizures. It specifically objected to a tougher standard in a 1986 government policy that allowed for only cursory review of a traveler?s documents. ?We do not believe that this 1986 approach, or a reasonable suspicion requirement in any other form, would improve current policy,? the report said. ?Officers might hesitate to search an individual?s device without the presence of articulable factors capable of being formally defended, despite having an intuition or hunch based on experience that justified a search.? It added: ?An on-the-spot perusal of electronic devices following the procedures established in 1986 could well result in a delay of days or weeks.? The Homeland Security report was prepared by its Office for Civil Rights and Civil Liberties. The U.S. government has always maintained that anything a person carries across the border ? a backpack, a laptop, or anything hidden in a person?s body ? is fair game to be searched as a means of keeping drugs, child pornography and other dangerous goods out of the country, and to enforce import laws. But as more Americans enter the U.S. with sophisticated computers, thumb drives, smartphones, cameras and other electronic devices that hold vast amounts of information about who they are and how they conduct business, privacy rights advocates have pressed for more checks on such authority, particularly if digital files are copied and shared with other federal agencies, such as the FBI. According to the government study, 685 of roughly 50 million travelers entering the U.S. in 2009 and 2010 were subject to electronic device searches. Of those searched, 41 devices were held by the government. The ACLU, National Association of Criminal Defense Lawyers and other groups have sued to stop the practice, saying that it violates First and Fourth amendment rights. They say allowing agents to act on a hunch encourages racial profiling. Some activists say they also worry that the FBI and other federal investigators are using laptop searches at the border to collect intelligence on terror and criminal suspects without judicial checks. Catherine Crump, the ACLU lawyer who first requested the report, said it is the first detailed explanation of why the government believes it doesn?t need a reason to open a laptop or storage device and download files for further review. She described as inadequate the government?s argument that imposing a legal threshold to perform such searches would lead to lawsuits. ?That?s just not good enough,? Crump said. ?A purely suspicionless search opens the door to ethnic profiling.? Since the 2011 report, the 9th Circuit Court of Appeals has objected to searching electronic devices without reasonable suspicion. ?A person?s digital life ought not be hijacked simply by crossing a border,? Judge M. Margaret McKeown wrote for the appeals court majority in March. But the ruling involving Howard Cotterman, whose laptop contained hundreds of hidden child pornography files when he crossed the Arizona-Mexico border in 2007, only applies to the states within the appeals court?s jurisdiction, including Arizona, California and Alaska. The ruling also left some confusion as to what constitutes a comprehensive search. Another case, involving Islamic studies student Pascal Abidor, whose laptop was detained for 11 days along the Canadian border, is still pending in a federal district court in New York. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 17:56:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 18:56:41 -0400 Subject: [Infowarrior] - =?windows-1252?q?Manning_trial_draws_focus_on_to_?= =?windows-1252?q?Obama=92s_security_state?= Message-ID: Manning trial draws focus on to Obama?s security state By Geoff Dyer and Richard McGregor in Washington http://www.ft.com/intl/cms/s/0/9799dbd4-ce02-11e2-a13e-00144feab7de.html In the three years it has taken the US military to bring Bradley Manning to trial, the Obama administration might have hoped some of the political heat surrounding the biggest leak of classified information in US history would have dissipated. Instead, the trial of the US army private, which began this week, is taking place at the worst possible time, just as the administration is already under fire for the heavy-handed way it is investigating alleged civilian leakers and the journalists they have helped. In the form of Private Manning, a slight 25-year-old from Oklahoma, the administration now faces the prospect of a three-month-long trial that will leave it open to the same criticism levelled in recent weeks that it is trying to scare officials who release compromising information in a way that is threatening civil liberties. ?They are criminalising the embarrassment of the government,? says Alex Gibney, a film director who has made a documentary about the Manning case. While Pte Manning may not enjoy broad popular support in the US, his treatment by US military authorities and continued prosecution despite a February confession have come to symbolise for many overseas the worst excesses of the US ?war on terror? since the 9/11 attacks. As a result, the trial is confirming one of the central paradoxes of the presidency of Mr Obama, a former constitutional law professor. At the very time he is trying to narrow the scope of counter-terrorism policy and call for a more nuanced assessment of the threats to the US from al-Qaeda, his administration has expanded important aspects of the post-9/11 national security state he inherited, from ordering drone strikes against alleged terrorists to prosecuting leakers. Pte Manning, who worked in army intelligence in Iraq, is accused of leaking hundreds of thousands of battlefield reports from Iraq and Afghanistan, state department diplomatic cables, classified documents and two battlefield video clips to WikiLeaks in 2009 and 2010. In total, he faces 21 separate charges. Earlier this year he confessed to leaking the information and pleaded guilty to 10 of the charges, which alone carried a penalty of 20 years in prison. However, the military prosecutors rejected a plea deal and decided to go ahead with the trial, including the most serious charge that he ?aided the enemy?, which would lead to a life sentence if he were found guilty after the potential death penalty was withdrawn. The focus of the trial is now largely on Pte Manning?s intent when he leaked the documents, with prosecutors trying to make the case that he conspired from an early stage of his deployment in Iraq to collect information that was damaging to the US, while his defence lawyer has argued that he was greatly affected by the violence he saw in Iraq and, as Pte Manning put it in a pre-trial hearing, wanted to ?spark a debate? about US foreign policy. In a rare public comment on the Manning case, Mr Obama told a questioner last year that ?he [Manning] broke the law? and that ?we are a nation of laws and we do not make our own decisions about how the laws are applied?. However, the nature of the case now against Pte Manning is being heavily criticised by some lawyers and civil liberties activists because of the potential implications for press freedom. In his opening statement on Monday, Captain Joe Morrow claimed that Osama bin Laden personally asked to see documents about the war in Afghanistan that had been leaked ? part of the prosecution?s attempt to demonstrate that Pte Manning had to know the information would be useful to America?s enemies. ?This is a logical leap that I have never seen before in a case and one that is really dangerous,? says Jesselyn Radack, a lawyer at the Government Accountability Project who has represented other officials accused of leaking. ?Once the information is on the internet, everyone has access to it, including terrorists and serial killers and all sorts of unsavoury people. If the FT or The New York Times had been found at the bin Laden compound, would that mean the newspapers were also aiding the enemy?? William Leonard, a former Pentagon and National Archives official who was responsible for managing the system of classified information, says that the trial has exposed the deep flaws in the way secrets are established and kept. More than 4m people now have access to classified information, while the amount of documents considered secret has expanded rapidly since 9/11. ?The Manning case was the perfect opportunity to rethink the system, yet nothing is ever done to hold accountable people who abuse the classified system by creating phoney secrets,? he says. ?Cracking down on leakers and ordering more polygraphs and background checks is not going to get you anywhere.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 5 18:50:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jun 2013 19:50:18 -0400 Subject: [Infowarrior] - Revealed: NSA collecting phone records of millions of Americans daily Message-ID: <28258EE2-D6B2-42A2-8828-FC80EE69F814@infowarrior.org> (The classified court order is here: http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order) Revealed: NSA collecting phone records of millions of Americans daily Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama ? Glenn Greenwald ? The Guardian, Wednesday 5 June 2013 http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April. The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries. The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk ? regardless of whether they are suspected of any wrongdoing. The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19. Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered. The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers. Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama. The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets. The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order. The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself. "We decline comment," said Ed McFadden, a Washington-based Verizon spokesman. The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls". The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information". The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data ? the nearest cell tower a phone was connected to ? was also transactional data, and so could potentially fall under the scope of the order. While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively. It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders. The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities. For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted. Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized. Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once ? everyone at one or two degrees of separation from a target ? but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that. The law on which the order explicitly relies is the so-called "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance. In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows." "We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act. Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication. Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack. The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program. These recent events reflect how profoundly the NSA's mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency's focus on domestic activities. In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically. At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter." Additional reporting by Ewen MacAskill and Spencer Ackerman --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 08:18:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 09:18:18 -0400 Subject: [Infowarrior] - Initial thoughts on the NSA-Verizon surveillance order Message-ID: Initial thoughts on the NSA-Verizon surveillance order http://cyberlaw.stanford.edu/blog/2013/06/initial-thoughts-nsa-verizon-surveillance-order --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 08:25:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 09:25:55 -0400 Subject: [Infowarrior] - Obama administration defends Verizon phone record collection Message-ID: (of course they would!!! --rick) Obama administration defends Verizon phone record collection By Mark Hosenball and Susan Heavey WASHINGTON | Thu Jun 6, 2013 8:55am EDT http://www.reuters.com/article/2013/06/06/us-usa-wiretaps-verizon-idUSBRE95502920130606 (Reuters) - The Obama administration on Thursday acknowledged that it is collecting a massive amount of telephone records from at least one carrier, reopening the debate over privacy even as it defended the practice as necessary to protect Americans against attack. The admission comes after the Guardian newspaper published a secret court order related to the records of millions of Verizon Communications customers on its website on Wednesday. A senior administration official said the court order pertains only to data such as a telephone number or the length of a call, and not the subscribers' identities or the content of the telephone calls. Such information is "a critical tool in protecting the nation from terrorist threats to the United States," the official said, speaking on the condition of not being named. "It allows counter terrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States," the official added. The revelation raises fresh concerns about President Barack Obama's handling of privacy and free speech issues. His administration is already under fire for searching Associated Press journalists' calling records and the emails of a Fox television reporter as part of its inquiries into leaked government information. It was not immediately clear whether the practice extends to other carriers. The order released on Wednesday is from the U.S. Foreign Intelligence Surveillance Court and directs Verizon's Business Network Services Inc and Verizon Business Services units to hand over daily electronic data until July 19. The order can be seen at: r.reuters.com/kap68t (This headline of this story has been corrected to say administration, not White House) (Reporting by Mark Hosenball and Susan Heavey; Editing by Vicki Allen) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 08:30:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 09:30:38 -0400 Subject: [Infowarrior] - Vanity Fair in-depth on cyber conflict Message-ID: <3F722A42-1700-42D1-AF0D-14BE96819D03@infowarrior.org> (not read it yet, jsut passing along. c/o JC) Silent War By Michael Joseph Gross On the hidden battlefields of history?s first known cyber-war, the casualties are piling up. In the U.S., many banks have been hit, and the telecommunications industry seriously damaged, likely in retaliation for several major attacks on Iran. Washington and Tehran are ramping up their cyber-arsenals, built on a black-market digital arms bazaar, enmeshing such high-tech giants as Microsoft, Google, and Apple. With the help of highly placed government and private-sector sources, Michael Joseph Gross describes the outbreak of the conflict, its escalation, and its startling paradox: that America?s bid to stop nuclear proliferation may have unleashed a greater threat. http://www.vanityfair.com/culture/2013/07/new-cyberwar-victims-american-business --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 08:46:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 09:46:52 -0400 Subject: [Infowarrior] - CIA Didn't Always Know Who It Was Killing In Drone Strikes Message-ID: <6AB135E7-E7B5-4F48-AA61-C4CC945882B6@infowarrior.org> http://openchannel.nbcnews.com/_news/2013/06/05/18781930-exclusive-cia-didnt-always-know-who-it-was-killing-in-drone-strikes-classified-documents-show NBCNews.com June 5, 2013 Exclusive: CIA Didn't Always Know Who It Was Killing In Drone Strikes, Classified Documents Show By Richard Engel and Robert Windrem, NBC News The CIA did not always know who it was targeting and killing in drone strikes in Pakistan over a 14-month period, an NBC News review of classified intelligence reports shows. About one of every four of those killed by drones in Pakistan between Sept. 3, 2010, and Oct. 30, 2011, were classified as "other militants,? the documents detail. The ?other militants? label was used when the CIA could not determine the affiliation of those killed, prompting questions about how the agency could conclude they were a threat to U.S. national security. The uncertainty appears to arise from the use of so-called ?signature? strikes to eliminate suspected terrorists -- picking targets based in part on their behavior and associates. A former White House official said the U.S. sometimes executes people based on ?circumstantial evidence.? Three former senior Obama administration officials also told NBC News that some White House officials were worried that the CIA had painted too rosy a picture of its success and likely ignored or missed mistakes when tallying death totals. NBC News has reviewed two sets of classified documents that describe 114 drone strikes over 14 months in Pakistan and Afghanistan, starting in September 2010. The documents list locations, death and injury tolls, alleged terrorist affiliations, and whether the killed and injured were deemed combatants or non-combatants. Though the Obama administration has previously said it targets al Qaeda leaders and senior Taliban officials plotting attacks against the U.S. and U.S. troops, officials are sometimes unsure of the targets? affiliations. About half of the targets in the documents are described as al Qaeda. But in 26 of the attacks, accounting for about a quarter of the fatalities, those killed are described only as ?other militants.? In four others, the dead are described as ?foreign fighters.? In some cases, U.S. officials also seem unsure how many people died. One entry says that a drone attack killed seven to 10 people, while another says that an attack killed 20 to 22. Yet officials seem certain that however many people died, and whoever they were, none of them were non-combatants. In fact, of the approximately 600 people listed as killed in the documents, only one is described as a civilian. The individual was identified to NBC News as the wife or girlfriend of an al Qaeda leader. Micah Zenko, a former State Department policy advisor who is now a drone expert at the Council on Foreign Relations, said it was ?incredible? to state that only one non-combatant was killed. ?It?s just not believable,? he said. ?Anyone who knows anything about how airpower is used and deployed, civilians die, and individuals who are engaged in the operations know this.? The CIA declined to comment, and the White House did not immediately respond to calls and emails requesting comment. A senior White House official who spoke on condition of anonymity, said, ?In the past, and currently, force protection is a big part of the rationale for taking action in the Afghan theater of operations.? Separately, on background, the official noted that as President Barack Obama said in an address last month, as the U.S. involvement in Afghanistan declines, so will the number of strikes. The CIA uses two basic methods to target people for killing, according to current and former U.S. officials. The first is called a ?personality? strike. These strikes target known terrorists, whose identities have been firmly established through intelligence, including visual surveillance and electronic and human intelligence. In other words, the CIA knows who it is killing. In so-called ?signature? strikes, intelligence officers and drone operators kill suspects based on their patterns of behavior -- but without positive identification. With signature strikes, the CIA doesn?t necessarily know who it is killing. One former senior intelligence official said that at the height of the drone program in Pakistan in 2009 and 2010, as many as half of the strikes were classified as signature strikes. Analysts use a variety of intelligence methods and technologies that they say give them reasonable certainty that the ?signature? target is a terrorist. Part of the analysis involves crunching data to make connections between the unidentified suspects and other known terrorists and militants. The agency can watch, for example, as an unknown person frequents places, meets individuals, makes phone calls, and sends emails, and then match those against other people linked to the same calls, emails and meetings. A half dozen former and current U.S. counter-terrorism officials told NBC News that signature strikes do generally kill combatants, but acknowledge that intelligence officials doesn?t always know who those combatants are. Some of the officials said the moral and legal aspects of the signature strikes were often discussed, but without any significant change in policy. Ret. Adm. Dennis Blair, who was Director of National Intelligence from Jan. 2009 to May 2010, declined to discuss the specifics of signature strikes, but said ?to use lethal force there has to be a high degree of knowledge of an individual tied to activities, tied to connections.? He also defended the precision of drone strikes in general. ?In Afghanistan and Iraq and places where you have troops in combat,? said Blair, ?you know better with drones who you?re killing than you do when you?re calling in artillery fire from a spotter [or] calling in an airplane strike.? Said Blair, ?This is no different from decisions that are made on the battlefield all the time by soldiers and Marines who are being shot at, not knowing who fired the shot, having to make judgments on shooting back or not. This is the nature of warfare.? Once a target has been killed, according to current and former U.S. officials, the CIA does not take someone out of the combatant category and put them in the non-combatant category unless, after the strike, a preponderance of evidence is produced showing the person killed was a civilian. A 2012 AP investigation reported that in 10 drone attacks from the preceding 18 months, Pakistani villagers said that about 70 percent of those killed were militants, while the rest of the dead were either civilians or tribal police. The AP report notes that Pakistani officials and villagers claimed that 38 non-combatants were killed in a single strike on March 17, 2011. According to the AP, U.S. officials said the group hit by the strike was heavily armed and behaved in ?a manner consistent with al Qaeda-linked militants.? Villagers and Pakistani officials said the gathering was a ?jirga,? or community meeting, in which locals were negotiating with a small group of militants over mining rights. U.S. officials listed 20 to 22 dead in the strike, according to the documents obtained by NBC News, and described them as ?other militants.? A former U.S. official told NBC News the drone attack was a ?signature? strike, while a U.S. human rights advocate who has interviewed local villagers ? and is skeptical of Pakistani claims of widespread civilian casualties from drone strikes -- supported the Pakistani description of the meeting as a jirga and most of the victims as non-combatants. In a speech at the National Defense University in May, President Obama defended his administration?s use of targeted killings. He acknowledged that there had been civilian casualties, and that drone technology raised ?profound questions? about ?who is targeted and why,? but he also said the CIA?s drone program was ?legal,? ?lethal,? ?effective,? and the most humane option for counterterrorism. He said the U.S. had a ?high threshold ... for taking lethal action,? and that the drawdown of forces in Afghanistan and successful action against al Qaeda would likely ?reduce the need for unmanned strikes? in 2014. On the same day, the White House released a fact sheet stating its standards for using force outside of the U.S. and war zones. It stated that there had to be a legal basis for using lethal force, and that ?the United States will use lethal force only against a target that poses a continuing, imminent threat to U.S. persons.? Richard Engel is NBC News' chief foreign correspondent; Robert Windrem is a senior investigative producer for NBC News. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 10:09:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 11:09:40 -0400 Subject: [Infowarrior] - MSM Fails to Break Even One of Four Obama Scandals Message-ID: Mainstream Media Fail to Break Even One of Four Obama Scandals by John Nolte 6 Jun 2013, 6:10 AM PDT 120 post a comment http://www.breitbart.com/Big-Journalism/2013/06/06/Mainstream-Media-Did-Not-break-Even-One-of-Four-Obama-Scandals Well, if it is Thursday there must be a new Obama scandal. But one thing is for damn sure, whatever that scandal is, you can bet the American mainstream media will be playing catch up and not carrying the glory of breaking a story about a major White House scandal. Fact: Over the past few weeks, four major scandals have broken over the Obama administration, and it is a very sad (and frightening) truth that our pathetic, American, lapdog mainstream media is not responsible for breaking even a single one. Verizon? Nope, not our guys. That was the Brits over at The Guardian. IRS? Nope, not our guys. The IRS broke their own scandal with a planted question. The Justice Department's seizure of Associated Press phone records? Nope, not our guys. Believe it or not, the Associated Press didn?t even break that story. Like the IRS, we only found out because the Justice Department outted itself in a letter notifying the AP of what it had done. Benghazi? Are you kidding. With a couple of rare exceptions (Jake Tapper, Sharyl Attkisson) the media has spent the last 8 months attacking those seeking the truth (Congress, Fox News) not seeking the truth. It was the GOP congress that demanded the email exchanges around the shaping of the talking points, not the media. Left up to the media, we wouldn't know anything about Libya. All of the media's energy was collectively poured into ensuring the truth was never discovered. And do you want to know what makes this realization especially pathetic? In three of the four scandals (the AP being the exception), had our media been less interested in protecting Power and more interested in holding Power accountable, these huge, career-making stories were right there for their taking. For over a year now, conservative Tea Party groups have been complaining about IRS harassment. But because Obama told them to, the media hates the Tea Party. So in the face of these complaints and even a few Congressional inquiries, the media either ignored the harassment reports or openly sided with the IRS. (No joke. Click the link.) Obviously, you can say the same about Libya. All the dots were there to connect: Security failures, two weeks of lies, the midnight arrest of some hapless filmmaker? But rather than connect the dots, the media played goalie for Obama against Fox News and Darrell Issa. Besides, there was a re-election to win and Todd Akin got something wrong about The Womanparts. Moreover, there are still plenty of dots to connect about Libya. But the new SQUIRREL is OVERREACH and already the lapdogs are back in goalie formation. As far as the Verizon story, members of congress, specifically Democrat Senators Ron Wyden and Mark Udall, have been hint-hint-wink-winking to the media that something is horribly amiss going back to December: In a Senate floor speech in December, Wyden hinted at classified information he had received but could not share due to Senate rules that indicated the law ?on Americans? privacy has been real, and it is not hypothetical.? ?When the public finds out that these secret interpretations are so dramatically different than what the public law says, I think there?s going to be extraordinary anger in the country,? he told The Huffington Post the following month. That is from today's Politico report on the Verizon scandal. Apparently, Politico knew of this back in December but had all their investigative researchers digging into why those short-skirted Tea Partiers had it coming, so they missed another one of the biggest stories of the year. Politico shouldn?t feel bad, though, because when it comes to missing the four biggest scoops of the Obama administration, they have plenty of lazy, lapdog, sycophant company in that department. Our media is not only biased, it is an utter and complete failure and embarrassment. And although there are plenty of remaining table scraps to make meals out of, the media is already losing interest in the IRS, Libya, and AP scandals, but for only one reason -- they are absolutely terrified of where they might lead. During the Bush years, it was the New York Times, Washington Post and Sy Hersh breaking story after story after story about the White House. And yes, some of that reporting was -- ahem -- overreach, but at least Power knew it was being watched; our democracy was safe because an overzealous media is what you call a luxury problem. Today, it is the complete opposite and the result is an administration run amok. Get down on your knees and thank your Maker for conservative New Media, Roger Ailes, and for the few true liberals left in the media, like Glenn Greenwald -- who works for the Brits. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 10:13:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 11:13:18 -0400 Subject: [Infowarrior] - Welcome to the Bush-Obama White House: They're Spying on Us Message-ID: <617F5A20-F355-4406-B026-01D6E0DBD129@infowarrior.org> Welcome to the Bush-Obama White House: They're Spying on Us The "Bush-Obama era" will be long remembered for curbing the Constitution. By Ron Fournier http://www.nationaljournal.com/politics/welcome-to-the-bush-obama-white-house-they-re-spying-on-us-20130606 Updated: June 6, 2013 | 9:27 a.m. June 6, 2013 | 8:33 a.m. Welcome to the era of Bush-Obama, a 16-year span of U.S. history that will be remembered for an unprecedented erosion of civil liberties and a disregard for transparency. On the war against a tactic?terrorism?and its insidious fallout, the United States could have skipped the 2008 election. It made little difference. Despite his clear and popular promises to the contrary, President Obama has not shifted the balance between security and freedom to a more natural state?one not blinded by worst fears and tarred by power grabs. If anything, things have gotten worse. ? Killing civilians and U.S. citizens via drone. ? Seizing telephone records at the Associated Press in violation of Justice Department guidelines. ? Accusing a respected Fox News reporter of engaging in a conspiracy to commit treason for doing his job. ? Detaining terrorist suspects at Guantanamo Bay, despite promises to end the ill-considered Bush policy. Even the IRS scandal, while not a matter of foreign policy, strikes at the heart of growing concerns among Americans that their privacy is government's playpen. And now this: The Guardian newspaper reports that the National Security Agency is collecting telephone records of tens of millions of customers of one of the nation's largest phone companies, Verizon. If the story is accurate, the action appears to be legal. The order was signed by a judge from a secret court that oversees domestic surveillance. It may also be necessary; U.S. intelligence needs every advantage it can get over the nation's enemies. But for several reasons the news is chilling. ? Verizon probably isn't the only company coughing up its documents. Odds are incredibly strong that the government is prying into your telephone records today. ? Issued in April, the NSA order "could represent the broadest surveillance order known to have been issued," according to The Washington Post. "It also would confirm long-standing suspicions of civil liberties advocates about the sweeping nature of U.S. surveillance through commercial carries under laws passed after the Sept. 11, 2001, terrorist attacks." ? This appears to be a "rubber stamp," order, reissued every few months since 2001. As is the case with all government programs, the systematic snooping into your telephone records is unlikely to ever expire without public outcry. ? Congress is full of hypocrites. Liberals who criticized Bush are less incensed with Obama. Republicans who bowed to Bush are now blasting Obama. The next time your congressional representative criticizes Obama for curbing civil liberties, ask if he or she would vote to repeal the Patriot Act, the post-911 law that handed unfettered power to the intelligence and military bureaucracies. Most won't. ? The Bush-Obama White House hates transparency. President George W. Bush and his vice president, Dick Cheney, were justifiably criticized by Democrats (none more successfully so than Obama himself) for their penchant for secrecy. Obama promised that he would run history's most transparent administration. By almost any measure, on domestic and well as foreign policies, Obama has broken that promise. It is the lack of transparency that is most galling about the security versus civil liberties debate under Obama, because it shows his lack of faith in the public. Americans know a high level of secrecy and dirty work is needed to keep them safe. Most trust their president. Many approve of his job performance. Still, they expect and deserve an open discussion about how to fight terrorism without undermining the Constitution. Obama started that conversation with a recent address on the drone program, media leaks and the need to move American off a constant war footing. It was a compelling and well-considered argument for the balance he is claiming to strike. But he made the speech under pressure, and reluctantly. It only came amid new revelations about the drone program and the disclosure of newsroom spying (the Guardian may well be in Obama's sights next). Under Bush, the warrantless-wiretap program only stopped after it was publicly disclosed. In that way, the Guardian story is not a surprise, so why didn't Obama long ago acknowledge, explain, and justify such an intrusion into privacy? Obama has promised to adjust the drone and leaks investigation policies, essentially acknowledging that his administration had gone too far in the name of security. Do you believe him? One thing we've learned about the Bush-Obama White House is that words don't matter. Watch what they do. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 13:10:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 14:10:05 -0400 Subject: [Infowarrior] - SOCOM-approved Silent Circle Resists Calls For Wiretap Backdoors Message-ID: SOCOM-approved Silent Circle Resists Calls For Wiretap Backdoors By ARAM ROSTON http://www.defensenews.com/article/20130606/C4ISR01/306060013/SOCOM-approved-Silent-Circle-Resists-Calls-Wiretap-Backdoors?odyssey=nav|head The recent disclosure that the Obama administration has secretly been collecting the phone records of millions of Americans is a reminder just how much of a digital trail people leave in modern communications. Some have turned to web-based programs in their search for communications that can?t be easily intercepted. For many U.S. businesspeople overseas, including contractors in Afghanistan and Iraq, Skype has been the approved standard for VOIP and instant messaging for years. It?s practically free, it?s encrypted, and so easy to use that a grandmother with her desktop can use it to chat with her wunderkind on his tablet. Now a new company, Silent Circle, is upping the security bar for web-based communications. For $20 a month, the company offers encrypted, high-quality communications for mobile devices and computers. CEO Mike Janke draws a distinction between Silent Circle and Skype. ?I would not say they are a competitor,? he said. ?We are in the business of secure communications. They are in the business of cheap long distance.? His point is that Silent Circle?s products are built completely around security and privacy. They meet the NSA?s ?Suite B? standards. Emails are encrypted using the PGP protocol designed 20 years ago by Phil Zimmerman, the longtime security expert and privacy rights advocate who serves as the company?s president. Voice and video communications are encrypted by ZRTP, another Zimmerman invention. Janke says the company has three customer bases: individual subscribers, enterprise clients, and governments. In the federal government, he said, there?s even been a surprising market coming from the Bring Your Own Device phenomenon: agencies, he says, buy Silent Circle for their workers to manage their personal smart phones. The firm says U.S. Special Operations Command approved it as a commercial secure operations provider earlier this year. Privacy Vs. Security Silent Circle?s business model is something of a hot-button right now. The Federal Bureau of Investigation has complained that new encryption and communications technologies are making interception difficult or impossible. But privacy rights experts and companies like Silent Circle say trying to legislate a solution would bring major problems. Here?s the issue: Since 1994, the Communications Assistance for Law Enforcement Act has required telephone companies to build in mechanisms so that calls can be intercepted. In 2005, the FCC extended that law to VOIP services that allow calls to and from other phone services. But there is still a gap. Peer-to-peer networks that don?t get connected to the phone networks are still not covered, and law enforcement can?t get real time intercepts. In the case of companies like Silent Circle, the FBI couldn?t intercept anything at all. The firm says even if it were served a subpoena for subscribers? communications, it wouldn?t be able to comply if it wanted to. ?We could give them a bunch of encrypted conversation,? shrugs Jon Callas, a computer security expert who is the company?s chief technical officer. ?There is nothing we can turn over.? The FBI has framed the debate in a law-enforcement context. ?The government is increasingly unable to collect valuable evidence in cases ranging from child exploitation and pornography to organized crime and drug trafficking to terrorism and espionage,? Valerei Caproni, the FBI?s general counsel, testified in 2011. The Obama administration is reportedly considering pushing for changes to the law, to require that web services and digital devices have built-in intercept ?backdoors? to allow interception in real time. But Silent Circle has joined with security experts and privacy advocates to argue that a backdoor would be a disaster for cybersecurity generally. ?The FBI constantly comes out and says ?We?re going dark!?? says Janke. ?It?s very dangerous to try to implement what they are asking for. If you try to introduce a wiretap into a technology like Silent Circle, you are now introducing a vulnerability.? Silent Circle?s Zimmerman was one of the 20 technologists who prepared a report outlining how adversaries could easily exploit built-in backdoors if they were required by law. ?We conclude that deployment of an intercept capability in endpoint communications services, systems and applications,? wrote the security experts, ?poses serious security risks.? Malware Meanwhile, Silent Circle is growing fast. It emphasizes that it?s not a cure to another major problem with mobile devices: hackers and foreign governments who can use ?exploits? to take over smartphones. ?We are not trying to solve the malware issue,? Janke said. ?If a nation-state wants to own your device, they will do that.? For true security, that?s a serious issue, because even encrypted communications are potentially vulnerable once a hacker exploits a smartphone at the operating level. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 13:30:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 14:30:52 -0400 Subject: [Infowarrior] - Fwd: [IP] Senators: NSA phone sweeping has been going on since 2007 - The Hill - covering Congress, Politics, Political Campaigns and Capitol Hill | TheHill.com References: Message-ID: <1113239B-B8CB-4AAC-9385-1A5063B8FB42@infowarrior.org> > From: Dave Farber > Subject: [IP] Senators: NSA phone sweeping has been going on since 2007 - The Hill - covering Congress, Politics, Political Campaigns and Capitol Hill | TheHill.com > Date: June 6, 2013 2:28:10 PM EDT > To: "ip" > Reply-To: dave at farber.net > > I love the comment that nobody complained about it -- maybe because nobody knew about it!djf > > ---------- Forwarded message ---------- > From: "Faisal N Jawdat" > Date: Jun 6, 2013 1:45 PM > Subject: Senators: NSA phone sweeping has been going on since 2007 - The Hill - covering Congress, Politics, Political Campaigns and Capitol Hill | TheHill.com > To: "David J. Farber" > Cc: > > Professor Farber, > > For IP, if you wish: > > http://thehill.com/homenews/news/303891-senators-nsa-phone-sweeping-has-been-going-on-since-2007 > > > The leaders of the Senate Intelligence Committee on Thursday said senators were informed of the administration?s sweeping surveillance practices, which they said have been going on since 2007. [Watch the video] > > > > ?Everyone?s been aware of it for years, every member of the Senate,? said Sen. Saxby Chambliss (Ga.), the ranking Republican on the Senate Intelligence Committee. > > > > Chambliss told reporters that the program has been going on for seven years under the auspices of the Foreign Intelligence Surveillance Act. He said he was not aware of a single citizen filing a complaint about it. > > [...] -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Thu Jun 6 13:53:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 14:53:46 -0400 Subject: [Infowarrior] - =?windows-1252?q?Dave_Farber=2C_Internet=92s_=93G?= =?windows-1252?q?randfather=2C=94_Seeks_to_Cut_Through_Fog_of_Cyberwar?= Message-ID: Dave Farber, Internet?s ?Grandfather,? Seeks to Cut Through Fog of Cyberwar By John Horgan | June 6, 2013 | http://blogs.scientificamerican.com/cross-check/2013/06/06/dave-farber-internets-grandfather-seeks-to-cut-through-fog-of-cyberwar/ Over the last few years, the rhetoric if not the actuality of cyberwarfare has been escalating. Every day, it seems, the media report on alleged cyberattacks?by nations, terrorist organizations or criminal gangs?against U.S. governmental institutions and corporations. Many of these allegations are being made by individuals or groups that stand to benefit from increased funding for cybersecurity, and whose claims cannot be verified because details are classified. Seeking guidance, I turned to legendary computer scientist Dave Farber, a professor at Carnegie Mellon who has also worked for or with Bell Labs, Rand, the FCC, the Electronic Frontier Foundation and many other institutions. Farber is sometimes called the ?Grandfather of the Internet? both because of his pioneering work in distributed computing and his mentoring of graduate students who helped build the Internet. He remains deeply involved in debates over how to maximize benefits and minimize risks of the Internet. (See Farber?s resume on Wikipedia.) I have gotten to know Farber because he is an active alumnus of Stevens Institute of Technology, where I teach. I am also on a listserve that he moderates, ?Interesting People.? What follows is my summary of our recent conversation in New York City. Although some cyber-threats may have been exaggerated, Farber said, the Internet is ?very vulnerable. There are a whole host of potential threats. I characterize it as walking on a sheet of ice on top of a sheet of ice.? He and others who helped create the first computer networks could not possibly have anticipated all the security problems that would arise as the Internet evolved. ?The network was not built to be secure,? he said. ?You have to remember the Internet was an experiment. It was hard enough building it without worrying about security. We knew there were some serious flaws, early on. But it?s like any other system: once you lay the groundwork there are very few opportunities to change it.? Farber warned that that many ?solutions? to cybersecurity, especially those offered by commercial firms, are bogus. ?What you have to watch out for is when people talk about their particular cure, which usually translate as, ?Give us money and we will cure the problem.? But in fact the cures probably won?t cure anything.? Products that supposedly provide protection against viruses and malware ?are well known not to work inside the trade. Nobody but the most blatant amateurs write viruses that those products will catch. The sophisticated ones, they will never catch.? Farber added that ?patchwork fixes hardly ever work. We know in principle how to build a secure computing environment, but none of that is cheap. Part of the problem is, even if I build you a secure computer network and secure operating system, you have millions of computers out there that are not retrofittable.? Farber identified two approaches that could boost Internet security without huge effort and expense. One would be tightening up the issuance of security certificates, which supposedly guarantee that online purveyors of information are who they purport to be. Another approach would be to focus on reforming the domain-name system, which now makes it too easy for hackers to mount denial-of-service attacks against websites. One terrible idea, Farber said, floated recently by the Commission on the Theft of American Intellectual Property, a private group, is for companies to mount counter-strikes against suspected cyber-attackers. Far from inhibiting cyberattacks, this tactic could lead to many more of them, Farber said. Moreover, a company might decide, ?That guy is too much competition, let?s put him out of business? by falsely accusing him of a cyberattack and counterstriking. Farber said that the U.S. is undoubtedly the target of cyber-espionage by many other nations, including allies, seeking industrial trade secrets. ?I assume North Korea, China, France, the United Kingdom and everybody else has tried to penetrate our computer systems. They have been doing [espionage] for many years in the physical world. Years ago France was caught doing that, looking for commercial advantage.? But Farber suspected that the threat from China has been exaggerated. ?I find it hard to believe that China invests a lot in [industrial espionage], considering that we give them everything as is. We put plants over there, we teach them how to build things.? Moreover, just because attacks originate in China does not mean the government sponsors them. ?I?m sure there is some stuff being done by the government. But some is just being done because there are piles of people who have the tools to do it.? Farber compared the escalating threat of cyberattacks to the nuclear arms race that followed the end of World War II. Farber said that, just as prominent physicists once led efforts to contain the risks of nuclear weapons, so should leading computer scientists help devise policies to reduce the risks of information technologies. Preventing cyberwar, Farber said, is in some ways a much more complex task; few nations have the resources to build nuclear weapons, and they know who their potential nuclear foes are and hence can deter attacks with the threat of retaliation. In contrast, there are countless potential threats, and you often can?t be sure who is attacking or threatening you. ?You really have to do good forensics,? Farber said, to trace attacks to their actual source and avoid false accusations and unjustified counterattacks. ?If nations were willing to cooperate, there?s a lot more you can do? to identify attackers. Farber?s greatest concern is cyberattacks not by nations but by freelance criminal hackers. ?There is no way to get at them easily, there are an awful lot of them, and their motives are highly varied. They may be doing it to get information they can sell. They may be hired by someone to do it. They may be protesting something or other, and there is nothing like a major incident to get their cause publicity.? Farber feared that ?the problem of hackers for hire is going to get maybe worse, because we are graduating kids who can?t get decent jobs but are well trained.? Cyberattacks could pose a direct threat to peoples? lives. ?Modern hospitals now are hooked up to networks. What would a denial of service attack on a major hospital do? An intelligent attack on our power system would be a nightmare.? If he was ?Cyber Czar??in charge of all cybersecurity?Farber would form a group of experts to ?dig really deep into what the problem is.? The group would determine how much of the threat to cybersecurity ?is real, how much is not real,? and would propose how to boost security ?with a relatively short amount of work.? The group would consist of people ?who had no ulterior motives, no conflicts. They may tend to be older, more experienced, people who don?t feel they have to get their point of view across whether it?s right, wrong or indifferent.? Farber said National Security Agency personnel could provide technical guidance. ? Do I think they have very good people? Yes. Do I trust them? Not as far as I can throw them. But I trust NSA more than I would trust a company? selling security services. Farber and I spoke shortly before reports that the National Security Agency is ?collecting the telephone records of millions of US customers of Verizon.? Farber has concerns about digital privacy as well as security. ?I worry a lot about Google Glasses,? he said. ?When you?re coupled directly to the net, and you have cameras, that?s sort of scary.? Farber suggested that if Senator Joe McCarthy, who led anti-communist ?witch hunts? in the 1950s, had had ?the tools we have now, he wouldn?t have to say, ?Somebody said you met with?? He would just be able to say, ?You wrote this note to this guy 10 years ago.?? I hope Dave Farber?s views provoke constructive responses. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 14:18:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 15:18:29 -0400 Subject: [Infowarrior] - OT: Flight of the Discords Message-ID: <12F86050-9A5D-4F22-807F-DAF4A306D0A9@infowarrior.org> The rest of the article talks about the MICC and is worth reading in its entirety ... but this one paragraph screams volumes about one of DOD's latest "weapons systems" being acquired. ---rick Flight of the Discords The military?industrial?congressional complex bullies the F-35 Lightning II into Burlington By Andrew Cockburn, Harpers http://harpers.org/blog/2013/06/flight-of-the-discords/ < - > The F-35 encapsulates in one airframe the full flowering of bloat, corruption, and decay attendant to the defense system. Costing a staggering $191 million (and rising), according to defense analyst Winslow Wheeler, each plane is more sluggish as a fighter than the F-16 and flies too high and too fast to adequately perform its other assigned role, replacing the A-10 ground-support plane. It is also dangerously unsafe. Thanks to a poorly designed fire-suppression system, for example, the F-35 cannot fly within twenty-five miles of a thunderstorm for fear of lightning. This has led to the cancellation of four out of every ten of test flights scheduled for the plane at the Eglin Air Force Base in Florida. The F-35 also cannot safely dump fuel in case of an emergency and uses flammable fluids to power the engine hydraulics and cool the electronics, while the electrical system runs at an unnecessarily high 270 volts, vastly exacerbating the risk of fire. Pierre Sprey, who co-designed the F-16, and created the A-10 and optimized its safety features, draws a vivid analogy. ?It?s as if Detroit suddenly put out a car with lighter fluid in the radiator and gasoline in the hydraulic brake lines,? he told me. ?That?s how unsafe this plane is. Plopping down a fighter this full of bugs and this untested in the middle of a populated area is just nuts.? < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 16:29:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 17:29:31 -0400 Subject: [Infowarrior] - =?windows-1252?q?NYT_Editors=3A_President_Obama?= =?windows-1252?q?=92s_Dragnet?= Message-ID: June 6, 2013 President Obama?s Dragnet By THE EDITORIAL BOARD http://www.nytimes.com/2013/06/07/opinion/president-obamas-dragnet.html Within hours of the disclosure that the federal authorities routinely collect data on phone calls Americans make, regardless of whether they have any bearing on a counterterrorism investigation, the Obama administration issued the same platitude it has offered every time President Obama has been caught overreaching in the use of his powers: Terrorists are a real menace and you should just trust us to deal with them because we have internal mechanisms (that we are not going to tell you about) to make sure we do not violate your rights. Those reassurances have never been persuasive ? whether on secret warrants to scoop up a news agency?s phone records or secret orders to kill an American suspected of terrorism ? especially coming from a president who once promised transparency and accountability. The administration has now lost all credibility. Mr. Obama is proving the truism that the executive will use any power it is given and very likely abuse it. That is one reason we have long argued that the Patriot Act, enacted in the heat of fear after the 9/11 attacks by members of Congress who mostly had not even read it, was reckless in its assignment of unnecessary and overbroad surveillance powers. Based on an article in The Guardian published Wednesday night, we now know the Federal Bureau of Investigation and the National Security Agency used the Patriot Act to obtain a secret warrant to compel Verizon?s business services division to turn over data on every single call that went through its system. We know that this particular order was a routine extension of surveillance that has been going on for years, and it seems very likely that it extends beyond Verizon?s business division. There is every reason to believe the federal government has been collecting every bit of information about every American?s phone calls except the words actually exchanged in those calls. A senior administration official quoted in The Times offered the lame observation that the information does not include the name of any caller, as though there would be the slightest difficulty in matching numbers to names. He said the information ?has been a critical tool in protecting the nation from terrorist threats,? because it allows the government ?to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.? That is a vital goal, but how is it served by collecting everyone?s call data? The government can easily collect phone records (including the actual content of those calls) on ?known or suspected terrorists? without logging every call made. In fact, the Foreign Intelligence Surveillance Act was expanded in 2008 for that very purpose. Essentially, the administration is saying that without any individual suspicion of wrongdoing, the government is allowed to know who Americans are calling every time they make a phone call, for how long they talk and from where. This sort of tracking can reveal a lot of personal and intimate information about an individual. To casually permit this surveillance ? with the American public having no idea that the executive branch is now exercising this power ? fundamentally shifts power between the individual and the state, and repudiates constitutional principles governing search, seizure and privacy. The defense of this practice offered by Senator Dianne Feinstein of California, who as chairman of the Senate Intelligence Committee is supposed to be preventing this sort of overreaching, was absurd. She said today that the authorities need this information in case someone might become a terrorist in the future. Senator Saxby Chambliss of Georgia, the vice chairman of the committee, said the surveillance has ?proved meritorious, because we have gathered significant information on bad guys and only on bad guys over the years.? But what assurance do we have of that, especially since Ms. Feinstein went on to say that she actually did not know how the data being collected was used? The senior administration official quoted in The Times said the executive branch internally reviews surveillance programs to ensure that they ?comply with the Constitution and laws of the United States and appropriately protect privacy and civil liberties.? That?s no longer good enough. Mr. Obama clearly had no intention of revealing this eavesdropping, just as he would not have acknowledged the killing of Anwar al-Awlaki, an American citizen, had it not been reported in the press. Even then, it took him more than a year and a half to acknowledge the killing, and he is still keeping secret the protocol by which he makes such decisions. We are not questioning the legality under the Patriot Act of the court order disclosed by The Guardian. But we strongly object to using that power in this manner. It is the very sort of thing against which Mr. Obama once railed, when he said in 2007 that the Bush administration?s surveillance policy ?puts forward a false choice between the liberties we cherish and the security we provide.? Two Democrats on the Senate Intelligence Committee, Senator Ron Wyden of Oregon and Senator Mark Udall of Colorado, have raised warnings about the government?s overbroad interpretation of its surveillance powers. ?We believe most Americans would be stunned to learn the details of how these secret court opinions have interpreted Section 215 of the Patriot Act,? they wrote last year in a letter to Attorney General Eric Holder Jr. ?As we see it, there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows. This is a problem, because it is impossible to have an informed public debate about what the law should say when the public doesn?t know what its government thinks the law says.? On Thursday, Representative Jim Sensenbrenner, Republican of Wisconsin, who introduced the Patriot Act in 2001, said that the National Security Agency overstepped its bounds by issuing a secret order to collect phone log records from millions of Americans. ?As the author of the Patriot Act, I am extremely troubled by the F.B.I.?s interpretation of this legislation,? he said in a statement. ?While I believe the Patriot Act appropriately balanced national security concerns and civil rights, I have always worried about potential abuses.? He added: ?Seizing phone records of millions of innocent people is excessive and un-American.? This stunning use of the act shows, once again, why it needs to be sharply curtailed if not repealed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 16:31:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 17:31:29 -0400 Subject: [Infowarrior] - Schneier on the NSA-Verizon thing Message-ID: <25B4BAE7-8C57-4BDE-8507-454902F31203@infowarrior.org> What We Don't Know About Spying on Citizens: Scarier Than What We Know By Bruce Schneier http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/ Yesterday, we learned that the NSA received all calling records from Verizon customers for a three-month period starting in April. That's everything except the voice content: who called who, where they were, how long the call lasted -- for millions of people, both Americans and foreigners. This "metadata" allows the government to track the movements of everyone during that period, and a build a detailed picture of who talks to whom. It's exactly the same data the Justice Department collected about AP journalists. The Guardian delivered this revelation after receiving a copy of a secret memo about this -- presumably from a whistle-blower. We don't know if the other phone companies handed data to the NSA too. We don't know if this was a one-off demand or a continuously renewed demand; the order started a few days after the Boston bombers were captured by police. We don't know a lot about how the government spies on us, but we know some things. We know the FBI has issued tens of thousands of ultra-secret National Security Letters to collect all sorts of data on people -- we believe on millions of people -- and has been abusing them to spy on cloud-computer users. We know it can collect a wide array of personal data from the Internet without a warrant. We also know that the FBI has been intercepting cell-phone data, all but voice content, for the past 20 years without a warrant, and can use the microphone on some powered-off cell phones as a room bug -- presumably only with a warrant. Massive Leaks Are a Natural Response to Government Classification Run Amok We know that the NSA has many domestic-surveillance and data-mining programs with codenames like Trailblazer, Stellar Wind, and Ragtime -- deliberately using different codenames for similar programs to stymie oversight and conceal what's really going on. We know that the NSA is building an enormous computer facility in Utah to store all this data, as well as faster computer networks to process it all. We know the U.S. Cyber Command employs 4,000 people. We know that the DHS is also collecting a massive amount of data on people, and that local police departments are running "fusion centers" to collect and analyze this data, and covering up its failures. This is all part of the militarization of the police. Remember in 2003, when Congress defunded the decidedly creepy Total Information Awareness program? It didn't die; it just changed names and split into many smaller programs. We know that corporations are doing an enormous amount of spying on behalf of the government: all parts. We know all of this not because the government is honest and forthcoming, but mostly through three backchannels -- inadvertent hints or outright admissions by government officials in hearings and court cases, information gleaned from government documents received under FOIA, and government whistle-blowers. There's much more we don't know, and often what we know is obsolete. We know quite a bit about the NSA's ECHELON program from a 2000 European investigation, and about the DHS's plans for Total Information Awareness from 2002, but much less about how these programs have evolved. We can make inferences about the NSA's Utah facility based on the theoretical amount of data from various sources, the cost of computation, and the power requirements from the facility, but those are rough guesses at best. For a lot of this, we're completely in the dark. And that's wrong. The U.S. government is on a secrecy binge. It overclassifies more information than ever. And we learn, again and again, that our government regularly classifies things not because they need to be secret, but because their release would be embarrassing. Knowing how the government spies on us is important. Not only because so much of it is illegal -- or, to be as charitable as possible, based on novel interpretations of the law -- but because we have a right to know. Democracy requires an informed citizenry in order to function properly, and transparency and accountability are essential parts of that. That means knowing what our government is doing to us, in our name. That means knowing that the government is operating within the constraints of the law. Otherwise, we're living in a police state. We need whistle-blowers. Leaking information without getting caught is difficult. It's almost impossible to maintain privacy in the Internet Age. The WikiLeaks platform seems to have been secure -- Bradley Manning was caught not because of a technological flaw, but because someone he trusted betrayed him -- but the U.S. government seems to have successfully destroyed it as a platform. None of the spin-offs have risen to become viable yet. The New Yorker recently unveiled its Strongbox platform for leaking material, which is still new but looks good. This link contains the best advice on how to leak information to the press via phone, email, or the post office. The National Whistleblowers Center has a page on national-security whistle-blowers and their rights. Leaking information is also very dangerous. The Obama Administration has embarked on a war on whistle-blowers, pursuing them -- both legally and through intimidation -- further than any previous administration has done. Mark Klein, Thomas Drake, and William Binney have all been persecuted for exposing technical details of our surveillance state. Bradley Manning has been treated cruelly and inhumanly -- and possibly tortured -- for his more-indiscriminate leaking of State Department secrets. The Obama Administration's actions against the Associated Press, its persecution of Julian Assange, and its unprecedented prosecution of Manning on charges of "aiding the enemy" demonstrate how far it's willing to go to intimidate whistle-blowers -- as well as the journalists who talk to them. But whistle-blowing is vital, even more broadly than in government spying. It's necessary for good government, and to protect us from abuse of power. We need details on the full extent of the FBI's spying capabilities. We don't know what information it routinely collects on American citizens, what extra information it collects on those on various watch lists, and what legal justifications it invokes for its actions. We don't know its plans for future data collection. We don't know what scandals and illegal actions -- either past or present -- are currently being covered up. We also need information about what data the NSA gathers, either domestically or internationally. We don't know how much it collects surreptitiously, and how much it relies on arrangements with various companies. We don't know how much it uses password cracking to get at encrypted data, and how much it exploits existing system vulnerabilities. We don't know whether it deliberately inserts backdoors into systems it wants to monitor, either with or without the permission of the communications-system vendors. And we need details about the sorts of analysis the organizations perform. We don't know what they quickly cull at the point of collection, and what they store for later analysis -- and how long they store it. We don't know what sort of database profiling they do, how extensive their CCTV and surveillance-drone analysis is, how much they perform behavioral analysis, or how extensively they trace friends of people on their watch lists. We don't know how big the U.S. surveillance apparatus is today, either in terms of money and people or in terms of how many people are monitored or how much data is collected. Modern technology makes it possible to monitor vastly more people -- yesterday's NSA revelations demonstrate that they could easily surveil everyone -- than could ever be done manually. Whistle-blowing is the moral response to immoral activity by those in power. What's important here are government programs and methods, not data about individuals. I understand I am asking for people to engage in illegal and dangerous behavior. Do it carefully and do it safely, but -- and I am talking directly to you, person working on one of these secret and probably illegal programs -- do it. If you see something, say something. There are many people in the U.S. that will appreciate and admire you. For the rest of us, we can help by protesting this war on whistle-blowers. We need to force our politicians not to punish them -- to investigate the abuses and not the messengers -- and to ensure that those unjustly persecuted can obtain redress. Our government is putting its own self-interest ahead of the interests of the country. That needs to change. This article available online at: http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 16:43:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 17:43:03 -0400 Subject: [Infowarrior] - CFR Report: Defending an Open, Global, Secure, and Resilient Internet Message-ID: (c/o RA) http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Overview This CFR-sponsored Independent Task Force warns that "escalating attacks on countries, companies, and individuals, as well as pervasive criminal activity, threaten the security and safety of the Internet." The number of "state-backed operations continues to rise, and future attacks will become more sophisticated and disruptive," argues the Task Force report, Defending an Open, Global, Secure, and Resilient Internet. With the ideal vision of an open and secure Internet increasingly at risk, the Task Force urges the United States, with its friends and allies, "to act quickly to encourage a global cyberspace that reflects shared values of free expression and free markets." The Task Force concludes that "the most pressing current threat is not likely to be a single, sudden attack that cripples the United States," but rather "a proliferation of attacks that steal strategically important or valuable data and destroy confidence in the safety and trustworthiness of the Internet." The U.S. administration has named China as a major source of cyber espionage, and the Task Force also finds China to be a serious cause of concern. The Task Force finds that improved cyber defense and greater resiliency are necessary, but not sufficient. "Offensive capabilities are required to deter attacks, and, if deterrence fails, to impose costs on the attackers." It calls on the United States to launch an "interagency economic counterespionage program that will help prevent foreign services and corporate competitors from stealing secrets from U.S. industry." The Task Force is chaired by John D. Negroponte, former deputy secretary of state and director of national intelligence, and Samuel J. Palmisano, former chairman of the board and CEO of IBM, and is directed by Adam Segal, CFR's Maurice R. Greenberg senior fellow for China studies. It includes experts representing a variety of sectors, including high-tech industry and hardware and software companies, as well as leaders on cyber issues (see list below). The report notes that the number of people online will double to five billion by the end of this decade, and the Internet economy will continue to grow. In the United States alone, the Internet economy, now $68 billion, or 4.7 percent of GDP, is projected to rise to 5.4 percent in 2016, so any successful policy response will have to include the business community and civil society. A number of governments are using the threat of cyberattacks to justify restrictions on the flow of information, data, and knowledge and are territorializing the Internet based on narrow national interests. The outcome of blocking and filtering is "a fragmented Internet and decline in global free expression." Therefore, the report urges leading nations to agree on a set of norms for activity and engagement in cyberspace. "Now is the time for the United States, with its friends and allies, to ensure the Internet remains an open, global, secure, and resilient environment for users," says the Task Force. The report criticizes the United States for "a lack of a coherent vision, the absence of appropriate authority to implement policy, and legislative gridlock." It says, "For the past four decades, the United States was the predominant innovator, promoter, and shaper of cyberspace, but the window for U.S leadership is now closing." "The bottom line is clear: digital foreign policy must begin with domestic policy," the report concludes. "Successfully meeting the challenges of the digital age requires a rethinking of domestic institutions and processes that were designed for the twentieth century." PDF@ http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 17:15:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 18:15:30 -0400 Subject: [Infowarrior] - NSA/FBI also tapped into major Internet companies Message-ID: U.S. intelligence mining data from nine U.S. Internet companies in broad secret program By Barton Gellman and Laura Poitras http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_print.html The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person?s movements and contacts over time. The highly classified program, code-named PRISM, has not been disclosed publicly before. Its establishment in 2007 and six years of exponential growth took place beneath the surface of a roiling debate over the boundaries of surveillance and privacy. Even late last year, when critics of the foreign intelligence statute argued for changes, the only members of Congress who know about PRISM were bound by oaths of office to hold their tongues. An internal presentation on the Silicon Valley operation, intended for senior analysts in the NSA?s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President?s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the briefing slides, obtained by The Washington Post, ?NSA reporting increasingly relies on PRISM? as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports. That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil. The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. They are listed on a roster that bears their logos in order of entry into the program: ?Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.? PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war. Dropbox , the cloud storage and synchronization service, is described as ?coming soon.? Government officials declined to comment for this story. Roots in the ?70s PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric. The Silicon Valley operation works alongside a parallel program, code-named BLARNEY, that gathers up ?metadata? ? address packets, device signatures and the like ? as it streams past choke points along the backbone of the Internet. BLARNEY?s top-secret program summary, set down alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as ?an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.? But the PRISM program appears more nearly to resemble the most controversial of the warrantless surveillance orders issued by President George W. Bush after the al-Qaeda attacks of Sept. 11, 2001. Its history, in which President Obama presided over ?exponential growth? in a program that candidate Obama criticized, shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques. The PRISM program is not a dragnet, exactly. From inside a company?s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all. Analysts who use the system from a Web portal at Fort Meade key in ?selectors,? or search terms, that are designed to produce at least 51 percent confidence in a target?s ?foreignness.? That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report, ?but it?s nothing to worry about.? Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as ?incidental,? and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect?s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two ?hops? out from their target, which increases ?incidental collection? exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than ?six degrees of separation? from Kevin Bacon. A ?directive? Formally, in exchange for immunity from lawsuits, companies like Yahoo and AOL are obliged accept a ?directive? from the attorney general and the director of national intelligence to open their servers to the FBI?s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority to for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company ?to comply.? In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company. Apple demonstrated that resistance is possible, for reasons unknown, when it held out for more than five years after Microsoft became PRISM?s first corporate partner in May 2007. Twitter, which has cultivated a reputation for aggressive defense of its users? privacy, is still conspicuous by its absence from the list of ?private sector partners.? ?Google cares deeply about the security of our users? data,? a company spokesman said. ?We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ?back door? into our systems, but Google does not have a ?back door? for the government to access private user data.? Like market researchers, but with far more privileged access, collection managers in the NSA?s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts. For much the same reason, civil libertarians and some ordinary users may be troubled by the menu available to analysts who hold the required clearances to ?task? the PRISM system. There has been ?continued exponential growth in tasking to Facebook and Skype,? according to the 41 PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook?s ?extensive search and surveillance capabilities against the variety of online social networking services.? According to a separate ?User?s Guide for PRISM Skype Collection,? that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of ?audio, video, chat, and file transfers? when Skype users connect by computer alone. Google?s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. ?They quite literally can watch your ideas form as you type,? the officer said. Julie Tate and Robert O?Harrow Jr. contributed to this report. Graphic: NSA slides explain the PRISM data-collection program --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 17:17:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 18:17:08 -0400 Subject: [Infowarrior] - NSA slides explain the PRISM data-collection program Message-ID: NSA slides explain the PRISM data-collection program http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 6 18:32:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 19:32:44 -0400 Subject: [Infowarrior] - Fwd: How the Robots Lost: High-Frequency Trading's Rise and Fall References: <5C14F0F3-B885-406C-AE46-3C77BD0BA805@lipscomb.edu> Message-ID: <198C278E-CF87-4761-9190-CEDBD657AAEB@infowarrior.org> (c/o KM) Begin forwarded message: > Figure some people might find this interesting! > > > How the Robots Lost: High-Frequency Trading's Rise and Fall > http://www.businessweek.com/articles/2013-06-06/how-the-robots-lost-high-frequency-tradings-rise-and-fall -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Thu Jun 6 19:43:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jun 2013 20:43:17 -0400 Subject: [Infowarrior] - timeline: Electronic Surveillance Under Bush and Obama Message-ID: Good timeline: Electronic Surveillance Under Bush and Obama http://www.nytimes.com/interactive/2013/06/07/us/07nsa-timeline.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 05:46:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 06:46:16 -0400 Subject: [Infowarrior] - DNI Statement on NSA Disclosures Message-ID: Here's the PDF dated June 6. http://s3.documentcloud.org/documents/710150/dni-statements-on-disclosure-of-classified.pdf Address some of the questions raised in the WaPo/Guardian articles and of course, includes the usual statements about "balancing privacy/security" and how such disclosures hurt the country, etc, --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 05:53:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 06:53:51 -0400 Subject: [Infowarrior] - TIA 2.0 Message-ID: <990B6F7D-982B-495A-97DE-67320AC37095@infowarrior.org> Welcome to the era of Total Information Awareness and ain't it grand? The problem isn't the National Security Agency. It's the Patriot Act and what it represents as we watch the modern surveillance state take shape -- in secret. by Charles Cooper June 6, 2013 7:36 PM PDT http://news.cnet.com/8301-13578_3-57588055-38/welcome-to-the-era-of-total-information-awareness-and-aint-it-grand/ It's been more than 24 hours since the enterprising Glenn Greenwald revealed that the National Security Agency has been gathering the phone records of millions of Verizon customers. The idea is to match calls against a larger database of numbers used by suspected jihadists. After turning up relevant calling patterns, the NSA could then uncover the identities of the callers. But the Verizon-NSA story was not a one-off. The news was followed by another revelation about the NSA on Thursday -- this one disclosing that the agency has been accessing confidential user data held by Silicon Valley firms through secret backdoor access as part of a program, code-named PRISM. Even the most hard-boiled cynic about the rise of the Big Brother state has to wonder what's going on here. For the folks who had prophesied that the passage of the Patriot Act set the U.S. on a slippery slope of unchecked government surveillance, these revelations are a predictable vindication of their warnings. But if past is prologue, the crazy thing is how little any of this this will matter to most people. Sure, the civil liberties types are running around as if their hair is on fire. But the vast majority of the country is likely to tune out before tuning into the next episode of something really important to their lives, like "American Idol." Maybe we trust government more than the opinion polls let on because Americans don't seem to care very much about the building of a vast surveillance state in secret. The political leadership in Washington says everything's fine and that the government is doing the right thing. The White House set the tone with its defense of "a critical tool" in the fight against terror. Senate Majority Leader Harry Reid, Sens. Dianne Feinstein and Saxby Chambliss followed the White House's lead, defending the collection of this vast trove of information, which they said had helped thwart attacks against the homeland. "I know that people are trying to get to us," Feinstein said. "This is the reason why the FBI now has 10,000 people doing intelligence on counterterrorism. This is the reason for the national counterterrorism center that's been set up in the time we've been active. It's to ferret this out before it happens. It's called protecting America." Yes, some "people are trying to get us" though that's part of a broader discussion about America's place in the world. I don't like having to trust Feinstein at her word because there's no legal way to find out whether she -- or the rest the government -- is bending the truth or working off flawed information. (WMDs in Iraq, anyone?) But this is just after-the-fact grousing by yours truly. We traded away a lot in return for the promise of more security when Congress passed the Patriot Act into law in 2001 (and then extended it in 2011.) All that's left to prevent an uber-powerful super-spy agency from going rogue is the Foreign Intelligence Surveillance Court, which meets behind closed doors and whose proceedings are usually shrouded in secrecy. Coming down with buyer's remorse yet? You ought to be. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 06:09:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 07:09:47 -0400 Subject: [Infowarrior] - How Congress unknowingly legalized PRISM in 2007 Message-ID: <3F2FDCD3-1EEB-41CB-A2A7-6F1A40F9E37F@infowarrior.org> (I dispute the "unknowingly" in the article title ... they just chose to marginalise their concerns in the name of protecting the homeland, didn't understand the ramifications, or didn't care either way since the vote was holding up their tee times --rick) How Congress unknowingly legalized PRISM in 2007 By Timothy B. Lee, Published: June 6, 2013 at 9:20 pmE-mail the writer http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/06/how-congress-unknowingly-legalized-prism-in-2007/ The Bush Administration portrayed the PAA as a technical fix designed to close a gap in America?s surveillance capabilities that had been opened by a then-recent ruling of the secretive Foreign Intelligence Surveillance Court (FISC). It proved to be much more than that. While the details are still classified, reports suggested that the FISC had ruled that it was illegal for the government to intercept communications between two foreign endpoints if the communications happened to pass through the United States. Warning that the U.S. would suddenly lose the ability to continue its surveillance of terrorists, the administration pushed the PAA through Congress in a matter of days. In reality, the PAA represented a sweeping change to American surveillance law. Before conducting surveillance, the PAA only required executive branch officials to ?certify? that there were ?reasonable procedures? in place for ensuring that surveillance ?concerns? persons located outside the United States and that the foreign intelligence is a ?significant purpose? of the program. A single certification could cover a broad program intercepting the communications of numerous individuals. And there was no requirement for judicial review of individual surveillance targets within a ?certified? program. Civil liberties groups warned that the PAA?s vague requirements and lack of oversight would give the government a green light to seek indiscriminate access to the private communications of Americans. They predicted that the government would claim that they needed unfettered access to domestic communications to be sure they had gotten all relevant information about suspected terrorists. It now appears that this is exactly what the government did. Today?s report suggests that the moment the PAA was the law of the land, the NSA started using it to obtain unfettered access to the servers of the nation?s leading online services. To comply with the requirement that the government not target Americans, PRISM searches are reportedly ?designed to produce at least 51 percent confidence in a target?s ?foreignness?? ? the lowest conceivable standard. PRISM training materials reportedly instruct users that if searches happen to turn up the private information of Americans, ?it?s nothing to worry about.? The Protect America Act included a short six-month sunset provision, triggering another heated debate in the midst of the 2008 Democratic primary campaign. But that debate focused more on the past than the future. The telecom industry sought retroactive immunity for their participation in warrantless surveillance programs prior to 2007, a request Congress did not grant with the PAA. Retroactive immunity for telecom companies dominated the 2008 debate, overshadowing the more important issue of the sweeping new powers that Congress had just granted to the executive branch. When Congress finally passed the FISA Amendments Act in July 2008, it included both immunity and a four-year extension of the government?s warrantless spying powers. But few members of Congress realized the breadth of the surveillance powers they were effectively approving. The FISA Amandments Act was re-authorized for another five years in 2012 with little controversy. It will come up for a vote again in 2017 ? though Congress could always choose to revisit it earlier. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 06:13:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 07:13:21 -0400 Subject: [Infowarrior] - Is Big Data turning government into 'Big Brother?' Message-ID: <8C14F3D5-058D-4836-9EDD-BB95CCF22BB0@infowarrior.org> Is Big Data turning government into 'Big Brother?' 06/06/2013 10:47 PM ET http://investing.businessweek.com/research/stocks/news/article.asp?docKey=600-201306070302APONLINEDOMESTIC_US_NSA_Phone_Records_-1 With every phone call they make and every Web excursion they take, people are leaving a digital trail of revealing data that can be tracked by profit-seeking companies and terrorist-hunting government officials. The revelations that the National Security Agency is perusing millions of U.S. customer phone records at Verizon Communications and snooping on the digital communications stored by nine major Internet services illustrate how aggressively personal data is being collected and analyzed. Verizon is handing over so-called metadata, excerpts from millions of U.S. customer records, to the NSA under an order issued by the secretive Foreign Intelligence Surveillance Court, according to a report in the British newspaper The Guardian. The report was confirmed Thursday by Sen. Dianne Feinstein, D-Calif., who chairs the Senate Intelligence Committee. Former NSA employee William Binney told the Associated Press that he estimates the agency collects records on 3 billion phone calls each day. The NSA and FBI appear to be casting an even wider net under a clandestine program code-named "PRISM" that came to light in a story posted late Thursday by The Washington Post. PRISM gives the U.S. government access to email, documents, audio, video, photographs and other data that people entrust to some of the world's best known companies, according to The Washington Post. The newspaper said it reviewed a confidential roster of companies and services participating in PRISM. The companies included AOL Inc., Apple Inc., Facebook Inc., Google Inc., Microsoft Corp., Yahoo Inc., Skype, YouTube and Paltalk. In statements, Apple, Facebook, Google, Microsoft and Yahoo said they only provide the government with user data required under the law. (Google runs YouTube and Microsoft owns Skype.) AOL and Paltalk didn't immediately respond to inquiries from The Associated Press. The NSA isn't getting customer names or the content of phone conversations under the Verizon court order, but that doesn't mean the information can't be tied to other data coming in through the PRISM program to look into people's lives, according to experts. Like pieces of a puzzle, the bits and bytes left behind from citizens' electronic interactions can be cobbled together to draw conclusions about their habits, friendships and preferences using data-mining formulas and increasingly powerful computers. It's all part of a phenomenon known as a "Big Data," a catchphrase increasingly used to describe the science of analyzing the vast amount of information collected through mobile devices, Web browsers and check-out stands. Analysts use powerful computers to detect trends and create digital dossiers about people. The Obama administration and lawmakers privy to the NSA's surveillance aren't saying anything about the collection of the Verizon customers' records beyond that it's in the interest of national security. The sweeping court order covers the Verizon records of every mobile and landline phone call from April 25 through July 19, according to The Guardian. It's likely the Verizon phone records are being matched with an even broader set of data, said Forrester Research analyst Fatemeh Khatibloo. "My sense is they are looking for network patterns," she said. "They are looking for who is connected to whom and whether they can put any timelines together. They are also probably trying to identify locations where people are calling from." Under the court order, the Verizon records include the duration of every call and the locations of mobile calls, according to The Guardian. The location information is particularly valuable for cloak-and-dagger operations like the one the NSA is running, said Cindy Cohn, a legal director for the Electronic Frontier Foundation, a digital rights group that has been fighting the government's collection of personal phone records since 2006. The foundation is currently suing over the government's collection of U.S. citizens' communications in a case that dates back to the administration of President George W. Bush. "It's incredibly invasive," Cohn said. "This is a consequence of the fact that we have so many third parties that have accumulated significant information about our everyday lives." It's such a rich vein of information that U.S. companies and other organizations now spend more than $2 billion each year to obtain third-party data about individuals, according to Forrester Research. The data helps businesses target potential customers. Much of this information is sold by so-called data brokers such as Acxiom Corp., a Little Rock, Ark. company that maintains extensive files about the online and offline activities of more than 500 million consumers worldwide. The digital floodgates have opened during the past decade as the convenience and allure of the Internet _and sleek smartphones_ have made it easier and more enjoyable for people to stay connected wherever they go. "I don't think there has been a sea change in analytical methods as much as there has been a change in the volume, velocity and variety of information and the computing power to process it all," said Gartner analyst Douglas Laney. In a sign of the NSA's determination to vacuum up as much data as possible, the agency has built a data center in Bluffdale, Utah that is five times larger than the U.S. Capitol _all to sift through Big Data. The $2 billion center has fed perceptions that some factions of the U.S. government are determined to build a database of all phone calls, Internet searches and emails under the guise of national security. The Washington Post's disclosure that both the NSA and FBI have the ability to burrow into computers of major Internet services will likely heighten fears that U.S. government's Big Data is creating something akin to the ever-watchful Big Brother in George Orwell's "1984" novel. "The fact that the government can tell all the phone carriers and Internet service providers to hand over all this data sort of gives them carte blanche to build profiles of people they are targeting in a very different way than any company can," Khatibloo said. In most instances, Internet companies such as Google Inc., Facebook Inc. and Yahoo Inc. are taking what they learn from search requests, clicks on "like" buttons, Web surfing activity and location tracking on mobile devices to figure out what each of their users like and divine where they are. It's all in aid of showing users ads about products likely to pique their interest at the right time. The companies defend this kind of data mining as a consumer benefit. Google is trying to take things a step further. It is honing its data analysis and search formulas in an attempt to anticipate what an individual might be wondering about or wanting. Other Internet companies also use Big Data to improve their services. Video subscription service Netflix takes what it learns from each viewer's preferences to recommend movies and TV shows. Amazon.com Inc. does something similar when it highlights specific products to different shoppers visiting its site. The federal government has the potential to know even more about people because it controls the world's biggest data bank, said David Vladeck, a Georgetown University law professor who recently stepped down as the Federal Trade Commission's consumer protection director. Before leaving the FTC last year, Vladeck opened an inquiry into the practices of Acxiom and other data brokers because he feared that information was being misinterpreted in ways that unfairly stereotyped people. For instance, someone might be classified as a potential health risk just because they bought products linked to an increased chance of heart attack. The FTC inquiry into data brokers is still open. "We had real concerns about the reliability of the data and unfair treatment by algorithm," Vladeck said. Vladeck stressed he had no reason to believe that the NSA is misinterpreting the data it collects about private citizens. He finds some comfort in The Guardian report that said the Verizon order had been signed by Foreign Intelligence Surveillance Court Judge Ronald Vinson. The NSA "differs from a commercial enterprise in the sense that there are checks in the judicial system and in Congress," Vladeck said. "If you believe in the way our government is supposed to work, then you should have some faith that those checks are meaningful. If you are skeptical about government, then you probably don't think that kind of oversight means anything." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 06:24:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 07:24:51 -0400 Subject: [Infowarrior] - =?windows-1252?q?WaPost_backtracks_on_claim_tech_?= =?windows-1252?q?companies_=91participate_knowingly=92_in_PRISM_data_coll?= =?windows-1252?q?ection?= Message-ID: WaPost backtracks on claim tech companies ?participate knowingly? in PRISM data collection http://thenextweb.com/us/2013/06/07/wapost-backtracks-on-claim-tech-companies-participate-knowingly-in-prism-data-collection/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 06:34:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 07:34:25 -0400 Subject: [Infowarrior] - Google Glass Prohibited at Google's Shareholder Meeting Message-ID: <4554C3FA-A9E8-4B34-84BD-902D56CBA84F@infowarrior.org> Banned! Google Glass Prohibited at Shareholder Meeting GOOGLE INC, BUSINESS NEWS CNBC.com | Friday, 7 Jun 2013 | 5:39 AM ET http://www.cnbc.com/100798068 Tight security restrictions at Thursday's Google shareholder meeting led even the company's much-hyped Google Glass technology to be banned, infuriating a consumer watchdog group who accused the tech giant of hypocrisy. Google Glass is a wearable computer with a head-mounted display that's in prototype and lets users search the web, use apps and respond to spoken instructions. However, its most controversial feature is its ability to record video, an issue that has raised privacy concerns. "Cameras, recording devices, and other electronic devices, such as smart phones, will not be permitted at the meeting. Photography is prohibited at the meeting," instructions for Thursday's 2013 annual meeting of Google shareholders in California said. (Read More: The 'Next Big Things' in Wearable Tech) Nonprofit organization Consumer Watchdog called Google executives hypocrites for the restrictions. "Google has unleashed one of the most privacy invasive devices ever," John M. Simpson, privacy project director at Consumer Watchdog, said in a press release. "Google Glass aids and abets people who want to invade our privacy by videoing or photographing us surreptitiously, but when it comes to their own privacy Google executives jealously guard it." A consumer version of Google Glass isn't expected to hit the shelves until early next year but it has already managed to attract unwanted attention. A porn app called "T--- & Glass," which allows users to view and share pornographic content from a point-of-view angle has been developed. But the app looks to be in jeopardy with Google changing its rules on "explicit" content. Meanwhile, the New Jersey Division of Gaming Enforcement issued a directive on Monday ordering casinos to bar gamblers from using the device. Google was unavailable for comment when contacted by CNBC. ? 2013 CNBC.com URL: http://www.cnbc.com/100798068 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 06:43:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 07:43:45 -0400 Subject: [Infowarrior] - WaPo Editors on NSA disclosures Message-ID: The Post?s View The government needs to explain about the NSA?s phone data program By Editorial Board http://www.washingtonpost.com/opinions/the-government-needs-to-explain-about-the-nsas-phone-data-program/2013/06/06/521f4ec2-ceed-11e2-9f1a-1a7cdee20287_story.html ACCORDING TO Senate overseers of America?s intelligence community, the federal government has been collecting massive quantities of so-called metadata about Americans? phone calls for seven years. Their revelation Thursday came hours after the Guardian published what appears to be a copy of a secret court order to a unit of Verizon, requiring the phone company to give government counterterrorism agencies information about all the calls on its network ? records of originating and receiving phone numbers, the duration of calls and, it appears, cellphone location ? on an ongoing basis. One of the many things that are still unclear is why Americans didn?t know about this program on an ongoing basis. Though the Patriot Act allows the government to seek secret court orders to obtain ?business records? ? a loose term that can mean ?any tangible thing? ? from third parties such as phone companies, the law seemed to anticipate such requests being connected to a terrorism investigation of a particular person or a set of people, not every Verizon customer. Still, the law?s language is very permissive. Leaders of the Senate Select Committee on Intelligence explained Thursday that the Verizon order was a routine judicial reauthorization, one piece of a years-old program, about which Congress has been thoroughly briefed. Though the government, with court permission, collects a huge amount of phone metadata, government agents have to go back to court to gain access to any bit of the contents, demonstrating ?reasonable, articulable suspicion that the records are relevant and related to terrorist activity,? committee Chairman Dianne Feinstein (D-Calif.) said. It appears, then, that the Verizon order represents only part of the judicial oversight to which the program is subject. The government archives the metadata but cannot trace anyone?s calling pattern without justifying the need to a judge. But if the program is so extensive and there are two layers of court review ? at the collection phase and at the access phase ? why couldn?t Americans know about this process before now? The really sensitive information is not its existence ? at that, ordinary Americans are probably more surprised than any terrorist is ? but rather the intelligence the government uses to target individuals within the database. Also: Are all telephone companies involved? Does the government use the information for ?data mining? ? that is, searching for patterns that might indicate terrorist activity? It?s easy to imagine that retroactive access to phone records would be a useful tool after the National Security Agency or the FBI linked a number with a terrorist, but what have the benefits of the program been? The Post reported Thursday night on another program, this one accessing U.S. Internet servers to collect information, ostensibly on foreigners. The apparent sweep of that program, called PRISM, also highlights the need for congressional oversight and public debate about the reach of government intelligence-gathering. In the days after the Boston bombings, many asked why the government didn?t connect the dots on the Tsarnaev brothers. Now, many are asking why the government wants so much information about so many Americans. The legitimate values of liberty and safety often compete. But for the public to be able to make a reasonable assessment of whether these programs are worth the security benefits, it needs more explanation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 07:16:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 08:16:13 -0400 Subject: [Infowarrior] - Anonymous does an "NSA documents leak" Message-ID: <22432275-5C1E-4EF4-B797-2CC14B9F7373@infowarrior.org> (Note: There is nothing revealing in them and nothing related to this week's disclosures. Mostly about DOD internal network architecture planning for the future Nothing classified, and FWIW saying I've even seen many of 'em before on the internet. --rick) Anonymous turns the tables on the NSA with a documents leak Gander takes on goose By Dave Neal Fri Jun 07 2013, 11:40 http://www.theinquirer.net/inquirer/news/2273515/anonymous-turns-the-tables-on-the-nsa-with-a-documents-leak HACKTIVISTS with Anonymous have leaked information from the US National Security Agency (NSA) in the wake of the revelation that it has been collecting telecoms company customers' data. We learned just yesterday that a secret court authorisation from April gave the NSA access to communications data from Verizon and, along with many other people, we reeled in shock at the news. Since then we have heard that it's not only Verizon, and that the NSA also has unrestricted access to data held by nine of the big internet companies, including Apple, Microsoft and Google. "It's outrageous that the government conspired with Verizon to monitor millions of American phone calls," said the American Civil Liberties Union (ACLU) yesterday. "Congress must investigate immediately and disclose its findings to the public." Whatever Congress is or is not doing, people representing the Anonymous hacktivist collective have already acted, and in a tit for tat exchange have shown the NSA that they too can grab information. "Greetings Netizens, and Citizens of the world. Anonymous has obtained some documents that 'they' do not want you to see, and much to 'their' chagrin, we have found them, and are giving them to you," said a release posted to the Pastebin website. "These documents prove that the NSA is spying on you, and not just Americans. They are spying on the citizens of over 35 different countries. We bring this to you, So that you know just how little rights you have. Your privacy and freedoms are slowly being taken from you, in closed door meetings, in laws buried in bills, and by people who are supposed to be protecting you." The statement claims that a "juicy" cache of material is available. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 09:45:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 10:45:55 -0400 Subject: [Infowarrior] - UK had PRISM access Message-ID: Newspaper: British government has access to Internet giants? data via US spy agency. By Associated Press, http://www.washingtonpost.com/business/technology/newspaper-british-government-has-access-to-internet-giants-data-via-us-spy-agency/2013/06/07/33217d60-cf7e-11e2-8573-3baeea6a2647_story.html LONDON ? Britain?s Guardian newspaper says that the U.K. government has been secretly gathering communications data from American Internet giants through the medium of the U.S. National Security Agency. The paper says that it has seen documents showing how the British eavesdropping agency GCHQ has had access to America?s ?Prism? system since at least June 2010. It says the program has generated 197 intelligence reports in the past year. GCHQ declined to comment on the story Friday, saying only that it takes its legal obligations ?very seriously.? The Guardian has recently published a series of stories on America?s secret surveillance dragnet, revealing the stunning details of an undisclosed intelligence operation targeting millions of Americans? phone, email, and Internet records. Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 15:19:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 16:19:48 -0400 Subject: [Infowarrior] - White House Offensive Cyber Directive leaked Message-ID: <5998594B-7384-4476-A167-7B9F47D21AB4@infowarrior.org> (not read it yet --rick) Eighteen-page presidential memo reveals how Barack Obama has ordered intelligence officials to draw up a list of potential overseas targets for US cyber attacks http://www.guardian.co.uk/world/interactive/2013/jun/07/obama-cyber-directive-full-text --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 15:44:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 16:44:25 -0400 Subject: [Infowarrior] - President Obama 'Welcomes' The Debate On Surveillance That He's Avoided For Years Until It Was Forced Upon Him Message-ID: <1AAE42A7-1AB3-429D-B527-54E49C5C3CF3@infowarrior.org> President Obama 'Welcomes' The Debate On Surveillance That He's Avoided For Years Until It Was Forced Upon Him from the that's-not-welcoming-it dept http://www.techdirt.com/articles/20130607/09500123363/president-obama-welcomes-debate-surveillance-that-hes-avoided-years-until-it-was-forced-upon-him.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 15:45:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 16:45:54 -0400 Subject: [Infowarrior] - The DNI's Non-Denial of Mass Surveillance of Americans Message-ID: <0C8E188D-27D8-48BF-A25A-FA73F218AEA5@infowarrior.org> The DNI's Non-Denial of Mass Surveillance of Americans http://cyberlaw.stanford.edu/blog/2013/06/dnis-non-denial-mass-surveillance-americans --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 17:33:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 18:33:21 -0400 Subject: [Infowarrior] - U.S. Collects Vast Data Trove Message-ID: <3EA87540-8505-42A0-8116-647897F385B4@infowarrior.org> U.S. Collects Vast Data Trove NSA Monitoring Includes Three Major Phone Companies, as Well as Online Activity By SIOBHAN GORMAN, EVAN PEREZ and JANET HOOK http://online.wsj.com/article/SB10001424127887324299104578529112289298922.html WASHINGTON?The National Security Agency's monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency's activities. The disclosure this week of an order by a secret U.S. court for Verizon Communications Inc.'s phone records set off the latest public discussion of the program. But people familiar with the NSA's operations said the initiative also encompasses phone-call data from AT&T Inc. and Sprint Nextel Corp., records from Internet-service providers and purchase information from credit-card providers. The Obama administration says its review of complete phone records of U.S. citizens is a "necessary tool" in protecting the nation from terror threats. Is this the accepted new normal, or has the Obama administration pushed the bounds of civil liberties? Cato Institute Director of Information Policy Studies Jim Harper weighs in. Photo: Getty Images. The agency is using its secret access to the communications of millions of Americans to target possible terrorists, said people familiar with the effort. The NSA's efforts have become institutionalized?yet not so well known to the public?under laws passed in the wake of the Sept. 11, 2001, attacks. Most members of Congress defended them Thursday as a way to root out terrorism, but civil-liberties groups decried the program. "Everyone should just calm down and understand this isn't anything that is brand new,'' said Senate Majority Leader Harry Reid (D., Nev.), who added that the phone-data program has "worked to prevent'' terrorist attacks. Senate Intelligence Chairman Dianne Feinstein (D., Calif.) said the program is lawful and that it must be renewed by the secret U.S. court every three months. She said the revelation about Verizon, reported by the London-based newspaper the Guardian, seemed to coincide with its latest renewal. Civil-liberties advocates slammed the NSA's actions. "The most recent surveillance program is breathtaking. It shows absolutely no effort to narrow or tailor the surveillance of citizens," said Jonathan Turley, a constitutional law expert at George Washington University. Meanwhile, the Obama administration acknowledged Thursday a secret NSA program dubbed Prism, which a senior administration official said targets only foreigners and was authorized under U.S. surveillance law. The Washington Post and the Guardian reported earlier Thursday the existence of the previously undisclosed program, which was described as providing the NSA and FBI direct access to server systems operated by tech companies that include Google Inc., Apple Inc., Facebook Inc., Yahoo Inc., Microsoft Corp. and Skype. The newspapers, citing what they said was an internal NSA document, said the agencies received the contents of emails, file transfers and live chats of the companies' customers as part of their surveillance activities of foreigners whose activity online is routed through the U.S. The companies mentioned denied knowledge or participation in the program. The arrangement with Verizon, AT&T and Sprint, the country's three largest phone companies means, that every time the majority of Americans makes a call, NSA gets a record of the location, the number called, the time of the call and the length of the conversation, according to people familiar with the matter. The practice, which evolved out of warrantless wiretapping programs begun after 2001, is now approved by all three branches of the U.S. government. AT&T has 107.3 million wireless customers and 31.2 million landline customers. Verizon has 98.9 million wireless customers and 22.2 million landline customers while Sprint has 55 million customers in total. NSA also obtains access to data from Internet service providers on Internet use such as data about email or website visits, several former officials said. NSA has established similar relationships with credit-card companies, three former officials said. It couldn't be determined if any of the Internet or credit-card arrangements are ongoing, as are the phone company efforts, or one-shot collection efforts. The credit-card firms, phone companies and NSA declined to comment for this article. Though extensive, the data collection effort doesn't entail monitoring the content of emails or what is said in phone calls, said people familiar with the matter. Investigators gain access to so-called metadata, telling them who is communicating, through what medium, when, and where they are located. But the disconnect between the program's supporters and detractors underscored the difficulty Congress has had navigating new technology, national security and privacy. The Obama administration, which inherited and embraced the program from the George W. Bush administration, moved Thursday to forcefully defend it. White House spokesman Josh Earnest called it "a critical tool in protecting the nation from terror threats." But Sen. Ron Wyden (D., Ore.), said he has warned about the breadth of the program for years, but only obliquely because of classification restrictions. "When law-abiding Americans call their friends, who they call, when they call, and where they call from is private information," he said. "Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans' privacy." In the wake of the Sept. 11 attacks, phone records were collected without a court order as a component of the Bush-era warrantless surveillance program authorized by the 2001 USA Patriot Act, which permitted the collection of business records, former officials said. The ad hoc nature of the NSA program changed after the Bush administration came under criticism for its handling of a separate, warrantless NSA eavesdropping program. President Bush acknowledged its existence in late 2005, calling it the Terrorist Surveillance Program, or TSP. When Democrats retook control of Congress in 2006, promising to investigate the administration's counterterrorism policies, Bush administration officials moved to formalize court oversight of the NSA programs, according to former U.S. officials. Congress in 2006 also made changes to the Patriot Act that made it easier for the government to collect phone-subscriber data under the Foreign Intelligence Surveillance Act. Those changes helped the NSA collection program become institutionalized, rather than one conducted only under the authority of the president, said people familiar with the program. Along with the TSP, the NSA collection of phone company customer data was put under the jurisdiction of a secret court that oversees the Foreign Intelligence Surveillance Act, according to officials. David Kris, a former top national security lawyer at the Justice Department, told a congressional hearing in 2009 that the government first used the so-called business records authority in 2004. At the time he was urging the reauthorization of the business-records provisions, known as Section 215 of the Patriot Act, which Congress later approved. The phone records allow investigators to establish a database used to run queries when there is "reasonable, articulable suspicion" that the records are relevant and related to terrorist activity, Ms. Feinstein said Thursday. Director of National Intelligence James Clapper also issued a defense of the phone data surveillance program, saying it is governed by a "robust legal regime." Under the court order, the data can only "be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization." When the data is searched, all information acquired is "subject to strict restrictions on handling" overseen by the Justice Department and the surveillance court, and the program is reviewed roughly every 90 days, he said. Another U.S. official said less than 1% of the records are accessed. The database allows investigators to "map" individuals connected with that information, said Jeremy Bash, who until recently was chief of staff at the Pentagon and is a former chief counsel to the House Intelligence committee. "We are trying to find a needle in a haystack, and this is the haystack," Mr. Bash said, referring to the database. Sen. Wyden on Thursday questioned whether U.S. officials have been truthful in public descriptions of the program. In March, Mr. Wyden noted, he questioned Mr. Clapper, who said the NSA did not "wittingly" collect any type of data pertaining to millions Americans. Spokesmen for Mr. Clapper didn't respond to requests for comment. For civil libertarians, this week's disclosure of the court authorization for part of the NSA program could offer new avenues for challenges. Federal courts largely have rebuffed efforts that target NSA surveillance programs, in part because no one could prove the information was being collected. The government, under both the Bush and Obama administrations, has successfully used its state-secrets privilege to block such lawsuits. Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said the fact the FISA court record has now become public could give phone-company customers standing to bring a lawsuit. "Now we have a set of people who can show they have been monitored," he said. ?Danny Yadron and Jennifer Valentino-DeVries contributed to this article. Corrections & Amplifications The NSA monitoring program must be approved by a secret U.S. court every three months. An earlier version of this article incorrectly the approval came from Congress. Write to Siobhan Gorman at siobhan.gorman at wsj.com, Evan Perez at evan.perez at wsj.com and Janet Hook at janet.hook at wsj.com A version of this article appeared June 7, 2013, on page A1 in the U.S. edition of The Wall Street Journal, with the headline: U.S. Collects Vast Data Trove. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 17:35:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 18:35:05 -0400 Subject: [Infowarrior] - DOJ Fights Release of Secret Court Opinion Finding Unconstitutional Surveillance Message-ID: Justice Department Fights Release of Secret Court Opinion Finding Unconstitutional Surveillance Government lawyers are trying to keep buried a classified court finding that a domestic spying program went too far. ?By David Corn | Fri Jun. 7, 2013 12:22 PM PDT http://www.motherjones.com/politics/2013/06/justice-department-electronic-frontier-foundation-fisa-court-opinion In the midst of revelations that the government has conducted extensive top-secret surveillance operations to collect domestic phone records and internet communications, the Justice Department was due to file a court motion Friday in its effort to keep secret an 86-page court opinion that determined that the government had violated the spirit of federal surveillance laws and engaged in unconstitutional spying. This important case?all the more relevant in the wake of this week's disclosures?was triggered after Sen. Ron Wyden (D-Ore.), a member of the Senate intelligence committee, started crying foul in 2011 about US government snooping. As a member of the intelligence committee, he had learned about domestic surveillance activity affecting American citizens that he believed was improper. He and Sen. Mark Udall (D-Colo.), another intelligence committee member, raised only vague warnings about this data collection, because they could not reveal the details of the classified program that concerned them. But in July 2012, Wyden was able to get the Office of the Director of National Intelligence to declassify two statements that he wanted to issue publicly. They were: * On at least one occasion the Foreign Intelligence Surveillance Court held that some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment. * I believe that the government's implementation of Section 702 of FISA [the Foreign Intelligence Surveillance Act] has sometimes circumvented the spirit of the law, and on at least one occasion the FISA Court has reached this same conclusion. For those who follow the secret and often complex world of high-tech government spying, this was an aha moment. The FISA court Wyden referred to oversees the surveillance programs run by the government, authorizing requests for various surveillance activities related to national security, and it does this behind a thick cloak of secrecy. Wyden's statements led to an obvious conclusion: He had seen a secret FISA court opinion that ruled that one surveillance program was unconstitutional and violated the spirit of the law. But, yet again, Wyden could not publicly identify this program. "When the government hides court opinions describing unconstitutional government action, America?s national security is harmed," argues the Electronic Frontier Foundation. Enter the Electronic Frontier Foundation, a public interest group focused on digital rights. It quickly filed a Freedom of Information Act request with the Justice Department for any written opinion or order of the FISA court that held government surveillance was improper or unconstitutional. The Justice Department did not respond, and EFF was forced to file a lawsuit a month later. It took the Justice Department four months to reply. The government's lawyers noted that they had located records responsive to the request, including a FISA court opinion. But the department was withholding the opinion because it was classified. EFF pushed ahead with its lawsuit, and in a filing in April, the Justice Department acknowledged that the document in question was an 86-page opinion the FISA court had issued on October 3, 2011. Again, there was no reference to the specific surveillance activity that the court had found improper or unconstitutional. And now the department argued that the opinion was controlled by the FISA court and could only be released by that body, not by the Justice Department or through an order of a federal district court. In other words, leave us alone and take this case to the secret FISA court itself. This was puzzling to EFF, according to David Sobel, a lawyer for the group. In 2007, the American Civil Liberties Union had asked the FISA court to release an opinion, and the court had informed the ACLU to take the matter up with the Justice Department and work through a district court, if necessary. So there was a contradiction within the government. "It's a bizarre catch-22," Sobel says. On its website, EFF compared this situation to a Kafka plot: "A public trapped between conflicting rules and a secret judicial body, with little transparency or public oversight, seems like a page ripped from The Trial." Before EFF could get a ruling on whether this opinion can be declassified and released, it had to first sort out this Alice in Wonderland situation. Consequently, last month, it filed a motion with the FISA court to resolve this aspect of the case. "We want the FISA court to say that if the district court says the opinion should be released, there is noting in its rules that prevents that," Sobel says. Then EFF can resume its battle with the Justice Department in federal district court for the release of the opinion. The Justice Department was ordered by the FISA court to respond by June 7 to the motion EFF submitted to the FISA court. Currently, given the conflicting positions of the Justice Department and the FISA court, Sobel notes, "there is no court you can go to to challenge the secrecy" protecting an opinion noting that the government acted unconstitutionally. On its website, EFF observes, "Granted, it's likely that some of the information contained within FISC opinions should be kept secret; but, when the government hides court opinions describing unconstitutional government action, America's national security is harmed: not by disclosure of our intelligence capabilities, but through the erosion of our commitment to the rule of law." As news reports emerge about the massive phone records and internet surveillance programs?each of which began during the Bush administration and were carried out under congressional oversight and FISA court review?critics on the left and right have accused the government of going too far in sweeping up data, including information related to Americans not suspected of any wrongdoing. There's no telling if the 86-page FISA court opinion EFF seeks is directly related to either of these two programs, but EFF's pursuit of this document shows just how difficult it is?perhaps impossible?for the public to pry from the government information about domestic surveillance gone wrong. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 18:25:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 19:25:21 -0400 Subject: [Infowarrior] - Chinese hacking only part of the story Message-ID: <0BCE4D27-77D7-4661-897E-4CC3A8D55F7D@infowarrior.org> June 7th, 2013 09:10 AM ET Chinese hacking only part of the story http://globalpublicsquare.blogs.cnn.com/2013/06/07/chinese-hacking-only-part-of-the-story/ By Panayotis A. Yannakogeorgos & Adam Lowther, Special to CNN Editor?s note: Panayotis Yannakogeorgos is a research professor of Cyber Policy and Global Affairs at the Air Force Research Institute. Adam Lowther is a non-resident senior fellow at the Center for the National Interest in Washington, DC. The views expressed are their own and do not reflect the official position of the U.S. government, Defense Department, the U.S. Air Force or Air University. ###### China?s hackers have been pretty busy recently, at least if recent media reports are to be believed. In one of the most eye catching revelations, the Washington Post reported that more than two dozen major weapons systems? designs have been breached by hackers, including ?programs critical to U.S. missile defenses and combat aircraft and ships.? Such claims have become commonplace as China has expanded its cyber espionage and intellectual property theft activities over the past decade. Indeed, billions of dollars worth of intellectual property is reported to have been lost to cyber theft. Earlier this year, for example, a Defense Science Board report detailing the general level of cyber theft was released around the same time as security consultancy firm Mandiant alleged that the People?s Liberation Army had created a unit focused on penetrating government and corporate networks in the United States and elsewhere, primarily to steal sensitive industrial and military secrets. So far, such theft has gone unpunished, and many are calling for President Barack Obama to tackle this issue head on at this week?s meeting with Chinese President Xi Jinping. Surely, it is high time for the U.S. government to begin holding nation states responsible for their cyber actions or unwillingness/inability to curtail malicious activity in cyberspace? Yes, it is ? but that?s not the whole story. Unlike the alleged state sponsored corporate espionage that was highlighted in the Mandiant report, the targets in the latest weapons systems case were in the defense industry. Although national security trade secrets can also be commercial trade secrets, under section (a) of 18 USC ? 793 activity targeting this type of intellectual property meets the legal definition of espionage. But is holding only the malicious actor to account sufficient? The real question should be whether the Defense Department should also hold the defense industry accountable for failing to adequately protect sensitive government information. And should software firms be held accountable for selling products rife with vulnerabilities that PLA hackers are then able to exploit? As former Boston Scientific Chief Security Officer Lynne Mattice notes in a forthcoming book: ?Early on in the evolution of software, hardware, and networks people became accustomed to ?computer bugs? and other design flaws that they simply accepted as the norm. Rarely has a single industry benefitted from such a desensitized consumer population which has allowed the producers and manufacturers to skirt responsibility and liability for the flawed products and systems they produce.? Mattice highlights a long-running challenge for the software industry. But it is legendary software engineer Fred P. Brooks who suggests part of the solution: system testing should consume 50 percent of time spent on a complex programming project. Too often, this is not the case, meaning programs are released to consumers with far too many vulnerabilities in the computer code. Software development processes that incorporate a security development lifecycle do exist, but they are not required by federal law. All this has encouraged designers to rush products to market, leaving consumers unaware of costly flaws that make hacking easier and puts sensitive data at risk. For example, according to the National Vulnerability Database, numerous new vulnerabilities or misconfigurations are discovered virtually every day for major software providers. Separating a malicious cyber actor?s intent from the issue of why that actor can achieve success is important. Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration. It is technological vulnerabilities that create the ability for actors to exploit the information system and gain illicit access to sensitive national security secrets, as the previous examples highlight. Yet software and hardware developers are not regulated in the same way as, say, the auto or pharmaceutical industries. The truth is that we should no longer accept a patch/configuration management culture that promotes a laissez-faire approach to cyber security. This is the case for both the public and private sector. Design vulnerabilities have already cost the United States too much in terms of loss of intellectual property and highly classified military secrets. No American would ever purchase a car, home, or washing machine with the expectation that it was in need of repair as soon as it was purchased. Yet as soon as software is loaded onto a computer, consumers expect the software to be broken, requiring patching to eliminate the latest round of vulnerabilities disclosed almost as soon as the program is installed. It is time for application developers to produce software that meets a higher security standard. And it is also time to hold defense contractors accountable for the protection of sensitive government information. While the exact details remain incomplete, it appears that Chinese hackers were successful in breaching the corporate networks of major defense firms, from whom they then stole design information for the F-22 and F-35 fighters, and other weapons systems. Current defense contracts impose insufficient penalties on firms for exercising poor cyber security. President Obama?s February 12, 2013 Executive Order, ?Improving Critical Infrastructure Cybersecurity,? calling for ?feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration? is certainly a step in the right direction. But more is required. The results of the report required by the Executive Order will be a good indicator of future cybersecurity requirements. By holding defense contractors responsible for protecting classified military data, they will be incentivized to undertake more rigorous cyber security efforts. As an example, future National Defense Authorization Acts (NDAA) could go beyond requiring contractors to report cyber intrusions on systems handling national security information. Financial penalties should be written into contracts, while prosecution of accountable parties is necessary to ensure future provisions within NDAA or other legislation are followed. The net result of these suggested changes will be twofold ? there should be less susceptibility to malicious cyber activities, which will in turn improve chances for effective cyber-deterrence by making hacking?s costs greater than its benefits, at least in many cases. Of course, none of this is to suggest that malicious cyber actors shouldn?t be held accountable. In the end, China?s brazen cyber espionage and cyber crimes must be prevented by holding Beijing accountable for its actions. Recent denials by Hong Lei, spokesman for China?s Ministry of Foreign Affairs, should be rejected for the less than candid statements that they are. And President Obama should clearly articulate during his discussions with Xi the administration?s strategy for mitigating the theft of U.S. trade secrets, including highlighting American plans to prevent and punish future state sponsored cyber espionage and crime. But U.S. efforts to curb the theft of sensitive corporate and government information should not end with attempts to hold states responsible for malicious cyber activity originating in or transiting through their territory. It is time to create a culture of cybersecurity, along with appropriate legal frameworks, in which designing secure software and configuring secure networks is seen as important as preserving sensitive and valuable government and private data. We?ll all be a safer that way. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 19:03:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 20:03:23 -0400 Subject: [Infowarrior] - The PRISM spin war has begun Message-ID: <218C0493-2D0A-497A-B75A-5E8BBFD70DD1@infowarrior.org> (c/o Ferg) The PRISM spin war has begun Posted By Elias Groll Friday, June 7, 2013 - 7:15 PM http://blog.foreignpolicy.com/posts/2013/06/07/the_prism_spin_war_has_begun The war over how to spin revelations of the National Security Agency's latest spying program has officially begun. On the heels of media reports that the NSA has gained access to the servers of nine leading tech companies -- enabling the spy agency to examine emails, video, photographs, and other digital communications -- Google has issued a strongly worded statement denying that the company granted the government "direct access" to its servers. That statement goes so far as to say that the company hasn't even heard of "a program called PRISM until yesterday." At first glance, Google's statement is difficult to believe. Senior intelligence officials have confirmed the program's existence, and Google's logo is prominently listed on internal NSA documents describing participating companies. But Google may be engaging in a far more subtle public relations strategy than outright denial. Google's statement hinges on three key points: that it did not provide the government with "direct access" to its servers, that it did not set up a "back door" for the NSA, and that it provides "user data to governments only in accordance with the law." According to Chris Soghoian, a tech expert and privacy researcher at the American Civil Liberties Union, the phrase "direct access" connotes a very specific form of access in the IT-world: unrestricted, unfettered access to information stored on Google servers. In order to run a system such as PRISM, Soghoian explains, such access would not be required, and Google's denial that it provided "direct access" does not necessarily imply that the company is denying having participated in the program. Typically, the only people having "direct access" to the servers of a company like Google would be its engineers. (Facebook's Mark Zuckerberg has issued a similarly worded denial in which he says his company has not granted the government "direct access" to its servers," but his language mirrors Google's denial about direct access.) A similar logic applies to Google's denial that it set up a "back door." According to Soghoian, the phrase "back door" is a term of art that describes a way to access a system that is neither known by the system's owner nor documented. By denying that it set up a back door, Google is not denying that it worked with the NSA to set up a system through which the agency could access the company's data. According to Soghoian, the NSA could have gained access to tech company servers by working with the companies to set up something similar to an API -- a tool these firms use to give developers limited access to company data. Google has denied that an API was used, but that denial doesn't exclude the possibility that a similar tool was used. To protect itself against allegations that it inappropriately compromised user data, Google further notes in its statement that the company provides "user data to governments only in accordance with the law." Despite the outrage directed at the NSA and the Obama administration, PRISM -- as currently described -- is in all likelihood within the bounds of the law. In the aftermath of the 2005 disclosure that the Bush administration had carried out a warrantless wiretapping program, Congress passed the FISA Amendments Act of 2008 and the Protect America Act of 2007. But those laws did not outlaw the kinds of actions carried out by PRISM. As for Google's claim to have never heard of PRISM, would the intelligence officials who reportedly collaborated with Google have used the program's actual codename? The tech companies alleged to have participated in PRISM aren't the only ones who appear to be spinning PRISM to their advantage. On Friday, U.S. government sources told Reuters that PRISM was used to foil a 2009 plot to bomb the New York City subway. In all likelihood, such counter-leaks will continue in the days ahead as intelligence officials try to portray the program as essential to national security. Welcome to the PRISM spin war. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 19:34:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 20:34:55 -0400 Subject: [Infowarrior] - Rand Paul op-ed on privacy and the law Message-ID: NSA's Verizon surveillance: how the White House tramples our constitution ? Rand Paul ? The Guardian, Thursday 6 June 2013 ? Jump to comments (307) http://www.guardian.co.uk/commentisfree/2013/jun/07/nsa-verizon-surveillance-constitution In December 2007, then-Senator Barack Obama joined then-Senator Chris Dodd in threatening to filibuster the Foreign Intelligence Surveillance Act (Fisa). Senator Obama opposed provisions granting retroactive immunity to telecommunications companies that shared private client information with the government. His office released a statement: "Granting such immunity undermines the constitutional protections Americans trust the Congress to protect. Senator Obama supports a filibuster of this bill ?" Senator Obama was right. Had I been in the Senate, I would've voted with him. I've even filibustered myself over civil liberties issues I believe are important. Later, supporting an amendment that he believed repealed retroactive immunity from Fisa, Senator Obama said in February 2008: "We can give our intelligence and law enforcement community the powers they need to track down and take out terrorists without undermining our commitment to the rule of law, or our basic rights and liberties." Senator Obama in 2007 was rightly concerned that telecommunications companies might get away with sharing clients' private information without legal scrutiny. This week, we learned that the president's National Security Agency compelled Verizon to hand over all of its client data records. Senator Obama in 2008 wanted to track potential terrorist activity "without undermining our commitment to the rule of law, or our basic rights and liberties". Today, President Obama undermines the rule of law, basic rights and core liberties ? all in the name of tracking terrorists. There is always a balance between security and liberty and the American tradition has long been to err on the side of liberty. America's founders feared a government powerful enough to commit unreasonable searches and seizures and crafted a constitution designed to protect citizens' privacy. Under this administration, the Internal Revenue Service (IRS) has targeted political dissidents, the Department of Justice has seized reporters' phone records, and now we've learned the NSA seized an unlimited amount of Verizon's client data. Just when you think it can't get any worse under this president, it does. This is an all-out assault on the constitution. These actions are unacceptable under any president, Democrat or Republican. I can remember well a Senator Obama who joined the Democratic chorus against the warrantless wiretapping of the Bush administration. Now, that chorus has gone mute. The Guardian's Glenn Greenwald has noted what he sees as "a defining attribute of the Obama legacy: the transformation of what was until recently a symbol of rightwing radicalism ? warrantless eavesdropping ? into meekly accepted bipartisan consensus." Not every Republican or Democrat is part of that consensus. When the Senate rushed through a last-minute extension of the Fisa Amendments Act over the holidays late last year, Senator Mike Lee (Republican, Utah) and I offered an amendment requiring stronger protections on business records that would've prohibited precisely the kind of data-mining the Verizon case has revealed. Senator Ron Wyden (Democrat, Oregon) introduced an amendment to require estimates from intelligence agencies of how many Americans were being surveilled. Both these measures were voted down. Just last month, I introduced the Fourth Amendment Preservation and Protection Act, which if enacted would've protected Americans from exactly the kind of abuses we've seen recently. It was also voted down. On Thursday, I announced my Fourth Amendment Restoration Act of 2013, which ensures that no government agency can search the phone records of Americans without a warrant based on probable cause. We shall see how many join me in supporting a part of the Bill of Rights that everyone in Congress already took an oath to uphold. If the president and Congress would simply obey the fourth amendment, this new shocking revelation that the government is now spying on citizens' phone data en masse would never have happened. That I have to keep reintroducing the fourth amendment ? and that a majority of senators keep voting against it ? is a good reflection of the arrogance that dominates Washington. During my filibuster, I quoted Glenn Greenwald, who wrote: "There is a theoretical framework being built that posits that the US government has unlimited power. When it comes to any kind of threats it perceives, it makes the judgment to take whatever action against them that it warrants without any constraints or limitations of any kind." If the seizure and surveillance of Americans' phone records ? across the board and with little to no discrimination ? is now considered a legitimate security precaution, there is literally no protection of any kind guaranteed anymore to American citizens. In their actions, more outrageous and numerous by the day, this administration continues to treat the US constitution as a dead letter. Senator Obama said of President Bush and Fisa in 2008: "We must reaffirm that no one in this country is above the law." No one in America should be above the law. Including this president. From rforno at infowarrior.org Fri Jun 7 19:43:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 20:43:10 -0400 Subject: [Infowarrior] - Udall, Wyden Question the Value, Efficacy of Phone Records Collection in Stopping Attacks Message-ID: <321D48B4-30AE-48C0-9C7A-60A42F69C87A@infowarrior.org> Udall, Wyden Question the Value, Efficacy of Phone Records Collection in Stopping Attacks Posted: Friday, June 7, 2013 http://www.markudall.senate.gov/?p=press_release&id=3479 Senators Mark Udall and Ron Wyden, who both serve on the U.S. Senate Select Committee on Intelligence, issued the following joint statement refuting claims that phone record collection by the intelligence community has thwarted attacks against the United States: In our capacity as members of the Senate Select Committee on Intelligence, we have spent years examining the intelligence collection operations that have been secretly authorized under the USA Patriot Act. Based on this experience, we respectfully but firmly disagree with the way that this program has been described by senior administration officials. After years of review, we believe statements that this very broad Patriot Act collection has been "a critical tool in protecting the nation" do not appear to hold up under close scrutiny. We remain unconvinced that the secret Patriot Act collection has actually provided any uniquely valuable intelligence. As far as we can see, all of the useful information that it has provided appears to have also been available through other collection methods that do not violate the privacy of law-abiding Americans in the way that the Patriot Act collection does. We hope that President Obama will probe the basis for these assertions, as we have. We also disagree with the statement that the broad Patriot Act collection strikes the "right balance" between protecting American security and protecting Americans' privacy. In our view it does not. When Americans call their friends and family, whom they call, when they call, and where they call from is private information. We believe the large-scale collection of this information by the government has a very significant impact on Americans' privacy, whether senior government officials recognize that fact or not. Finally, we have long been concerned about the degree to which this collection has relied on "secret law." Senior administration officials have stated on multiple occasions that the Patriot Act?s "business records" authority is "analogous to a grand jury subpoena." And multiple senior officials have stated that US intelligence agencies do not collect information or dossiers on "millions of Americans." We appreciate the recent statement from the Director of National Intelligence, which declassified certain facts about this collection, including its breadth. Now that the fact of bulk collection has been declassified, we believe that more information about the scale of the collection, and specifically whether it involves the records of "millions of Americans" should be declassified as well. The American people must be given the opportunity to evaluate the facts about this program and its broad scope for themselves, so that this debate can begin in earnest. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 7 21:31:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jun 2013 22:31:45 -0400 Subject: [Infowarrior] - Comparing Two Secret Surveillance Programs Message-ID: Comparing Two Secret Surveillance Programs http://www.nytimes.com/interactive/2013/06/07/us/comparing-two-secret-surveillance-programs.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:12:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:12:42 -0400 Subject: [Infowarrior] - Tech Companies Concede to Surveillance Program Message-ID: <735C17E4-F67B-4FDB-AB1E-345E82A62194@infowarrior.org> http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html Tech Companies Concede to Surveillance Program By CLAIRE CAIN MILLER Published: June 7, 2013 SAN FRANCISCO ? When government officials came to Silicon Valley to demand easier ways for the world?s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit. Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so. The negotiations shed a light on how Internet companies, increasingly at the center of people?s personal lives, interact with the spy agencies that look to their vast trove of information ? e-mails, videos, online chats, photos and search queries ? for intelligence. They illustrate how intricately the government and tech companies work together, and the depth of their behind-the-scenes transactions. The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; Facebook; AOL; Apple; and Paltalk, according to one of the people briefed on the discussions. The companies were legally required to share the data under the Foreign Intelligence Surveillance Act. People briefed on the discussions spoke on the condition of anonymity because they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence. In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said. The negotiations have continued in recent months, as Martin E. Dempsey, chairman of the Joint Chiefs of Staff, traveled to Silicon Valley to meet with executives including those at Facebook, Microsoft, Google and Intel. Though the official purpose of those meetings was to discuss the future of the Internet, the conversations also touched on how the companies would collaborate with the government in its intelligence-gathering efforts, said a person who attended. While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not, which is why Twitter could decline to do so. Details on the discussions help explain the disparity between initial descriptions of the government program and the companies? responses. Each of the nine companies said it had no knowledge of a government program providing officials with access to its servers, and drew a bright line between giving the government wholesale access to its servers to collect user data and giving them specific data in response to individual court orders. Each said it did not provide the government with full, indiscriminate access to its servers. The companies said they do, however, comply with individual court orders, including under FISA. The negotiations, and the technical systems for sharing data with the government, fit in that category because they involve access to data under individual FISA requests. And in some cases, the data is transmitted to the government electronically, using a company?s servers. ?The U.S. government does not have direct access or a ?back door? to the information stored in our data centers,? Google?s chief executive, Larry Page, and its chief legal officer, David Drummond, said in a statement on Friday. ?We provide user data to governments only in accordance with the law.? Statements from Microsoft, Yahoo, Facebook, Apple, AOL and Paltalk made the same distinction. But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said. The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data. Tech companies might have also denied knowledge of the full scope of cooperation with national security officials because employees whose job it is to comply with FISA requests are not allowed to discuss the details even with others at the company, and in some cases have national security clearance, according to both a former senior government official and a lawyer representing a technology company. FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before. In one recent instance, the National Security Agency sent an agent to a tech company?s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company?s server and remained at the site for several weeks to download data to an agency laptop. In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally. Twitter spokesmen did not respond to questions about the government requests, but said in general of the company?s philosophy toward information requests: Users ?have a right to fight invalid government requests, and we stand with them in that fight.? Twitter, Google and other companies have typically fought aggressively against requests they believe reach too far. Google, Microsoft and Twitter publish transparency reports detailing government requests for information, but these reports do not include FISA requests because they are not allowed to acknowledge them. Yet since tech companies? cooperation with the government was revealed Thursday, tech executives have been performing a familiar dance, expressing outrage at the extent of the government?s power to access personal data and calling for more transparency, while at the same time heaping praise upon the president as he visited Silicon Valley. Even as the White House scrambled to defend its online surveillance, President Obama was mingling with donors at the Silicon Valley home of Mike McCue, Flipboard?s chief, eating dinner at the opulent home of Vinod Khosla, the venture capitalist, and cracking jokes about Mr. Khosla?s big, shaggy dogs. On Friday, Mark Zuckerberg, Facebook?s chief executive, posted on Facebook a call for more government transparency. ?It?s the only way to protect everyone?s civil liberties and create the safe and free society we all want over the long term,? he wrote. Reporting was contributed by Nick Bilton, Vindu Goel, Nicole Perlroth and Somini Sengupta in San Francisco; Edward Wyatt in Washington; Brian X. Chen and Leslie Kaufman in New York; and Nick Wingfield in Seattle. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:19:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:19:30 -0400 Subject: [Infowarrior] - Obama To Launch Criminal Probe Into NSA Leaks Message-ID: Shoot The PRISM-Gate Messenger: Obama To Launch Criminal Probe Into NSA Leaks Submitted by Tyler Durden on 06/07/2013 21:29 -0400 http://www.zerohedge.com/news/2013-06-07/shoot-prism-gate-messenger-obama-launch-criminal-probe-nsa-leaks Suddenly embroiled in too many scandals to even list, and humiliated by a publicly-exposed (because everyone knew about the NSA superspy ambitions before, but with one major difference: it was a conspiracy theory.... now it is a conspiracy fact) surveillance scandal that makes Tricky Dick look like an amateur, earlier today, as expected, Obama came out and publicly declared "I am not a hacker" and mumbled something about "security", "privacy" and "inconvenience." He went on to explain how the government "welcomes the debate" of all three in the aftermath of the public disclosure that every form of electronic communication is intercepted and stored by the US government (now that said interception is no longer secret, of course) but more importantly how it is only the government, which is naturally here to help, that should be the ultimate arbiter in deciding what is best for all. Yet the PRISM-gate scandal which is sure to only get worse with time as Americans slowly realize they are living in a Orwellian police state, meant Obama would have to do more to appease a public so furious even the NYT issued a scathing editorial lamenting the obliteration of Obama's credibility. Sure enough, the president did. Reuters reports that the first course of action by the US government will be to... shoot the messenger. Reuters reports that "President Barack Obama's administration is likely to open a criminal investigation into the leaking of highly classified documents that revealed the secret surveillance of Americans' telephone and email traffic, U.S. officials said on Friday." And how did Reuters learn this: from "law enforcement and security officials who were not authorized to speak publicly." The mimetic absurdity of the narrative is just too surreal to even contemplate for more than a minute before bursting out in laughter: the administration's plans to launch criminal charges against those who "leaked" its Nixonian espionage masterplan involving every US (and world) citizen using the Internet, revealed by another group of sources leaking in secret. Pure poetry. Of course, this was inevitable - once you start down the path of a totalitarian surveillance superstate, you don't stop until all dissent is crushed: either peacefully through submission to debt serfdom, or, well, not so peacefully. < -- > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:22:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:22:05 -0400 Subject: [Infowarrior] - China agrees to cyber framework Message-ID: <0180F3DD-C8F4-4034-A25D-A65F8714EA3F@infowarrior.org> Obama begins summit with Xi as China agrees to cyber framework By Philip Rucker and Ellen Nakashima http://www.washingtonpost.com/politics/obama-begins-summit-with-xi-as-china-agrees-to-cyber-framework/2013/06/07/57765828-cf99-11e2-8845-d970ccb04497_print.html RANCHO MIRAGE, Calif. ? Describing cybersecurity concerns as ?uncharted waters,? President Obama said during a meeting here late Friday with Chinese President Xi Jinping that their two countries must arrive at a ?firm understanding? of how to regulate cyberattacks and computer hacking. Following three hours of private meetings at the start of a relaxed two-day summit at an expansive California desert retreat, Obama said he and Xi so far had discussed cybersecurity only ?at the 40,000-foot level.? Although U.S. officials have grown increasingly concerned about China?s hacking of private records of American companies, both Obama and Xi, publicly at least, stopped short of directly confronting the contentious issue. When a U.S. journalist pressed Xi on the cyber-spying, the Chinese leader asserted that China, too, is a victim of such attacks ? and he faulted the news media with leaving what he considers a misleading impression that the threat comes mostly from China. Xi pledged to resolve concerns with the United States ?in a pragmatic way.? As Obama and Xi?s high-stakes talks got underway Friday, the State Department announced that China had agreed with the United States, Russia and other major nations that international law applies to actions that states take in cyberspace ? a significant step toward ensuring that civilians and civilian systems such as energy grids are not targeted in cyberattacks. China?s agreement at the United Nations culminates a multiyear effort by 15 countries to reduce tensions in cyberspace and comes amid growing concerns of top U.S. officials about China?s hacking into the private records of U.S. corporations and American institutions. Here in California, Obama and Xi also began discussing several other issues that are sensitive for the Chinese that have bedeviled U.S. and Chinese leaders for years, including human rights, climate change and North Korea?s nuclear provocations. Obama is seeking to cultivate a personal relationship with Xi, China?s newly minted leader, inviting him to a friendly, so-called shirt sleeves summit at Sunnylands, an historic 200-acre estate in this golf resort destination on the edge of the Mojave Desert. Relieved of the diplomatic pageantry that comes with a formal state visit, Obama hopes this get-to-know-each-other session might smooth the sometimes volatile relationship between the United States and the rising Asian power. As temperatures reached 115 degrees on Friday, Obama and Xi ? each wearing an open-collared white shirt and suit coat but no tie and flanked by senior officials in his government ? exchanged warm words. Xi, speaking through a translator, said he hopes the talks might ?chart the future of China-U.S. relations.? He posited that the ?Chinese dream? of economic prosperity and national renewal is connected to the ?American dream.? Obama, meanwhile, promised a ?new model of cooperation? between the rival nations. ?The United States welcomes the continuing peaceful rise of China as a world power,? Obama said, a line he later repeated. On climate change, Obama said, ?that?s an issue we?ll have to deal with together.? And on cybersecurity, Obama said he hoped to delve deeper into a discussion of the issue at a private dinner Friday night. ?In some ways these are uncharted waters and you don?t have the kinds of protocols that cover military issues, for example, and arms issues, where nations have a lot of experience in trying to negotiate what?s acceptable and what?s not,? Obama said. He added, ?It?s critical, as two of the largest economies and military powers in the world, that China and the United States arrives at a firm understanding of how we work together on these issues.? Separately, the consensus China reached with the United States and several other nations paves the way for deeper international discussions about how the principles of international law should apply in this emerging realm of cyberspace warfare. State Department spokeswoman Jen Psaki said in a statement Friday evening that the agreement ?sends a strong signal: states must act in cyberspace under the established international rules and principles that have guided their actions for decades ? in peacetime and during conflict.? The agreement is not binding, but is a major achievement given China?s earlier reluctance to affirm the idea that international law governs actions in cyberspace, just as it does in traditional warfare. ?The Chinese really didn?t have any choice but to agree because they couldn?t afford to derail the agreement right before the summit,? said James A. Lewis, a rapporteur hired by the United Nations to draft the agreement. The agreement is significant, too, in that Russia, China, the United States and other major allies agreed for the first time on a framework for rules on cyber-conflict, said Lewis, who is a cyber policy expert at the Center for Strategic and International Studies. Here at Sunnylands, Obama, sitting across from Xi, acknowledged that ?inevitably there are areas of tension between our countries.? Obama pointed to the global economy as one such area, saying the United States ?seeks an international economic order where nations are playing by the same rules, where trade is free and fair and where the United States and China work together to address issues like cybersecurity and protection of intellectual property.? Xi, who took office in March, immediately assumed control of China?s presidency, the military and the Communist Party. Obama, Vice President Biden and his foreign policy advisers have been cultivating Xi for two years and are encouraged by what they see in him so far. ?I think that both of us agree that continuous and candid and constructive conversation and communication is critically important to shaping our relationship for years to come,? Obama said. Xi, who declared the Sunnylands summit ?a new historical starting point? after China and the United States reopened diplomatic relations 40 years ago, spoke of his country as a global super power now on par with the United States. ?How can our two nations join together to promote peace and development in the world?? Xi asked. ?These are things that not just the people in our two countries are watching closely, but the whole world is also watching very closely. ? We need to think creatively and act energetically so that working together we can build a new model of major country relationship.? Nakashima reported from Washington. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:27:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:27:50 -0400 Subject: [Infowarrior] - With troops and techies, U.S. prepares for cyber warfare Message-ID: <1AB27A37-B548-4D32-934A-580C982ABA20@infowarrior.org> With troops and techies, U.S. prepares for cyber warfare By Warren Strobel and Deborah Charles WASHINGTON | Fri Jun 7, 2013 3:11am EDT http://www.reuters.com/article/2013/06/07/us-usa-cyberwar-idUSBRE95608D20130607 (Reuters) - On the site of a former military golf course where President Dwight Eisenhower once played, the future of U.S. warfare is rising in the shape of the new $358 million headquarters for the military's Cyber Command. The command, based at Fort Meade, Maryland, about 25 miles north of Washington, is rushing to add between 3,000 and 4,000 new cyber warriors under its wing by late 2015, more than quadrupling its size. Most of Cyber Command's new troops will focus on defense, detecting and stopping computer penetrations of military and other critical networks by America's adversaries like China, Iran or North Korea. But there is an increasing focus on offense as military commanders beef up plans to execute cyber strikes or switch to attack mode if the nation comes under electronic assault. "We're going to train them to the highest standard we can," Army General Keith Alexander, head of Cyber Command, told the Reuters Cybersecurity Summit last month. "And not just on defense, but on both sides. You've got to have that." Officials and experts have warned for years that U.S. computer networks are falling prey to espionage, intellectual property theft and disruption from nations such as China and Russia, as well as hackers and criminal groups. President Barack Obama will bring up allegations of Chinese hacking when he meets President Xi Jinping at a summit in California beginning on Friday - charges that Beijing has denied. The Pentagon has accused China of using cyber espionage to modernize its military and a recent report said Chinese hackers had gained access to the designs of more than two dozen major U.S. weapons systems in recent years. Earlier this year, U.S. computer security company Mandiant said a secretive Chinese military unit was probably behind a series of hacking attacks that had stolen data from 100 U.S. companies. There is a growing fear that cyber threats will escalate from mainly espionage and disruptive activities to far more catastrophic attacks that destroy or severely degrade military systems, power grids, financial networks and air travel. Now, the United States is redoubling its preparations to strike back if attacked, and is making cyber warfare an integral part of future military campaigns. Experts and former officials say the United States is among the best - if not the best - in the world at penetrating adversaries' computer networks and, if necessary, inserting viruses or other digital weapons. Washington might say it will only strike back if attacked, but other countries disagree, pointing to the "Stuxnet" virus. Developed jointly by the U.S. government and Israel, current and former U.S. officials told Reuters last year, Stuxnet was highly sophisticated and damaged nuclear enrichment centrifuges at Iran's Natanz facility. NEW RULES OF ENGAGEMENT U.S. government officials frequently discuss America's cyber vulnerabilities in public. By contrast, details about U.S. offensive cyberwarfare capabilities and operations are almost all classified. Possible U.S. offensive cyber attacks could range from invading other nations' command and control networks to disrupting military communications or air defenses - or even putting up decoy radar screens on an enemy's computers to prevent U.S. aircraft from being detected in its airspace. The shift toward a greater reliance on offense is an important one for a nation which has mostly been cautious about wading into the uncertain arena of cyberwar - in part because gaps in U.S. cybersecurity make it vulnerable to retaliation. But former Homeland Security Secretary Michael Chertoff said the United States must be ready and should articulate - soon - what level of cyber aggression would be seen as an act of war, bringing a U.S. response. "One of the things the military learned, going back to 9/11, is whether you have a doctrine or not, if something really bad happens you're going to be ordered to do something," he told the Reuters summit. "So you better have the capability and the plan to execute." Reuters has learned that new Pentagon rules of engagement, detailing what actions military commanders can take to defend against cyber attacks, have been finalized after a year of "hard core" debate. The classified rules await Defense Secretary Chuck Hagel's signature, a senior defense official said. The official would not give details of the rules but said, "they will cover who has the authority to do specific actions if the nation is attacked." 'A FRAGILE CAPABILITY' At Cyber Command, military officers in crisp uniforms mix with technical experts in T-shirts as the armed forces takes up the challenge of how to fend off cyber penetrations from individuals or rival countries. Even as overall U.S. defense spending gets chopped in President Barack Obama's proposed 2014 budget, cyber spending would grow by $800 million, to $4.7 billion while overall Pentagon spending is cut by $3.9 billion. Until its new headquarters is ready, Cyber Command shares a home with the U.S. National Security Agency (NSA), which for 60 years has used technological wizardry to crack foreign codes and eavesdrop on adversaries while blocking others from doing the same to the United States. Alexander heads both agencies. "The greatest concentration of cyber power in this planet is at the intersection of the Baltimore-Washington Parkway and Maryland Route 32," said retired General Michael Hayden, a former CIA and NSA director, referring to NSA's Fort Meade location. But NSA's role in helping protect civilian, government and private networks has been controversial - and is likely to come under greater scrutiny with this week's revelation that it has been collecting telephone records of millions of Verizon Communications customers under a secret court order. A January report by the Pentagon's Defense Science Board gave a general picture of how the United States might exploit and then attack an adversary's computer systems. In some cases, U.S. intelligence might already have gained access for spying, the report said. From there, Cyber Command "may desire to develop an order of battle plan against that target" and would require deeper access, "down to the terminal or device level in order to support attack plans," it said. Because gaining access to an enemy's computers for sustained periods without detection is not easy, "offensive cyber will always be a fragile capability," it said. In cyberspace, reconnaissance of foreign networks is "almost always harder than the attack" itself because the challenging part is finding a way into a network and staying undetected, said Hayden, now with the Chertoff Group consulting firm. PURPLE HAIR AND JEANS Cyber Command's new Joint Operations Center, due to be complete in 2018, will pull disparate units together and house 650 personnel, officials said. Air Force, Army, Navy and Marine Corps components will be nearby and, a former U.S. intelligence official said, the complex will have power and cooling to handle its massive computing needs. Those who have worked at Cyber Command say the atmosphere is a mixture of intensity and geek-style creativity. Military precision is present, but it is not unusual to see young civilian computer whiz kids with purple hair, a tie-dyed shirt and blue jeans. "It's made to be a fun environment for them. These are people who are invested and want to serve their nation. But there is some military rigor and structure around all that - like a wrapper," said Doug Steelman, who was director of Network Defense at Cyber Command until 2011 and is now Chief Information Security Officer at Dell SecureWorks. Cyber Command's growth and expanding mission come with serious challenges and questions. For example, how to prevent U.S. military action in cyberspace from also damaging civilian facilities in the target country, such as a hospital that shares an electric grid or computer network with a military base? And some doubt that the military can train many cyber warriors quickly enough. Alexander has identified that as his biggest challenge. The former intelligence official said Cyber Command's new teams won't be fully ready until at least 2016 due to military bureaucracy and because it takes time to pull together people with the special skills needed. "To be a good cyber warrior, you have to be thinking, ?How is the attacker discovering what I'm doing? How are they working around it?' ... Cyber security really is a cat and mouse game," said Raphael Mudge, a private cybersecurity expert and Air Force reservist. "That kind of thinking can't be taught. It has to be nurtured. There are too few who can do that." Would-be cyber warriors go through extensive training, which can take years. A recruit with proven aptitude will be sent to courses such as the Navy-led Joint Cyber Analysis Course in Pensacola, Florida, a 6-month intensive training program. The top 10 percent of JCAC's students will be selected for advanced cyber operations training, said Greg Dixon, a vice president at private KEYW Corp, which conducts intensive training classes. The company can train a JCAC graduate to become an analyst in five weeks, but it takes 20 weeks to become a cyber operator. Dixon would not divulge what an operator would be capable of doing after graduation, but said it would be "a lot." "They're going to pick the cream of the crop for the 'full spectrum cyber missions'," the former U.S. intelligence official said, using a euphemism for cyber offense. Before a future cyber warrior can begin advanced training, he or she has to pass through the arduous security clearance process, which can take six to nine months for personnel who are not already cleared. Troops earmarked for cyber warfare have found themselves washing floors, mowing lawns and painting at military installations as they bide time waiting for a clearance. There is the concern about retaliation for a U.S. cyber attack. Some analysts say Iran increased its cyber capabilities after being infected with Stuxnet, which was revealed in 2010. "The old saying, he who lives in a glass house should be careful of throwing stones ... but if the stone that you threw at someone, when you live in a glass house, is a stone that in some way they could pick back up and throw back at you, that's an even dumber idea," the defense official said. "We definitely think about that as one aspect of considering action." (Reporting by Warren Strobel and Deborah Charles; Additional reporting by Andrea Shalal-Esa and Phil Stewart; Editing by Alistair Bell and Tim Dobbyn) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:29:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:29:38 -0400 Subject: [Infowarrior] - Warner Fining File-Sharers Who Use Non Six-Strike ISPs Message-ID: <804EF49A-9F69-4279-B129-3D67272E9649@infowarrior.org> Warner Bros: We?re Fining File-Sharers Who Use Non Six-Strike ISPs ? Andy ? June 7, 2013 http://torrentfreak.com/warner-bros-were-fining-file-sharers-who-use-non-six-strike-isps-130607/ Customers of ISPs not involved in the so-called ?Six Strikes? anti-piracy scheme in the United States might be under the impression that warning notices are something they can avoid. However, TorrentFreak has learned that Warner Bros. are specifically targeting users of non-participating ISPs not only with warnings, but also with fines to settle the alleged copyright infringements. After much preparation the MPAA and RIAA teamed up with U.S. Internet providers this February to launch their so-called ?six strikes? anti-piracy notification system. AT&T, Cablevision, Comcast, Time Warner Cable and Verizon are all on board but countless other ISPs either weren?t asked to join or decided not to participate in the project. Needless to say, customers of ISPs such as Charter, CenturyLink and Cox have been comfortable that the entertainment companies won?t be sending warnings to them. Today they will have to think again. It is not unusual for customers of any ISP to receive copyright infringement notices via email, in fact they are legally obliged to forward them at rightsholders? request. However, in recent weeks there have been reports of customers of non-participating ISPs receiving DMCA notices with a special twist. ?Your ISP has forwarded you this notice. This is not spam. Your ISP account has been used to download, upload or offer for upload copyrighted content in a manner that infringes on the rights of the copyright owner. Your ISP service could be suspended if this matter is not resolved. You could be liable for up to $150,000 per infringement in civil penalties,? the notices begin. What follows next is not a ?strike?, but an offer of cash settlement to make any nasty legal proceedings go away. ?If you click on the link below and login to the Rightscorp, Inc. automated settlement system, for $20 per infringement, you will receive a legal release from the copyright owner,? the notice adds. TorrentFreak has reported on Rightscorp?s activities before 1, 2. The company is not operating a scam, even if some people do find their activities unsavory. However, what really piqued our interest are claims that Warner Bros., a company involved in the six-strikes campaign, are also working with Rightscorp on these cash settlement schemes. So we asked the studio if the reports are true. ?Yes. Warner Bros. is working with Digital Rights Corp on a test ISP/subscriber notification program to many ISPs that are not participating in the Copyright Alert System,? a Warner spokesman told TorrentFreak. Although not mentioned specifically, the company said that the warnings being sent by Digital Rights Corp are for content that is already available through various authorized channels. ?The notices inform consumers that our content is readily available legitimately through multiple channels, including electronic sell through and video-on-demand services,? Warner add. ?The notices give consumers an opportunity to settle the identified infringement for a very nominal sum of $20 per title infringed?not as a measure of damage, but as a concrete reminder that our content has value and as a discouragement of future unauthorized activity.? The warnings and demands for settlement are being tagged onto the end of regular DMCA notices and forwarded by ISPs. What this means is that although Warner and Rights Corp are managing to get a message to an account holder, they have absolutely no idea who that alleged infringer is. This means that if the account holder refuses to pay, it?s almost certain that no further action will be taken. Some people, however, do pay. This post on Reddit details a case where an account holder paid Rights Corp $20.00 for an infringement of Warner copyrights but discovered that the matter was far from over. After the initial payment, Rights Corp matched the notified (and settled) infringement with two others already on file. Since the guy had filled in his phone number, the company then called him up and asked for another $40.00 to clear his file. TorrentFreak has discovered a few instances of these cash settlement demands, including the one above, which were sent by Charter Communications. It?s worth noting that while Warner stood by their actions and gave a statement, Charter failed to respond to multiple emails requesting comment. Have you received a Rights Corp notice? If so, please forward them to the usual address in complete confidence. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:38:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:38:17 -0400 Subject: [Infowarrior] - Humour: Roll your own PRISM denial notice Message-ID: <92DD4EB0-9E93-4A38-AEE0-211E73E5AAB0@infowarrior.org> Your company's one-stop PRISM involvement denial statement generator. http://colingourlay.github.io/deny-prism/?company= --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 07:40:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 08:40:25 -0400 Subject: [Infowarrior] - Bloomberg Editors: Silicon Valley Joins the Surveillance State Message-ID: Silicon Valley Joins the Surveillance State By the Editors Jun 7, 2013 3:03 PM ET http://www.bloomberg.com/news/2013-06-07/silicon-valley-joins-the-surveillance-state.html ?Nobody is listening to your telephone calls,? President Barack Obama said today. Honestly, we didn?t think anyone was. If he intended to be reassuring, his words had the opposite effect. The president?s remarks in defense of the government?s vast electronic surveillance programs help explain why U.S. citizens -- and, not incidentally, U.S. businesses -- should be so unnerved by them. The first point is that we don?t necessarily know what is happening. According to the Washington Post and the Guardian newspaper, the National Security Agency and the Federal Bureau of Investigation are sifting through vast amounts of data -- including audio, video, e-mail, photographs, documents and much else -- produced by nine U.S. technology companies. The program, code-named Prism, allegedly spied on content being shared by foreign users. Such programs -- in addition to Prism there is the vast effort, also revealed this week, to collect phone data from Verizon Communications Inc. customers -- naturally raise questions about the proper balance between privacy and security. ?When you actually look at the details, then I think we?ve struck the right balance,? the president said today. OK, fine: So how about some details? Congress -- where fear of being labeled weak on terrorism affords the security-industrial complex a supine majority -- must rediscover its national-security prerogatives. It shouldn?t be too hard. The 2011 vote to extend provisions of the Patriot Act produced 153 nays in the House and 23 in the Senate. That?s a skeptical base on which to build effective oversight. Senators Ron Wyden of Oregon and Mark Udall of Colorado, both Democrats, offered an amendment to the 2011 reauthorization that would have compelled the attorney general to ?publicly disclose the United States Government?s official interpretation of the USA Patriot Act.? Understanding how the government interprets the law is prerequisite for this debate. Let?s get that on the record, then see where the discussion leads. At the very least the public debate should be routed through the intelligence committees in the House and Senate. It is no longer enough for them to give vague blessings to government spying. They should issue annual, unclassified reports certifying that they have reviewed secret government programs and they endorse their basis in law and their validity on national-security grounds. The reports should include minority dissents. The public needn?t see secrets; we do need to know more about how Congress is scrutinizing the process. Aside from concerns about privacy and government power, Prism is also cause for economic anxiety. The companies reportedly compliant with the NSA?s snooping look like a Who?s Who of 21st-century American innovation: Apple Inc., Yahoo! Inc., Google Inc., Microsoft Corp. and Facebook Inc. all joined the party. The companies involved have been offering carefully worded denials, but even hints of acquiescence in this program should be cause for deep worry from a business perspective. Foreign governments, already inclined to protect homegrown technology businesses, might find such surveillance a convenient excuse to increase regulatory or antitrust pressure on Silicon Valley hegemons. More legitimately, they might also want to protect their citizens and businesses from foreign espionage. And they?d be right to: Spying on foreign citizens is the explicit justification offered for this program by U.S. Director of National Intelligence James Clapper. If these companies are soon subjected to far more onerous privacy provisions in foreign countries, they shouldn?t be surprised in the least. There?s some indication the program may have violated European Union privacy rules. International users of such services might be at ease with sharing their photos and videos with family and friends. Sharing them with Uncle Sam, however, is a different matter entirely. That?s not to say that these revelations alone will lead to a global revolt against Facebook. But combined with Facebook?s penchant for violating user privacy, some people may start looking at competing services that do a better job of protecting their data -- and that aren?t known to be bugged by the U.S. intelligence community. It may not be realistic to have expected these companies to decline the government?s invitation to help it spy (although Apple appears to have resisted for several years). But they had to have known the potential for controversy. In a 2009 debate on Patriot Act provisions, Democratic Senator Dick Durbin of Illinois predicted the program would run into trouble. ?Someday the cloak will be lifted, and future generations will ask whether our actions today meet the test of a democratic society -- transparency, accountability and fidelity to the rule of law and our Constitution,? he said. Durbin was prescient, but his timing was off. His questions aren?t for future generations -- they?re for us. To contact the Bloomberg View editorial board: view at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 08:30:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 09:30:50 -0400 Subject: [Infowarrior] - This Is Your Brain on Coffee Message-ID: June 6, 2013, 12:01 am This Is Your Brain on Coffee By GRETCHEN REYNOLDS http://well.blogs.nytimes.com/2013/06/06/this-is-your-brain-on-coffee/ This column appears in the June 9 issue of The New York Times Magazine. For hundreds of years, coffee has been one of the two or three most popular beverages on earth. But it?s only recently that scientists are figuring out that the drink has notable health benefits. In one large-scale epidemiological study from last year, researchers primarily at the National Cancer Institute parsed health information from more than 400,000 volunteers, ages 50 to 71, who were free of major diseases at the study?s start in 1995. By 2008, more than 50,000 of the participants had died. But men who reported drinking two or three cups of coffee a day were 10 percent less likely to have died than those who didn?t drink coffee, while women drinking the same amount had 13 percent less risk of dying during the study. It?s not clear exactly what coffee had to do with their longevity, but the correlation is striking. Other recent studies have linked moderate coffee drinking ? the equivalent of three or four 5-ounce cups of coffee a day or a single venti-size Starbucks ? with more specific advantages: a reduction in the risk of developing Type 2 diabetes, basal cell carcinoma (the most common skin cancer), prostate cancer, oral cancer and breast cancer recurrence. Perhaps most consequential, animal experiments show that caffeine may reshape the biochemical environment inside our brains in ways that could stave off dementia. In a 2012 experiment at the University of Illinois at Urbana-Champaign, mice were briefly starved of oxygen, causing them to lose the ability to form memories. Half of the mice received a dose of caffeine that was the equivalent of several cups of coffee. After they were reoxygenated, the caffeinated mice regained their ability to form new memories 33 percent faster than the uncaffeinated. Close examination of the animals? brain tissue showed that the caffeine disrupted the action of adenosine, a substance inside cells that usually provides energy, but can become destructive if it leaks out when the cells are injured or under stress. The escaped adenosine can jump-start a biochemical cascade leading to inflammation, which can disrupt the function of neurons, and potentially contribute to neurodegeneration or, in other words, dementia. In a 2012 study of humans, researchers from the University of South Florida and the University of Miami tested the blood levels of caffeine in older adults with mild cognitive impairment, or the first glimmer of serious forgetfulness, a common precursor of Alzheimer?s disease, and then re-evaluated them two to four years later. Participants with little or no caffeine circulating in their bloodstreams were far more likely to have progressed to full-blown Alzheimer?s than those whose blood indicated they?d had about three cups? worth of caffeine. There?s still much to be learned about the effects of coffee. ?We don?t know whether blocking the action of adenosine is sufficient? to prevent or lessen the effects of dementia, says Dr. Gregory G. Freund, a professor of pathology at the University of Illinois who led the 2012 study of mice. It is also unclear whether caffeine by itself provides the benefits associated with coffee drinking or if coffee contains other valuable ingredients. In a 2011 study by the same researchers at the University of South Florida, for instance, mice genetically bred to develop Alzheimer?s and then given caffeine alone did not fare as well on memory tests as those provided with actual coffee. Nor is there any evidence that mixing caffeine with large amounts of sugar, as in energy drinks, is healthful. But a cup or three of coffee ?has been popular for a long, long time,? Dr. Freund says, ?and there?s probably good reasons for that.? Correction: An earlier version of this post stated that coffee has been a popular beverage for thousands of years. It has been popular for hundreds of years, not thousands. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 8 16:57:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jun 2013 17:57:48 -0400 Subject: [Infowarrior] - NEW: Boundless Informant: the NSA's secret tool to track global surveillance data Message-ID: Boundless Informant: the NSA's secret tool to track global surveillance data Revealed: The NSA's powerful tool for cataloguing data ? including figures on US collection ? Glenn Greenwald and Ewen MacAskill ? guardian.co.uk, Saturday 8 June 2013 15.10 EDT http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining?CMP=twt_gu The National Security Agency has developed a powerful tool for recording and analysing where its intelligence comes from, raising questions about its repeated assurances to Congress that it cannot keep track of all the surveillance it performs on American communications. The Guardian has acquired top-secret documents about the NSA datamining tool, called Boundless Informant, that details and even maps by country the voluminous amount of information it collects from computer and telephone networks. The focus of the internal NSA tool is on counting and categorizing the records of communications, known as metadata, rather than the content of an email or instant message. The Boundless Informant documents show the agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013. One document says it is designed to give NSA officials answers to questions like, "What type of coverage do we have on country X" in "near real-time by asking the SIGINT [signals intelligence] infrastructure." An NSA factsheet about the program, acquired by the Guardian, says: "The tool allows users to select a country on a map and view the metadata volume and select details about the collections against that country." Under the heading "Sample use cases", the factsheet also states the tool shows information including: "How many records (and what type) are collected against a particular country." A snapshot of the Boundless Informant data, contained in a top secret NSA "global heat map" seen by the Guardian, shows that in March 2013 the agency collected 97bn pieces of intelligence from computer networks worldwide. The heat map reveals how much data is being collected from around the world. Note the '2007' date in the image relates to the document from which the interactive map derives its top secret classification, not to the map itself. Iran was the country where the largest amount of intelligence was gathered, with more than 14bn reports in that period, followed by 13.5bn from Pakistan. Jordan, one of America's closest Arab allies, came third with 12.7bn, Egypt fourth with 7.6bn and India fifth with 6.3bn. The heatmap gives each nation a color code based on how extensively it is subjected to NSA surveillance. The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance). The disclosure of the internal Boundless Informant system comes amid a struggle between the NSA and its overseers in the Senate over whether it can track the intelligence it collects on American communications. The NSA's position is that it is not technologically feasible to do so. At a hearing of the Senate intelligence committee In March this year, Democratic senator Ron Wyden asked James Clapper, the director of national intelligence: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" "No sir," replied Clapper. Judith Emmel, an NSA spokeswoman, told the Guardian in a response to the latest disclosures: "NSA has consistently reported ? including to Congress ? that we do not have the ability to determine with certainty the identity or location of all communicants within a given communication. That remains the case." Other documents seen by the Guardian further demonstrate that the NSA does in fact break down its surveillance intercepts which could allow the agency to determine how many of them are from the US. The level of detail includes individual IP addresses. IP address is not a perfect proxy for someone's physical location but it is rather close, said Chris Soghoian, the principal technologist with the Speech Privacy and Technology Project of the American Civil Liberties Union. "If you don't take steps to hide it, the IP address provided by your internet provider will certainly tell you what country, state and, typically, city you are in," Soghoian said. That approximation has implications for the ongoing oversight battle between the intelligence agencies and Congress. On Friday, in his first public response to the Guardian's disclosures this week on NSA surveillance, Barack Obama said that that congressional oversight was the American peoples' best guarantee that they were not being spied on. "These are the folks you all vote for as your representatives in Congress and they are being fully briefed on these programs," he said. Obama also insisted that any surveillance was "very narrowly circumscribed". Senators have expressed their frustration at the NSA's refusal to supply statistics. In a letter to NSA director General Keith Alexander in October last year, senator Wyden and his Democratic colleague on the Senate intelligence committee, Mark Udall, noted that "the intelligence community has stated repeatedly that it is not possible to provide even a rough estimate of how many American communications have been collected under the Fisa Amendments Act, and has even declined to estimate the scale of this collection." At a congressional hearing in March last year, Alexander denied point-blank that the agency had the figures on how many Americans had their electronic communications collected or reviewed. Asked if he had the capability to get them, Alexander said: "No. No. We do not have the technical insights in the United States." He added that "nor do we do have the equipment in the United States to actually collect that kind of information". Soon after, the NSA, through the inspector general of the overall US intelligence community, told the senators that making such a determination would jeopardize US intelligence operations ? and might itself violate Americans' privacy. "All that senator Udall and I are asking for is a ballpark estimate of how many Americans have been monitored under this law, and it is disappointing that the inspectors general cannot provide it," Wyden told Wired magazine at the time. The documents show that the team responsible for Boundless Informant assured its bosses that the tool is on track for upgrades. The team will "accept user requests for additional functionality or enhancements," according to the FAQ acquired by the Guardian. "Users are also allowed to vote on which functionality or enhancements are most important to them (as well as add comments). The BOUNDLESSINFORMANT team will periodically review all requests and triage according to level of effort (Easy, Medium, Hard) and mission impact (High, Medium, Low)." Emmel, the NSA spokeswoman, told the Guardian: "Current technology simply does not permit us to positively identify all of the persons or locations associated with a given communication (for example, it may be possible to say with certainty that a communication traversed a particular path within the internet. It is harder to know the ultimate source or destination, or more particularly the identity of the person represented by the TO:, FROM: or CC: field of an e-mail address or the abstraction of an IP address). "Thus, we apply rigorous training and technological advancements to combine both our automated and manual (human) processes to characterize communications ? ensuring protection of the privacy rights of the American people. This is not just our judgment, but that of the relevant inspectors general, who have also reported this." She added: "The continued publication of these allegations about highly classified issues, and other information taken out of context, makes it impossible to conduct a reasonable discussion on the merits of these programs." Additional reporting: James Ball in New York and Spencer Ackerman in Washington --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 9 08:17:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jun 2013 09:17:30 -0400 Subject: [Infowarrior] - Cable companies are our latter-day robber barons Message-ID: <10832FB1-8535-4757-AC9A-CB40B504DA0B@infowarrior.org> Price-gouging cable companies are our latter-day robber barons Monopolistic cable providers make internet access an unaffordable luxury for tens of millions of Americans ? Heidi Moore ? guardian.co.uk, Tuesday 4 June 2013 13.47 EDT http://www.guardian.co.uk/commentisfree/2013/jun/04/price-gouging-cable-companies One percent of American households cancels internet service every year ? largely because of its artificially high cost. Photograph: Sipa Press/Rex Features Last year, about 1% of American households cut off their internet service. That's not as surprising as experts may suggest. The internet ? which promised to connect all Americans with everything from educational opportunities to Facebook status updates ? has become, unfortunately, a luxury even for the middle class. Cable companies that have functioned as oligopolies have made it that way. Naturally, more Americans would cut off internet service considering how absurdly expensive it has become to pay to stay connected. The median income for a household in the United States is just over $50,000, which has to support a family with basics like food, mortgage or rent, a car and gas. Inflation has steadily driven up the price of food and gas, which has meant that American wages have actually dropped since the recession. School costs, healthcare and other costs mean many families depend on credit cards on occasion. That doesn't leave a lot of room for splashy purchases. Yet, strangely, internet access ? which is a necessity in homes where children get their homework online and parents may telecommute ? has become the splashiest purchase of all. In many big cities, internet access can easily become a budgetary sinkhole for families. Think of $100 a month for cable and internet, another $50 a month for a smartphone, $40 a month for an iPad or a similar device; if you travel, add $70 a month for some kind of wireless hotspot like Verizon's Mi-Fi. Competition drives down prices, and the world of cable and internet access has largely done away with the threat of competition. At home, if you don't like Time Warner's prices, you can't turn around and get Comcast; you'll have to spring for satellite service or hope Verizon FiOS serves your area. And once you have those, there's no guarantee they'll suit you or that their billing will be any better. The result is that Americans are being willingly pick-pocketed. Internet service is costly because internet providers refuse to compete with each other, ensuring they can charge high prices. They rationalize it like this: even though the cable companies have a gross profit margin of around 97% ? meaning 97 cents of every dollar they make is pure profit ? they still have to pay to service cell towers and invest in broadband. They have expensive equipment to maintain, see? That's not monopoly pricing power. That's just basic subsistence. Unfortunately, their arguments fail for two reasons: the first is that those companies are not actually investing in equipment as much as they would like you to think. There is a cable graveyard littered with "overbuilders" that tried to create fast, wide internet access networks to compete with the giant incumbents like Time Warner and Comcast. Those overbuilders failed. Another problem with the argument is that "recovering fixed costs" is not a problem; the cable companies' networks are already bought and paid for, many times over. The cable companies have such incredibly high profit margins ? "comically high" in the words of one Sanford C Bernstein analyst ? that they don't have any problem covering their costs. The Open Technology Institute noted in a recent report, "cable companies invested over $185bn in capital expenditures between 1996 and 2011. But these networks generated close to $1tn in revenue in the same time period." The lack of either existent or upcoming competition taught the larger cable companies that it pays, literally, to get lazy and complacent: not only would they refuse to compete with each other, but there was also nothing to fear from any aggressive startups. The lack of any pressure to improve means Americans are forced to keep overpaying for internet service or give it up altogether. There are estimates that 100 million people in the US ? or roughly a third of the population ? do not have internet access at home. It's not unusual for middle-class families to spent more than $2,100 a year just to get online; poorer families can't even bother. The price of internet access has also risen faster than wages ever could; since 2006, the price of telephone and internet access has risen by 21%, according to the Wall Street Journal. This is not something that single mothers and struggling families can afford; kids in urban neighborhoods cluster inside and around the local McDonald's to do their homework by grabbing a ride on the stores' free Wi-Fi. Imagine four years of doing that every night just to keep up with your peers, much less scoring the kind of grades that are good enough for college. Income inequality is also internet inequality. Americans can make do, of course. The irony of expensive internet service is that cheaper service is everywhere. Wi-Fi is widely available everywhere from most Starbucks to public libraries if you don't mind giving up your mobility; the prevalence of smartphones like the iPhone and Samsung Galaxy require expensive data plans for internet access. And then, of course, people use the internet at work and can easily rationalize that 8 hours or more a day of access is quite enough. (Though that is no help to kids.) How did we get to this place? Susan Crawford, a professor at the Cardozo School of Law in New York, has argued for years that cable companies are a monopoly. One of her favorite statistics is that there's not much "competition when 94% of new wired high-speed customers bought service from their local cable distributors" at the end of 2012. In other words, cable companies are internet companies and they have locked down what looks like an oligopoly for their services. In an opinion piece in January, she summed up the problem: "At the heart of the problem lie a few powerful [cable] companies with enormous influence over policy making. Both the wireless and wired markets for high-speed internet access have become heavily concentrated, and neither is subject to substantial competition nor oversight. Companies like Time Warner Cable routinely get their way when they seek to prevent local officials from encouraging competition. At the federal level, Verizon Wireless is keeping the FCC in court arguing over the scope of its regulatory powers ? a move that has undermined the agency's authority. As a result, prices are too high and speeds too slow. A third of Americans opt not to buy high-speed internet access at home, often because they can't afford it." Crawford's argument is that cable companies are not only monopolistic, but also exercise their considerable power in Washington to squeeze regulators. They walk like a monopoly and talk like a monopoly, trying to block rivals from getting a foothold. Even local governments trying to improve local service feel the lash. The idea of an oligopoly is a powerful one, which has tended to kick government regulators into gear to defend consumer interests. Naturally, there are those who believe the cable companies are not bad. "About 89% of US residents have a choice of five or more broadband providers, counting mobile and satellite, and 85% have a choice of two or more wireline broadband providers," ComputerWorld summarized a recent Information Technology and Innovation Foundation report. Of course, if you've ever had internet access in the US any time your life, the one thing you have not found is choice. Satellite service is an expensive and implausible option for many families. If you're like many Americans, you hit a point of frustration with your cable and internet provider and looked for alternatives ? only to find none. There is, of course, no impetus in Washington to repair this. Market forces have only encouraged cable companies to keep raising prices with impunity. There is a strong argument to be made that cable companies have abused their pricing power and should submit to regulation in pricing ? but there is likely no one in Washington ready to hear it. These are times when a person can yearn for the old moustache-twirling, chortling monopolies of the Gilded Age robber barons ? the open maneuvering of a vindictive John D Rockefeller, as detailed by Ron Chernow, or an Andrew Mellon (pdf) thundering with retro-Calvinist disdain for the moral weakness of the poor. It would be great to see monopolistic ambition with such clarity. Alas, in our day, we are left with the milquetoast version that rules our outrageously expensive cable, internet and phone services. These robber barons in rimless glasses and Rockports pick the pockets of recession-hit families as gleefully as any old Carnegie ? but they need never fear government interference. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 9 08:21:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jun 2013 09:21:59 -0400 Subject: [Infowarrior] - Credibility Crunch for Tech Companies Over Prism Message-ID: ? TECHNOLOGY ? Updated June 8, 2013, 1:09 p.m. ET http://online.wsj.com/article/SB10001424127887324798904578531672407107306.html Credibility Crunch for Tech Companies Over Prism By AMIR EFRATI, SHIRA OVIDE and EVELYN M. RUSLI With Silicon Valley's credibility in protecting consumer privacy on the line, many of the largest Web companies on Friday emphasized they aren't giving the U.S. government a direct pipe into their networks as part of a secret program to monitor foreign nationals. But the denials of involvement by Google Inc., Microsoft Corp. and others, which come at the same time the Obama administration confirmed the existence of such a program, raised questions about how data is ending up in the hands of the government. The issues are especially acute for companies who make their business by collecting and processing customers' most personal data and secrets. Google CEO Larry Page and Chief Legal Officer David Drummond said in a blog post that the company doesn't give U.S. government investigators "open-ended access" to its network and hadn't "joined" a program known as Prism and run by the National Security Agency. The executives said Google only hands over data based on legally-authorized requests that it reviews individually. Jerry Seib explains how the far-reaching data collection conducted by the U.S. government includes phone companies in addition to Verizon, plus Internet service providers and Apple. Photo: Getty Images U.S. officials briefed on the matter said Friday that the NSA receives copies of data through a system they set up with a court order. They don't have direct access to the company computers, those people said. Companies including Apple Inc., Facebook Inc. and Yahoo Inc. all specified in some way that the government doesn't have "direct access" to their networks. But they didn't say whether the government may be indirectly siphoning user information?including subject lines of emails and photos stored online?through an intermediary in response to secret court orders. One former government official and cybersecurity legal expert said the companies are likely carefully parsing their words. This person said it is likely that the government is able to get copies of data in real-time or near real-time without accessing the Internet companies' central servers. The Internet companies didn't answer questions about these potential side doors into their data. Google and Microsoft release regular reports that outline the number of government requests for user data per year, but such reports don't include the kind of court-ordered requests made by the NSA for its surveillance of foreign nationals. Such requests prohibit the recipients from disclosing them. U.S. officials also shed little additional light on how the program works on Friday. The National Security Agency referred questions about Prism on Friday to the office of the Director of National Intelligence. Representatives for the office didn't immediately respond to questions. Federal law-enforcement agencies can issue data-disclosure orders to the tech companies under the FISA Amendments Act, a law that permits the government to obtain surveillance orders from a special court without warrants on specific people. The orders compel companies to provide data, such as the content of emails, files and photos, stored online. The technical mechanism through which the tech companies comply with foreign-surveillance orders is unclear. One industry executive familiar with the handling of data requests from U.S. intelligence agencies said companies have set up ways to cope with the volume of data by automating parts of the process. This method would allow data to be funneled to intelligence agencies without the need for manual steps by company employees. Agency personnel, this person said, are likely to have the capability to conduct informal searches through company data to help narrow searches associated with particular individuals and aid in crafting formal data requests. Internet giants have been repeatedly accused of funneling information about their users to the U.S. and other governments. Two years ago, Julian Assange, the editor in chief of Wikileaks, called Facebook an "appalling" spy machine during a media interview, adding that he believed the social network, Google and Yahoo had "built-in interfaces for U.S intelligence." In a comment at the time, a Facebook spokesman said, "There has never been a time we have been pressured to turn over data." Obama administration officials stressed Friday that the NSA surveillance program focuses on foreign nationals, not Americans. But for companies like Facebook?which counts roughly 80% of its monthly users outside the U.S. and Canada?the disclosure of surveillance on foreign nationals raises its own problems. A backlash, privacy advocates warned, may be particularly strong in Europe, where governments and citizens have been more sensitive to privacy issues. Following the disclosure, some European lawmakers and regulators seized the opportunity to reiterate their commitment to protect privacy. German Justice Minister Sabine Leutheusser-Schnarrenberger told daily newspaper Die Welt that "German citizens don't want their data to automatically end up with American authorities. It's good and necessary for the U.S. to rethink its antiterror legislation." In the Middle East, where some governments have recently tried to restrict Internet access and use technology to crackdown on protesters, , the reaction was more muted. "I'm not shocked the U.S. has a very strong spy apparatus. I'm surprised they're careless enough to let it come out," said Wael Eskandar, an Egyptian blogger and activist. The privacy questions also come at a time when Internet companies are trying to wedge themselves deeper into daily lives around the world. In Silicon Valley, data has become invaluable currency, to serve better ads, prod users to spend more time on services, and create a competitive advantage against rising upstarts. "Here we are in the world of big data, and we know they can record every single thing," said Michael Pachter, a Wedbush Securities analyst. ?Jessica E. Lessin, Harriet Torry, Matt Bradley, Muhammed Mansour and Siobhan Gorman contributed to this article. Write to Amir Efrati at amir.efrati at wsj.com, Shira Ovide at shira.ovide at wsj.com and Evelyn M. Rusli at evelyn.rusli at wsj.com A version of this article appeared June 8, 2013, on page A4 in the U.S. edition of The Wall Street Journal, with the headline: Credibility Crunch for Tech Companies. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 9 08:33:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jun 2013 09:33:41 -0400 Subject: [Infowarrior] - How the U.S. Uses Technology to Mine More Data More Quickly Message-ID: June 8, 2013 How the U.S. Uses Technology to Mine More Data More Quickly By JAMES RISEN and ERIC LICHTBLAU http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html WASHINGTON ? When American analysts hunting terrorists sought new ways to comb through the troves of phone records, e-mails and other data piling up as digital communications exploded over the past decade, they turned to Silicon Valley computer experts who had developed complex equations to thwart Russian mobsters intent on credit card fraud. The partnership between the intelligence community and Palantir Technologies, a Palo Alto, Calif., company founded by a group of inventors from PayPal, is just one of many that the National Security Agency and other agencies have forged as they have rushed to unlock the secrets of ?Big Data.? Today, a revolution in software technology that allows for the highly automated and instantaneous analysis of enormous volumes of digital information has transformed the N.S.A., turning it into the virtual landlord of the digital assets of Americans and foreigners alike. The new technology has, for the first time, given America?s spies the ability to track the activities and movements of people almost anywhere in the world without actually watching them or listening to their conversations. New disclosures that the N.S.A. has secretly acquired the phone records of millions of Americans and access to e-mails, videos and other data of foreigners from nine United States Internet companies have provided a rare glimpse into the growing reach of the nation?s largest spy agency. They have also alarmed the government: on Saturday night, Shawn Turner, a spokesman for the director of national intelligence, said that ?a crimes report has been filed by the N.S.A.? With little public debate, the N.S.A. has been undergoing rapid expansion in order to exploit the mountains of new data being created each day. The government has poured billions of dollars into the agency over the last decade, building a one-million-square-foot fortress in the mountains of Utah, apparently to store huge volumes of personal data indefinitely. It created intercept stations across the country, according to former industry and intelligence officials, and helped build one of the world?s fastest computers to crack the codes that protect information. While once the flow of data across the Internet appeared too overwhelming for N.S.A. to keep up with, the recent revelations suggest that the agency?s capabilities are now far greater than most outsiders believed. ?Five years ago, I would have said they don?t have the capability to monitor a significant amount of Internet traffic,? said Herbert S. Lin, an expert in computer science and telecommunications at the National Research Council. Now, he said, it appears ?that they are getting close to that goal.? On Saturday, it became clear how close: Another N.S.A. document, again cited by The Guardian, showed a ?global heat map? that appeared to represent how much data the N.S.A. sweeps up around the world. It showed that in March 2013 there were 97 billion pieces of data collected from networks worldwide; about 14 percent of it was in Iran, much was from Pakistan and about 3 percent came from inside the United States, though some of that might have been foreign data traffic routed through American-based servers. A Shift in Focus The agency?s ability to efficiently mine metadata, data about who is calling or e-mailing, has made wiretapping and eavesdropping on communications far less vital, according to data experts. That access to data from companies that Americans depend on daily raises troubling questions about privacy and civil liberties that officials in Washington, insistent on near-total secrecy, have yet to address. ?American laws and American policy view the content of communications as the most private and the most valuable, but that is backwards today,? said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a Washington group. ?The information associated with communications today is often more significant than the communications itself, and the people who do the data mining know that.? In the 1960s, when the N.S.A. successfully intercepted the primitive car phones used by Soviet leaders driving around Moscow in their Zil limousines, there was no chance the agency would accidentally pick up Americans. Today, if it is scanning for a foreign politician?s Gmail account or hunting for the cellphone number of someone suspected of being a terrorist, the possibilities for what N.S.A. calls ?incidental? collection of Americans are far greater. United States laws restrict wiretapping and eavesdropping on the actual content of the communications of American citizens but offer very little protection to the digital data thrown off by the telephone when a call is made. And they offer virtually no protection to other forms of non-telephone-related data like credit card transactions. Because of smartphones, tablets, social media sites, e-mail and other forms of digital communications, the world creates 2.5 quintillion bytes of new data daily, according to I.B.M. The company estimates that 90 percent of the data that now exists in the world has been created in just the last two years. From now until 2020, the digital universe is expected to double every two years, according to a study by the International Data Corporation. Accompanying that explosive growth has been rapid progress in the ability to sift through the information. When separate streams of data are integrated into large databases ? matching, for example, time and location data from cellphones with credit card purchases or E-ZPass use ? intelligence analysts are given a mosaic of a person?s life that would never be available from simply listening to their conversations. Just four data points about the location and time of a mobile phone call, a study published in Nature found, make it possible to identify the caller 95 percent of the time. ?We can find all sorts of correlations and patterns,? said one government computer scientist who spoke on condition of anonymity because he was not authorized to comment publicly. ?There have been tremendous advances.? Secret Programs When President George W. Bush secretly began the N.S.A.?s warrantless wiretapping program in October 2001, to listen in on the international telephone calls and e-mails of American citizens without court approval, the program was accompanied by large-scale data mining operations. Those secret programs prompted a showdown in March 2004 between Bush White House officials and a group of top Justice Department and F.B.I. officials in the hospital room of John Ashcroft, then the attorney general. Justice Department lawyers who were willing to go along with warrantless wiretapping argued that the data mining raised greater constitutional concerns. In 2003, after a Pentagon plan to create a data-mining operation known as the Total Information Awareness program was disclosed, a firestorm of protest forced the Bush administration to back off. But since then, the intelligence community?s data-mining operations have grown enormously, according to industry and intelligence experts. The confrontation in Mr. Ashcroft?s hospital room took place just one month after a Harvard undergraduate, Mark Zuckerberg, created Facebook; Twitter would not be founded for two more years. Apple?s iPhone and iPad did not yet exist. ?More and more services like Google and Facebook have become huge central repositories for information,? observed Dan Auerbach, a technology analyst with the Electronic Frontier Foundation. ?That?s created a pile of data that is an incredibly attractive target for law enforcement and intelligence agencies.? The spy agencies have long been among the most demanding customers for advanced computing and data-mining software ? and even more so in recent years, according to industry analysts. ?They tell you that somewhere there is an American who is going to be blown up,? said a former technology executive, and ?the only thing that stands between that and him living is you.? In 2006, the Bush administration established a program known as the Intelligence Advanced Research Projects Activity, to accelerate the development of intelligence-related technology intended ?to provide the United States with an overwhelming intelligence advantage over future adversaries.? I.B.M.?s Watson, the supercomputing technology that defeated human Jeopardy! champions in 2011, is a prime example of the power of data-intensive artificial intelligence. Watson-style computing, analysts said, is precisely the technology that would make the ambitious data-collection program of the N.S.A. seem practical. Computers could instantly sift through the mass of Internet communications data, see patterns of suspicious online behavior and thus narrow the hunt for terrorists. Both the N.S.A. and the Central Intelligence Agency have been testing Watson in the last two years, said a consultant who has advised the government and asked not to be identified because he was not authorized to speak. Trilaterization Industry experts say that intelligence and law enforcement agencies also use a new technology, known as trilaterization, that allows tracking of an individual?s location, moment to moment. The data, obtained from cellphone towers, can track the altitude of a person, down to the specific floor in a building. There is even software that exploits the cellphone data seeking to predict a person?s most likely route. ?It is extreme Big Brother,? said Alex Fielding, an expert in networking and data centers. In addition to opening the Utah data center, reportedly scheduled for this year, N.S.A. has secretly enlarged its footprint inside the United States, according to accounts from whistle-blowers in recent years. In Virginia, a telecommunications consultant reported, Verizon had set up a dedicated fiber-optic line running from New Jersey to Quantico, Va., home to a large military base, allowing government officials to gain access to all communications flowing through the carrier?s operations center. In Georgia, an N.S.A. official said in interviews, the agency had combed through huge volumes of routine e-mails to and from Americans. And in San Francisco, a technician at AT& T reported on the existence of a secret room there reserved for the N.S.A. that allowed the spy agency to copy and store millions of domestic and international phone calls routed through that station. Nothing revealed in recent days suggests that N.S.A. eavesdroppers have violated the law by targeting ordinary Americans. On Friday, President Obama defended the agency?s collection of phone records and other metadata, saying it did not involve listening to conversations or reading the content of e-mails. ?Some of the hype we?ve been hearing over the past day or so ? nobody has listened to the content of people?s phone calls,? he said. Mr. Rotenberg, referring to the constitutional limits on search and seizure, said, ?It is a bit of a fantasy to think that the government can seize so much information without implicating the Fourth Amendment interests of American citizens.? Reporting was contributed by David E. Sanger and Scott Shane from Washington, Steve Lohr and James Glanz from New York, and Quentin Hardy from Berkeley, Calif. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 9 09:47:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jun 2013 10:47:07 -0400 Subject: [Infowarrior] - World's first licensed armless pilot inspires others Message-ID: <85BEC5A7-1F88-4621-A1D3-204AAD4B1623@infowarrior.org> World's first licensed armless pilot inspires others Sunday - 6/9/2013, 6:57am ET By Kathy Stewart http://www.wtop.com/41/3352053/First-pilot-licensed-to-fly-without-an-arm WASHINGTON - Jessica Cox is petite in stature but she's a giant in life. This 30-year-old woman from Arizona was born without arms due to a rare birth defect. She is the world's first licensed armless pilot. Cox says, "With my feet being on the controls it's an incredible experience for me, it empowers me." But that's not all that makes this young woman pretty amazing. Cox doesn't know the word "no." "It starts with acceptance and accepting our own challenges," she says. Besides flying a plane, she drives a car with her feet and she plays the piano with her feet. Her feet are her hands. "I'm a motivational speaker, traveled to 20 different countries," she says. Cox celebrates her challenges and uses them to show people what's possible. She says she's blessed with the ability to impact others through her story. On a recent trip to Ethiopia, she met a young boy without arms who told his mother that he wants to be a pilot too. "It gives you goose bumps when you hear that. You just know that I helped give someone hope," she says. This past week she was on Capitol Hill fighting for disability rights for people across the world. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 9 10:24:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jun 2013 11:24:03 -0400 Subject: [Infowarrior] - OpEd: Peeping Barry Message-ID: Peeping Barry By MAUREEN DOWD http://www.nytimes.com/2013/06/09/opinion/sunday/dowd-peeping-president-obama.html WASHINGTON ? THE acid that corroded George W. Bush?s presidency was fear ? spreading it and succumbing to it. You could see the fear in his eyes, the fear that froze him in place, after Andy Card whispered to W. in that Florida classroom that a second plane had crashed into the twin towers. The blood-dimmed tragedy of 9/11 was chilling. But instead of rising above the fear, W. let it overwhelm his better instincts. He and Dick Cheney crumpled the Constitution, manipulated intelligence to go to war against a country that hadn?t attacked us, and implemented warrantless eavesdropping ? all in the name of keeping us safe from terrorists. Americans want to be protected, but not at the cost of vitiating the values that make us Americans. That is why Barack Obama was so stirring in 2007 with his spirited denunciations of W.?s toxic trade-offs. The up-and-coming senator and former constitutional law professor railed against the Bush administration?s ?false choice, between the liberties we cherish and the security we provide.? Now that we are envisioning some guy in a National Security Agency warehouse in Fort Meade, Md., going through billions of cat videos and drunk-dialing records of teenagers, can the Ministries of Love and Truth be far behind? ?There was of course no way of knowing whether you were being watched at any given moment,? George Orwell wrote in ?1984.? ?How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to.? It was quaint to think we had any privacy left, once Google, Facebook, Twitter and Instagram braided themselves into our days and nights. As Gene Hackman, playing a disillusioned N.S.A. analyst in the 1998 movie ?Enemy of the State? put it, the agency has been in bed with the telecommunications industry for decades, and ?they can suck a salt grain off a beach.? Still, it was a bit of a shock to find out that No Such Agency, as the N.S.A. is nicknamed, has been collecting information for seven years on every phone call, domestic and international, that Americans make. The Guardian?s Glenn Greenwald, who first reported the collection of data from Verizon, called the N.S.A. ?the crown jewel in government secrecy.? The Washington Post and then Greenwald swiftly revealed another secret program started under Bush, code-named Prism, that lets the N.S.A. and the F.B.I. tap Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, lifting audio and video chats, photographs, e-mails and documents in an effort to track foreign targets. The Post reported that the career intelligence officer who leaked the information was appalled and considered the program a gross intrusion on privacy. ?They quite literally can watch your ideas form as you type,? the officer said. President Obama defended his classified programs even as Greenwald spilled one more bequeathed from W.: identifying targets overseas for potential cyberattacks. So much technological overreach, yet counterterrorism officials still couldn?t do basic police work and catch the Boston bombers before the marathon by following up on warnings from the Russians. Don?t count on Congress to fix the assault on privacy. In a rare bit of bipartisanship, driven by a craven fear of being seen as soft on terrorists, both parties have lined up behind the indiscriminate surveillance sweeps, except for a few outliers on either end of the spectrum. Obama was in California on Friday to meet the Chinese president, Xi Jinping, who could have offered some technical assistance on Internet prying. (NBC?s Mike Isikoff reported that the Chinese hacked into the Obama and McCain campaign computers in 2008.) Certainly, it was tricky for our Big Brother to chide Xi about China?s cyberhacking in America. The president insists that his trellis of surveillance programs is ?under very strict supervision by all three branches of government.? That is not particularly comforting given that the federal government so rarely does anything properly. Obama says agents are not actually listening to calls, but as the former Sun Microsystems engineer Susan Landau told The New Yorker, the government can learn an immense amount by tracking ?who you call, and who they call.? When James Clapper, the director of national intelligence, was asked during a Congressional hearing in March whether the N.S.A. was collecting any information on ?millions or hundreds of millions of Americans,? Clapper replied ?No, sir,? adding, ?not wittingly.? That denial undermines our faith in the forthrightness of those scooping up every little bit of our lives to feed into government computers. The president calls the vast eavesdropping apparatus ?modest encroachments on privacy.? Back in 2007, Obama said he would not want to run an administration that was ?Bush-Cheney lite.? He doesn?t have to worry. With prisoners denied due process at Gitmo starving themselves, with the C.I.A. not always aware who it?s killing with drones, with an overzealous approach to leaks, and with the government?s secret domestic spy business swelling, there?s nothing lite about it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 9 13:46:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jun 2013 14:46:35 -0400 Subject: [Infowarrior] - new: NSA whistleblower revealed Message-ID: <2C3BA8BB-A0BC-4837-B055-AB7F75C770E3@infowarrior.org> Edward Snowden: the whistleblower behind revelations of NSA surveillance http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell. The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. "I have no intention of hiding who I am because I know I have done nothing wrong," he said. < - big snip - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 10 11:57:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jun 2013 12:57:06 -0400 Subject: [Infowarrior] - Digital Blackwaters Message-ID: <4FE60ED1-47E4-4325-A12A-71FE602D2639@infowarrior.org> Monday, Jun 10, 2013 11:15 AM EDT Meet the contractors analyzing your private data Private companies are getting rich probing your personal information for the government. Call it Digital Blackwater By Tim Shorrock http://www.salon.com/2013/06/10/digital_blackwater_meet_the_contractors_who_analyze_your_personal_data/ Amid the torrent of stories about the shocking new revelations about the National Security Agency, few have bothered to ask a central question. Who?s actually doing the work of analyzing all the data, meta-data and personal information pouring into the agency from Verizon and nine key Internet Service Providers for its ever-expanding surveillance of American citizens? Well, on Sunday we got part of the answer: Booz Allen Hamilton. In a stunning development in the NSA saga, Guardian reporter Glenn Greenwald revealed that the source for his blockbuster stories on the NSA is Edward Snowden, ?a 29-year-old former technical assistant for the CIA and current employee of the defense contractor Booz Allen Hamilton.? Snowden, it turns out, has been working at NSA for the last four years as a contract employee, including stints for Booz and the computer-services firm Dell. The revelation is not that surprising. With about 70 percent of our national intelligence budgets being spent on the private sector - a discovery I made in 2007 and first reported in Salon ? contractors have become essential to the spying and surveillance operations of the NSA. From Narus, the Israeli-born Boeing subsidiary that makes NSA?s high-speed interception software, to CSC, the ?systems integrator? that runs NSA?s internal IT system, defense and intelligence, contractors are making millions of dollars selling technology and services that help the world?s largest surveillance system spy on you. If the 70 percent figure is applied to the NSA?s estimated budget of $8 billion a year (the largest in the intelligence community), NSA contracting could reach as high as $6 billion every year. But it?s probably much more than that. ?The largest concentration of cyber power on the planet is the intersection of the Baltimore Parkway and Maryland Route 32,? says Michael V. Hayden, who oversaw the privatization effort as NSA director from 1999 to 2005. He was referring not to the NSA itself but to the business park about a mile down the road from the giant black edifice that houses NSA?s headquarters in Fort Meade, Maryland. There, all of NSA?s major contractors, from Booz to SAIC to Northrop Grumman, carry out their surveillance and intelligence work for the agency. With many of these contractors now focused on cybersecurity, Hayden has even coined a new term ? ?Digital Blackwater? ? for the industry. ?I use that for the concept of the private sector in cyber,? he told a recent conference in Washington, in an odd reference to the notorious mercenary army. ?I saw this in government and saw it a lot over the last four years. The private sector has really moved forward in terms of providing security,? he said. Hayden himself has cashed out too: he is now a principal with the Chertoff Group, the intelligence advisory company led by Michael Chertoff, the former Secretary of Homeland Security. One of NSA?s most important contractors may be Narus, a subsidiary of Boeing that makes a key telecommunications software that allows government agencies and corporations to monitor huge amounts of data flowing over fiber-optic cables. According to Bill Binney, one of four NSA whistleblowers who?ve been warning about NSA?s immense powers, one Narus device can analyze 1,250,000 1,000-character emails every second. That comes to over 100 billion emails a day. ?Narus is the one thing that makes it all possible,? Binney told me over the weekend, of the Verizon surveillance program unveiled by the Guardian. ?They probably pick up 60 to 80 percent of the data going over the [U.S.] network.? The Narus technology, he added, ?reconstructs everything on the line and then passes it off to NSA for storage? and later analysis. That includes everything, he said, including email, cell phone calls, and voice over internet protocol calls such as those made on Skype. NSA?s use of the Narus technology first came to attention in 2006. That was when an AT&T technician named Mark Klein went public with his discovery that NSA had hooked Narus devices to AT&T?s incoming telecom stream in San Francisco and set up a secret room that allowed NSA to divert AT&T?s entire stream to its own databases. Binney believes the equipment was hooked up to as many as 15 sites around the country. The Narus devices can?t pick up everything, however, because large amounts of traffic (such as domestic calls and internet messages) don?t go through the switches. That?s why NSA apparently decided in 2006 to create the PRISM program to tap into the databases of the Internet Service Providers such as Yahoo and Google, Binney says. ?Even though there?s so many Narus devices collecting on the net, they don?t get it all,? he explained. ?So if they go to the ISPs with a court order, they fill in the gaps from the collection on Narus.? But once the data is downloaded, it has to be analyzed. And that?s where Booz and the other contractors that surround the NSA come in. Booz Allen Hamilton is one of the NSA?s most important and trusted contractors. It?s involved in virtually every aspect of intelligence and surveillance, from advising top officials on how to integrate the 16 U.S. spy agencies to detailed analysis of signals intelligence, imagery and other critical collections technologies. I first introduced Booz?s intelligence business in a 2007 profile in Salon when President Bush appointed Michael McConnell, a Booz veteran and former NSA director, to be director of national intelligence (he?s now back at Booz). Among other secret projects, Booz was deeply involved in ?Total Information Awareness,? the controversial data-mining project run for the Bush administration by former National Security Advisor John Poindexter that was outlawed by Congress in 2003. Another major presence at NSA?s Business Park is SAIC. Like Booz, it stands like a private colossus across the whole intelligence industry. Of its 42,000 employees, more than 20,000 hold U.S. government security clearances, making it one of the largest private intelligence services in the world. ?SAIC provides a full suite of intelligence, surveillance and reconnaissance (ISR) and cybersecurity solutions across a broad spectrum of national security programs,? it claims on its website. Despite its grandiose claims, however, SAIC is also known for several spectacular intelligence failures, including NSA?s ill-fated Trailblazer project to privatize its analysis of signals intelligence. Other companies acting as pillars of NSA?s SIGINT analysis team include Northrop Grumman, Raytheon, CACI International, and hundreds of smaller companies scattered around the Washington Beltway (you can read detailed explanations of what they do for NSA in my book Spies for Hire). They, in turn, are surrounded by a small army of ?big data? companies that are hired by NSA to sift through data for suspicious patterns and map the creation of ?illicit networks? that can be followed or investigated. In April, I wrote about one of those companies, Palantir Technologies Inc., in Salon. It sells a powerful line of data-mining and analysis software that maps out human social networks that would be extremely useful to NSA analysts trying to make sense of all the telephone and internet data downloaded from Verizon and nine Internet companies that was described in the latest blockbuster stories in The Guardian and the Post. ?Their bread and butter is mapping disparate networks in real time,? a former military intelligence officer who has used Palantir software told me. ?It creates a spatial understanding that can be easily used by analysts.? (see the detailed profile of Palantir I posted on my website last Friday.) But how did NSA, long considered the crown jewel of U.S. intelligence, become so privatized in the first place? In the late 1990s, faced with a telecommunications and technological revolution that threatened to make the NSA?s telephonic and radar based surveillance skills obsolete, the agency decided to turn to private corporations for many of its technical needs. The outsourcing plan was finalized in 2000 by a special NSA Advisory Board set up to determine the agency?s future and codified in a secret report written by a then-obscure intelligence officer named James Clapper. ?Clapper did a one-man study for the NSA Advisory Board,? recalls Ed Loomis, a 40-year NSA veteran who, along with Binney and two others, blew the whistle on corporate corruption at the NSA. ?His recommendation was that NSA acquire its internet capabilities from the private sector. The idea was, the private sector had the capability and we at NSA didn?t need to reinvent the wheel.? Hayden, who was the NSA director at the time, ?put a lot of trust in the private sector in the private sector, and a lot of trust in Clapper, because Clapper was his mentor,? added Loomis. And once he got approval, ?he was hell-bent on privatization and nothing was going to derail that.? Clapper is now President Obama?s director of national intelligence, and has denounced the Guardian leaks as ?reprehensible.? Hayden was relentless in shifting NSA from an agency that relied on in-house experts for its technology to one of the most privatized agencies in government today. His first action, a project known as Groundbreaker, outsourced all of NSA?s internal communications system. In one fell swoop, hundreds of longtime NSA employees left their government jobs one day and walked in the next morning wearing their green badges from CSC and its many subcontractors. ?To this day, the IT at Fort Meade is owned by a private sector company,? Hayden boasted recently. ?That worked. That was a really good idea.? CSC remains the head of the ?Eagle Alliance? consortium, and is now one of NSA?s biggest suppliers of cybersecurity services. But Hayden?s master project, the grandiose Trailblazer project to private NSA?s analysis of signals intelligence flowing over the Internet, didn?t fare so well. Managed by SAIC in a consortium that included Northrop Grumman and Booz Allen Hamilton, it burned through over $5 billion without producing any actionable intelligence, and was cancelled in 2005. Despite the scandals and massive amount of money spent on private intelligence contractors, however, the mainstream media has been slow to report on the topic. It took until 2010, years after the spending spree began, for the Washington Post to highlight intelligence outsourcing in its famous series on ?Top Secret America.? The paper, despite its work on the PRISM story, is still behind the curve. On Monday, it reported for the first time the 70 percent figure I discovered back in 2007 and wrote about for Salon. But no credit was given to me or this publication for that blockbuster finding. Maybe next time. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 10 15:40:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jun 2013 16:40:36 -0400 Subject: [Infowarrior] - Pew: Majority Views NSA Phone Tracking as Acceptable Anti-terror Tactic Message-ID: Majority Views NSA Phone Tracking as Acceptable Anti-terror Tactic http://www.people-press.org/2013/06/10/majority-views-nsa-phone-tracking-as-acceptable-anti-terror-tactic/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 10 17:18:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jun 2013 18:18:56 -0400 Subject: [Infowarrior] - Pentagon Five-Year Cybersecurity Plan Seeks $23 Billion Message-ID: Pentagon Five-Year Cybersecurity Plan Seeks $23 Billion By Tony Capaccio - Jun 10, 2013 http://www.bloomberg.com/news/print/2013-06-10/pentagon-five-year-cybersecurity-plan-seeks-23-billion.html A Pentagon cybersecurity budget outline calls for spending almost $23 billion through fiscal 2018, as efforts are expanded on initiatives from protecting computer networks to developing offensive capabilities. The Defense Department already has proposed $4.65 billion for such programs in the fiscal year that begins Oct. 1, an 18 percent increase from the $3.94 billion budgeted this year. The five-year ?cyber-expense? budget obtained by Bloomberg News calls for spending to remain elevated from past levels. Defense Secretary Chuck Hagel this month cited ?the growing threat of cyber-intrusions, some of which appear to be tied to the Chinese government and military.? His predecessor, Leon Panetta, said last year that ?a cyber-attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11.? The budget outline shows ?increased investment will be made in protecting critical infrastructures,? cyber-attack capabilities ?for use against our adversaries and enhancing overall security of DoD networks and systems,? Harry Raduege, chairman of Deloitte LLP?s Center for Cyber Innovation in Washington, said in a statement. Increased U.S. spending on computer security may benefit defense contractors, including SAIC Inc. (SAI) and Northrop Grumman Corp. (NOC), in a time when other Pentagon spending is declining, according to data compiled by Bloomberg Government. Yearly Funding The Pentagon plans to request $4.72 billion in fiscal 2015, declining to $4.61 billion in 2016 and $4.45 billion the next year, then rising to $4.53 billion in 2018, according to the budget document. It calls for requesting $9.3 billion through 2018 for information-assurance systems aimed at blocking hackers and preventing disruptions of information on Pentagon computers, and $8.9 billion for cyber-operations, which include both defensive and offensive capabilities. Among national-security documents disclosed last week, the U.K.-based Guardian newspaper reported that President Barack Obama issued a directive in October saying ?Offensive Cyber Effects Operations? can provide ?unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.? ?Favorable Balance? Developing and sustaining such offensive capabilities ?may require considerable time and effort if access and tools for a specific target do not already exist,? according to the directive. It says the government should identify targets of national importantance that ?can offer a favorable balance of effectiveness and risk.? In the Air Force?s budget proposal for the coming fiscal year, the service said funds for ?offensive cyberspace operations? are ?needed to exploit enemy networks, telephony, integrated air defense systems, electronic warfare operations and command and control systems.? Air Force documents indicate the service will use existing Governmentwide Acquisition Contracts, such as those known as Alliant and Encore II, to buy ?a wide range of commercially available products and services that should be able to meet many requirements related to offensive cyberspace operations.? ?Integrate Cyber? The U.S. Cyber Command?s headquarters is projected to receive $405 million in fiscal 2015, up from $236 million proposed for 2014 and $182 million provided this year. The command would receive as much as $1.28 billion through 2018. Army General Keith Alexander, who leads the Cyber Command, told the House Armed Services Committee in March that his organization is working to change doctrine and training so that combat commanders ??can think, plan and integrate cyber?? just as they would the use of air, land and sea weapons. The command said that in fiscal 2014 it will be developing specific offensive and defensive capabilities for the U.S. Pacific and Central commands, which cover China and Iran. The Pentagon said in its latest annual report on China?s military that it has targeted U.S. government computers with intrusions seeking sensitive data. Iran?s developing ability to mount computer attacks will make it ??a force to be reckoned with,? General William Shelton, the head of the U.S. Air Force Space Command, told reporters in January. To contact the reporter on this story: Tony Capaccio in Washington at acapaccio at bloomberg.net To contact the editor responsible for this story: John Walcott at jwalcott9 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 10 20:30:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jun 2013 21:30:07 -0400 Subject: [Infowarrior] - US lawmakers call for review of 'Patriot' Act Message-ID: ....which will lead to zero changes being made to the status quo, I bet. --rick US lawmakers call for review of Patriot Act after NSA surveillance revelations White House insists it welcomes 'appropriate debate' after Republican leadership questions implementation of security act ? By Dan Roberts and Spencer Ackerman in Washington ? guardian.co.uk, Monday 10 June 2013 18.20 EDT ? Jump to comments (24) http://www.guardian.co.uk/world/2013/jun/10/patriot-act-nsa-surveillance-review The White House has said it would consider congressional calls to review the Patriot Act after conceding that revelations over the scale of US surveillance activity had sparked "an appropriate debate". The legislation, which was introduced after the 9/11 attacks, has been cited as the legal basis for the National Security Agency scouring billions of ordinary US telephone records in an effort to combat terrorism. But even one it authors, Republican Jim Sensenbrenner, has questioned whether the act has been misapplied in the cases revealed to the Guardian by former CIA whistleblower Edward Snowden. The administration insisted Monday it welcomed the intense furore in Washington that has followed Snowden's disclosures. "If that debate were to lead to building a consensus around changes [to the Patriot Act], he would look at that," said spokesman Jay Carney. "The president has been very clear that he takes the concerns about these issues very seriously." Hints of Obama's willingness to consider changing tack came as the Republican leadership in Congress also increasingly turned against the intelligence community on the issue. On Monday Paul Ryan, the former vice-presidential nominee, joined three other likely Republican candidates for 2016 in raising questions about whether privacy was being unduly threatened. "I'm sure somebody can come up with a great computer program that says: 'We can do X, Y, and Z,' but that doesn't mean that it's right," he told a radio station in Wisconsin. "I want to learn a lot more about it on behalf of the people I represent," he added. Pressure is growing on the White House to explain whether there was effective congressional oversight of the programs revealed by Snowden. In unbroadcast elements of a transcript issued by NBC, the director of National Intelligence, James Clapper, said he had responded in the "least untruthful manner" possible when denying that the NSA collected data on millions of Americans during congressional hearings. Clapper also confirmed that senator Dianne Feinstein, chair of the intelligence committee, had asked for a review to "refine these NSA processes and limit the exposure to Americans' private communications" and report back "in about a month". Senior Republicans tave also spoken out against the "unprecedented and intrusive surveillance" revealed by Snowden, joining a growing alliance of politicians from left and right voicing concern. Though none have yet defended the leak itself, they stand in stark contrast to congressional leaders on the House and Senate intelligence committees who authorised the programs and have criticised Snowden as a "defector" who threatens national security. 'The president has been very clear that he takes the concerns about these issues very seriously,' said White House spokesman Jay Carney. Photograph: Carolyn Kaster/AP The increasingly angry reaction in Congress to revelations of the sweeping surveillance programmes are opening a new fault line in American politics that may determine Washington's response to the whistleblower. The White House has yet to say whether it would be seeking his extradition, but it issued a statement on Sunday night confirming the Department of Justice had launched a criminal investigation. "Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law," said a spokesman for Clapper. But President Obama will have to weigh mounting political sympathy when deciding how aggressively to respond to the leaks, particularly if the issue becomes a rallying point for Republicans seeking to portray an over-powerful state. On Friday night, Texas governor Rick Perry, who ran for the 2012 Republican presidential nomination, attacked Obama for a "fundamental misuse of the massive power of the federal government". "We have an administration today that is taking alarming steps to infringe upon our rights in the name of consolidating their power," he told a group of grassroots activists in San Antonio. "Who knew, when you were watching the Verizon ad and the guy said: 'Can you hear me now?,' that was really just a mike check for the Obama administration," joked Perry, who drew a standing ovation. "These acts are something I would expect to see out of China but not out of the United States." Up-and-coming Tea Party favourite Ted Cruz issued a similar statementon Friday after the wave of disclosures, saying he would work with "colleagues in the Senate who share my concerns to ensure that we have all the facts about these surveillance programs". "They are implementing what appears to be an unprecedented and intrusive surveillance system on private American citizens... in light of this Administration's track record, how can they expect to be trusted?" he said. "We have discovered over the past few months an ongoing pattern of wanton disregard not only for Americans' privacy, but for the truth ? DOJ's refusal to be forthcoming about drone policy, IRS's targeting groups for their political beliefs and then misleading the American people about it, DOJ's targeting of journalists for doing their jobs, and now what seems an unprecedented intrusion into Americans' personal phone records and potentially into their broader online activities." The linking of NSA surveillance with other recent scandals such as the Internal Revenue Service targeting Republican groups threatens to dominate Obama's second term and may serve to balance calls within the intelligence community to pursue Snowden and robustly defend existing practices. Most forceful of all was senator Rand Paul, who has a track record as a libertarian and now hopes to challenge NSA surveillance in the supreme court. "If the seizure and surveillance of Americans' phone records ? across the board and with little to no discrimination ? is now considered a legitimate security precaution, there is literally no protection of any kind guaranteed anymore to American citizens," he said in an opinion piece for the Guardian. "In their actions, more outrageous and numerous by the day, this administration continues to treat the US constitution as a dead letter." Two other senators, Ron Wyden and Mark Udall, have been arguing for two years that the Patriot Act Congress voted on is different in material ways than the one the Obama administration is implementing. There are classified official executive interpretations of Patriot Act, particularly its section 215 about business records, that Wyden and Udall say bear little resemblance to the text of the public law, because they lead to much, much broader government surveillance on American than Patriot's text authorizes on its face. Critics say that for Obama to say "let's re-debate the Patriot Act" means little unless the still-secret executive-branch interpretation remains undisclosed. Congress could pass a Rein In The Patriot Act Act of 2013; and if Obama reinterprets that in secret, it would be meaningless. "It is not real oversight when the United States Congress cannot get a yes or no answer to the question of whether an estimate currently exists as to whether law abiding Americans have had their phone calls and emails swept up under the Fisa law," said Wyden and Udall in a December 28 letter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 06:03:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 07:03:50 -0400 Subject: [Infowarrior] - Why PRISM kills the cloud Message-ID: Why PRISM kills the cloud By Jonny Evans Created Jun 10 2013 - 5:58am The migration from desktop computing to the cloud [1] is on every tech firm's playlist this season, with Apple [2] [AAPL [3]] expected to deliver improvements to its iCloud service [4] later today -- but recent revelations regarding the US government's PRISM surveillance technology [5] could be the kiss of death to these future tech promises. < - > http://blogs.computerworld.com/print/22305 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 06:03:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 07:03:53 -0400 Subject: [Infowarrior] - Debate on Secret Data Looks Unlikely, Partly Due to Secrecy Message-ID: <02E8F790-4857-4FA2-9D4F-8C6D8E07B37D@infowarrior.org> June 10, 2013 Debate on Secret Data Looks Unlikely, Partly Due to Secrecy By SCOTT SHANE and JONATHAN WEISMAN http://www.nytimes.com/2013/06/11/us/politics/debate-on-secret-data-looks-unlikely-partly-due-to-secrecy.html?hp&pagewanted=print WASHINGTON ? Edward J. Snowden said he had leaked secret documents about National Security Agency surveillance to spark a public debate about civil liberties. President Obama, while deploring the leak, endorsed the same goal of a vigorous public discussion of the ?trade-offs? between national security and personal privacy. ?I think it?s healthy for our democracy, ? he said on Friday of the prospect of re-examining surveillance policy. But the legal and political obstacles to such a debate, whether in Congress or more broadly, are formidable. They only begin with the facts that the programs at issue are highly classified and that Mr. Snowden is now a hunted man, potentially facing a prison sentence for disclosing the very secrets that started the discussion that Mr. Obama welcomed. On Monday, the White House spokesman, Jay Carney, was pressed about just how the surveillance dialogue the president invited might take place. Asked whether Mr. Obama would himself lead the debate or push for new legislation, Mr. Carney demurred. ?I don?t have anything to preview,? he said, adding that the president?s major national security speech May 23, before the N.S.A. disclosures, showed ?his interest in having the debate and the legitimacy of asking probing questions about these matters.? Steven Aftergood, who runs the Project on Government Secrecy at the Federation of American Scientists in Washington, said: ?If President Obama really welcomed a debate, there are all kinds of things he could do in terms of declassification and disclosure to foster it. But he?s not doing any of them.? Nor is it clear that political pressure from either Congress or the public will be sufficient to prompt the administration to open the door wider on government surveillance. Congressional leaders of both parties have so far expressed support for the newly disclosed initiatives, and the legislation governing such surveillance was renewed for five years at the end of 2012. Representative Jim Langevin, a Rhode Island Democrat on the Intelligence Committee, said on Monday that among those in Congress who are most informed, the consensus was strong and bipartisan. ?Those who have been fully briefed are comfortable with the capabilities used, the way they have been used and the due diligence exercised in making sure the agency responsible for carrying out and using the tools has been doing so within confines of the law,? he said. ?There is nothing nefarious going on here.? Lawmakers also have political incentives to endorse the programs many have voted for previously. ?The Democrats want to support Obama, and the Republicans supported FISA expansion,? said Peter Swire, an expert on privacy at Ohio State University, referring to the Foreign Intelligence Surveillance Act. ?Both parties face internal tensions on this issue.? So far, there is no groundswell of public anger to shift Congressional views. In a Washington Post-Pew Research Center poll conducted after the N.S.A. revelations, 56 percent of those polled said it was acceptable for the agency to get secret court orders to track the phone calls of millions of Americans; 41 percent said it was unacceptable. The paradox produced by the N.S.A. disclosures ? the administration beginning a criminal investigation of the man who prompted the discussion Mr. Obama called useful ? is only the latest of his presidency, as he has struggled to manage a sprawling security bureaucracy that encompasses drone strikes, cyberattacks, sweeping surveillance and a ballooning amount of classified information. Despite a stated devotion to government transparency, he waited for years to speak publicly about drones and has yet to say a single word in public about the United States? offensive use of cyberweapons. His administration, meanwhile, has set a record in prosecuting leakers. ?The U.S. is pushing to make sure that cyberprograms comply with international law and international standards,? said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. ?But it won?t say what ours are.? Mr. Lewis said the discussion of cyberweapons was ?overclassified? in part because of the central role of the N.S.A., which old agency jokes say means No Such Agency or Never Say Anything. ?The N.S.A. classifies its lunch menu,? he said. If there were to be a major rethinking of surveillance rules, it would almost certainly have to start with Congress. But complaints about the N.S.A. programs have been largely limited to lawmakers from the Democrats? liberal wing and the Republicans? libertarian wing, some of whom have joined Congress since the focus on antiterrorism has decreased. Representatives Justin Amash, Republican of Michigan, and John Conyers Jr. of Michigan, the ranking Democrat on the House Judiciary Committee, are completing legislation that would make it tougher for the government to scoop up phone records and make public many of the opinions of the Foreign Intelligence Surveillance Court. Republican and Democratic leaders in Congress and the leaders of the intelligence committees, however, remain strongly supportive of the N.S.A. programs, marshaling national security arguments to trump privacy concerns. ?I flew over the World Trade Center going to Senator Lautenberg?s funeral,? Senator Dianne Feinstein of California, the chairwoman of the Senate Intelligence Committee, said Sunday on ABC?s ?This Week,? referring to Frank R. Lautenberg of New Jersey. ?And I thought of those bodies jumping out of that building hitting the canopy. Part of our obligation is keeping America safe.? Conceivably some views about the scope and propriety of the programs could change after closed briefings on the N.S.A. programs planned for House members on Tuesday and senators on Thursday. But even when a member of Congress does not like a secret program, classification rules make it tough to protest. Representative Jan Schakowsky, Democrat of Illinois and a critic of government surveillance, received a private briefing on the N.S.A.?s Internet program last year but is constrained in talking about it, said a spokeswoman, Sabrina Singh. ?She welcomes the public debate, but it?s a tough line for her to talk about because she knows more than the public,? Ms. Singh said. ?It?s something she is wrestling with.? The public, so far, continues to show a high tolerance for what the government claims is necessary to prevent terrorism. Polls also reflect a certain resignation about the erosion of privacy at a time of targeted online advertising, location-tracking cellphones and intrusive government programs. In an Allstate/National Journal poll a week before the N.S.A. revelations, for instance, 85 percent of those polled said they thought it somewhat or very likely that businesses and the government could access citizens? phone calls, e-mails and Internet use without their consent. David E. Sanger contributed reporting from Washington, Somini Sengupta from San Francisco, and Megan Thee-Brenan from New York. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 13:33:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 14:33:58 -0400 Subject: [Infowarrior] - Google Letter to DOJ ref: FISA Message-ID: <5130FA4C-A48D-480F-BE69-B89F3B5ED0F9@infowarrior.org> Asking the U.S. government to allow Google to publish more national security request data Posted: Tuesday, June 11, 2013 http://googleblog.blogspot.com/2013/06/asking-us-government-to-allow-google-to.html This morning we sent the following letter to the offices of the Attorney General and the Federal Bureau of Investigation. Read the full text below. -Ed. Dear Attorney General Holder and Director Mueller Google has worked tremendously hard over the past fifteen years to earn our users? trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users? data. We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests. Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users? data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation. We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures?in terms of both the number we receive and their scope. Google?s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide. Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google?s initiative. Transparency here will likewise serve the public interest without harming national security. We will be making this letter public and await your response. David Drummond Chief Legal Officer --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 13:51:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 14:51:31 -0400 Subject: [Infowarrior] - Humour: Improved NSA PRISM slides Message-ID: <1B84EACD-042D-4C33-AB1B-467C4E602712@infowarrior.org> http://fr.slideshare.net/EmilandDC/dear-nsa-let-me-take-care-ou Someone made the NSA slides much nicer and done as if it really were 2013. .... frankly I wonder how Tufte would do it. THAT would rock. ;) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 14:33:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 15:33:01 -0400 Subject: [Infowarrior] - Durbin: FISA declassification bill dead on arrival Message-ID: <8AD50E00-2793-4FE2-953B-D7AE533C28B0@infowarrior.org> Durbin: FISA declassification bill dead on arrival By Carlo Mu?oz - 06/11/13 01:07 PM ET http://thehill.com/homenews/senate/304751-durbin-fisa-declassification-bill-dead-on-arrival- A bipartisan effort to declassify key federal court opinions justifying domestic surveillance of American citizens is dead on arrival, the Senate's No. 2 Democrat said Tuesday. "I encourage this, though I think it is going to be ill-fated," Senate Majority Whip Dick Durbin (D-Ill.) said of the bill being spearheaded by Oregon Democratic Sens. Jeff Merkley and Ron Wyden. "I just don't see a freight train coming down the track," in terms of getting the White House and Congress behind the Merkley-Wyden bill, Durbin said. The bill would require the attorney general to declassify significant opinions made by courts operating under the secretive Foreign Intelligence Surveillance Act (FISA). If the bipartisan bill was law, it would have required the government to reveal its collection of Verizon phone records and the PRISM Internet data-mining program. The effort has the backing of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.), according to a release from Wyden's office. Sens. Dean Heller (R-Nev.), Mark Begich (D-Alaska), Al Franken (D-Minn.), Jon Tester (D-Mont.) and Mike Lee (R-Utah) have also signed on as co-sponsors to the proposed legislation. Despite the bipartisan support for the legislation, Durbin was doubtful the Obama administration would sign it into law. "I think they are going to eventually turn us down," he added, regarding the White House's response to declassifying FISA court opinions. "They are [just] going to say no," he added. The bill comes after classified information on two domestic surveillance programs run by the National Security Agency (NSA) were leaked by Edward Snowden, a 29-year-old government contractor. Details of the NSA programs were published in The Guardian and The Washington Post last week. One program was designed to collect cellphone data from Verizon customers to track terror threats, and a second program, PRISM, collected data from tech companies on foreign Internet users. President Obama and the heads of the Senate and House Intelligence committees have defended the programs as critical to national security, and said they did not violate the civil liberties of American citizens. "I think there needs to be more transparency here, but I think we can achieve it without jeopardizing national security," said to Durbin. A possible compromise to the Markey-Wyden bill, Durbin said, would be having more lawmakers outside the Armed Services and Intelligence panels briefed on programs similar to the NSA surveillance operations. "I think that is a good option," Durbin said. The White House said Congress had been briefed on the operations, but many lawmakers say they were unaware of the programs and are demanding more information. "The reality is [the White House] has made some classified materials available ... [but] during the regular course of events, it is a very limited number of Senators and congressman who are regularly apprised of developments" on sensitive intelligence or national security operations, the majority whip said. Durbin has repeatedly pressed for additional congressional oversight of intelligence and national security efforts, particularly those like the NSA programs disclosed last week. "I have been offering these amendments for years ... and losing them, regularly," Durbin said. "And the two areas I have been focusing on are the two areas that came out last week," he added, referring to the clandestine monitoring of phone and Internet traffic of U.S. citizens. Those failed amendments, according to Durbin, would have "established a specific connection between information sought and suspicion of terrorism, rather than a more generalized collection, which is going on right now." Read more: http://thehill.com/homenews/senate/304751-durbin-fisa-declassification-bill-dead-on-arrival-#ixzz2VwDBAqwd Follow us: @thehill on Twitter | TheHill on Facebook --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 15:41:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 16:41:13 -0400 Subject: [Infowarrior] - Making Alberto Gonzales Look Good Message-ID: <212A2DFB-36B9-4579-9F66-E9759DF1F00A@infowarrior.org> June 11, 2013, 3:12 pm http://takingnote.blogs.nytimes.com/2013/06/11/making-alberto-gonzales-look-good/?hp Making Alberto Gonzales Look Good By ANDREW ROSENTHAL Government officials employ various tactics to avoid actually saying anything at intelligence hearings, mostly by fogging up the room with references to national security and with vague generalities. It?s part of a dance, which the public and the media may grumble about but which we also expect. Outright lying is another matter. On March 12, James Clapper, director of national intelligence, testified at an open congressional hearing. Senator Ron Wyden, Democrat of Oregon, asked him whether the National Security Agency collects ?any type of data at all on millions or hundreds of millions of Americans.? His answer: ?No sir.? Then he added: ?Not wittingly.? It was a lie, as everyone now knows from the articles about the N.S.A.?s data-mining program. Mr. Wyden knew it wasn?t true at the time, since he is on the Senate Intelligence Committee and is privy to secret briefings from people like, well, Mr. Clapper. On Sunday, NBC?s Andrea Mitchell asked Mr. Clapper about the exchange. ?First, I have great respect for Senator Wyden,? Mr. Clapper said, using a Washington code phrase to indicate that he has no respect for the senator. ?I thought, though in retrospect, I was asked ?when are you going to start?stop beating your wife? kind of question, which is, meaning not answerable necessarily, by a simple yes or no. So I responded in what I thought was the most truthful or least untruthful manner, by saying, ?No.?? Mr. Clapper further explained his least-untruthiness by saying he thought Mr. Wyden was asking whether the N.S.A. was actually listening to phone conversations (which Mr. Wyden clearly was not). ?Going back to my metaphor, what I was thinking of is looking at the Dewey Decimal numbers of those books in the metaphorical library,? he said. ?To me collection of U.S. persons data would mean taking the books off the shelf, opening it up and reading it.? This was not, by the way, the first time data-collection came up at a Senate hearing. At a Senate Judiciary Committee hearing in July 2006, then-Attorney General Alberto Gonzales was asked whether the government had accumulated large amounts of data on Americans? routine phone calls. ?The programs and activities you ask about, to the extent that they exist, would be highly classified,? Mr. Gonzales said. You have to wonder about giving a position of vast responsibility to someone who can beat Mr. Gonzales in dishonesty. Fred Kaplan wrote in Slate today that Mr. Clapper should be fired. I doubt Mr. Obama is going to do that. But, as Mr. Kaplan said, Mr. Clapper?s participation in any public discussion of the limits of data mining will be of no value, since we are going to have to parse his meanings of complex words like ?yes? and ?no.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 11 19:04:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jun 2013 20:04:10 -0400 Subject: [Infowarrior] - NAVY TO STOP SCREAMING Message-ID: (c/o DD) http://www.dodbuzz.com/2013/06/06/navy-scuttles-all-cap-messages/ Navy Scuttles All-Cap Messages By Richard Sisk Thursday, June 6th, 2013 5:30 pm WE DON?T HAVE TO SEND MESSAGES THIS WAY ANYMORE, the Navy has decided. Word went out from the Navy?s Fleet Cyber Command on May 8 that the Navy?s internal messaging system now had the ability to transmit in lower case as well as the traditional upper case letters. ?Therefore, it is not necessary to limit Navy messages entirely to upper case,? said the directive, first reported by the Navy Times. Of course, the message saying that upper case was no longer needed went out this way: ?THEREFORE, IT IS NOT NECESSARY TO LIMIT NAVY MESSAGES ENTIRELY TO UPPER CASE.? Alone among the services, the Navy has been using all capitals for internal administrative messages from the routine to the emergency going back more than a century to the days when teletype machines only sent capitals. The reasoning behind the change was that messages in lower and upper case were easier to read, Navy officials said. Another factor was that younger recipients of all-cap messages might tend to think that the person sending them was SCREAMING AT THEM AND REALLY TICKED OFF. ?The capability has been there for about a year? to send routine messages in lower case, said Lt. Joseph Holstead, a spokesman for the Cyber Command. The next step will be to expand that capability to secret and top secret messages, possibly in August, Holstead said. ?There are still a couple of legacy systems out there that we?ll have to convert,? probably in mid-2014, Holstead said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 07:21:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 08:21:18 -0400 Subject: [Infowarrior] - boyd on surveillance and blances Message-ID: If You're OK With Surveillance Because You Have "Nothing to Hide," Think Again By Danah Boyd Posted Tuesday, June 11, 2013, at 11:14 AM http://www.slate.com/blogs/future_tense/2013/06/11/prism_scandal_the_problem_with_nothing_to_hide_and_surveillance.html This post originally appeared on Danah Boyd?s blog Apophenia. Every April, I try to wade through mounds of paperwork to file my taxes. Like most Americans, I?m trying to follow the law and pay all of the taxes that I owe without getting screwed in the process. I try and make sure that every donation I made is backed by proof, every deduction is backed by logic and documentation that I?ll be able to make sense of seven years. Because, like many Americans, I completely and utterly dread the idea of being audited. Not because I?ve done anything wrong, but the exact opposite. I know that I?m filing my taxes to the best of my ability and yet, I also know that if I became a target of interest from the IRS, they?d inevitably find some checkbox I forgot to check or some subtle miscalculation that I didn?t see. And so what makes an audit intimidating and scary is not because I have something to hide but because proving oneself to be innocent takes time, money, effort, and emotional grit. Sadly, I?m getting to experience this right now as Massachusetts refuses to believe that I moved to New York mid-last-year. It?s mind-blowing how hard it is to summon up the paperwork that ?proves? to them that I?m telling the truth. When it was discovered that Verizon (and presumably other carriers) was giving metadata to government officials, my first thought was: Wouldn?t it be nice if the government would use that metadata to actually confirm that I was in NYC, not Massachusetts? But that?s the funny thing about how data is used by our current government. It?s used to create suspicion, not to confirm innocence. The frameworks of ?innocent until proven guilty? and ?guilty beyond a reasonable doubt? are really, really important to civil liberties, even if they mean that some criminals get away. These frameworks put the burden on the powerful entity to prove that someone has done something wrong. Because it?s actually pretty easy to generate suspicion, even when someone is wholly innocent. And still, even with this protection, innocent people are sentenced to jail and even given the death penalty. Because if someone has a vested interest in you being guilty, it?s not impossible to paint that portrait, especially if you have enough data. It?s disturbing to me how often I watch as someone?s likeness is constructed in ways that contorts the image of who they are. This doesn?t require a high-stakes political issue. This is playground stuff. In the world of bullying, I?m astonished at how often schools misinterpret situations and activities to construct narratives of perpetrators and victims. Teens get really frustrated when they?re positioned as perpetrators, especially when they feel as though they?ve done nothing wrong. Once the stakes get higher, all hell breaks loose. In Sticks and Stones, Slate senior editor Emily Bazelon details how media and legal involvement in bullying cases means that they often spin out of control, such as they did in South Hadley. I?m still bothered by the conviction of Dharun Ravi in the highly publicized death of Tyler Clementi. What happens when people are tarred and feathered as symbols for being imperfect? Of course, it?s not just one?s own actions that can be used against one?s likeness. Guilt-through-association is a popular American pastime. Remember how the media used Billy Carter to embarrass Jimmy Carter? Of course, it doesn?t take the media or require an election cycle for these connections to be made. Throughout school, my little brother had to bear the brunt of teachers who despised me because I was a rather rebellious student. So when the Boston Marathon bombing occurred, it didn?t surprise me that the media went hogwild looking for any connection to the suspects. Over and over again, I watched as the media took friendships and song lyrics out of context to try to cast the suspects as devils. By all accounts, it looks as though the brothers are guilty of what they are accused of, but that doesn?t make their friends and other siblings evil or justify the media?s decision to portray the whole lot in such a negative light. So where does this get us? People often feel immune from state surveillance because they?ve done nothing wrong. This rhetoric is perpetuated on American TV. And yet the same media who tells them they have nothing to fear will turn on them if they happen to be in close contact with someone who is of interest to?or if they themselves are the subject of?state interest. And it?s not just about now, but it?s about always. And here?s where the implications are particularly devastating when we think about how inequality, racism, and religious intolerance play out. As a society, we generate suspicion of others who aren?t like us, particularly when we believe that we?re always under threat from some outside force. And so the more that we live in doubt of other people?s innocence, the more that we will self-segregate. And if we?re likely to believe that people who aren?t like us are inherently suspect, we won?t try to bridge those gaps. This creates societal ruptures and undermines any ability to create a meaningful republic. And it reinforces any desire to spy on the ?other? in the hopes of finding something that justifies such an approach. But, like I said, it doesn?t take much to make someone appear suspect. In many ways, the NSA situation that?s unfolding in front of our eyes is raising a question that is critical to the construction of our society. These issues cannot be washed away by declaring personal innocence. A surveillance state will produce more suspect individuals. What?s at stake has to do with how power is employed, by whom, and in what circumstances. It?s about questioning whether or not we still believe in checks and balances to power. And it?s about questioning whether or not we?re OK with continue to move toward a system that presumes entire classes and networks of people as suspect. Regardless of whether or not you?re in one of those classes or networks, are you OK with that being standard fare? Because what is implied in that question is a much uglier one: Is your perception of your safety worth the marginalization of other people who don?t have your privilege? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 07:23:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 08:23:36 -0400 Subject: [Infowarrior] - NYT Editors: Surveillance: A Threat to Democracy Message-ID: <1EF51C9B-7578-4843-87C3-C7CFE9D77042@infowarrior.org> June 11, 2013 Surveillance: A Threat to Democracy By THE EDITORIAL BOARD http://www.nytimes.com/2013/06/12/opinion/surveillance-a-threat-to-democracy.html?hp&_r=0&pagewanted=print A new Washington Post-Pew Research Center poll found that a majority of Americans are untroubled by revelations about the National Security Agency?s dragnet collection of the phone records of millions of citizens, without any individual suspicion and regardless of any connection to a counterterrorism investigation. Perhaps the lack of a broader sense of alarm is not all that surprising when President Obama, Senator Dianne Feinstein, the Democratic chairwoman of the Intelligence Committee, and intelligence officials insist that such surveillance is crucial to the nation?s antiterrorism efforts. But Americans should not be fooled by political leaders putting forward a false choice. The issue is not whether the government should vigorously pursue terrorists. The question is whether the security goals can be achieved by less-intrusive or sweeping means, without trampling on democratic freedoms and basic rights. Far too little has been said on this question by the White House or Congress in their defense of the N.S.A.?s dragnet. The surreptitious collection of ?metadata? ? every bit of information about every phone call except the word-by-word content of conversations ? fundamentally alters the relationship between individuals and their government. Tracking whom Americans are calling, for how long they speak, and from where, can reveal deeply personal information about an individual. Using such data, the government can discover intimate details about a person?s lifestyle and beliefs ? political leanings and associations, medical issues, sexual orientation, habits of religious worship, and even marital infidelities. Daniel Solove, a professor at George Washington University Law School and a privacy expert, likens this program to a Seurat painting. A single dot may seem like no big deal, but many together create a nuanced portrait. The effect is to undermine constitutional principles of personal privacy and freedom from constant government monitoring. The American Civil Liberties Union filed a lawsuit on Tuesday, challenging the program?s constitutionality, and it was right to do so. The government?s capacity to build extensive, secret digital dossiers on such a mass scale is totally at odds with the vision and intention of the nation?s framers who crafted the Fourth Amendment precisely to outlaw indiscriminate searches that cast a wide net to see what can be caught. It also attacks First Amendment values of free speech and association. In a democracy, people are entitled to know what techniques are being used by the government to spy on them, how the records are being held and for how long, who will have access to them, and the safeguards in place to prevent abuse. Only then can they evaluate official claims that the correct balance between fighting terrorism and preserving individual liberty has been struck, and decide if they are willing to accept diminished privacy and liberty. If Americans have been slow to recognize the dangerous overreach of the N.S.A.?s phone surveillance, it is largely because they have scant information to judge the government?s conduct. Even if most Americans trust President Obama not to abuse their personal data, no one knows who will occupy the White House or lead intelligence operations in the future. The government?s capacity to assemble, keep and share information on its citizens has grown exponentially since the days when J. Edgar Hoover, as director of the F.B.I., collected files on political leaders and activists to enhance his own power and chill dissent. Protections against different abuses in this digital age of genuine terrorist threats need to catch up. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 07:33:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 08:33:12 -0400 Subject: [Infowarrior] - Mozilla Petition: Stop Watching Us. Message-ID: <8C6C8744-D018-4517-AD8E-45DB8872CA42@infowarrior.org> Petition@ https://optin.stopwatching.us/ https://twitter.com/@stopwatchingus The revelations about the National Security Agency's surveillance apparatus, if true, represent a stunning abuse of our basic rights. We demand the U.S. Congress reveal the full extent of the NSA's spying programs. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 12:45:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 13:45:25 -0400 Subject: [Infowarrior] - ISOC Statement on Open Global Dialogue ref Online Privacy Message-ID: <20A02F60-2EF9-41F7-B080-7FE42F2B0174@infowarrior.org> Internet Society Statement on the Importance of Open Global Dialogue Regarding Online Privacy 12 June 2013 http://www.internetsociety.org/news/internet-society-statement-importance-open-global-dialogue-regarding-online-privacy [Washington, D.C. and Geneva, Switzerland] The Internet Society has noted recent revelations regarding the apparent scope of U.S. government efforts to gather large amounts of end user information from U.S. Internet and telecom service providers for intelligence purposes. We are deeply concerned that the unwarranted collection, storage and potential correlation of user data will undermine many of the key principles and relationships of trust upon which the global Internet has been built. The impact of this action is not limited to U.S. users or companies, but has implications for Internet users around the globe. While government plays an important role in protecting its citizens and there is a need for better approaches to address online security, the Internet Society strongly believes that real security can only be realized within a broader context of trust and the respect of fundamental rights, such as privacy. The Internet Society, along with many other organizations and individuals around the world, expect governments to respect and protect the basic rights of their citizens ? including the right to privacy both offline and online ? as enshrined in the Universal Declaration of Human Rights. The U.S. Government has previously taken an active role in championing these rights in the international sphere. For example, the U.S. played a leadership role in the adoption of the Human Rights Council Resolution A/HRC/RES/20/8, which re-affirmed that fundamental rights are applicable to individuals? activities in the online environment as well, including privacy and freedom of expression. This means that restrictions of rights should be exceptional and conform to internationally accepted criteria such as: provision by law; pursuing a legitimate purpose; proven as necessary and the least restrictive means required to achieve the purported aim. Users naturally have higher expectations of governments who have adopted these international standards. The Internet must be a channel for secure, reliable, private communication between entities and individuals. Consensus for internationally recognized data protection standards has been formed through agreements constituting key building blocks of online trust, including the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, the EU Data Protection framework, and the APEC Privacy Framework and Cross Border Privacy Rules system. Emerging revelations about alleged U.S. programs to gather information about Internet users raise clear questions about the extent to which individuals? expectations of privacy have been compromised. This kind of collection of user information is at odds with the commitments governments around the world have made with respect to protection of personal data and other human rights. We would expect any government signing onto these principles to fully engage with its citizens in an open dialogue when seeking to achieve both the protection of individual rights and national security. We also need to challenge the view that there always has to be a trade-off between ensuring security and protecting users? rights. The Internet Society is also deeply concerned that alleged programs and similar efforts by other governments will have a chilling effect on the deployment and adoption of technical solutions for establishing trusted connections online. This kind of trust-enabled infrastructure is needed to maintain global interoperability and openness. The Internet is global ? the impact of programs like these is not limited to the specific country in question but rather reverberates across the globe to users everywhere. The revelations of recent days underscore the importance of an open global dialogue regarding online privacy in the realm of national security and the need for all stakeholders to abide by the norms and principles outlined in international agreements on data protection and other fundamental rights. Trusted interactions in cyberspace are critical not only for the future of the Internet, but also for continued innovation, economic and political progress and a vibrant global community. Users need clear and realistic expectations of online privacy that are respected by governments and enterprises alike, so that they can continue to use the Internet in ways that enhance all of society. About the Internet Society The Internet Society is the trusted independent source for Internet information and thought leadership from around the world. With its principled vision and substantial technological foundation, the Internet Society promotes open dialogue on Internet policy, technology, and future development among users, companies, governments, and other organizations. Working with its members and Chapters around the world, the Internet Society enables the continued evolution and growth of the Internet for everyone. For more information, visit www.internetsociety.org Media Contact: Wende Cover, cover at isoc.org, +1-703-439-2773 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 13:01:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 14:01:44 -0400 Subject: [Infowarrior] - Richard Clarke: Why you should worry about the NSA Message-ID: <05DE8228-5A66-4B28-B209-81933210E0C4@infowarrior.org> Why you should worry about the NSA The just-revealed surveillance stretches the law to its breaking point and opens the door to future potential abuses By Richard A. Clarke / NEW YORK DAILY NEWS Clarke is a former counterterrorism adviser to Presidents George H.W. Bush, Bill Clinton and George W. Bush. Wednesday, June 12, 2013, 4:15 AM http://www.nydailynews.com/opinion/worry-nsa-article-1.1369705 None of us want another terrorist attack in the United States. Equally, most of us have nothing to hide from the federal government, which already has so many ways of knowing about us. And we know that the just-revealed National Security Agency program does not actually listen to our calls; it uses the phone numbers, frequency, length and times of the calls for data-mining. So, why is it that many Americans, including me, are so upset with the Obama administration gathering up telephone records? My concerns are twofold. First, the law under which President George W. Bush and now President Obama have acted was not intended to give the government records of all telephone calls. If that had been the intent, the law would have said that. It didn?t. Rather, the law envisioned the administration coming to a special court on a case-by-case basis to explain why it needed to have specific records. I am troubled by the precedent of stretching a law on domestic surveillance almost to the breaking point. On issues so fundamental to our civil liberties, elected leaders should not be so needlessly secretive. The argument that this sweeping search must be kept secret from the terrorists is laughable. Terrorists already assume this sort of thing is being done. Only law-abiding American citizens were blissfully ignorant of what their government was doing. Secondly, we should worry about this program because government agencies, particularly the Federal Bureau of Investigation, have a well-established track record of overreaching, exceeding their authority and abusing the law. The FBI has used provisions of the Patriot Act, intended to combat terrorism, for purposes that greatly exceed congressional intent. Even if you trust Obama, should we have programs and interpretations of law that others could abuse now without his knowing it or later in another administration? Obama thought we needed to set up rules about drones because of what the next President might do. Why does he not see the threat from this telephone program? The answer is that he inherited this vacuum cleaner approach to telephone records from Bush. When Obama was briefed on it, there was no forceful and persuasive advocate for changing it. His chief adviser on these things at the time was John Brennan, a life-long CIA officer. Obama must have been told that the government needed everyone?s phone logs in the NSA?s computers for several reasons. The bureaucrats surely argued that it was easier to run the big data search and correlation program on one database. They said there was no law that could compel the telephone companies to store the records on their own servers. If the telephone companies did so, government and company lawyers then certainly said, they would become legally ?an agent? of the government and could be sued by customers for violating the terms of their service agreements. Finally, Obama was certainly told, if the NSA and the FBI had to query telephone company servers, then the phone companies would know whom the government was watching, a violation of need-to-know secrecy traditions. If there had been a vocal and well-informed civil liberties advocate at the table, Obama might have been told that all those objections were either specious or easily addressed. Law already requires Internet service providers to store emails for years so that the government can look at them. An amendment to existing law could have extended that provision to telephone logs and given the companies a ?safe harbor? provision so they would not be open to suits. The telephone companies could have been paid to maintain the records. If the government wanted a particular set of records, it could tell the Foreign Intelligence Surveillance Court why ? and then be granted permission to access those records directly from specially maintained company servers. The telephone companies would not have to know what data were being accessed. There are no technical disadvantages to doing it that way, although it might be more expensive. Would we, as a nation, be willing to pay a little more for a program designed this way, to avoid a situation in which the government keeps on its own computers a record of every time anyone picks up a telephone? That is a question that should have been openly asked and answered in Congress. The vocal advocate of civil liberties was absent because neither Bush nor Obama had appointed one, despite the recommendation of the 9/11 Commission and a law passed by Congress. Only five years into his administration is our supposedly civil liberties-loving President getting around to activating a long-dormant Privacy and Civil Liberties Oversight Board. It will have a lot of work to do. Clarke is a former counterterrorism adviser to Presidents George H.W. Bush, Bill Clinton and George W. Bush. From rforno at infowarrior.org Wed Jun 12 14:41:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 15:41:34 -0400 Subject: [Infowarrior] - Report: Time Warner Cable Is Paying To Keep TV Shows Offline Message-ID: <61716C28-D9F9-48BA-9B7B-1E0FEFB69619@infowarrior.org> (oh look -- something OTHER than a piece about the NSA surveillance program! --rick) Time Warner Cable Content Incentives Thwart New Web TV By Andy Fixmer and Alex Sherman - Jun 12, 2013 http://www.bloomberg.com/news/print/2013-06-12/time-warner-cable-content-incentives-thwart-new-web-tv.html Time Warner Cable Inc. (TWC) and other pay-TV operators are offering incentives to media companies that agree to withhold content from Web-based entertainment services such as those pursued by Intel Corp. (INTC) and Apple Inc. (AAPL), people with knowledge of the matter said. The incentives can take the form of higher payments, or they can include threats to drop programming, said the people, who asked not to be identified because the discussions are private. Cable companies are seeking to keep customers by ensuring access to exclusive content while fending off competition from upstart Web providers. Time Warner Cable has more than 300 contracts, and some of them may bar media outlets from providing content to online pay-TV services, Chief Executive Officer Glenn Britt said yesterday in a meeting with analysts at the National Cable & Telecommunications Association show. ?We may well have ones that have that prohibition,? Britt said at the conference in Washington. ?This is not a cookie-cutter kind of business.? Some agreements require media companies that license content to Web-based systems to offer the same online rights to Time Warner Cable, Britt said. There?s a brewing battle being waged against incumbent cable-TV companies and telecommunications providers, which already have the rights to distribute TV and movies over their networks. Failed Progress Arrayed against them are technology companies such as Intel, Apple and Google Inc. (GOOG), which are eager to cut deals that would let them provide programming over the Web. These newcomers have been working for years on devices, software and services that have failed to loosen the grip of cable and satellite distributors because they haven?t secured enough content to woo customers. Charter Communications Inc. (CHTR), the fourth-largest cable company, seeks to protect the existing pay-TV ?ecosystem,? Chief Financial Officer Chris Winfrey said at the conference yesterday. ?It?s in everybody?s mutual interest that we are protecting the ecosystem in a way that continues to keep the value of that programming that we have and the way it?s delivered to our subscribers today,? Winfrey said, declining to comment on specific agreements. Maureen Huff, a spokeswoman for New York-based Time Warner Cable, declined to elaborate on Britt?s remarks. Alex Dudley, a spokesman for Charter Communications, headquartered in Stamford, Connecticut, declined to say more on Winfrey?s comments. ?Different Conversation? AT&T Inc. (T), the largest U.S. phone company and the owner of the U-Verse fiber-optic TV service, is negotiating paying less to media companies that also provide content to Internet-based services, Jeff Weber, president of content, said last month at an investor conference. ?If they?re going to go over-the-top, then that?s a very different conversation and a very different value for our customers,? Weber said. ?Exclusive versus non-exclusive has materially different value for our customers. And I think we would want that reflected.? Mark Siegel, a spokesman for Dallas-based AT&T, declined to comment beyond Weber?s remarks. The U.S. Justice Department is investigating whether cable companies are violating antitrust laws by limiting competition from Internet video providers, people familiar with the matter said in June 2012. ?Anticompetitive? Actions The pay-TV companies? actions are anticompetitive, said Gigi Sohn, president and co-founder of Public Knowledge, a Washington-based consumer-rights group that focuses on communications and technology issues. ?Is it anticompetitive generally? Of course it is, they are keeping programming from their competitors,? Sohn said in an interview. ?Does it rise to the level of antitrust violation? That?s something for the Department of Justice to decide.? The plight of the Internet-based services is similar to when satellite companies couldn?t get access to media companies? content until Congress passed legislation in 1992, Sohn said. Government regulators may need to get involved to grant technology companies similar access, she said. ?These sorts of practices are as old as the hills,? she said. ?Over-the-top providers are in regulatory No Man?s Land and they can?t get access to the programming.? The U.S. Federal Trade Commission should investigate whether pay-TV companies? arrangements violate antitrust laws, Rich Greenfield, an analyst at BTIG LLC, said in a report yesterday. ?Virtual cable systems, or over-the-top providers, would be wonderful for consumers,? Greenfield said in a phone interview. ?It appears certain pay-TV operators don?t want that to happen.? To contact the reporters on this story: Andy Fixmer in Los Angeles at afixmer at bloomberg.net; Alex Sherman in New York at asherman6 at bloomberg.net To contact the editors responsible for this story: Anthony Palazzo at apalazzo at bloomberg.net; Nick Turner at nturner7 at bloomberg.net ?2013 BLOOMBERG L.P. ALL RIGHTS RESERVED. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 14:55:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 15:55:06 -0400 Subject: [Infowarrior] - =?windows-1252?q?Inside_the_NSA=92s_ultra-secret_?= =?windows-1252?q?China_hacking_group?= Message-ID: Inside the NSA?s ultra-secret China hacking group Wednesday, 12 June, 2013, 4:19pm Mathew M. Aid http://www.scmp.com/news/china/article/1259175/inside-nsas-ultra-secret-china-hacking-group Last weekend, US President Barack Obama sat down for a series of meetings with China?s newly appointed leader, Xi Jinping. We know that the two leaders spoke at length about the topic du jour ? cyber-espionage ? a subject that has long frustrated officials in Washington and is now front and centre with the revelations of sweeping US data mining. The media has focused at length on China?s aggressive attempts to electronically steal US military and commercial secrets, but Xi pushed back at the "shirt-sleeves" summit, noting that China, too, was the recipient of cyber-espionage. But what Obama probably neglected to mention is that he has his own hacker army, and it has burrowed its way deep, deep into China?s networks. When the agenda for the meeting at the Sunnylands estate outside Palm Springs, California, was agreed to several months ago, both parties agreed that it would be a nice opportunity for President Xi, who assumed his post in March, to discuss a wide range of security and economic issues of concern to both countries. According to diplomatic sources, the issue of cyber-security was not one of the key topics to be discussed at the summit. Sino-American economic relations, climate change, and the growing threat posed by North Korea were supposed to dominate the discussions. Then, two weeks ago, White House officials leaked to the press that Obama intended to raise privately with Xi the highly contentious issue of China?s widespread use of computer hacking to steal US government, military, and commercial secrets. According to a Chinese diplomat in Washington who spoke in confidence, Beijing was furious about the sudden elevation of cyber-security and Chinese espionage on the meeting?s agenda. According to a diplomatic source in Washington, the Chinese government was even angrier that the White House leaked the new agenda item to the press before Washington bothered to tell Beijing about it. Last week?s revelations about the National Security Agency?s Prism and Verizon metadata collection only add fuel to Beijing?s position. So the Chinese began to hit back. Senior Chinese officials have publicly accused the US government of hypocrisy and have alleged that Washington is also actively engaged in cyber-espionage. When the latest allegation of Chinese cyber-espionage was levelled in late May in a front-page Washington Post article, which alleged that hackers employed by the Chinese military had stolen the blueprints of over three dozen American weapons systems, the Chinese government?s top internet official, Huang Chengqing, shot back that Beijing possessed "mountains of data" showing that the United States has engaged in widespread hacking designed to steal Chinese government secrets. Last week?s revelations about the National Security Agency?s Prism and Verizon metadata collection from a 29-year-old former CIA undercover operative named Edward J. Snowden, who is now living in Hong Kong, only add fuel to Beijing?s position. But Washington never publicly responded to Huang?s allegation, and nobody in the US media seems to have bothered to ask the White House if there is a modicum of truth to the Chinese charges. It turns out that the Chinese government?s allegations are essentially correct. According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the US government?s huge electronic eavesdropping organisation, called the Office of Tailored Access Operations (TAO) has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People?s Republic of China. Hidden away inside the massive NSA headquarters complex at Fort Meade, Maryland, in a large suite of offices segregated from the rest of the agency, TAO is a mystery to many NSA employees. Relatively few NSA officials have complete access to information about TAO because of the extraordinary sensitivity of its operations, and it requires a special security clearance to gain access to the unit?s work spaces inside the NSA operations complex. The door leading to its ultramodern operations centre is protected by armed guards, an imposing steel door that can only be entered by entering the correct six-digit code into a keypad, and a retinal scanner to ensure that only those individuals specially cleared for access get through the door. According to former NSA officials interviewed for this article, TAO?s mission is simple. It collects intelligence information on foreign targets by surreptitiously hacking into their computers and telecommunications systems, cracking passwords, compromising the computer security systems protecting the targeted computer, stealing the data stored on computer hard drives, and then copying all the messages and data traffic passing within the targeted e-mail and text-messaging systems. The technical term of art used by NSA to describe these operations is computer network exploitation (CNE). TAO has successfully penetrated Chinese computer and telecom systems for almost 15 years TAO is also responsible for developing the information that would allow the United States to destroy or damage foreign computer and telecommunications systems with a cyberattack if so directed by the president. The organisation responsible for conducting such a cyberattack is US Cyber Command (Cybercom), whose headquarters is located at Fort Meade and whose chief is the director of the NSA, Gen. Keith Alexander. Commanded since April of this year by Robert Joyce, who formerly was the deputy director of the NSA?s Information Assurance Directorate (responsible for protecting the US government?s communications and computer systems), TAO, sources say, is now the largest and arguably the most important component of the NSA?s huge Signal Intelligence (SIGINT) Directorate, consisting of over 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers. The sanctum sanctorum of TAO is its ultra-modern operations centre at Fort Meade called the Remote Operations Center (ROC), which is where the unit?s 600 or so military and civilian computer hackers (they themselves CNE operators) work in rotating shifts 24 hours a day, seven days a week. These operators spend their days (or nights) searching the ether for computers systems and supporting telecommunications networks being used by, for example, foreign terrorists to pass messages to their members or sympathisers. Once these computers have been identified and located, the computer hackers working in the ROC break into the targeted computer systems electronically using special software designed by TAO?s own corps of software designers and engineers specifically for this purpose, download the contents of the computers? hard drives, and place software implants or other devices called ?buggies? inside the computers? operating systems, which allows TAO intercept operators at Fort Meade to continuously monitor the e-mail and/or text-messaging traffic coming in and out of the computers or hand-held devices. TAO?s work would not be possible without the team of gifted computer scientists and software engineers belonging to the Data Network Technologies Branch, who develop the sophisticated computer software that allows the unit?s operators to perform their intelligence collection mission. A separate unit within TAO called the Telecommunications Network Technologies Branch (TNT) develops the techniques that allow TAO?s hackers to covertly gain access to targeted computer systems and telecommunications networks without being detected. Meanwhile, TAO?s Mission Infrastructure Technologies Branch develops and builds the sensitive computer and telecommunications monitoring hardware and support infrastructure that keeps the effort up and running. TAO even has its own small clandestine intelligence-gathering unit called the Access Technologies Operations Branch, which includes personnel seconded by the CIA and the FBI, who perform what are described as ?off-net operations?, which is a polite way of saying that they arrange for CIA agents to surreptitiously plant eavesdropping devices on computers and/or telecommunications systems overseas so that TAO?s hackers can remotely access them from Fort Meade. It is important to note that TAO is not supposed to work against domestic targets in the United States or its possessions. This is the responsibility of the FBI, which is the sole US intelligence agency chartered for domestic telecommunications surveillance. But in light of information about wider NSA snooping, one has to prudently be concerned about whether TAO is able to perform its mission of collecting foreign intelligence without accessing communications originating in or transiting through the United States. Since its creation in 1997, TAO has garnered a reputation for producing some of the best intelligence available to the US intelligence community not only about China, but also on foreign terrorist groups, espionage activities being conducted against the United States by foreign governments, ballistic missile and weapons of mass destruction developments around the globe, and the latest political, military, and economic developments around the globe. TAO?s operators [are] tapping into thousands of foreign computer systems and accessing password-protected computer hard drives and e-mails of targets around the world. According to a former NSA official, by 2007 TAO?s 600 intercept operators were secretly tapping into thousands of foreign computer systems and accessing password-protected computer hard drives and e-mails of targets around the world. As detailed in my 2009 history of NSA, The Secret Sentry, this highly classified intercept programme, known at the time as Stumpcursor, proved to be critically important during the US Army?s 2007 ?surge? in Iraq, where it was credited with single-handedly identifying and locating over 100 Iraqi and al Qaeda insurgent cells in and around Baghdad. That same year, sources report that TAO was given an award for producing particularly important intelligence information about whether Iran was trying to build an atomic bomb. By the time Obama became president of the United States in January 2009, TAO had become something akin to the wunderkind of the US intelligence community. "It?s become an industry unto itself," a former NSA official said of TAO at the time. "They go places and get things that nobody else in the IC [intelligence community] can." Given the nature and extraordinary political sensitivity of its work, it will come as no surprise that TAO has always been, and remains, extraordinarily publicity shy. Everything about TAO is classified top secret codeword, even within the hyper-secretive NSA. Its name has appeared in print only a few times over the past decade, and the handful of reporters who have dared inquire about it have been politely but very firmly warned by senior US intelligence officials not to describe its work for fear that it might compromise its ongoing efforts. According to a senior US defence official who is familiar with TAO?s work, "The agency believes that the less people know about them [TAO] the better." The word among NSA officials is that if you want to get promoted or recognised, get a transfer to TAO as soon as you can. The current head of the NSA?s SIGINT Directorate, Teresa Shea, 54, got her current job in large part because of the work she did as chief of TAO in the years after the 9/11 terrorist attacks, when the unit earned plaudits for its ability to collect extremely hard-to-come-by information during the latter part of George W. Bush?s administration. We do not know what the information was, but sources suggest that it must have been pretty important to propel Shea to her position today. But according to a recently retired NSA official, TAO "is the place to be right now". There?s no question that TAO has continued to grow in size and importance since Obama took office in 2009, which is indicative of its outsized role. In recent years, TAO?s collection operations have expanded from Fort Meade to some of the agency?s most important listening posts in the United States. There are now mini-TAO units operating at the huge NSA SIGINT intercept and processing centres at NSA Hawaii at Wahiawa on the island of Oahu; NSA Georgia at Fort Gordon, Georgia; and NSA Texas at the Medina Annex outside San Antonio, Texas; and within the huge NSA listening post at Buckley Air Force Base outside Denver. The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO?s activities. The "mountains of data" statement by China?s top internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China?s cyber-espionage activities. As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand. (c) 2013, Foreign Policy Mathew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency, and is co-editor with Cees Wiebes of Secrets of Signals Intelligence During the Cold War and Beyond. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 15:07:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 16:07:43 -0400 Subject: [Infowarrior] - Even The AP Is Calling Bull On Government Claims Of PRISM Helping Stop NYC Subway Bomb Message-ID: <15182FCA-66AC-409D-908C-1D1546DC0B33@infowarrior.org> Even The AP Is Calling Bull On Government Claims Of PRISM Helping Stop NYC Subway Bomb from the when-you-can't-even-convince-them... dept We've already explained how some NSA supporters, including Rep. Mike Rogers and Senator Dianne Feinstein, are trying to defend PRISM and other NSA surveillance efforts by saying that it stopped a NYC subway bombing but their claims don't seem to hold up under scrutiny. Now even the Associated Press is calling out those statements as highly questionable, which is somewhat amazing for the AP, as it normally loves to just present "both sides of the story" and then let you decide what's real. But the article linked above actually digs in and points out where the claims by the NSA's defenders don't seem to add up to anything. < -- > http://www.techdirt.com/articles/20130611/17450923413/even-ap-is-calling-bull-government-claims-prism-helping-stop-nyc-subway-bomb.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 15:12:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 16:12:32 -0400 Subject: [Infowarrior] - FISA court rejects DOJ catch-22 secrecy argument Message-ID: <58A8641B-8594-407F-BD49-B1B66A7FD623@infowarrior.org> REAKING: FISA court rejects Justice Dept's catch-22 secrecy argument, @EFF's case will proceed https://www.eff.org/document/fisc-opinion-and-order-granting-effs-motion --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 12 16:07:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jun 2013 17:07:51 -0400 Subject: [Infowarrior] - WaPo selling editorial space Message-ID: FYI, the WaPo is raising a paywall shortly. In addition, they're offering 'Sponsored Views' that show up with the byline 'Editorial Board' -- which I think is quite misleading. When a newspaper's editorial board writes something, one presumes it, through its employed editors, is taking a unified stand on something. Snarky comments aside, using that same moniker to attribute 'sponsored views' is IMHO dishonest journalism and stealth marketing. The Washington Post Launches ?Sponsored Views? http://www.washingtonpost.com/community-relations/the-washington-post-launches-sponsored-views/2013/06/11/4b49eb8e-d212-11e2-9f1a-1a7cdee20287_story.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 13 07:08:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jun 2013 08:08:15 -0400 Subject: [Infowarrior] - Snowden's big truth: We are all less free Message-ID: Snowden's big truth: We are all less free http://www.itworld.com/it-management/360581/snowdens-big-truth-we-are-all-less-free Questions have been raised about some of the details of an NSA surveillance program dubbed "PRISM," and the man who leaked that information. But the bigger truth is that we are all less free than we thought we were. June 12, 2013, 8:00 AM ? The case of NSA leaker Edward Snowden has taken more twists and turns than a John Le Carr? novel this week. Snowden, as you probably know, is the former NSA contractor and U.S. intelligence expert (and now former Booze Allen Hamilton contractor) who leaked classified information to the press, including a Powerpoint presentation describing an NSA surveillance program dubbed "PRISM." Shortly after stories based on that presentation appeared in The Guardian and The Washington Post, Snowden disappeared from the hotel where he had been staying in Hong Kong. His current whereabouts are unknown, though the Russian government has stepped up to say that it may be willing to offer Snowden asylum. Le Carr? could hardly have imagined it better! In the intervening days, however, a string of stories and editorials claim that Snowden had his facts wrong, accuse him of treason ? or both. Others have accused journalists like Glen Greenwald of The Guardian of rushing to print before they had all the facts. All of these criticisms could be valid. Technology firms may not have given intelligence agencies unfettered and unchecked access to their users' data. Edward Snowden may be, as the New York Times's David Brooks suggests, one of those 20-something-men leading a "life unshaped by the mediating institutions of civil society." I say it again: all may be true without undermining the larger truth of Snowden's revelation, which is that ? in this age of global, networked communications and interactions ? we are all a lot less free than we thought we were. I say this because nobody has seriously challenged the basic truth of Snowden's leak: that many of the world's leading telecommunications and technology firms are regularly divulging information about their users' activities and communications to law enforcement and intelligence agencies based on warrantless requests and court reviews that are hidden from public scrutiny. Statements from the likes of Facebook CEO Mark Zuckerberg and Google CEO Larry Page have confirmed this. Both strongly contested the allegations of "back doors" and unfettered access to their systems, while affirming the regular provision of user data to governments in "accordance with the law." In the U.S., that law is often The USA PATRIOT ACT and the Foreign Intelligence Surveillance Act (FISA). This isn't new information. Many of us have known ? or expected ? that government surveillance post 9/11 was broad. But, as Tenable CEO Ron Gula ? himself, a former NSA employee ? said: believing it and the details of the program broken into Powerpoint bullet points are two different things. Let's remember: the Internet isn't the first revolutionary communications technology to come along in human history. In just the last 100 years, there have been many: our modern postal service, and the telephone among them. Thoughtful legislators in those eras saw fit to make accommodations for those new "conveniences" that also comported with the values enshrined in our Constitution and Bill of Rights. In a 1877 a U.S. Supreme Court decision, weighing the government's ability to inspect the content of letters sent via the postal service, found that "No law of Congress can place in the hands of officials connected with the postal service any authority to invade the secrecy of letters and such sealed packages in the mail; and all regulations adopted as to mail matter of this kind must be in subordination to the great principle embodied in the fourth amendment of the Constitution." That's why all of us understand that exercising the convenience of dropping a letter in the corner post office box doesn't mean that we also consent to the government ripping open that letter and read its contents. Similarly, we all expect that we can pick up the phone and call anybody with the confidence that a law enforcement officer won't be listening in on that phone conversation - at least without the approval of a judge. Sadly, we've been steadily conditioned to think differently about our electronic communications. We've been asked by both private sector firms and our government to accept that there must be some bargain ? a tradeoff between privacy and convenience. Use Gmail ? just be prepared to have your correspondence sucked up into the NSA's new data center in Utah. Previous generations didn't see such bargains as inevitable. And, as recently as 1986, U.S. lawmakers thought to give electronic communications the same level of protection. Slowly, however, those protections have been whittled away, as compute power and data have migrated to the cloud, and to location aware mobile devices. As the Center for Democracy and Technology has pointed out, the Electronic Communications Privacy Act, is now in dire need of an update. Sadly, the momentum seems to be going the other way. Maybe what Mr. Snowden in his youthful naivet? has helped to expose, then, is our own passivity and, therefore, our complicity with what is, in truth, a massive surrender of our Constitutionally guaranteed civil liberties. Maybe the shock of it will prompt much needed changes to strengthen privacy protections and limit the kinds of surveillance of citizens that the government is allowed to conduct. If that happens, we'll all owe Mr. Snowden a debt of gratitude. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 13 09:42:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jun 2013 10:42:55 -0400 Subject: [Infowarrior] - SCOTUS: Genes can NOT be patented Message-ID: <3EB37075-FAF6-4DA3-B3FD-F461D6EEBD86@infowarrior.org> Justices rule human genes cannot be patented Richard Wolf, USA TODAY 10:37 a.m. EDT June 13, 2013 http://www.usatoday.com/story/news/nation/2013/06/13/supreme-court-gene-breast-ovarian-cancer-patent/2382053/ WASHINGTON -- The Supreme Court ruled Thursday that human genes cannot be patented, a decision with both immediate benefits for some breast and ovarian cancer patients and long-lasting repercussions for biotechnology research. The decision represents a victory for cancer patients, researchers and geneticists who claimed that a single company's patent raised costs, restricted research and sometimes forced women to have breasts or ovaries removed without sufficient facts or second opinions. But the court held out a lifeline to Myriad Genetics, the company with an exclusive patent on the isolated form of genes that can foretell an increased genetic risk of cancer. The justices said it can patent a type of DNA that goes beyond extracting the genes from the body. The complex scientific case was perhaps the most important on the high court's calendar other than its more celebrated cases involving same-sex marriage, voting rights and affirmative action. And unlike those cases, which are expected to divide the court sharply along ideological lines, the controversial concept of gene patenting gave all nine justices something to agree on. The decision was based on past patent cases before the high court in which the justices ruled that forces of nature, as opposed to products of invention, are not patent-eligible. Since 1984, the U.S. Patent and Trademark Office has granted more than 40,000 patents tied to genetic material. Armed with those patents, Myriad has tested more than 1 million women since the late 1990s for mutations that often lead to breast and ovarian cancer. Most women who want testing must pay its price ? $3,340 for the breast cancer analysis and $700 for an additional test that picks up a genetic link in about 10% of women who test negative the first time. Myriad officials say about 95% of its patients receive insurance coverage, often without co-payments, so that most patients pay only about $100. Myriad and a broad array of industry trade groups argued that without patent protection, research and development would dry up. Doctors, geneticists, women's health groups and cancer patients contended that competition would lower prices, improve outcomes and lead to more discoveries. The two sides had battled to a draw in lower courts: A federal district court in New York sided with the patent's challengers, while a divided court of appeals that handles patent cases ruled for the company. During oral argument in April, the court was presented with opposite interpretations of Myriad's contribution to genetic research. Christopher Hansen, the lawyer for the American Civil Liberties Union representing the patent's challengers, said Myriad had invented "nothing." Myriad's attorney, Gregory Castanias, said the company created "a new molecule that had never been known to the world." The justices generally agreed that Myriad deserved credit for its process of isolating the gene and its use ? but not for the gene itself. "In isolation, it has no value," Justice Sonia Sotomayor said. "It's just nature sitting there." But the compromise that emerged Thursday was evident during that 65-minute debate. Several of the more conservative justices said a complete denial of patent rights could jeopardize investments by other biotechnology companies ? and that could limit progress on a range of research, from agriculture to the environment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 13 11:54:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jun 2013 12:54:35 -0400 Subject: [Infowarrior] - NSA Infringed Adam Hart-Davis' Photograph For Its PRISM Logo Message-ID: <15423E3C-A7E2-42B9-B6FC-67096E385773@infowarrior.org> NSA Infringed Adam Hart-Davis' Photograph For Its PRISM Logo http://www.techdirt.com/articles/20130612/13042623426/nsa-infringed-adam-hart-davis-photograph-its-prism-logo.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 13 17:16:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jun 2013 18:16:33 -0400 Subject: [Infowarrior] - NSA to release details of attacks it claims were foiled by surveillance Message-ID: <61F1842E-FBE7-496E-B1ED-2DF6AF674689@infowarrior.org> NSA to release details of attacks it claims were foiled by surveillance Senator says spy agency will provide 'cases where surveillance has stopped a terrorist attack' as early as Monday ? Spencer Ackerman in Washington ? guardian.co.uk, Thursday 13 June 2013 17.56 EDT http://www.guardian.co.uk/world/2013/jun/13/nsa-keith-alexander-surveillance-details The National Security Agency (NSA) plans to release details of terrorist attacks thwarted by its controversial bulk surveillance of Americans? communications data, a senior US senator said on Thursday. Senator Dianne Feinstein (Democrat, California), the chairwoman of the Senate intelligence committee, said the NSA director, General Keith Alexander, would provide ?the cases where this [surveillance] has stopped a terrorist attack, both here and in other places? as early as Monday. The claim that the surveillance programs helped stop terrorist attacks has come under criticism from two US senators who sit on the intelligence committee. ?When you're talking about important liberties that the American people feel strongly about, and you want to have an intelligence program, you've got to make a case for why it provides unique value to the [intelligence] community atop what they can already have," Senator Ron Wyden, an Oregon Democrat, told the Guardian in an interview on Thursday. But the FBI director, Robert Mueller, forcefully defended the programs on Thursday to the House judiciary committee by saying the broad surveillance could have foiled the 9/11 attacks and averted ?another Boston?. Feinstein?s comments followed an afternoon briefing attended by 47 senators about two NSA programs recently disclosed by the Guardian: one that collects the phone records of millions of Americans; and another, known as Prism, that targets the online communications of individuals believed to be outside the US. For many senators, it was their first exposure to the details of how the programs operate. Yet the programs may soon change. Feinstein said she had ?tasked director [of national intelligence James] Clapper to consider the program, to present some changes, if he feels it necessary. We will consider changes.? She added: ?We will certainly have legislation which will limit or prevent contractors from handling highly classified technical data.? The Los Angeles Times reported that Edward Snowden, a former Booz Allen Hamilton contractor to the NSA, used a thumb drive to exfiltrate data about the surveillance programs to the Guardian and the Washington Post. Feinstein also cleared up a lingering uncertainty about the role of the courts in overseeing the NSA?s ability to comb through its database of the phone records of millions of Americans. The NSA has the ability to search the database unilaterally. ?To search the database you have to have reasonable, articulable cause to believe that an individual is connected to a terrorist group,? Feinstein said. ?Then you can get the numbers. If you want to collect content, then you get a court order.? Pressed by the Guardian if that meant the NSA did not require a court order to search through the database, she replied, ?That?s my understanding.? In a heated Senate appropriations committee hearing on Wednesday, the NSA chief, General Alexander, said: ?We don't get to swim through the data,? and that searching through it requires a ?very deliberate process.? But that process is not overseen by a judge ahead of time, according to the Senate intelligence committee chairwoman. Feinstein also said that before any content could be searched pursuant to a court order, all the NSA possesses is ?the name and the number called, whether it?s one number or two?. Yet US intelligence leaders have firmly denied its phone-records databases contain any names of any subscribers. ?The information acquired does not include the content of any communications or the identity of any subscriber,? according to a 6 June factsheet released by Clapper. It is unclear if Feinstein misspoke or learned new information at the briefing, as she spoke to reporters for about four minutes before leaving to catch a plane. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 07:14:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 08:14:39 -0400 Subject: [Infowarrior] - Secret Court Ruling Put Tech Companies in Data Bind Message-ID: June 13, 2013 Secret Court Ruling Put Tech Companies in Data Bind By CLAIRE CAIN MILLER http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html?hp&_r=0&pagewanted=print SAN FRANCISCO ? In a secret court in Washington, Yahoo?s top lawyers made their case. The government had sought help in spying on certain foreign users, without a warrant, and Yahoo had refused, saying the broad requests were unconstitutional. The judges disagreed. That left Yahoo two choices: Hand over the data or break the law. So Yahoo became part of the National Security Agency?s secret Internet surveillance program, Prism, according to leaked N.S.A. documents, as did seven other Internet companies. Like almost all the actions of the secret court, which operates under the Foreign Intelligence Surveillance Act, the details of its disagreement with Yahoo were never made public beyond a heavily redacted court order, one of the few public documents ever to emerge from the court. The name of the company had not been revealed until now. Yahoo?s involvement was confirmed by two people with knowledge of the proceedings. Yahoo declined to comment. But the decision has had lasting repercussions for the dozens of companies that store troves of their users? personal information and receive these national security requests ? it puts them on notice that they need not even try to test their legality. And despite the murky details, the case offers a glimpse of the push and pull among tech companies and the intelligence and law enforcement agencies that try to tap into the reams of personal data stored on their servers. It also highlights a paradox of Silicon Valley: while tech companies eagerly vacuum up user data to track their users and sell ever more targeted ads, many also have a libertarian streak ingrained in their corporate cultures that resists sharing that data with the government. ?Even though they have an awful reputation on consumer privacy issues, when it comes to government privacy, they generally tend to put their users first,? said Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union. ?There?s this libertarian, pro-civil liberties vein that runs through the tech companies.? Lawyers who handle national security requests for tech companies say they rarely fight in court, but frequently push back privately by negotiating with the government, even if they ultimately have to comply. In addition to Yahoo, which fought disclosures under FISA, other companies, including Google, Twitter, smaller communications providers and a group of librarians, have fought in court elements of National Security Letters, which the F.B.I. uses to secretly collect information about Americans. Last year, the government issued more than 1,850 FISA requests and 15,000 National Security Letters. ?The tech companies try to pick their battles,? said Stephen I. Vladeck, a law professor at American University who has challenged government counterterrorism surveillance. ?Behind the scenes, different tech companies show different degrees of cooperativeness or pugnaciousness.? But Mr. Vladeck added that even if a company resisted, ?that may not be enough, because any pushback is secret and at the end of the day, even the most well-intentioned companies are not going to be standing in the shoes of their customers.? FISA requests can be as broad as seeking court approval to ask a company to turn over information about the online activities of people in a certain country. Between 2008 and 2012, only two of 8,591 applications were rejected, according to data gathered by the Electronic Privacy Information Center, a nonprofit research center in Washington. Without obtaining court approval, intelligence agents can then add more specific requests ? like names of individuals and additional Internet services to track ? every day for a year. National Security Letters are limited to the name, address, length of service and toll billing records of a service?s subscribers. Because national security requests ban recipients from even acknowledging their existence, it is difficult to know exactly how, and how often, the companies cooperate or resist. Small companies are more likely to take the government to court, lawyers said, because they have fewer government relationships and customers, and fewer disincentives to rock the boat. One of the few known challenges to a National Security Letter, for instance, came from a small Internet provider in New York, the Calyx Internet Access Corporation. The Yahoo ruling, from 2008, shows the company argued that the order violated its users? Fourth Amendment rights against unreasonable searches and seizures. The court called that worry ?overblown.? ?Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse,? the court said, adding that the government?s ?efforts to protect national security should not be frustrated by the courts.? One of the most notable challenges to a National Security Letter came from an unidentified electronic communications service provider in San Francisco. In 2011, the company was presented with a letter from the F.B.I., asking for account information of a subscriber for an investigation into ?international terrorism or clandestine intelligence activities.? The company went to court. In March, a Federal District Court judge, Susan Illston, ruled the information request unconstitutional, along with the gag order. The case is under appeal, which is why the company cannot be named. Google filed a challenge this year against 19 National Security Letters in the same federal court, and in May, Judge Illston ruled against the company. Google was not identified in the case, but its involvement was confirmed by a person briefed on the case. In 2011, Twitter successfully challenged a silence order on a National Security Letter related to WikiLeaks members. Other companies are asking for permission to talk about national security requests. Google negotiated with Justice officials to publish the number of letters they received, and were allowed to say they each received between zero and 999 last year, as did Microsoft. The companies, along with Facebook and Twitter, said Tuesday that the government should give them more freedom to disclose national security requests. The companies comply with a vast majority of nonsecret requests, including subpoenas and search warrants, by providing at least some of the data. For many of the requests to tech companies, the government relies on a 2008 amendment to FISA. Even though the FISA court requires so-called minimization procedures to limit incidental eavesdropping on people not in the original order, including Americans, the scale of electronic communication is so vast that such information ? say, on an e-mail string ? is often picked up, lawyers say. Last year, the FISA court said the minimization rules were unconstitutional, and on Wednesday, ruled that it had no objection to sharing that opinion publicly. It is now up to a federal court. Nicole Perlroth and Somini Sengupta contributed reporting from San Francisco. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 07:24:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 08:24:39 -0400 Subject: [Infowarrior] - ref classification, DC still not getting it Message-ID: It's interesting to see the USG pointing fingers at contractors and contractor access to classified information, but it has made little if any mention in public about dealing with the gross decades-old issue of overclassification of information....which was made abundantly clear to the public during the Wikileaks/Manning event in 2010. Reforming the scope, nature, and use of classification policies/needs would reduce the number of "contractors" (and gov folks!) that have access to classified information in the first place and be a better remedy to the current situation. But that would admit a problem exists, and addicts [to the cult of secrecy] rarely can do that on their own. ;( Feinstein Eyes Limit on Contractor Access After NSA Leaks http://www.bloomberg.com/news/print/2013-06-14/feinstein-eyes-limit-on-contractor-access-after-nsa-leaks.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 07:33:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 08:33:19 -0400 Subject: [Infowarrior] - OT: Australian Army chief response to sexual abuse Message-ID: <9A7C4968-320F-4B0B-9EF8-D16974150D30@infowarrior.org> Kudos to him....and a worthy role model for others to emulate in responding to scandals. Hope is actions to follow equal his strong words! --rick "In response to a breaking scandal the head of the Australian Army gives a textbook example on how to respond to sexual abuse in the military, hell, misogyny in any organisation: blunt, unambiguous, drawing on both institutional policy and personal ethics, and frankly a bit terrifying in a Tywin Lassister kind of way. I quailed and I'm not even a soldier. I also think there should be more of this." Australian Army on institutional sexism: The standard you walk past is the standard you accept http://boingboing.net/2013/06/13/australian-army-on-institution.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 07:36:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 08:36:26 -0400 Subject: [Infowarrior] - Schneier: Trading Privacy for Convenience Message-ID: Trading Privacy for Convenience http://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html Ray Wang makes an important point about trust and our data: This is the paradox. The companies contending to win our trust to manage our digital identities all seem to have complementary (or competing) business models that breach that trust by selling our data. ...and by turning it over to the government. The current surveillance state is a result of a government/corporate partnership, and our willingness to give up privacy for convenience. If the government demanded that we all carry tracking devices 24/7, we would rebel. Yet we all carry cell phones. If the government demanded that we deposit copies of all of our messages to each other with the police, we'd declare their actions unconstitutional. Yet we all use Gmail and Facebook messaging and SMS. If the government demanded that we give them access to all the photographs we take, and that we identify all of the people in them and tag them with locations, we'd refuse. Yet we do exactly that on Flickr and other sites. Ray Ozzie is right when he said that we got what we asked for when we told the government we were scared and that they should do whatever they wanted to make us feel safer. But we also got what we asked for when we traded our privacy for convenience, trusting these corporations to look out for our best interests. We're living in a world of feudal security. And if you watch Game of Thrones, you know that feudalism benefits the powerful -- at the expense of the peasants. Last night, I was on All In with Chris Hayes (parts one and two). One of the things we talked about after the show was over is how technological solutions only work around the margins. That's not a cause for despair. Think about technological solutions to murder. Yes, they exist -- wearing a bullet-proof vest, for example -- but they're not really viable. The way we protect ourselves from murder is through laws. This is how we're also going to protect our privacy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 13:52:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 14:52:12 -0400 Subject: [Infowarrior] - The Real War on Reality Message-ID: <4ADF4B96-A16C-4919-9401-96DD2AA68F23@infowarrior.org> June 14, 2013, 12:00 pm The Real War on Reality By PETER LUDLOW http://opinionator.blogs.nytimes.com/2013/06/14/the-real-war-on-reality/?hp&pagewanted=print If there is one thing we can take away from the news of recent weeks it is this: the modern American surveillance state is not really the stuff of paranoid fantasies; it has arrived. The revelations about the National Security Agency?s PRISM data collection program have raised awareness ? and understandably, concern and fears ? among American and those abroad, about the reach and power of secret intelligence gatherers operating behind the facades of government and business. But those revelations, captivating as they are, have been partial ?they primarily focus on one government agency and on the surveillance end of intelligence work, purportedly done in the interest of national security. What has received less attention is the fact that most intelligence work today is not carried out by government agencies but by private intelligence firms and that much of that work involves another common aspect of intelligence work: deception. That is, it is involved not just with the concealment of reality, but with the manufacture of it. The realm of secrecy and deception among shadowy yet powerful forces may sound like the province of investigative reporters, thriller novelists and Hollywood moviemakers ? and it is ? but it is also a matter for philosophers. More accurately, understanding deception and and how it can be exposed has been a principle project of philosophy for the last 2500 years. And it is a place where the work of journalists, philosophers and other truth-seekers can meet. In one of the most referenced allegories in the Western intellectual tradition, Plato describes a group of individuals shackled inside a cave with a fire behind them. They are able to see only shadows cast upon a wall by the people walking behind them. They mistake shadows for reality. To see things as they truly are, they need to be unshackled and make their way outside the cave. Reporting on the world as it truly is outside the cave is one of the foundational duties of philosophers. In a more contemporary sense, we should also think of the efforts to operate in total secrecy and engage in the creation of false impressions and realities as a problem area in epistemology ? the branch of philosophy concerned with the nature of knowledge. And philosophers interested in optimizing our knowledge should consider such surveillance and deception not just fodder for the next ?Matrix? movie, but as real sort of epistemic warfare. To get some perspective on the manipulative role that private intelligence agencies play in our society, it is worth examining information that has been revealed by some significant hacks in the past few years of previously secret data. Important insight into the world these companies came from a 2010 hack by a group best known as LulzSec (at the time the group was called Internet Feds), which targeted the private intelligence firm HBGary Federal. That hack yielded 75,000 e-mails. It revealed, for example, that Bank of America approached the Department of Justice over concerns about information that WikiLeaks had about it. The Department of Justice in turn referred Bank of America to the lobbying firm Hunton and Willliams, which in turn connected the bank with a group of information security firms collectively known as Team Themis. Team Themis (a group that included HBGary and the private intelligence and security firms Palantir Technologies, Berico Technologies and Endgame Systems) was effectively brought in to find a way to undermine the credibility of WikiLeaks and the journalist Glenn Greenwald (who recently broke the story of Edward Snowden?s leak of the N.S.A.?s Prism program), because of Greenwald?s support for WikiLeaks. Specifically, the plan called for actions to ?sabotage or discredit the opposing organization? including a plan to submit fake documents and then call out the error. As for Greenwald, it was argued that he would cave ?if pushed? because he would ?choose professional preservation over cause.? That evidently wasn?t the case. Team Themis also developed a proposal for the Chamber of Commerce to undermine the credibility of one of its critics, a group called Chamber Watch. The proposal called for first creating a ?false document, perhaps highlighting periodical financial information,? giving it to a progressive group opposing the Chamber, and then subsequently exposing the document as a fake to ?prove that U.S. Chamber Watch cannot be trusted with information and/or tell the truth.? (A photocopy of the proposal can be found here.) In addition, the group proposed creating a ?fake insider persona? to infiltrate Chamber Watch. They would ?create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second.? The hack also revealed evidence that Team Themis was developing a ?persona management? system ? a program, developed at the specific request of the United States Air Force, that allowed one user to control multiple online identities (?sock puppets?) for commenting in social media spaces, thus giving the appearance of grass roots support. The contract was eventually awarded to another private intelligence firm. This may sound like nothing so much as a ?Matrix?-like fantasy, but it is distinctly real, and resembles in some ways the employment of ?Psyops? (psychological operations), which as most students of recent American history know, have been part of the nation?s military strategy for decades. The military?s ?Unconventional Warfare Training Manual? defines Psyops as ?planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals.? In other words, it is sometimes more effective to deceive a population into a false reality than it is to impose its will with force or conventional weapons. Of course this could also apply to one?s own population if you chose to view it as an ?enemy? whose ?motives, reasoning, and behavior? needed to be controlled. Psyops need not be conducted by nation states; they can be undertaken by anyone with the capabilities and the incentive to conduct them, and in the case of private intelligence contractors, there are both incentives (billions of dollars in contracts) and capabilities. Several months after the hack of HBGary, a Chicago area activist and hacker named Jeremy Hammond successfully hacked into another private intelligence firm ? Strategic Forcasting Inc., or Stratfor), and released approximately five million e-mails. This hack provided a remarkable insight into how the private security and intelligence companies view themselves vis a vis government security agencies like the C.I.A. In a 2004 e-mail to Stratfor employees, the firm?s founder and chairman George Friedman was downright dismissive of the C.I.A.?s capabilities relative to their own: ?Everyone in Langley [the C.I.A.] knows that we do things they have never been able to do with a small fraction of their resources. They have always asked how we did it. We can now show them and maybe they can learn.? The Stratfor e-mails provided us just one more narrow glimpse into the world of the private security firms, but the view was frightening. The leaked e-mails revealed surveillance activities to monitor protestors in Occupy Austin as well as Occupy?s relation to the environmental group Deep Green Resistance. Staffers discussed how one of their own men went undercover (?U/C?) and inquired about an Occupy Austin General Assembly meeting to gain insight into how the group operates. Stratfor was also involved in monitoring activists who were seeking reparations for victims of a chemical plant disaster in Bhopal, India, including a group called Bophal Medical Appeal. But the targets also included The Yes Men, a satirical group that had humiliated Dow Chemical with a fake news conference announcing reparations for the victims. Stratfor regularly copied several Dow officers on the minutia of activities by the two members of the Yes Men. One intriguing e-mail revealed that the Coca-Cola company was asking Stratfor for intelligence on PETA (People for the Ethical Treatment of Animals) with Stratfor vice president for Intelligence claiming that ?The F.B.I. has a classified investigation on PETA operatives. I?ll see what I can uncover.? From this one could get the impression that the F.B.I. was in effect working as a private detective Stratfor and its corporate clients. Stratfor also had a broad-ranging public relations campaign. The e-mails revealed numerous media companies on its payroll. While one motivation for the partnerships was presumably to have sources of intelligence, Stratfor worked hard to have soap boxes from which to project its interests. In one 2007 e-mail, it seemed that Stratfor was close to securing a regular show on NPR: ?[the producer] agreed that she wants to not just get George or Stratfor on one time on NPR but help us figure the right way to have a relationship between ?Morning Edition? and Stratfor.? On May 28 Jeremy Hammond pled guilty to the Stratfor hack, noting that even if he could successfully defend himself against the charges he was facing, the Department of Justice promised him that he would face the same charges in eight different districts and he would be shipped to all of them in turn. He would become a defendant for life. He had no choice but to plea to a deal in which he may be sentenced to 10 years in prison. But even as he made the plea he issued a statement, saying ?I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.? (In a video interview conducted by Glenn Greenwald with Edward Snowden in Hong Kong this week, Snowden expressed a similar ethical stance regarding his actions.) Given the scope and content of what Hammond?s hacks exposed, his supporters agree that what he did was right. In their view, the private intelligence industry is effectively engaged in Psyops against American public., engaging in ?planned operations to convey selected information to [us] to influence [our] emotions, motives, objective reasoning and, ultimately, [our] behavior?? Or as the philosopher might put it, they are engaged in epistemic warfare. The Greek word deployed by Plato in ?The Cave? ? aletheia ? is typically translated as truth, but is more aptly translated as ?disclosure? or ?uncovering? ? literally, ?the state of not being hidden.? Martin Heidegger, in an essay on the allegory of the cave, suggested that the process of uncovering was actually a precondition for having truth. It would then follow that the goal of the truth-seeker is to help people in this disclosure ? it is to defeat the illusory representations that prevent us from seeing the world the way it is. There is no propositional truth to be had until this first task is complete. This is the key to understanding why hackers like Jeremy Hammond are held in such high regard by their supporters. They aren?t just fellow activists or fellow hackers ? they are defending us from epistemic attack. Their actions help lift the hood that is periodically pulled over our eyes to blind us from the truth. Peter Ludlow is professor of philosophy at Northwestern University. His most recent book is ?The Philosophy of Generative Linguistics.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 13:52:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 14:52:29 -0400 Subject: [Infowarrior] - NFL's new security policy alienates women w/purse ban Message-ID: <9664E3BA-2AC1-4178-9A4D-3E906B7945AF@infowarrior.org> Fans ? especially women ? angry about NFL's new bag policy Published 46 minutes and 19 seconds ago Last updated 25 minutes and 19 seconds ago David Steele Sporting News http://www.sportingnews.com/nfl/story/2013-06-14/nfl-bag-policy-complaints-purse-fanny-bag-restrictions-2013-season-security-bost NFL fans?especially female ones?are not buying the league?s new restrictions on purses and other bags in stadiums on game days. Not coincidentally, the NFL is asking fans to literally buy into it, by selling allowable bags bearing team logos. Social media and the comment sections on news and team websites filled up with complaints after the league and all teams unveiled the new security policy on Thursday. Little objection has been heard about banning coolers and backpacks; the official NFL announcement cited the bombing attack on the Boston Marathon in April as one justification for the new policy. A lot has arisen, however, over the prohibition on ?purses larger than a clutch bag,? defined as ?approximately the size of a hand, with or without a handle or strap.? Fanny packs are also deemed outside of the size restrictions. The official announcement by the NFL and each individual team included this line: ?For fans who wish to purchase team logo bags, they will be available.? As of Friday afternoon, NFLShop.com did not have such bags on sale. The backlash was immediate, from fans and from women who cover the NFL. ?It?s ridiculous. I don?t understand it at all,?? said Syreeta Hubbard, who blogs and tweets about the Baltimore Ravens and the league under the name ?The NFL Chick.? Her concerns are that the NFL even deems a fanny pack too big??It?s a standard thing I?ve been doing for the last three years, and it?s worked perfect for me??and that it found another vein of revenue to tap. ?It?s not realistic to say I?m not going to go to the games, or that fans are going to boycott them over it,? she said, ?but at the end of the day, we?re already spending a lot of money. ? I just see this as greedy. They don?t need the extra money. But there?s nothing we can do about it.? Others point out that not bringing a purse is simply impractical?and that a valuable segment of a loyal support group is being alienated for no reason. ?What the league considers an improvement to public safety, I consider a setback for all fans, particularly women,? wrote Melissa Jacobs, who runs the website TheFootballGirl.com. ?Women carry purses. It is a multimillion-dollar industry?yes, because of the fashion, but mostly because of the functionality. ?By asking women to leave their purses at home?and based on the restrictions, I mean asking every woman to leave her purse at home?the league is disconnecting from a fan base they are supposedly working so hard to expand.? Fans were no less angry about the restrictions, the extra time it likely will take to pass through security, the banning of other items such as seat cushions?and, overall, the money it potentially will cost them because they?ll have to buy in the stadium what they couldn?t bring from outside. ?So, after spending over $50 on a Ravens purse on NFL.com, I can't bring it to the stadium? Ridiculous!? said one comment on the Baltimore Ravens? official website. ?This is OUTRAGEOUS. Where do you put your phone? Wallet? Camera? Raingear? Public safety my (expletive),? vented a fan on the Philadelphia Eagles? site. ?You bring in hats and mittens; (you need) a place to put it. You?ve got your wallet?just Kleenex. You?re at Lambeau Field in wintertime. You need those things,? Packers fan Jeanne Wolf told WGBA-TV in Green Bay. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 14 13:52:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jun 2013 14:52:34 -0400 Subject: [Infowarrior] - More Recording Industry Idiocy Message-ID: Legacy Recording Industry Claims Pandora Is Playing A 'Sick Joke' In Seeking The Same Rates Others Pay http://www.techdirt.com/articles/20130613/14324223460/legacy-recording-industry-claims-pandora-is-playing-sick-joke-seeking-same-rates-others-pay.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 15 09:05:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jun 2013 10:05:36 -0400 Subject: [Infowarrior] - Senators skip classified briefing on NSA snooping to catch flights home Message-ID: Senators skip classified briefing on NSA snooping to catch flights home By Alexander Bolton - 06/15/13 06:00 AM ET http://thehill.com/homenews/senate/305765-senators-skip-classified-briefing-on-nsa-snooping-to-catch-flights-home#ixzz2WHh6qpXb A recent briefing by senior intelligence officials on surveillance programs failed to attract even half of the Senate, showing the lack of enthusiasm in Congress for learning about classified security programs. Many senators elected to leave Washington early Thursday afternoon instead of attending a briefing with James Clapper, the Director of National Intelligence, Keith Alexander, the head of the National Security Agency (NSA), and other officials. The Senate held its last vote of the week a little after noon on Thursday, and many lawmakers were eager to take advantage of the short day and head back to their home states for Father?s Day weekend. Only 47 of 100 senators attended the 2:30 briefing, leaving dozens of chairs in the secure meeting room empty as Clapper, Alexander and other senior officials told lawmakers about classified programs to monitor millions of telephone calls and broad swaths of Internet activity. The room on the lower level of the Capitol Visitor Center is large enough to fit the entire Senate membership, according to a Senate aide. The Hill was not provided the names of who did, and who didn't, attend the briefing. The exodus of colleagues exasperated Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.), who spent a grueling week answering colleagues? and media questions about the program. ?It?s hard to get this story out. Even now we have this big briefing ? we?ve got Alexander, we?ve got the FBI, we?ve got the Justice Department, we have the FISA Court there, we have Clapper there ? and people are leaving,? she said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 15 09:05:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jun 2013 10:05:41 -0400 Subject: [Infowarrior] - Mangled facts, secrecy brew confusion about NSA Message-ID: <40586095-4EFA-4286-9EE9-83C1E040B43B@infowarrior.org> Mangled facts, secrecy brew confusion about NSA By CONNIE CASS | Associated Press ? 22 hrs ago http://news.yahoo.com/mangled-facts-secrecy-brew-confusion-nsa-212437604.html WASHINGTON (AP) ? Wondering what the U.S. government might know about your phone calls and online life? And whether all of this really helps find terrorists? Good luck finding solid answers. Americans trying to wrap their minds around two giant surveillance programs are confronted with a mishmash of leaks, changing claims and secrecy. Members of Congress complain that their constituents are baffled - and many lawmakers admit they are, too. Adding to the confusion and suspicion, those defending the programs - from President Barack Obama to the nation's spy chief to lawmakers - have sometimes mangled the facts. Questions that could help sort things out often get the same answer: "That's classified." "It's very, very difficult, I think, to have a transparent debate about secret programs approved by a secret court issuing secret court orders based on secret interpretations of the law," said Sen. Tom Udall, D-N.M. The nation's spy leaders promise to declassify more information about the programs, but say revealing too much would tip off terrorists and help them escape detection. Only vague outlines of the two programs that suck up phone records and Internet data have been declassified since the first leaks were published last week in The Guardian and The Washington Post. There's no website, no book, no investigative report for Americans to turn to for the official facts. That magnifies the confusion sown by misleading, retracted or inflated claims. A look at some of the misstatements: ___ THE 9/11 ARGUMENT The government's surveillance powers were expanded after the intelligence failures of Sept. 11, 2001. To explain why millions of telephone records are now stored in a digital library, the NSA chief raised as an example one of the 9/11 hijackers. In a Senate hearing, Army Gen. Keith Alexander implied that had the program been around before 9/11, the intelligence community might have sifted through records of past calls to catch the hijackers before they crashed airliners into the World Trade Center and Pentagon. He pointed to hijacker Khalid al-Mihdhar. "We didn't have the data collected to know that he was a bad person," Alexander said. But the U.S. did know that Mihdhar was a bad guy. The CIA knew that Mihdhar had met with other al-Qaida operatives at a January 2000 gathering in Malaysia. The big problem was the CIA failed to immediately share what it knew about Mihdhar. The information wasn't passed to the FBI until late August 2001. The FBI began searching for Mihdhar in early September, but it was too late. ___ THE FOILED SUBWAY BOMB A 2009 plot to bomb the New York subways is being showcased as a triumph for expanded surveillance. But the details are getting muddied. First, Sen. Dianne Feinstein, the Democratic chairwoman of the Senate Intelligence Committee, credited the phone records data with thwarting al-Qaida bomber Najibullah Zazi's plan. Then, talking points declassified by the Obama administration and circulated to lawmakers attributed the success against Zazi to a different NSA program, the one called PRISM that taps into email and Internet traffic in search of terrorists. The use of PRISM to catch Zazi does little to resolve whether the government needs a program that collects such vast amounts of data, sometimes sweeping up information on American citizens. Even before the post-Sept. 11 expanded surveillance, the FBI had the authority to - and did, regularly - monitor email accounts linked to terrorists. Before the laws changed, the government needed to get a warrant by showing that the target was a suspected member of a terrorist group. In the Zazi case, that connection already was well-established. ___ THE 'LEAST UNTRUTHFUL' ANSWER Director of National Intelligence James Clapper describes his attempt to dodge a question as "too cute by half." Sen. Ron Wyden, who posed the question in March, says Clapper failed to give a straight answer. Rep. Justin Amash, R-Mich., suggests Clapper's answer amounts to perjury and he should resign. The exchange came at a Senate Intelligence Committee hearing before the phone program had been divulged. "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" Wyden, D-Ore., asked Clapper. "No, sir," Clapper answered. "It does not?" Wyden pressed. Clapper reluctantly softened his answer somewhat: "Not wittingly," he said. "There are cases where they could, inadvertently perhaps, collect - but not wittingly." Turns out they do file away phone records - not conversations, but the phone numbers of calls placed and received - on millions of Americans. After that leaked to the public, Clapper tried to explain his answer in an NBC News interview. "I responded," he said, "in what I thought was the most truthful, or least untruthful manner." Wyden says he even gave Clapper a day to prepare his answer. And, Wyden says, he gave Clapper a chance to change his answer in private. ___ CONFUSION IN CONGRESS Even one of the surveillance programs' staunchest supporters had trouble keeping the basics straight. Explaining the programs to reporters, Sen. Lindsey Graham, R-S.C., initially described how the NSA uses pattern analysis to sort through millions of phone calls from the United States. "You basically say, 'Computer, tell me who has called Yemen once a week for the last month,' " Graham said. "They spit out a bunch of numbers." But intelligence officials say that doesn't happen. They say Americans' phone records are only accessed if there is evidence connecting them to suspected terrorists - not just a pattern of calls, such as to a certain country. After intelligence officials objected, Graham - a member of the Armed Services and Judiciary committees but not the Intelligence panel - said he had misspoken. But his earlier words reflect privacy advocates' fears about the sort of thing the government might do with its library of call records, if not now then maybe someday in the future. ___ OBAMA'S TAKE The president tried to reassure Americans about the massive surveillance programs. But he left some misimpressions. "With respect to the Internet and emails," Obama said, "this does not apply to U.S. citizens." Indeed, intelligence agency leaders say that these programs can't legally target Americans. That doesn't mean their online activities won't be swept up in the surveillance net, however. Analysts watching a suspected terrorist see that person's emails, Facebook friends and other online traffic that might include Americans. And American communications can be accidentally captured by computer programs searching for data on terror suspects. John Negroponte, a former director of national intelligence, said such unintentionally gathered information wouldn't be kept or used by agents. Some Congress members bristled at the way Obama described briefings available to them: "Your duly elected representatives have been consistently informed on exactly what we're doing," he said. Sen. Mike Johanns, R-Neb., said: "The impression has been created that people (are) parked in our office giving us daily briefings on this, or monthly briefings. And that's not been the case." At a Senate hearing Wednesday, Johanns complained: "We're all getting bombarded with questions that many of us at the rank-and-file level in the Senate cannot answer." ___ Associated Press writers Adam Goldman, Eileen Sullivan, Lara Jakes, Matt Apuzzo, Donna Cassata and Kimberly Dozier contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 15 13:01:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jun 2013 14:01:22 -0400 Subject: [Infowarrior] - Secret to Prism program: Even bigger data seizure Message-ID: Secret to Prism program: Even bigger data seizure http://bigstory.ap.org/article/secret-prism-success-even-bigger-data-seizure By STEPHEN BRAUN, ANNE FLAHERTY, JACK GILLUM and MATT APUZZO ? Jun. 15 11:34 AM EDT WASHINGTON (AP) ? In the months and early years after 9/11, FBI agents began showing up at Microsoft Corp. more frequently than before, armed with court orders demanding information on customers. Around the world, government spies and eavesdroppers were tracking the email and Internet addresses used by suspected terrorists. Often, those trails led to the world's largest software company and, at the time, largest email provider. The agents wanted email archives, account information, practically everything, and quickly. Engineers compiled the data, sometimes by hand, and delivered it to the government. Often there was no easy way to tell if the information belonged to foreigners or Americans. So much data was changing hands that one former Microsoft employee recalls that the engineers were anxious about whether the company should cooperate. Inside Microsoft, some called it "Hoovering" ? not after the vacuum cleaner, but after J. Edgar Hoover, the first FBI director, who gathered dirt on countless Americans. This frenetic, manual process was the forerunner to Prism, the recently revealed highly classified National Security Agency program that seizes records from Internet companies. As laws changed and technology improved, the government and industry moved toward a streamlined, electronic process, which required less time from the companies and provided the government data in a more standard format. The revelation of Prism this month by the Washington Post and Guardian newspapers has touched off the latest round in a decade-long debate over what limits to impose on government eavesdropping, which the Obama administration says is essential to keep the nation safe. But interviews with more than a dozen current and former government and technology officials and outside experts show that, while Prism has attracted the recent attention, the program actually is a relatively small part of a much more expansive and intrusive eavesdropping effort. Americans who disapprove of the government reading their emails have more to worry about from a different and larger NSA effort that snatches data as it passes through the fiber optic cables that make up the Internet's backbone. That program, which has been known for years, copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis. Whether by clever choice or coincidence, Prism appears to do what its name suggests. Like a triangular piece of glass, Prism takes large beams of data and helps the government find discrete, manageable strands of information. The fact that it is productive is not surprising; documents show it is one of the major sources for what ends up in the president's daily briefing. Prism makes sense of the cacophony of the Internet's raw feed. It provides the government with names, addresses, conversation histories and entire archives of email inboxes. Many of the people interviewed for this report insisted on anonymity because they were not authorized to publicly discuss a classified, continuing effort. But those interviews, along with public statements and the few public documents available, show there are two vital components to Prism's success. The first is how the government works closely with the companies that keep people perpetually connected to each other and the world. That story line has attracted the most attention so far. The second and far murkier one is how Prism fits into a larger U.S. wiretapping program in place for years. ___ Deep in the oceans, hundreds of cables carry much of the world's phone and Internet traffic. Since at least the early 1970s, the NSA has been tapping foreign cables. It doesn't need permission. That's its job. But Internet data doesn't care about borders. Send an email from Pakistan to Afghanistan and it might pass through a mail server in the United States, the same computer that handles messages to and from Americans. The NSA is prohibited from spying on Americans or anyone inside the United States. That's the FBI's job and it requires a warrant. Despite that prohibition, shortly after the Sept. 11 terrorist attacks, President George W. Bush secretly authorized the NSA to plug into the fiber optic cables that enter and leave the United States, knowing it would give the government unprecedented, warrantless access to Americans' private conversations. Tapping into those cables allows the NSA access to monitor emails, telephone calls, video chats, websites, bank transactions and more. It takes powerful computers to decrypt, store and analyze all this information, but the information is all there, zipping by at the speed of light. "You have to assume everything is being collected," said Bruce Schneier, who has been studying and writing about cryptography and computer security for two decades. The New York Times disclosed the existence of this effort in 2005. In 2006, former AT&T technician Mark Klein revealed that the company had allowed the NSA to install a computer at its San Francisco switching center, a spot where fiber optic cables enter the U.S. What followed was the most significant debate over domestic surveillance since the 1975 Church Committee, a special Senate committee led by Sen. Frank Church, D-Idaho, reined in the CIA and FBI for spying on Americans. Unlike the recent debate over Prism, however, there were no visual aids, no easy-to-follow charts explaining that the government was sweeping up millions of emails and listening to phone calls of people accused of no wrongdoing. The Bush administration called it the "Terrorist Surveillance Program" and said it was keeping the United States safe. "This program has produced intelligence for us that has been very valuable in the global war on terror, both in terms of saving lives and breaking up plots directed at the United States," Vice President Dick Cheney said at the time. The government has said it minimizes all conversations and emails involving Americans. Exactly what that means remains classified. But former U.S. officials familiar with the process say it allows the government to keep the information as long as it is labeled as belonging to an American and stored in a special, restricted part of a computer. That means Americans' personal emails can live in government computers, but analysts can't access, read or listen to them unless the emails become relevant to a national security investigation. The government doesn't automatically delete the data, officials said, because an email or phone conversation that seems innocuous today might be significant a year from now. What's unclear to the public is how long the government keeps the data. That is significant because the U.S. someday will have a new enemy. Two decades from now, the government could have a trove of American emails and phone records it can tap to investigative whatever Congress declares a threat to national security. The Bush administration shut down its warrantless wiretapping program in 2007 but endorsed a new law, the Protect America Act, which allowed the wiretapping to continue with changes: The NSA generally would have to explain its techniques and targets to a secret court in Washington, but individual warrants would not be required. Congress approved it, with Sen. Barack Obama, D-Ill., in the midst of a campaign for president, voting against it. "This administration also puts forward a false choice between the liberties we cherish and the security we provide," Obama said in a speech two days before that vote. "I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom." ___ When the Protect America Act made warrantless wiretapping legal, lawyers and executives at major technology companies knew what was about to happen. One expert in national security law, who is directly familiar with how Internet companies dealt with the government during that period, recalls conversations in which technology officials worried aloud that the government would trample on Americans' constitutional right against unlawful searches, and that the companies would be called on to help. The logistics were about to get daunting, too. For years, the companies had been handling requests from the FBI. Now Congress had given the NSA the authority to take information without warrants. Though the companies didn't know it, the passage of the Protect America Act gave birth to a top-secret NSA program, officially called US-98XN. It was known as Prism. Though many details are still unknown, it worked like this: Every year, the attorney general and the director of national intelligence spell out in a classified document how the government plans to gather intelligence on foreigners overseas. By law, the certification can be broad. The government isn't required to identify specific targets or places. A federal judge, in a secret order, approves the plan. With that, the government can issue "directives" to Internet companies to turn over information. While the court provides the government with broad authority to seize records, the directives themselves typically are specific, said one former associate general counsel at a major Internet company. They identify a specific target or groups of targets. Other company officials recall similar experiences. All adamantly denied turning over the kind of broad swaths of data that many people believed when the Prism documents were first released. "We only ever comply with orders for requests about specific accounts or identifiers," Microsoft said in a statement. Facebook said it received between 9,000 and 10,000 requests for data from all government agencies in the second half of last year. The social media company said fewer than 19,000 users were targeted. How many of those were related to national security is unclear, and likely classified. The numbers suggest each request typically related to one or two people, not a vast range of users. Tech company officials were unaware there was a program named Prism. Even former law enforcement and counterterrorism officials who were on the job when the program went live and were aware of its capabilities said this past week that they didn't know what it was called. What the NSA called Prism, the companies knew as a streamlined system that automated and simplified the "Hoovering" from years earlier, the former assistant general counsel said. The companies, he said, wanted to reduce their workload. The government wanted the data in a structured, consistent format that was easy to search. Any company in the communications business can expect a visit, said Mike Janke, CEO of Silent Circle, a company that advertises software for secure, encrypted conversations. The government is eager to find easy ways around security. "They do this every two to three years," said Janke, who said government agents have approached his company but left empty-handed because his computer servers store little information. "They ask for the moon." That often creates tension between the government and a technology industry with a reputation for having a civil libertarian bent. Companies occasionally argue to limit what the government takes. Yahoo even went to court and lost in a classified ruling in 2008, The New York Times reported Friday. "The notion that Yahoo gives any federal agency vast or unfettered access to our users' records is categorically false," Ron Bell, the company's general counsel, said recently. Under Prism, the delivery process varied by company. Google, for instance, says it makes secure file transfers. Others use contractors or have set up stand-alone systems. Some have set up user interfaces making it easier for the government, according to a security expert familiar with the process. Every company involved denied the most sensational assertion in the Prism documents: that the NSA pulled data "directly from the servers" of Microsoft, Yahoo, Google, Facebook, AOL and more. Technology experts and a former government official say that phrasing, taken from a PowerPoint slide describing the program, was likely meant to differentiate Prism's neatly organized, company-provided data from the unstructured information snatched out of the Internet's major pipelines. In slide made public by the newspapers, NSA analysts were encouraged to use data coming from both Prism and from the fiber-optic cables. Prism, as its name suggests, helps narrow and focus the stream. If eavesdroppers spot a suspicious email among the torrent of data pouring into the United States, analysts can use information from Internet companies to pinpoint the user. With Prism, the government gets a user's entire email inbox. Every email, including contacts with American citizens, becomes government property. Once the NSA has an inbox, it can search its huge archives for information about everyone with whom the target communicated. All those people can be investigated, too. That's one example of how emails belonging to Americans can become swept up in the hunt. In that way, Prism helps justify specific, potentially personal searches. But it's the broader operation on the Internet fiber optics cables that actually captures the data, experts agree. "I'm much more frightened and concerned about real-time monitoring on the Internet backbone," said Wolf Ruzicka, CEO of EastBanc Technologies, a Washington software company. "I cannot think of anything, outside of a face-to-face conversation, that they could not have access to." One unanswered question, according to a former technology executive at one of the companies involved, is whether the government can use the data from Prism to work backward. For example, not every company archives instant message conversations, chat room exchanges or videoconferences. But if Prism provided general details, known as metadata, about when a user began chatting, could the government "rewind" its copy of the global Internet stream, find the conversation and replay it in full? That would take enormous computing, storage and code-breaking power. It's possible the NSA could use supercomputers to decrypt some transmissions, but it's unlikely it would have the ability to do that in volume. In other words, it would help to know what messages to zero in on. Whether the government has that power and whether it uses Prism this way remains a closely guarded secret. ___ A few months after Obama took office in 2009, the surveillance debate reignited in Congress because the NSA had crossed the line. Eavesdroppers, it turned out, had been using their warrantless wiretap authority to intercept far more emails and phone calls of Americans than they were supposed to. Obama, no longer opposed to the wiretapping, made unspecified changes to the process. The government said the problems were fixed. "I came in with a healthy skepticism about these programs," Obama explained recently. "My team evaluated them. We scrubbed them thoroughly. We actually expanded some of the oversight, increased some of the safeguards." Years after decrying Bush for it, Obama said Americans did have to make tough choices in the name of safety. "You can't have 100 percent security and also then have 100 percent privacy and zero inconvenience," the president said. Obama's administration, echoing his predecessor's, credited the surveillance with disrupting several terrorist attacks. Leading figures from the Bush administration who endured criticism during Obama's candidacy have applauded the president for keeping the surveillance intact. Jason Weinstein, who recently left the Justice Department as head of its cybercrime and intellectual property section, said it's no surprise Obama continued the eavesdropping. "You can't expect a president to not use a legal tool that Congress has given him to protect the country," he said. "So, Congress has given him the tool. The president's using it. And the courts are saying 'The way you're using it is OK.' That's checks and balances at work." Schneier, the author and security expert, said it doesn't really matter how Prism works, technically. Just assume the government collects everything, he said. He said it doesn't matter what the government and the companies say, either. It's spycraft, after all. "Everyone is playing word games," he said. "No one is telling the truth." ___ Associated Press writers Eileen Sullivan, Peter Svensson, Adam Goldman, Michael Liedtke and Monika Mathur contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 15 19:17:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jun 2013 20:17:14 -0400 Subject: [Infowarrior] - NSA admits listening to U.S. phone calls without warrants Message-ID: <27990023-6911-415B-BE1C-852BA3AFCD17@infowarrior.org> NSA admits listening to U.S. phone calls without warrants National Security Agency discloses in secret Capitol Hill briefing that thousands of analysts can listen to domestic phone calls. That authorization appears to extend to e-mail and text messages too. by Declan McCullagh June 15, 2013 4:39 PM PDT http://news.cnet.com/8301-13578_3-57589495-38/nsa-admits-listening-to-u.s-phone-calls-without-warrants/ The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls. Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed "simply based on an analyst deciding that." If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he learned. "I was rather startled," said Nadler, an attorney and congressman who serves on the House Judiciary committee. Not only does this disclosure shed more light on how the NSA's formidable eavesdropping apparatus works domestically it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls. Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler's disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval. The disclosure appears to confirm some of the allegations made by Edward Snowden, a former NSA infrastructure analyst who leaked classified documents to the Guardian. Snowden said in a video interview that, while not all NSA analysts had this ability, he could from Hawaii "wiretap anyone from you or your accountant to a federal judge to even the president." There are serious "constitutional problems" with this approach, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated warrantless wiretapping cases. "It epitomizes the problem of secret laws." The NSA yesterday declined to comment to CNET. A representative said Nadler was not immediately available. (This is unrelated to last week's disclosure that the NSA is currently collecting records of the metadata of all domestic Verizon calls, but not the actual contents of the conversations.) Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications. William Binney, a former NSA technical director who helped to modernize the agency's worldwide eavesdropping network, told the Daily Caller this week that the NSA records the phone calls of 500,000 to 1 million people who are on its so-called target list, and perhaps even more. "They look through these phone numbers and they target those and that's what they record," Binney said. Brewster Khale, a computer engineer who founded the Internet Archive, has vast experience storing large amounts of data. He created a spreadsheet this week estimating that the cost to store all domestic phone calls a year in cloud storage for data-mining purposes would be about $27 million per year, not counting the cost of extra security for a top-secret program and security clearances for the people involved. NSA's annual budget is classified but is estimated to be around $10 billion. Documents that came to light in an EFF lawsuit provide some insight into how the spy agency vacuums up data from telecommunications companies. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians. AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to a law that Congress enacted in 2008 and renewed in 2012. It's a series of amendments to the Foreign Intelligence Surveillance Act, also known as the FISA Amendments Act. That law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed. A requirement of the 2008 law is that the NSA "may not intentionally target any person known at the time of acquisition to be located in the United States." A possible interpretation of that language, some legal experts said, is that the agency may vacuum up everything it can domestically -- on the theory that indiscriminate data acquisition was not intended to "target" a specific American citizen. Rep. Nadler's disclosure that NSA analysts can listen to calls without court orders came during a House Judiciary hearing on Thursday that included FBI director Robert Mueller as a witness. Mueller initially sought to downplay concerns about NSA surveillance by claiming that, to listen to a phone call, the government would need to seek "a special, a particularized order from the FISA court directed at that particular phone of that particular individual." Is information about that procedure "classified in any way?" Nadler asked. "I don't think so," Mueller replied. "Then I can say the following," Nadler said. "We heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that...In other words, what you just said is incorrect. So there's a conflict." Sen. Dianne Feinstein (D-Calif.), the head of the Senate Intelligence committee, separately acknowledged this week that the agency's analysts have the ability to access the "content of a call." Director of National Intelligence Michael McConnell indicated during a House Intelligence hearing in 2007 that the NSA's surveillance process involves "billions" of bulk communications being intercepted, analyzed, and incorporated into a database. They can be accessed by an analyst who's part of the NSA's "workforce of thousands of people" who are "trained" annually in minimization procedures, he said. (McConnell, who had previously worked as the director of the NSA, is now vice chairman at Booz Allen Hamilton, Snowden's former employer.) If it were "a U.S. person inside the United States, now that would stimulate the system to get a warrant," McConnell told the committee. "And that is how the process would work. Now, if you have foreign intelligence data, you publish it [inside the federal government]. Because it has foreign intelligence value." McConnell said during a separate congressional appearance around the same time that he believed the president had the constitutional authority, no matter what the law actually says, to order domestic spying without warrants. Former FBI counterterrorism agent Tim Clemente told CNN last month that, in national security investigations, the bureau can access records of a previously made telephone call. "All of that stuff is being captured as we speak whether we know it or like it or not," he said. Clemente added in an appearance the next day that, thanks to the "intelligence community" -- an apparent reference to the NSA -- "there's a way to look at digital communications in the past." NSA Director Keith Alexander said this week that his agency's analysts abide by the law: "They do this lawfully. They take compliance oversight, protecting civil liberties and privacy and the security of this nation to their heart every day." But that's not always the case. A New York Times article in 2009 revealed the NSA engaged in significant and systemic "overcollection" of Americans' domestic communications that alarmed intelligence officials. The Justice Department said in a statement at the time that it "took comprehensive steps to correct the situation and bring the program into compliance" with the law. Jameel Jaffer, director of the ACLU's Center for Democracy, says he was surprised to see the 2008 FISA Amendments Act be used to vacuum up information on American citizens. "Everyone who voted for the statute thought it was about international communications," he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 15 21:46:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jun 2013 22:46:16 -0400 Subject: [Infowarrior] - Stellarwind, Mainway, Marina, Nucleon, Prism, oh my! Message-ID: <8ACF04FA-4DA9-4B6D-A8FE-FE60B4EFF46B@infowarrior.org> U.S. surveillance architecture includes collection of revealing Internet, phone metadata http://www.washingtonpost.com/investigations/us-surveillance-architecture-includes-collection-of-revealing-internet-phone-metadata/2013/06/15/e9bf004a-d511-11e2-b05f-3ea3f0e7bb5a_print.html By Barton Gellman, On March 12, 2004, acting attorney general James B. Comey and the Justice Department?s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign- intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach. What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, recently nominated to become FBI director, returned to private life? Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA?s contemporary U.S. operations. STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents. Foreigners, not Americans, are the NSA?s ?targets,? as the law defines that term. But the programs are structured broadly enough that they touch nearly every American household in some way. Obama administration officials and career intelligence officers say Americans should take comfort that privacy protections are built into the design and oversight, but they are not prepared to discuss the details. The White House, the NSA and the Office of the Director of National Intelligence declined to comment on the record for this article. A senior intelligence official agreed to answer questions if not identified. ?We have rich oversight across three branches of government. I?ve got an [inspector general] here, a fairly robust legal staff here .?.?. and there?s the Justice Department?s national security division,? the official said. ?For those things done under court jurisdiction, the courts are intrusive in my business, appropriately so, and there are two congressional committees. It?s a belts-and-suspenders-and-Velcro approach, and inside there?s rich auditing.? But privacy advocates, such as Sen. Ron Wyden (D-Ore.), said the intelligence committee on which he serves needs ?straight answers? to do vigorous oversight. He added: ?The typical person says, ?If I am law-abiding and the government is out there collecting lots of information about me ? who I call, when I call, where I call from? .?.?. I think the typical person is going to say, ?That sure sounds like it could have some effect on my privacy.??? Two of the four collection programs, one each for telephony and the Internet, process trillions of ?metadata? records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY. The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ?NUCLEON. For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history. Former NSA contractor Edward Snowden, 29, who unmasked himself as the source behind the PRISM and Verizon revelations, said he hoped for a systematic debate about the ?danger to our freedom and way of life? posed by a surveillance apparatus ?kept in check by nothing more than policy.? For well over a week, he has had his wish. Startling disclosures have poured out of the nation?s largest and arguably tightest-lipped spy agency at an unprecedented pace. Snowden?s disclosures have opened a national conversation about the limits of secret surveillance in a free society and an outcry overseas against U.S. espionage. The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services. The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of ?business records? that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company?s call database. The Bush administration, by then, had been taking ?bulk metadata? from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support ? and to make unspecified payments to the phone companies for ?collaborative partnerships.? When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the ?provider preferred to be compelled to do so by a court order,? the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records ?essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had? under Bush?s asserted authority alone. Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata. At Bush?s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon. For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that. MARINA and the collection tools that feed it are probably the least known of the NSA?s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls. The NSA calls Internet metadata ?digital network information.? Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs. What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see. ?You could do analyses that give you more information, but the law and procedures don?t allow that,? a senior U.S. intelligence lawyer said. In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use ?contact chaining? techniques to build what the NSA describes as network graphs of people who represented potential threats. The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush?s authorization, which allowed collection of Internet metadata ?for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,? the NSA inspector general?s report said. Lawyers for the agency came up with an interpretation that said the NSA did not ?acquire? the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could ?obtain? metadata in bulk, they argued, without meeting the required standards for acquisition. Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today. As soon as surveillance data ?touches us, we?ve got it, whatever verbs you choose to use,? the official said in an interview. ?We?re not saying there?s a magic formula that lets us have it without having it.? When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation. Then-NSA Director Michael V. Hayden was not among them. According to the inspector general?s classified report, Cheney?s lawyer, Addington, placed a phone call and ?General Hayden had to decide whether NSA would execute the Authorization without the Attorney General?s signature.? He decided to go along. The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself. Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court?s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as ?pen register, trap and trace,? that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line. When the NSA aims for foreign targets whose communications cross U.S. infrastructure, it expects to sweep in some American content ?incidentally? or ?inadvertently,? which are terms of art in regulations governing the NSA. Contact chaining, because it extends to the contacts of contacts of targets, inevitably collects even more American data. Current NSA director Keith B. Alexander and Director of National Intelligence James R. Clapper Jr. have resolutely refused to offer an estimate of the number of Americans whose calls or e-mails have thus made their way into content databases such as ?NUCLEON. The agency and its advocates maintain that its protection of that data is subject to rigorous controls and oversight by Congress and courts. For the public, it comes down to a question of unverifiable trust. ?The constraints that I operate under are much more remarkable than the powers that I enjoy,? said the senior intelligence official who declined to be named. When asked why the NSA could not release an unclassified copy of its ?minimization procedures,? which are supposed to strip accidentally collected records of their identifying details, the official suggested a reporter submit a freedom-of-information request. As for bulk collection of Internet metadata, the question that triggered the crisis of 2004, another official said the NSA is no longer doing it. When pressed on that question, he said he was speaking only of collections under authority of the surveillance court. ?I?m not going to say we?re not collecting any Internet metadata,? he added. ?We?re not using this program and these kinds of accesses to collect Internet metadata in bulk.? Julie Tate and Ellen Nakashima contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 15 22:07:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jun 2013 23:07:45 -0400 Subject: [Infowarrior] - Officials: NSA programs broke plots in 20 nations Message-ID: <7B022AC0-E14D-4C12-8D5E-232EAB5145F6@infowarrior.org> Key point to note: These statistics comingle attacks thwarted against the US and those thwarted in other countries, so the 'news' here is meaningless but likely will be the leading talking points on the various Sunday Morning Bobblehead shows tomorrow. On a side note, reportedly ~half the Senate ditched DIRNSA's special closed-door briefing on these surveillance programs so they could leave town for the weekend. Unfortunately the attendance roster for that meeting has not been released. :( --rick Officials: NSA programs broke plots in 20 nations By KIMBERLY DOZIER, AP Intelligence Writer Updated 7:55 pm, Saturday, June 15, 2013 http://www.sfgate.com/news/article/Officials-NSA-programs-broke-plots-in-20-nations-4602987.php WASHINGTON (AP) ? Top U.S. intelligence officials said Saturday that information gleaned from two controversial data-collection programs run by the National Security Agency thwarted potential terrorist plots in the U.S. and more than 20 other countries ? and that gathered data is destroyed every five years. Last year, fewer than 300 phone numbers were checked against the database of millions of U.S. phone records gathered daily by the NSA in one of the programs, the intelligence officials said in arguing that the programs are far less sweeping than their detractors allege. No other new details about the plots or the countries involved were part of the newly declassified information released to Congress on Saturday and made public by the Senate Intelligence Committee. Intelligence officials said they are working to declassify the dozens of plots NSA chief Gen. Keith Alexander said were disrupted, to show Americans the value of the programs, but that they want to make sure they don't inadvertently reveal parts of the U.S. counterterrorism playbook in the process. The release of information follows a bruising week for U.S. intelligence officials who testified on Capitol Hill, defending programs that were unknown to the public ? and some lawmakers ? until they were revealed by a series of media stories in The Guardian and The Washington Post newspapers, leaked by former NSA contractor Edward Snowden, who remains in hiding in Hong Kong. The disclosures have sparked debate and legal action against the Obama administration by privacy activists who say the data collection goes far beyond what was intended when expanded counterterrorism measures were authorized by Congress after the terror attacks of Sept. 11, 2001. Intelligence officials said Saturday that both NSA programs are reviewed every 90 days by the secret court authorized by the Foreign Intelligence Surveillance Act. Under the program, the records, showing things like time and length of call, can only be examined for suspected connections to terrorism, they said. The officials offered more detail on how the phone records program helped the NSA stop a 2009 al-Qaida plot to blow up New York City subways. They say the program helped them track a co-conspirator of al-Qaida operative Najibullah Zazi ? though it's not clear why the FBI needed the NSA to investigate Zazi's phone records because the FBI would have had the authority to gather records of Zazi's phone calls after identifying him as a suspect, rather than relying on the sweeping collection program. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 16 09:59:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jun 2013 10:59:38 -0400 Subject: [Infowarrior] - After Profits, Defense Firm Faces Pitfalls of Cybersecurity Message-ID: June 15, 2013 After Profits, Defense Firm Faces Pitfalls of Cybersecurity By DAVID E. SANGER and NICOLE PERLROTH http://www.nytimes.com/2013/06/16/us/after-profits-defense-contractor-faces-the-pitfalls-of-cybersecurity.html WASHINGTON ? When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world?s largest and most powerful spy agency in the sands of Abu Dhabi. It was a natural choice: The chief architect of Booz Allen?s cyberstrategy is Mike McConnell, who once led the N.S.A. and pushed the United States into a new era of big data espionage. It was Mr. McConnell who won the blessing of the American intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians. ?They are teaching everything,? one Arab official familiar with the effort said. ?Data mining, Web surveillance, all sorts of digital intelligence collection.? Yet as Booz Allen profits handsomely from its worldwide expansion, Mr. McConnell and other executives of the government contractor ? which sells itself as the gold standard in protecting classified computer systems and boasts that half its 25,000 employees have Top Secret clearances ? have a lot of questions to answer. Among the questions: Why did Booz Allen assign a 29-year-old with scant experience to a sensitive N.S.A. site in Hawaii, where he was left loosely supervised as he downloaded highly classified documents about the government?s monitoring of Internet and telephone communications, apparently loading them onto a portable memory stick barred by the agency? The results could be disastrous for a company that until a week ago had one of the best business plans in Washington, with more than half its $5.8 billion in annual revenue coming from the military and the intelligence agencies. Last week, the chairwoman of the Senate Intelligence Committee, Dianne Feinstein, whom Mr. McConnell regularly briefed when he was in government, suggested for the first time that companies like Booz Allen should lose their broad access to the most sensitive intelligence secrets. ?We will certainly have legislation which will limit or prevent contractors from handling highly classified and technical data,? said Ms. Feinstein, a California Democrat. Senior White House officials said they agreed. Yet cutting contractors out of classified work is a lot harder in practice than in theory. Booz Allen is one of many companies that make up the digital spine of the intelligence world, designing the software and hardware systems on which the N.S.A. and other military and intelligence agencies depend. Mr. McConnell speaks often about the need for the private sector to jolt the government out of its attachment to existing systems, noting, for example, that the Air Force fought the concept of drones for years. Removing contractors from the classified world would be a wrenching change: Of the 1.4 million people with Top Secret clearances, more than a third are private contractors. (The background checks for those clearances are usually done by other contractors.) Mr. McConnell himself has been among the most vocal in warning about the risks to contractors. ?The defense industrial base needs to address security,? he said in an interview with The New York Times last year, months before Booz Allen hired Edward J. Snowden, its young systems administrator who has admitted to leaking documents describing secret N.S.A. programs. ?It should be a condition for contracts. You cannot be competitive in the cyber era if you don?t have a higher level of security.? Booz Allen is saying little about Mr. Snowden?s actions or the questions they have raised about its practices. Mr. McConnell, once among the most accessible intelligence officials in Washington, declined to be interviewed for this article. ?This has to hurt Mike?s relationship with the N.S.A.,? said a business associate of Mr. McConnell?s who requested anonymity. ?He helped set up those contracts and is heavily engaged there.? Indeed, few top officials in the intelligence world have become greater authorities on cyberconflict than the 69-year-old Mr. McConnell, who walks with a stoop from a bad back and speaks with the soft accent of his upbringing in Greenville, S.C. He began his career as a Navy intelligence officer on a small boat in the backwaters of the Mekong Delta during the Vietnam War. Years later he helped the American intelligence apparatus make the leap from an analog world of electronic eavesdropping to the new age of cyberweaponry. President Bill Clinton relied on Mr. McConnell as director of the N.S.A., a post he held from 1992 to 1996. He then moved to Booz Allen as a senior vice president, building its first cyberunits. But with the intelligence community in disarray after its failure to prevent the terrorist attacks of Sept. 11, 2001, the fiasco of nonexistent weapons of mass destruction in Iraq and the toll of constant reorganization, President George W. Bush asked him to be the second director of national intelligence from 2007 to 2009. That was when he made his biggest mark, forcing a reluctant bureaucracy to invest heavily in cybercapability and overseeing ?Olympic Games,? the development of America?s first truly sophisticated cyberweapon, which was used against Iran?s nuclear enrichment program. When Mr. Bush needed someone to bring President-elect Barack Obama up to speed on every major intelligence program he was about to inherit, including drones and defenses against electronic intrusions from China, he handed the task to Mr. McConnell. But Mr. Obama was not interested in keeping the previous team, and Mr. McConnell returned to Booz Allen in 2009. He earned more than $4.1 million his first year back, and $2.3 million last year. He is now vice chairman, and the company describes him as the leader of its ?rapidly expanding cyberbusiness.? In Washington he is often Booz Allen?s public face, because of his ties to the intelligence agencies and his extensive and loyal network of federal intelligence officials who once worked with him. Two months ago, the company announced the creation of a Strategic Innovation Group, staffed by 1,500 employees who are pursuing, among other projects, one of Mr. McConnell?s favorites: the development of ?predictive? intelligence tools that its clients can use to scour the Web for anomalies in behavior and warn of terror or cyberattacks. He has also hired a senior counterterrorism official to market products in the Middle East. This year, the company began working on a $5.6 billion, five-year intelligence analysis program for the Defense Intelligence Agency. The company?s profits are up almost eightfold since it went public in late 2010. Its majority shareholder is the Carlyle Group, which matches private equity with a lot of Washington power, and its executives, chief among them Mr. McConnell, drum up business by warning clients about the potential effects of cyberweapons. ?The digital capabilities are a little bit like W.M.D.?s,? Mr. McConnell said in the interview last year. The good news, he said, is that countries like China and Russia recognize limits in using those weapons, and terror groups have been slow to master the technology. ?The people that would do us harm aren?t yet in possession of them,? he said. As director of national intelligence, Mr. McConnell kept a giant world map propped up in front of his desk. Countries were sized by Internet traffic, and the United States ballooned bigger than all others ? a fact that he told a visitor was at once ?a huge intelligence advantage and a huge vulnerability.? The advantage was that the United States? role as the world?s biggest Internet switching center gave it an opportunity to sort through the vast troves of metadata ? including phone records, Internet activity and banking transactions ? enabling analysts to search for anomalies and look for attacks in the making. But he chafed at the legislative restrictions that slowed the process. So in 2007, as the intelligence chief, he lobbied Congress for revisions to the Foreign Intelligence Surveillance Act to eliminate some of the most burdensome rules on the N.S.A., including that it obtain a warrant when spying on two foreigners abroad simply because they were using a wired connection that flowed through a computer server or switch inside the United States. It made no sense in the modern age, he argued. ?Now if it were wireless, we would not be required to get a warrant,? he told The El Paso Times in August of that year. The resulting changes in both law and legal interpretations led to many of the steps ? including the government?s collection of logs of telephone calls made in and out of the country ? that have been debated since Mr. Snowden began revealing the extent of such programs. Then Mr. McConnell put them into effect. In 2007, ?Mike came back into government with a 100-day plan and a 500-day plan for the intelligence community,? said Stephen J. Hadley, Mr. Bush?s national security adviser. ?He brought a real sense of the private sector to the intelligence world, and it needed it.? The new technologies created a flood of new work for the intelligence agencies ? and huge opportunities for companies like Booz Allen. It hired thousands of young analysts like Mr. Snowden. The intelligence agencies snapped them up, assigning them to sensitive, understaffed locales, including the Hawaii listening station where Mr. Snowden downloaded his materials. Only last month, the Navy awarded Booz Allen, among others, the first contracts in a billion-dollar project to help with ?a new generation of intelligence, surveillance and combat operations.? The new push is to take those skills to American allies, especially at a time of reduced spending in Washington. So while the contract with the United Arab Emirates is small, it may be a model for other countries that see cyberdefense ? and perhaps offense ? as their future. The company reported net income of $219 million in the fiscal year that ended on March 31. That was up from net income of $25 million in 2010, shortly after Mr. McConnell returned to the company. But the legal warnings at the end of its financial report offered a caution that the company could be hurt by ?any issue that compromises our relationships with the U.S. government or damages our professional reputation.? By Friday, shares of Booz Allen had slid nearly 6 percent since the revelations. And a new job posting appeared on its Web site for a systems administrator in Hawaii, ?secret clearance required.? D avid E. Sanger reported from Washington, and Nicole Perlroth from San Francisco. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 16 10:01:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jun 2013 11:01:29 -0400 Subject: [Infowarrior] - Viewpoint: Trust in government declines - who cares? Message-ID: <43AA5832-F2DB-4176-AC35-26BE959FE5FF@infowarrior.org> 14 June 2013 Last updated at 19:22 ET Viewpoint: Trust in government declines - who cares? By Dick Meyer Executive Producer, America, BBC News, Washington http://www.bbc.co.uk/news/world-us-canada-22910581 Congress has set a new record. Never in the history of the Gallup poll have the American people had less confidence in the House and the Senate. It's quite an accomplishment. But it isn't unique, in America or internationally. Almost every major public institution and sector of the economy in America has lost public confidence since the 1970s. Only the military is more trusted. The presidency and big business have held steady. The story is generally similar in the UK. A major survey published last year, British Social Attitudes, showed that Parliament, politicians and parties are held in roughly the same disrepute as their American counterparts. A recent report by the Economist found that broadly, "the UK's institutions have been gradually weakening over many decades". Continue reading the main story ?Start Quote When citizens trust that they have well-protected zones of political and economic liberty, trust and confidence in politicians and governments isn't especially important? The public relations giant Edelman conducts a large annual survey of major economies to come up with what it calls a Trust Barometer. In 26 countries, the survey found that 16% trusted their governments a great deal, higher than the US and the UK, but hardly a profile of confidence. In the US, civic entrepreneurs for a decade have tried to address what is often called the Trust Gap, though worries about the lack of civility or intense partisan polarisation get at the same thing - government held in low esteem. A few weeks ago, Paul Volcker, the former chairman of the Federal Reserve and one of the few people in the Twitter age to hold safe Wise Man status, launched a campaign focused entirely on trust in government. Does trust matter? The great assumption here, of course, is that the decline of trust and confidence in government is a very bad thing. But is it? That interesting question comes from Russell Hardin, a political scientist at New York University writing in the Journal of Trust Studies (yes, I've subscribed since I was just a lad). In a fascinating article called Government without Trust, Hardin notes that generally mature democracies get along just fine even when the public is sceptical and disapproving, which is lucky because there is no turning back the clock to a more trusting time. Hardin reminds us: "The beginning of political and economic liberalism is distrust." Historically, America's brand of democracy was designed precisely to throw sand in the gears of government, to institutionalise distrust. Continue reading the main story ?Start Quote The truth is that all men having power ought to be distrusted to a certain degree? James Madison And free-market economics trusts markets, not governments, institutions or leaders. In America at least, we are wired for scepticism. And, Hardin argues, short of a crisis, high levels of trust are not necessary for government to function or maintain legitimacy. When citizens trust that they have well-protected zones of political and economic liberty, trust and confidence in politicians and governments isn't especially important. If the big issues of war and peace, public safety and avoidance of economic disaster are handled with a modicum of competence, incompetent handling of marginal and very complicated issues isn't debilitating, just obnoxious. Indeed, growing distrust may be partly a result of the lack of fundamental issues and threats. "The significance of contemporary domestic political issues in the advanced democracies may be less than it once was and yet conflict over current issues may be more fractious - not necessarily more heated or deeper but merely more fractious," writes Hardin. Sceptism to contempt Just as mammals with over-abundant food supplies play with their food, politicians in prosperous, stable, safe societies can afford to play with marginal issues in overly fractious argumentative ways. Distrust within government is more problematic than distrust of government And citizens can afford to do the sensible thing - scorn them. From a very lofty level, we can probably stipulate that our distrust and dislike of government now doesn't threaten the stability, legitimacy or even basic competence of our government. And it is probably well to remember how fundamental the wariness of government power is to democracy - and especially the American political tradition. But that isn't saying very much and it seems cavalier to dismiss the growing disapproval of government. In the US, the low station of government is part of a far broader decline of trust and confidence in all institutions, as documented in the recent Gallup poll. The trend began in the early 1970s, the days of Watergate and Vietnam. It isn't primarily a political phenomenon. It is tied to the rapid pace of social change and shifting values in that period, and to the weakening of the traditional ways people acquire what social scientists call social capital. It is part of a trend in America and most other democracies where growing prosperity and material well-being is not matched with increased happiness and emotional well-being. The breakdown of trust in government also now seems to coincide with a breakdown of trust within government. That does affect the competence of government to address issues that most would agree are more than marginal. The political polarisation of the country now is probably exaggerated and was certainly more severe, for example, during the Civil War, Prohibition or the 1960s. But the polarisation of the political elites and especially the Congressional political parties is dire. Thoroughly solvable problems are going unsolved. Talented and qualified people refuse to go into public service. A healthy Madisonian scepticism has been transformed into contempt. It probably is true that public respect for government will never return to pre-1970s levels. Those were times of clearer values, less complicated issues, and a much smaller, less connected globe. But settling for today's dismal discontent is hardly a reasonable alternative. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 16 10:49:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jun 2013 11:49:02 -0400 Subject: [Infowarrior] - FT: The Net Rips Apart Message-ID: <6C4D87A4-E8B0-4D94-B3DB-D192731D7FC2@infowarrior.org> National Security Agency: The net rips apart By Richard Waters, James Fontanella-Khan and Geoff Dyer http://www.ft.com/intl/cms/s/0/56092af0-d4db-11e2-b4d7-00144feab7de.html The internet is at risk of transforming from an open platform to controlled national networks Asked about his biggest worry for the future of the internet, Google chairman Eric Schmidt had a ready answer: that it might suffer a process of ?Balkanisation?, a fragmentation brought about by national governments seeking to exert greater influence. Such a process would turn one of the most open communications platforms into a series of tightly controlled national networks, ending the free flow of information that has been its hallmark. He could not have known how quickly his sombre warning would be put to the test. Revelations about US surveillance of the global internet ? and the part played by some of the biggest American internet companies in facilitating it ? have stirred angst around the world. Far from being seen as the guardian of a free and open online medium, the US has been painted as an oppressor, cynically using its privileged position to spy on foreign nationals. The result, warn analysts, could well be an acceleration of a process that has been under way for some time as other countries ringfence their networks to protect their citizens? data and limit the flow of information. ?It is difficult to imagine the internet not becoming more compartmentalised and Balkanised,? says Rebecca MacKinnon, an expert on online censorship. ?Ten years from now, we will look back on the free and open internet? with nostalgia, she adds. At the most obvious level, the secret data-collection efforts being conducted by the US National Security Agency threaten to give would-be censors of the internet in authoritarian countries rhetorical cover as they put their own stamp on their local networks. But the distrust of the US that the disclosures are generating in the democratic world, including in Europe, are also likely to have an impact. From the operation of a nation?s telecoms infrastructure to the regulation of the emerging cloud computing industry, changes in the architecture of networks as countries seek more control look set to cause a sea change in the broader internet. ?Rather than a system that is open, free and flat, what you will get is one that is more fragmented,? says Steve Clemons, senior fellow at the New America Foundation, a Washington think-tank. ?The scale is tilting much more towards [individual countries] and away from the vision of a connected internet.? Until now, the internet has been a distinctly US-centric medium, despite rapid growth among users elsewhere. US influence over the internet?s governance and technical standards and the disproportionate share of internet traffic that flows through networks on American soil ? combined with the global sway of its home-grown internet companies ? have all left it with outsized influence. That has had distinct advantages for its national security and geopolitical influence. In 2006, then-CIA director Michael Hayden was able to boast about the boon for the US intelligence services from having so much of the world?s online traffic on their doorstep. ?We?re playing with tremendous home-field advantage and we have to exploit that edge,? he told the Senate judiciary committee. That advantage is no longer a given. If other countries use revelations about NSA surveillance to build barriers around their national networks, then the dominance of US internet companies over important parts of the digital economy could be weakened. In Europe, where alarm over US actions has been intense, this has left a distinct sense of schadenfreude in the air. Neelie Kroes, the EU?s commissioner for digital affairs, says the furore represents a golden opportunity for European companies to make inroads in the cloud computing market, which is dominated by companies such as Google and Amazon. ?There?s a market opportunity here,? she says. ?Offering high privacy options and investing in the greater trust and security in your product is a smart business move. We want Europe to be seen as the safest corner of the internet and for entrepreneurs to be able to build businesses off the back of that.? Previous attempts to build European internet champions have failed to make an impression against the industry?s US leaders. But as more personal and corporate information flows into the centralised data repositories that act as the hubs of cloud computing, the balance of advantage may be shifting. ?Comprehensive and well-enforced privacy legislation would give Europe a global advantage in the booming cloud computing market,? says Joe McNamee, head of European Digital Rights, an advocacy group. If the NSA surveillance prompts a backlash from European regulators, the impact could be even swifter. European laws already give the region?s national data protection regulators the power to block the transfer of customer information to countries deemed to have inadequate privacy protections. By confirming worries about the extent of US intelligence operations, the disclosures could prompt the regulators to act, says Joel Reidenberg, a law professor at Fordham University . They could bar US internet companies from transferring data about their European users to servers in the US. ?This kind of dragnet surveillance of non-Americans is just what the [European] privacy regulators feared as a theoretical matter. Now it?s no longer theoretical,? he says. With a new European privacy directive under negotiation and cross-border data flows central to the latest transatlantic trade talks, the ramifications could stretch further. ?This couldn?t have come at a worse time for the US,? says Prof Reidenberg. That has not been lost on US internet companies that risk having their wings clipped. ?Recent news events are likely to complicate things for us,? says the European privacy officer of a large US tech group. ?MEPs [EU lawmakers] are going to seize the opportunity to ask for even tougher rules just to gain some popularity ahead of next year?s elections.? A clear sign that the situation has changed came when a leading member of the centre-right European People?s party, which has been supportive of the US position on data protection, attacked the US this week for having low privacy rights standards. ?My data belongs to me, that is the cornerstone of European thinking on data protection,? says Manfred Weber, vice-chairman of the EPP. ?It is completely unacceptable that the US [has] different rules [for] US citizens and citizens of other countries.? EU lawmakers also made it clear that the EU-US trade negotiations should be used as an opportunity to gain assurance that US intelligence will respect Europe?s privacy rules. ?This issue is very critical for us in Europe,? says Hannes Swoboda, leader of the socialist members of the European parliament. ?There will be growing resistance against an agreement with the US unless there are some clear guarantees from their side that our European principles of data protection are respected.? One possible result is that more countries will try to ringfence their national networks, forcing internet companies to comply with local rules for protecting the personal data of citizens. ?You are likely to get a federation of different data centres, each fiefdom with its own different rules,? says Mr Clemons. Such an approach would undermine the economies of scale of operating globally under a single technological architecture that cloud computing companies seek. ?US firms are aghast at the idea,? says Adam Segal, from the Council on Foreign Relations in New York. ?But many other countries are considering the idea, even if it would likely prove unworkable for most of them.? The potential network fragmentation this implies would become more insidious if it were used to further repressive political ends. It has become common practice for authoritarian regimes to use fears about online security as an excuse to limit internet freedoms, says Ronald Deibert, an internet security expert at the University of Toronto. By handing them a ready reason to act, disclosure of the NSA surveillance ?will magnify these trends?, he says. It is clear that countries with a different philosophical approach to the internet than the US will seek to use the revelations to reinforce their own positions. A China Daily article this week quoted Li Haidong, a researcher at China Foreign Affairs University, as saying: ?Washington has been accusing China of cyber espionage, but it turns out that the biggest threat to the pursuit of individual freedom and privacy in the US is the unbridled power of the government.? Speaking before the NSA surveillance was revealed, Mr Schmidt offered an example of the distortions that would result if countries sought to subvert the internet: the Iranian government?s plan for an ?Islamic Google Earth?, a world map he said that would likely not include Israel. Jared Cohen, a Google executive and co-author with Mr Schmidt of a book on the future of the internet, raised the spectre of ?digital ethnic cleansing? in which ethnic groups are airbrushed out of the online life experienced by a country?s wider population. There has long been a risk of online aberrations such as this, as nations move to exert greater control over the internet within their borders. But the revelations about US online surveillance may well accelerate the very fragmentation that executives such as Mr Schmidt fear most. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 16 19:47:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jun 2013 20:47:11 -0400 Subject: [Infowarrior] - The Security Industrial Complex Message-ID: <3E9C1243-C62D-4401-8CD0-912CF4C0F67F@infowarrior.org> The Security Industrial Complex The culture of secrecy in Washington has become absurd. David Rohde Jun 15 2013, 9:20 AM ET http://www.theatlantic.com/international/archive/2013/06/the-security-industrial-complex/276906/ An odd thing is happening in the world's self-declared pinnacle of democracy. No one -- except a handful of elected officials and an army of contractors -- is allowed to know how America's surveillance leviathan works. For the last two years, Senators Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) have tried to describe to the American public the sweeping surveillance the National Security Agency conducts inside and outside the United States. But secrecy rules block them from airing the simplest details. Over the last few days, President Barack Obama and Senator Dianne Feinstein (D-Calif.), the chairwoman of the Senate Select Committee on Intelligence, have both said they welcome a national debate about the surveillance programs. But the president and senator have not used their power to declassify information that would make that debate possible. "I flew over the World Trade Center going to Senator Lautenberg's funeral," Feinstein said this Sunday on ABC's "This Week," referring to New Jersey Senator Frank Lautenberg. "And I thought of those bodies jumping out of that building hitting the canopy. Part of our obligation is keeping America safe." Feinstein is right, but our obsession with preventing terrorist attacks is warping our political debate and threatening basic rights. Edward Snowden's release of classified documents has exposed two destructive post-2001 dynamics: the rise of secrecy and contractors. First, secrecy. In the initial years after September 11, the focus on thwarting another major domestic terrorist attack was understandable. Twelve years later, there have been only two major al Qaeda-inspired terrorist attacks inside the United States: the 2009 killing of 13 soldiers in Fort Hood, Texas, and the April Boston marathon bombing that killed three. No evidence has emerged of terrorist groups infiltrating American executive, intelligence or defense agencies. Yet documents released by Snowden show that the amount of surveillance information that the government collects is ballooning. The American public has no clear sense of how the metadata is used by the government, how long it is held and which agencies have access to it. The culture of secrecy that pervades Washington borders on the absurd. American officials say they cannot discuss "classified" U.S. counter-terrorism tactics that are well-known worldwide - from water-boarding to drone strikes to data mining. The White House refuses to release the legal memo it used it used to justify the killing of an American citizen in a drone strike in Yemen. The Foreign Intelligence Surveillance Act (FISA) court will not publish summaries of the rulings that made data mining legal. And Feinstein will not declassify a redacted version of her committee's 6,000 page report on the Bush administration's use of enhanced interrogation techniques. From drone strikes to eavesdropping to torture, the American public is not allowed to know the rules and results of U.S. counterterrorism policies. At the same time, a sprawling secrecy industrial complex does. More than 4.9 million Americans now have government security clearances. Another 1.4 million have "top secret" clearance. As always, politics lies beneath the surface. For a Democratic or Republican president, another major terrorist attack in the United States would be politically devastating. Erring on the side of overzealous counterterrorism and under-zealous disclosure is smart politics. But as Obama himself argued in a speech two weeks ago, the time has come for the United States to move forward. A "perpetual war," he said, "will prove self-defeating, and alter our country in troubling ways." So will perpetual fear and perpetual secrecy. The post-2001 rise of private contractors like Snowden must end as well. Major U.S. civilian government agencies -- from the CIA to State Department -- have become dependent on contractors to operate. Instead of increasing the size of government, the Bush administration made contractors a cornerstone of the American counterterrorism effort. Today, the federal government pays contractors $300 billion a year, according to the Project on Government Oversight, a watchdog group. Many are believed to operate in intelligence agencies. "The government workforce has pretty much stayed the same over the last 30 to 40 years," Scott Amey, the group's general counsel, told Reuters on Monday. "But we've supplemented that with a contractor workforce that has grown dramatically." Contracting has become a huge profit center for defense contractors and Wall Street alike. Snowden's firm, Booz Allen, was purchased by the Carlyle Group in 2008. Last year, 99 percent of the Booz's $3.8 billion in revenue came from government contracts. The rise of Booz and Carlyle is part of a broad, long-term shift of money, talent and authority from the public sector to the private sector. The National Security Agency, Central Intelligence Agency and Defense Intelligence Agency, for example, all rely heavily on contractors to operate. Roughly 480,000 -- one-third of the 1.4 million people with security clearances -- are contractors. Neither government nor the private sector is perfect, but they function differently. Government is inherently cautious and bureaucratic. The private sector focuses on efficiency and speed. Wherever possible, secrets and core government functions should remain in the hands of government agencies, not for-profit companies. Yes, certain details of our counterterrorism operations must remain secret. And our elected leaders may be telling the truth when they say the NSA's surveillance procedures are strictly limited. But our September 11-inspired culture of secrecy -- where terrorists lurk in every corner -- is overblown. Redacted versions of FISA rulings, the Senate report on torture and descriptions of American drone strikes can be released without endangering our security. Government's most feared powers -- from execution to imprisonment to spying on its citizens -- must be transparent and tightly controlled. Washington must answer to the public, not tell Americans it knows best. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 17 10:54:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jun 2013 11:54:46 -0400 Subject: [Infowarrior] - SCOTUS: Pharma can be sued for 'pay to delay' practices Message-ID: <5D286392-BBB1-46FB-8D97-56CFCEFA4887@infowarrior.org> Drugmakers Opened to ?Pay for Delay? Suits by High Court By Greg Stohr - Jun 17, 2013 http://www.bloomberg.com/news/print/2013-06-17/drugmakers-opened-to-pay-for-delay-suits-by-high-court.html Drugmakers can be sued for paying rivals to delay low-cost versions of popular medicines, the U.S. Supreme Court said in a decision that rewrites the rules governing the release of generic drugs. The 5-3 ruling is largely a victory for the Federal Trade Commission and the Obama administration, reversing a lower-court ruling that had effectively insulated pharmaceutical companies from liability. The FTC says those ?pay for delay? accords cost drug purchasers as much as $3.5 billion a year. The industry says the deals are legitimate patent settlements. The ruling may lead to lawsuits by wholesalers, retailers, insurers and antitrust enforcers. Bayer AG (BAYN), Merck & Co. (MRK) and Bristol-Myers Squibb Co. (BMY) units already have faced claims. The FTC says 40 pay-for-delay accords, also known as reverse payments, were reached in fiscal 2012 alone. ?A reverse payment, where large and unjustified, can bring with it the risk of significant anticompetitive effects,? Justice Stephen Breyer said in the court?s majority opinion. Breyer stopped short of adopting the FTC?s proposal that such agreements should be presumed anticompetitive. He said the accords should be evaluated under a longstanding antitrust test known as the ?rule of reason.? A federal appeals court had said pharmaceutical companies can?t be sued unless the patent litigation is a sham or a generic-drug maker agrees to delay introduction even after the patent has expired. Drug Settlements The high court decision may discourage brand-name and generic pharmaceutical companies from reaching settlements. The case divided the court along ideological lines, with Justices Anthony Kennedy, Ruth Bader Ginsburg, Sonia Sotomayor and Elena Kagan joining Breyer in the majority. Chief Justice John Roberts and Justices Antonin Scalia and Clarence Thomas dissented. Justice Samuel Alito didn?t take part in the case. As is the court?s custom, Alito didn?t give any reasons. The disputed settlements stem from the economics of the pharmaceutical industry, where companies can reap billions of dollars from blockbuster drugs and then have sales plummet the moment a generic alternative appears. The FTC says generic drugs sell for an average of 15 percent of the original price, with the brand-name company losing 90 percent of its market share by unit sales. Generics have saved purchasers $1.1 trillion in the last decade, the industry says. FDA Approval Pharmaceutical patent settlements typically arise just as a generic-drug maker is securing Food and Drug Administration approval to introduce its version of a drug. At that stage, only the brand-name company?s patents stand in the way of competition. The FTC and its allies say they don?t object to settlements that merely set the date for a generic drug?s entry to the market. They say a payment to the generic-drug maker changes the equation, suggesting the companies are agreeing to delay the generic drug, keep prices high and split what economists call ?monopoly profits.? A 2010 FTC study found that the accords cost purchasers $3.5 billion a year, a figure the drug industry contests. The high court case centered on Androgel, a treatment for low testosterone in men that is made by Solvay Pharmaceuticals Inc. The FTC sued Solvay and three generic-drug companies, including Actavis Inc. (ACT) Profit Loss The FTC says the price for Androgel was poised to fall at least 75 percent in 2007 after the Food and Drug Administration cleared the way for competition. Faced with the prospect of losing $125 million in annual profits, Solvay instead paid the generic-drug makers as much as $42 million a year to delay their competing versions until 2015, the FTC says. At the time, Actavis was known as Watson Pharmaceuticals. The companies said Solvay, which is now part of AbbVie Inc. (ABBV), had a patent that, if backed by the courts, would have protected the drug an additional five years -- until 2020. The companies said the payments were compensation for services to be provided by the generic-drug makers, including Watson?s marketing of Androgel to urologists. The case is Federal Trade Commission v. Actavis, 12-416. To contact the reporter on this story: Greg Stohr in Washington at gstohr at bloomberg.net To contact the editor responsible for this story: Steven Komarow at skomarow1 at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 17 12:29:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jun 2013 13:29:14 -0400 Subject: [Infowarrior] - Wall Street's Quantum Dawn 2 cyber wargame Message-ID: (Frankly I think their efforts would be better-spent on defending against rogue algorithms from firms "inside" Wall Street, but that would make too much sense. --rick) Wall Street goes to war with hackers in Quantum Dawn 2 simulation By Lauren Tara LaCapra June 13, 2013 http://blogs.reuters.com/unstructuredfinance/2013/06/13/wall-street-goes-to-war-with-hackers-in-cyber-dawn-2-simulation/ Quantum Dawn 2 is coming to Wall Street. No, it?s not a video game or a bad zombie movie; it?s a simulated cyber attack to prepare banks, brokerages and exchanges for what has become an ever-bigger risk to their earnings and operations. Organized by the trade group SIFMA, Quantum Dawn 2 will take place on June 28 ? a summer Friday that, with any luck, will be a relatively quiet day in the real markets.The drill involves not just big Wall Street firms like Citigroup and Bank of America, but the Department of Homeland Security, the Treasury Department, the Federal Reserve, the Securities and Exchange Commission, according to SIFMA officials. ?We go through a pretty rigorous scenario where we look at multiple threats being thrown out at the U.S. equity markets,? said Karl Schimmeck, vice president of financial services operations at SIFMA. During the exercise, which runs from 9 a.m. to 2:30 p.m. in New York, participants will receive blasts of vague and confusing information about what appears to be a hacker attack on fake trading and information platforms that are not plugged into actual markets. The participants may see ?latency,? or unusual slowness, in trading, or viruses trying to invade the systems. They will also have to call one another to figure out what?s going on. Then the Quantum Dawn drill will pause to allow executives to make decisions: should they slow down trading? Use different routing mechanisms to exchanges to get orders filled but avoid threats? When the process begins again, it will fast forward in ?warp speed? to a new situation later in the day where conditions have worsened or changed. ?Our SIFMA command center at some point will run an escalation process,? said Schimmeck, an ex-Marine. ?Our members will say, ?We think we see a threat out there, this is something multiple firms are dealing with.? We will facilitate a conference call where we share what we know, have our regulators participate and see if we can understand a threat, deal with a threat and then do a shared analysis so that no one is working on their own.? It?s a rare situation, he said, in which fierce rivals are not trying to get a competitive edge ? they?re trying to help one another survive. About 40 firms will participate in the operation, having paid fees of $1,000, $5,000 or $10,000 depending on the size of their revenue. Each firm must send three executives: one from business continuity, one from information security, another from operations whose job is to keep trading, settlement and clearance running during market crises. A firm called Cyber Strategies, which works with the Department of Homeland Security on cyber threats, will receive the fees for overseeing the exercise. As Quantum Dawn 2?s name indicates, this isn?t the first time that Wall Street firms have done this kind of drill. In November 2011, SIFMA organized the first Quantum Dawn, which was perhaps an even more interesting simulation. ?For Quantum Dawn 1, there was a cyber attack coordinated with armed gunmen running around Lower Manhattan, trying to gain entry to the exchanges and really just try to blow things up,? said Schimmeck. In that operation, participants were all in one central location at a conference table, comparing notes and making decisions as they learned about various threats. In Quantum Dawn 2, they will all be stationed at their own offices, communicating with one another through emails and phone calls as they do in real life. A SIFMA marketing document says this drill will try to instill ?greater ?uncertainty? and ?fog of war? for all players.? These drills have become more important for Wall Street as financial firms have faced more frequent and sophisticated attacks on their networks. A couple of months ago, the FBI gave security clearances to dozens of bank executives to inform them about organized attacks against their systems. Some attacks are evident, like distributed denial of service, or DDoS attacks, that shut down bank web sites or otherwise disrupt their operations. But even more nefarious are hidden bugs that hackers try to install into banks? proprietary systems without them knowing, said Schimmeck. The hackers then lay in wait for vulnerable moments ? like a natural disaster or market disruption ? to attack. One mystery about Quantum Dawn remains: who came up with the name, and what does it mean? Schimmeck, who joined SIFMA from Goldman Sachs after the project?s inception, said he gets asked all the time but has no idea. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 17 18:46:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jun 2013 19:46:41 -0400 Subject: [Infowarrior] - FINRA looks to polish bad brokers' track records Message-ID: <4A4FD3A9-6C9B-4595-A29D-139AA2D75609@infowarrior.org> A Rise in Requests From Brokers to Wipe the Slate Clean By SUSAN ANTILLA http://dealbook.nytimes.com/2013/06/10/a-rise-in-requests-from-brokers-to-wipe-the-slate-clean/ If an investor checked the securities industry?s official regulatory database of complaints against brokers for the name of Michele Kief, a Wells Fargo broker in Naples, Fla., it would reveal nine client disputes ? enough red flags to give a customer pause. But on May 24, a panel of arbitrators for the Financial Industry Regulatory Authority granted a request to polish Ms. Kief?s record a bit. Although Wells Fargo had agreed to pay $125,000 to settle a complaint brought by a client who had accused the bank of negligence and fraud related to Ms. Kief?s actions, the arbitrators said the investments at issue were ?suitable and safe? for the client and agreed to recommend deletion of the complaint from her record. They drew the conclusion after a hearing at which only Ms. Kief was represented. The client, although invited, declined to attend. Similarly, in February, three Finra arbitrators agreed to recommend deletion of a complaint against Kimon P. Daifotis, a former Charles Schwab executive who had run a fund called Schwab Yield Plus in which investors lost hundreds of millions of dollars. It was the eighth such recommendation by arbitrators for Mr. Daifotis since last August, despite the fact that he had agreed in a settlement with the Securities and Exchange Commission to be barred from the business and to pay $325,000 in penalties and forfeited profits. Mr. Daifotis did not admit or deny wrongdoing and will be allowed to reapply for Finra membership in 2015. As Main Street investors rely increasingly on Finra?s online database, BrokerCheck, to vet professionals on Wall Street, brokers and executives like Ms. Kief and Mr. Daifotis are pursuing every means possible to remove negative information from their records. Ms. Kief, in fact, even went so far as to ask her arbitrators to expunge two unrelated arbitrations, which the panel declined to do. ?People are starting to use BrokerCheck the way they use TripAdvisor,? said Seth E. Lipner, a professor of law at the Zicklin School of Business at Baruch College who represents investors in cases against brokers. ?No broker wants these red flags on their record.? The effort to expunge records would be less critical if brokers were subject to the same legal exposure as other professionals who are defendants in lawsuits brought by customers, like doctors or lawyers, investor advocates say. But as a result of a 1987 Supreme Court decision, brokerage firms have been able to insist that customers give up their right to sue in court before they can even open an account. The resulting transfer of investor lawsuits to private arbitration has meant that Wall Street firms and their employees have avoided the burden of a court record of claims against them for a quarter-century. Arbitration hearings are closed and documents are not available to the public. The information on BrokerCheck is thus the only repository of allegations an investor can mine. BrokerCheck includes information about customer complaints, regulatory actions and brokers? criminal histories, liens and bankruptcies. Finra rules say brokers can obtain recommendations for deletions if arbitrators decide a claim is false or erroneous or the broker wasn?t involved in the alleged misdeed. Sometimes a broker is named in a complaint, but has played no role in the suspected wrongdoing. A court confirmation is required after a recommendation. Investors relying on BrokerCheck can take comfort that some warning flags always remain. BrokerCheck does not include all the complaints against Mr. Daifotis, for example, but it does reveal his settlement with the S.E.C. Ms. Kief?s record shows nine complaints, including the one regulators recently recommended for expungement. Uli Seit for The New York TimesSeth Lipner and other lawyers say too many bad brokers are getting complaints deleted. Anthony Mattera, a Wells Fargo spokesman, said the company did not seek to have complaints removed unless it had ?a high degree of confidence? that it met at least one of the Finra requirements. He said Ms. Kief declined to comment. Audette Morales, a lawyer for Mr. Daifotis, said that arbitrators in many of the claims against him were aware of the S.E.C. action, adding that Mr. Daifotis had followed Finra?s guidelines for expungement. Brokers seeking expungement must go through a series of steps that can take one or more years to satisfy before an item is actually removed, said a Finra spokeswoman, Michelle Ong, and state regulators are informed when a local broker is seeking to remove information, giving them a chance to protest if they think a complaint should remain. Last year, state regulators received 519 requests from brokers asking to be allowed to move forward with a panel?s expungement recommendation, up from 110 in 2009, according to Melanie Senter Lubin, the Maryland securities commissioner and chairwoman of the broker records steering committee for the North American Securities Administrators Association, a group of state securities regulators. Ms. Lubin attributes the increase in requests to soaring investor grievances in the wake of the credit crisis and says the 519 requests last year amount to a small number when considered in the context of total arbitration cases. Last year, 4,299 new cases were filed. Ms. Ong said that Finra tracked the number of expungements granted, but would not disclose it. Some of the surge in requests is also the result of new disclosure demands by Finra. Until 2009, only brokers who were named as a party to a case had to disclose a customer complaint. Because most investors sue only the brokerage firm, that left a lot of accused brokers with clean records despite complaints that they had mishandled an account. Finra closed that loophole, forcing all brokers to report complaints, whether they were named as a respondent or not. But the 2009 rule drew resistance from the securities industry, and Finra is expected to release a proposal in August that will make it easier for those unidentified brokers to scrub their records in cases where there has been a full hearing and a decision by the arbitrators. The prospect of new opportunities for deletion has pitted Wall Street and Finra against investor advocates and lawyers like Professor Lipner, who say too many bad brokers are having their records erased. Professor Lipner analyzed 150 requests to purge information in the fourth quarters of 2011 and 2012 in cases that had settled before a hearing had begun and found that arbitrators granted recommendations for expungement in all but five cases. Arbitrators have been known to clean up the records of multiple brokers in a single hearing. On Feb. 8, an arbitrator in Omaha recommended expungement of dozens of customer complaints against 22 brokers at Securities America. The decision was made after devoting only a half-day to hear the brokers? arguments. On May 23, six more Securities America brokers received an expungement recommendation from the same arbitrator. Critics of Finra policies also say many brokers are simply purchasing a clean record by offering substantial money in return for the customer?s agreement not to oppose an expungement request. If a broker seeks expungement after reaching a confidential settlement with a customer, Finra says arbitrators must review the settlement documents and hold a recorded hearing. When arbitrators meet to consider a request, they typically only hear the broker?s side of the story, making it easier to conclude that accusations are false or erroneous. From time to time, an arbitrator will protest that the process is flawed because a customer has been manipulated into agreeing to an expungement. In 2007, an arbitrator, Sidney Werner, wrote a dissent, noting that his panel had concluded a claim against a Maryland broker, Joseph R. Karsner IV, was erroneous or false despite having reviewed no evidence. It was clear that Mr. Karsner had conditioned the settlement on the investor?s agreement to expungement, Mr. Werner wrote. ?It is the responsibility of the panel to see through a ruse such as this.? A year later, after Mr. Karsner had obtained 18 expungements, the Maryland Securities Commissioner accused him of ?dishonest and unethical practices? and he agreed not to seek a broker?s license in the state until 2016. His BrokerCheck records include an example of the value of a customer?s promise to approve expungement: Mr. Karsner wrote in his Finra records that an offer to settle with one customer for $15,000 would be ?automatically? reduced to $9,999 if the expungement request was denied. Finra is aware of concerns that arbitrators are sometimes making decisions without knowledge of problems in a broker?s background. Ms. Ong says Finra has ?determined to review whether we should broaden the types of documents that arbitrators should review? when they consider brokers? requests. A version of this article appeared in print on 06/11/2013, on page B1 of the NewYork edition with the headline: A Rise in Broker Requests to Wipe the Slate Clean. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 18 07:32:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 08:32:40 -0400 Subject: [Infowarrior] - 1984, Hungarian Edition Message-ID: 1984, Hungarian Edition By PAUL KRUGMAN June 17, 2013 My Princeton colleague Kim Lane Scheppele, who has been tracking political developments in Hungary, weighs in with the latest, after the jump. http://mobile.nytimes.com/blogs/krugman/2013/06/17/1984-hungarian-edition/ 1984 Redux, Hungarian Edition The Hungarian parliament recently passed a new national security law that enables the inner circle of the government to spy on people who hold important public offices. Under this law, many government officials must ?consent? to being observed in the most intrusive way (phones tapped, homes bugged, email read) for up to two full months each year, except that they won?t know which 60 days they are under surveillance. Perhaps they will imagine they are under surveillance all of the time. Perhaps that is the point. More than 20 years after Hungary left the world captured in George Orwell?s novel 1984, the surveillance state is back. Now, if the Fidesz government of Prime Minister Viktor Orb?n finds something it doesn?t like ? and there?s no legal limit to what it may find objectionable ? those under surveillance can be fired. The people at the very top of the government are largely exempt from surveillance ? but this law hits their deputies, staffers and the whole of the security services, some judges, prosecutors, diplomats, and military officers, as well as a number of ?independent? offices that Orb?n?s administration is not supposed to control. < -- > Who is now subjected to this surveillance requirement? Here?s the list: ?Hungarian ambassadors and heads of consulates, anywhere in the world. ?Judges and prosecutors who work either with information gathered through secret surveillance or with information that might result in accepting a defendant?s cooperation with the government in exchange for not being prosecuted (plea bargains). ?State commissioners, who are people appointed on an ad hoc basis to manage specific high-level tasks in the government. ?Deputy state secretaries, who are people working directly under government ministers and their state secretaries. ?Heads of the autonomous and self-regulating government agencies, a designation that includes the public procurement office, the office of economic competition, the equal treatment authority, the data protection office, national media council, the financial supervisory authority and the energy and public utilities authority. ?Heads of ?government offices,? their deputies and people of equivalent rank, a designation that includes regional offices of the central government, the central statistical office, national atomic energy agency, national office of intellectual property and the national tax and tariff office. ?Senior staff in the Parliament?s central office. ?Senior staff in the office of the President of the Republic. ?The chief of the army, generals and others with equivalent rank. ?All heads of police departments (national, regional and local). ?All heads of state-owned companies. ?All employees of all of the security services, including the new Counter-Terrorism Police (TEK), the new Parliamentary Guard, the Office for the Protection of the Constitution (domestic intelligence), the Information Office (foreign intelligence), the National Security Expert Service (signals intelligence), the Military National Security Service, and the internal affairs unit of the police. < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 18 07:55:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 08:55:53 -0400 Subject: [Infowarrior] - Put the Spies Back Under One Roof Message-ID: <0D2F10FC-E9AB-41F3-A019-408E34A6C7C0@infowarrior.org> June 17, 2013 Put the Spies Back Under One Roof By TIM SHORROCK http://www.nytimes.com/2013/06/18/opinion/put-the-spies-back-under-one-roof.html?hpw&pagewanted=print WASHINGTON ? THE revelation that Edward J. Snowden, a contractor at Booz Allen Hamilton, was responsible for the biggest leak in the history of the National Security Agency has sparked a furious response in Congress. ?I?m very concerned that we have government contractors doing what are essentially governmental jobs,? Senator Dianne Feinstein, the chairwoman of the Senate Intelligence Committee, said last week. ?Maybe we should bring some of that more in-house,? the House minority leader, Nancy Pelosi, mused. It?s a little late for that. Seventy percent of America?s intelligence budget now flows to private contractors. Going by this year?s estimated budget of about $80 billion, that makes private intelligence a $56 billion-a-year industry. For decades, the N.S.A. relied on its own computer scientists, cryptographers and mathematicians to tap, decode and analyze communications as they traversed phone lines and satellite networks. By the 1990s, however, advances in personal computing, the growth of the Internet, the advent of cellphones and the shift in telecommunications to high-speed fiber-optic lines has made it difficult for the N.S.A. to keep up. As the commercial world began to surpass the N.S.A., some in the agency began looking to the private sector for solutions. In 2000, thanks in part to an advisory committee led by James R. Clapper Jr., now the director of national intelligence, the N.S.A. decided to shift away from its in-house development strategy and outsource on a huge scale. The N.S.A.?s headquarters began filling with contractors working for Booz Allen and hundreds of other companies. In 2001 the N.S.A. even outsourced its I.T. infrastructure ?to push more of our work to contractors,? as its director testified last week. Mr. Snowden was a systems administrator on the program. That?s how he knew about the highly classified programs he leaked. But apart from the risk of leaking classified information, what?s wrong with the N.S.A. or any other agency?s outsourcing critical programs to the private sector? Are contractors really ?not the issue,? as a former N.S.A. director, Michael V. Hayden, insisted on Sunday on NBC? And if the N.S.A.?s mass surveillance programs are unlawful or unconstitutional, as many Americans (including myself) believe, does it make any difference whether the work is done by a government analyst or a private contractor? It does. Here?s why. First, it is dangerous to have half a million people ? the number of private contractors holding top-secret security clearances ? peering into the lives of their fellow citizens. Contractors aren?t part of the chain of command at the N.S.A. or other agencies and aren?t subject to Congressional oversight. Officially, their only loyalty is to their company and its shareholders. Second, with billions of dollars of government money sloshing around, and with contractors providing advice on how to spend it, conflicts of interest and corruption are inevitable. Contractors simply shouldn?t be in the business of managing large projects and providing procurement advice to intelligence agencies. Thomas A. Drake, one of the N.S.A. whistle-blowers who exposed the waste and fraud in the N.S.A.?s Trailblazer program ? Mr. Hayden?s disastrous attempt to privatize the N.S.A.?s analysis of intercepted signals intelligence ? estimates that the project cost taxpayers as much as $7 billion (it was canceled in 2006). Yet the contracts kept rolling in, and Mr. Hayden went on to head the C.I.A. Third, we?ve allowed contractors to conduct our most secret and sensitive operations with virtually no oversight. This is true not only at the N.S.A. Contractors now work alongside the C.I.A. in covert operations (two of the Americans killed in Benghazi were C.I.A. contractors; we still don?t know who their employer was). They also analyze imagery and intercepted intelligence to track and kill suspected terrorists for the United States Special Operations Command. In April, the Pentagon?s Office of Inspector General found that nine of 28 tasks outlined in a $231 million contract the command awarded ?may have included inherently governmental duties.? In other words, contractors were involved in secret and highly sensitive operations that by law are reserved for government operatives. After Blackwater?s sordid history in Iraq, we don?t need more unaccountable actors fighting terrorism for profit. Finally, there?s the revolving door ? or what President Dwight D. Eisenhower called ?undue influence.? With few regulations and no questions being asked on Capitol Hill, hundreds of former top N.S.A. and C.I.A. officials have migrated from government to the private sector and back again. The poster boy is Michael McConnell, who served as N.S.A. director during Bill Clinton?s first term, then went to Booz Allen for a 10-year stint, became director of national intelligence for George W. Bush from 2007 to 2009, and is back at Booz Allen today. We have no way of knowing how people like Mr. McConnell formed their business relationships, and what agreements or compromises they might have made to get their private-sector jobs (and vice versa). They may be honorable men, but as recent history has shown us, there?s no reason to take them at their word. And the current one-year ban on lobbying for former officials does little to prevent conflicts of interest. Congress must act now to re-establish a government-run intelligence service operating with proper oversight. The first step is to appoint an independent review board ? with no contractors on it ? to decide where the line for government work should be drawn. The best response to the Snowden affair is to reduce the size of our private intelligence army and make contract spying a thing of the past. Our democracy depends on it. Tim Shorrock is the author of ?Spies for Hire: The Secret World of Intelligence Outsourcing.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 18 09:05:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 10:05:51 -0400 Subject: [Infowarrior] - NSA Surveillance Leaks Startle Privacy Board Back to Life Message-ID: <0E8C0E41-3735-43AA-AC89-100535B983D9@infowarrior.org> NSA Surveillance Leaks Startle Privacy Board Back to Life By Chris Strohm and Todd Shields - Jun 17, 2013 http://www.bloomberg.com/news/print/2013-06-17/nsa-surveillance-leaks-startle-privacy-board-back-to-life.html A U.S. board created after the Sept. 11 terrorist attacks to ensure government surveillance doesn?t violate citizens? rights is reviving this week in the same secrecy as the programs it will examine. The Privacy and Civil Liberties Oversight Board, after not being fully operational since 2007, will have a closed session in Washington tomorrow to discuss the National Security Agency?s collection of telephone and Internet data -- programs exposed by a former NSA contractor in leaks to two newspapers. The board, which President Barack Obama said he plans to meet with, should determine whether the surveillance programs operate within the law, said Tom Kean, former chairman of the 9/11 Commission that recommended the panel?s creation. Meeting in private runs counter to its purpose, he said. ?Frankly, our idea was that the meetings should be open,? Kean, a former Republican governor of New Jersey, said in an interview. ?What they should be worried about is civil liberties and that?s not something they should be keeping secret. That?s something that they should be debating openly.? The board?s newly confirmed chairman, David Medine, said the closed meeting is necessary to discuss classified material and doesn?t indicate the panel will operate in secrecy. ?We certainly are very much in favor of transparency and expect much of our work to be in the public and be transparent,? Medine said in an interview. Obama, in an interview with Charlie Rose for broadcast on PBS yesterday, said he plans to meet with the board to help structure ?a national conversation? about the NSA programs and broader issues about data collection and privacy. He didn?t discuss timing or other specifics. Real Test The review will test the board?s effectiveness, Steven Aftergood, senior research analyst at the Federation of American Scientists, a Washington-based group that provides analysis on security issues, said in an interview. ?Will agencies respond -- as they are obliged to do -- to its inquiries?? asked Aftergood, who directs the Project on Government Secrecy, which works to reduce the scope of secret information. ?Will it be able to derive useful insights that can either correct surveillance policy, or else assure the public that the policy is sound?? Created in 2004 to help formulate civil liberties policies, the board disbanded after President George W. Bush?s administration heavily edited its first report to Congress. A 2007 law reconstituted it as an independent agency within the executive branch and required all five members to be confirmed by the Senate. While members nominated by Obama were confirmed, the board didn?t have a chairman for six years until Medine was sworn in May 29 after being confirmed, 53-45, in a party-line vote. Obama had nominated him in 2011. NSA Programs One week later, the U.K.?s Guardian newspaper and the Washington Post published disclosures by NSA contractor Edward Snowden that the government was secretly collecting the telephone records of millions of U.S. residents and monitoring Internet activity of foreigners believed to be plotting terrorist attacks. ?Let?s look seriously at how deep the intrusions are, and are they doing things that they shouldn?t be doing,? Kean said. ?The most important thing they should be doing for programs that are already in existence is bringing things out into the light.? The five-member board lacks subpoena power, is still hiring staff and doesn?t yet have permanent offices. It will meet in the same space the 9/11 Commission used in Washington. ?The board is in a position to address whether proper consideration has been given to privacy and civil liberties concerns,? Medine said. ?We don?t have to rely on what?s been reported in the press.? Political Cover Medine has held various government jobs, including as a former associate director of the Federal Trade Commission, and also was a partner at the WilmerHale law firm in Washington. Republican senators opposed his nomination, with Iowa?s Charles Grassley saying Medine was ?polarizing? and didn?t provide clear answers about his views on national security. Thirteen senators, including Democrat Tom Udall of New Mexico and Republican Lisa Murkowski of Alaska, sent the board a letter June 12 asking that it make investigating the surveillance programs ?an urgent priority? and release an unclassified report on the findings. Jonathan Turley, a constitutional-law professor at The George Washington University Law School, said the board shouldn?t hold closed meetings and doubts it will be effective. ?The board has always been treated with a great deal of suspicion,? Turley said in an interview. ?This is a town that is infamous for creating boards and commissions to create cover for the political establishment.? No Penalties The 2007 law authorizes the board to ?have access? to information from federal agencies, including classified data, and interview federal officials, although there are no penalties if agencies or official don?t cooperate. While lacking subpoena power, the board can request the U.S. Attorney General subpoena non-governmental ?persons? for information, according to the law. ?If it takes more than an entire first term to actually get the board together, I think that?s pretty clear evidence that it?s not a priority? of the Obama administration, Mark Rumold, a staff attorney with the San Francisco-based Electronic Frontier Foundation that works for digital rights, said in an interview. There?s no indication the board will have difficulty getting access to information about the programs and the administration has cooperated so far, Medine said. Board members, who have the highest security clearances, were given a classified briefing June 11 by officials from the NSA, Justice Department, Office of the Director of National Intelligence and Federal Bureau of Investigation, Medine said. Independent View The board?s other members are Rachel Brand, a lawyer with the U.S. Chamber of Commerce who served as an associate counsel to Bush; Patricia Wald, a former federal judge appointed by Democratic President Jimmy Carter; Elisebeth Cook, a WilmerHale lawyer; and James Dempsey, vice president for public policy at the Washington-based Center for Democracy and Technology. Cook donated to Obama?s rival in the last election, Republican Mitt Romney, according to contributions listed on the Federal Election Commission?s website, and Dempsey has donated to Democrats including Obama. Medine said the board will ?express an independent, bipartisan view of these programs,? although he didn?t know when or if a public report will be issued. ?We?ve begun a dialogue with the agencies and we?re open-minded about the programs and we?re going to diligently look into them,? he said. ?The board certainly aims to be as transparent as possible and will make the best effort to have public meetings and public responses as we move forward.? To contact the reporters on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net; Todd Shields in Washington at tshields3 at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net ?2013 BLOOMBERG L.P. ALL RIGHTS RESERVED. From rforno at infowarrior.org Tue Jun 18 15:27:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 16:27:45 -0400 Subject: [Infowarrior] - Google challenges U.S. gag order, citing First Amendment Message-ID: <1C8DCC97-776B-4B03-B478-377660F2548F@infowarrior.org> Google challenges U.S. gag order, citing First Amendment By Craig Timberg http://www.washingtonpost.com/business/technology/google-challenges-us-gag-order-citing-first-amendment/2013/06/18/96835c72-d832-11e2-a9f2-42ee3912ae0e_print.html Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it?s forced to give the government. The legal filing, which cites the First Amendment?s guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic. Google, one of nine companies named in NSA documents as providing information to the top-secret PRISM program, has demanded that U.S. officials give it more leeway to describe the company?s relationship with the government. Google and the other companies involved have sought to reassure users that their privacy is being protected from unwarranted intrusions. In the petition, Google is seeking permission to publish the total numbers of requests the court makes of the company and the numbers of user accounts they affect. The company long has made regular reports with regard to other data demands from the U.S. government and from other governments worldwide. ?Greater transparency is needed, so today we have petitioned the Foreign Intelligence Surveillance Court to allow us to publish aggregate numbers of national security requests, including FISA disclosures, separately,? the company said in a statement. That information would not necessarily shed much light on PRISM, whose existence was first reported by The Washington Post and Britain?s Guardian newspaper. But initiating a high-profile legal showdown may help Google?s efforts to portray itself as aggressively resisting government surveillance. All of the technology companies involved in PRISM, including Facebook, Apple, Microsoft, Google and Yahoo, have struggled to respond to the revelations about NSA surveillance. Most have issued carefully word denials, saying that they do not permit wholesale data collection while acknowledging that they comply with legal government information requests. (Washington Post Co. chief executive Donald E. Graham is on Facebook?s board.) FISA court data requests typically are known only to small numbers of a company?s employees. Discussing the requests openly, either within or beyond the walls of an involved company, can violate federal law. The technology companies linked to PRISM publicly urged U.S. officials last week to ease official secrecy about information requests. Facebook on Friday night issued its first-ever account of how many data requests the company gets from government entities ? state, local and federal ? in the United States. That number included FISA requests but the information was categorized too broadly to offer a precise view of these especially secretive data transfers. The FISA court, composed of 11 federal judges appointed by Chief Justice John G. Roberts Jr., rarely rejects government requests for information and rarely make its opinions public. The court approved each of the 1,789 government requests it received in 2012, except for one that was withdrawn. In 2008, the court rejected a challenge from a technology company that argued that a government request for information on foreign users was too broad to be constitutional. The court redacted the name of the company and other details when it published the ruling. Revelations this month about PRISM have sparked fierce debate about the appropriate balance between national security with privacy rights, with U.S. officials in recent days mounting vigorous defense of data collection efforts. NSA director Gen. Keith Alexander told the House Intelligence Committee on Tuesday that more than 50 attacks ? including one potentially targeting the New York Stock Exchange -- had been thwarted with the help of the agency?s surveillance programs. President Obama said on a PBS interview aired Monday night that the government was ?making the right trade-offs? in allowing the programs. Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 18 16:55:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 17:55:24 -0400 Subject: [Infowarrior] - Chamber of Commerce Doublethink Message-ID: US Chamber Of Commerce: Bollywood Is So Successful Without Strong Copyrights That It Will Fail Unless India Strengthens Its Copyrights from the wtf? dept The US Chamber of Commerce, the giant lobbying organization who led the fight for SOPA/PIPA, is apparently so invested in "must have stronger copyright laws" that it doesn't even bother making sense any more. It's released a bizarre statement claiming that India needs stronger copyright laws, because Bollywood is so successful. Right upfront, it notes how successful things have been: "Boasting the largest film industry in the world, the creative sector lies at the heart of the Indian culture and economy. As one of India?s largest employment sectors, an endless array of local professionals from technical, theatrical, and creative backgrounds are helping churn out 1,000 films in more than 20 languages annually." You'd think those are signs that copyright law was working (largest film industry in the world, largest employment sectors, over 1,000 films produced annually -- about double Hollywood) and that this would imply that whatever level of copyright there is in India -- which is supposed to be an incentive to creativity -- was doing a decent job. But, no, apparently it's all broken. "The government, however, must improve national intellectual property (IP) laws and enforcement if it is going to seize on this opportunity and gain recognition in the global market and further empower local creators." Hmm. Wait, you just said that it's the world's largest film industry and an unqualified success. So, why does it need to improve those laws and enforcement? < -- > http://www.techdirt.com/articles/20130612/16480623431/us-chamber-commerce-bollywood-is-so-successful-without-strong-copyrights-that-it-will-fail-unless-india-strengthens-its.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 18 19:26:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 20:26:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?NSA=92s_Role_in_Two_Terror_Cases?= =?windows-1252?q?_Was_Concealed_From_Defense_Lawyers?= Message-ID: NSA?s Role in Two Terror Cases Was Concealed From Defense Lawyers http://www.wired.com/threatlevel/2013/06/nsa-defense-lawyers/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 18 21:09:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jun 2013 22:09:04 -0400 Subject: [Infowarrior] - SSCI Bars Former Staffer From Talking To Press About Oversight Process Message-ID: <101535CC-C52B-4E9B-9CE5-40A28198D794@infowarrior.org> Senate Intel Committee Blocks Former Staffer From Talking To Press About Oversight Process http://tpmdc.talkingpointsmemo.com/2013/06/senate-committee-silences-former-aide-who-attempted-to-criticize-congressional-intelligence-oversigh.php Brian Beutler June 18, 2013, 12:00 AM The Senate Select Committee on Intelligence has taken the unusual step of actively blocking a former committee aide from talking to TPM about congressional oversight of the intelligence community. At issue isn?t classified sources and methods of intelligence gathering but general information about how the committee functions ? and how it should function. The committee?s refusal to allow former general counsel Vicki Divoll to disclose unclassified information to a reporter was the first and only time it has sought to block her from making public comments, based on her experience as one of its most senior aides, since she left Capitol Hill in 2003. The committee?s decision comes amid fallout from leaks of classified National Security Agency documents by ex-NSA contractor Edward Snowden. In light of the Snowden revelations about the country?s secret surveillance programs, TPM was reporting a story based on interviews with members of Congress and current and former aides about the successes and pitfalls of intelligence oversight on Capitol Hill. The goal was to answer some basic questions for readers: How does a classified process differ from public oversight? What challenges do the combination of government secrecy, classified briefings, and strict committee protocols present to legislators trying to control the nation?s sprawling intelligence apparatus? Divoll served as a senior aide on the committee from 2000-2003, including two years as its general counsel. Before that, from 1995-2000 she was assistant general counsel for the Central Intelligence Agency, where she also served as deputy legal adviser to the agency?s Counterterrorism Center. After leaving the Senate, Divoll was a fellow at the Harvard Institute of Politics and an adjunct professor at the Naval Academy. She has been regularly cited by reporters in news stories, penned op-eds on counterterrorism and civil liberties, and appeared on television. The ground rules for the interview were that it would be conducted off the record, but only temporarily, to give Divoll an opportunity to review the accuracy of the quotes she provided, and that those would be placed back on the record. While Divoll remains legally barred from disclosing classified information, she is also still subject to a non-disclosure agreement with the Senate Intelligence Committee that bars her from discussing committee-sensitive business. Out of an abundance of caution, Divoll also conferred with the committee on Friday about her interview with TPM. She anticipated that the committee would approve the interview, noting that in her post-government career, both the committee and the CIA had never done more than request minor tweaks when she brought them pieces of her writing for pre-publication review. This, she believed, would be a similar process. But for the first time in her career, the committee took the extraordinary step, on a bipartisan basis, of declaring the interview?s entire contents a violation of her non-disclosure agreement and effectively forbade her from putting any of it on the record. ?The committee has reviewed your submission ? and objected to any publication of the information contained therein,? she was told. Specifically the committee claimed the information she provided TPM was both ?out of date? and ?committee sensitive.? Angered by the committee?s decision, Divoll sought Friday to have it reversed. The committee declined. TPM agreed to honor her request that we leave her comments off the record. The fact that the Committee is so sensitive about disclosing not only sensitive national security information, but also the nature by which elected officials are allowed to oversee the intelligence community, is a testament to the extreme levels of secrecy tied to the entire process. In an interview Monday afternoon, an SSCI spokesman explained and defended the committee?s decision. ?I would say that it is pretty uncommon that we would decline a pre-publication review,? the spokesman said. ?And the most direct reason is that most submissions that we get for review don?t contain this kind of information.? That?s a reference to ?committee sensitive? information, as defined in the panel?s official rules. Those rules spell out the kinds of disclosures that qualify as ?committee sensitive? ? documents in the committee?s possession and events that transpire in committee meetings ? but they also empower the chair and vice chair or their designees to declare documents and information ?committee sensitive? as they see fit on a case-by-case basis. Most of Divoll?s statements to TPM, however, tracked closely with information gleaned from other sources, and the public record. Among the insights Divoll shared with us was the important role that staff can and should play in oversight of the executive branch?s intelligence activities. Feinstein herself addressed this issue on June 9 in an appearance on ABC News. ?We had an intelligence committee meeting on Thursday [June 6], which I opened up to everybody and 27 senators came. You know, we informed them that every senator, the material is available. They can come and see it. One of the strictures with how they classified stuff is no staff. I think that should be changed so that intelligence committee staff can come in with the member and go over and review the material.? Likewise, one of the committee?s current members, and its former chairman, Sen. Jay Rockefeller (D-WV), provided TPM a statement on Thursday suggesting in broad strokes that the oversight process could be improved. ?We?ve learned from the past that there?s a right way and a wrong way to give Congress the information we need to make decisions about our laws and policies, but I think we?re still a work in progress when it comes to the level of transparency needed for meaningful exchange about ongoing activities,? Rockefeller said. ?The Bush Administration launched programs without any legal authority at all and then would show just the Intelligence Committee chairs and vice chairs a few perfunctory flip-charts - which we weren?t allowed to discuss even with each other ? just so they could later claim ?Congress was briefed.? That created a deep distrust, and for me some skepticism lingers. It took years of wrangling with the intelligence community to open briefings up to more Senators, and there is still a lot of resistance to sharing information more broadly and with the public. But the process works far better today than in the past. The FISA law we passed requires multiple regular reports from the agencies, so if we see irregularities or areas of concern, we can pursue those.? Rockefeller?s recollections and perspective are highly compatible with Divoll?s as well. The committee spokesman said Divoll could have modified her statements to TPM and resubmitted them to the committee. ?We have done that in other cases in the past,? he said. Reached Monday, though, Divoll insisted she was provided no opportunity for revision. ?In the past if changes were necessary, those were requested,? she said. Our reporting yielded other, more specific details about the nature of intelligence oversight and intelligence committee legislating that we hope to share with you in a future article. From rforno at infowarrior.org Wed Jun 19 07:00:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Jun 2013 08:00:53 -0400 Subject: [Infowarrior] - NSA Disruption of Stock Exchange Bomb Plot Disputed Message-ID: <787726CB-5832-43BF-8127-8920AF47C338@infowarrior.org> NSA Disruption of Stock Exchange Bomb Plot Disputed ? By David Kravets ? 06.18.13 ? 2:35 PM http://www.wired.com/threatlevel/2013/06/nsa-stock-exchange/ Did the government really disrupt a bomb plot targeting the New York Stock Exchange? The FBI deputy director said that today in a Spygate hearing where the government for the first time said the secret spy techniques publicly disclosed two weeks ago had halted some 50 terror attacks in 20 countries. Sean Joyce, the bureau?s deputy director, identified Khalid Ouazzani as the culprit. ?Ouazzani had been providing information and support to this plot,? Joyce testified to the House Select Committee on Intelligence. According to interviews and court records, the 2008 plot failed, not because the authorities broke it up, but because the alleged attackers decided against it. The Kansas City man?s attorney today said that Joyce?s comments were news to him. Among other things, his client pleaded guilty in 2010 to providing money ? $23,000 in ?material support? to Al-Qaida. He also pleaded to a count of money laundering and bank fraud, and is set for sentencing next month. ?Khalid Ouazzani was not involved in any plot to bomb the New York Stock Exchange,? Robin Fowler, the defendant?s defense attorney, said in a telephone interview. His client?s plea agreement (.pdf) mentions no plot. According to his plea agreement: Defendant and others also discussed how they could perform other tasks at the request of and for the benefit of Al-Qaida. Some of defendant?s conversations with others also involved plans for them to participate in various types of actions to support Al-Qaida, including fighting in Afghanistan, Iraq, or Somalia. Defendant and the others he was communicating with about Al-Qaida took various steps and used various techniques to disguise their communications about their plans and assistance to support Al-Qaida. Fowler declined to comment any further, including whether he would seek to reopen the case, given the government admitting that secret, and constitutionally suspect, methods were used to gain access to his phone records. New York defense attorney Joshua Dratel said Ouazzani worked as a government informant ? a cooperating witness ? in the New York federal prosecution of Sabirhan Hasanoff, who has pleaded guilty to providing material support to terrorists. Even the government?s own sentencing memorandum shows that the defendants called off a proposed plot on their own, without involvement from federal authorities. ?There was no plot. There was one guy was asked to check out a tourist site downtown. It was a year and a half before they arrested Hasanoff. So if they thought it was really a plot, what were they doing letting him run around?? Dratel asked in a telephone interview. The government?s own sentencing memo (.pdf) dated May 31 confirms Dratel?s statements. ?Hasanoff relayed that the New York Stock Exchange was surrounded by approximately four streets that were blocked off from vehicular traffic and that someone would have to walk to the building. The Doctor [an undisclosed high-ranking al-Qaida operative] revealed that, although the information provided by Hasanoff could be used by someone who wanted to do an operation, he was not satisfied with the report, and he accordingly disposed of it. (The report apparently lacked sufficient detail about New York Stock Exchange security matters to be as helpful as the Doctor had hoped.)? The Guardian newspaper, meanwhile, two weeks ago published a leaked a secret court order requiring Verizon Business Solutions to provide the NSA with the phone numbers of both parties involved in all calls, the International Mobile Subscriber Identity (IMSI) number for mobile callers, calling card numbers used in the call, and the time and duration of the calls. The Guardian and Washington Post were also leaked material detailing a program called PRISM, which described a system whereby nine internet companies, including Google, Yahoo and Facebook had special equipment installed in their facilities that allowed NSA analysts sitting at their desks to query the data directly. The internet companies said they did not provide the government direct access to their servers. (This story was updated Tuesday afternoon.) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 19 10:11:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Jun 2013 11:11:21 -0400 Subject: [Infowarrior] - FBI director admits domestic use of drones Message-ID: <2DF9F3B5-4535-4CE8-8F07-7F780674F815@infowarrior.org> FBI director admits domestic use of drones Published time: June 19, 2013 14:55 http://rt.com/usa/fbi-director-mueller-drones-947/ The FBI uses drones for domestic surveillance purposes, the head of the agency told Congress early Wednesday. Robert Mueller, the director of the Federal Bureau of Investigation, confirmed to lawmakers that the FBI owns several unmanned aerial vehicles, but has not adopted any strict policies or guidelines yet to govern the use of the controversial aircraft. ?Does the FBI use drones for surveillance on US soil?? Sen. Chuck Grassley (R-Iowa) asked Mr. Mueller during an oversight hearing on Capitol Hill Wednesday before the Senate Judiciary Committee. ?Yes,? Mueller responded bluntly, adding that the FBI?s operation of drones is ?very seldom.? Asked by Sen. Dianne Feinstein (D-California) to elaborate, Mueller added, ?It?s very seldom used and generally used in a particular incident where you need the capability.? Earlier in the morning, however, Mueller said that the agency was only now working to establish set rule for the drone program. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 20 07:27:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jun 2013 08:27:06 -0400 Subject: [Infowarrior] - India sets up elaborate system to tap phone calls, e-mail Message-ID: <8F35E118-77C4-4A81-82BE-31A6A2C8251F@infowarrior.org> India sets up elaborate system to tap phone calls, e-mail By Anurag Kotoky NEW DELHI | Thu Jun 20, 2013 2:46am EDT http://www.reuters.com/article/2013/06/20/us-india-surveillance-idUSBRE95J05G20130620 (Reuters) - India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said. The expanded surveillance in the world's most populous democracy, which the government says will help safeguard national security, has alarmed privacy advocates at a time when allegations of massive U.S. digital snooping beyond American shores has set off a global furor. "If India doesn't want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected," said Cynthia Wong, an Internet researcher at New York-based Human Rights Watch. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused. The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India's 900 million landline and mobile phone subscribers and 120 million Internet users. Interior ministry spokesman K.S. Dhatwalia said he did not have details of CMS and therefore could not comment on the privacy concerns. A spokeswoman for the telecommunications ministry, which will oversee CMS, did not respond to queries. Indian officials said making details of the project public would limit its effectiveness as a clandestine intelligence-gathering tool. "Security of the country is very important. All countries have these surveillance programs," said a senior telecommunications ministry official, defending the need for a large-scale eavesdropping system like CMS. "You can see terrorists getting caught, you see crimes being stopped. You need surveillance. This is to protect you and your country," said the official, who is directly involved in setting up the project. He did not want to be identified because of the sensitivity of the subject. NO INDEPENDENT OVERSIGHT The new system will allow the government to listen to and tape phone conversations, read e-mails and text messages, monitor posts on Facebook, Twitter or LinkedIn and track searches on Google of selected targets, according to interviews with two other officials involved in setting up the new surveillance program, human rights activists and cyber experts. In 2012, India sent in 4,750 requests to Google Inc for user data, the highest in the world after the United States. Security agencies will no longer need to seek a court order for surveillance or depend, as they do now, on Internet or telephone service providers to give them the data, the government officials said. Government intercept data servers are being built on the premises of private telecommunications firms. These will allow the government to tap into communications at will without telling the service providers, according to the officials and public documents. The top bureaucrat in the federal interior ministry and his state-level deputies will have the power to approve requests for surveillance of specific phone numbers, e-mails or social media accounts, the government officials said. While it is not unusual for governments to have equipment at telecommunication companies and service providers, they are usually required to submit warrants or be subject to other forms of independent oversight. "Bypassing courts is really very dangerous and can be easily misused," said Pawan Sinha, who teaches human rights at Delhi University. In most countries in Europe and in the United States, security agencies were obliged to seek court approval or had to function with legal oversight, he said. The senior telecommunications ministry official dismissed suggestions that India's system could be open to abuse. "The home secretary has to have some substantial intelligence input to approve any kind of call tapping or call monitoring. He is not going to randomly decide to tape anybody's phone calls," he said. "If at all the government reads your e-mails, or taps your phone, that will be done for a good reason. It is not invading your privacy, it is protecting you and your country," he said. The government has arrested people in the past for critical social media posts although there have been no prosecutions. In 2010, India's Outlook news magazine accused intelligence officials of tapping telephone calls of several politicians, including a government minister. The accusations were never proven, but led to a political uproar. NO PRIVACY LAW "The many abuses of phone tapping make clear that that is not a good way to organize the system of checks and balances," said Anja Kovacs, a fellow at the New Delhi-based Centre for Internet and Society. "When similar rules are used for even more extensive monitoring and surveillance, as seems to be the case with CMS, the dangers of abuse and their implications for individuals are even bigger." Nine government agencies will be authorized to make intercept requests, including the Central Bureau of Investigation (CBI), India's elite policy agency, the Intelligence Bureau (IB), the domestic spy agency, and the income tax department. India does not have a formal privacy law and the new surveillance system will operate under the Indian Telegraph Act - a law formulated by the British in 1885 - which gives the government freedom to monitor private conversations. "We are obligated by law to give access to our networks to every legal enforcement agency," said Rajan Mathews, director general of the Cellular Operators Association of India. Telecommunications companies Bharti Airtel, Vodafone's India unit, Idea Cellular, Tata Communications and state-run MTNL did not respond to requests for comment. India has a long history of violence by separatist groups and other militants within its borders. More than one third of India's 670 districts are affected by such violence, according to the South Asia Terrorism Portal. The government has escalated efforts to monitor the activities of militant groups since a Pakistan-based militant squad rampaged through Mumbai in 2008, killing 166 people. Monitoring of telephones and the Internet are part of the surveillance. India's junior minister for information technology, Milind Deora, said the new data collection system would actually improve citizens' privacy because telecommunications companies would no longer be directly involved in the surveillance - only government officials would. "The mobile company will have no knowledge about whose phone conversation is being intercepted", Deora told a Google Hangout, an online forum, earlier this month. ($1 = 57.7850 Indian rupees) (Additional reporting by Jeremy Wagstaff; Writing by Ross Colvin; Editing by Raju Gopalakrishnan) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 20 14:00:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jun 2013 15:00:03 -0400 Subject: [Infowarrior] - Leaked: FISC orders on surveillance Message-ID: <9A79D7AB-81F1-46A9-93E4-1D744C9826BD@infowarrior.org> Revealed: the top secret rules that allow NSA to use US data without a warrant Fisa court submissions show broad scope of procedures governing NSA's surveillance of Americans' communication ? Document one: procedures used by NSA to target non-US persons ? Document two: procedures used by NSA to minimise data collected from US persons http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information "inadvertently" collected from domestic US communications without a warrant. The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target "non-US persons" under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. < - > http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 21 07:35:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jun 2013 08:35:51 -0400 Subject: [Infowarrior] - Aaron's Law Finally Introduced: Reform The CFAA Message-ID: Aaron's Law Finally Introduced: Reform The CFAA http://www.techdirt.com/articles/20130620/12193123547/aarons-law-finally-introduced-reform-cfaa.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 21 08:19:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jun 2013 09:19:28 -0400 Subject: [Infowarrior] - Firefox working with CIS to give users greater control over cookies Message-ID: Firefox working with CIS to give users greater control over cookies 21 June 2013 http://www.infosecurity-us.com/view/33077/firefox-working-with-cis-to-give-users-greater-control-over-cookies/ The Center for Internet and Society (CIS) at Stanford Law School this week launched a new cookie initiative ? the Cookie Clearinghouse ? aimed at giving browser users greater granular control over third-party cookies, with Firefox and Opera already interested. CIS has long been involved in the drive to make cookies more accountable to users. It was behind the Do Not Track initiative that allows users to indicate that they do not wish to be tracked by cookies, and has evolved into a worldwide standard. Its weakness is that websites do not necessarily adhere to the instruction. A CIS researcher, Jonathan Mayer, subsequently developed a Firefox patch that works similarly to Safari and blocks third-party cookies from websites the user has never visited. This patch nearly got through to full Firefox release, but was abandoned earlier this year because of the potential for both false positives and negatives. In the former, if the primary site delivers content from a secondary site, any cookies from the secondary site are automatically blocked because the user never visited that particular site. In the latter, visiting a site doesn?t mean the user actually trusts its cookies. Now CIS has come up with a new approach ? the Cookie Clearinghouse ? and Firefox is on board. The concept starts with four presumptions: set cookies from visited websites; disallow cookies from other sites; allow Digital Advertising Alliance opt-out cookies; and set cookies allowed by the user. These presumptions borrow ideas from existing approaches: the first two from Safari, the third from Chrome, and the last in conformance with European law. But it?s not foolproof. The big new initiative from the Cookie Clearinghouse is the maintenance of both a block-list and an allow-list to override the automatic response. Inclusion on either of these lists can be challenged. ?Internet users are starting to understand that their online activities are closely monitored, often by companies they have never heard of before,? said Aleecia M. McDonald, the director of privacy at CIS driving the project, ?But Internet users currently don?t have the tools they need to make online privacy choices. The Cookie Clearinghouse will create, maintain, and publish objective information. Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users.? Mozilla's CTO Brendan Eich announced Wednesday, ?Today Mozilla is committing to work with Aleecia and the CCH Advisory Board, whose members include Opera Software, to develop the CCH so that browsers can use its lists to manage exceptions to a visited-based third-party cookie block.? It?s early days yet, and it will be some months before anything comes of the initiative. The advertising industry is, however, already concerned. The Washington Post (itself a member of the Interactive Advertising Bureau) quoted IAB president Randall Rothenberg, who ?said the changes could disrupt Internet commerce, especially damaging smaller Web publishers that rely on the revenue brought by targeted advertising.? Meanwhile, Forbes has reported on a potential cookie replacement: computer fingerprinting, or ?the creepier technology that comes next.? ?This technique allows a web site to look at the characteristics of a computer such as what plugins and software you have installed, the size of the screen, the time zone, fonts and other features of any particular machine,? warns Forbes. It notes that the EFF ?has found that 94% of browsers that use Flash or Java ? which enable key features in Internet browsing ? had unique identities.? The suggestion is that as browsers and users increasingly opt-out or remove cookies, the advertising industry will move to a different tracking technology based on the recognition of what is effectively a unique PC biometric. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 21 09:54:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jun 2013 10:54:20 -0400 Subject: [Infowarrior] - USG guidance: "Leaking" = "aiding the enemy" Message-ID: <014C4B4F-56FC-41D8-8BA5-687EA34EADAB@infowarrior.org> Obama?s crackdown views leaks as aiding enemies of U.S. By Marisa Taylor and Jonathan S. Landay | McClatchy Washington Bureau http://www.mcclatchydc.com/2013/06/20/194513/obamas-crackdown-views-leaks-as.html#.UcRoOetvbjA WASHINGTON ? Even before a former U.S. intelligence contractor exposed the secret collection of Americans? phone records, the Obama administration was pressing a government-wide crackdown on security threats that requires federal employees to keep closer tabs on their co-workers and exhorts managers to punish those who fail to report their suspicions. President Barack Obama?s unprecedented initiative, known as the Insider Threat Program, is sweeping in its reach. It has received scant public attention even though it extends beyond the U.S. national security bureaucracies to most federal departments and agencies nationwide, including the Peace Corps, the Social Security Administration and the Education and Agriculture departments. It emphasizes leaks of classified material, but catchall definitions of ?insider threat? give agencies latitude to pursue and penalize a range of other conduct. Government documents reviewed by McClatchy illustrate how some agencies are using that latitude to pursue unauthorized disclosures of any information, not just classified material. They also show how millions of federal employees and contractors must watch for ?high-risk persons or behaviors? among co-workers and could face penalties, including criminal charges, for failing to report them. Leaks to the media are equated with espionage. ?Hammer this fact home . . . leaking is tantamount to aiding the enemies of the United States,? says a June 1, 2012, Defense Department strategy for the program that was obtained by McClatchy. The Obama administration is expected to hasten the program?s implementation as the government grapples with the fallout from the leaks of top secret documents by Edward Snowden, the former National Security Agency contractor who revealed the agency?s secret telephone data collection program. The case is only the latest in a series of what the government condemns as betrayals by ?trusted insiders? who have harmed national security. ?Leaks related to national security can put people at risk,? Obama said on May 16 in defending criminal investigations into leaks. ?They can put men and women in uniform that I?ve sent into the battlefield at risk. They can put some of our intelligence officers, who are in various, dangerous situations that are easily compromised, at risk. . . . So I make no apologies, and I don?t think the American people would expect me as commander in chief not to be concerned about information that might compromise their missions or might get them killed.? As part of the initiative, Obama ordered greater protection for whistleblowers who use the proper internal channels to report official waste, fraud and abuse, but that?s hardly comforting to some national security experts and current and former U.S. officials. They worry that the Insider Threat Program won?t just discourage whistleblowing but will have other grave consequences for the public?s right to know and national security. The program could make it easier for the government to stifle the flow of unclassified and potentially vital information to the public, while creating toxic work environments poisoned by unfounded suspicions and spurious investigations of loyal Americans, according to these current and former officials and experts. Some non-intelligence agencies already are urging employees to watch their co-workers for ?indicators? that include stress, divorce and financial problems. ?It was just a matter of time before the Department of Agriculture or the FDA (Food and Drug Administration) started implementing, ?Hey, let?s get people to snitch on their friends.? The only thing they haven?t done here is reward it,? said Kel McClanahan, a Washington lawyer who specializes in national security law. ?I?m waiting for the time when you turn in a friend and you get a $50 reward.? The Defense Department anti-leak strategy obtained by McClatchy spells out a zero-tolerance policy. Security managers, it says, ?must? reprimand or revoke the security clearances ? a career-killing penalty ? of workers who commit a single severe infraction or multiple lesser breaches ?as an unavoidable negative personnel action.? Employees must turn themselves and others in for failing to report breaches. ?Penalize clearly identifiable failures to report security infractions and violations, including any lack of self-reporting,? the strategic plan says. The Obama administration already was pursuing an unprecedented number of leak prosecutions, and some in Congress ? long one of the most prolific spillers of secrets ? favor tightening restrictions on reporters? access to federal agencies, making many U.S. officials reluctant to even disclose unclassified matters to the public. The policy, which partly relies on behavior profiles, also could discourage creative thinking and fuel conformist ?group think? of the kind that was blamed for the CIA?s erroneous assessment that Iraq was hiding weapons of mass destruction, a judgment that underpinned the 2003 U.S. invasion. ?The real danger is that you get a bland common denominator working in the government,? warned Ilana Greenstein, a former CIA case officer who says she quit the agency after being falsely accused of being a security risk. ?You don?t get people speaking up when there?s wrongdoing. You don?t get people who look at things in a different way and who are willing to stand up for things. What you get are people who toe the party line, and that?s really dangerous for national security.? Obama launched the Insider Threat Program in October 2011 after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and sent them to WikiLeaks, the anti-government secrecy group. It also followed the 2009 killing of 13 people at Fort Hood, Texas, by Army Maj. Nidal Hasan, an attack that federal authorities failed to prevent even though they were monitoring his emails to an al Qaida-linked Islamic cleric. An internal review launched after Manning?s leaks found ?wide disparities? in the abilities of U.S. intelligence agencies to detect security risks and determined that all needed improved defenses. Obama?s executive order formalizes broad practices that the intelligence agencies have followed for years to detect security threats and extends them to agencies that aren?t involved in national security policy but can access classified networks. Across the government, new policies are being developed. There are, however, signs of problems with the program. Even though it severely restricts the use of removable storage devices on classified networks, Snowden, the former NSA contractor who revealed the agency?s telephone data collection operations, used a thumb drive to acquire the documents he leaked to two newspapers. ?Nothing that?s been done in the past two years stopped Snowden, and so that fact alone casts a shadow over this whole endeavor,? said Steven Aftergood, director of the non-profit Federation of American Scientists? Project on Government Secrecy. ?Whatever they?ve done is apparently inadequate.? U.S. history is replete with cases in which federal agencies missed signs that trusted officials and military officers were stealing secrets. The CIA, for example, failed for some time to uncover Aldrich Ames, a senior officer who was one of the most prolific Soviet spies in U.S. history, despite polygraphs, drunkenness, and sudden and unexplained wealth. Stopping a spy or a leaker has become even more difficult as the government continues to accumulate information in vast computer databases and has increased the number of people granted access to classified material to nearly 5 million. Administration officials say the program could help ensure that agencies catch a wide array of threats, especially if employees are properly trained in recognizing behavior that identifies potential security risks. ?If this is done correctly, an organization can get to a person who is having personal issues or problems that if not addressed by a variety of social means may lead that individual to violence, theft or espionage before it even gets to that point,? said a senior Pentagon official, who requested anonymity because he wasn?t authorized to discuss the issue publicly. Manning, for instance, reportedly was reprimanded for posting YouTube messages describing the interior of a classified intelligence facility where he worked. He also exhibited behavior that could have forewarned his superiors that he posed a security risk, officials said. Jonathan Pollard, a former U.S. Navy intelligence analyst sentenced in 1987 to life in prison for spying for Israel, wasn?t investigated even though he?d failed polygraph tests and lied to his supervisors. He was caught only after a co-worker saw him leave a top-secret facility with classified documents. ?If the folks who are watching within an organization for that insider threat ? the lawyers, security officials and psychologists ? can figure out that an individual is having money problems or decreased work performance and that person may be starting to come into the window of being an insider threat, superiors can then approach them and try to remove that stress before they become a threat to the organization,? the Pentagon official said. The program, however, gives agencies such wide latitude in crafting their responses to insider threats that someone deemed a risk in one agency could be characterized as harmless in another. Even inside an agency, one manager?s disgruntled employee might become another?s threat to national security. Obama in November approved ?minimum standards? giving departments and agencies considerable leeway in developing their insider threat programs, leading to a potential hodgepodge of interpretations. He instructed them to not only root out leakers but people who might be prone to ?violent acts against the government or the nation? and ?potential espionage.? The Pentagon established its own sweeping definition of an insider threat as an employee with a clearance who ?wittingly or unwittingly? harms ?national security interests? through ?unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.? ?An argument can be made that the rape of military personnel represents an insider threat. Nobody has a model of what this insider threat stuff is supposed to look like,? said the senior Pentagon official, explaining that inside the Defense Department ?there are a lot of chiefs with their own agendas but no leadership.? The Department of Education, meanwhile, informs employees that co-workers going through ?certain life experiences . . . might turn a trusted user into an insider threat.? Those experiences, the department says in a computer training manual, include ?stress, divorce, financial problems? or ?frustrations with co-workers or the organization.? An online tutorial titled ?Treason 101? teaches Department of Agriculture and National Oceanic and Atmospheric Administration employees to recognize the psychological profile of spies. A Defense Security Service online pamphlet lists a wide range of ?reportable? suspicious behaviors, including working outside of normal duty hours. While conceding that not every behavior ?represents a spy in our midst,? the pamphlet adds that ?every situation needs to be examined to determine whether our nation?s secrets are at risk.? The Defense Department, traditionally a leading source of media leaks, is still setting up its program, but it has taken numerous steps. They include creating a unit that reviews news reports every day for leaks of classified defense information and implementing new training courses to teach employees how to recognize security risks, including ?high-risk? and ?disruptive? behaviors among co-workers, according to Defense Department documents reviewed by McClatchy. ?It?s about people?s profiles, their approach to work, how they interact with management. Are they cheery? Are they looking at Salon.com or The Onion during their lunch break? This is about ?The Stepford Wives,?? said a second senior Pentagon official, referring to online publications and a 1975 movie about robotically docile housewives. The official said he wanted to remain anonymous to avoid being punished for criticizing the program. The emphasis on certain behaviors reminded Greenstein of her employee orientation with the CIA, when she was told to be suspicious of unhappy co-workers. ?If someone was having a bad day, the message was watch out for them,? she said. Some federal agencies also are using the effort to protect a broader range of information. The Army orders its personnel to report unauthorized disclosures of unclassified information, including details concerning military facilities, activities and personnel. The Peace Corps, which is in the midst of implementing its program, ?takes very seriously the obligation to protect sensitive information,? said an email from a Peace Corps official who insisted on anonymity but gave no reason for doing so. Granting wide discretion is dangerous, some experts and officials warned, when federal agencies are already prone to overreach in their efforts to control information flow. The Bush administration allegedly tried to silence two former government climate change experts from speaking publicly on the dangers of global warming. More recently, the FDA justified the monitoring of the personal email of its scientists and doctors as a way to detect leaks of unclassified information. But R. Scott Oswald, a Washington attorney of the Employment Law Group, called the Obama administration ?a friend to whistleblowers,? saying it draws a distinction between legitimate whistleblowers who use internal systems to complain of wrongdoing vs. leakers, who illegally make classified information public. There are numerous cases, however, of government workers who say they?ve been forced to go public because they?ve suffered retaliation after trying to complain about waste, fraud and abuse through internal channels or to Congress. Thomas Drake, a former senior NSA official, was indicted in 2010 under the Espionage Act after he disclosed millions of dollars in waste to a journalist. He?d tried for years to alert his superiors and Congress. The administration eventually dropped the charges against him. The Pentagon, meanwhile, declined to answer how its insider threat program would accommodate a leak to the news media like the Pentagon Papers, a top-secret history of U.S. involvement in Vietnam that showed how successive administrations had misled the public and Congress on the war. ?The danger is that supervisors and managers will use the profiles for ?Disgruntled Employees? and ?Insider Threats? to go after legitimate whistleblowers,? said the second Pentagon official. ?The executive order says you can?t offend the whistleblower laws. But all of the whistleblower laws are about retaliation. That doesn?t mean you can?t profile them before they?re retaliated against.? Greenstein said she become the target of scrutiny from security officials after she began raising allegations of mismanagement in the CIA?s operations in Baghdad. But she never leaked her complaints, which included an allegation that her security chief deleted details about safety risks from cables. Instead, she relied on the agency?s internal process to make the allegations. The CIA, however, tried to get the Justice Department to open a criminal case after Greenstein mentioned during a polygraph test that she was writing a book, which is permitted inside the agency as long as it goes through pre-publication review. The CIA then demanded to see her personal computers. When she got them back months later, all that she?d written had been deleted, Greenstein said. ?They clearly perceived me as an insider threat,? said Greenstein, who has since rewritten the book and has received CIA permission to publish portions of it. ?By saying ?I have a problem with this place and I want to make it better,? I was instantly turned into a security threat,? she said. The CIA declined to comment. Email: mtaylor at mcclatchydc.com, jlanday at mcclatchydc.com Read more here: http://www.mcclatchydc.com/2013/06/20/194513/obamas-crackdown-views-leaks-as.html#.UcRoOetvbjA#storylink=cpy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 21 18:00:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jun 2013 19:00:55 -0400 Subject: [Infowarrior] - USG charges Snowden with espionage Message-ID: <8704211F-C88C-48F9-A3FB-684765DF29FA@infowarrior.org> U.S. charges Edward Snowden with espionage in leaks about NSA surveillance programs By Peter Finn and Sari Horwitz http://www.washingtonpost.com/world/national-security/us-charges-snowden-with-espionage/2013/06/21/507497d8-dab1-11e2-a016-92547bf094cc_print.html Federal prosecutors have filed a sealed criminal complaint against Edward Snowden, the former National Security Agency contractor who leaked a trove of documents about top-secret surveillance programs, and the United States has asked Hong Kong to detain him on a provisional arrest warrant, according to U.S. officials. Snowden was charged with espionage, theft and conversion of government property, the officials said. The complaint was filed in the Eastern District of Virginia, a jurisdiction where Snowden?s former employer, Booz Allen Hamilton, is headquartered and a district with a long track record of prosecuting cases with national security implications. A Justice Department spokeswoman declined to comment. Snowden flew to Hong Kong last month after leaving his job at an NSA facility in Hawaii with a collection of highly classified documents that he acquired while working at the agency as a systems analyst. The documents, some of which have been published in The Washington Post and Britain?s Guardian newspaper, detailed some of the most -secret surveillance operations undertaken by the United States and the United Kingdom, as well as classified legal memos and court orders underpinning the programs in the United States. The 29-year-old intelligence analyst revealed himself June 9 as the leaker in an interview with the Guardian and said he went to Hong Kong because it provided him the ?cultural and legal framework to allow me to work without being immediately detained.? Snowden subsequently disappeared from public view; it is thought that he is still in the Chinese territory. Hong Kong has its own legislative and legal systems but ultimately answers to Beijing, under the ?one country, two systems? arrangement. The leaks have sparked national and international debates about the secret powers of the NSA to infringe on the privacy of both Americans and foreigners. Officials from President Obama down have said they welcome the opportunity to explain the importance of the programs and the safeguards they say are built into them. Skeptics, including some in Congress, have said the NSA has assumed the power to soak up data about Americans that was never intended under the law. There was never any doubt that the Justice Department would seek to prosecute Snowden for one of the most significant national security leaks in the country?s history. The Obama administration has shown a particular propensity to go after leakers and has launched more investigations that any previous administration. Justice Department officials had already said that a criminal investigation of Snowden was underway and was being run out of the FBI?s Washington field office in conjunction with lawyers from the department?s National Security Division. By filing a criminal complaint, prosecutors have a legal basis to make the request of the authorities in Hong Kong. Prosecutors now have 60 days to file an indictment, probably also under seal, and can then move to have Snowden extradited from Hong Kong for trial in the United States. Snowden, however, can fight the U.S. effort to have him extradited in the courts in Hong Kong. Any court battle is likely to reach Hong Kong?s highest court and could last many months, lawyers in the United States and Hong Kong said. The United States has an extradition treaty with Hong Kong, and U.S. officials said cooperation with the Chinese territory, which enjoys some autonomy from Beijing, has been good in previous cases. The treaty, however, has an exception for political offenses, and espionage has traditionally been treated as a political offense. Snowden?s defense team in Hong Kong is likely to invoke part of the extradition treaty with the United States, which states that suspects will not be turned over to face criminal trial for offenses of a ?political character.? Snowden could also remain in Hong Kong if the Chinese government decides that it is not in the defense or foreign policy interests of the government in Beijing to have him sent back to the United States for trial. Snowden could also apply for asylum in Hong Kong or attempt to reach another jurisdiction and seek asylum there before the authorities in Hong Kong act. The anti-secrecy group Wikileaks has held some discussions with officials in Iceland about providing asylum to Snowden. A businessman in Iceland has offered to fly Snowden on a chartered jet to his country if he is granted asylum there. The chief executive of Hong Kong, Leung Chun-ying, said last week that the city?s government would follow existing law if and when the U.S. government requested help. ?When the relevant mechanism is activated, the Hong Kong [Special Administrative Region] Government will handle the case of Mr. Snowden in accordance with the laws and established procedures of Hong Kong,? Leung said in a statement. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 21 18:04:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jun 2013 19:04:17 -0400 Subject: [Infowarrior] - Comey nominated for FBI Director Message-ID: Obama Says F.B.I. Pick Will Balance Security and Privacy By PETER BAKER and MICHAEL S. SCHMIDT Published: June 21, 2013 http://www.nytimes.com/2013/06/22/us/politics/obama-says-comey-will-strike-balance-on-security-and-privacy-at-fbi.html WASHINGTON ? Under fire for authorizing expansive secret surveillance programs, President Obama selected James B. Comey as his new F.B.I. director on Friday, choosing a lawyer best known for refusing to sign off on a private data collection plan in the Bush administration. Introducing Mr. Comey in a Rose Garden ceremony, Mr. Obama described him as ?a leader who understands how to keep America safe and stay true to our founding ideals no matter what the future may bring.? Alluding to the current debate over National Security Agency programs, Mr. Obama said Mr. Comey understood ?this work of striking a balance? between security and privacy. Mr. Comey, a longtime prosecutor who helped put away gangsters, gunrunners and terrorists before rising to deputy attorney general under President George W. Bush, will replace Robert S. Mueller III if confirmed by the Senate. With a 10-year term under law, Mr. Comey would be in place to outlast this president and possibly even the next one as he steers the bureau into the next phase of its post-Sept. 11 evolution. Mr. Comey is best known for a dramatic showdown in 2004 when he and Mr. Mueller, among others, refused to reauthorize an expiring N.S.A. surveillance program because they believed that it had exceeded the president?s legal authority and threatened to resign from the Bush administration if it was extended without their agreement. After a Hollywood-style confrontation in the hospital room of an ailing John Ashcroft, then the attorney general, Mr. Bush acquiesced to their concerns, and the program was later revived under a different legal theory. That episode came to define Mr. Comey?s tenure and clearly helped win him the job from a Democratic president. ?He joined Bob in standing up for what he believed was right,? Mr. Obama said. ?He was prepared to give up a job he loved rather than be part of something he felt was fundamentally wrong.? But Mr. Comey also authorized or supported other assertive policies during his tenure in Mr. Bush?s Justice Department, and the prospect of his F.B.I. nomination has drawn criticism from the American Civil Liberties Union and some liberal activists in Mr. Obama?s party. That record will surely prove to be a focus of his confirmation hearings, as will newly disclosed programs that gather the telephone numbers and other data, though not the contents, of Americans? telephone calls and the e-mail and other digital information of foreigners located overseas. Senator Charles E. Grassley of Iowa, the top Republican on the Senate Judiciary Committee, which will consider the nomination, praised the choice. ?Mr. Comey?s experience on national security issues will be a benefit as the F.B.I. continues to focus on preventing terrorism,? Mr. Grassley said in a statement released before Mr. Obama?s formal announcement. ?And he?s previously dealt with these matters with integrity and shown a willingness to stand his ground if necessary.? Still, Mr. Grassley hinted at possible questions to come during the confirmation process. ?I?m still interested in his recent work in the hedge fund industry,? he said. ?Perhaps Mr. Comey will turn around the administration?s abysmal efforts to criminally prosecute Wall Street for its part in the economic downturn.? Mr. Mueller, who took over the F.B.I. just a week before the 2001 attacks on New York and the Pentagon, transformed the bureau from a crime-fighting outfit to a counterterrorism agency. ?Countless Americans are alive today and our country is more secure because of the F.B.I.'s outstanding work under he leadership of Bob Mueller,? the president said. Praising Mr. Mueller as ?a giant? who remade the bureau to take on the threats of a new era, Mr. Comey in brief remarks said, ?I will do my very best to honor and protect that legacy.? Mr. Comey first gained significant public notice in the late 1990s for spearheading a program in Richmond, Va., that moved prosecutions of firearm cases from state to federal courts, where defendants faced higher sentences. The program helped reduce the homicide rate in Richmond, which had been plagued by one of the highest rates in the country. The Clinton administration lauded the program, and federal prosecutors across the country copied it. In 2001, Mr. Ashcroft asked Mr. Comey to take over the government?s prosecution of the 1996 terrorist bombing at Khobar Towers in Saudi Arabia, in which 19 American service members were killed. Although prosecutors in Washington had failed to make much progress on the case, Mr. Comey and a colleague quickly rebuilt it and within three months indicted 14 men. That case heightened his profile, and in late 2001 Mr. Bush appointed Mr. Comey to one of the highest-profile roles in the Justice Department: the United States attorney for the Southern District of New York. In that role, Mr. Comey oversaw the prosecution of terrorists, Martha Stewart, executives from WorldCom and drug dealers. In 2003, Mr. Bush appointed him to be Mr. Ashcroft?s top deputy in Washington. After leaving the government in 2005, Mr. Comey worked as the general counsel for Lockheed Martin and later as the general counsel for Bridgewater Associates, a large hedge fund in Connecticut. Since leaving that job this year, Mr. Comey has been a national security fellow at Columbia Law School. In May, Mr. Comey was interviewed by Mr. Obama in the Oval Office. The president formally offered him the job in a second meeting, which occurred on May 20. After it was publicly revealed in late May that he would be the nominee, the F.B.I. began an extensive background check on him, which was recently completed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jun 22 13:55:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jun 2013 14:55:33 -0400 Subject: [Infowarrior] - Greenwald commentary on Snowden charges Message-ID: <3F1A0375-8961-48C6-9631-AF00AF9D27F7@infowarrior.org> (The last few paragraphs are spot-on, IMHO. --rick) On the Espionage Act charges against Edward Snowden Who is actually bringing 'injury to America': those who are secretly building a massive surveillance system or those who inform citizens that it's being done? ? Glenn Greenwald ? guardian.co.uk, Saturday 22 June 2013 07.18 EDT http://www.guardian.co.uk/commentisfree/2013/jun/22/snowden-espionage-charges The US government has charged Edward Snowden with three felonies, including two under the Espionage Act, the 1917 statute enacted to criminalize dissent against World War I. My priority at the moment is working on our next set of stories, so I just want to briefly note a few points about this. Prior to Barack Obama's inauguration, there were a grand total of three prosecutions of leakers under the Espionage Act (including the prosecution of Dan Ellsberg by the Nixon DOJ). That's because the statute is so broad that even the US government has largely refrained from using it. But during the Obama presidency, there are now seven such prosecutions: more than double the number under all prior US presidents combined. How can anyone justify that? For a politician who tried to convince Americans to elect him based on repeated pledges of unprecedented transparency and specific vows to protect "noble" and "patriotic" whistleblowers, is this unparalleled assault on those who enable investigative journalism remotely defensible? Recall that the New Yorker's Jane Mayer said recently that this oppressive climate created by the Obama presidency has brought investigative journalism to a "standstill", while James Goodale, the General Counsel for the New York Times during its battles with the Nixon administration, wrote last month in that paper that "President Obama will surely pass President Richard Nixon as the worst president ever on issues of national security and press freedom." Read what Mayer and Goodale wrote and ask yourself: is the Obama administration's threat to the news-gathering process not a serious crisis at this point? Few people - likely including Snowden himself - would contest that his actions constitute some sort of breach of the law. He made his choice based on basic theories of civil disobedience: that those who control the law have become corrupt, that the law in this case (by concealing the actions of government officials in building this massive spying apparatus in secret) is a tool of injustice, and that he felt compelled to act in violation of it in order to expose these official bad acts and enable debate and reform. But that's a far cry from charging Snowden, who just turned 30 yesterday, with multiple felonies under the Espionage Act that will send him to prison for decades if not life upon conviction. In what conceivable sense are Snowden's actions "espionage"? He could have - but chose not - sold the information he had to a foreign intelligence service for vast sums of money, or covertly passed it to one of America's enemies, or worked at the direction of a foreign government. That is espionage. He did none of those things. What he did instead was give up his life of career stability and economic prosperity, living with his long-time girlfriend in Hawaii, in order to inform his fellow citizens (both in America and around the world) of what the US government and its allies are doing to them and their privacy. He did that by very carefully selecting which documents he thought should be disclosed and concealed, then gave them to a newspaper with a team of editors and journalists and repeatedly insisted that journalistic judgments be exercised about which of those documents should be published in the public interest and which should be withheld. That's what every single whistleblower and source for investigative journalism, in every case, does - by definition. In what conceivable sense does that merit felony charges under the Espionage Act? The essence of that extremely broad, century-old law is that one is guilty if one discloses classified information "with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation". Please read this rather good summary in this morning's New York Times of the worldwide debate Snowden has enabled - how these disclosures have "set off a national debate over the proper limits of government surveillance" and "opened an unprecedented window on the details of surveillance by the NSA, including its compilation of logs of virtually all telephone calls in the United States and its collection of e-mails of foreigners from the major American Internet companies, including Google, Yahoo, Microsoft, Apple and Skype" - and ask yourself: has Snowden actually does anything to bring "injury to the United States", or has he performed an immense public service? The irony is obvious: the same people who are building a ubiquitous surveillance system to spy on everyone in the world, including their own citizens, are now accusing the person who exposed it of "espionage". It seems clear that the people who are actually bringing "injury to the United States" are those who are waging war on basic tenets of transparency and secretly constructing a mass and often illegal and unconstitutional surveillance apparatus aimed at American citizens - and those who are lying to the American people and its Congress about what they're doing - rather than those who are devoted to informing the American people that this is being done. The Obama administration leaks classified information continuously. They do it to glorify the President, or manipulate public opinion, or even to help produce a pre-election propaganda film about the Osama bin Laden raid. The Obama administration does not hate unauthorized leaks of classified information. They are more responsible for such leaks than anyone. What they hate are leaks that embarrass them or expose their wrongdoing. Those are the only kinds of leaks that are prosecuted. It's a completely one-sided and manipulative abuse of secrecy laws. It's all designed to ensure that the only information we as citizens can learn is what they want us to learn because it makes them look good. The only leaks they're interested in severely punishing are those that undermine them politically. The "enemy" they're seeking to keep ignorant with selective and excessive leak prosecutions are not The Terrorists or The Chinese Communists. It's the American people. The Terrorists already knew, and have long known, that the US government is doing everything possible to surveil their telephonic and internet communications. The Chinese have long known, and have repeatedly said, that the US is hacking into both their governmental and civilian systems (just as the Chinese are doing to the US). The Russians have long known that the US and UK try to intercept the conversations of their leaders just as the Russians do to the US and the UK. They haven't learned anything from these disclosures that they didn't already well know. The people who have learned things they didn't already know are American citizens who have no connection to terrorism or foreign intelligence, as well as hundreds of millions of citizens around the world about whom the same is true. What they have learned is that the vast bulk of this surveillance apparatus is directed not at the Chinese or Russian governments or the Terrorists, but at them. And that is precisely why the US government is so furious and will bring its full weight to bear against these disclosures. What has been "harmed" is not the national security of the US but the ability of its political leaders to work against their own citizens and citizens around the world in the dark, with zero transparency or real accountability. If anything is a crime, it's that secret, unaccountable and deceitful behavior: not the shining of light on it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 23 11:12:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jun 2013 12:12:57 -0400 Subject: [Infowarrior] - Snowden in Moscow Message-ID: Snowden leaves Hong Kong, frustrating U.S. extradition effort 2:51am EDT By James Pomfret and Lidia Kelly http://www.reuters.com/article/2013/06/23/us-usa-security-flight-idUSBRE95M02H20130623 HONG KONG/MOSCOW | Sun Jun 23, 2013 12:05pm EDT (Reuters) - An aircraft believed to be carrying Edward Snowden landed in Moscow on Sunday after Hong Kong let fugitive former U.S. security contractor leave the territory, frustrating Washington's efforts to extradite him on espionage charges. The anti-secrecy group WikiLeaks said Snowden was heading for a "democratic nation" which it did not name, although a source at the Russian airline Aeroflot said he would fly on within 24 hours to Cuba and then planned to go to Venezuela. Snowden's departure from Hong Kong, a former British colony which returned to China in 1997, is likely to be highly embarrassing for the administration of President Barack Obama. U.S. authorities had said only on Saturday they were optimistic Hong Kong would cooperate over Snowden, who revealed extensive U.S. government surveillance in the United States and abroad. Moscow airport officials said the flight from Hong Kong had landed but could not immediately confirm Snowden was on board. However, a source at Aeroflot said he had booked a seat on the service. Snowden, who worked for the National Security Agency, had been hiding in Hong Kong since leaking details about the U.S. surveillance activities to news media. In their statement announcing Snowden's departure, the Hong Kong authorities said they were seeking clarification from Washington about reports of U.S. spying on government computers in the territory. The Obama administration has previously painted the United States as a victim of Chinese government computer hacking. Earlier this month Obama called on his Chinese counterpart Xi Jinping to acknowledge the threat posed by "cyber-enabled espionage" against the United States and to investigate the problem when they met in California. Obama also met Russian President Vladimir Putin in Northern Ireland last week. A spokesman for the Hong Kong government said it had allowed the departure of Snowden - regarded by his supporters as a whistleblower and by his critics as a criminal and perhaps even a traitor - because the U.S. request to have him arrested did not comply with the law. In Washington, a Justice Department official said it would seek cooperation with countries Snowden may try to go to. "It's a shocker," said Simon Young, a law professor with Hong Kong University. "I thought he was going to stay and fight it out. The U.S. government will be irate." OBAMA AGENDA SIDELINED Obama has found his domestic and international policy agenda sidelined as he has scrambled to deflect accusations that the surveillance violates privacy protections and civil rights. The president has maintained it has been necessary to thwart attacks on the United States, and the U.S. government filed espionage charges against Snowden on Friday. A source at Aeroflot said Snowden would fly from Moscow to Cuba on Monday and then planned to go on to Venezuela. Reporters at Moscow's Sheremetyevo airport said there was no immediate sign of Snowden, but Russian media suggested he may have been whisked away by car to a foreign embassy in the capital. Hong Kong's South China Morning Post newspaper said earlier his final destination might be Ecuador or Iceland. The WikiLeaks anti-secrecy website said it helped Snowden find "political asylum in a democratic country". The group said he was accompanied by diplomats and was travelling via a safe route for the purposes of seeking asylum. Sarah Harrison, a legal researcher working for the WikiLeaks, was "accompanying Mr. Snowden in his passage to safety". "The WikiLeaks legal team and I are interested in preserving Mr Snowden's rights and protecting him as a person," former Spanish judge Baltasar Garzon, legal director of WikiLeaks and lawyer for the group's founder Julian Assange, said in a statement. "What is being done to Mr Snowden and to Mr Julian Assange - for making or facilitating disclosures in the public interest - is an assault against the people." Assange has taken sanctuary in the Ecuadorean embassy in London and said last week he would not leave even if Sweden stopped pursuing sexual assault claims against him because he feared arrest on the orders of the United States. U.S. authorities have charged Snowden with theft of U.S. government property, unauthorized communication of national defense information and willful communication of classified communications intelligence to an unauthorized person, with the latter two charges falling under the U.S. Espionage Act. The United States had asked Hong Kong, a special administrative region (SAR) of China, to send Snowden home. "The U.S. government earlier on made a request to the HKSAR government for the issue of a provisional warrant of arrest against Mr Snowden," the Hong Kong government said in a statement. "Since the documents provided by the U.S. government did not fully comply with the legal requirements under Hong Kong law, the HKSAR government has requested the U.S. government to provide additional information ... As the HKSAR government has yet to have sufficient information to process the request for provisional warrant of arrest, there is no legal basis to restrict Mr Snowden from leaving Hong Kong." It did not say what further information it needed. The White House had no comment. CHINA SAYS U.S. "BIGGEST VILLAIN" Although Hong Kong has an independent legal system and its own extradition laws, China controls its foreign affairs. Some observers see Beijing's hand in Snowden's sudden departure. Iceland refused on Friday to say whether it would grant asylum to Snowden, a former employee of contractor Booz Allen Hamilton who worked at an NSA facility in Hawaii. Putin's spokesman, Dmitry Peskov, said earlier this month that Russia would consider granting Snowden asylum if he were to ask for it and pro-Kremlin lawmakers supported the idea, but there has been no indication he has done so. The South China Morning Post earlier quoted Snowden offering new details about the United States' spy activities, including accusations of U.S. hacking of Chinese mobile telephone companies and targeting China's Tsinghua University. Documents previously leaked by Snowden revealed that the NSA has access to vast amounts of internet data such as emails, chat rooms and video from large companies, including Facebook and Google, under a government program known as Prism. China's Xinhua news agency, referring to Snowden's accusations about the hacking of Chinese targets, said they were "clearly troubling signs". It added: "They demonstrate that the United States, which has long been trying to play innocent as a victim of cyber attacks, has turned out to be the biggest villain in our age." Venezuela, Cuba and Ecuador are all members of the ALBA bloc, an alliance of leftist governments in Latin America who pride themselves on their "anti-imperialist" credentials. (Additional reporting by Fayen Wong in Shanghai, Nishant Kumar in Hong Kong and Andrew Cawthorne in Caracas; Alexei Anishchuk and Steve Gutterman in Moscow, and Tabassum Zakaria and Mark Felsenthal in Washington; Writing by Nick Macfie and David Stamp; Editing by Anna Willard) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 23 11:17:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jun 2013 12:17:20 -0400 Subject: [Infowarrior] - For secretive surveillance court, rare scrutiny in wake of NSA leaks Message-ID: <68E142AA-CD5B-44E9-A2E9-5557342BFDB0@infowarrior.org> For secretive surveillance court, rare scrutiny in wake of NSA leaks By Peter Wallsten, Carol D. Leonnig and Alice Crites http://www.washingtonpost.com/politics/for-secretive-surveillance-court-rare-scrutiny-in-wake-of-nsa-leaks/2013/06/22/df9eaae6-d9fa-11e2-a016-92547bf094cc_print.html Wedged into a secure, windowless basement room deep below the Capitol Visitors Center, U.S. District Court Judge John Bates appeared before dozens of senators earlier this month for a highly unusual, top-secret briefing. The lawmakers pressed Bates, according to people familiar with the session, to discuss the inner workings of the United States? clandestine terrorism surveillance tribunal, which Bates oversaw from 2006 until earlier this year. Bates had rarely spoken of his sensitive work. He reluctantly agreed to appear at the behest of Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who arranged the session after new disclosures that the court had granted the government broad access to millions of Americans? telephone and Internet communications. The two-hour meeting on June 13 featuring Bates and two top spy agency officials ? prompted by reports days earlier by The Washington Post and Britain?s Guardian newspaper about the vast reach of the programs ? reflects a new and uncomfortable reality for the Foreign Intelligence Surveillance Court and its previously obscure members. Within the past month, lawmakers have begun to ask who the court?s judges are, what they do, why they have almost never declined a government surveillance request and why their work is so secretive. The public is getting a peek into the little-known workings of a powerful and mostly invisible government entity. And it is seeing a court whose secret rulings have in effect created a body of law separate from the one on the books ? one that gives U.S. spy agencies the authority to collect bulk information about Americans? medical care, firearms purchases, credit card usage and other interactions with business and commerce, according to Sen. Ron Wyden (D-Ore.). ?The government can get virtually anything,? said Wyden, who as a member of the Senate Intelligence Committee is allowed to read many of the court?s classified rulings. ?Health, guns, credit cards ? my reading is not what has been done, it?s what can be done.? Members of Congress from both parties are pursuing legislation to force the court?s orders into the open and have stepped up demands that the Obama administration release at least summaries of the court?s opinions. Critics, including some with knowledge of the court?s internal operations, say the court has undergone a disturbing shift. It was created in 1978 to handle routine surveillance warrants, but these critics say it is now issuing complex, classified, Supreme Court-style rulings that are quietly expanding the government?s reach into the private lives of unwitting Americans. Surveillance court judges are selected from the pool of sitting federal judges by the chief justice of the United States, as is required by the law that established the panel. There is no additional confirmation process. Members serve staggered terms of up to seven years. Typical federal courts are presided over by judges nominated by presidents and confirmed by the Senate. Cases are argued by two opposing sides; judges issue orders and opinions that can be read, analyzed and appealed; and appellate opinions set precedents that shape American jurisprudence. The surveillance court is a different world of secret case law, non-adversarial proceedings, and rulings written by individual judges who rarely meet as a panel. Judges generally confer only with government lawyers, and out of public view. Yet the judges have the power to interpret the Constitution and set long-lasting and far-reaching precedent on matters involving Americans? rights to privacy and due process under the Fourth Amendment. And this fast-growing body of law is almost entirely out of view of legal scholars and the public. Most Americans do not have access to the judiciary?s full interpretation of the Constitution on matters of surveillance, search and seizure when it comes to snooping for terrorist plots ? and are limited in their ability to challenge it. All 11 of the current members were tapped by Chief Justice John G. Roberts Jr. Ten were originally appointed to the federal bench by Republican presidents. Six are former prosecutors. ?The judges that are assigned to this court are judges that are not likely to rock the boat,? said Nancy Gertner, a former federal judge from Massachusetts who teaches at Harvard Law School. Gertner, a former defense and civil rights lawyer named to the bench by Democrat Bill Clinton, added: ?All of the structural pressures that keep a judge independent are missing there. It?s ?one-sided, secret, and the judges are chosen in a selection process by one man.? Steven Aftergood, director of the government secrecy program at the Federation of American Scientists, called the court ?an astonishing departure from what we thought we knew about the judiciary.? Defending the court Several current and former members of the court, as well as government officials, reject the criticism. They say internal checks are built into the system to ensure Americans? rights are not violated. The court?s current chief, D.C. District Court Judge Reggie B. Walton, was so perturbed about recent critiques of the court that he issued a rare public statement in the wake of newspaper reports about the court?s approval of the phone and Internet surveillance programs. ?The perception that the court is a rubber stamp is absolutely false,? Walton said. ?There is a rigorous review process of applications submitted by the executive branch, spearheaded initially by five judicial branch lawyers who are national security experts and then by the judges, to ensure that the court?s authorizations comport with what the applicable statutes authorize.? Administration officials echoed those sentiments last week during a public hearing before the House Intelligence Committee, telling lawmakers that the process of seeking approval for a new warrant takes extensive time and effort. The judges ?push back a lot,? said Deputy Attorney General James Cole. ?These are very thick applications that have a lot in them. And when they see anything that raises an issue, they will push back and say, ?We need more information.??? Roberts and an aide vet judges as candidates for the secret court. The contenders, who have undergone Senate confirmation for their original judicial posts, are screened again using an unusually exhaustive FBI background check that examines their lives ?going back to birth,? according to a person with knowledge of the process. Candidates are told to withdraw if anything in their lives could prove embarrassing ? the chief justice reads each FBI report. He has rejected candidates for traits such as excessive alcohol use, the person said. The court was expanded from seven judges after the attacks of Sept. 11, 2001. At least three of the judges must live in the Washington area to ensure that a judge is always personally reachable by government officials in case of emergencies. Court members also continue to manage their regular dockets as district judges. One of the most recent appointees, Judge Michael W. Mosman of Oregon, drew attention in 2008 when, in his position as a district court judge, he temporarily blocked a new state law allowing gay people to obtain domestic-partnership status. Days after U.S. District Judge Rosemary M. Collyer?s March appointment to the secret court, her decision in a high-profile case involving government secrecy was overturned. She had ruled that the CIA could keep secret its list of drone targets, but a higher court overruled her. Another member is Susan Webber Wright, the Arkansas judge who presided over the Paula Jones sexual-harassment suit against Clinton and famously held the president in contempt. Walton is a former prosecutor who sentenced former Richard B. Cheney adviser I. Lewis ?Scooter? Libby to more than two years in prison for his role in the Valerie Plame leak case. President George W. Bush later commuted Libby?s sentence. Court officials reject suggestions that the judges reflect any partisan or ideological bent. They note that two former presiding judges ? Joyce Hens Green and Colleen Kollar-Kotelly ? were appointed to the federal bench by Democratic presidents. Neither is currently on the surveillance court. Judges say they take the roles seriously. ?There?s no question that every judge who has ever served on this court has thought it was the most significant thing they?ve ever done as a judge,? U.S. District Judge Royce C. Lamberth said in a rare public interview on the subject posted on a federal court Web site in 2002. ?When I did the hearings on the embassy bombings in Africa, we started the hearings in my living room at 3:00 in the morning. And some of the taps I did that night turned out to be very significant and were used in the New York trials of the people indicted for the bombings.? Tensions have bubbled to the surface in recent days, with some of the court?s judges privately expressing frustration that it has become the center of attention and an object of criticism. They note that Congress helped pass the laws allowing the government?s broad spying powers and that the administration instructs the court to keep its inner workings secret. Walton, who took over as chief earlier this year, issued an order last month demanding that the Obama administration respond to a request from a civil liberties group, the Electronic Frontier Foundation, for the release of a classified ruling in which the court found that the government had engaged in unconstitutional surveillance of Americans. The court has even taken the rare step over the past two weeks of creating a public docket Web page featuring the Electronic Frontier Foundation case as well as a separate, new motion brought by the American Civil Liberties Union seeking records of the phone surveillance program. Bates?s June 13 appearance before lawmakers came after Feinstein, a staunch defender of the program, called Roberts to request that he dispatch Bates to the briefing. The session was open to all senators; 47 attended, according to someone familiar with the meeting. Bates, a former prosecutor and Bush-appointed judge in the D.C. district court, rebuffed several questions about the court?s orders, telling senators they should address their questions to executive branch officials, according to people briefed on the session. He stressed that the government?s collection and surveillance programs were classified as top-secret by the Obama administration, not by the judiciary. Still, the government almost always gets much of what it wants from the court. In 2012, the court received 1,789 requests for electronic surveillance, according to the annual report it files with the Senate. One was withdrawn. The rest were approved, sometimes after back-and-forth interactions in which judges required the government to tweak or scale back its plans. Significant opinions in recent years have been sent to congressional intelligence committee members but remain classified. ?Expansive? rulings Now, outside critics, lawmakers and some with internal knowledge of the court are starting to push for an overhaul. Wyden said the surveillance court has issued ?pretty stunning rulings, rulings that I think are about as expansive as anything you can imagine.? Wyden pointed to court orders authorizing collection of bulk phone data, which The Post reported had dated to 2006, as indicators of the court?s broad view of government powers. At issue is a provision of the Patriot Act, passed by Congress after the Sept. 11 attacks, which permitted the FBI to compel the production of ?business records? deemed relevant to terrorism and espionage investigations and to share those with intelligence officials. Those orders followed a turbulent time for the secret court. Some judges were outraged that they had not been aware of the Bush administration?s warrantless wiretapping operation, which was first reported by the New York Times in late 2005. One member of the panel, U.S. District Judge James Robertson, resigned in protest, confiding to colleagues that he was concerned the program may have been illegal and could have tainted the court?s work. One person close to the court, speaking on the condition of anonymity to discuss the secretive body, said the newly revealed orders indicate a shift in which the court blesses the bulk collection of Americans? communications data to make investigations easier rather than weighing the merits of violating the privacy of one person on a case-by-case basis. Before this change, the person said, ?it was one warrant at a time.? The court?s under-the-radar approach proved a particular challenge this spring to the Electronic Frontier Foundation when it sought to file its motion seeking release of the prior finding of the unlawful government surveillance. It turned out that the mere act of finding the court proved a steep hurdle. Repeated calls to the court clerk from the foundation went unreturned, said David Sobel, an attorney for the group. The group wound up submitting the motion through a staffer at the Justice Department, whose officials were actively opposing the group?s efforts. ?We never had any direct contact with the court,? Sobel said, ?and the other party in the proceeding was the gatekeeper.? Chief Justice Roberts himself signaled some discomfort with the system during his 2005 confirmation hearings. ?I?ll be very candid,? he told senators. ?When I first learned about the FISA court, I was surprised. It?s not what we usually think of when we think of a court. We think of a place where we can go, we can watch, the lawyers argue, and it?s subject to the glare of publicity. And the judges explain their decision to the public and they can examine them. That?s what we think of as a court.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 23 18:42:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jun 2013 19:42:12 -0400 Subject: [Infowarrior] - TN official: Water complaints could be 'act of terrorism' Message-ID: <0B7660ED-741A-4D22-8101-F3BF57CC6A36@infowarrior.org> Official: Water complaints could be 'act of terrorism' Mt. Pleasant residents say state is attempting to silence its critics Jun. 21, 2013 http://www.tennessean.com/article/20130621/NEWS02/306210110/Official-Water-complaints-could-act-terrorism-?gcheck=1 A Tennessee Department of Environment and Conservation deputy director warned a group of Maury County residents that unfounded complaints about water quality could be considered an ?act of terrorism.? ?We take water quality very seriously. Very, very seriously,? said Sherwin Smith, deputy director of TDEC?s Division of Water Resources, according to audio recorded by attendees. ?But you need to make sure that when you make water quality complaints you have a basis, because federally, if there?s no water quality issues, that can be considered under Homeland Security an act of terrorism.? ?Can you say that again, please?? an audience member can be heard asking on the audio. Smith went on in the recording to repeat the claim almost verbatim. The audio was recorded May 29 by Statewide Organizing for Community eMpowerment, a Knoxville-based civic action group that had been working with Maury County residents to tackle water quality complaints in Mount Pleasant. Residents there have complained to the state for months, saying some children had become ill drinking the water. The meeting was organized by State Rep. Sheila Butt, R-Columbia, and attended by residents, TDEC and local officials. TDEC said it was looking into what had been said at the meeting and that Smith would not be available for comment. ?In terms of the comments made by a member of the Water Resources Division at the meeting, we are just receiving the information and looking into this on our end,? spokeswoman Meg Lockhart said. ?The department would like to fully assess what was said in the meeting. I am told that the meeting was far longer than the audio clip provided by SOCM and that Mr. Smith actually clarified his remarks. But again, we are looking into it.? The comment shocked and outraged attendees, who saw it as an attempt to silence complaints, said Brad Wright, organizer for SOCM in Middle Tennessee. ?I think it?s just to quash us complicating life for them,? he said. Joycelene Johns, 68, has lived in Mount Pleasant off and on for about 30 years and has put up with cloudy, odd-tasting water for years. ?I?ll drink it,? she said, ?but I pray before the first sip.? But she said Smith?s comments had been harder to stomach than her drinking water. ?I was sitting there with my mouth open,? she said. ?I couldn?t believe he was saying that.? The message she took away was: ?Leave us alone. Don?t come back anymore. We?re not going to continue on dealing with whatever problem you may have.? Rep. Butt, who organized the meeting, also was shocked. ?I think that we need to be very careful with how we use the words ?terrorist? and ?terrorism,? ? she said. ?I thought it was out of context. That did not apply to anything that we were discussing at the meeting.? Butt said the water issue had been marred by ?communication breakdowns? by both sides, which wouldn?t be made easier with such inflammatory comments being made. Contact Brian Haas at 615-726-8968 or bhaas at tennessean.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 24 07:24:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jun 2013 08:24:23 -0400 Subject: [Infowarrior] - NSA Now Revealing A Lot More About What It Does Than Snowden Leaks Did; So Is That Harming America? Message-ID: NSA Now Revealing A Lot More About What It Does Than Snowden Leaks Did; So Is That Harming America? from the just-wondering dept http://www.techdirt.com/articles/20130621/10070623554/nsa-now-revealing-lot-more-about-what-it-does-than-snowden-leaks-did-so-is-that-harming-america.shtml One of the key refrains that has come out from those who are unhappy about the revelation of details around the NSA's surveillance efforts is that Edward Snowden's leaks are somehow harmful to America. During hearings about all of this, NSA boss Keith Alexander claimed that "Americans will die" because of these sorts of leaks. But... between those same hearings and other revelations from the administration and Congress, we're actually learning much more about the various programs directly from the government, as information is now being "declassified." And, apparently, President Obama is asking the NSA and the Justice Department to look into declassifying even more. So while the initial shove to declassify information may have come via Snowden, the stuff that we're really learning about is coming through revelations following Snowden's leaks -- revelations that never would have happened without his leaks. So that raises a fairly basic question: if Snowden is somehow a traitor and putting lives at risk... why isn't the other information we're actually learning about the programs equally as problematic? The real answer seems to be that the information Snowden leaked does not harm us at all, but has simply revealed that the government has kept classified information from the American public that never should have been classified at all. The fact that only now are they looking to declassify it (and then doing so) shows pretty clearly that the information was improperly classified in the first place. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 24 07:59:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jun 2013 08:59:07 -0400 Subject: [Infowarrior] - Skybox Message-ID: <16378818-C783-419D-A25D-ACBE9A384984@infowarrior.org> A Silicon Valley startup is launching a fleet of imaging satellites that are cheap, small, and ultra-efficient. Their up- to-the-minute snapshots of the planet will give us data that could upend industries, transform economies?even help predict the future. http://www.wired.com/wiredscience/2013/06/startup-skybox/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 24 20:51:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jun 2013 21:51:44 -0400 Subject: [Infowarrior] - This Is Not About Edward Snowden Message-ID: This Is Not About Edward Snowden By the Editors Jun 24, 2013 6:05 PM ET http://www.bloomberg.com/news/2013-06-24/this-is-not-about-edward-snowden.html When Edward Snowden leaked classified information about U.S. intelligence programs this month, he became both a criminal and, many would say, a conscientious citizen. His quest to evade American authorities now risks making him a distraction. As of this writing, Snowden?s whereabouts are unknown. He reportedly flew yesterday from Hong Kong to Moscow, but Russia says it has no information about him. Ecuador says he has asked for asylum. What Snowden thinks he?s up to is also in doubt. His asylum application says he can?t expect a fair trial or humane treatment in the U.S. Regardless of whether he?s right, seeking aid from countries not exactly known for respecting the rights of their citizens raises the question of what exactly it is about the U.S.?s treatment of its citizens that is so noxious. Snowden?s location and motives are interesting to speculate about, but they shouldn?t distract attention from what really matters in all this: -- Twelve years after the Sept. 11 attacks (and two years after the killing of Osama bin Laden) the security apparatus created in response is growing, not shrinking. -- The U.S. government is monitoring its citizens? communications on a scale that was previously unknown and is without precedent. -- The Foreign Intelligence Surveillance Court has declined just 11 of the government?s more than 33,900 surveillance requests. -- The legal interpretation of Section 215 of the Patriot Act, which is used by that court to rule on government requests for information, is classified. So the laws that enable this surveillance are themselves, in effect, secret. -- The group meant to guarantee appropriate privacy safeguards, the Privacy and Civil Liberties Oversight Board, was authorized by Congress in 2007, but didn?t get a full-time chairman until last month, and has met with President Barack Obama exactly once. The government has a legitimate interest in pursuing Snowden. His leaks were a crime that has to be prosecuted. In doing so, the Obama administration could also show that Snowden?s concerns about a fair trial (and proportionate charges) are unfounded. Even more important, though, is that Snowden?s revelations have thrown a spotlight on a balance between security and liberty that the government has been striking largely in secret. Snowden started a debate Obama now says he wants. So do we. That?s the discussion that counts. To contact the Bloomberg View editorial board: view at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jun 24 20:56:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jun 2013 21:56:20 -0400 Subject: [Infowarrior] - DOJ's own guidelines not applying to Snowden charges? Message-ID: DOJ Guidelines: Inappropriate To Prosecute Leaking Gov't Information As 'Theft Of Gov't Property' from the umm... dept http://www.techdirt.com/articles/20130624/12345623597/doj-guidelines-inappropriate-to-prosecute-leaking-govt-information-as-theft-govt-property.shtml Well, this is interesting. Last week, of course, it was revealed that the DOJ has charged Ed Snowden for various crimes, including "theft of government property." In fact, Rep. Mike Rogers, the head of the House Intelligence Committee, seems to think this is the key charge, and argues (ridiculously) that the documents "belong to the people of the US" and that Snowden somehow "stole" them by giving the documents to those very same "people of the US." However, as Declan McCullagh points out, the DOJ's own manual very clearly says that it is "inappropriate" to charge people who take government documents and information with theft of government property, in part because that might lead to unfair prosecution of whistleblowers: < - > There are two reasons for the policy. First, it protects "whistle-blowers." Thus, under this policy, a government employee who, for the primary purpose of public exposure of the material, reveals a government document to which he or she gained access lawfully or by non-trespassory means would not be subject to criminal prosecution for the theft. Second, the policy is designed to protect members of the press from the threat of being prosecuted for theft or receipt of stolen property when, motivated primarily by the interest in public dissemination thereof, they publish information owned by or under the custody of the government after they obtained such information by other than trespassory means. And yet, the "theft of government property" seems to be central to the government's charges against Snowden, suggesting that, yet again, the administration is really grasping at straws in trying to charge Snowden with anything it can dig up for daring to blow the whistle on the surveillance program. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 25 07:29:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jun 2013 08:29:08 -0400 Subject: [Infowarrior] - U.S. Surveillance Is Not Aimed at Terrorists Message-ID: <1FBA55B0-0D8E-48A8-9698-BF7C9901C1E4@infowarrior.org> U.S. Surveillance Is Not Aimed at Terrorists By Leonid Bershidsky - Jun 23, 2013 http://www.bloomberg.com/news/print/2013-06-23/u-s-surveillance-is-not-aimed-at-terrorists.html The debate over the U.S. government?s monitoring of digital communications suggests that Americans are willing to allow it as long as it is genuinely targeted at terrorists. What they fail to realize is that the surveillance systems are best suited for gathering information on law-abiding citizens. People concerned with online privacy tend to calm down when told that the government can record their calls or read their e-mail only under special circumstances and with proper court orders. The assumption is that they have nothing to worry about unless they are terrorists or correspond with the wrong people. The infrastructure set up by the National Security Agency, however, may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America?s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use. In a January 2012 report titled ?Jihadism on the Web: A Breeding Ground for Jihad in the Modern Age,? the Dutch General Intelligence and Security Service drew a convincing picture of an Islamist Web underground centered around ?core forums.? These websites are part of the Deep Web, or Undernet, the multitude of online resources not indexed by commonly used search engines. No Data The Netherlands? security service, which couldn?t find recent data on the size of the Undernet, cited a 2003 study from the University of California at Berkeley as the ?latest available scientific assessment.? The study found that just 0.2 percent of the Internet could be searched. The rest remained inscrutable and has probably grown since. In 2010, Google Inc. said it had indexed just 0.004 percent of the information on the Internet. Websites aimed at attracting traffic do their best to get noticed, paying to tailor their content to the real or perceived requirements of search engines such as Google. Terrorists have no such ambitions. They prefer to lurk in the dark recesses of the Undernet. ?People who radicalise under the influence of jihadist websites often go through a number of stages,? the Dutch report said. ?Their virtual activities increasingly shift to the invisible Web, their security awareness increases and their activities become more conspiratorial.? Radicals who initially stand out on the ?surface? Web quickly meet people, online or offline, who drag them deeper into the Web underground. ?For many, finally finding the jihadist core forums feels like a warm bath after their virtual wanderings,? the report said. When information filters to the surface Web from the core forums, it?s often by accident. Organizations such as al-Qaeda use the forums to distribute propaganda videos, which careless participants or their friends might post on social networks or YouTube. Communication on the core forums is often encrypted. In 2012, a French court found nuclear physicist Adlene Hicheur guilty of, among other things, conspiring to commit an act of terror for distributing and using software called Asrar al-Mujahideen, or Mujahideen Secrets. The program employed various cutting-edge encryption methods, including variable stealth ciphers and RSA 2,048-bit keys. The NSA?s Prism, according to a classified PowerPoint presentation published by the Guardian, provides access to the systems of Microsoft Corp. (and therefore Skype), Facebook Inc., Google, Apple Inc. and other U.S. Internet giants. Either these companies have provided ?master keys? to decrypt their traffic - - which they deny -- or the NSA has somehow found other means. Traditional Means Even complete access to these servers brings U.S. authorities no closer to the core forums. These must be infiltrated by more traditional intelligence means, such as using agents posing as jihadists or by informants within terrorist organizations. Similarly, monitoring phone calls is hardly the way to catch terrorists. They?re generally not dumb enough to use Verizon. Granted, Russia?s special services managed to kill Chechen separatist leader Dzhokhar Dudayev with a missile that homed in on his satellite-phone signal. That was in 1996. Modern-day terrorists are generally more aware of the available technology. At best, the recent revelations concerning Prism and telephone surveillance might deter potential recruits to terrorist causes from using the most visible parts of the Internet. Beyond that, the government?s efforts are much more dangerous to civil liberties than they are to al-Qaeda and other organizations like it. (Leonid Bershidsky is an editor and novelist based in Moscow. The opinions expressed are his own.) To contact the writer of this article: Leonid Bershidsky at bershidsky at gmail.com. To contact the editor responsible for this article: Mark Whitehouse at mwhitehouse1 at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jun 25 07:33:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jun 2013 08:33:38 -0400 Subject: [Infowarrior] - Report: Snowden flies to Iceland Message-ID: (Not confirmed anywhere else yet, so take @ face value for now. --rick) NSA whistleblower Edward Snowden flies to Iceland Passed through Norway, not Cuba By Dave Neal Tue Jun 25 2013, 10:40 NSA WHISTLEBLOWER Edward Snowden has flown to Iceland, changing planes in Norway, according to the Norwegian pirate party. Snowden left Hong Kong at the weekend and began a journey to Ecuador, or so we thought. Wikileaks representatives reportedly are travelling with him. However, yesterday the seat where Snowden was supposed to be sitting on a flight bound for Cuba was empty. The Norwegian Pirate Party said that Snowden was a guest of the party in a stopover on his way to Iceland. < - > http://www.theinquirer.net/inquirer/news/2277146/nsa-whistleblower-edward-snowden-flies-to-iceland --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 26 08:03:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jun 2013 09:03:52 -0400 Subject: [Infowarrior] - Adobe's new DRM cracked less than 24 hours after release Message-ID: <562ED33E-BC25-43EC-A2C8-1F473F40A487@infowarrior.org> Adobe's New Subscription Service Goes Live And Is Cracked In Less Than 24 Hours http://www.techdirt.com/articles/20130621/15201423576/adobes-new-subscription-service-goes-live-is-cracked-less-than-24-hours.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jun 26 21:19:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jun 2013 22:19:48 -0400 Subject: [Infowarrior] - Ecuador grants Snowden amnesty travel Message-ID: Looks legit .... not seeing this covered in the news anywhere yet though. http://cryptome.org/2013/06/snowden-safepass.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 07:11:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 08:11:56 -0400 Subject: [Infowarrior] - Networked Resistance: The Case of WikiLeaks Message-ID: <0697F783-0550-44C7-9110-009281F68C8D@infowarrior.org> Networked Resistance: The Case of WikiLeaks Bart Cammaerts Article first published online: 25 JUN 2013 DOI: 10.1111/jcc4.12024 n this article, WikiLeaks is embedded within broader debates relevant to both social movement and mediation theory. First, the nature of the ties between a variety of relevant actors are assessed. Second, the networked opportunities and constraints at a discursive and material level of analysis are highlighted and finally the resistance strategies they employ towards mainstream culture are addressed. It is concluded that at the heart of information and communication resistance a dynamic dialectic can be observed between mediated opportunities for disruptions and attempts of the powers that be to close down these opportunities. Furthermore, it has to be acknowledged that reliance on mainstream actors and structures for exposure, funding or hosting contentious content comes with risks for radical activists. < - > http://onlinelibrary.wiley.com/doi/10.1111/jcc4.12024/full --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 07:11:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 08:11:59 -0400 Subject: [Infowarrior] - License-plate readers let police collect millions of records on drivers Message-ID: <9A915ED7-9FF7-48E1-9488-3768B8AF11A5@infowarrior.org> License-plate readers let police collect millions of records on drivers Ali Winston Contributor Jun 26, 2013 http://cironline.org/reports/license-plate-readers-let-police-collect-millions-records-drivers-4883 When the city of San Leandro, Calif., purchased a license-plate reader for its police department in 2008, computer security consultant Michael Katz-Lacabe asked the city for a record of every time the scanners had photographed his car. The results shocked him. The paperback-size device, installed on the outside of police cars, can log thousands of license plates in an eight-hour patrol shift. Katz-Lacabe said it had photographed his two cars on 112 occasions, including one image from 2009 that shows him and his daughters stepping out of his Toyota Prius in their driveway. That photograph, Katz-Lacabe said, made him ?frightened and concerned about the magnitude of police surveillance and data collection.? The single patrol car in San Leandro equipped with a plate reader had logged his car once a week on average, photographing his license plate and documenting the time and location. At a rapid pace, and mostly hidden from the public, police agencies throughout California have been collecting millions of records on drivers and feeding them to intelligence fusion centers operated by local, state and federal law enforcement. Click for larger image An image captured by a license-plate reader in 2009 shows Katz-Lacabe and his daughters stepping out of a car in their driveway. The photograph made Katz-Lacabe ?frightened and concerned about the magnitude of police surveillance and data collection,? he says. Credit: San Leandro Police Department photo courtesy of Michael Katz-Lacabe With heightened concern over secret intelligence operations at the National Security Agency, the localized effort to track drivers highlights the extent to which the government has committed to collecting large amounts of data on people who have done nothing wrong. A year ago, the Northern California Regional Intelligence Center ? one of dozens of law enforcement intelligence-sharing centers set up after the terrorist attacks of Sept. 11, 2001 ? signed a $340,000 agreement with the Silicon Valley firm Palantir to construct a database of license-plate records flowing in from police using the devices across 14 counties, documents and interviews show. The extent of the center?s data collection has never been revealed. Neither has the involvement of Palantir, a Silicon Valley firm with extensive ties to the Pentagon and intelligence agencies. The CIA?s venture capital fund, In-Q-Tel, has invested $2 million in the firm. The jurisdictions supplying license-plate data to the intelligence center stretch from Monterey County to the Oregon border. According to contract documents, the database will be capable of handling at least 100 million records and be accessible to local and state law enforcement across the region. Law enforcement agencies throughout Northern California will be able to access the data, as will state and federal authorities. In the Bay Area, at least 32 government agencies use license-plate readers. The city of Piedmont decided to install them along the border with Oakland, and the Marin County enclave of Tiburon placed plate scanners and cameras on two roads leading into and out of town. Law enforcement agencies throughout the region also have adopted the technology. Police in Daly City, Milpitas and San Francisco have signed agreements to provide data from plate readers to the Northern California Regional Intelligence Center. A Piedmont document indicates that city is also participating, along with Oakland, Walnut Creek, Alameda and the California Highway Patrol. Katz-Lacabe said he believes the records of his movements are too revealing for someone who has done nothing wrong. With the technology, he said, ?you can tell who your friends are, who you hang out with, where you go to church, whether you?ve been to a political meeting.? Lt. Randall Brandt of the San Leandro police said, ?It?s new technology, we?re learning as we go, but it works 100 times better than driving around looking for license plates with our eyes.? The intelligence center database will store license-plate records for up to two years, regardless of data retention limits set by local police departments. Many cities use license-plate readers to enforce parking restrictions or identify motorists who run red lights. Police in New York City have used the readers to catch car thieves and scan parking lots to identify motorists with open warrants. In California, Long Beach police detectives used scanner data to arrest five people in a 2010 homicide. Plate readers in Tiburon identified celebrity chef Guy Fieri?s yellow Lamborghini in March 2011, which allegedly had been stolen from a San Francisco dealership by a teenager who embarked on a crime spree two years ago and now faces attempted murder charges. Sid Heal, a retired commander with the Los Angeles County Sheriff?s Department, oversaw the adoption of plate readers in his agency in the mid-2000s. Heal recalled the dramatic uptick the plate readers made in the auto theft unit?s productivity. ?We found 10 stolen vehicles on the first weekend in 2005 with our antitheft teams,? Heal said. ?I had a hit within 45 minutes.? Before, Heal said, police had to call license plates in to a dispatcher and wait to have the car verified as stolen. Plate readers, Heal said, ?are lightning fast in comparison? and allow officers to run up to 1,200 plates an hour, as opposed to 20 to 50 plates per day previously. But Jennifer Lynch, a staff attorney at the Electronic Frontier Foundation, said the Northern California database raises significant privacy concerns. ?Because so many people in the Bay Area are mobile, it makes it that much more possible to track people from county to county,? Lynch said. In May, the Electronic Frontier Foundation, along with the American Civil Liberties Union of Southern California, sued the Los Angeles County Sheriff?s and Los Angeles Police departments for a week of data gathered and retained in a multiagency network. For now, it?s unknown which agency administers the Los Angeles database, how many agencies contribute or have access to the database, how many records the system retains or how long they are kept. In San Diego, 13 federal and local law enforcement agencies have compiled more than 36 million license-plate scans in a regional database since 2010 with the help of federal homeland security grants. The San Diego Association of Governments maintains the database. Unlike the Northern California database, which retains the data for between one and two years, the San Diego system retains license-plate information indefinitely. ?License-plate data is clearly identifiable to specific individuals,? said Lee Tien, a senior staff attorney at the Electronic Frontier Foundation. ?This is like having your barcode tracked.? Few limits on license-plate data License-plate readers are not subject to the same legal restrictions as GPS devices that can be used to track an individual's movements. The U.S. Supreme Court ruled unanimously last year that lengthy GPS tracking constitutes a Fourth Amendment search and may require a warrant. But plate readers might not fall under such rulings if police successfully argue that motorists have no ?reasonable expectation of privacy? while driving on public roads. Then-California state Sen. Joe Simitian, D-Palo Alto, introduced a bill last year that would have required California police to purge license-plate data after 60 days and applied that rule to companies that collect such data. Law enforcement and private businesses involved in the technology resisted, and the bill died. ?Do we really want to maintain a database that tracks personal movements of law-abiding citizens in perpetuity? That?s the fundamental question here,? said Simitian, now a Santa Clara County supervisor. ?Larger and larger amounts of data collected over longer periods of time provide a very detailed look at the personal movements of private citizens.? While some law enforcement agencies, like the California Highway Patrol, have their own data retention guidelines for license-plate scanners, Simitian said there still is no larger policy that protects the privacy of Californians on the road. ?Public safety and privacy protection are not mutually exclusive,? he said. ?There's a balance to be struck, and most people understand that.? Heal, the retired sheriff?s commander, said that absent clear legal limits on license-plate readers, law enforcement agencies will continue to expand their ability to gather such information. ?A lot of the guidance on this technology ? the court doctrine ? is nonexistent,? Heal said. ?Until that guidance comes, law enforcement is in an exploratory mode.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 10:06:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 11:06:52 -0400 Subject: [Infowarrior] - Leak: '09 NSA IG report on Internet surveillance Message-ID: <35050614-F66A-4185-82F2-BD88E8D466B4@infowarrior.org> NSA collected US email records in bulk for more than two years under Obama ? Secret program launched by Bush continued 'until 2011' ? Fisa court renewed collection order every 90 days Article@ http://www.guardian.co.uk/world/2013/jun/27/nsa-data-mining-authorised-obama Leaked (classified) report@ http://www.guardian.co.uk/world/interactive/2013/jun/27/nsa-inspector-general-report-document-data-collection --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 10:27:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 11:27:52 -0400 Subject: [Infowarrior] - Supporting EFF = security risk? Message-ID: Potential Blind Spots in Clearance Process that Gave Snowden Top-Secret Access The quote below is from Nicole Smith, an "associate attorney at Tully Rinckey PLLC in Washington, D.C., and a former security clearance investigator." <-> In a photograph posted online after Snowden revealed himself, his laptop displays a sticker touting the Electronic Frontier Foundation, a longstanding advocate for online rights and staunch opponent of government surveillance. That would have been enough of a warning sign to make it into his file, Smith says, but investigators wouldn?t have come across it because clearance interviews aren?t performed at their homes: ?You?re not around that person?s personal belongings to make any other additional observations about that person?s characters.? <-> Read more: http://nation.time.com/2013/06/15/potential-blind-spots-in-clearance-process-that-gave-snowden-top-secret-access/#ixzz2XQlNz0rI --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 11:40:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 12:40:08 -0400 Subject: [Infowarrior] - Pandora debunks RIAA royalty 'claims' Message-ID: Pandora and Royalties http://blog.pandora.com/2013/06/26/pandora-and-royalties/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 11:59:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 12:59:39 -0400 Subject: [Infowarrior] - Ecuador breaks US trade pact to thwart 'blackmail' over Edward Snowden Message-ID: <4BB187B7-B7DC-456F-AB13-7818781516CA@infowarrior.org> Ecuador breaks US trade pact to thwart 'blackmail' over Edward Snowden Government renounces Andean Trade Preference Act even as Snowden's prospects of reaching Ecuador from Moscow dimmed ? Rory Carroll in Quito ? guardian.co.uk, Thursday 27 June 2013 12.51 EDT http://www.guardian.co.uk/world/2013/jun/27/ecuador-us-trade-pact-edward-snowden Ecuador has ramped up its defiance of the US over Edward Snowden by waiving preferential trade rights with Washington even as the whistleblower's prospect of reaching Quito dimmed. President Rafael Correa's government said on Thursday it was renouncing the Andean Trade Preference Act to thwart US "blackmail" of Ecuador in the former NSA contractor's asylum request. Officials, speaking at an early morning press conference, also offered a $23m donation for human rights training in the US, a brash riposte to recent US criticism of Ecuador's own human rights record. Betty Tola, the minister of political coordination, said the asylum request had not been processed because Snowden, who is believed to be at Moscow airport, was neither in Ecuador nor at an Ecuadorean embassy or consulate. "The petitioner is not in Ecuadorean territory as the law requires." Tola also said Ecuador had not supplied any travel document or diplomatic letter to Snowden, who is reportedly marooned in Moscow airport's transit lounge because his US passport has been invalidated. A document leaked to Univision on Wednesday showed that someone at Ecuador's consulate in London did issue a safe conduct pass for the fugitive on June 22, as he prepared to leave Hong Kong. The name of the consul general, Fidel Narvaez, was printed but not signed. Tola said it was unauthorised: "Any document of this type has no validity and is the exclusive responsibility of the person who issued it." The renunciation underlined divisions within Ecuador's government between leftists who have embraced Snowden as an anti-imperialist symbol and centrists who fear diplomatic and economic damage. Some in the government are believed to be annoyed that Julian Assange, the WikiLeaks founder who has sheltered at Ecuador's London embassy to avoid extradition, has seized the limelight in the Snowden saga. Assange caught Quito by surprise last week when he announced Snowden had been given a safe conduct pass. Quito replaced its ambassador to London earlier this month in hope of better managing its famous guest. The waiving of preferential trade rights followed threats from members of the US congress to drop the ATPA in July, when it is due for renewal, unless Ecuador toed the line on Snowden. "Ecuador does not accept pressure or threats from anyone, nor does it trade with principles or submit them to mercantile interests, however important those may be," said Fernando Alvarado, the communications secretary. "Ecuador gives up, unilaterally and irrevocably, the said customs benefits." The announcement will enhance President Correa's reputation as a bold leader unafraid to defy the US, just like the late Venezuelan president, Hugo Ch?vez. Tactical calculation lay behind the decision. Even before the Snowden affair Quito feared losing the trade preferences, largely because of Republican antipathy to Ecuador's outspoken socialist leader. "The Ecuadorans got word that renewal of ATPDEA was a long shot in any case, so instead of waiting for rejection, they took the initiative and the high road," said Michael Shifter, of the Inter-American Dialogue. Correa loved a fight and was responding to perceived US hypocrisy and heavy-handedness but had so far refrained from granting Snowden asylum. "He appears to be weighing the political and public relations benefits against the real consequences for Ecuador's economy, should he grant the asylum request." Juan Carlos Calderon, the editorial of Vanguardia, a weekly which has had its offices raided and staff threatened in disputes with the president, said Correa's firebrand image Correa masked shrewd, pragmatic calculation. Even before the Snowden affair the president tried to soothe Ecuadoreans that losing the trade preferences, which exclude thousands of products such as roses, tuna and broccoli from export duty, would have a small impact. Not all are convinced. "This will have serious consequence for Ecuadorean producers," said Ramiro Crespo, director general of Analytica Investments, a Quito-based consultancy. "These products which are exported to the United States have become major industries in Ecuador. If commerce is restricted there's going to be unemployment ? This does not penalise the government, it penalises the people." Additional reporting by Dan Collyns --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 12:35:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 13:35:34 -0400 Subject: [Infowarrior] - Is the NFL trying to lose stadium fans? Message-ID: <08D07E14-238E-454D-8E9C-358BE6DCB9E1@infowarrior.org> Bills fans feel left out in the cold NFL ban on seat cushions after Boston bombings doesn?t sit well with residents facing rain, snow, metal seats at Ralph Wilson Stadium without protection http://www.buffalonews.com/apps/pbcs.dll/article?AID=/20130625/CITYANDREGION/130629397 By Gene Warner | News Staff Reporter on June 25, 2013 - 11:24 PM It?s a tradition as old as Buffalo Bills football, especially for many older fans: Carrying a seat cushion into Ralph Wilson Stadium, or the old War Memorial Stadium, for comfort and protection against the elements during Bills games. Alas, that tradition is now just that ? history. Seat cushions are now banned, and that edict comes from the National Football League, which fears that seat cushions could hide explosive devices. ?I think it?s terrible,? said Ray Deibel, a 96-year-old original Bills season-ticket holder from West Falls. ?The seats are cold, and the cushion gives you some insulation. I can?t imagine them banning cushions for the seats.? Deibel, who still attends most games with daughter Patricia, seemed shocked by the reason for the ban. ?Oh jeepers,? he said about the terrorist concerns. ?I?m all for the inspections, including the body scanning, and the delay in getting into the stadium is worthwhile for safety. But I think that?s ridiculous to ban seat cushions.? Last month, following the Boston Marathon bombings, NFL officials adopted a comprehensive policy limiting the size and type of bags allowed in stadiums. The league?s Committee on Stadium Security unanimously recommended the new rules, designed to enhance public safety and shorten the lines of fans entering the stadiums. Those new guidelines, announced two weeks ago, will take effect beginning with this summer?s preseason games. The seat-cushion ban, found in the middle of the new 10-paragraph policy, states: ?Prohibited items include, but are not limited to: purses larger than a clutch bag, coolers, briefcases, backpacks, fanny packs, cinch bags, seat cushions, luggage of any kind, computer bags and camera bags or any bag larger than the permissible size.? So when the rain and snow pelt Ralph Wilson Stadium, many fans will lose their favorite fanny protection. Bills fans got a slight reprieve late Tuesday, when the NFL told The Buffalo News that fans in Buffalo and Green Bay, who must contend with many metal bleacher-type seats and tough winter weather, will be allowed to bring in Styrofoam seating pads and portable seat backs, as long as neither has covers or pockets. ?The traditional seat cushions still won?t be permitted,? NFL spokesman Brian McCarthy said. The league, at www.nfl.com/allclear, has provided its own FAQ section, to answer fans? questions, including whether seat cushions may be taken into stadiums. ?No, they are not, due to the large size and because the way seat cushions are constructed would allow them to be used to conceal a potential explosive device,? league officials wrote. That will hit especially hard in Buffalo. Thousands of such cushions could be seen at every game, sporting the logos of the Bills, the team?s four Super Bowl appearances or fans? favorite schools. It?s an issue that has brought surprisingly little outcry in Buffalo or around the league, perhaps because the reference to seat cushions was buried in the league policy. Maybe it?s because fans have become used to more prohibitions since 9/11. And perhaps the people most affected ? many of the Bills? older fans ? aren?t as likely to air their gripes on social media. But the issue has moved quickly across Facebook and various websites dealing with the Bills. ?I don?t like it,? said Doug Pagano, of the Town of Tonawanda. ?I don?t think these terrorists are going to put their bombs in seat cushions.? Pagano, 58, a former longtime season-ticket holder who now attends a few home games and one away game each year, explained the need for a cushion in Buffalo?s late fall and early winter weather. ?It makes it more comfortable, because the seats are metal,? he said. ?And whether it?s warm or cold, if it?s raining or snowing, it keeps you drier.? Nancy Flaig, 68, a longtime season-ticker holder from Kenmore, called the new policy ?troublesome? but added that she understands the rationale. She?d rather lose her seat cushion than risk something like the Boston Marathon bombings. Still, she?s concerned about the freedoms being lost. ?They?re doing this in the name of freedom and ... terrorism,? she said. ?They have to be careful. Are we losing our freedoms in the name of terrorism?? Like many other longtime fans, Flaig will miss the seat cushions. She and her husband, Don, carry in their two mementos from the Bills Super Bowl in Atlanta. ?The cushions are your comfort,? she said. ?Those seats aren?t comfortable at all. You can take a blanket, but that won?t help you in the rain.? The terrorism angle has brought plenty of comments on social media, including claims that such policies suggest the terrorists have won. Pagano, the Town of Tonawanda fan, bemoaned the loss of yet another right. ?There are a lot of risks involved in life,? he said. ?You can?t prevent everything. Just because one guy has a bomb in his shoes, why should millions of people have to take off their shoes at airports? You can?t prevent all risks. I think the NFL is going a little bit overboard.? Cynical fans already have pointed out that the Bills and other teams sell their own seat cushions, available for $12 apiece on the Bills website. But it?s tough to imagine fans buying a cushion inside the stadium for one-time use only. Fans have suggested several options, including offering seat cushions for rental inside the stadium, attaching a cushion to each season-ticket holder?s seat or even allowing much smaller cushions. The Bills, though, are waiting to hear more from the league and plan to share many of the new guidelines with fans as the preseason opener approaches. What kind of reaction have the Bills had from their fans so far, as word seeped out about the cushions? ?They understand the bag policy, and they understand the public-safety aspect, but they?re expressing some concerns about the cushions,? said Andy Major, the team?s vice president of event operations and guest experience. ?We?re very open to all ideas and suggestions on improving the fans? experience. It?s part of our normal routine.? NFL officials noted Tuesday that the new policy was devised during the annual off-season review of league security measures by NFL security personnel and team officials. ?During the review, the Boston Marathon bombings occurred,? NFL spokesman McCarthy said. ?That led our security personnel to move forward, to change the types and sizes of bags being brought into stadiums.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 12:57:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 13:57:42 -0400 Subject: [Infowarrior] - Pilots Want To Know Why The DHS/CBP Are Searching Their Planes Without Warrants Message-ID: <9745253B-825C-43C9-9E74-E69EFBE749FE@infowarrior.org> Pilots Want To Know Why The DHS/CBP Are Searching Their Planes Without Warrants http://www.techdirt.com/articles/20130619/18242823539/this-will-obviously-be-something-different-then.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 20:17:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 21:17:33 -0400 Subject: [Infowarrior] - DOJ targets general in Stuxnet leak probe Message-ID: <06BE8ABF-C8F3-4AF5-9B34-DF080AF799CF@infowarrior.org> Justice Dept. targets general in leak probe By Greg Miller and Sari Horwitz http://www.washingtonpost.com/world/national-security/justice-dept-targets-general-in-leak-probe/2013/06/27/9ad8bc4e-df7c-11e2-b2d4-ea6d8f477a01_print.html A retired four-star Marine Corps general who served as the nation?s second-ranking military officer is a target of a Justice Department investigation into a leak of information about a covert U.S.-Israeli cyberattack on Iran?s nuclear program, a senior Obama administration official said. Retired Gen. James E. ?Hoss? Cartwright served as deputy chairman of the Joint Chiefs of Staff and was part of President Obama?s inner circle on a range of critical national security issues before he retired in 2011. The administration official said that Cartwright is suspected of revealing information about a highly classified effort to use a computer virus later dubbed Stuxnet to sabotage equipment in Iranian nuclear enrichment plants. Stuxnet was part of a broader cyber campaign called Olympic Games that was disclosed by the New York Times last year as one of the first major efforts by the United States to use computer code as a destructive weapon against a key adversary. Cartwright, who helped launch that campaign under President Bush and pushed for its escalation under Obama, was recently informed that he was a ?target? of a wide-ranging Justice Department probe into the leak, according to the senior official, who spoke on the condition of anonymity because the investigation is ongoing. Justice Department officials declined to comment on the case, as did Marcia Murphy, a spokeswoman for the U.S. attorney?s office in Maryland, which is in charge of the investigation. Neither Cartwright nor his attorney, former White House counsel Greg Craig, responded to requests for comment. The revelation, which was first reported by NBC News, means that an administration that has already launched more leaks prosecutions than all of its predecessors combined is now focused on one of its own. Since Obama took office, the Justice Department has prosecuted or charged eight people for alleged violations of the Espionage Act. Cartwright was a regular participant in meetings of top national security officials at the White House and was thought to have significant influence with Obama before being passed over as a possible candidate to become chairman of the Joint Chiefs of Staff. A target is a suspect in a criminal case who has not yet been indicted but is expected to be. Federal prosecutors are not required to tell targets that they are under investigation but it is not uncommon for them to do so in cases when an indictment is likely. The investigation into the Stuxnet leak was launched in June 2012 by Attorney General Eric H. Holder Jr. and gained momentum in recent months amid indications that prosecutors were putting pressure on a range of current and former senior officials suspected of involvement. The leaks surrounding Stuxnet exposed details about what had been one of the most closely held secrets in the U.S. intelligence community, an ambitious effort by the National Security Agency in collaboration with the Israeli government to devise computer code that could cripple Iran?s alleged effort to pursue a nuclear bomb. The malware was designed to infiltrate Iranian computer networks and cause the nation?s centrifuges to spin out of control, causing damage to critical equipment and sowing confusion among Iranian scientists. The campaign is believed to have destroyed as many as 1,000 of Iran?s 6,000 centrifuges at the time. But the virus also escaped those closed systems and was subsequently discovered on the Internet, raising concern about the potential that government-sponsored viruses could cause widespread and unintentional harm. Cartwright, who previously served as head of U.S. Strategic Command, was a principal architect of the campaign. His role, a former senior official said in an interview last year, ?was describing the art of the possible, having a view or vision.? Cartwright, 63, went on to be named to the Pentagon?s No. 2 military post, moving him to the center of policy issues ranging from Iran to the pursuit of al-Qaeda in Pakistan and Yemen. As vice chairman, Cartwright was scorned by many fellow senior generals for opposing a plan in 2009 to dispatch tens of thousands more troops to Afghanistan, putting him at odds with former peers, including Gen. David H. Petraeus, but earning him favor with senior Obama national security aides. Although Obama forged a quick rapport with Cartwright ? White House officials referred to him as the president?s favorite general ? the president chose not to promote him to chairman in 2011, in part because of concern that Cartwright had frayed his relationships with too many senior generals during the surge debate. Within the Pentagon, ?he wasn?t seen as a team player,? said a senior military official who worked on the Joint Staff. After retiring, Cartwright took a position at the Center for Strategic and International Studies and has spoken frequently on national security issues. He has emerged as a growing critic of the Obama administration's expanded use of drones to counter the al-Qaeda threat. At at event in Chicago in March, Cartwright said that the United States was beginning to see ?blowback? from that targeted killing campaign. ?If you?re trying to kill your way to a solution, no matter how precise you are, you?re going to upset people even if they?re not targeted.? Peter Finn, Rajiv Chandrasekaran and Ellen Nakashima contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jun 27 21:04:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jun 2013 22:04:50 -0400 Subject: [Infowarrior] - Pentagon Is Updating Conflict Rules in Cyberspace Message-ID: Pentagon Is Updating Conflict Rules in Cyberspace By THOM SHANKER Published: June 27, 2013 http://www.nytimes.com/2013/06/28/us/pentagon-is-updating-conflict-rules-in-cyberspace.html?hp&_r=0 WASHINGTON ? The Pentagon is updating its classified rules for warfare in cyberspace for the first time in seven years, an acknowledgment of the growing threat posed by computer-network attacks ? and the need for the United States to improve its defenses and increase the nimbleness of its response, the nation?s top military officer said Thursday. The officer, Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, also said that, globally, new regulations were needed to govern actions by the world community in cyberspace. He said that the Chinese did not believe that hacking American systems violated any rules, since no rules existed. Discussing efforts to improve the Pentagon?s tools for digital defense and offense, General Dempsey said the military must be ?able to operate at network speed, rather than what I call swivel-chair speed.? ?Cyber has escalated from an issue of moderate concern to one of the most serious threats to our national security,? he said. ?We now live in a world of weaponized bits and bytes, where an entire country can be disrupted by the click of mouse.? Under a presidential directive, the Pentagon developed ?emergency procedures to guide our response to imminent, significant cyberthreats,? and is ?updating our rules of engagement ? the first update for cyber in seven years,? he said. This effort has resulted in the creation of what General Dempsey called an interagency ?playbook for cyber.? During a speech at the Brookings Institution, a policy research center, General Dempsey said these new ?standing rules of engagement? for military actions remained in draft form, and had not yet been approved. In his first major address on the new, virtual domain of computer warfare, General Dempsey gave an outline of what a significant attack might look like, and how the United States might respond. If the nation?s critical infrastructure came under attack from poisonous code over a computer network from overseas, the first effort would be gathering information on the malware and the systems under attack. Network defenses would be in place, as ?our first instinct will be to pull up the drawbridge and prevent the attack, that is to say, block or defend,? he said. If the attack could not be repulsed, the new playbook calls for ?active defense,? which General Dempsey defined as a ?proportional? effort ?to go out and disable the particular botnet that was attacking us.? It is notable that, in this situation, the line between active defense and offense might be blurry. ?If it became something more widespread and we needed to do something beyond that, it would require interagency consultation and authorities at a higher level in order to do it,? he said. Although these plans are classified, his statement indicated that the rules for responding in an escalated manner in cyberspace, or with a conventional retaliation, would require decisions by the civilian leadership. General Dempsey?s speech drew a clear distinction between the nation?s two major efforts in cyberspace. The military?s role is in defending computer networks and, if so ordered by the president, carrying out offensive attacks. That is related to, but separate from, the intelligence community?s efforts to gather intelligence in cyberspace. Several of those highly classified intelligence-gathering programs were exposed via leaks from a former contract worker for the National Security Agency. Assessing adversaries in cyberspace, General Dempsey said that China, in particular, had chosen a niche in stealing intellectual property. ?Their view is that there are no rules of the road in cyber,? General Dempsey noted. He said American and Chinese officials would meet over coming days to discuss ways to ?to establish some rules of the road, so that we don?t have these friction points in our relationship.? The military headquarters responsible for computer-network warfare, the United States Cyber Command, will grow by 4,000 personnel with an additional investment of $23 billion, General Dempsey said. (Cyber Command and the National Security Agency are led by the same officer, Gen. Keith B. Alexander.) ?We are doing all of this not to address run-of-the mill cyberintrusions, but to stop attacks of significant consequence ? those that threaten life, limb and the country?s core economic functioning,? General Dempsey said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 07:11:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 08:11:48 -0400 Subject: [Infowarrior] - Granick & Sprigman: The Criminal NSA Message-ID: <4B549618-EB94-4DBD-B463-67501B707174@infowarrior.org> June 27, 2013 The Criminal N.S.A. By JENNIFER STISA GRANICK and CHRISTOPHER JON SPRIGMAN http://www.nytimes.com/2013/06/28/opinion/the-criminal-nsa.html Jennifer Stisa Granick is the director of civil liberties at the Stanford Center for Internet and Society. Christopher Jon Sprigman is a professor at the University of Virginia School of Law. THE twin revelations that telecom carriers have been secretly giving the National Security Agency information about Americans? phone calls, and that the N.S.A. has been capturing e-mail and other private communications from Internet companies as part of a secret program called Prism, have not enraged most Americans. Lulled, perhaps, by the Obama administration?s claims that these ?modest encroachments on privacy? were approved by Congress and by federal judges, public opinion quickly migrated from shock to ?meh.? It didn?t help that Congressional watchdogs ? with a few exceptions, like Senator Rand Paul, Republican of Kentucky ? have accepted the White House?s claims of legality. The leaders of the Senate Intelligence Committee, Dianne Feinstein, Democrat of California, and Saxby Chambliss, Republican of Georgia, have called the surveillance legal. So have liberal-leaning commentators like Hendrik Hertzberg and David Ignatius. This view is wrong ? and not only, or even mainly, because of the privacy issues raised by the American Civil Liberties Union and other critics. The two programs violate both the letter and the spirit of federal law. No statute explicitly authorizes mass surveillance. Through a series of legal contortions, the Obama administration has argued that Congress, since 9/11, intended to implicitly authorize mass surveillance. But this strategy mostly consists of wordplay, fear-mongering and a highly selective reading of the law. Americans deserve better from the White House ? and from President Obama, who has seemingly forgotten the constitutional law he once taught. The administration has defended each of the two secret programs. Let?s examine them in turn. Edward J. Snowden, the former N.S.A. contract employee and whistle-blower, has provided evidence that the government has phone record metadata on all Verizon customers, and probably on every American, going back seven years. This metadata is extremely revealing; investigators mining it might be able to infer whether we have an illness or an addiction, what our religious affiliations and political activities are, and so on. The law under which the government collected this data, Section 215 of the Patriot Act, allows the F.B.I. to obtain court orders demanding that a person or company produce ?tangible things,? upon showing reasonable grounds that the things sought are ?relevant? to an authorized foreign intelligence investigation. The F.B.I. does not need to demonstrate probable cause that a crime has been committed, or any connection to terrorism. Even in the fearful time when the Patriot Act was enacted, in October 2001, lawmakers never contemplated that Section 215 would be used for phone metadata, or for mass surveillance of any sort. Representative F. James Sensenbrenner Jr., a Wisconsin Republican and one of the architects of the Patriot Act, and a man not known as a civil libertarian, has said that ?Congress intended to allow the intelligence communities to access targeted information for specific investigations.? The N.S.A.?s demand for information about every American?s phone calls isn?t ?targeted? at all ? it?s a dragnet. ?How can every call that every American makes or receives be relevant to a specific investigation?? Mr. Sensenbrenner has asked. The answer is simple: It?s not. The government claims that under Section 215 it may seize all of our phone call information now because it might conceivably be relevant to an investigation at some later date, even if there is no particular reason to believe that any but a tiny fraction of the data collected might possibly be suspicious. That is a shockingly flimsy argument ? any data might be ?relevant? to an investigation eventually, if by ?eventually? you mean ?sometime before the end of time.? If all data is ?relevant,? it makes a mockery of the already shaky concept of relevance. Let?s turn to Prism: the streamlined, electronic seizure of communications from Internet companies. In combination with what we have already learned about the N.S.A.?s access to telecommunications and Internet infrastructure, Prism is further proof that the agency is collecting vast amounts of e-mails and other messages ? including communications to, from and between Americans. The government justifies Prism under the FISA Amendments Act of 2008. Section 1881a of the act gave the president broad authority to conduct warrantless electronic surveillance. If the attorney general and the director of national intelligence certify that the purpose of the monitoring is to collect foreign intelligence information about any non?American individual or entity not known to be in the United States, the Foreign Intelligence Surveillance Court can require companies to provide access to Americans? international communications. The court does not approve the target or the facilities to be monitored, nor does it assess whether the government is doing enough to minimize the intrusion, correct for collection mistakes and protect privacy. Once the court issues a surveillance order, the government can issue top-secret directives to Internet companies like Google and Facebook to turn over calls, e-mails, video and voice chats, photos, voice?over IP calls (like Skype) and social networking information. Like the Patriot Act, the FISA Amendments Act gives the government very broad surveillance authority. And yet the Prism program appears to outstrip that authority. In particular, the government ?may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States.? The government knows that it regularly obtains Americans? protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target?s ?foreignness? ? as John Oliver of ?The Daily Show? put it, ?a coin flip plus 1 percent.? By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act. How could vacuuming up Americans? communications conform with this legal limitation? Well, as James R. Clapper Jr., the director of national intelligence, told Andrea Mitchell of NBC, the N.S.A. uses the word ?acquire? only when it pulls information out of its gigantic database of communications and not when it first intercepts and stores the information. If there?s a law against torturing the English language, James Clapper is in real trouble. The administration hides the extent of its ?incidental? surveillance of Americans behind fuzzy language. When Congress reauthorized the law at the end of 2012, legislators said Americans had nothing to worry about because the surveillance could not ?target? American citizens or permanent residents. Mr. Clapper offered the same assurances. Based on these statements, an ordinary citizen might think the N.S.A. cannot read Americans? e-mails or online chats under the F.A.A. But that is a government ?fed misunderstanding. A ?target? under the act is a person or entity the government wants information on ? not the people the government is trying to listen to. It?s actually O.K. under the act to grab Americans? messages so long as they are communicating with the target, or anyone who is not in the United States. Leave aside the Patriot Act and FISA Amendments Act for a moment, and turn to the Constitution. The Fourth Amendment obliges the government to demonstrate probable cause before conducting invasive surveillance. There is simply no precedent under the Constitution for the government?s seizing such vast amounts of revealing data on innocent Americans? communications. The government has made a mockery of that protection by relying on select Supreme Court cases, decided before the era of the public Internet and cellphones, to argue that citizens have no expectation of privacy in either phone metadata or in e-mails or other private electronic messages that it stores with third parties. This hairsplitting is inimical to privacy and contrary to what at least five justices ruled just last year in a case called United States v. Jones. One of the most conservative justices on the Court, Samuel A. Alito Jr., wrote that where even public information about individuals is monitored over the long term, at some point, government crosses a line and must comply with the protections of the Fourth Amendment. That principle is, if anything, even more true for Americans? sensitive nonpublic information like phone metadata and social networking activity. We may never know all the details of the mass surveillance programs, but we know this: The administration has justified them through abuse of language, intentional evasion of statutory protections, secret, unreviewable investigative procedures and constitutional arguments that make a mockery of the government?s professed concern with protecting Americans? privacy. It?s time to call the N.S.A.?s mass surveillance programs what they are: criminal. Jennifer Stisa Granick is the director of civil liberties at the Stanford Center for Internet and Society. Christopher Jon Sprigman is a professor at the University of Virginia School of Law. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 07:21:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 08:21:22 -0400 Subject: [Infowarrior] - Army-wide filter of Guardian & related news sites Message-ID: Restricted web access to The Guardian is Armywide, officials say http://www.montereyherald.com/local/ci_23554739/restricted-web-access-guardian-is-army-wide-officials Security concerns cited in blocking Guardian news By PHILLIP MOLNAR Herald Staff Writer Posted: 06/27/2013 03:12:16 PM PDT Updated: 06/27/2013 11:31:45 PM PDT The Army admitted Thursday to not only restricting access to The Guardian news website at the Presidio of Monterey, as reported in Thursday's Herald, but Armywide. Presidio employees said the site had been blocked since The Guardian broke stories on data collection by the National Security Agency. Gordon Van Vleet, an Arizona-based spokesman for the Army Network Enterprise Technology Command, or NETCOM, said in an email the Army is filtering "some access to press coverage and online content about the NSA leaks." He wrote it is routine for the Department of Defense to take preventative "network hygiene" measures to mitigate unauthorized disclosures of classified information. "We make every effort to balance the need to preserve information access with operational security," he wrote, "however, there are strict policies and directives in place regarding protecting and handling classified information." In a later phone call, Van Vleet said the filter of classified information on public websites was "Armywide" and did not originate at the Presidio. Presidio employees described how they could access the U.S. site, www.guardiannews.com, but were blocked from articles, such as those about the NSA, that redirected to the British site. Sources at the Presidio said Jose Campos, the post's information assurance security officer, sent an email to employees early Thursday saying The Guardian's website was blocked by Army Cyber Command "in order to prevent an unauthorized disclosure of classified information." NETCOM is a subordinate to the Army Cyber Command, based in Fort Belvoir, Va., said its website. Campos wrote if an employee accidentally downloaded classified information, it would result in "labor intensive" work, such as the wipe or destruction of the computer's hard drive. He wrote that an employee who downloads classified information could face disciplinary action if found to have knowingly downloaded the material on an unclassified computer. The Guardian's website has classified documents about the NSA's program of monitoring phone records of Verizon customers, a project called Prism which gave the agency "direct access" to data held by Google, Facebook, Apple and others, and more. The source of the leaks, 29-year-old Edward Snowden, is on the run from American authorities. He is a former contractor for the agency. Van Vleet said the department does not determine what sites its personnel can choose to see on the DOD system, but "relies on automated filters that restrict access based on content concerns or malware threats." He said it would not block "websites from the American public in general, and to do so would violate our highest-held principle of upholding and defending the Constitution and respecting civil liberties and privacy." The Guardian declined to comment, but its editor-in-chief, Alan Rusbridger, sent a link to The Herald's story on Twitter. Army Cyber Command: www.arcyber.army.mil/ The Guardian's "The NSA Files" page: www.guardian.co.uk/world/the-nsa-files. Phillip Molnar can be reached at 646-4487 or pmolnar at montereyherald.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 07:22:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 08:22:32 -0400 Subject: [Infowarrior] - ... make that all of DOD now. Message-ID: Defense Department Blocks Access to Guardian News Website to Prevent Viewing of NSA Leaks http://dissenter.firedoglake.com/2013/06/27/defense-department-blocks-access-to-guardian-news-website-to-prevent-viewing-of-nsa-leaks/ From rforno at infowarrior.org Fri Jun 28 09:57:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 10:57:34 -0400 Subject: [Infowarrior] - The real concern: why are so many US government documents classified? Message-ID: The real concern: why are so many US government documents classified? By keeping too many secrets, America has created fertile ground for government distrust and more leaks ? Ronan Farrow ? guardian.co.uk, Friday 28 June 2013 10.37 EDT http://www.guardian.co.uk/commentisfree/2013/jun/28/nsa-surveillance-too-many-documents-classified Senators Mark Udall and Ron Wyden are upset about something, they just can't say what. In a letter sent to the National Security Agency this week about a fact sheet on its surveillance programs, the senators complained about what they refer to only as "the inaccuracy". The inaccuracy is "significant". The inaccuracy could "decrease public confidence in the NSA's openness and its commitment to protecting Americans' constitutional rights". But, because the information underlying it is classified, the inaccuracy can't be described. This is either a frustrating illustration of the absurdities of America's secrecy regime, or the start of a pretty solid vaudeville act. The frenzied public debate over the NSA leaks has focused on the correctness of the government surveillance programs themselves. But America cannot properly debate these and future surveillance efforts until it decides what can be debated. As an official in the first Obama administration, I worked in jobs requiring top secret clearance. I know firsthand how essential secrecy can be to effecting policy goals and how devastating leaks can be. I navigated diplomatic relationships threatened by the indiscriminate release of WikiLeaks documents, and volunteered on the taskforce that sifted through them, piecing together the damage done. But it is also true that a culture of over-classification has shielded too much from public debate and that more could be disclosed without damaging the efficacy of intelligence programs. Trillions of new pages of text are classified each year. More than 4.8 million people now have a security clearance, including low level contractors like Edward Snowden. A committee established by Congress, the Public Interest Declassification Board, warned in December that rampant over-classification is "imped[ing] informed government decisions and an informed public" and, worse, "enabl[ing] corruption and malfeasance". In one instance it documented, a government agency was found to be classifying one petabyte of new data every 18 months, the equivalent of 20m filing cabinets filled with text. It is difficult to argue that all or even most of that information should be classified. By keeping too many secrets, America has created fertile ground for their escape. Already, the Obama administration has been forced to initiate six espionage prosecutions for leaks ? twice as many as every previous administration combined. It has also left the American people disillusioned and mistrustful. This is especially true of a new generation raised in a networked world that has made them expect far greater transparency from the institutions around them. According to a recent Pew Research Center/ USA Today poll, a clear majority of young people (60%) feels that the NSA leaks served the public interest. The leaks illustrate how bad the lack of trust has become - and present an opportunity for greater disclosure. There is no doubt that some secrecy is essential to the efficacy of surveillance programs like those revealed by the NSA leaks. The specific sources and methods of such programs should be protected. However, it is entirely possible to protect those specifics while also broadly disclosing to the public the scope of information subject to collection, and the rationale behind doing so. That level of disclosure should be the norm for future programs, and can still be instated in the case of the current NSA surveillance programs. Two Congressmen ? Democrat Adam Schiff, who sits on the House Intelligence Committee, and Republican Todd Rokita ? introduced a bill last week that would call on the Department of Justice to declassify the legal justifications for NSA surveillance efforts. Universal public disclosure of individual decisions could impede the efficacy of the program, but there is no reason the Department of Justice can't disclose its generalized legal reasoning. That's a drawer in the stadium of filing cabinets that America can safely open. "You can't have 100% security and then have 100% privacy," President Obama said in the days immediately following the leaks. "We're going to have to make some choices as a society." But the government can and should let Americans know what choices it is that they're making. The intelligence community might find Americans, particularly young Americans most suspicious of government institutions, more sympathetic to their delicate balancing act as informed participants. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 10:05:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 11:05:16 -0400 Subject: [Infowarrior] - Who is Leaking More: Edward Snowden or the Government Officials Condemning Him? Message-ID: <5FDA3385-8387-46C9-96C1-5083BDFCFFB8@infowarrior.org> (Digby also notes the "unequal leaking" double-standard @ http://digbysblog.blogspot.com.br/2013/06/chris-hayes-on-leak-double-standard.html) Who is Leaking More: Edward Snowden or the Government Officials Condemning Him? June 28, 2013 By Trevor Timm https://pressfreedomfoundation.org/blog/2013/06/who-leaking-more-edward-snowden-or-government-officials-condemning-him In the month since the Guardian first started reporting on the surveillance documents provided by NSA whistleblower Edward Snowden, the government has taken to the media to condemn his leaks and insist he is flagrantly violating the law. To prove this, the government has been incessantly leaking information itself. Huffington Post?s Michael Calderone extensively detailed this week's NSA media counteroffensive against Snowden, as officials have tried to explain?anonymously and without real proof?that Snowden's leaks have hurt national security. On Wednesday, intelligence officials described to ABC News, Washington Post, Reuters, and AP about the how terrorists are allegedly ?changing their tactics? now that they've been tipped off the US is monitoring the Internet. Essentially, the government leaked a bunch of classified information in an attempt to prove leaking classified information is dangerous. In addition, unnamed government sources alleged in the New York Times, Washington Post, and CNN that both China and Russia drained Snowden?s computers, without any evidence they had done so. As Calderone noted, ?it's possible that officials may be proven correct, and that the leaked NSA documents did fall into the hands of foreign governments. But?there's no evidence he has willingly or unwillingly provided all the documents obtained to the Chinese and Russians.? But it hasn?t just been the last few days; the government has been consistently leaking information about Snowden since the very start of the investigation into him. Last Friday, the Washington Post reported the paper had obtained the sealed criminal complaint against Edward Snowden, charging him with two counts under the Espionage Act and one count of stealing government property. As the Post reported, it was not until after the complaint was leaked that the Justice Department decided to officially unseal it. On Sunday, the Associated Press reported that the US had revoked Snowden?s passport, which they had learned through unnamed sources in the government. By Monday, as USA Today reported, ?Numerous government officials have said on background that Edward Snowden's passport has been revoked, but no one will confirm it on the record.? Why couldn't they say anything officially? Because it was prohibited by the the Privacy Act. And when it was revealed the contractor which give Snowden a background check, the company told Reuters they could not comment because it ?was a confidential matter under investigation.? But that didn?t stop someone from leaking information anonymously to insinuate Snowden lied on his resume to get his job. The government's own leaks come in the wake of a recent report from McClatchy newspapers detailing the Obama administration?s disturbing ?Insider Threat? program, which supposedly views all leaks akin to aiding the enemy. This program, and its dangerous culture, has bled into agencies that don't even deal with classified information, including the Department of Education, Department of Agriculture and Peace Corp. To paraphrase George Orwell, all leaks are equal, but apparently some leaks are more equal than others. Perhaps in response to the Obama administration policy, new CIA director John Brennan (a notorious leaker himself), wrote a memo calling for a further crackdown on leaks within the CIA. On Wednesday, the memo leaked to the Associated Press. A day later, the CIA leaked details of their response to a critical 6,000 page classified Senate report on CIA torture, before giving any information on their response to the Senate Intelligence Committee, like is required by law. On Thursday night, NBC News reported that retired General James Cartwright is the prime suspect in the leak investigation regarding the New York Times report on the Stuxnet virus. How do we know that? A leak. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 15:47:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 16:47:07 -0400 Subject: [Infowarrior] - Senators accuse government of using 'secret law' to collect Americans' data Message-ID: <738EAAD7-16CF-4855-B8B4-657CAD461279@infowarrior.org> Senators accuse government of using 'secret law' to collect Americans' data Bipartisan group seeks answers from intelligence chief James Clapper over scale of and justification for NSA surveillance ? Read the letter from the 26 US senators here ? Dan Roberts in Washington ? guardian.co.uk, Friday 28 June 2013 12.39 EDT http://www.guardian.co.uk/world/2013/jun/28/senators-james-clapper-nsa-data-collection A bipartisan group of 26 US senators has written to intelligence chiefs to complain that the administration is relying on a "secret body of law" to collect massive amounts of data on US citizens. The senators accuse officials of making misleading statements and demand that the director of national intelligence James Clapper answer a series of specific questions on the scale of domestic surveillance as well as the legal justification for it. In their strongly-worded letter to Clapper, the senators said they believed the government may be misinterpreting existing legislation to justify the sweeping collection of telephone and internet data revealed by the Guardian. "We are concerned that by depending on secret interpretations of the Patriot Act that differed from an intuitive reading of the statute, this program essentially relied for years on a secret body of law," they say. "This and misleading statements by intelligence officials have prevented our constituents from evaluating the decisions that their government was making, and will unfortunately undermine trust in government more broadly." This is the strongest attack yet from Congress since the disclosures began, and comes after Clapper admitted he had given "the least untruthful answer possible" when pushed on these issues by Senators at a hearing before the latest revelations by the Guardian and the Washington Post. In a press statement, the group of senators added: "The recent public disclosures of secret government surveillance programs have exposed how secret interpretations of the USA Patriot Act have allowed for the bulk collection of massive amounts of data on the communications of ordinary Americans with no connection to wrongdoing." "Reliance on secret law to conduct domestic surveillance activities raises serious civil liberty concerns and all but removes the public from an informed national security and civil liberty debate," they added. A spokesman for the office of the director of national intelligence (ODNI) acknowledged the letter. "The ODNI received a letter from 26 senators this morning requesting further engagement on vital intelligence programs recently disclosed in the media, which we are still evaluating. The intelligence and law enforcement communities will continue to work with all members of Congress to ensure the proper balance of privacy and protection for American citizens." The letter was organised by Oregan Democrat Ron Wyden, a member of the intelligence committee, but includes four Republican senators: Mark Kirk, Mike Lee, Lisa Murkowski and Dean Heller. They ask Clapper to publicly provide information about the duration and scope of the program and provide examples of its effectiveness in providing unique intelligence, if such examples exist. The senators also expressed their concern that the program itself has a significant impact on the privacy of law-abiding Americans and that the Patriot Act could be used for the bulk collection of records beyond phone metadata. "The Patriot Act's 'business records' authority can be used to give the government access to private financial, medical, consumer and firearm sales records, among others," said a press statement. In addition to raising concerns about the law's scope, the senators noted that keeping the official interpretation of the law secret and the instances of misleading public statements from executive branch officials prevented the American people from having an informed public debate about national security and domestic surveillance. The senators said they were seeking public answers to the following questions in order to give the American people the information they need to conduct an informed public debate. The specific questions include: ? How long has the NSA used Patriot Act authorities to engage in bulk collection of Americans' records? Was this collection underway when the law was reauthorized in 2006? ? Has the NSA used USA Patriot Act authorities to conduct bulk collection of any other types of records pertaining to Americans, beyond phone records? ? Has the NSA collected or made any plans to collect Americans' cell-site location data in bulk? ? Have there been any violations of the court orders permitting this bulk collection, or of the rules governing access to these records? If so, please describe these violations. The Senators signing the letter are: Ron Wyden (D-Or), Mark Udall (D-Co), Lisa Murkowski (R-Alaska), Patrick Leahy (D-Vt), Mark Kirk (R-Il), Dick Durbin (D-Il), Tom Udall (D-NM), Brian Schatz (D-Hawaii), Jon Tester (D-Mt), Jeanne Shaheen (D-NH), Dean Heller (R- Nev),Mark Begich (D-Alaska), Bernie Sanders (I-Vt), Patty Murray (D-Wash), Jeff Merkley (D-Ore), Mazie Hirono (D-Hawaii), Al Franken (D-Minn), Tom Harkin (D-Iowa), Chris Coons (D-Del), Maria Cantwell (D-Wash), Richard Blumenthal (D-Conn), Max Baucus (D-Mont), Elizabeth Warren (D-Mass), Martin Heinrich (D-NM), Tammy Baldwin (D-Wisc) and Mike Lee (R-Utah). From rforno at infowarrior.org Fri Jun 28 15:47:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 16:47:18 -0400 Subject: [Infowarrior] - Ecuador cools on Snowden asylum as Assange frustration grows Message-ID: Ecuador cools on Edward Snowden asylum as Assange frustration grows President Correa revokes Snowden's temporary travel document amid concerns WikiLeaks founder is 'running the show' ? Rory Carroll in Quito and Amanda Holpuch in New York ? guardian.co.uk, Friday 28 June 2013 13.03 EDT http://www.guardian.co.uk/world/2013/jun/28/edward-snowden-ecuador-julian-assange/print The plan to spirit the surveillance whistleblower Edward Snowden to sanctuary in Latin America appeared to be unravelling on Friday, amid tension between Ecuador's government and Julian Assange, the founder of WikiLeaks. President Rafael Correa halted an effort to help Snowden leave Russia amid concern Assange was usurping the role of the Ecuadoran government, according to leaked diplomatic correspondence published on Friday. Amid signs Quito was cooling with Snowden and irritated with Assange, Correa declared invalid a temporary travel document which could have helped extract Snowden from his reported location in Moscow. Correa declared that the safe conduct pass issued by Ecuador's London consul ? in collaboration with Assange ? was unauthorised, after other Ecuadorean diplomats privately said the WikiLeaks founder could be perceived as "running the show". According to the correspondence, which was obtained by the Spanish-language broadcaster Univision and shared with the Wall Street Journal, divisions over Assange have roiled Ecuador's government. Ecuador's ambassador to the US, Nathalie Cely, told presidential spokesman Fernando Alvarado that Quito's role in the drama was being overshadowed by the WikiLeaks founder, who has sheltered in Ecuador's London embassy for the past year to avoid extradition. "I suggest talking to Assange to better control the communications. From outside, [Assange] appears to be running the show." Earlier this week a senior foreign diplomat in Quito told the Guardian that some ? though not all ? factions in the government were annoyed with what they saw as Assange grandstanding. In a message attributed to Assange sent to Ecuador's foreign minister, Ricardo Pati?o, and other top officials, the WikiLeaks founder apologised "if we have unwittingly [caused] Ecuador discomfort in the Snowden matter." The note continued: "There is a fog of war due to the rapid nature of events. If similar events arise you can be assured that they do not originate in any lack of respect or concern for Ecuador or its government." Assange appears to have had a strong role in obtaining the travel document for Snowden, dated 22 June which bore the printed name, but not signature, of the London consul, Fidel Narvaez, a confidante. By mid-week Narvaez was reportedly in Moscow. The document could have helped Snowden, whose US passport has been revoked, leave the transit lounge of Moscow's Sheremetyevo airport where he has reportedly holed up since fleeing Hong Kong last weekend. On Thursday, Correa, who previously has hailed Snowden for exposing US spying, and has earned kudos for defying Washington pressure over the affair, reduced Snowden's chances of making it to Quito. At a press conference the president declared the travel document invalid and said Ecuador would not consider an asylum request unless Snowden reached Ecuadorean territory, an increasingly remote prospect. "The situation of Mr Snowden is a complex situation and we don't know how he will solve it." Correa did however ramp up defiance of the US by waiving preferential trade rights to thwart what officials called Washington "blackmail". Analysts said Correa, an economist who specialised in game theory, had so far skilfully extracted political capital from the saga without drawing US retaliation. In a TV interview on Friday, Snowden's father said said he was worried about the involvement of WikiLeaks. "I don't want to put him in peril, but I am concerned about those who surround him," Lonnie Snowden told NBC. "I think WikiLeaks, if you've looked at past history ? their focus isn't necessarily the constitution of the United States. It's simply to release as much information as possible." Snowden said he did not believe his son had betrayed his country. "At this point, I don't feel that he's committed treason. He has broken US law, in a sense that he has released classified information. And if folks want to classify him as a traitor, in fact he has betrayed his government. But I don't believe that he's betrayed the people of the United States." Snowden said he had told US attorney general Eric Holder through his lawyer that his son might return home if he would not be detained before trial, could choose the location for his trial and would not be subjected to a gag order. It was not clear that Lonnie Snowden was communicating his son's views, as he also said they had not spoken since April. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 15:47:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 16:47:25 -0400 Subject: [Infowarrior] - Password complexity rules more annoying, less effective than length ones Message-ID: (USG take note! --rick) Password complexity rules more annoying, less effective than length ones Long-length rule results in harder-to-crack passwords than a short/complex one. by Casey Johnston - June 28 2013, 11:25am EDT http://arstechnica.com/security/2013/06/password-complexity-rules-more-annoying-less-effective-than-length-ones/ Few Internet frustrations are so familiar as the password restriction. After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it?s possible that the positive effect of complexity rules on security may not be as great as long length requirements. Let's preface this with a reminder: the conventional wisdom is that complexity trumps length every time, and this notion is overwhelmingly true. Every security expert will tell you that ?Supercalifragilistic? is less secure than ?gj7B!!!bhrdc.? Few password creation schemes will render any password uncrackable, but in general, length does less to guard against crackability than complexity. A password is not immune from cracking simply by virtue of being long?44,991 passwords recovered from a dump of LinkedIn hashes last year were 16 characters or more. The research we describe below refers specifically to the effects of restrictions placed by administrators on password construction on their crackability. By no means does it suggest that a long password is, by default, more secure than a complex one. In April, Ars checked in with a few companies that place a range of restrictions on how passwords must be constructed, from Charles Schwab?s 8-character maximum to Evernote?s ?use any character but spaces.? Reasons ranged from whether customers can stand typing certain characters with a mobile phone to password-cracking being the last of a company?s concerns compared to phishing or malware. A pair of studies done in 2011 and 2012 on password length and construction showed two things: first, customer frustration increases significantly with complexity, but less so with length. Second, a number of password cracking algorithms can be more easily thwarted by a long password that is created without number, symbol, or case requirements than are shorter passwords that are required to be complex, particularly for a large number of guesses. That is, shorter, more complex password restrictions beget passwords that can be more frustrating to everyone except the only entity who shouldn?t have it: the password cracker. The first study in 2011 specifically addressed the problems of usability in password complexity (full disclosure: both studies mentioned in this article were conducted in part by Michelle L. Mazurek, wife of Ars Gaming Editor Kyle Orland). The study authors looked at 12,000 passwords created by participants under a variety of construction methods, including comprehensive8, where passwords must be at least 8 characters and include both an uppercase and lowercase letter, as well as a digit and a symbol, and must not contain dictionary words; basic8, where passwords must be 8 characters with no other restrictions; and basic16, where passwords must be 16 characters with no other restrictions. Study participants experienced the most difficulty with the comprehensive8 requirements from beginning to end. Only 17.7 percent were able to create a password that met all of the requirements in the first try, compared to well over 50 percent for the rest of the conditions. Twenty-five percent of comprehensive8 testers gave up before they could even make a password that satisfied the requirements, compared to 18.3 percent or less for other conditions. Over 50 percent of comprehensive8 participants stored their password either on paper or electronically, compared to 33 percent for those with the 16-character minimum and less for the rest of the conditions. Despite the fact that passwords that impose a lot of requirements on content are harder to make and harder to remember, their use could be justified if they proved to be significantly more secure than, say, basic8 or basic 16. But contrary to password creation advice external to site-based creation rules, that did not seem to be the case. Using 12,000 passwords sourced from Mechanical Turk participants, the researchers applied two cracking algorithms to see which types tended to stand up best to attacks. One was based on a Markov model that makes guesses based on character frequency, and the other was developed by another team of researchers and takes ?training data? from password and dictionary word lists and then applies mangling rules to the text to form guesses. Per the researchers? tests, the basic 16-character passwords were the hardest to crack for a ?powerful attacker.? After 10 billion guesses, only around 12 percent of the 16-character passwords had been cracked, compared to 22 percent of the comprehensive8 passwords and almost 60 percent of the basic8 passwords. It's worth nothing that the cracking algorithms used in this experiment differ from those Ars detailed in its story on real-world password crackers: one algorithm is a modified mask attack, while the other is based on the publicly available Weir algorithm. In either case, the results of using these cracking methods may differ from those used by real-world password crackers. While the study casts doubt on whether complex and short password requirements result in passwords that are more secure than ones that just require length, it did find an interesting effect from the password restrictions. When the researchers compared passwords created under basic8 restrictions that happened to meet comprehensive8 restrictions to passwords actually created under comprehensive8 restrictions, the latter were significantly harder to guess. Mazurek suggests two reasons to Ars for apparent resilience of passwords created under long length restrictions versus short-and-complex ones. One is that there may not be enough good guessing data for long passwords due to the dearth of long-password requirements, which she said is true for both her own team and crackers in the wild. "It won't remain true long-term if people start requiring (and using) long passwords everywhere," Mazurek told Ars in an e-mail. The second reason is that "the space of possible passwords is just bigger... so relatively common long passwords are still less common than relatively common short passwords." Between the two studies, it?s less clear why those in charge of setting password rules should ever lower length restrictions while raising complexity restrictions. If those people are interested both in more security and less frustration for users, the better solution seems to be setting a higher character limit and leaving all of the other restrictions out. But from our brief survey of sites, 16 characters seems to be the maximum more often than the minimum, and complexity rules abound. Ironically, Microsoft, which sponsored both of these studies in part, sets its own maximum at 16 characters. If admins are interested in a more secure restriction, a (long) flat length requirement could go further than one that allows short passwords but requires complications. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 15:52:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 16:52:35 -0400 Subject: [Infowarrior] - Friday fun: Watch video of Boba Fett's first screen test Message-ID: <4B08099E-5917-409C-BC46-A7FDA6394C77@infowarrior.org> An old video showing an incredible moment in "Star Wars" production history appears on YouTube, courtesy of Lucasfilm/Disney. Watch video of Boba Fett's first screen test http://news.cnet.com/8301-17938_105-57591574-1/watch-video-of-boba-fetts-first-screen-test/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 15:54:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 16:54:32 -0400 Subject: [Infowarrior] - Encryption Has Foiled Wiretaps for First Time Ever, Feds Say Message-ID: Encryption Has Foiled Wiretaps for First Time Ever, Feds Say ? By David Kravets ? 06.28.13 ? 3:14 PM http://www.wired.com/threatlevel/2013/06/encryption-foiled-wiretaps/ For the first time, encryption is thwarting government surveillance efforts through court-approved wiretaps, U.S. officials said today. The disclosure, buried in a report by the U.S. agency that oversees federal courts, also showed that authorities armed with wiretap orders are encountering more encryption than before. The revelation comes as encryption has come front and center in the wake of the NSA Spygate scandal, and as Americans consider looking for effective ways to scramble their communications from the government?s prying eyes. According to today?s report from the U.S. Administrative Office of the Courts: Encryption was reported for 15 wiretaps in 2012 and for 7 wiretaps conducted during previous years. In four of these wiretaps, officials were unable to decipher the plain text of the messages. This is the first time that jurisdictions have reported that encryption prevented officials from obtaining the plain text of the communications since the AO began collecting encryption data in 2001. Those figures are just a blip on the screen in the office?s 2012 Wiretap Report, which said there were 3,395 authorized wiretaps from federal or state judges. (The figures, a significant increase from 2011?s reported 2,732, do not account for those secretly authorized by the Foreign Intelligence Surveillance Court, which is at the center of the Spygage firestorm.) To be sure, the encryption numbers begin to highlight the government?s stated fear, and its propaganda railing against encryption ? which is a standard feature on today?s Apple computers. Consider that, when federal law enforcement officials were clamoring for legislation authorizing a backdoor into most all electronic communication methods during the President Bill Clinton administration, FBI Director Louis Freeh told Congress in 1997, ?all of law enforcement is also in total agreement on one aspect of encryption. The widespread use of uncrackable encryption will devastate our ability to fight crime and prevent terrorism.? Sixteen years later, and judging by the government?s own accounting, we?re not even close to Freeh?s fears becoming reality, despite the government?s continued push for a backdoor into virtually everything. The report, meanwhile, said that 97 percent of the wiretaps issued last year were for ?portable devices? such as mobile phones and pagers. About 87 percent of the wiretaps were issued in drug-related cases, the report said. Other equipment tapped included computers, phone land lines, fax machines and, among other things, microphones. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jun 28 17:36:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jun 2013 18:36:34 -0400 Subject: [Infowarrior] - 'Carberp' source/toolkit leaked Message-ID: Leak of powerful malware tool like ?handing a bazooka to a child? Freely available source code for "Carberp" could spawn surge in malware attacks. http://arstechnica.com/security/2013/06/leak-of-powerful-malware-tool-like-handing-a-bazooka-to-a-child/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 30 10:24:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jun 2013 11:24:00 -0400 Subject: [Infowarrior] - Anti-Hacking Bill Aiding Verizon Delayed by Snowden Leaks Message-ID: <51D04D90.9060506@infowarrior.org> http://www.bloomberg.com/news/print/2013-06-28/anti-hacking-bill-aiding-verizon-delayed-by-snowden-leaks.html Anti-Hacking Bill Aiding Verizon Delayed by Snowden Leaks By Chris Strohm - Jun 28, 2013 Legislation to give Verizon Communications Inc. (VZ) and Google Inc. (GOOG) legal protection for sharing cyber-attack information with the U.S. government has stalled after leaks about spy programs showed the companies are already turning over data. Lawmakers have stopped advancing cybersecurity legislation until at least September as they gather more information about the National Security Agency surveillance programs and hear from constituents to assess the political fallout, Senate and House members from both parties said in interviews. Disclosure of the NSA programs ?probably couldn?t have come at a worse time? for advancing a cybersecurity bill, said Representative Michael McCaul, chairman of the House Homeland Security Committee. The Texas Republican said he?s postponed introducing his legislation at least until September. ?There?s very little faith in the institutions of government right now,? said Representative Tom Cole of Oklahoma, a Republican party leader. ?If you look like you?re not sufficiently critical and sufficiently vigilant in defending people?s liberties I think they?ll express that at the polls.? Former NSA contract worker Edward Snowden this month exposed classified programs, authorized by a secret surveillance court, that collect phone-call records of millions of U.S. citizens from New York-based Verizon and monitor Internet communications of suspected foreign terrorists. ?Fallout Zone? Corporate officials have testified before Congress about the need for legislation, while Verizon, Comcast Corp. (CMCSA) and McAfee Inc., now part of Intel Corp. (INTC), as well as Google Chief Executive Officer Eric Schmidt, have written letters in support of legislation. Those companies have now become silent in the wake of the leaks on whether they still support it. Delaying action leaves the rules unclear about what data can be shared and whether the companies can be sued by customers for providing data to the government. Google, based in Mountain View, California, was among the Internet companies said to be providing data for the Internet communications monitoring effort, known as Prism. The company has asked the surveillance court for permission to disclose intelligence agencies? requests for user data. Prior to Snowden?s leaks, lawmakers and officials from President Barack Obama?s administration were calling with increasing urgency for legislation to defend banks, utilities and telecommunication networks from potentially devastating computer attacks. ?This has become a radioactive fallout zone for a while in terms of new legislation,? said Stewart Baker, former general counsel for the NSA, in an interview. House Measure The House in April passed a bill, H.R. 624, that would shield companies from lawsuits for sharing information about hackers with each other and the government, and authorize corporations to receive classified data from U.S. intelligence agencies about threats. Companies had been asking the Senate, which hasn?t introduced a bill this year, to follow the House. Sena Fitzmaurice, spokeswoman for Philadelphia-based Comcast, declined to comment about whether the company still supports the House bill. Verizon spokesman Edward McFadden didn?t respond to phone calls and e-mails for comment. Michigan Democrat Carl Levin, chairman of the Senate Armed Services Committee, said passing a cybersecurity measure has become more difficult in the Senate. ?People?s demand for transparency has definitely increased,? said Jan Schakowsky, of Illinois, the top Democrat on the House Intelligence Oversight and Investigations subcommittee. NSA Role Senator Dianne Feinstein, a California Democrat and chairwoman of the Senate Intelligence Committee, said she plans to introduce similar legislation to the House bill, though wouldn?t say when. Feinstein is reviewing whether companies should be allowed to directly share information about online attacks with the NSA or be required to interact with a civilian agency, like the Homeland Security Department. Legislation is needed ?to ensure that voluntary information sharing is lawful,? Feinstein said an e-mailed statement. She said it should include liability for companies and privacy protections for citizens. McCaul said his bill will require companies to share data with Homeland Security. Last year, Senate Republicans blocked cybersecurity legislation in part because of objections that the department would be the contact point for data sharing and setting the rules. ?People get spooked by the fact that the NSA has housed everybody?s phone records,? he said. Information Sharing The scope of information companies are sharing with the government under the spy programs isn?t clear, said Michelle Richardson, legislative counsel for the American Civil Liberties Union in Washington. The ACLU has opposed cybersecurity legislation on grounds that citizens? personal information might not be protected if turned over to the government as part of sharing data on cyber threats. Richardson questioned whether a new law is needed given the amount of data already being exchanged. The government can order telecommunications and Internet companies to provide data related to national security investigations under sections of the Patriot Act and Foreign Intelligence Surveillance Act. The companies are given legal protections for doing so. In some cases, data is used to defend computer networks from hacking attacks, according to the Office of the Director of National Intelligence. These communications have ?provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks,? the office said June 8. Lumped Together Frank Shaw, a spokesman for Redmond, Washington-based Microsoft Corp. (MSFT), and Michael Fey, McAfee?s worldwide chief technology officer, said their companies also voluntarily provide intelligence agencies additional data on threats to computer networks. It?s wrong to lump together the type of information being shared under the spy programs with what would fall under a cybersecurity bill, said Michael Chertoff, Homeland Security secretary under President George W. Bush. ?They?re completely different things and they shouldn?t be confused, although inevitably they will be,? Chertoff said in an interview. ?What you?re looking for in cyber is information about what?s in the packets moving across the Internet and the malicious code,? said Chertoff, who founded a security consulting company in Washington. ?The collection of phone data doesn?t help you with cyber. The other stuff only looks at foreign communications.? Legislation to defend computer networks would enable automated sharing about new hacking attacks and involve more companies than are covered under the spy programs, such as utilities, Chertoff said. To contact the reporter on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net From rforno at infowarrior.org Sun Jun 30 10:28:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jun 2013 11:28:46 -0400 Subject: [Infowarrior] - Key US-EU trade pact under threat after more NSA spying allegations Message-ID: <51D04EAE.2070603@infowarrior.org> Key US-EU trade pact under threat after more NSA spying allegations Ian Traynor in Brussels, Louise Osborne in Berlin and Jamie Doward guardian.co.uk, Sunday 30 June 2013 08.39 EDT http://www.guardian.co.uk/world/2013/jun/30/nsa-spying-europe-claims-us-eu-trade The prospects for a new trade pact between the US and the European Union worth hundreds of billions have suffered a severe setback following allegations that Washington bugged key EU offices and intercepted phonecalls and emails from top officials. The latest reports of NSA snooping on Europe ? and on Germany in particular ? went well beyond previous revelations of electronic spying said to be focused on identifying suspected terrorists, extremists and organised criminals. The German publication Der Spiegel reported that it had seen documents and slides from the NSA whistleblower Edward Snowden indicating that US agencies bugged the offices of the EU in Washington and at the United Nations in New York. They are also accused of directing an operation from Nato headquarters in Brussels to infiltrate the telephone and email networks at the EU's Justus Lipsius building in the Belgian capital, the venue for EU summits and home of the European council. Without citing sources, the magazine reported that more than five years ago security officers at the EU had noticed several missed calls apparently targeting the remote maintenance system in the building that were traced to NSA offices within the Nato compound in Brussels. The impact of the Der Spiegel allegations may be felt more keenly in Germany than in Brussels. The magazine said Germany was the foremost target for the US surveillance programmes, categorising Washington's key European ally alongside China, Iraq or Saudi Arabia in the intensity of the electronic snooping. Germany's justice minister, Sabine Leutheusser-Schnarrenberger, called for an explanation from the US authorities. "If the media reports are true, it is reminiscent of the actions of enemies during the cold war," she was quoted as saying in the German newspaper Bild. "It is beyond imagination that our friends in the US view Europeans as the enemy." France later also asked the US authorities for an explanation. France's foreign minister, Laurent Fabius, said: "These acts, if confirmed, would be completely unacceptable. "We expect the American authorities to answer the legitimate concerns raised by these press revelations as quickly as possible.". Washington and Brussels are scheduled to open ambitious free trade talks next week following years of arduous preparation. Senior officials in Brussels are worried that the talks would be overshadowed by the latest disclosures of US spying on its closest allies. "Obviously we will need to see what is the impact on the trade talks," said a senior official in Brussels. A second senior official said the allegations would cause a furore in the European parliament and could then hamper relations with the US. Robert Madelin, one of Britain's most senior officials in the European commission, tweeted that EU trade negotiators always operated on the assumption that their communications were listened to. A spokesman for the European commission said: "We have immediately been in contact with the US authorities in Washington and in Brussels and have confronted them with the press reports. They have told us they are checking on the accuracy of the information released yesterday and will come back to us." There were calls from MEPs for Herman Van Rompuy, the president of the European council ? who has his office in the building allegedly targeted by the US ? and Jos? Manuel Barroso, the president of the European commission, to urgently appear before the chamber to explain what steps they were taking in response to the growing body of evidence of US and British electronic surveillance of Europe through the Prism and Tempora operations. Guy Verhofstadt, the former Belgian prime minister and leader of the liberals in the European parliament, said: "This is absolutely unacceptable and must be stopped immediately. The American data collection mania has achieved another quality by spying on EU officials and their meetings. Our trust is at stake." Luxembourg's foreign minister, Jean Asselborn, told Der Spiegel: "If these reports are true, it's disgusting." Asselborn called for guarantees from the very highest level of the US government that the snooping and spying is immediately halted. Martin Schulz, the head of the European parliament, said: "I am deeply worried and shocked about the allegations of US authorities spying on EU offices. If the allegations prove to be true, it would be an extremely serious matter which will have a severe impact on EU-US relations. "On behalf of the European parliament, I demand full clarification and require further information speedily from the US authorities with regard to these allegations." There were also calls for John Kerry, the US secretary of state, to make a detour to Brussels on his way from his current trip to the Middle East, to explain US activities. "We need to get clarifications and transparency at the highest level," said Marietje Schaake, a Dutch liberal MEP. "Kerry should come to Brussels on his way back from the Middle East. This is essential for the transatlantic alliance. The US can only lead by example, and should uphold the freedoms it claims to protect against attacks from the outside. Instead we see erosion of freedoms, checks and balances, from within." Within senior circles in Brussels, however, it has long been assumed that the Americans were listening to or seeking to monitor EU electronic traffic. "There's a certain schadenfreude here that we're important enough to be spied on," said one of the officials. "This was bound to come out one day. And I wouldn't be surprised if some of our member states were not doing the same to the Americans." The documents suggesting the clandestine bugging operations were from September 2010, Der Spiegel said. A former senior official in Brussels maintained that EU phone and computer systems were almost totally secure but that no system could be immune to persistent high-quality penetration operations. "I have always assumed that anyone with a decent agency was listening, hacking if they could be bothered," he said. "It doesn't bother me much. Sometimes it's a form of communication." Der Spiegel quoted the Snowden documents as revealing that the US taps half a billion phone calls, emails and text messages in Germany a month. "We can attack the signals of most foreign third-class partners, and we do it too," Der Spiegel quoted a passage in the NSA document as saying. On an average day, the NSA monitored about 20m German phone connections and 10m internet datasets, rising to 60m phone connections on busy days, the report said. Officials in Brussels said this reflected Germany's weight in the EU and probably also entailed elements of industrial and trade espionage. "The Americans are more interested in what governments think than the European commission. And they make take the view that Germany determines European policy," said one of the senior officials. Jan Philipp Albrecht, a German Green party MEP and a specialist in data protection, told the Guardian the revelations were outrageous. "It's not about political answers now, but rule of law, fundamental constitutional principles and rights of European citizens," he said. "We now need a debate on surveillance measures as a whole looking at underlying technical agreements. I think what we can do as European politicians now is to protect the rights of citizens and their rights to control their own personal data." Talking about the NSA's classification of Germany as a "third-class" partner, Albrecht said it was not helping to build the trust of Germans or other Europeans. "It is destroying trust and to rebuild that, [the US] will need to take real action on legislation," he said. Meanwhile, it has emerged that at least six European member states have shared personal communications data with the NSA, according to declassified US intelligence reports and EU parliamentary documents. The documents, seen by the Observer, show that ? in addition to the UK ? Denmark, the Netherlands, France, Germany, Spain, and Italy have all had formal agreements to provide communications data to the US. They state that the EU countries have had "second and third party status" under decades-old signal intelligence (Sigint) agreements that compel them to hand over data which, in later years, experts believe, has come to include mobile phone and internet data. Under the international intelligence agreements, nations are categorised by the US according to their trust level. The US is defined as 'first party' while the UK, Canada, Australia and New Zealand enjoy 'second party' trusted relationships. Countries such as Germany and France have 'third party', or less trusted, relationships. The data-sharing was set out under a 1955 UK-USA agreement that provided a legal framework for intelligence-sharing that has continued. It stipulates: "In accordance with these arrangements, each party will continue to make available to the other, continuously, and without request, all raw traffic, COMINT (communications intelligence) end-product and technical material acquired or produced, and all pertinent information concerning its activities, priorities and facilities." The agreement goes on to explain how it can be extended to incorporate similar agreements with third party countries, providing both the UK and the US agree. Under the third party data-sharing agreements each country was given a code name. For example, Denmark was known as Dynamo while Germany was referred to as Richter. The agreements were of strategic importance to the NSA during the cold war. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 30 19:05:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jun 2013 20:05:03 -0400 Subject: [Infowarrior] - =?windows-1252?q?FBI=92s_Data_Mining_Needs_Scruti?= =?windows-1252?q?ny=2C_Too?= Message-ID: FBI?s Data Mining Needs Scrutiny, Too By Rachel Levinson-Waldman Jun 30, 2013 6:00 PM ET http://www.bloomberg.com/news/2013-06-30/fbi-s-data-mining-needs-scrutiny-too.html We recently learned that the National Security Agency has a database with the records of almost every phone call made in the U.S. To address public concerns over its surveillance activities, the agency has begun to explain how it uses the metadata -- information including when calls are made, how long they last and to whom they are placed -- it has accumulated over the last seven years. Although Americans deserve this explanation, they shouldn?t delude themselves. Even if the NSA?s controversial program were shut down tomorrow, another government agency that is busy collecting and retaining personal data would keep humming along. True accountability for the government?s surveillance activities should also include an airing of -- and tighter restrictions on -- the Federal Bureau of Investigation?s power to collect and store substantial amounts of innocuous information about Americans. Since 2008, for instance, the FBI has had the authority to conduct ?assessments? -- investigations that require no suspicion of criminal activity. In service of these low-level investigations, an FBI agent may use various invasive methods, including infiltrating public meetings of groups as diverse as the American Civil Liberties Union or Alcoholics Anonymous, using informants, and even putting the target of the investigation under full-time physical surveillance. In light of this power to intrude on people?s lives, one would hope that these assessments pay off most of the time and that the FBI discards any superfluous information quickly when they don?t. The numbers, however, tell a different story. Dead Ends From 2009 through 2011, according to data provided by the FBI, the bureau spent a significant amount of its limited time and resources conducting almost 43,000 assessments related to either counterterrorism or counterintelligence. Fewer than 5 percent of them turned up any suspicion of criminal wrongdoing. And what does the FBI do with all of the information it has gathered on innocent Americans? The bureau maintains it for decades, just in case it may be useful in the future. The official guidelines governing the agency?s activities are explicit: All information it collects is kept and sometimes shared, ?regardless of whether it furthers investigative objectives,? because it may ?eventually serve a variety of valid analytic purposes? -- even if that means keeping the information in an FBI database for as long as 30 years. The policy is similar for information gathered through ?national security letters?: the secretive legal procedure that allows the FBI to collect specific information on Americans if the bureau completes paperwork saying the information may be ?relevant? to a terrorism investigation. That data -- which include many of the same kind of telephone records the NSA is acquiring -- can also be stored for up to 30 years if it has even potential investigative value. The federal government?s use of ?suspicious activity reports? tells a similar story. Local, state and federal law-enforcement officials use them to file alerts about a wide range of ?suspicious activity.? The activity reports that are deemed to have some connection to terrorism are widely shared throughout the government. Yet there doesn?t even need to be ?reasonable suspicion? of a terrorist connection for a report to be filed. As the Department of Homeland Security has acknowledged, this practically ensures that these alerts will sweep up information about innocent Americans. Again, one would think a suspicious-activity report that provided no evidence of possible terrorist threats would be discarded immediately. To the contrary, even a report without any link to terrorism is kept in a widely available FBI database for six months, in a separate classified database for five years, and in yet another FBI database for at least 25 more years. Mass Storage Many Americans were rightly surprised and angry to learn that the NSA was sweeping up vast amounts of information on the off chance it might be useful in the future. But the FBI is collecting far more than just telephone metadata and keeping it for far longer than the five-year limit the NSA has evidently imposed on itself. Calls for reform of the NSA should be coupled with demands for restraints on the FBI?s power. The confirmation hearing for James Comey, President Barack Obama?s nominee to lead the bureau, would be a good place to start. (Rachel Levinson-Waldman is counsel with the Liberty and National Security program at the Brennan Center for Justice at New York University Law School.) To contact the writer of this article: Rachel Levinson-Waldman at rachel.levinson.waldman at nyu.edu. To contact the editor responsible for this article: Alex Bruns at abruns at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jun 30 20:19:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jun 2013 21:19:12 -0400 Subject: [Infowarrior] - =?windows-1252?q?On_Privacy=2C_Germans_Loved_Obam?= =?windows-1252?q?a=2E_Now_We_Don=92t_Trust_Him=2E?= Message-ID: <824525E3-1F0C-4AC8-8484-98E2C17DB610@infowarrior.org> Germans Loved Obama. Now We Don?t Trust Him. By MALTE SPITZ Malte Spitz is a member of the German Green Party?s executive committee and a candidate for the Bundestag in the September national election. Published: June 29, 2013 http://www.nytimes.com/2013/06/30/opinion/sunday/germans-loved-obama-now-we-dont-trust-him.html?pagewanted=1 May 2010, I received a brown envelope. In it was a CD with an encrypted file containing six months of my life. Six months of metadata, stored by my cellphone provider, T-Mobile. This list of metadata contained 35,830 records. That?s 35,830 times my phone company knew if, where and when I was surfing the Web, calling or texting. The truth is that phone companies have this data on every customer. I got mine because, in 2009, I filed a suit against T-Mobile for the release of all the data on me that had been gathered and stored. The reason this information had been preserved for six months was because of Germany?s implementation of a 2006 European Union directive. All of this data had to be kept so that law enforcement agencies could gain access to it. That meant that the metadata of 80 million Germans was being stored, without any concrete suspicions and without cause. This ?preventive measure? was met with huge opposition in Germany. Lawyers, journalists, doctors, unions and civil liberties activists started to protest. In 2008, almost 35,000 people signed on to a constitutional challenge to the law. In Berlin, tens of thousands of people took to the streets to protest data retention. In the end, the Constitutional Court ruled that the implementation of the European Union directive was, in fact, unconstitutional. In Germany, whenever the government begins to infringe on individual freedom, society stands up. Given our history, we Germans are not willing to trade in our liberty for potentially better security. Germans have experienced firsthand what happens when the government knows too much about someone. In the past 80 years, Germans have felt the betrayal of neighbors who informed for the Gestapo and the fear that best friends might be potential informants for the Stasi. Homes were tapped. Millions were monitored. Although these two dictatorships, Nazi and Communist, are gone and we now live in a unified and stable democracy, we have not forgotten what happens when secret police or intelligence agencies disregard privacy. It is an integral part of our history and gives young and old alike a critical perspective on state surveillance systems. When Wolfgang Sch?uble, the interior minister from 2005 to 2009, pushed for the implementation of the data-retention law, Germans remembered the Stasi?s blatant disregard for privacy, as portrayed in the 2006 film ?The Lives of Others.? They recalled their visits to the Hohensch?nhausen district of Berlin, the site of the former Stasi detention center. They were reminded of the stories of their grandparents, about the fear-mongering agents in the Gestapo. This is why Mr. Sch?uble?s portrait was often tagged provocatively with the phrase ?Stasi 2.0.? Lots of young Germans have a commitment not only to fight against fascism but also to stand up for their own individual freedom. Germans of all ages want to live freely without having to worry about being monitored by private companies or the government, especially in the digital sphere. That was my motivation for publishing the metadata I received from T-Mobile. Together with Zeit Online, the online edition of the weekly German newspaper Die Zeit, I published an infographic of six months of my life for all to see. With these 35,830 pieces of data, you can follow my travels across Germany, you can see when I went to sleep and woke up, a trail further enriched with public information from my social networking sites: six months of my life viewable for everybody to see what exactly is possible with ?just metadata.? Three weeks ago, when the news broke about the National Security Agency?s collection of metadata in the United States, I knew exactly what it meant. My records revealed the movements of a single individual; now imagine if you had access to millions of similar data sets. You could easily draw maps, tracing communication and movement. You could see which individuals, families or groups were communicating with one another. You could identify any social group and determine its major actors. All of this is possible without knowing the specific content of a conversation, just technical information ? the sender and recipient, the time and duration of the call and the geolocation data. With Edward J. Snowden?s important revelations fresh in our minds, Germans were eager to hear President Obama?s recent speech in Berlin. But the Barack Obama who spoke in front of the Brandenburg Gate to a few thousand people on June 19 looked a lot different from the one who spoke in front of the Siegess?ule in July 2008 in front of more than 200,000 people, who had gathered in the heart of Berlin to listen to Mr. Obama, then running for president. His political agenda as a candidate was a breath of fresh air compared with that of George W. Bush. Mr. Obama aimed to close the Guant?namo Bay detention camp, end mass surveillance in the so-called war on terror and defend individual freedom. But the senator who promised to shut Guant?namo is now a second-term president who is still fighting for its closure. And the events of the past few weeks concerning the collection of metadata and private e-mail and social-media content have made many Germans further question Mr. Obama?s proclaimed commitment to the individual freedoms we hold dear. DURING Mr. Obama?s presidency, no American political debate has received as much attention in Germany as the N.S.A. Prism program. People are beginning to second-guess the belief that digital communication stays private. It changes both our perception of communication and our trust in Mr. Obama. Even as a Green Party politician, I wasn?t impressed with Mr. Obama?s focus on fighting global warming. While his renewed enthusiasm is appreciated, it served as a distraction from the criticism he is currently facing for allowing invasive state surveillance. He cannot simply change the subject. His speech caused many Germans to question whether Americans actually share our understanding of the right balance between liberty and security. In the past, we celebrated the fact that both countries valued this balance, and there was huge solidarity with America after 9/11. But the policy decisions of the Bush administration after the attacks ? from waterboarding to Guant?namo ? appalled Germans. We were shocked to see this mutual understanding disappear. Now we are not sure where Mr. Obama stands. When courts and judges negotiate secretly, when direct data transfers occur without limits, when huge data storage rather than targeted pursuit of individuals becomes the norm, all sense of proportionality and accountability is lost. While our respective security services still need to collaborate on both sides of the Atlantic to pursue and prevent organized crime and terrorism, it must be done in a way that strengthens civil liberties and does not reduce them. Although we would like to believe in the Mr. Obama we once knew, the trust and credibility he enjoyed in Germany have been undermined. The challenge we face is to once again find shared values, so that trust between our countries is restored. Perhaps instead of including a quote from James Madison in his speech, arguing that ?No nation could preserve its freedom in the midst of continual warfare,? Mr. Obama should have been reminded of the quote from another founding father, Benjamin Franklin, when he said, ?They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.