From rforno at infowarrior.org Fri Mar 1 06:49:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Mar 2013 07:49:01 -0500 Subject: [Infowarrior] - The Google Glass feature no one is talking about Message-ID: <7A7412A5-40CE-47B4-B0EF-346DE9E649E6@infowarrior.org> One could make the same argument over modern mobile phones, but I think Glass is a bit more intrusive in this context. (c/o AJR) The Google Glass feature no one is talking about http://creativegood.com/blog/the-google-glass-feature-no-one-is-talking-about/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 1 09:38:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Mar 2013 10:38:02 -0500 Subject: [Infowarrior] - Debate: What Is an Act of Cyberwar? Message-ID: <8BFED456-A23C-4A3D-AC5A-46370F2EB90A@infowarrior.org> What Is an Act of Cyberwar? http://www.nytimes.com/roomfordebate/2013/02/28/what-is-an-act-of-cyberwar/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 1 09:47:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Mar 2013 10:47:17 -0500 Subject: [Infowarrior] - U.S. wins appeal in battle to extradite Kim Dotcom Message-ID: <0A995864-7164-412C-B77C-B47EB6814AEE@infowarrior.org> U.S. wins appeal in battle to extradite Kim Dotcom 7:53a.m. EST March 1, 2013 http://www.usatoday.com/story/tech/2013/02/28/kim-dotcom/1955589/ WELLINGTON, New Zealand (AP) ? U.S. prosecutors won a New Zealand court victory Friday in their battle to extradite Megaupload founder Kim Dotcom and three colleagues accused of facilitating massive copyright fraud through the now-defunct online file-sharing site. The appeals court overturned an earlier ruling that would have allowed Dotcom and the others broad access to evidence in the case against them at the time of their extradition hearing, which is scheduled for August. The appeals court ruled that extensive disclosure would bog down the process and that a summary of the U.S. case would suffice. Dotcom says he's innocent and can't be held responsible for those who chose to use the site to illegally download songs or movies. U.S. prosecutors are also seeking the extraditions of Finn Batato, Mathias Ortmann and Bram van der Kolk, each of whom held senior positions at Megaupload before the U.S. shuttered it last year. Paul Davison, one of Dotcom's lawyers, said he planned on appealing the case to New Zealand's Supreme Court. Dotcom's legal team must first submit an application to the court which will then decide whether an appeal has enough merit to proceed. In its ruling, the appeals court found that full disclosure of evidence was not necessary at the extradition hearing because the hearing is not the venue to determine guilt or innocence. The court pointed out that the legal obligation on the U.S. is simply to prove it has a valid case to answer. The court also found that extradition treaties are essentially agreements between governments: "even though courts play a vital part in the process, extradition is very much a government to government process," the court ruled. Davison said he's "disappointed" in the ruling. He said it's vital that Dotcom get access to a wide range of documents including those which could be detrimental to the U.S. case. He said that would help prove there is no merit to the case. The extradition hearing for the four colleagues has already been postponed from March to August due to the legal wrangling. It could be postponed further should the Supreme Court decide to hear the next planned appeal. Dotcom remains free on bail pending the hearing. In January, on the anniversary of his arrest, he launched a new file-sharing site called Mega. Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 1 09:58:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Mar 2013 10:58:35 -0500 Subject: [Infowarrior] - OT: MASH ended 30 years ago Message-ID: <33E3FF1F-B84C-4BDC-9B0B-3083DFC4195F@infowarrior.org> After 30 years, M*A*S*H finale is cultural touchstone Thursday - 2/28/2013, 6:59pm ET Neal Augenstein, wtop.com http://www.wtop.com/541/3236546/Farewell-and-Amen WASHINGTON -- The passage of three decades has solidified the cultural significance of the final episode of the M*A*S*H television series, which aired Feb. 28, 1983. "Anybody who was alive at that time, and old enough to remember, is probably going to think "Oh, I remember what I was doing back when the final episode of M*A*S*H played or what I was doing," says Robert Thompson, professor of television and popular culture at Syracuse University. The 251st episode of M*A*S*H, entitled "Goodbye, Farewell, and Amen," chronicles the final days of the Korean War at the 4077th Mobile Army Surgical Hospital. From 1983 until 2010, the finale was the most-watched TV broadcast in American history. It was surpassed in total viewership by the Super Bowl in 2010. "M*A*S*H had become a really beloved series, and when people heard these people were going to go home, and the war was going to be over, they really wanted to see that," says Thompson. Thompson says in 1983, television had only recently started providing closure at the end of popular series, citing The Mary Tyler Moore show, which in 1977 was one of the first shows to tie-up the stories of its characters. "M*A*S*H had this really schmaltzy ending where they put the word "Goodbye" written in rock to be seen from a helicopter that really seemed to resonate with audiences," says Thompson. Foregoing the show's usual 30 minute format, the finale episode ran 2 1/2 hours, turning it into what Thompson called "this big lifestyle event." Thompson says few details of the episode were revealed prior to its airing. The finale didn't contain any surprise turns, such as the episode in which Col. Henry Blake left the 4077th. "He gets to go home, and of course we learned at the end of the episode that en route his (plane) crashes and he dies, it was a very, very moving episode," says Thompson. The finale was not without drama -- Capt. Hawkeye Pierce, played by Alan Alda, had been sent to a mental hospital for treatment after a nervous breakdown. "Even though it's set in Korea, it really was about the Vietnam War, which we were getting to the end of," recalls Thompson, of the show's beginnings in 1972 M*A*S*H's run stretched from during war "into a very, very different age," says Thompson. "It's durability and adaptability of that program over that period of seasons was really kind of extraordinary, and it kept getting better." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 1 12:54:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Mar 2013 13:54:27 -0500 Subject: [Infowarrior] - The Dangerous Logic of the Bradley Manning Case Message-ID: <356FB727-7180-4957-B199-10FFCB163379@infowarrior.org> The Dangerous Logic of the Bradley Manning Case YOCHAI BENKLER http://www.newrepublic.com/article/112554# --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 2 09:11:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Mar 2013 10:11:59 -0500 Subject: [Infowarrior] - Sequestration Positions Cyber Command For A Fall Message-ID: NextGov.com March 1, 2013 Sequestration Positions Cyber Command For A Fall By Aliya Sternstein http://www.nextgov.com/cybersecurity/2013/03/sequestration-positions-cyber-command-fall/61607/ By the end of April, the Pentagon will be devoting less attention and fewer staff to network security under spending cuts set for Friday, according to budget analysts. Mandatory, across-the-board decreases in funding will spare the salaries of uniformed Cyber Command members, but many of those personnel will be focused on sequester planning rather than operations. Meanwhile, their civilian peers face furloughs. Defense Department officials must reduce every program?s budget by about 8 percent. "That workload is going to detract from the actual mission work because you know jobs are at stake. Incomes are at stake," said Todd Harrison, senior fellow for defense budget studies at the Center for Strategic and Budgetary Assessments. Certain contractors will be let go and civilians will be furloughed for one day a week starting mid-April through the end of September, under the 2011 Budget Control Act that resolved a debt-ceiling crisis. The skeletal programming could continue through 2014 because the $10 billion slashing each year won?t sunset without new legislation. Harrison said he would not rule out the possibility of long-term axe wielding. "I would call it a worst case scenario," he said. The sequester starting on Friday "was put in place as an unthinkable," but it is now likely, he said. "Now, this 2014 unthinkable [scenario] -- we have to start thinking about it." Adversaries looking for weaknesses in U.S. networks are taking note of the sky-is-falling discourse as Pentagon leaders prepare for the worst, some defense experts say. Jim Lewis, a researcher with the Center for Strategic and International Studies, who advises Congress and the Obama administration, said in the fall the notion officials are projecting that the military's guard is down could be a greater threat to national security than the reality of the military?s strength. The bigger risk is "to the foreign perception of U.S. capabilities," he said. "They would decide we are more vulnerable and less competent." Harrison said, ?The rhetoric that is being used, our allies and adversaries are listening to that and we may be sending the wrong message.? Lawmakers could quickly change the course of events -- without sacrificing the fiscal constraints they voted for -- by passing a measure to grant officials a degree of flexibility when making cuts, according to research. "The big question is whether the agencies can make tradeoffs among programs within each of the thousands of accounts that would be cut," said Ray Bjorklund, chief knowledge officer at market research firm Deltek. President Obama might have created a loophole to permit tradeoffs by ignoring legislation related to the deficit deal, he said. "The Sequestration Transparency Act of 2012 required the White House to illustrate the effects of a sequester down to program, project and activity level. The White House did not answer that data requirement under the act," Bjorklund noted. "I think the White House also resisted reporting at [that] level to ensure they will have enough flexibility to do what makes sense for national security." He estimates that Defense cyber activities will be scaled back by about $600 million to $800 million total. The types of programs targeted, given some flexibility, might include departmentwide training to heighten awareness of the types of cyber assaults deserving of a U.S. military response. Cyberwar rehearsals or security tests that employ simulations also could be hampered. "Comprehensive fit-out of new CYBERCOM mission facilities," as well as academic research into novel cyber defense and information operations could be dented, Bjorklund said. Other analysts are optimistic that Congress can cooperate on legislative fixes to tighten America?s national and economic security, especially in cyberspace. Within the past two months, The New York Times, Apple, Microsoft and security contractor Bit9 have admitted falling victim to breaches that security researchers term "sophisticated" attacks -- a euphemism for nation state-sponsored intrusions. The White House issued an executive order requiring that agencies exchange with industry sensitive information about threats, and asking that industry do the same. The administration also released a strategy to counter cyber espionage, after computer forensic firm Mandiant tied the Chinese military to more than 140 spying operations in mostly English-speaking countries. And the Pentagon announced a planned five-fold uptick in cyber forces at home and abroad. "I don't expect the across-the-board approach will last very long if at all," said Shawn P. McCarthy, an IDC Government Insights research director. "Given the current state of events, cybersecurity would be the least logical area to cut.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 3 15:22:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Mar 2013 16:22:11 -0500 Subject: [Infowarrior] - Amanda Palmer On The True Nature Of Connecting With Fans: It's About Trust Message-ID: Amanda Palmer On The True Nature Of Connecting With Fans: It's About Trust http://www.techdirt.com/blog/casestudies/articles/20130301/11211222172/amanda-palmer-true-nature-connecting-with-fans-its-about-trust.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 3 15:22:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Mar 2013 16:22:15 -0500 Subject: [Infowarrior] - The Copyright Propaganda Machine Gets a New Agent: Your ISP Message-ID: <57BD0030-8D35-4AEA-9C2C-C4EC713DAE49@infowarrior.org> The Copyright Propaganda Machine Gets a New Agent: Your ISP https://www.eff.org/deeplinks/2013/02/copyright-propaganda-machine-gets-new-agent-your-isp --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 3 15:22:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Mar 2013 16:22:20 -0500 Subject: [Infowarrior] - The utopian dream of total openness Message-ID: Just watch us: The utopian dream of total openness Doug Saunders London ? The Globe and Mail Published Friday, Dec. 17 2010, 8:17 PM EST Last updated Thursday, Aug. 23 2012, 4:04 PM EDT Two hundred and twenty-seven years ago, English reformer Jeremy Bentham proposed an idea that seemed to foretell everything in 2010: What if, instead of private individuals judged only by God, we had a society based on total and universal transparency, in which anyone could be observed at any moment and government activities and citizens' lives could instantly be assessed by anyone who cared to look? < - > http://www.theglobeandmail.com/technology/just-watch-us-the-utopian-dream-of-total-openness/article1320397 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 3 15:22:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Mar 2013 16:22:24 -0500 Subject: [Infowarrior] - Keeping an Eye on Online Test-Takers Message-ID: March 2, 2013 Keeping an Eye on Online Test-Takers By ANNE EISENBERG http://www.nytimes.com/2013/03/03/technology/new-technologies-aim-to-foil-online-course-cheating.html MILLIONS of students worldwide have signed up in the last year for MOOCs, short for massive open online courses ? those free, Web-based classes available to one and all and taught by professors at Harvard, Duke, M.I.T. and other universities. But when those students take the final exam in calculus or genetics, how will their professors know that the test-takers on their distant laptops are doing their own work, and not asking Mr. Google for help? The issue of online cheating concerns many educators, particularly as more students take MOOCs for college credit, and not just for personal enrichment. Already, five classes from Coursera, a major MOOC provider, offer the possibility of credit, and many more are expected. One option is for students to travel to regional testing centers at exam time. But reaching such centers is next to impossible for many students, whether working adults who can?t take time off to travel, or others in far-flung places who can?t afford the trip. But now eavesdropping technologies worthy of the C.I.A. can remotely track every mouse click and keystroke of test-taking students. Squads of eagle-eyed humans at computers can monitor faraway students via webcams, screen sharing and high-speed Internet connections, checking out their photo IDs, signatures and even their typing styles to be sure the test-taker is the student who registered for the class. The developing technology for remote proctoring may end up being as good ? or even better ? than the live proctoring at bricks-and-mortar universities, said Douglas H. Fisher, a computer science and computer engineering professor at Vanderbilt University who was co-chairman of a recent workshop that included MOOC-related topics. ?Having a camera watch you, and software keep track of your mouse clicks, that does smack of Big Brother,? he said. ?But it doesn?t seem any worse than an instructor at the front constantly looking at you, and it may even be more efficient.? Employees at ProctorU, a company that offers remote proctoring, watch test-takers by using screen sharing and webcam feeds at offices in Alabama and California. ProctorU recently signed an agreement to proctor new credit-bearing MOOCs from Coursera, including one in genetics and evolution offered at Duke and one in single-variable calculus at the University of Pennsylvania. MOOC students who want to obtain credit will be charged a remote-proctoring fee of $60 to $90, depending on the class, said Dr. Andrew Ng, co-founder of Coursera, based in Mountain View, Calif. Other remote proctoring services offer different solutions. At Software Secure in Newton, Mass., test-takers are recorded by camera and then, later, three proctors independently watch a faster-speed video of each student. Compared with services where proctors are monitoring students in real time, this combination of recording first and viewing later ?gives greater latitude for the institution to adjust the timing of exams to whenever they want,? said Allison Sands, Software Secure?s director of marketing. The cost is now $15 per exam. Employees at ProctorU say they are well-versed in the sometimes ingenious tactics used to dodge testing rules. ?We?ve seen it all,? said Matt Jaeh, vice president for operations. ?After you?ve sat there a while watching people, the patterns of behavior for normal people versus the people trying to sneak in a cellphone to look up information are very clear.? Each proctor can monitor up to six students at a time, watching three side-by-side camera feeds on each of two screens. If a student?s eyes start to wander, the proctor gives a warning via videoconferencing software, just as a classroom monitor might tell students to keep their eyes on their own papers. For an overwhelming majority of people, that warning suffices, said Jarrod Morgan, a co-founder. With the system in place, ?cheating usually isn?t a problem,? he said. But if it does occur, ProctorU follows the rules of the institution giving the exam. ?Some schools ask us to cut off the exam on the spot if there?s a suspicious incident,? he said; others ask that the exam be continued and the incident reported. Beyond the issue of proctoring, MOOCs are also addressing the problem of making sure that credit-seeking test-takers are the same students who enrolled in the course. In that effort, Coursera is offering a separate service, called Signature Track and costing $30 to $99, that confirms students? identity by matching webcam photographs as well as pictures of acceptable photo IDs. Students also type a short phrase, which is analyzed by a software program. It takes note of the typing rhythm and other characteristics, like how long the keys are pressed down. Then, when a student submits homework or takes a test, the algorithm compares a bit of new typing with the original sample. (And if you?ve broken your arm, there?s always your photo ID.) Online classes are hardly new, but earlier courses typically didn?t have to handle exam proctoring on the scale required for vast MOOCs. The University of Florida in Gainesville, for example, has long offered many programs for students studying far from the campus, with some monitoring done by ProctorU, said W. Andrew McCollough, associate provost for teaching and technology. Now the school has set up its first MOOC, on human nutrition (enrollment 47,000), and is working on four others, all through Coursera. The question of proctoring is being debated, he said, as faculty members worry about academic integrity amid the growth of open, online classes. ?They don?t want any fooling around,? he said. ?But as we get more experience and evidence, the faculty are getting familiar with ways technology can replicate a classroom experience.? E-mail: novelties at nytimes.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 3 16:31:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Mar 2013 17:31:57 -0500 Subject: [Infowarrior] - CISPA markup in April Message-ID: <4E872B36-0B91-4231-807D-7169A2969190@infowarrior.org> House Intelligence chairman aims for cybersecurity bill markup in April By Jennifer Martinez - 03/01/13 04:49 PM ET http://thehill.com/blogs/hillicon-valley/technology/285773-rogers-aiming-for-markup-on-cyber-information-sharing-bill-in-april#ixzz2MWDYU6aw SAN FRANCISCO ? House Intelligence Committee Chairman Mike Rogers (R-Mich.) said Friday he is aiming to wrap up talks with the White House and privacy advocates about measures in his information-sharing cybersecurity bill by April so it can move to a markup. "We're still negotiating a lot of little pieces of the bill with privacy groups and the White House, and we're having great conversations with both Democrat and Republican senators now, so I'm hoping to have that wrapped up by April, where we can actually move a product in April," Rogers said in an interview with The Hill at the RSA cybersecurity conference in San Francisco. The Intelligence Committee Chairman and ranking member Rep. Dutch Ruppersberger (D-Md.) re-introduced a cybersecurity bill this month, the Cyber Intelligence Sharing and Protection Act (CISPA), that is designed to remove the legal hurdles preventing private companies and the government from sharing intelligence about cyber threats with one another in real time. Last year the White House issued a veto threat the day before the bill went to the House floor for a vote, arguing that it lacked sufficient privacy protections and measures addressing security gaps in the computer systems of critical infrastructure. The bill ultimately passed the House last spring and went untouched in the Senate. Rogers said the recent talks with the White House have been encouraging and that the release of President Obama's cybersecurity executive order this month is a positive political development for the information-sharing bill. "We're negotiating, we're talking, which is better than what happened last year, and I'm encouraged by that," he said. "Here's the good news, everybody agrees that we need an information-sharing [measure] now. The executive order, I think, takes pressure off the Senate from having to pass a infrastructure standards mandate or bill. That's great. "That means the one thing we can get bipartisan agreement on is this cyber sharing portion. I think it actually increases our chances of getting a product to the president's desk for signature." In their talks with the White House about the bill, the House Intelligence Committee leaders are discussing whether companies should be required to strip personally identifiable information from cyber threat data they share with the government, Ruppersberger said in a separate interview. "We're going to try to do what we can to deal with the issue," he said. " I think if we can resolve this, we can probably get a bill passed. You're not going to please everybody, but I think we can get a bill." Rep. Adam Schiff (D-Calif), a member of the Intelligence Committee, has said he may offer an amendment to the bill that would require companies to take "reasonable steps" to minimize the personal information in the cyber threat data they relay to the government. Both lawmakers said they are still open to discussions about ways to boost the privacy protections in the bill, but they defended the steps they took last year to add more privacy safeguards to it. They also stressed that the bill passed the House with support from both parties. "Part of my role is to deal with the privacy issues, and I feel we have done this in the bill," Ruppersberger said. The two lawmakers also said the U.S. government should step up efforts to confront China about its campaign to steal intellectual property from American companies via hacker attacks. "If they truly want to be an international player, they have to stop acting like a thief in the night, and we need to make that point," Rogers said. He said among possible diplomatic tools that could be used against Chinese hackers are visa restrictions, an option mentioned by White House cyber chief Michael Daniel at the RSA conference on Thursday. "They need to understand there are consequences for that kind of behavior and that is not being a good international citizen," Rogers said. Read more: http://thehill.com/blogs/hillicon-valley/technology/285773-rogers-aiming-for-markup-on-cyber-information-sharing-bill-in-april#ixzz2MWDYU6aw = --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 4 06:24:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Mar 2013 07:24:25 -0500 Subject: [Infowarrior] - Prepare for 'post-crypto world', warns godfather of encryption Message-ID: Prepare for 'post-crypto world', warns godfather of encryption http://www.theregister.co.uk/2013/03/01/post_cryptography_security_shamir/ Shamir: US quadrupling size of cyber-combat unit for a reason By John Leyden ? Get more from this author Posted in Security, 1st March 2013 12:47 GMT Cryptography is 'becoming less important' because of state-sponsored malware, according to one of the founding fathers of public-key encryption. Turing award-winning cryptographer Adi Shamir (the S in RSA) said the whole basis of modern cryptography is under severe strain from attacks on security infrastructure such as the attack on app whitelisting firm Bit9 and problems with certificate authorities such as Turktrust, two recent examples of trends that have been going on for some years. "I definitely believe cryptography is becoming less important," Shamir said. "Intelligence gathering services around the world are going through a phase shift. In the 19th century if you wanted to know the plans of Napoleon you need a CIA-type agent next to him. In the 20th century if you wanted to know the plans of Hitler during the Second World War you had listen to the communication and break the crypto, this was an NSA-type operation." In the 21st century these approaches are becoming less useful, with hacking and Advanced Persistent Threat-type attacks featuring spear-phishing and custom malware becoming more important to spies, according to Shamir. The US is quadrupling the size of its cyber-combat unit for a reason, he said. "In effect, even the most secure locations and most isolated computer systems have been penetrated over the last couple of years by a variety of APTs and other advanced attacks," Shamir said. "We should rethink the question of how we protect ourselves. "Traditionally the security industry has thought about two lines of defence. The first line was to prevent the insertion of the APT in a computer systems with antivirus and other defences. The second was many companies trying to detect the activity of the APT once it's there. But history has shown us that the APT have survived both of these lines of defence and operate for many years." Security needs be to rethought along the lines of how it might be possible to protect a system that might be infected by something that might remain undetected. Not everything is lost even if these circumstances, according to Shamir, who argued that any APT would be tightly constrained and unable to extract a large volume of data. "I want the secret of the Coca-Cola company not to be kept in a tiny file of 1KB, which can be exfiltrated easily by an APT," Shamir said. "I want that file to be 1TB, which can not be exfiltrated. I want many other ideas to be exploited to prevent an APT from operating efficiently. It's a totally different way of thinking about the problem." Ron Rivest, who teamed up with Shamir to develop the RSA encryption algorithm, asked what could stop the malware from compressing the target data. This led onto a discussion about disguising or obfuscating file names. "Let's hope that confuses the opponents more than it confuses us," Rivest said, to laughs from the audience. Shamir made his comments during the cryptographers' panel session at the RSA Conference in San Francisco on Tuesday that also featured Rivest, ICANN's Whitfield Diffie and Stanford University's Dan Boneh. Diffie took issue with Shamir's argument that cryptography is becoming less important - arguing it's like saying that the net is less important in volleyball because the poles keep falling over. "The keys need to be well-supported at either end and that's where we're having the problems," Diffie said, arguing that cryptography remains essential. Shamir responded: "In the Second World War if you had good crypto protecting your communication you were safe. Today with an APT sitting inside your most secure computer systems, using cryptography isn't going to give you much protection. "It's very difficult to use cryptography in an effective way if you assume that an APT is watching over the computer system, watching everything that is being done, including the encryption and decryption process." Shamir's remarks, the infosec equivalent of Paul McCartney saying guitar bands have had their day, can be found in a video recording of the RSA 13 cryptographers' panel session on YouTube here. The debate on whether or not we're moving towards a 'post-cryptography' world runs from between around the 10 and 22 minute marks. A discussion of quantum computing and quantum cryptography that runs for about 10 minutes from the 32 minute mark is also well worth watching. "We shouldn't worry much about post-quantum cryptography but we should think about post-cryptography security," added Shamir. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 4 06:32:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Mar 2013 07:32:57 -0500 Subject: [Infowarrior] - Crypto humour Message-ID: <304576E3-51FF-4745-8CC7-BF8DC7EEE92B@infowarrior.org> Umm.....yeah. Used this before in social engineering tests many many times. *chuckle* http://xkcd.com/1181/ (the mouseover text is classic, too.) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 4 06:40:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Mar 2013 07:40:50 -0500 Subject: [Infowarrior] - Life Inside the Aaron Swartz Investigation Message-ID: <78B50211-B24A-48A9-B59D-356107AEF017@infowarrior.org> Life Inside the Aaron Swartz Investigation By Quinn Norton Mar 3 2013, 9:24 PM ET A reluctant witness's account of a Federal prosecution. If you haven't been following the case, start with the editor's note for context. < - > http://www.theatlantic.com/technology/archive/13/03/life-inside-the-aaron-swartz-investigation/273654/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 4 11:56:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Mar 2013 12:56:26 -0500 Subject: [Infowarrior] - Pop-Tart "gun" gets 7 y/o suspended. Message-ID: <66A2233F-79D1-46DF-87AB-82826A336510@infowarrior.org> Common sense, people. You can rediscover it.....if you only try. --rick Student suspended for shaping Pop-Tart into gun By Krista Hostetler CREATED Mar. 3, 2013 http://www.ktnv.com/news/watercooler/194673111.html Baltimore, MD (KTNV) -- A student in Baltimore was suspended over breakfast. 7-year-old Josh Welch was eating a Pop-Tart at school. A teacher saw the pastry and said she thought it looked like it was being shaped into a gun. The teacher also said she heard Welch say, "Bang Bang" while he was holding it. That was enough to get him suspended. Welch said his teacher got it completely wrong, "It was already a rectangle and I just kept on biting it and tore off the top, and it kind of looked like a gun but it wasn't." Welch said he was trying to shape the Pop-Tart into a mountain. The school sent out a letter late in the day to parents explaining what happened and why they thought it was a threat saying, "A student used food to make an inappropriate gesture." Welch was suspended for two days. Find this article at: http://www.ktnv.com/news/watercooler/194673111.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 4 16:19:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Mar 2013 17:19:39 -0500 Subject: [Infowarrior] - White House comes out in favor of legal mobe unlocking Message-ID: White House comes out in favor of legal mobe unlocking FCC: Lockdown 'doesn't pass the common sense test' By Iain Thomson in San Francisco ? Get more from this author Posted in Policy, 4th March 2013 22:05 GMT http://www.theregister.co.uk/2013/03/04/white_house_supports_phone_unlocking/ President Obama's idea for a petition system has come in for a lot of criticism ? some of it deserved ? but if the latest response to a petition on mobile phone unlocking is anything to go by, the system has definite benefits. The petition was created following the decision by the Librarian of Congress to review the remit of the Digital Millennium Copyright Act and criminalize those consumers who want to unlock their handsets from a network. After it quickly reached the newly required 100,000 signature minimum, the administration issued a coordinated response, with the Librarian, the FCC, and the administration all calling for reform. "The White House agrees ? that consumers should be able to unlock their cell phones without risking criminal or other penalties," said R. David Edelman, senior White House advisor for internet, innovation, and privacy. "In fact, we believe the same principle should also apply to tablets, which are increasingly similar to smart phones. And if you have paid for your mobile device, and aren't bound by a service agreement or other obligation, you should be able to use it on another network. It's common sense." The current administration would support efforts to get legislation on the books making mobile unlocking permanently legal, he said, and he pledged to work with Congress and the mobile phone companies to remedy the situation. Edelman also said the FCC would have an important role to play going forward, and the agency issued a statement of its own on the matter. "From a communications policy perspective, this raises serious competition and innovation concerns, and for wireless consumers, it doesn't pass the common sense test," said FCC top dog Julius Genachowski. "The FCC is examining this issue, looking into whether the agency, wireless providers, or others should take action to preserve consumers' ability to unlock their mobile phones. I also encourage Congress to take a close look and consider a legislative solution." Meanwhile, the Library of Congress also issued a statement saying that it valued the recent "thoughtful discussions" it has had with the White House on the issue and that the decision would "benefit from a review." But under the terms of the DMCA, it said, its hands are tied for the moment. "The rulemaking is a technical, legal proceeding and involves a lengthy public process. It requires the Librarian of Congress and the Register of Copyrights to consider exemptions to the prohibitions on circumvention, based on a factual record developed by the proponents and other interested parties," it said. "The officials must consider whether the evidence establishes a need for the exemption based on several statutory factors. It does not permit the U.S. Copyright Office to create permanent exemptions to the law." So, on the face of it, the petition does seem to have worked, at least at bringing attention to the issue. Actually getting it resolved is another matter, if the buck-passing seen in all of these statements is anything to go by. Sina Khanifar, one of the founders of the petition, said that he was encouraged by the show of support and was now concentrating on building "a SOPA-style organization" to get the law permanently changed. The new organization will be announced on Tuesday. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 06:51:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 07:51:14 -0500 Subject: [Infowarrior] - RSA: U.S. Cybersecurity Strategy Turns 10 Message-ID: <8BAE6545-92CB-4F6C-AD5F-00F043DB7037@infowarrior.org> (But that's STILL what we're doing...."talking" about the problem. CISPA sponsor Mike Rogers says his bill will "do" something. Yep -- more "talking", "analysing", and "sharing" but not anything truly evolutionary or revolutionary to fix our underlying cybersecurity problems. For once in a looooong while, I agree with Tom Ridge. --rick) RSA: U.S. Cybersecurity Strategy Turns 10 Tom Ridge tells the government to stop talking and start acting. By Sean Michael Kerner | March 01, 2013 http://www.esecurityplanet.com/print/hackers/rsa-u.s-cybersecurity-strategy-turns-10.html SAN FRANCISCO - In recent weeks, the issue of cyberattacks from China and nation state adversaries has been big news. Reality is that the U.S has been taking steps to secure its national IT infrastructure from cyberattack for the last 10 years. During a panel session at the RSA conference this week, Tom Ridge, the first head of the U.S. Department of Homeland Security, recounted the efforts that he helped lead 10 years ago. Ridge was joined by Howard Schmidt, who helped author the U.S. National Strategy to Secure Cyberspace under President Bush. More recently, Schmidt served as the cybersecurity coordinator of the Obama Administration. "10 years ago, we started a national strategy to secure cyberspace. This was during the first several months post-9/11 and we were concerned that cyber attacks at that time were imminent," Ridge said. Ridge said his primary task was to first build a national strategy for homeland security. Cyber was one component of that larger effort. The strategy was built as an aggregation of ideas that were collected during lots of town hall-type meetings and collaboration. The first draft of the strategy was released in September 2002 and opened to comment until February 2003, when it was finalized. Ridge argued that material contained in the 2003 National Strategy for Cyberspace is still relevant today. "It's about awareness, threat assessment and information sharing," Ridge said. The strategy also involved having a national response mechanism as well as a threat vulnerability reduction program. The strategy led to the creation of US-CERT (United States Computer Emergency Readiness Team) in order to share and collaborate with the public on IT security. Ridge stressed that the U.S. government in general, and in particular in the most recent Congress, has been talking about cybersecurity for a long time. "It's good to talk about," Ridge said. "But it's time to quit talking and start doing." Executive Order In February, President Obama signed an executive order to create a national cybersecurity framework. Schmidt said that the framework states that that the government is going to share information with the private sector. "We have been saying that since 2003," Schmidt said. "Obama now wants it to be actionable." Ridge added that any time the president of the United States is in news headlines about cybersecurity, it's a good thing. However, he isn't as thrilled about the actual content of the executive order. "For the president to have to sign an order directing the government to give unclassified info to the private sector when there is a risk is incredulous to me," Ridge stated. Overall, Ridge has an optimistic view on the nation's cybersecurity posture. "America did a lot post 9/11 to be more secure," he said. He added that after 9/11 he was asked by someone how he sleeps at night. His response was that he doesn't sleep much, but he does believe the private and public sectors are doing lots to make us all more secure. "There are still some challenges and I'm optimistic we can meet the challenges," Ridge said. Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 08:53:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 09:53:36 -0500 Subject: [Infowarrior] - Cyber Security and Global Interdependence: What Is Critical? Message-ID: <0AE2F5E1-66B0-4540-AC6B-E88386356C5C@infowarrior.org> www.chathamhouse.org/publications/papers/view/189645 Reports and Papers Cyber Security and Global Interdependence: What Is Critical? Programme Report Dave Clemente, February 2013 Download paper here Download Executive Summary here Download for eReaders here The evolution of interconnection between infrastructure sectors has been accelerated by the spread of cyberspace, which has become the 'nervous system' linking them. There is no avoiding the security implications emerging at the intersection of cyberspace and infrastructure. As countries become more dependent on infrastructure distributed around the world, the growing complexity of interconnections makes it harder for authorities to identify what infrastructure is 'critical'. Improving risk management relies on using rigorous definitions of what infrastructure is 'critical', which enables more effective prioritization and protection of nodes and connection points. In this context, the ever-rising importance of data makes distinctions between 'physical' and 'information' infrastructure increasingly irrelevant. Societal resilience can be just as important as infrastructure resilience, and policy-makers should consider closely what levels of societal dependency on digital technologies are appropriate. Building public confidence in the security and governance of the critical infrastructure ecosystem is essential to avoid policy-making driven by reactive or narrow interests. Meeting these security challenges requires better shared understanding of what is critical between those who protect an organization and those who set its strategic direction. Better understanding of the economic and political incentives that guide stakeholders also reveals the scope for potential cooperation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 13:29:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 14:29:05 -0500 Subject: [Infowarrior] - FBI joins SEC in computer trading probe Message-ID: <3F1AB751-7204-4DD9-A298-E654211F4190@infowarrior.org> http://www.ft.com/intl/cms/s/0/11b81d74-85a4-11e2-9ee3-00144feabdc0.html#axzz2MfCzMcUH FBI joins SEC in computer trading probe By Kara Scannell in New York The FBI has teamed up with securities regulators to tackle the potential threat of market manipulation posed by ultra-fast computer dealing methods such as high-frequency trading that have taken markets beyond the scope of traditional policing. FBI agents have joined forces with a new unit within the Securities and Exchange Commission that examines hedge funds and other firms that are using algorithm trading strategies. The SEC?s Quantitative Analysis Unit is focusing on the emergence of high-frequency trading firms and the rise of dark pools. Traders using these methods can manipulate the market by flooding it with quotes, known as quote stuffing, or placing millions of orders that are quickly cancelled, to drive others to trade in ways that benefit their position, a practice known as layering. Some of these trading strategies have been accused of destabilising the market and putting retail investors at a disadvantage. Their supporters have said they increase liquidity in securities and reduce volatility. The FBI has historically investigated cases of market manipulation but people familiar with the matter said the collaboration with the SEC was an attempt to beef up the agency?s expertise and catch up with fast-changing technology-driven trading strategies. The move reflects market participants? evolution from traditional investment firms into financial engineering shops. Authorities are concerned that technological advances have outpaced hedge fund compliance programmes and left the stock market vulnerable to manipulation. ?If you don?t speak the language the specifics are already lost,? said one person involved in the collaboration. Authorities are exploring potential holes in the system, including new algorithms referred to as ?news aggregation? which search the internet, news sites and social media for selected keywords, and fire off orders in milliseconds. The trades are so quick, often before the information is widely disseminated, that authorities are debating whether they violate insider trading rules, the people familiar with the matter said. Authorities are also monitoring alpha capture systems, platforms where sell-side firms share information with buyside professionals, for potential front running or insider trading. Also on their radar is artificial intelligence trading, an algorithm that predicts market reactions based on history. One government official said market structure could be the next big area for cases, although it was not clear whether any of the strategies violated criminal laws. To prove a criminal case the FBI would need to show that the trader intended to manipulate the stock, which could prove more difficult for strategies that are triggered by computers. The SEC has brought a handful of cases involving these strategies and other investigations are under way. No criminal case is on the horizon, one of the people said. The FBI and SEC have successfully worked together in other areas with their collaboration resulting in more than 80 prosecutions of insider trading over the past three and a half years. Copyright The Financial Times Limited 2013. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 13:31:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 14:31:32 -0500 Subject: [Infowarrior] - TSA Will Permit Knives, Golf Clubs on U.S. Planes Message-ID: TSA Will Permit Knives, Golf Clubs on U.S. Planes By Jeff Plungis - Mar 5, 2013 http://www.bloomberg.com/news/print/2013-03-05/tsa-will-permit-knives-golf-clubs-on-u-s-planes.html The U.S. Transportation Security Administration will let people carry small pocketknives onto passenger planes for the first time since the Sept. 11 terrorist attacks, along with golf clubs, hockey sticks and plastic Wiffle Ball-style bats. The agency will permit knives with retractable blades shorter than 6 centimeters (2.36 inches) and narrower than 1/2 inch, TSA Administrator John Pistole said today at an aviation security conference in Brooklyn. The change, to conform with international rules, takes effect April 25. Passengers will also be allowed to board flights with some other items that are currently prohibited, including sticks used to play lacrosse, billiards and hockey, ski poles and as many as two golf clubs, Pistole said. The changes attracted criticism from labor unions representing flight attendants. ?This policy was designed to make the lives of TSA staff easier, but not make flights safer,? Stacy Martin, president of the Transportation Workers Union local that represents Southwest Airlines Co. flight attendants, said in a statement. ?While we agree that a passenger wielding a small knife or swinging a golf club or hockey stick poses less of a threat to the pilot locked in the cockpit, these are real threats to passengers and flight attendants in the passenger cabin,? Martin said. ?Shortsighted Decision? Pistole?s announcement reflects ?a poor and shortsighted decision by the TSA,? the Flight Attendants Union Coalition, representing five labor groups, said in a statement. ?We believe that these proposed changes will further endanger the lives of all flight attendants and the passengers we work so hard to keep safe and secure.? Changes removing items like sporting goods from the prohibited list are based on recommendations from a TSA working group that?s trying to weed out commonly confiscated items that don?t present a security threat, agency spokesman David Castelveter said. ?These are popular items we see regularly,? Castelveter said. ?They don?t present a risk to transportation security.? Pistole, the former No. 2 official at the Federal Bureau of Investigation, has stressed the use of intelligence and ?risk- based? security during his tenure leading TSA. The agency is moving away from uniform procedures that apply to every passenger and toward efforts to perform background checks on passengers before they arrive at an airport. Speeding Checkpoints Besides conforming with international rules, the TSA policy changes will keep U.S. checkpoint officials from spending time confiscating objects that don?t present a risk, Pistole said. The changes will let more passengers go through screening lines more quickly, he said. ?The idea that we have to look for, to find and then somehow resolve whatever that prohibited item is -- that takes time and effort,? Pistole said. ?That may detract us from that item that could lead to a catastrophic failure on an aircraft.? The greatest threat to U.S. travelers is currently small, non-metallic bombs, not knives or sporting equipment, Pistole said. Overseas passengers will no longer have to check the qualifying knives as they pass through the U.S. The agency will still prohibit some knives, including those with locking blades or molded handles, like those used by hunters for skinning, Pistole said. There?s still concern about knives clearly intended for use as weapons, he said. Box Cutters Box cutters, like those used by the Sept. 11 terrorists, and razor blades will still be banned. ?The sensitivity to those who were attacked on 9/11 still resonates strongly,? Pistole said. ?There?s just too much emotion associated with them, particularly the box cutters.? The agency also is carving out two exceptions to its ban on most baseball and softball bats. It will allow souvenir, novelty baseball bats less than 24 inches long and will permit lightweight plastic bats even if they?re more than 2 feet long (61 centimeters). To contact the reporter on this story: Jeff Plungis in Washington at jplungis at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 13:33:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 14:33:00 -0500 Subject: [Infowarrior] - The Last Time The Dow Was Here... Message-ID: <7DA13171-2308-4B6D-8921-2DD6CEDA38AC@infowarrior.org> The Last Time The Dow Was Here... Submitted by Tyler Durden on 03/05/2013 09:36 -0500 http://www.zerohedge.com/news/2013-03-05/last-time-dow-was-here "Mission Accomplished" - With CNBC now lost for countdown-able targets (though 20,000 is so close), we leave it to none other than Jim Cramer, quoting Stanley Druckenmiller, to sum up where we stand (oh and the following list of remarkable then-and-now macro, micro, and market variables), namely that "we all know it's going to end badly, but in the meantime we can make some money" - ZH translation: "just make sure to sell ahead of everyone else." ? Dow Jones Industrial Average: Then 14164.5; Now 14164.5 ? Regular Gas Price: Then $2.75; Now $3.73 ? GDP Growth: Then +2.5%; Now +1.6% ? Americans Unemployed (in Labor Force): Then 6.7 million; Now 13.2 million ? Americans On Food Stamps: Then 26.9 million; Now 47.69 million ? Size of Fed's Balance Sheet: Then $0.89 trillion; Now $3.01 trillion ? US Debt as a Percentage of GDP: Then ~38%; Now 74.2% ? US Deficit (LTM): Then $97 billion; Now $975.6 billion ? Total US Debt Oustanding: Then $9.008 trillion; Now $16.43 trillion ? US Household Debt: Then $13.5 trillion; Now 12.87 trillion ? Labor Force Particpation Rate: Then 65.8%; Now 63.6% ? Consumer Confidence: Then 99.5; Now 69.6 ? S&P Rating of the US: Then AAA; Now AA+ ? VIX: Then 17.5%; Now 14% ? 10 Year Treasury Yield: Then 4.64%; Now 1.89% ? EURUSD: Then 1.4145; Now 1.3050 ? Gold: Then $748; Now $1583 ? NYSE Average LTM Volume (per day): Then 1.3 billion shares; Now 545 million shares --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 13:35:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 14:35:41 -0500 Subject: [Infowarrior] - How Verizon found child pornography in its cloud Message-ID: How Verizon found child pornography in its cloud Scanned files using hashes of known child pornography images. by Sean Gallagher - Mar 5 2013, 11:51am EST http://arstechnica.com/information-technology/2013/03/how-verizon-found-a-child-pornographer-in-its-cloud/ Cloud-based storage services are no doubt useful. They can back up your personal data and keep it from being lost if your system crashes. They can share your data across multiple computers. But cloud-based services are increasingly checking user-uploaded data for illegal content?particularly child pornography. When Congress passed the PROTECT Our Children Act of 2008 mandating that service providers report suspected child pornography in the content that their customers surf and store, the law gave providers an out: if they couldn't check, they wouldn't know, and they wouldn't have to report it. But while checking is still voluntary, the National Center for Missing and Exploited Children has been pushing providers to use image-matching technology to help stop the spread of child pornography. William Albaugh found this out the hard way when he backed up his home computer to Verizon's online backup service. The 67-year-old deacon of a Catholic church in Baltimore County didn?t realize he was giving away his secret?after he allegedly uploaded pornographic images and videos of children to his Online Backup and Sharing cloud account, they were scanned by a Verizon partner using technology that can automatically check images and videos for the presence of children known to be the victims of pornographers. Since the passage of the PROTECT Act, sponsored by then-Senator Joseph Biden Jr., service providers have been required to register with the NCMEC's Cyber Tipline, operated in coordination with federal, state, and local law enforcement. Providers have a "duty to report" to the NCMEC if their users access or store child pornography; in the last six months of 2012, the Cyber Tipline handled 113,009 reports of child pornography from electronic service providers. Verizon officials would not go into the particulars of how it scans customers' content. "All we do is follow the law," said Verizon spokesperson Linda Laughlin. But they acknowledged that the company uses a database of mathematical fingerprints of known images of children generated by the National Center for Missing and Exploited Children, using a technology called PhotoDNA, which was donated by Microsoft just over a year ago. To serve and protect The NCMEC database includes mathematical "hashes" for tens of millions of images and videos reviewed by NCMEC?the group reviewed over 17.3 million such files in 2011 alone. PhotoDNA, which Microsoft offers free of charge to law enforcement agencies as part of the NetClean Analyze digital forensics tool, hashes biometric information within the photos and videos rather than making calculations based on the files themselves, so the scanning software can be used to recognize images even when they've been resized or cropped. That's an improvement over the original hash database kept by the Child Victim Identification Program, which used fingerprints of files and provides no way of dealing with altered images. By sharing the hashed "fingerprints" of images in which children have been identified performing sexual acts, NCMEC makes it possible for law enforcement officials, cloud storage services, and hosting providers to check large volumes of files for matches without having to keep copies of offending images themselves. Verizon doesn't provide cloud services itself; it contracts out with cloud storage providers who operate data centers to provide the backend for its Online Backup and Sharing service for FiOS and other cloud storage services. Laughlin said that for security reasons, Verizon would not discuss which vendors were involved in scanning customer's files?or how frequently that scanning happened. But Verizon's own terms of service documents say that the Online Backup and Sharing service is provided by Digi-Data Corporation of Broomfield, Colorado. Crypto clearance It's Digi-Data that actually performs the scan of users' content; the company in turn reports possible "hits" in content to Verizon's security team, who in turn associates those hits with a specific account and passes them to the NCMEC Cyber Tipline. So when Albaugh's computer uploaded the videos and images he had stored on his computer's hard drive, they traversed Verizon's network to a third party's data center. It was there that a scan detected images of children who were known to be victims of child pornography. If Albaugh had been a bit more technically aware, he might have encrypted his data locally, which would have kept him from being caught so easily. While the data passes over Verizon's network encrypted, it would have to be either stored unencrypted or decrypted with a local key at the data center to be detected by the PhotoDNA hash scan. It's more likely that user backups are stored encrypted at rest using AES encryption or a similar scheme and then decrypted programmatically for scanning and transmission back to the customer. Verizon isn't the only cloud provider that performs some level of scanning of its content. Dropbox, for example, spells out in its terms and conditions the many things users aren't allowed to do with the service, including "Don?t share 'unlawfully pornographic' material." The company will cancel your account or worse if you try to. Dropbox also says it "may collect" information on "all the files you upload or download." And like all cloud providers, Dropbox and Verizon (and others) must be able to provide files stored in the cloud to law enforcement?in some cases without a warrant. The Electronic Communications Privacy Act Amendments Act of 2012, which would have offered cloud-based storage greater privacy protections, failed to get out of the Senate last year, so the "stored communications" that are your personal files will be open to scrutiny for the foreseeable future. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 13:36:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 14:36:47 -0500 Subject: [Infowarrior] - If Most Crime Involves A 'Cyber' Element, Can't We Just Call It Crime Instead Of Cybercrime? Message-ID: <188B0A0C-7CAC-41B3-BA10-4D7F5265B1CF@infowarrior.org> (But 'cyber' sounds COOL!!!!!!!! ---rick) If Most Crime Involves A 'Cyber' Element, Can't We Just Call It Crime Instead Of Cybercrime? from the scary-scary-internet dept It is a standing modern truth that you can take a scary word in the English language and turbocharge its terror factor by putting the word "cyber" in front of it. Don't believe me? Murder. Some guy stabs or shoots me. Cyber-murder. Holy crap! A dude can reach through the computer and electrocute my face! The problem, as we've discussed previously, is that many of the supposed facts used to hype cybercrime are massively overstated, and the unfortunately resulting hysteria breeds atrocities like The Patriot Act, because computers are terrifying and apparently the government is not. Of course, it doesn't end with crime. Cyberwar, cyber-terrorism, these words now permeate the bloodstream like terrifying nanobots, all while the use of technology and the internet marches forward at incredible rates. But is the term "cybercrime" even useful anymore? When NYC district attorneys like Manhattan's Cyrus Vance suggest that pretty much all crime includes a cyber element, can't we just drop the scare words and go back to calling it "crime?" < - > http://www.techdirt.com/articles/20130304/06541422191/if-most-crime-involves-cyber-element-cant-we-just-call-it-crime-instead-cybercrime.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 5 17:19:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Mar 2013 18:19:57 -0500 Subject: [Infowarrior] - =?windows-1252?q?Google=2C_Apple_and_Microsoft_ma?= =?windows-1252?q?y_be_exempt_from_Obama=92s_cybersecurity_order?= Message-ID: <3A17958F-C978-4F68-BB36-8EA013A3F627@infowarrior.org> Google, Apple and Microsoft may be exempt from Obama?s cybersecurity order By Eric Engleman http://www.washingtonpost.com/business/google-exception-in-obamas-cyber-order-questioned-as-unwise-gap/2013/03/05/425a2430-8555-11e2-a80b-3edc779b676f_print.html March 5 (Bloomberg) -- Telecommunications companies want President Barack Obama?s administration to rethink a decision that may exempt Google Inc.?s Gmail, Apple Inc.?s iPhone software and Microsoft Corp.?s Windows from an executive order on cybersecurity. Obama?s Feb. 12 order says the government can?t designate ?commercial information technology products or consumer information technology services? as critical U.S. infrastructure targeted for voluntary computer security standards. ?If e-mail went away this afternoon, we would all come to a stop,? said Marcus Sachs, vice president of national security policy at Verizon Communications Inc., the second-largest U.S. phone company. ?Hell yeah, e-mail is critical.? Technologies used in personal computers, software and the Internet ?are the lifeblood of cyberspace,? Sachs said. ?If you exclude that right up front, you take off the table the very people who are creating the products and services that are vulnerable.? Obama?s order is aimed at areas such as power grids, telecommunications and pipelines. The goal is to protect ?systems and assets whose incapacitation from a cyber incident would have catastrophic national security and economic consequences,? White House spokeswoman Caitlin Hayden said in an e-mail. ?It is not about Netflix, Twitter, Facebook, and Snapchat.? Voluntary Standards Under the executive order, the Department of Homeland Security is to identify critical infrastructure, translating the order?s broadly worded information technology exclusions into specific guidelines. The order expands a government program for sharing classified information about computer threats with defense contractors and Internet-service providers and calls for computer security standards for companies in critical industries. While adherence to the standards is to be voluntary, the executive order tells federal agencies that directly regulate affected industries to consider binding rules. Telecommunications and cable companies don?t want to face regulatory burdens and costs that aren?t shared by technology companies, David Kaut, a Washington-based analyst with Stifel Nicolaus & Co., said in an interview. ?The telecom community is concerned the tech industry is going to get a free pass here,? Kaut said. ?You have an ecosystem and only the network guys are going to get submitted to government scrutiny.? Hacker Targets Critical infrastructure such as power grids rely on information technology, Verizon?s Sachs said. Such technology should be part of the solution to U.S. cybersecurity, he said. Obama?s order isn?t meant to ?get down to the level of products and services and dictate how those products and services behave,? said David LeDuc, senior director of public policy for the Software & Information Industry Association, a Washington trade group that lobbied for the exclusions. If countries impose differing security guidelines for technology products and services, such actions can amount to a type of trade barrier if rules are written to favor their own companies, LeDuc said. Samantha Smith, a Google spokeswoman, Michelle Hinrichs, a spokeswoman for Microsoft, Steve Dowling of Apple, and Jodi Seth of Facebook Inc. all declined to comment. ?Shared Responsibility? ?The nation?s cybersecurity policy framework should be structured in a way that takes into account the shared responsibility of the entire Internet ecosystem,? Ed Amoroso, chief security officer at AT&T Inc., the biggest U.S. phone company, said in a Feb. 15 e-mail reacting to Obama?s order. Telecommunications companies think the order?s exclusions may leave out technologies that play a vital role in the total security picture, Stewart Baker, a former Homeland Security Department official, said in an interview. ?If you?re attacking people, you go for the weakest link and the weakest link is often some commercial product,? said Baker, a Washington-based partner at the law firm Steptoe & Johnson LLP. Twitter Inc. said Feb. 1 that hackers may have gotten access to data on 250,000 users of its microblogging site. Facebook, operator of the largest social network, said Feb. 15 that some of its employees? laptops were infected after visiting a mobile developer?s site. Apple said Feb. 19 some of its internal Mac systems were affected by a malicious software attack. Microsoft, the largest software maker, said Feb. 22 a small number of its computers were infected by malware in an attack similar to those against Facebook and Apple. Swiping Secrets Obama, in announcing the executive order in his State of the Union speech, said the U.S. needs to boost cyber defenses for vital U.S. facilities. ?We know hackers steal people?s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets,? Obama said. ?Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air-traffic-control systems.? Obama?s executive order mirrors parts of a Senate bill that was blocked last year by Republicans who said the standards would be burdensome to industry. Lawmakers are working on new legislation. The Internet Association, a trade group whose members include Google, Facebook, and Amazon.com Inc., urged the White House and Congress to ?ensure that all Internet services are not subject to regulation,? the group?s president, Michael Beckerman, said in an e-mailed statement. The Obama administration and Google opposed revisions to an international telecommunications treaty negotiated at a United Nations conference in Dubai last year, saying new language related to cybersecurity and other topics could open the door to Internet regulation and censorship by other countries. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 6 12:13:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Mar 2013 13:13:13 -0500 Subject: [Infowarrior] - =?windows-1252?q?_Pentagon=3A_Let=92s_Threaten_Nu?= =?windows-1252?q?ke_Strike_Against_Hackers?= Message-ID: Pentagon: Let?s Threaten Nuke Strike Against Hackers Sam Biddle http://gizmodo.com/5988914/pentagon-lets-threaten-nuke-strike-against-hackers Most of us are content keeping hackers away with a firewall and decent password. But the Pentagon isn't nearly content, and in a new report, insists we should keep our nuclear arsenal ready for Internet retaliation. What could go wrong? The report, "Resilient Military Systems and the Advanced Cyber Threat," was prepared by the Department of Defense's Defense Science Board, and over the course of 138 pages makes one very clear point: if China ever hacks us, "Protect the Nuclear Strike as a Deterrent." The phrase is repeated again and again?the word "nuclear" appears 113 times in a report ostensibly dealing with computer warfare. The entire thing is riddled with jargon, euphemism, and rosy military metaphor?climbing the ladder of deterrence!?but the notion that American nukes could (and should!) be part of the "cyber war" equation (and insulted against any electronic disruption) is unequivocal. Let's put it plainly: China should know that we have nukes, tons of 'em, and if China's stellar hacker platoons ever tried to, say, bring down an American satellite, destabilize a dam, or switch off an enormous chunk of the power grid as part of an open military attack, they should be thinking about our nuclear missiles coming back in return. The US government has already said that it'd consider internet-based offensives an act of war that'd have IRL consequences, but nuking as a response to DDoS has never been so explicit. "The United States would only consider the use of nuclear weapons in 'extreme circumstances,'" the report says. And that's always been the case: you nuke us, we'll nuke you. But now the definition of what circumstances are extreme is entirely remade: "Presumably one would characterize a catastrophic Tier V-VI adversary cyber attack on the United States as 'extreme circumstances.'" Wait?what's a Tier V-VI adversary cyber attack? That's simple: "States with the ability to successfully execute full spectrum (cyber capabilities in combination with all of their military and intelligence capabilities) operations to achieve a specific outcome in political, military, economic, etc. domains." States like us. Careful, Pentagon?this is one hell of a precedent. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 6 12:15:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Mar 2013 13:15:09 -0500 Subject: [Infowarrior] - Big Telco Lobbyists Produce CNN OpEd Arguing That CISPA Is Good For Privacy Message-ID: <93634D8E-C783-445F-9032-B6960A62A8E7@infowarrior.org> Big Telco Lobbyists Produce CNN OpEd Arguing That CISPA Is Good For Privacy http://www.techdirt.com/articles/20130305/17293022208/big-telco-lobbyists-produce-cnn-oped-arguing-that-cispa-is-good-privacy.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 6 17:00:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Mar 2013 18:00:07 -0500 Subject: [Infowarrior] - Holder On Domestic Drone Strikes: Eh, Could Happen Message-ID: <82C23AE6-C72B-4D1A-8EAF-ACF3112FDDEB@infowarrior.org> In other news, while I disagree greatly with many of his views on a wide variety of issues, teabgger Rand Paul is now entering his 6th hour of a classic old-school Senate fillibuster on domestic drone strikes. IMHO this is how ANY filibuster should be done: You care so much to block something, stand your ground and show it --- ie, the way it used to be -- instead of just doing it administratively. --rick Eric Holder On Domestic Drone Strikes: Eh, Could Happen http://www.techdirt.com/articles/20130306/06353722213/eric-holder-domestic-drone-strikes-eh-could-happen.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 6 17:08:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Mar 2013 18:08:24 -0500 Subject: [Infowarrior] - Microsoft restores transfer rights for retail Office 2013 copies Message-ID: Microsoft restores transfer rights for retail Office 2013 copies Summary: As part of its shift to a subscription model, Microsoft introduced a controversial "no transfer" restriction with Office 2013. Now, after an intense outcry from customers, the company has reversed course and agreed to allow users to transfer retail Office licenses between devices. < - > http://www.zdnet.com/microsoft-restores-transfer-rights-for-retail-office-2013-copies-7000012200/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 7 06:25:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Mar 2013 07:25:29 -0500 Subject: [Infowarrior] - Failure to Prosecute Fraud Causes Economic Downturns Message-ID: Failure to Prosecute Fraud Causes Economic Downturns http://www.ritholtz.com/blog/2013/03/failure-to-prosecute-fraud-causes-economic-downturns/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 7 12:36:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Mar 2013 13:36:36 -0500 Subject: [Infowarrior] - Low on Targets, Obama Considers Killing Friends of Friends of Al-Qaida Message-ID: Low on Targets, Obama Considers Killing Friends of Friends of Al-Qaida ? By Spencer Ackerman ? 03.07.13 ? 10:30 AM http://www.wired.com/dangerroom/2013/03/friends-of-friends-qaida/ Thought the post-9/11 law that gave the president power to wage a global war against terrorists was expansive? Wait till you see the 2.0 upgrade. According to The Washington Post, the Obama administration is reconsidering its opposition to a new Authorization to Use Military Force, or AUMF, the foundational legal basis of the so-called war on terrorism. That short document, passed overwhelmingly by Congress days after the 9/11 attacks, tethered a U.S. military response to anyone who ?planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons.? Nearly all of those people are dead or detained. There are two ways to view that circumstance. One is to say the United States won the war on terrorism. The other is to expand the definition of the adversary to what an ex-official quoted by the Post called ?associates of associates? of al-Qaida. And that?s the one the administration is mooting. ?Administration officials acknowledged that they could be forced to seek new legal cover if the president decides that strikes are necessary against nascent groups that don?t have direct al-Qaeda links,? the Post reports. Examples of the targets under consideration include the extreme Islamist faction of the Syrian rebellion; the Ansar al-Sharia organization suspected of involvement in September?s Benghazi assault; and Mokhtar Belmokhtar, the one-eyed terrorist who broke with al-Qaida but is believed to be behind the January seizure of an Algerian oil field. Ansar al-Sharia may be the hardest such case, since it attacked sovereign U.S. soil in eastern Libya. None of those organizations and individuals, however, are substantially tied to al-Qaida. Which raises the challenge of any new legal authority: defining an adversary in a rigorous way, such that it both encapsulates the scope of the actual threat posed to the U.S. by associates of associates of al-Qaida and sets up the U.S. to actually end that threat. The bureaucratic mechanisms of the war are already outpacing a new AUMF, as drone bases get established in places like Niger, far from any al-Qaida operations, and the Obama administration codifies its procedures for marking terrorist targets for death. The current AUMF already authorizes broad war powers to the president. As Sen. Rand Paul (R-Ky.) noted in his filibuster of impending CIA director John Brennan Wednesday, it establishes a ?war with no temporal limits? or geographic ones. In Pakistan, the U.S. doesn?t just launch drone strikes and commando raids against core al-Qaida remnants, it also kills unknown individuals believed to fit a terrorist profile based on observed pattern-of-life behavior. The CIA and Joint Special Operations Command are also waging a campaign against al-Qaida?s Yemen-based affiliate, an ?association? never mentioned in the AUMF, albeit against an organization that has unsuccessfully attempted to attack the U.S. at home. Even in Yemen, the U.S. also carries out so-called ?signature strikes? against anonymous targets. Sen. Lindsey Graham (R-SC) recently said that the drone strikes have killed 4,700 people, orders of magnitude more than were involved in the 9/11 conspiracy and core al-Qaida. But if these campaigns have strained the authorities underscored by the AUMF, practically no one in Congress has objected, either on legal or strategy grounds. In fact, as Rep. Buck McKeon (R-Calif.) pointed out in 2010, more than half the legislators who voted for the AUMF in 2001 are no longer even in Congress, yet the wars persist while the adversary morphs. Changing that dynamic to constrain the war will be a major test of the durability and influence of the civil-liberties coalition that Paul?s filibuster seemed to inspire. Yet when McKeon suggested a new AUMF, both to take into account a changed al-Qaida and to allow Congress to bless or reject that war, the Obama administration balked. Jeh Johnson, then the Pentagon?s top lawyer, called the existing AUMF ?sufficient to address the existing threats.? There was a complication: the administration was concerned that the GOP-led House would expand the war even further, while simultaneously requiring the administration to expand the detainee population at Guantanamo Bay, undercutting a major administration initiative. The new-AUMF effort ultimately went nowhere. Now, even if the administration and Congress still disagree on Gitmo, it would appear that at least some in the administration have reached consensus with McKeon?s point. That point, however, favors expanding and entrenching a war that the U.S. has shown no capacity to successfully end. Ironically, revisiting the AUMF arguably weakens the U.S. capacity to win the war, since it shows that when the U.S. reaches the end of its ?kill lists,? it just shifts the goal posts and targets new terrorist organizations. All of which contradicts the claim in Obama?s second inaugural address that ?enduring security and lasting peace do not require perpetual war? ? which the Post reports makes Obama himself uncomfortable. It also undercuts the major points of a 13-hour filibuster that has Washington, and especially conservatives, enthusiastic. Political trends fade, but the war on terrorism manages to endure. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 7 12:38:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Mar 2013 13:38:16 -0500 Subject: [Infowarrior] - Drone Near NYC's JFK Airport Spotted By Pilot; FBI And FAA Investigating Message-ID: <4FB32C21-A63F-4E12-8F6F-496CFE0510AF@infowarrior.org> (c/o JC) http://www.huffingtonpost.com/2013/03/05/drone-in-nycs-jfk-airport_n_2811271.html?utm_hp_ref=new-york Drone Near NYC's JFK Airport Spotted By Pilot; FBI And FAA Investigating NEW YORK -- The FBI and the Federal Aviation Administration said Tuesday they are investigating a pilot's report that he spotted a small unmanned aircraft near Kennedy Airport. The Alitalia pilot told controllers that he saw the aircraft as he approached a Kennedy runway at about 1:15 p.m. Monday. The pilot said the aircraft was roughly 3 miles southeast of the airport runway and was flying at an altitude of about 1,750 feet. The FBI said the unmanned aircraft was described as black with four propellers and no more than 3 feet wide. It came within 200 feet of the Alitalia plane, the FBI said. "The FBI is asking anyone with information about the unmanned aircraft or the operator to contact us," Special Agent in Charge John Giacalone said. "Our paramount concern is the safety of aircraft passengers and crew." The Alitalia pilot can be heard on radio calls captured by LiveATC.net, a website that posts air traffic communications, saying, "We saw a drone, a drone aircraft." The FAA said the pilot did not take evasive action and the plane landed safely. The FAA and FBI did not say whether passengers might have seen the unmanned aircraft. It's unclear what the small aircraft was. Some remote-controlled planes flown by hobbyists are wider than 3 feet. Under FAA rules, model planes are restricted to altitudes of 400 feet or less. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 7 15:57:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Mar 2013 16:57:26 -0500 Subject: [Infowarrior] - =?windows-1252?q?Twitter=92s_API_keys_and_secrets?= =?windows-1252?q?_for_its_official_apps_surface=3B_what_should_we_do_with?= =?windows-1252?q?_them=3F?= Message-ID: <37307962-BA9C-4D84-B041-8EE0FA0DA7CA@infowarrior.org> Twitter?s API keys and secrets for its official apps surface; what should we do with them? http://thenextweb.com/twitter/2013/03/07/twitters-api-keys-and-secrets-surface-for-its-official-apps-what-should-we-do-with-them/ It appears that Twitter?s API keys and secrets for its official apps have surfaced, and are currently being shared on GitHub. Note: The combination of API keys and secrets are used to authorize and identify an app, similarly to a username and password. At first look, this is simply a little embarrassing. The keys and secrets which Twitter?s official apps utilize through its API have leaked, but because of the way OAuth works, this information can?t actually be hidden completely, if you know where to find it. The embarrassing bit simply comes from the fact that Twitter will have to reset its keys and secrets now that they?re completely out in the open. But unless someone is looking to build a malicious app, this shouldn?t actually be a problem?if every app that used Twitter?s API was treated equally. But that?s clearly not how it works anymore. Twitter?s own apps get preferential treatment ? that?s nothing new ? meaning that now third-party apps could now presumably use these leaked keys and secrets to work around Twitter?s strict limitations. As you may have guessed, yes, Twitter can just reset its APIs (and then have to update its apps ? breaking older versions in the process ? which means it could be days before this is fixed unless Apple gives them preferential treatment). But then someone could just go back in and leak the keys again. Now, Twitter appears to have three choices: ? It can continue resetting its API keys and secrets, leading to a ?long cat and mouse game of twitter updating their keys and using heuristics to recognize their own client followed by twitter clients providing a way to change the client secret,? in the words of Hacker News user pilif. ? It can loosen up the restrictions on third-party apps (nah) ? It can completely shut down third-party access to its API The important thing to remember here is that if this was any other client using any other service?s APIs, this would just look like a fumble. But this isn?t any other client. It?s Twitter?s official clients on its own service. It brings up the conversation, yet again, about what Twitter must do about its API restrictions and third-party community. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 06:15:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 07:15:01 -0500 Subject: [Infowarrior] - Will Jurisdictional Fight Slow Down CISPA's Momentum? Message-ID: <8F6A1AB8-DAEB-4674-9B21-463F2750D63B@infowarrior.org> Will Jurisdictional Fight Slow Down CISPA's Momentum? from the one-hopes dept Thanks to a fair bit of propaganda making the rounds, it feels like CISPA -- the cybersecurity bill that seeks to obliterate privacy protections without explaining how that will increase our security -- is on a bit of a fast track towards approval. However a bit of a stumbling block may have popped up. Congressional Representatives Bennie Thompson and Yvette Clarke -- the ranking members on the Committee on Homeland Security and the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies -- have suddenly realized that all of this is happening without their support. That is, they finally realized that, while this is being handled by the Intelligence Committee, it directly impacts Homeland Security and Cyersecurity (obviously), and so they're suddenly asking why it's not going through their committees. This is just a basic jurisdictional dispute between various fiefdoms within Congress. They pop up every now and again, and usually get resolved in due time. However, in the short term, it could certainly represent a speed bump that hopefully slows down the pace at which Congress seems to want to rush into approving CISPA. http://www.techdirt.com/articles/20130307/02035822236/will-jurisdictional-fight-slow-down-cispas-momentum.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 06:15:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 07:15:06 -0500 Subject: [Infowarrior] - Google Glass learns how your friends dress, picks 'em out in a crowd Mobile Message-ID: <7A2A987C-0E78-4629-AF72-77C0E0D8839F@infowarrior.org> Google Glass learns how your friends dress, picks 'em out in a crowd Mobile By Daniel Cooper posted Mar 8th, 2013 at 4:46 AM http://www.engadget.com/2013/03/08/google-glass-clothes-insight/ Facial recognition? Pah. Dahling, the only way to find someone in a crowd is to pick out what they're wearing. InSight is an app being developed for Google Glass by Duke University that helps you identify your chums, even when they've got their back to you, by channeling its inner Joan Rivers. All your pals have to do is submit some self-portraits to the app, which then creates a spatiogram -- identifying the colors, textures and patterns with which they've adorned themselves. That data is then pushed to Google Glass, hopefully allowing you to avoid the usual "I'm by the store, no, the other store" routine. Then again, maybe your friends will find you first -- after all, you're the one with a computer strapped to your head. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 06:15:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 07:15:09 -0500 Subject: [Infowarrior] - Top Bankers: Too Much Central Bank Easing Is Becoming Dangerous Message-ID: <0ED082A7-86F3-4176-A6D4-4194D20D1DA5@infowarrior.org> Top Bankers: Too Much Central Bank Easing Is Becoming Dangerous http://www.ritholtz.com/blog/2013/03/too-much-central-bank-easing-is-becoming-dangerous/ Everyone knows that ?too big to fail? banks are bad for the economy. Indeed, even top bankers themselves say the big banks need to be broken up. Now, top bankers are saying that the amount of liquidity which the central banks are flooding into the economy is becoming dangerous. < -- > The IIF is not some renegade group. Its board members include the top brass from many of the world?s biggest banks, including Goldman Sachs, Citigroup, Barclays, HSBC, Deutsche Bank, Soci?t? G?n?rale, BNP Paribas, UBS, Credit Suisse, Morgan Stanley, Agricultural Bank of China, Industrial and Commercial Bank of China, Sumitomo Mitsui Financial Group, BNY Mellon, Bank of Tokyo-Mitsubishi UFJ, Commerzbank and Scotiabank, As we noted in 2008, the problem was never liquidity. The problem is that the big banks became insolvent because of stupid gambling. In other words, the government?s whole approach to the 2008 financial crisis was entirely wrong. And the easy money policy (quantitative easing) of central banks doesn?t help, but instead hurts the economy and the little guy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 06:24:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 07:24:09 -0500 Subject: [Infowarrior] - =?windows-1252?q?Copyright_Trolls_Order_WordPress?= =?windows-1252?q?_To_Hand_Over_Critics=92_IP_Addresses?= Message-ID: Copyright Trolls Order WordPress To Hand Over Critics? IP Addresses ? Andy ? March 8, 2013 http://torrentfreak.com/copyright-trolls-order-wordpress-to-hand-over-critics-ip-addresses-130308/ In what is becoming one of the strangest, most unbelievable and over-broad farces in the history of United States copyright trolling, the ante has just been upped yet again. In a direct attack on the troll defense blogs FightCopyrightTrolls and DieTrollDie, Prenda Law has just ordered WordPress to hand over all IP addresses of users who accessed either site in the last two years. Just to be clear, that?s everyone?s details. Copyright trolls, wherever they try to do business in the world, meet resistance. Their work is appreciated by few outside of their inner circle and often frowned upon by fellow law firms, copyright owners and the public, who see their work as one step away from outright extortion. While they have enemies everywhere, some of the trolls? greatest adversaries are their victims. Once you?ve threatened to turn someone?s life upside down with a claim for thousands of dollars, pounds or euros, relationships aren?t really the same ever again. And an enemy empowered by the Internet, one of the greatest game levelers today, soon gets momentum. In the United States some of the most motivated troll fighters are to be found on two sites, FightCopyrightTrolls and DieTrollDie. Their aims are simple. To keep the public and fellow victims informed and to ensure that through activism, trolls make as little money as possible. Needless to say, trolls do not like this kind of opposition. It hurts their bottom line. And now, in the middle of what is probably the most bizarre case there has ever been in troll history, one outfit is coming out fighting ? possibly for its life. Prenda Law is in the middle of a mess so massive that to adequately describe the case in enough detail one needs to write many thousands of words. Fortunately, for those who want to catch up, the sites mentioned above have been keeping up to date, complimented brilliantly by Techdirt?s Mike Masnick and Ken?s excellent summary over at Popehat. The TL;DR is that there is going to be an unprecedented showdown in a Los Angeles court on Monday that could lead to someone associated with Prenda going to prison. ?Based on the evidence presented at the March 11, 2013 hearing, the Court will consider whether sanctions [for Prenda Law] are appropriate, and if so, determine the proper punishment. This may include a monetary fine, incarceration, or other sanctions sufficient to deter future misconduct,? Judge Wright explained. But while the blood of trolls may indeed flow on Monday, in the last few days Prenda have been going on the offensive. Earlier this week FightCopyrightTrolls and DieTrollDie had a nasty surprise. Prenda decided to file three defamation lawsuits which according to FCT?s SophisticatedJaneDoe are ?designed to chill free speech by burying [Prenda's] critics in massive legal fees.? Two of the targets in the lawsuit are people involved in the proceedings due to go ahead on Monday, but also listed were a total of 10 John Does. So who are these mysterious characters? Well, none other than the operators of DieTrollDie (DTD), FightCopyrightTrolls (FCT) and commenters on their sites. The beef? Seems Prenda don?t like criticism, or ?defamation? as they prefer to frame it. On Wednesday, one of the cases ? John Steele v. Paul Godfread, Alan Cooper and Does 1-10, FLSD 13-cv-20744 ? was dismissed without prejudice by John Steele. The other two remain. Then yesterday, more surprising news. It transpires that Prenda Law have sought information about DTD?s and FCT?s readers and commenters from WordPress, and not just the odd detail either. ?Dear Custodian of Records,? the Prenda subpoena to WordPress begins. ?Enclosed, please find a subpoena issued in the above-referenced matter, which is currently pending in the Circuit Court of the Twentieth Judicial St. Clair Couty, Illinois. Our client is requesting all Internet Protocol addresses (including the date and time of that access in Universal Coordinated Time) that accessed the blogs located at diretrolldie.com and fightcopyrighttrolls.com between January 1, 2011 through the present. Please provide this information in an Excel spreadsheet.? That?s right, somehow Prenda want *everyone?s details*, whether they are involved in the lawsuit or not. DTD hope that WordPress won?t comply but are preparing their readers for the worst. ?As there is a possibility that a release could occur, the public IP address (date/time stamp) could fall into the hands of Prenda. I would expect that they would then try to cross-reference the IP address with their list of alleged BitTorrent infringement IP addresses,? DTD warn. ?If you have ever gone to this site or Fightcopyrighttrolls.com since 1 January 2011, you may want to contact WordPress and tell them you want them to refuse this overly broad request and at least wait until the issue of the case being removed to the Federal court is answered, before releasing ANY information,? DTD concludes. So, faced with organized opposition from DTD and FightCopyrightTrolls, Prenda now appear to want to shut them down and quieten the critics. History tells us it won?t work. This attack against all readers of those sites will only add fuel to the fire and serve to make the possibility of a terrible outcome for Prenda on Monday an even more delicious prospect. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 06:45:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 07:45:06 -0500 Subject: [Infowarrior] - =?windows-1252?q?_Alzheimer=92s_Seen_on_Scans_Dec?= =?windows-1252?q?ades_Before_Dementia=2C_Study_Shows?= Message-ID: Alzheimer?s Seen on Scans Decades Before Dementia, Study Shows By Jason Gale - Mar 7, 2013 http://www.bloomberg.com/news/print/2013-03-08/alzheimer-s-seen-on-scans-decades-before-dementia-study-shows.html Abnormal deposits in the brain thought to trigger Alzheimer?s disease can be detected decades before the memory-robbing illness ensues, a finding that will help guide future treatments, researchers in Australia said. Doctors at Melbourne?s Austin Hospital followed 200 seniors, including people with Alzheimer?s disease and mild cognitive impairment, for more than three years to chart any decline in cognition and brain size against the deposition of abnormal protein in their brains. They found it takes about 20 years for the deposits, known as amyloid beta, to lead to dementia. The findings, published today in the medical journal the Lancet Neurology, suggests doctors have a large window of opportunity to potentially slow, or even reverse, the accumulation of amyloid beta to stave off the onset of Alzheimer?s. The disease is the main cause of dementia, which afflicts 35.6 million people globally -- a number the World Health Organization says will double by 2030 and triple by 2050. ?It?s now quite clear that it?s a very slow, gradual process over a couple of decades,? said Christopher Rowe, Austin Hospital?s director of nuclear medicine. For Alzheimer?s to develop, the brain needs to accumulate large amounts of amyloid ?and you need it there for a long time,? Rowe, a study co-author, said in a telephone interview from Florence, Italy. All Alzheimer?s disease patients have amyloid deposits in the brain, though not all people with the deposits have the disease, Rowe said. Post-Mortem Studies ?We?ve known for a long time from post-mortem studies that apparently normal people can have amyloid in their brain, and it?s been hypothesized that this is representing a slow build up towards Alzheimer?s disease and they just hadn?t developed the dementia by the time that they died,? he said. ?It?s very likely that amyloid is the trigger, but the process of Alzheimer?s disease does require other things that happen which we don?t entirely understand.? Participants underwent a neuropsychological examination, and received magnetic resonance imaging, or MRI, and positron emission tomography, or PET, scans of their heads every 18 months for at least three years. As Alzheimer?s disease progresses, the pace of amyloid deposition slows, the researchers found. The data indicate that there is a prolonged period in which amyloid beta is forming plaques in the brain without the symptoms of Alzheimer?s disease, the authors said. Even before dementia sets in, shrinkage in the part of the brain linked to memory and attention occurs about four years earlier, and memory is impaired about three years prior. Early Signs ?We compared when you can first see changes on an MRI scan and on memory testing, and we can pick them up from about seven years before dementia,? Rowe said. Extrapolating the data suggests beta amyloid deposition can lead to dementia in as few as 10 years, with an average of 19 years, he said. There is also a period in which the early stages of amyloid deposits are occurring though not detectable. ?The entire process is now getting up toward more than 25 years,? Rowe said. ?This is much longer than people expected.? Patients with tertiary education and those with bigger brains prior to the formation of amyloid deposits can tolerate higher levels of the errant protein, he said. Rowe and colleagues are now studying potential therapies to stymie amyloid plaques before they have had a chance to damage and eventually kill brain cells. If successful, the use of PET scans -- which cost $1,500 to $3,500 apiece -- ?will explode,? Rowe said. ?Great Hope? ?You have a much greater chance of stopping a disease than trying to repair a brain that?s severely damaged,? he said. ?This is the great hope now.? Pfizer Inc. (PFE), Roche Holding AG (ROG), Eli Lilly & Co. (LLY), GlaxoSmithKline Plc (GSK), Elan Corp. and Prana Biotechnology Ltd. (PBT) are among drugmakers racing to develop treatments for Alzheimer?s. There have been 101 unsuccessful attempts since 1998, according to the Pharmaceutical Research and Manufacturers of America. Current therapies provide some temporary symptomatic improvement. ?The problem with Alzheimer?s disease is that you don?t have an effective therapy, but we can certainly make a better diagnosis with amyloid imaging -- be more precise about what?s going on with the patient and what their prognosis is -- but we can?t change the course of their disease,? Rowe said. To contact the reporter on this story: Jason Gale in Melbourne at j.gale at bloomberg.net To contact the editor responsible for this story: Bret Okeson at bokeson at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 11:22:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 12:22:19 -0500 Subject: [Infowarrior] - DARPA nixes Cyber Fast Track Message-ID: DARPA says goodbye to hacker-friendly Cyber Fast Track program 07 March 2013 http://www.infosecurity-magazine.com/view/31152/darpa-says-goodbye-to-hackerfriendly-cyber-fast-track-program/ The Department of Defense is pulling the plug on Cyber Fast Track, a program aimed at tapping reformed hackers and other security hotshots to solve cyber-defense problems quickly. Looking to circumvent the typical onerous, long-term process of funding grants, the US Defense Advanced Research Projects Agency (DARPA) used the program to improve the government?s ability to keep up with fast-moving bad actors on the cybercriminal stage. "For the time and money currently invested for one program, the government is striving to engage in dozens of programs,? DARPA explained in its mission statement for the program. ?The government needs agile cyber projects that are smaller in effort, have a potential for large payoff, and result in a rapid turnaround, creating a greater cost to the adversary to counter.? Since its launch in fall 2011, CFT has offered fast-track access to grants for a range of short-term security projects, including Charlie Miller?s NFC security research and Moxie Marlinspike's Convergence system, according to Kaspersky Lab. More recently, grants have been used for investigating forensic evidence on Mac OS X-based machines, and ?developing software in support of a command and control system for disposable computers that are dropped from a drone into an area of interest,? Nextgov reported. The program will be shutting its doors to new submissions on April 1, after an 18-month experimental run. In total, CFT received nearly 400 proposals over the course of the program, and bestowed grants to 101 of them. The project was headed up by Peiter Zatko, who under the handle Mudge was a member of the L0pht hacking collective before joining the federal government as a grey-hat hacker. "CFT is ending because it was an experiment,? he noted, speaking at the CanSecWest conference in Vancouver this week. ?DARPA isn't an open organization. We were looking for a new way to work with people.? He added, "The back end is what's designed to transition so other large organizations can use this. I hope they look for more people who look at this and say, Mudge did it and he got out mostly intact." Zatko noted that turning to the dark side for ideas was a savvy strategy for the government. "We oftentimes forget in security that your adversary has good ideas too,? he said. ?People forget that there are game theoretics involved. If you make a change, they don't just pack up their ball and go home." Indeed they don?t. In fact, hackers are likely to make use of vendors? own security bulletins and evolutions to find new vectors. Zatko said, for instance, about 28% of the vulnerabilities introduced every month are lifted from defensive technologies. "Trying to reduce predictable complexity with more predictable complexity is a bad strategy," he concluded. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 17:25:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 18:25:27 -0500 Subject: [Infowarrior] - Air Force erases drone strike data amid criticisms Message-ID: Air Force erases drone strike data amid criticisms Posted By John Hudson Friday, March 8, 2013 - 5:50 PM Quietly and without much notice, the Air Force has reversed its policy of publishing statistics on drone strikes in Afghanistan as the debate about drone warfare hits a fever pitch in Washington. In addition, it has erased previously published drone strike statistics from its website. Since October, the Air Force had been providing monthly updates on drone strikes -- or in its words "weapons releases from remotely piloted aircraft (RPA)." But today, Air Force Times reporters Brian Everstine and Aaron Mehta discovered something was amiss: The statistics published for February "contained empty space where the box of RPA statistics had previously been." In other words: The drone strike data was gone. But that's not all. The Air Force had also scrubbed drone strike data from earlier monthly reports. In the graphic below, we've provided a before and after of the Air Force reports... < -- > http://blog.foreignpolicy.com/posts/2013/03/08/air_force_erases_drone_strike_data_amid_criticism --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 17:29:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 18:29:11 -0500 Subject: [Infowarrior] - How the NSA is helping companies fight Chinese hackers without any information sharing law Message-ID: <9CABE9AB-19F1-4D0F-A853-55241D657C81@infowarrior.org> (c/o ferg) How the NSA is helping companies fight Chinese hackers without any information sharing law by Jerry Brito on March 8, 2013 ? Add a Comment Marc Ambinder has some phenomenal reporting in Foreign Policy today about how the NSA assists companies that are the victims of (usually Chinese) cyberespionage. It is a must read. One thing we learn: ?Cyber-warfare directed against American companies is reducing the gross domestic product by as much as $100 billion per year, according to a recent National Intelligence Estimate.? That is just slightly more than half a percent of GDP, which puts the scope of the threat in perspective. The most interesting thing, though, is this: < -- > http://techliberation.com/2013/03/08/how-the-nsa-is-helping-companies-fight-chinese-hackers-without-any-information-sharing-law/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 8 18:01:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Mar 2013 19:01:13 -0500 Subject: [Infowarrior] - 9th Circuit Appeals: 4th Amendment Applies At The Border Message-ID: <4835C84F-894A-42F0-87C9-1C04E0599D24@infowarrior.org> 9th Circuit Appeals Court: 4th Amendment Applies At The Border; Also: Password Protected Files Shouldn't Arouse Suspicion from the well-that's-a-surprise dept Here's a surprise ruling. For many years we've written about how troubling it is that Homeland Security agents are able to search the contents of electronic devices, such as computers and phones at the border, without any reason. The 4th Amendment only allows reasonable searches, usually with a warrant. But the general argument has long been that, when you're at the border, you're not in the country and the 4th Amendment doesn't apply. This rule has been stretched at times, including the ability to take your computer and devices into the country and search it there, while still considering it a "border search," for which the lower standards apply. Just about a month ago, we noted that Homeland Security saw no reason to change this policy. Well, now they might have to. In a somewhat surprising 9th Circuit ruling (en banc, or in front of the entire set of judges), the court ruled that the 4th Amendment does apply at the border, that agents do need to recognize there's an expectation of privacy, and cannot do a search without reason. Furthermore, they noted that merely encrypting a file with a password is not enough to trigger suspicion. This is a huge ruling in favor of privacy rights. The ruling is pretty careful to strike the right balance on the issues. It notes that a cursory review at the border is reasonable.... < big snip > http://www.techdirt.com/articles/20130308/13380622263/9th-circuit-appeals-court-4th-amendment-applies-border-also-password-protected-files-shouldnt-arouse-suspicion.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 9 11:57:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Mar 2013 12:57:40 -0500 Subject: [Infowarrior] - AT&T announces it will unlock smartphones at end of contract Message-ID: <2D966F14-B7FE-4A38-89A7-E4458FB6E411@infowarrior.org> AT&T announces it will unlock smartphones at end of contract updated 10:53 pm EST, Fri March 8, 2013 http://www.electronista.com/articles/13/03/08/current.us.ban.on.self.unlocking.likely.to.be.reversed/ Following a decision by the Copyright Office of the Library of Congress that ruled that unlocking an iPhone without carrier permission is now illegal -- and pressure from both President Obama and the FCC to reverse the ban -- AT&T has clarified its policy and will unlock customer smartphones that have completed their contract. The move requires a customer's account to be in good standing with no unpaid balance, but the company has not mentioned an extra fee for the service. AT&T has been known to unlock customer's phones before today's announcement in some cases, but the policy was inconsistently applied -- even requiring requests directly from Apple CEO Tim Cook to get the carrier to unlock a device. For many years, the company refused to unlock smartphones entirely, even after the contract was completed. The new Copyright Office ruling not only banned customers unlocking their own phones, but imposed severe financial penalties and even jail time for doing so without permission of the carrier. The draconian penalties prompted a petition to the Obama administration's petitioning website, We the People, and achieved the required 100,000 signatures in order to prompt an official response from the administration. The response strongly agreed with the petitioners that the ban circumvented competition and harmed consumers, and urged Congress to draft legislation undoing the Copyright Office's decision, which was based on the much-criticized DMCA laws that severely curtailed consumer rights with regards to any sort of digital media or equipment. Several bills are now pending before Congress to undo the ban, but all only allow unlocking of smartphones after the completion of a contract with a cell provider. AT&T has reacted to the prevailing sentiment that the current restrictions are unfair and clarified its unlocking policy, and other carriers are expected to follow suit if they did not already have a clear unlocking policy. AT&T has even set up a web page to allow iPhone users to request unlocking online. At present there is no method for a permanent unlock on the latest models of iPhone running recent versions of iOS 5 or 6 without the aid of a carrier or similar agent that can obtain the unlock code from the manufacturer. Earlier versions of iPhone hardware and software could be jailbroken and unlocked through security hacks, allowing them to use SIM cards from other carriers or international providers. AT&T further added that users who bring an unlocked compatible phone to an AT&T store (that has not been reported lost or stolen) can obtain a SIM card and optional prepaid month-to-month agreement. The company says that its current policy -- and the Library of Congress decision -- should not affect any existing customers, including those who are no longer under contract. From rforno at infowarrior.org Sat Mar 9 12:00:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Mar 2013 13:00:10 -0500 Subject: [Infowarrior] - TSA permits small knives, bats and golf clubs but holds firm on shampoo Message-ID: <94F27996-9CF2-488D-95EA-DEE72031FDED@infowarrior.org> TSA permits small knives, bats and golf clubs but holds firm on shampoo Posted by Alexandra Petri on March 8, 2013 at 10:47 am http://www.washingtonpost.com/blogs/compost/wp/2013/03/08/tsa-permits-small-knives-bats-and-golf-clubs-but-holds-firm-on-shampoo/ Initially, the announcement that the TSA was permitting airline passengers to carry small bats onto the plane made me very excited. ?Bats on a plane!? I shrieked. ?Get Samuel L. Jackson some leathery wings.? But then I discovered that they meant the other kind of bats ? under a certain weight and up to a certain length, of course. Wiffle bats are mildly exciting, but they?re no winged bloodsuckers. On Wednesday, the list of things that are considered threats grew even more oddly specific. You can carry a knife on board, so long as it isn?t a dangerous, stabby knife. CNN reports: ?Knives with blades that are 2.36 inches (6 centimeters) or shorter and less than a 1/2 inch wide will be permitted on U.S. airline flights as long as the blade is not fixed or does not lock into place. Razor blades and box cutters are still not permitted.? And no large bottles of shampoo! Nope. We can all agree that 2.36 inches of blade pose no significant threat, but if anyone makes it to her destination with enough Pantene to last more than two days ? well, that would be letting the terrorists win. Flight attendants are ticked about the move. They may well have a point ? especially during the sequester, when lines are promised to mushroom into terrifying sprawls of wretched, red-eyed, unkempt travelers, expanding people?s access to sharp objects may not be the best plan. Tiffany Hawk, the author of ?Love Me Anyway,? a forthcoming novel ?about two young flight attendants coming of age at 35,000 feet,? and a former flight attendant herself, notes that, ?We need faster and easier checkpoints, but instead of coming up with a novel approach, the TSA wants to go backward. Allowing such weapons just doesn?t make sense. Unless, of course, you believe the only thing that will stop a bad guy with a billiards cue is a good guy with a Wiffle ball bat.? I cannot argue with the idea that what we need is faster and easier checkpoints. But that?s exactly what we ain?t going to get. We are still permitted to bring onboard with us many more threatening things. Crying babies, for instance. And airplane food! And hack comics making jokes about babies and airplane food! I would much rather sit next to someone with more than two pool cues. But honestly, contemplate this ban a moment. ?Damn and blast!? some terrorist is saying right now. ?How did they know that we were using 2.37-inch blades? We have to abort.? ?I needed at least three golf clubs,? his colleague adds. ?Two just won?t cut it.? ?My bat exceeds the weight guidelines,? one of his colleagues murmurs. ?How do they know? They?re always so many steps ahead of us!? ?We could try something with comically oversized, inflatable bats,? someone says, hopelessly. ?Or Wiffle bats!? ?Don?t be ridiculous,? everyone hushes him. ?Hey, they considered those threats for years,? he points out. ?Maybe they saw something we didn?t.? ?Or the hip plates of the elderly?? someone else pipes up. ?Those seemed risky to them, too. Or, heck, 4-year-olds. In general. They even frisked one. Clearly, we need to dig deeper.? The minor ridiculousness of this change pales in comparison to the absurdity of the system as a whole. This is the sort of oddly specific parsing that ensues when you take the least nuanced approach possible. Talk to people? No. Just have them take off their shoes. Currently, our airport security system does a wonderful job protecting us against whatever has just happened. And forcing us to buy travel-size shampoos. Actually, as a scheme to encourage the travel-size shampoo industry, it is an unmitigated success. If nothing else, it?s been a great way to experience exactly what 3 ounces of liquid is! Just loosening the bans on items that everyone agrees are absurdly innocuous doesn?t necessarily mean we?re moving toward a more sensible policy, though. That seems unlikely. The emphasis is still on the things you carry, not how you carry them. CNN reported: ?TSA spokesman David Castelveter said the changes announced Tuesday will not slow down the screening process by requiring screeners to measure knife blades and weigh plastic bats. Screeners will use ?common sense? when applying the rule, he said.? Given that the last time screeners were asked to use common sense when applying a rule, they were frisking old men with plates in their hips and 4-year-olds, I cannot say that I am overly optimistic. But you never know. Perhaps I am unduly pessimistic, and this is the beginning of an evolution towards a wiser, more nuanced approach! At this rate, we?ll actually have sensible limits on carry-ons by, oh, 2035 or so. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 10 10:04:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Mar 2013 11:04:08 -0400 Subject: [Infowarrior] - Former Newark Airport TSA screener says the job does little to keep fliers safe Message-ID: Former Newark Airport TSA screener says the job does little to keep fliers safe ? Last Updated: 10:11 AM, March 10, 2013 ? Posted: 1:14 AM, March 10, 2013 It is perhaps America?s most unsafe airport. Despite being the launching point for one of the planes hijacked on 9/11 ? Flight 93, which crashed in Pennsylvania ? Newark Airport has had numerous security violations since. The latest: a fake bomb that made it past Transportation Security Administration officers. Here, a Newark TSA screener who recently left the agency tells how silly policies and lazy workers do little to stop real threats: < - > http://www.nypost.com/p/news/local/confessions_of_tsa_agent_we_re_bunch_OhxHeGd0RR9UVGzfypjnLO --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 10 18:00:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Mar 2013 19:00:49 -0400 Subject: [Infowarrior] - Aussie Central Bank Discloses Chinese Cyber-Attack Message-ID: Cyber-attackers penetrate Reserve Bank networks PUBLISHED: 9 hours 39 MINUTES AGO | UPDATE: 1 hour 30 MINUTES AGO http://www.afr.com/p/national/cyber_attackers_penetrate_reserve_FEdCLOI50owRMgI0urEYnK The Reserve Bank of Australia?s computer networks have been repeatedly and successfully hacked in a series of cyber-attacks to infiltrate sensitive internal information, including by ?Chinese-developed malicious software. The RBA is sufficiently concerned about these risks that it has had a private security firm carry out ?penetration testing?, or authorised hacking, of its computer networks to assess the integrity of its digital defences. After investigations by The Australian Financial Review, RBA officials disclosed that the central bank had been infiltrated by a Chinese-developed malicious software, or ?malware?spy program that was seeking intelligence on sensitive G20 negotiations. Multiple computers within the RBA?s network were compromised. The RBA would not comment on what information was stolen, which executives within the bank were targeted, or over what period the assailants had access to its systems. Asked about the RBA penetration, a Defence department spokesperson said: ?The government does not discuss specific cyber incidents, activities or capabilities. [Doing so] could jeopardise ongoing investigations, monitoring of cyber incidents and the ability to protect information and networks.? The Defence spokesperson did, however, warn that ?the targeting of high profile events, such as the G20, by state-sponsored adversaries .?.?. is a real and persistent threat.? ?Cyber intruders are looking for information on .?.?. the government?s intentions.? In March 2011, Paris Match revealed, and the French government confirmed, that over 150 computers in its Ministry of Economy and Finances had been hacked for months before the French-hosted G20 summit in February 2011. Tense negotiations with china Many confidential government files were then ?redirected to Chinese sites?. More than 10,000 state? computers needed to be shut down. The 2011 G20 summit involved tense negotiations with China over the level of its exchange rate, currency reserves and trade surpluses, which North Atlantic officials argue are being manipulated to China?s advantage. Patrick Pailloux, director-general of the French National Agency for IT Security, said at the time that it was ?the first attack of this size and scale against the French state? waged by ?a number of professional, determined and persistent hackers?. Australia?s cyber-spy agency, the Defence Signals Directorate, said ?there are many examples of [Australian] entities being targeted due to involvement in high profile events? like the G20. DSD has disclosed that in October 2011 ?an Australian government agency was compromised when a socially engineered email was sent to an agency employee who worked on G20 matters?. ?This email pertained to be about G20 matters and appeared to come from the employee?s general manager.? It is not known whether this attack is related to the RBA incident. DSD runs Australia?s cyber-espionage units, which includes the multi-agency Cyber Security Operations Centre, and considers itself a digital ?poacher? of foreign intelligence and ?game-keeper? of domestic assets. In a second serious incident, the RBA revealed in an unreported Freedom of Information disclosure in December last year that it was subject to a sophisticated cyber-attack in November 2011 that allowed external parties to defeat two different anti-virus programs and install a ?trojan? on six RBA computers. executable malware application RBA officials told the Financial Review that DSD was brought in to fix this problem. In the incident report, in the FoI documents, the RBA said that over two days in November 2011 ?highly targeted malicious emails were sent to several Bank staff, including senior management up to head of department?. The emails used ?a possibly legitimate external [email] account .?.?. legitimate email signature and plausible subject title and content .?.?. regarding ?Strategic Planning FY2012?.? ?The malicious payload was found to be a compressed zip file containing an executable malware application [or] trojan which at the time was not detectable by the Bank?s anti virus scanners.? ?The email managed to bypass the existing security controls .?.?. by being well written, targeted to specific Bank staff and utilised an embedded hyperlink to the virus payload which differs from the usual attack where the virus is attached directly to the email. ?It was found that six users had clicked on the malicious link.? Officials from the RBA?s Risk Management Unit said: ?Bank assets could have been potentially compromised, leading to .?.?. information loss and reputation [damage].? Richard Byfield, a former senior Australian defence official with cyber responsibilities and current government adviser, told the Financial Review central banks and listed companies were cyber targets ?because they hold so much confidential information that has the potential to move markets?. At the time of the November 2011 incident, financial markets were undecided about whether the RBA would cut rates for a second month in succession. The RBA?s board surprised some participants with its decision to lower the cash rate on December 6. exponential growth in cyber-spying in financial markets Mr Byfield, who now runs the cyber-security company Datacom TSS, which does penetration-testing for government, said there had been exponential growth in cyber-spying in financial markets. ?We?re aware of sophisticated cyber incidents where the primary objective appears to be profiting from securing price-sensitive information? he said. ?These include incidents where listed company CEOs are subject to intensive surveillance to gather intelligence on major deals, business strategy, financials, contracts and future plans. ?Resources companies and investment groups are being electronically targeted for the purposes of acquiring sensitive exploration results and time-sensitive trading data, respectively.? Australia?s banking system, which national security officials told the Financial Review has some of the best cyber-protections around, is also being assaulted. ?We?ve heard of cases where financial institutions have been targeted by what appears to be foreign entities seeking to access highly sensitive information on the financing terms they will be providing in M&A deals.? Mr Blyfield said. In early January the Financial Review revealed that intelligence agencies were deeply concerned about escalating state and non-state cyber offensives, and had been trying to privately warn unware business bosses of these risks. cjoye at fairfaxmedia.com.au --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 10 18:01:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Mar 2013 19:01:09 -0400 Subject: [Infowarrior] - OT: Three Democratic myths used to demean the Paul filibuster Message-ID: <89275D79-FF80-4695-99E3-E7A9E55D7267@infowarrior.org> Three Democratic myths used to demean the Paul filibuster The progressive 'empathy gap', a strain of liberal authoritarianism, and a distortion of Holder's letter are invoked to defend Obama http://www.guardian.co.uk/commentisfree/2013/mar/10/paul-filibuster-drones-progressives --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 11 06:40:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Mar 2013 07:40:55 -0400 Subject: [Infowarrior] - MD exploring 'zero tolerance sanity' bill for schools Message-ID: <6C0C4EFD-2A22-481B-AF12-A26B43FA864D@infowarrior.org> Under Proposed Bill, Students Who Form Finger In Shape Of Gun Would Not Be Suspended March 8, 2013 6:35 PM http://baltimore.cbslocal.com/2013/03/08/so-called-pastry-bill-would-protect-young-children-who-form-finger-food-in-shape-of-gun/ BALTIMORE (WJZ) ? Zero tolerance for zero tolerance. That?s how one lawmaker feels about young children being suspended from school for forming their finger or food in the shape of a gun. As Gigi Barnett explains, he has a bill designed to keep students in class if they?re caught. State Senator J.B. Jennings says he does not intend for this bill to be a part of the growing gun debate in Maryland, but he does say he wants it to bring some common sense discipline to state schools. Anne Arundel County school leaders suspended 7-year-old Joshua Welch last week for eating a pastry in the shape of a gun. ?When you compare the caliber of the offense to the caliber of the punishment, they don?t match up,? the boy?s father said. Back in January, 6-year-old Rodney Lynch received the same punishment for forming his fingers in the shape of a gun. Montgomery County school leaders sent Rodney home for two days. ?These kids are 6 or 7-years-old. They don?t understand what they?re doing,? said Sen. J.B. Jennings. State Senator J.B. Jennings says zero tolerance rules on school campuses are going too far, so he wrote a bill. It bans school leaders from suspending students who make the shape of a gun with their fingers or food, or students who draw a gun on a piece of paper. ?If it?s done in a violent manner, then yes, we can take it to the next level. We can look at suspension,? said Jennings. Jennings says his office has received several calls from parents who fear that a suspension in elementary school will mar their children?s academic career. ?So the parents are the one?s who?ve had concerns saying ?okay, now my kid has to carry this.? So when they get into middle school and they start placing them in classes, they?re going to look and say ?well wait a minute, this kid has been suspended when he was in second grade.? And he?s always going to be looked at as ?what did he do??? Jennings said. If the bill passes and a student is caught forming their food or fingers in the shape of a gun, they would be sent to a counselor?s office first?not suspension. Jennings says the bill is heading to the Education Committee. If it passes, it goes to the full Senate for a vote --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 11 11:17:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Mar 2013 12:17:51 -0400 Subject: [Infowarrior] - 1.6 Billion Rounds Of Ammo For Homeland Security? It's Time For A National Conversation Message-ID: <29708E58-062F-4F70-8EF0-137C4164089C@infowarrior.org> http://www.forbes.com/sites/ralphbenko/2013/03/11/1-6-billion-rounds-of-ammo-for-homeland-security-its-time-for-a-national-conversation/ 3/11/2013 @ 8:00AM |60,808 views 1.6 Billion Rounds Of Ammo For Homeland Security? It's Time For A National Conversation The Denver Post, on February 15th, ran an Associated Press article entitled Homeland Security aims to buy 1.6b rounds of ammo, so far to little notice. It confirmed that the Department of Homeland Security has issued an open purchase order for 1.6 billion rounds of ammunition. As reported elsewhere, much of this purchase order is for rounds forbidden by international law for use in war, along with a frightening amount specialized for snipers. Also reported elsewhere, at the height of the Iraq War the Army was expending less than 6 million rounds a month. 1.6 billion rounds, therefore, would be enough to sustain a hot war for 20+ years. In America. Add to this perplexingly outr? purchase of ammo, DHS now is showing off its acquisition of heavily armored personnel carriers, repatriated from the Iraqi and Afghani theaters of operation. As observed by ?paramilblogger? Ken Jorgustin last September: ?[T]he Department of Homeland Security is apparently taking delivery (apparently through the Marine Corps Systems Command, Quantico VA, via the manufacturer ? Navistar Defense LLC) of an undetermined number of the recently retrofitted 2,717 ?Mine Resistant Protected? MaxxPro MRAP vehicles for service on the streets of the United States.? ? ?These MRAP?s ARE BEING SEEN ON U.S. STREETS all across America by verified observers with photos, videos, and descriptions. ?Regardless of the exact number of MRAP?s being delivered to DHS (and evidently some to POLICE via DHS, as has been observed), why would they need such over-the-top vehicles on U.S. streets to withstand IEDs, mine blasts, and 50 caliber hits to bullet-proof glass? In a war zone? yes, definitely. Let?s protect our men and women. On the streets of America? ? ? ?They all have gun ports? Gun Ports? In the theater of war, yes. On the streets of America?? ?Seriously, why would DHS need such a vehicle on our streets?? Why indeed? It is utterly inconceivable that Department of Homeland Security Secretary Janet Napolitano is planning a coup d?etat against President Obama, and the Congress, to install herself as Supreme Ruler of the United States of America. There, however, are real signs that the Department bureaucrats are running amok. About 20 years ago this columnist worked, for two years, in the U.S. Department of Energy?s general counsel?s office in its procurement and finance division. And is wise to the ways. The answer to ?why would DHS need such a vehicle?? almost certainly is this: it?s a cool toy and these (reportedly) million dollar toys are being recycled, without much of a impact on the DHS budget. So? why not? Why, indeed, should the federal government not be deploying armored personnel carriers and stockpiling enough ammo for a 20-year war in the homeland? Because it?s wrong in every way. President Obama has an opportunity, now, to live up to some of his rhetoric by helping the federal government set a noble example in a matter very close to his heart (and that of his Progressive base), one not inimical to the Bill of Rights: gun control. The federal government can (for a nice change) begin practicing what it preaches by controlling itself. And ? remember the ? Sequester? The president is claiming its budget cuts will inconvenience travelers by squeezing essential services provided by the (opulently armed and stylishly uniformed) DHS. Quality ammunition is not cheap. (Of course, news reports that DHS is about to spend $50 million on new uniforms suggests a certain cavalier attitude toward government frugality.) Spending money this way is beyond absurd well into perverse. According to the AP story a DHS spokesperson justifies this acquisition to ?help the government get a low price for a big purchase.? Peggy Dixon, spokeswoman for the Federal Law Enforcement Training Center: ?The training center and others like it run by the Homeland Security Department use as many as 15 million rounds every year, mostly on shooting ranges and in training exercises.? At 15 million rounds (which, in itself, is pretty extraordinary and sounds more like fun target-shooting-at-taxpayer-expense than a sensible training exercise) ? that?s a stockpile that would last DHS over a century. To claim that it?s to ?get a low price? for a ridiculously wasteful amount is an argument that could only fool a career civil servant. Meanwhile, Senator Diane Feinstein, with the support of President Obama, is attempting to ban 100 capacity magazine clips. Doing a little apples-to-oranges comparison, here, 1.6 billion rounds is ? 16 million times more objectionable. Mr. Obama has a long history of disdain toward gun ownership. According to Prof. John Lott, in Debacle, a book he co-authored with iconic conservative strategist Grover Norquist, ?When I was first introduced to Obama (when both worked at the University of Chicago Law School, where Lott was famous for his analysis of firearms possession), he said, ?Oh, you?re the gun guy.? ?I responded: ?Yes, I guess so.? ??I don?t believe that people should own guns,? Obama replied. ?I then replied that it might be fun to have lunch and talk about that statement some time. ?He simply grimaced and turned away. ? ?Unlike other liberal academics who usually enjoyed discussing opposing ideas, Obama showed disdain.? Mr. Obama? Where?s the disdain now? Cancelling, or at minimum, drastically scaling back ? by 90% or even 99%, the DHS order for ammo, and its receipt and deployment of armored personnel carriers, would be a ?fourfer.? ? The federal government would set an example of restraint in the matter of weaponry. ? It would reduce the deficit without squeezing essential services. ? It would do both in a way that was palatable to liberals and conservatives, slightly depolarizing America. ? It would somewhat defuse, by the government making itself less armed-to-the-teeth, the anxiety of those who mistrust the benevolence of the federales. If Obama doesn?t show any leadership on this matter it?s an opportunity for. Rep. Darrell Issa, chairman of the House Oversight and Government Reform Committee, and Rep. Michael McCaul, chairman of the House Committee on Homeland Security, to summon Secretary Napolitano over for a little ? national conversation. Madame Secretary? Buying 1.6 billion rounds of ammo and deploying armored personnel carriers runs contrary, in every way, to what ?homeland security? really means. Discuss. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 11 12:25:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Mar 2013 13:25:52 -0400 Subject: [Infowarrior] - =?windows-1252?q?=93Six_Strikes=94_Boosts_Demand_?= =?windows-1252?q?For_BitTorrent_VPNs_and_Proxies?= Message-ID: <452E9DF0-A78D-49C0-8F25-18C668CB77EF@infowarrior.org> ?Six Strikes? Boosts Demand For BitTorrent VPNs and Proxies ? Ernesto ? March 11, 2013 http://torrentfreak.com/six-strikes-boosts-demand-for-bittorrent-vpns-and-proxies-130311 The launch of the six strikes anti-piracy scheme in the United States has boosted demand for VPN services and BitTorrent proxies. Data from Google reveals a big surge in searches for terms such as ?BitTorrent VPN? and ?BitTorrent proxy? over the past two weeks. Some VPN providers see the scheme as a clear invasion of privacy and are encouraging people to protect themselves. Last year a study in Sweden showed that many people respond to tough copyright enforcement measures by signing up for VPNs and other privacy services. Instead of stopping their defiant habit, these file-sharers take measures to hide their IP-addresses and bypass the monitoring. The researchers predicted that this would also happen with the launch of the six-strikes system in the United States. ?Some people may stop or share less when they receive warnings, but there will also be a group that will respond to the warnings by becoming more anonymous. A third group will try to find other means to share files than BitTorrent, since these are not monitored,? researcher Stefan Larsson told TorrentFreak at the time. Looking at Google?s search trends we see that this prediction has become reality. The volume of searches for ?BitTorrent VPN? and ?BitTorrent proxy? spiked when the copyright alert system launched. BitTorrent VPN / Proxy searches over the past 90 days TorrentFreak talked to several VPN providers who confirm that interest in their services has increased. Some even reference the strikes scheme in their ?marketing?, such as BeeVPN who highlighted in a blog post that people may want to protect themselves from being wrongfully accused. ?To prevent yourself from being caught in this endless loop of strikes and invasion of privacy use BeeVPN whenever you?re online and defend yourself against others seeing your real IP,? the company writes. PrivateInternetAccess is not supportive of the six-strikes initiative either. ?The Copyright Alert System has similarities to some of the most draconian systems of control that were implemented by heavy-handed rulers during some of the darkest ages in the history of mankind. Big Brother would be proud,? PIA?s Andrew Lee told TorrentFreak. Among other things Lee points out that the possibility of people being wrongfully accused is high, and that the system lacks any rights to due process. ?As a result of CAS, we have seen an increased amount of discussion regarding VPNs around the social realm,? he says. Criticism aside, the increased demand in anonymizer services does not mean that the six-strikes scheme has failed. The Center for Copyright Information (CCI) and their partners don?t see these workarounds as a major problem. Right from the start they?ve made it clear that the program aims to educate the public, in particular the more casual file-sharer. How many file-sharers stop pirating, and how many choose to hide instead is anyone?s guess at this point. However, recent trends suggest that encryption is becoming more mainstream, whether it?s for privacy protection, anti-piracy circumvention or freedom of speech. That is, until anonymous VPNs are outlawed, as they appear to have been in Iran last week. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 11 13:54:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Mar 2013 14:54:29 -0400 Subject: [Infowarrior] - Privacy Rights and Data Collection Collide in Airport Screening Program Message-ID: <4A75D513-37D0-41BC-A5DD-15FAEEFD3CBE@infowarrior.org> March 11, 2013 Privacy Rights and Data Collection Collide in Airport Screening Program By SUSAN STELLIN http://www.nytimes.com/2013/03/12/business/passenger-screening-system-based-on-personal-data-raises-privacy-issues.html?hp&pagewanted=print Aviation security leaders are moving forward with plans to shift toward a risk-based system of passenger screening ? an idea supported by the travel industry and government officials who want screeners to focus on travelers who may present a security threat. But as details emerge on how governments and airlines plan to distinguish between ?trusted travelers? eligible for lighter screening and those who will receive more scrutiny, civil liberties groups and some European regulators are questioning the use of vast quantities of personal data to decide which travelers to examine more closely ? or to prevent from flying at all. Collecting and sharing information on passengers is at the heart of the new effort, discussed at an aviation security conference in Brooklyn last week attended by Janet Napolitano, the secretary of homeland security, and security officials from around the globe. The information governments use to vet passengers includes data individuals have volunteered by applying for trusted traveler programs, as well as information gathered through terrorist watch lists, criminal background checks and border checkpoint encounters. The risk-based approach also extends to the list of items prohibited from the cabin, which the Transportation Security Administration recently revised to allow small pocketknives. As the focus turns more to identifying suspect travelers, not just suspect items, the government is also looking at data that airlines and travel agents have collected on their customers, ranging from birth dates and passport numbers to potentially confidential details apparent in travel itineraries (like a flight to Pakistan) and group discount codes (for a trip to a conference, for instance). For passengers on international flights, much of the data in these ?passenger name records? is already shared with the Department of Homeland Security, although the agency has agreed to filter out certain records, like a traveler?s kosher or halal meal preference ? a potential indicator of religion ? barring ?exceptional circumstances.? But the prospect of using passenger data not just for border control, but also to make airport screening decisions, exposed a fissure between more privacy-oriented European officials and their American counterparts. Peter Schaar, the federal commissioner for data protection and freedom of information in Germany, said during a panel at the conference that any system that uses passenger data to assess the security risk posed by an individual should have to meet three criteria: it must be proved to be effective at rooting out terrorists; it must be proportional to that goal, without violating privacy rights; and it must avoid negative side effects, like discrimination. ?I question whether these proposals meet at least one of those,? he said. That perspective was in the minority at the event, organized by the International Air Transport Association and largely attended by screening equipment manufacturers, airline and airport security directors and government officials eager to move ahead ? despite budget constraints ? with what they called the passenger differentiation concept. Ms. Napolitano described the agency?s shift as a ?risk-based approach that attempts to segregate out passengers for whom we have a lot of information and can evaluate their risk as low-risk versus those that we know little about or that are higher risk.? The T.S.A. also plans to focus more on devices that could do catastrophic damage to an aircraft. John S. Pistole, the agency?s administrator, announced that small pocketknives and some sports equipment would be allowed in carry-on bags beginning April 25 ? an effort to more closely align American rules with European standards. The American government would also like to expand its use of behavior detection officers who question passengers in security lines, a technique used in Israel, but the Government Accountability Office has faulted the way the program was carried out in the United States, saying it did not meet scientific standards of validation. While airlines and equipment manufacturers are seeking similar security procedures worldwide, sharing travelers? data across borders ? which already happens to some degree ? presents more complex challenges. Governments are debating when and how to recognize another country?s trusted travelers, and how to respond if nations like China start asking for the same level of passenger data that the United States demands. The debate is likely to become more heated as civil rights groups and passengers ? two groups unrepresented at the conference ? get a clearer sense of where trusted traveler programs are headed. ?The notion that the government is in any position to judge who is trusted and who is risky is very problematic,? said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. ?Terrorist attacks on airlines are basically freak events ? fortunately, they?re exceedingly rare ? so any attempt to predict who is likely to engage in that type of thing is inevitably going to sweep up a vast number of innocent people.? That has been the case with the government?s Global Entry program, a trusted-traveler initiative that allows members who have undergone background checks to use a kiosk to clear customs instead of waiting to speak with an agent. Members also gain access to PreCheck lanes for expedited security screening at some airports. The T.S.A. has been encouraging passengers to apply for Global Entry as a way to expand PreCheck eligibility, but some travelers are discovering that applying for the program can result in an ?untrusted? label. For instance, a woman, who for privacy reasons did not want her name used, said she had been detained for questioning by the police as a teenager but was never charged with a crime. Because of this incident, she said, she was rejected by Global Entry. Since there was no court case, she cannot get the record of disposition required by the Global Entry enrollment center, which did not accept the official letter from the court she submitted. Although she said she had sent an appeal to the trusted-traveler ombudsman last fall, she is still waiting for a response. ?What is this category that I?m in now that I can?t fix?? she asked. Other travelers have reported similar frustrations with the program?s lack of transparency. Some people say they have no idea why they were rejected, while others have been denied based on minor incidents with law enforcement years ago. Given that one in four American adults has some type of criminal record, according to the National Employment Law Project, that could exclude millions of people from the trusted traveler pool and complicate the government?s goal to include half of all airline passengers in the trusted category. Travelers who have been placed on the T.S.A.?s PreCheck Disqualification List may also be excluded. In a notice published in the Federal Register in November, the agency described this roster as ?a watch list of individuals who are disqualified from eligibility from T.S.A. PreCheck, for some period of time or permanently, because they have been involved in violations of security regulations of sufficient severity or frequency.? The notice indicated that this list would be generated by the T.S.A.?s Performance and Results Information System, which ?maintains records related to the investigation or prosecution of violations of federal, state, local or international criminal law.? Those violations range from getting caught with a loaded firearm at a checkpoint to disobeying aviation security regulations at the airport or on board aircraft. David Castelveter, a T.S.A. spokesman, could not confirm whether the list included altercations between passengers and flight crew that end up involving federal air marshals or other agency representatives. ?We don?t talk about how you do or do not get on certain lists, for security reasons,? he said. One man, Sal Bevivino, said he had been involved in that type of incident last April, when he asked a Virgin America flight attendant for a soda and was told he had to request one using the aircraft?s seat-back system ? an interaction that somehow escalated into a report to the captain. After the plane landed at the San Francisco airport, Mr. Bevivino was detained for questioning by several police officers, who also called the Federal Bureau of Investigation, and a T.S.A. employee. Although the police report on the incident noted that the flight?s captain said that ?at no time did he or his flight crew feel threatened regarding this passenger,? the report is now part of Mr. Bevivino?s record. ?My biggest concern is that somebody on an aircraft has the power to outright lie about an incident and get me in all kinds of trouble,? he said. ?Civil rights have gone out the window.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 11 14:01:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Mar 2013 15:01:06 -0400 Subject: [Infowarrior] - U.S. Demands That China End Hacking and Set Cyber Rules Message-ID: <8D575097-A777-469F-BD9F-78DE3F8D146F@infowarrior.org> March 11, 2013 http://www.nytimes.com/2013/03/12/world/asia/us-demands-that-china-end-hacking-and-set-cyber-rules.html?hp&pagewanted=print U.S. Demands That China End Hacking and Set Cyber Rules By MARK LANDLER WASHINGTON ? The Obama administration demanded Monday that China take steps to stop the widespread hacking of American government and corporate computer networks and that it engage in a dialogue to set standards for security in cyberspace. The demands, laid out in a speech by President Obama?s national security adviser, Thomas E. Donilon, represent the first direct response by the White House to a raft of attacks on American computer networks, many of which appear to have originated with the People?s Liberation Army. ?U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,? Mr. Donilon said in remarks prepared for delivery to the Asia Society in New York. He also announced that the Treasury Department would impose sanctions on a North Korean bank that specializes in foreign-exchange transactions ? ratcheting up the pressure on the North Korean government on the day that Pyongyang announced it would no longer abide by the 1953 armistice that halted the Korean War. The White House, he said, was seeking three things from Beijing: public recognition of the urgency of the problem; a commitment to crack down on hackers operating in China; and an agreement to take part in a dialogue to establish ?acceptable norms of behavior in cyberspace.? Until now, the White House has steered clear of mentioning China by name when discussing cybercrime, prompted in part by qualms about escalating a dispute with Beijing while it is in the midst of a leadership transition. In his State of the Union address, Mr. Obama said, ?we know foreign countries and companies swipe our corporate secrets.? But as evidence has emerged linking the People?s Liberation Army to an extensive hacking network, the China connection has become harder for the administration to avoid. Mr. Donilon said the threats to cybersecurity had moved to the forefront of its concerns with China, noting that he was not ?talking about ordinary cybercrime or hacking.? But although Mr. Donilon emphasized the importance of developing a code of conduct on cybersecurity, he made no mention of Washington?s attacks on the computer networks in Iran, which have impeded Tehran?s development of nuclear centrifuge machines. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 11 19:05:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Mar 2013 20:05:24 -0400 Subject: [Infowarrior] - OT: 'Clone Wars' cancelled Message-ID: ...just as it was getting interesting again! At least the final story arc was well-done and well-acted. ----rick Disney Cancels Clone Wars on Cartoon Network, Postpones Star Wars: Detours ? By Graeme McMillan ? 03.11.13 ? 6:34 PM http://www.wired.com/underwire/2013/03/disney-clone-wars-cancelled/ After months of fan excitement and upbeat rumors following Disney?s acquisition of Lucasfilm, it appears that the other shoe has started to drop. In an announcement on the official Star Wars site Monday optimistically entitled ?A New Direction for Lucasfilm Animation,? the company announced the cancellation of its successful Star Wars: The Clone Wars series on Cartoon Network and indefinite postponement of Star Wars: Detours, a second animated series created by the team behind Adult Swim?s Robot Chicken. ?After five highly successful and critically acclaimed seasons of Star Wars: The Clone Wars, we feel the time has come to wind down the series,? the announcement reveals, adding the somewhat confusing news that, ?while the studio is no longer producing new episodes for Cartoon Network, we?re continuing production on new Clone Wars story arcs that promise to be some of the most thrilling adventures ever seen? and advising fans to ?stay tuned for more information on where fans can soon find this bonus content.? As early as last November, the series was rumored to be ending with its sixth season, and Cartoon Network ? owned by Disney competitor, Time Warner ? only licensed the show through its fifth year. Although nothing has been announced, the sixth and final season of the show could still air on Disney XD, following a similar path to that of Marvel Animation, which jumped from CN to DXD following its Disney purchase. In a video accompanying the announcement, Clone Wars supervising director Dave Filoni promises ?the best is yet to come,? with remaining episodes including ?really crucial [stories] to the overall story arc of the Star Wars universe that we need to finish off and tell you.? Including, presumably, the final fate of Ahsoka Tano, a character central to Clone Wars mythology who has gone unmentioned in other incarnations of the franchise. Although Clone Wars will get to wind up its run elsewhere, a less fortunate fate awaits Detours, the comedy series co-created by the Robot Chicken team of Seth Green, Matthew Senreich and Todd Grimes. Originally announced last year, Lucasfilm today said that the series was postponed until a later date. The show was, Lucasfilm explained, ?conceived and produced before we decided to move forward with the new Star Wars trilogy, and in the wake of that decision, Lucasfilm has reconsidered whether launching an animated comedy prior to the launch of Episode VII makes sense.? That timeline doesn?t exactly hold with other statements from Lucasfilm officials in the past, both on the record and off. George Lucas himself recently let slip that plans for the new movie were in motion before the Disney deal, which began in June of last year, two months before the convention at which Detours was actually announced. More likely, the new powers that be at Lucasfilm simply reconsidered whether or not a show that made fun of the franchise through in-jokes and Easter eggs and appealed more to the existing fanbase was the best product to launch at a time when everyone is waiting so eagerly for the new movies. And, really, who can blame them? The news of the cancellations has caused upset online, with some Star Wars fans wondering whether there will be similar changes at LucasArts, the games division of Lucasfilm, which is currently working on an upcoming action-adventure game called Star Wars 1313 ? a game the company has declined to discuss for months now. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 12 07:35:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Mar 2013 08:35:17 -0400 Subject: [Infowarrior] - OpEd: Above the law Message-ID: Above the law By Katrina vanden Heuvel http://www.washingtonpost.com/opinions/katrina-vanden-heuvel-above-the-law/2013/03/11/e47f17a2-8a5a-11e2-8d72-dc76641cb8d4_story.html ?The government of the United States,? wrote Chief Justice John Marshall in his famous decision in Marbury v. Madison, ?has been emphatically termed a government of laws, and not of men.? This principle ? grounded in the Constitution, enforced by an independent judiciary ? is central to the American creed. Citizens have rights, and fundamental to these is due process of the law. This ideal, of course, has often been trampled in practice, particularly in times of war or national panic. But the standard remains, central to the legitimacy of therepublic. Yet last week Attorney General Eric Holder, speaking for the administration with an alarmingly casual nonchalance, traduced the whole notion of a nation of laws. First, the attorney general responded to Sen. Rand Paul?s inquiry as to whether the president claimed the ?power to authorize a lethal force, such as a drone strike, against a U.S. citizen on U.S. soil and without trial.? After noting that the United States has never done so and has no intention of doing so, Holder wrote that, speaking hypothetically, it is ?possible to imagine? an extraordinary circumstance in which that power might become ?necessary and appropriate.? This triggered Paul?s now-famous 13-hour filibuster against the nomination of John Brennan to head the CIA, as Paul (R-Ky.) promised to ?speak until I can no longer speak? to sound the alarm that ?no American should be killed by a drone on American soil without first being charged with a crime? and being found guilty in a court of law. In response to the growing furor, Holder sent Paul another letter, stating clearly that the president has no authority to use a ?weaponized drone? against an American in the United States who is ?not engaged in combat.? But that, of course, only begs the question. The country is waging a war on terrorism that admits no boundary and no end. Now Holder is saying that the president has the authority to kill Americans in the United States if they are ?engaged in combat.? No hearing, no review, no due process of law. For those who remember how the FBI deemed Martin Luther King Jr. a communist, and how the national security apparatus termed Nelson Mandela a terrorist, alarm is surely justified. Then, the attorney general, while testifying before the Judiciary Committee, was challenged by Sen. Charles Grassley (R-Iowa) about the glaring absence of any indictments against leading bankers or big banks coming out of the financial collapse. Holder responded that, essentially, these banks were too big to jail. ?The size of some of these institutions becomes so large that it does become difficult for us to prosecute them when we are hit with indications that if you do prosecute, if you do bring a criminal charge, it will have a negative impact on the national economy,? he said. This astounding admission of what clearly has been administration policy helped spur newly elected Sen. Elizabeth Warren (D-Mass.) to grill regulators at a separate banking committee hearing. Asking why there was no indictment of the big British bank HSBC, which settled after after an investigation found that it laundered billions of dollars from Iran, Libya and drug cartels despite repeated cease-and-desist warnings, Warren expressed the public?s exasperation. ?If you?re caught with an ounce of cocaine, the chances are good you?re going to go to jail. If it happens repeatedly, you may go to jail for the rest of your life,? Warren said. ?But, evidently, if you launder nearly a billion dollars for drug cartels and violate our international sanctions, your company pays a fine and you go home and sleep in your bed at night ? every single individual associated with this. And I think that?s fundamentally wrong.? Taken together, the attorney general?s astounding claims undermine the whole notion of a nation of laws. The national security state, operating under the president?s power as commander in chief, now claims the right to make war or peace, and to kill an American citizen even in America without a hearing. The 12 largest U.S. banks ? ?systemically significant financial institutions,? in the words of the Dodd-Frank reform legislation? control 69 percent of all financial assets, according to the conservative president of the Federal Reserve Bank of Dallas, Richard Fisher. As we have seen, they have the capacity to blow up the economy from their own excesses. Yet they now can apparently trample the laws with impunity, confident that they risk, at worst, an infrequent fine that is the equivalent in relation to their earnings of a New Yorker paying a parking ticket. The laws, Cicero wrote in the days of the Roman Republic, ?are silent in time of war.? But what if the war has no end, no defined enemy, no defined territory? How can markets work if the financial behemoths are too big to fail and too big to jail? If the national security state has the power of life or death above the law, and Wall Street has the power to plunder beyond the law, in what way does this remain a nation of laws? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 12 19:25:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Mar 2013 20:25:53 -0400 Subject: [Infowarrior] - Celebrity hackers stole data from AnnualCreditReport.com, Equifax says Message-ID: <1D46C0ED-BDAC-4B12-8FF9-CBE05FCAFA1E@infowarrior.org> (c/o ferg) Celebrity hackers stole data from AnnualCreditReport.com, Equifax says By Bob Sullivan, Columnist, NBC News http://redtape.nbcnews.com/_news/2013/03/12/17286101-celebrity-hackers-stole-data-from-annualcreditreportcom-equifax-says?lite The theft suggests criminals have outfoxed AnnualCreditReport.com?s defenses, potentially giving them access to potentially 200 million Americans? credit reports. According to the Consumer Financial Protection Bureau, 16 million consumers use AnnualCreditReport.com annually. The nation's three largest credit bureaus -- Equifax, Experian and TransUnion -- were required by federal legislation passed in 2003 to offer consumers one free credit report every year. The three jointly operate AnnualCreditReport.com to fulfill that obligation. Entertainment news website TMZ first reported Monday that highly detailed personal information on international celebrities and political figures ? including Jay-Z, Beyonce, Attorney General Eric Holder and Hillary Clinton ? had been published on a website, and that the FBI was investigating. The same website identified in that report published additional data on Tuesday, including details about first lady Michelle Obama and Vice President Joe Biden, leading to a flurry of interest in the source of the data. Later Tuesday, Equifax confirmed that some of the data associated with those identity thefts had been stolen from AnnualCreditReport.com. "Equifax can confirm that fraudulent and unauthorized access to four consumer credit reports has occurred through the AnnualCreditReport.com channel, a free public service that allows all consumers to get annual access to their credit report," the company said in a statement. "Our initial investigation shows the perpetrators had the (personal information) of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place. We have launched a full investigation into this matter and we are also working closely with law enforcement authorities on this matter." The statement did not identify which credit reports had been accessed through the website or explain why more than four reports had been published on the website. TransUnion and Experian also confirmed unauthorized persons had managed to access the credit report data. "TransUnion?s systems were not hacked or compromised in any way," the firm said in a statement to CNBC. "The sophisticated perpetrators of these fraudulent activities had considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports. TransUnion is taking steps to assist the individuals affected to help minimize any potential impact. We are conducting our own internal investigation and working closely with law enforcement." Experian also said its systems weren't hacked, adding that "this looks to be an isolated situation." Consumers who attempt to obtain their credit reports from AnnualCreditReport.com must answer a series of authentication questions. Many of these are what's known as "out-of-wallet" questions -- questions that a criminal who had stolen a wallet couldn't answer -- such as, "which bank holds your mortgage" or "which of these former addresses are valid." That means the criminals who stole the credit reports probably had access to a host of personal information about their targets, allowing them to successfully answer the authentication questions. Some of that data can be purchased from other online data brokers, culled from web pages or even determined through guesswork and the process of elimination. The Federal Trade Commission regulated the creation of AnnualCreditReport.com and its security procedures. FTC spokesman Jay Mayfield said the data theft serves as another reminder to consumers that they should protect their personal information, but said the agency still recommends that consumers visit AnnualCreditReport.com or call the credit bureaus to get a free copy of their credit report every year. He would not comment specifically about the theft of the celebrity credit reports, or about the security of AnnualCreditReport.com Consumers who hear that AnnualCreditReport.com has been compromised might be dissuaded from using the site in the future, and perhaps paying another third-party firm for their credit reports. Doing so would not enhance their security, however. The data available at AnnualCreditReport.com could be accessed by criminals, even if the consumer never asks for it. Issues with the authentication procedures at credit report websites have been raised in the past. Last year, security analyst Dan Clements of CloudEyez.com gave NBCNews.com a tour of websites that sell stolen credit reports. Several of the stolen credit reports viewed at the time indicated they'd been taken from AnnualCreditReport.com or other third-party websites that charge a fee for access to credit reports. "I'm selling super prime credit reports and scores which include all three bureaus and other information," bragged one advertisement on a credit reports for-sale site. Most of the websites were hosted in the .su domain, assigned to the former Soviet Union. The recently celebrity credit reports are also hosted on a .su web site. In one how-to posted on a hacker bulletin board, a hacker describes one brute-force attack used to gain access to credit report websites. Most sites are protected by "challenge" questions such as, "Which bank holds the mortgage on your home?" But there's a critical flaw, the hacker said: "Normally all ... of them will ask you the same question," the hacker wrote. Because the sites use the multiple choice format, it's easy to use the process of elimination and determine the correct answers, he claims. The hacker explained that the trick is to open several credit report sites and keep trying random answers until one set works. The recipe is highly detailed, including helpful tips such as, "Take a shot of screen to remember what answers you gave. After that click the submit button and see what it says." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 12 19:29:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Mar 2013 20:29:01 -0400 Subject: [Infowarrior] - The Wall Street Coverup Continues.... Message-ID: <1C0A9D7B-F772-402C-9B3D-95A12388DCE8@infowarrior.org> Classic diversion ... forget what the data suggests, just go after those who collect and analyse it. ---rick Academic Use of CFTC?s Private Derivatives Data Investigated By Silla Brush - Mar 7, 2013 12:01 AM ET http://www.bloomberg.com/news/2013-03-06/academic-use-of-cftc-s-private-derivatives-data-investigated-1-.html The top U.S. derivatives regulator has suspended a program of visiting academic researchers over concerns about the handling of confidential trading data. The Commodity Futures Trading Commission said in a statement yesterday that it began an internal management review and asked the agency?s inspector general to investigate its oversight of data used to research issues including high- frequency trading. The commission?s concerns were initially triggered by an outside person who raised questions about academic research that referenced CFTC data, according to the statement. ?The management review, which is ongoing, has preliminarily discovered issues regarding the manner in which academic consultants and contractors were brought into the agency, their status with respect to the agency, their access to CFTC systems and information, and the adequacy of related documentation,? the CFTC said. ?To date, we have not confirmed any specific incidents of improper or unauthorized data disclosure.? The agency in December began looking at the role of non- public data in the research program, which is aimed at studying markets the CFTC regulates. The program was suspended and the agency is barring anyone other than full-time employees from access to the data, according to the statement. Academic Paper The program was overseen by the CFTC?s Office of Chief Economist. Until the end of last year the office was led by Andrei Kirilenko, who left for a post at the Massachusetts Institute of Technology. Kirilenko didn?t respond to a request for comment. CFTC chairman Gary Gensler also asked the agency?s internal watchdog to conduct a review. The agency didn?t identify the research that sparked its concerns. A search of academic literature shows that a research paper by Adam Clark-Joseph, a doctoral candidate at Harvard University, relied on ?novel electronic message data? at the CFTC to examine high-frequency trading strategies. Clark-Joseph declined to comment today and referred questions to the CFTC. Agency spokesman Steve Adamske declined to comment on Clark-Joseph?s paper. ?He was invited to aid the agency in market research and economic analysis,? Adamske said in a telephone interview. The agency oversees data on derivatives trades by firms including Goldman Sachs Group Inc. (GS) and JPMorgan Chase & Co. (JPM) that take place on exchanges including the one operated by CME Group (CME) Inc. To contact the reporter on this story: Silla Brush in Washington at sbrush at bloomberg.net To contact the editor responsible for this story: Maura Reynolds at mreynolds34 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 12 20:21:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Mar 2013 21:21:50 -0400 Subject: [Infowarrior] - Pentagon creating teams to launch cyberattacks as threat grows Message-ID: <1CCD70D4-5075-4EDD-A3D2-C7A0D0566ACC@infowarrior.org> Pentagon creating teams to launch cyberattacks as threat grows By Ellen Nakashima http://www.washingtonpost.com/world/national-security/pentagon-creating-teams-to-launch-cyberattacks-as-threat-grows/2013/03/12/35aa94da-8b3c-11e2-9838-d62f083ba93f_print.html The Pentagon?s Cyber Command will create 40 offensive cyber-teams by the fall of 2015 to help defend the nation against major computer attacks and assist combat commands as they plan offensive capabilities, Gen. Keith Alexander testified to Congress on Tuesday. The new teams are part of a broader government effort to shield the nation from destructive attacks over the Internet that could harm Wall Street or knock out electric power, for instance. Some teams are already in place, he said, to focus on ?the most serious threats,? which he did not identify. But Alexander warned that budget cuts will undermine the effort to build up these forces even as foreign threats to the nation?s critical computer systems intensify. And he urged Congress to pass legislation to enable the private sector to share computer threat data with the government without fear of being sued. As he moves into his eighth year as director of the National Security Agency and his third year as head of the fledgling Cyber Command, Alexander told the Senate Armed Services Committee that the strategic threat picture is worsening. ?We?ve seen the attacks on Wall Street over the last six months grow significantly,? he said, noting there were more than 160 disruptive attacks on banks in that period. Describing an attack on Saudi Arabia?s national oil company, he said: ?Last summer, in August, we saw a destructive attack on Saudi Aramco, where the data on over 30,000 systems were destroyed. And if you look at industry, especially the anti-virus community and others, they believe it?s going to grow more in 2013. And there?s a lot that we need to do to prepare for this. ? The U.S. intelligence community has indicated that the assaults on the banks and Saudi Aramco were the work of Iran in retaliation for U.S. financial sanctions imposed to deter Iran from pursuing a nuclear weapons program. Alexander?s remarks came as U.S. intelligence officials elsewhere on the Hill testified about the growing cyberthreat. At a national security threat hearing, Director of National Intelligence James R. Clapper Jr. called on China to stop its ?cyber-stealing? of corporate secrets from U.S. networks. Alexander said that 13 of the new cyber-teams would defend against destructive attacks. ?I would like to be clear that this team .?.?. is an offensive team,? he said, in a rare admission that the military has developed the capacity to conduct offensive cyberattacks. The other 27 teams would support commands such as Pacific Command and Central Command as they plan offensive cyber-capabilities. Separate teams would focus on protecting the Defense Department?s computer networks. He said the first third of the forces, which officials have said will total several thousand civilians and uniformed personnel, will be in place by September and the second third a year later. But Alexander said uncertainty over the budget is having an impact on the ability to fill out the teams. About 25 percent of Cyber Command?s budget is being held up by congressional wrangling over the fiscal 2013 budget, he said. And across-the-board budget cuts that took effect March 1 are forcing civilian furloughs. ?By singling out the civilian workforce, we?ve done a great disservice,? said Alexander, noting that one-third of the command workforce is made up of Air Force civilians. He said that some cyber-recruits have taken a salary cut to work for the government, only to be faced with a furlough. ?That?s the wrong message to send people we want to stay in the military acting in these career fields.? The attacks hitting the banks are ?distributed denial of service attacks? ? or barrages of network traffic against Web site servers ? that are best handled by the Internet service providers, he said. The issue is ?when does a nuisance become a real problem? that forces the government to act, he said. The administration is debating that now, he said. To detect major attacks on industry, the department needs to see them coming in real time, Alexander said. The Internet service providers are best positioned to provide that visibility, but they lack the authority to share attack data with the government, he said. In particular, he said, the companies need legal protection against lawsuits for sharing the data. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 12 20:28:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Mar 2013 21:28:04 -0400 Subject: [Infowarrior] - Google Admits Drive-By Data Collection Was Privacy Breach Message-ID: March 12, 2013 Google Admits Drive-By Data Collection Was Privacy Breach By DAVID STREITFELD http://www.nytimes.com/2013/03/13/technology/google-pays-fine-over-street-view-privacy-breach.html?hp&_r=0&pagewanted=print SAN FRANCISCO ? Google on Tuesday acknowledged to state officials that it had violated people?s privacy during its Street View mapping project when it casually scooped up passwords, e-mails and other personal information from unsuspecting computer users. In agreeing to settle a case brought by 38 states involving the project, the search company for the first time is required to aggressively police its own employees on privacy issues and to explicitly instruct the public about how to fend off privacy violations like this one. While the settlement also included a tiny ? for Google ? fine of $7 million, privacy advocates and Google critics characterized the overall agreement as a breakthrough for a company they say has become a serial violator of privacy, with multiple enforcement actions in recent years and a slew of worldwide investigations into the way the mapping project also collected the personal data of private computer users. ?Google puts innovation ahead of everything and resists asking permission,? said Scott Cleland, a consultant and consumer watchdog whose blog maintains a close watch on Google?s privacy issues. ?But the states are throwing down a marker that they are watching and there is a line the company shouldn?t cross.? The agreement paves the way for a major privacy battle over Google Glass, the much-hyped wearable computer in the form of glasses, Mr. Cleland said. ?If you use Google Glass to record a couple whispering to each other in Starbucks, have you violated their privacy?? he asked. ?Well, 38 states just said they have a problem with the unauthorized collection of people?s data.? George Jepsen, the Connecticut attorney general who led the states? investigation, said that he was hopeful the settlement would produce a new Google. ?This is the industry giant,? he said. ?It is committing to change its corporate culture to encourage sensitivity to issues of personal data privacy.? The applause was not universal, however. Consumer Watchdog, another privacy monitor and frequent Google critic, said that ?asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop.? Niki Fenwick, a Google spokeswoman, said on Tuesday that ?We work hard to get privacy right at Google, but in this case we didn?t.? Last summer, the Federal Trade Commission fined Google $22.5 million for bypassing privacy settings in the Safari browser, the largest civil penalty ever levied by the F.T.C. In 2011, Google agreed to be audited for 20 years by the F.T.C. after it admitted to using deceptive tactics when launching its Buzz social network. That agreement included several rather vague privacy provisions. The new settlement, which requires Google to set up a privacy program within six months, is more specific. Among its requirements, Google must hold an annual privacy week event for employees. It also must make privacy certification programs available to key employees, provide refresher training for its lawyers overseeing new products and train its employees who deal with privacy matters. Several provisions involve outreach. Google must create a video for YouTube explaining how people can easily encrypt their data on their wireless networks and run a daily online ad promoting it for two years. It must run educational ads in the biggest newspapers in the 38 participating states. Among the participating states besides Connecticut are New York, New Jersey, Massachusetts, California and Ohio. ?There are minimum benchmarks Google has to meet,? said Matthew Fitzsimmons, an assistant Connecticut attorney general who negotiated with the company. ?This will impact how Google rolls out products and services in the future.? Marc Rotenberg of the Electronic Privacy Information Center said the agreement was ?a significant privacy decision by the state attorneys general,? adding that ?it shows the ongoing importance of the states? A.G.?s in protecting the privacy rights of Internet users.? The Street View case arose out of Google?s deployment of special vehicles to photograph the houses and offices lining the world?s roads and boulevards. For several years, the company also secretly collected personal information ? e-mails, medical and financial records, passwords ? as it cruised by. It was data-scooping from millions of unencrypted wireless networks. A worldwide uproar and investigations in at least a dozen countries ensued. An Australian regulator, Stephen Conroy, called it ?probably the single greatest breach in the history of privacy.? Google initially denied any data had been collected from unknowing individuals, then sought to downplay what data had been collected and fought with regulators who wanted to examine it. Google said the data had been destroyed, although it turned out some had not been. Some data was purged, but Google is holding the rest until several private lawsuits are resolved. The company blamed a rogue engineer for the operation. But a Federal Communications Commission investigation said the engineer had worked with others and tried to inform his superiors about what he was doing. He was less a rogue than simply unsupervised, the agency concluded. The F.C.C. last summer fined Google $25,000 for obstructing its investigation. Over the last several years, Google has repeatedly said it was strengthening its privacy monitoring, adding layers of oversight and controls. For the states, however, those assurances were not quite enough. ?We obviously thought there was more they could do,? said Mr. Fitzsimmons, the assistant Connecticut attorney general. An executive committee of attorneys general will monitor Google for compliance. The $7 million fine is pocket change for Google, which has a net income of about $32 million a day. ?It is the public opprobrium, not the money, that counts in these cases,? said David Vladeck, a professor of law at Georgetown University who formerly directed the F.T.C.?s Bureau of Consumer Protection. ?And I think people were rightly unhappy with Google?s collecting the information in the first place and then Google?s lame explanation.? Regulators in Germany pursued Google aggressively in the case, more so than anywhere else without bringing charges. That seemed to end the matter until this week. Few outside observers expected the states? efforts to ever amount to much. The inquiry began in June 2010. Richard Blumenthal, then Connecticut?s attorney general, said his office would lead a multistate investigation into what he called ?Google?s deeply disturbing invasion of personal privacy.? In December of that year, Mr. Blumenthal ? on the verge of becoming Connecticut?s junior senator ? issued a civil investigative demand, equivalent to a subpoena, to get the data. Google never provided it. ?That issue was resolved by their admission they had gathered the kinds of data we had alleged they were gathering,? said Mr. Jepsen, the attorney general. In any case, he said, ?What mattered was Google admitted they weren?t just taking pictures.? Kevin O?Brien contributed reporting from Berlin. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 06:53:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 07:53:26 -0400 Subject: [Infowarrior] - Audio from Bradley Manning posted on internet Message-ID: Audio from Bradley Manning posted on internet By Carol Cratty and Larry Shaughnessy http://security.blogs.cnn.com/2013/03/12/audio-from-bradley-manning-posted-on-internet/ Audio of Pfc. Bradley Manning telling a military court that he provided classified information to the WikiLeaks website has been posted on the Internet by the Freedom of the Press Foundation. "This marks the first time the American public has heard the actual voice of Manning," the group said in a statement Monday. Access to the military court proceedings for Manning is limited, and observers are not allowed to use recording devices. The foundation did not say how it obtained the audio but complained that the proceedings should be available to the public. "By releasing this audio recording, we wish to make sure that the voice of this generation's most prolific whistle-blower can be heard - literally - by the world," said the group's statement. The military does not view Manning, 25, as a whistle-blower. It alleges he is responsible for the largest leak of classified documents in U.S. history. On February 28 he pleaded guilty to 10 of the 22 charges against him and faces up to two decades in jail. In that proceeding, Manning spent more than an hour reading a statement explaining his actions. He said he passed on information that "upset" or "disturbed" him but didn't give Wikileaks anything he thought would harm the United States if it were made public. In the audio released by the foundation, Manning reads in an unrushed manner. "Manning's actions should be seen as an overdue sliver of sunlight into an overly secret system rather than as a basis for prosecution seeking decades of imprisonment," the group said in its statement. The Army released a statement saying it has informed the military judge in Manning's case that the rules of the court were violated. "The U.S. Army is currently reviewing the procedures set in place to safeguard the security and integrity of the legal proceedings, and ensure Pfc. Manning receives a fair and impartial trial," the Army said. The U.S. military first detained Manning in May 2010 for allegedly leaking U.S. combat video - including a U.S. helicopter gunship attack posted on WikiLeaks - and classified State Department cables. In this statement to the court, Manning said he initially contacted the Washington Post and the New York Times to provide information. Manning said he either wasn't taken seriously or ended up just getting voice mail, so he gave the information to WikiLeaks. "I believed if the public was aware of the data, it would start a public debate of the wars," Manning told the court. Manning did not plead guilty to the most serious charges against him, including violating the Espionage Act and aiding the United States' enemies. Manning's court-martial on those charges is scheduled to begin June 3. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 06:58:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 07:58:01 -0400 Subject: [Infowarrior] - From 'WarGames' to Aaron Swartz: How we lost control of U.S. anti-hacking law Message-ID: From 'WarGames' to Aaron Swartz: How we lost control of U.S. anti-hacking law The 1983 movie "WarGames" led to an anti-hacking law with felony penalties aimed at deterring intrusions into NORAD. Over time, it became broad and vague enough to ensnare the late Aaron Swartz. < - > http://news.cnet.com/8301-13578_3-57573985-38/from-wargames-to-aaron-swartz-how-we-lost-control-of-u.s-anti-hacking-law/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 07:00:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 08:00:16 -0400 Subject: [Infowarrior] - =?windows-1252?q?Gov=92t_won=92t_even_give_page_c?= =?windows-1252?q?ounts_of_secret_PATRIOT_Act_documents?= Message-ID: Gov?t won?t even give page counts of secret PATRIOT Act documents At a hearing today, a judge insisted the documents must be described. by Joe Mullin - Mar 12 2013, 9:35pm EDT http://arstechnica.com/tech-policy/2013/03/govt-wont-even-give-page-counts-of-secret-patriot-act-documents/ OAKLAND, California?Lawsuits challenging government secrecy have fared pretty terribly in the post-9/11 era, with the most recent example being the Supreme Court's ruling last month that a group of journalists and activists have no right to sue over the FISA spying law. Only a few cases of this sort are left, including two Bay Area lawsuits being pushed forward by the Electronic Frontier Foundation. One is the San Francisco case over NSA wiretapping, which the government is trying to shut down using the "state secrets" privilege. The other is EFF's case demanding to see documents about how the government is interpreting Section 215 of the PATRIOT Act. It isn't just activists that are concerned, either. In 2009, Sen. Dick Durbin (D-IL) said the government's use of "Section 215 is unfortunately cloaked in secrecy. Some day that cloak will be lifted, and future generations will ask whether our actions today meet the test of a democratic society." In 2011, two US Senators, Ron Wyden (D-OR) and Mark Udall (D-CO), publicly voiced their concerns, too, suggesting the government had a pretty wild interpretation of what it was allowed to do under the PATRIOT Act. "When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry,? Wyden told The New York Times. It isn't known what kind of investigation those records would reveal, but there is some speculation that the Section 215 records are related to cell phone geolocation data. EFF's lawyer in charge of the case says if that is true, such data is probably being gathered on a "massive" scale. Later that year, EFF filed a lawsuit [Complaint, PDF] insisting that some of those documents should be publicly disclosed. The government had stonewalled EFF's Freedom of Information Act request, so now the group wanted a federal judge to enforce its request. Department of Justice lawyers said the FOIA couldn't be complied with, because it would reveal classified information about a "sensitive collection program." The ?list itself is classified? In January, the government filed a declaration [PDF] signed by Mark Bradley, the FOIA director of DOJ's National Security Division, explaining what records would be responsive to EFF's request. The descriptions of the documents are extremely basic. For instance, Bradley explains that there are 200 relevant documents dated from May 2006 to Sept. 2011 that were provided to a key House intelligence committee, and that they total 799 pages. It goes on in that fashion. At today's hearing in Oakland federal court, US District Judge Yvonne Gonzalez Rogers suggested that the document wasn't going to be sufficient. "Why can't I have a basic categorization of what the documents are?" asked Gonzalez Rogers. "That list itself is classified," responded Mark Bressler, the DOJ attorney present for the hearing. "Are you suggesting the number of pages of each document is classified?" asked the judge. "What's been provided is: '200 documents consisting of 799 pages.' That doesn't tell me anything. It doesn't tell the public anything. It was never explained to me how something as basic as a list with page numbers could, in any way, shape, or form, be contrary to the interests of the government." "Mr. Bradley has sworn, under penalty of perjury, that to say more would tend to reveal classified information," said Bressler. "A wealth of information is available for in camera review." Information like page numbers and timing of documents "may be put together by targets of investigation, or adversaries of the United States," he said. "What the defendant [DOJ] is doing isn't a national security concern," said Mark Rumold, the EFF lawyer arguing to release the documents. "It's a litigation tactic, used since the beginning of FOIA, to make it impossible for FOIA to challenge the government. The defendant can't even describe why they can't describe the records in more detail." It's an extremely incremental step, but Gonzalez Rogers seemed to side with EFF today. She said she was inclined to issue an order that would ask for more detail about the documents. "What I have here is, 'We sent them 200 documents.' That's not good enough," she said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 07:01:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 08:01:26 -0400 Subject: [Infowarrior] - United States Transitions To A 'First-Inventor-To-File' Patent System Message-ID: <9BD1EB77-835D-47D8-821C-AD4CB9EC2E3E@infowarrior.org> March 16, 2013: The United States Transitions To A 'First-Inventor-To-File' Patent System The United States has long had a ?first-to-invent? patent system in which the date of invention could trump the date of filing a patent application in determining patent rights. However, that is set to change due to the America Invents Act (AIA), a sweeping patent reform bill signed into law by President Obama in September 2011. For patent applications with an effective filing date of March 16, 2013 or later, the United States shifts to what is often ? and only partially accurately ? called a ?first-inventor-to-file? or ?first-to-file? system. The reality is more complex than those designations imply, as patent rights in the United States under the first-to-file system will depend on the interplay between the dates of filing and of any pre-filing disclosures of the invention. < - > http://www.forbes.com/sites/johnvillasenor/2013/03/11/march-16-2013-america-transitions-to-a-first-inventor-to-file-patent-system/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 07:28:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 08:28:20 -0400 Subject: [Infowarrior] - Cyber Perfidy Message-ID: <616B2F55-8200-4B6E-991B-A8CD589AB64B@infowarrior.org> Cyber Perfidy Neil C. Rowe Department of Computer Science U.S. Naval Postgraduate School Monterey, California, United States ncrowe at nps.edu Abstract?Perfidy is the impersonation of civilians during armed conflict. It is generally outlawed by the laws of war such as the Geneva Conventions as its practice makes wars more dangerous for civilians. Cyber perfidy can be defined as malicious software or hardware masquerading as ordinary civilian software or hardware. We argue that it is also banned by the laws of war in cases where such cyber infrastructure is essential to normal civilian activity. This includes tampering with critical parts of operating systems and security software. We discuss possible targets of cyber perfidy, possible objections to the notion, and possible steps towards international agreements about it. This paper appeared in the Routledge Handbook of War and Ethics as chapter 29, ed. N. Evans, 2013. Index terms?laws of war, cyberspace, perfidy, cyberattacks, cyberweapons, impersonation, product tampering, operating systems, software < - > http://faculty.nps.edu/ncrowe/cyberperfidy.htm From rforno at infowarrior.org Wed Mar 13 10:08:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 11:08:33 -0400 Subject: [Infowarrior] - Good riddance to a medal Message-ID: <2F82E044-E507-4660-9B1E-E4453F7A58F2@infowarrior.org> EDITORIAL: Good riddance to a medal Remote-control skill does not compare to valor under fire By THE WASHINGTON TIMES The Washington Times Wednesday, March 13, 2013 http://www.washingtontimes.com/news/2013/mar/13/good-riddance-to-a-medal/print/ This administration certainly loves drones, but even that ardent passion has limits. Defense Secretary Chuck Hagel on Tuesday put a stop to production of a medal that was to be awarded to drone operators, and not a moment too soon. It wasn't just the idea of the Distinguished Warfare Medal that offended good sense. The real outrage was ignited by the goofy idea to give it precedence over medals awarded for bravery and valor. The Distinguished Warfare Medal would outrank the Bronze Star, the Purple Heart, the Air Medal and the Air Force, Army and Navy/Marine Commendation Medals for valor. It's hard to imagine such a bizarre idea coming from anywhere but this White House, where ignorance often trumps good sense. Nobody who has served in uniform, who has survived through enemy fire (or even read about valor and heroism) would have thought such a medal a good idea. Drone operators can strike anywhere in the world with a flick of a mouse, working in the air-conditioned comfort of secure military bases in the United States or Europe. They require great skill and dexterity and they serve with honor, but risk no more than carpal tunnel syndrome or a blister on a thumb as they manipulate a videogame-style controller. That holds no comparison to a soldier risking life and limb on the battlefield. National Commander John Hamilton of the Veterans of Foreign Wars channeled the collective feeling of his organization's 1.9 million members in hammering the department to reconsider. "The VFW just adamantly believes that medals that can only be earned in combat must rank higher than new medals awarded [for service] in the rear," Mr. Hamilton wrote. The lobbying effort persuaded Mr. Hagel, a combat veteran of the Vietnam war. "He's heard their concerns, he's heard the concerns of others," said Defense Department spokesman George Little. "He believes it's prudent to take into account those concerns and conduct this review." Joint Chiefs Chairman Gen. Martin E. Dempsey was told he has 30 days to re-evaluate every aspect of the bad idea -- from the name of the medal to its order of precedence -- and report back with a recommendation. The medal was torpedoed before anyone could be nominated to receive one. Mr. Hagel was likely even more sensitive to the backlash from Capitol Hill. Rep. Duncan Hunter, California Republican, had prepared legislation to lower the rank of precedence of the drone medal. A veteran who served combat tours in Iraq and Afghanistan, Mr. Hunter was outraged by the lack of sensitivity shown by those who approved the medal. Twenty-two senators -- mostly Democrats -- had also written Mr. Hagel to protest the medal. "We believe that medals earned in combat, or in dangerous conditions, should maintain their precedence above non-combat awards," they wrote. Congressional rebuke would have made for an embarrassing start to Mr. Hagel's tenure at the Pentagon; he did the right thing, and quickly, and we applaud him. It's not clear whether remote-controlled valor or skill with a videogame controller is something that needs to be recognized with a medal at all. It was only last week that the White House finally conceded that it does not have the authority to use drones to kill Americans on U.S. soil. Given this setback with the Distinguished Warfare Medal, perhaps the administration and its drones should spend a little time apart. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 13:29:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 14:29:42 -0400 Subject: [Infowarrior] - U.S. to let spy agencies scour Americans' finances Message-ID: U.S. to let spy agencies scour Americans' finances http://www.chicagotribune.com/business/breaking/chi-us-to-let-spy-agencies-scour-americans-finances-20130313,0,2719682.story Reuters 1:00 p.m. CDT, March 13, 2013 The Obama administration is drawing up plans to give all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document seen by Reuters. The proposed plan represents a major step by U.S. intelligence agencies to spot and track down terrorist networks and crime syndicates by bringing together financial databanks, criminal records and military intelligence. The plan, which legal experts say is permissible under U.S. law, is nonetheless likely to trigger intense criticism from privacy advocates. Financial institutions that operate in the United States are required by law to file reports of "suspicious customer activity," such as large money transfers or unusually structured bank accounts, to Treasury's Financial Crimes Enforcement Network (FinCEN). The Federal Bureau of Investigation already has full access to the database. However, intelligence agencies, such as the Central Intelligence Agency and the National Security Agency, currently have to make case-by-case requests for information to FinCEN. The Treasury plan would give spy agencies the ability to analyze more raw financial data than they have ever had before, helping them look for patterns that could reveal attack plots or criminal schemes. The planning document, dated March 4, shows that the proposal is still in its early stages of development, and it is not known when implementation might begin. Financial institutions file more than 15 million "suspicious activity reports" every year, according to Treasury. Banks, for instance, are required to report all personal cash transactions exceeding $10,000, as well as suspected incidents of money laundering, loan fraud, computer hacking or counterfeiting. "For these reports to be of value in detecting money laundering, they must be accessible to law enforcement, counter-terrorism agencies, financial regulators, and the intelligence community," said the Treasury planning document. A Treasury spokesperson said U.S. law permits FinCEN to share information with intelligence agencies to help detect and thwart threats to national security, provided they adhere to safeguards outlined in the Bank Secrecy Act. "Law enforcement and intelligence community members with access to this information are bound by these safeguards," the spokesperson said in a statement. Some privacy watchdogs expressed concern about the plan when Reuters outlined it to them. A move like the FinCEN proposal "raises concerns as to whether people could find their information in a file as a potential terrorist suspect without having the appropriate predicate for that and find themselves potentially falsely accused," said Sharon Bradford Franklin, senior counsel for the Rule of Law Program at the Constitution Project, a non-profit watchdog group. Despite these concerns, legal experts emphasize that this sharing of data is permissible under U.S. law. Specifically, banks' suspicious activity reporting requirements are dictated by a combination of the Bank Secrecy Act and the USA PATRIOT Act, which offer some privacy safeguards. National security experts also maintain that a robust system for sharing criminal, financial and intelligence data among agencies will improve their ability to identify those who plan attacks on the United States. "It's a war on money, war on corruption, on politically exposed persons, anti-money laundering, organized crime," said Amit Kumar, who advised the United Nations on Taliban sanctions and is a fellow at the Democratic think tank Center for National Policy. SUSPICIOUS ACTIVITY The Treasury document outlines a proposal to link the FinCEN database with a computer network used by U.S. defense and law enforcement agencies to share classified information called the Joint Worldwide Intelligence Communications System. The plan calls for the Office of the Director of National Intelligence - set up after 9/11 to foster greater collaboration among intelligence agencies - to work with Treasury. The Director of National Intelligence declined to comment. More than 25,000 financial firms - including banks, securities dealers, casinos, and money and wire transfer agencies - routinely file "suspicious activity reports" to FinCEN. The requirements for filing are so strict that banks often over-report, so they cannot be accused of failing to disclose activity that later proves questionable. This over-reporting raises the possibility that the financial details of ordinary citizens could wind up in the hands of spy agencies. Stephen Vladeck, a professor at American University's Washington College of Law, said privacy advocates have already been pushing back against the increased data-sharing activities between government agencies that followed the Sept. 11 attacks. "One of the real pushes from the civil liberties community has been to move away from collection restrictions on the front end and put more limits on what the government can do once it has the information," he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 13:53:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 14:53:42 -0400 Subject: [Infowarrior] - Users flock to Japan student's firewall-busting thesis project Message-ID: <7A782CB5-9EA7-4D3E-B284-430E9B2453B2@infowarrior.org> Users flock to Japan student's firewall-busting thesis project 'VPN Gate,' designed by PhD student Daiyuu Nobori to circumvent government firewalls, has drawn 77,000 users in less than a week By Jay Alabaster, IDG News Service | Security, VPN March 13, 2013, 6:50 AM ? http://www.itworld.com/networking/348078/users-flock-japan-students-firewall-busting-thesis-project If you're not sure about the purpose behind Daiyuu Nobori's online thesis project, perhaps the large picture of the collapse of the Berlin Wall will help. Nobori created VPN Gate to help individuals in countries that restrict Internet use to beat government firewalls. The service encourages members of the public to set up VPN (virtual private network) servers and offer free connections to individual users, aiming to make the technology more accessible. "Today's VPN software is very complex. They are not easy to use. Some VPN services around the world are expensive for people in other parts of the world," Nobori said in an interview with IDG News Service. His service maintains a public, real-time list of freely available VPN servers for users to choose from. It also offers downloadable server software to run the VPN, and a client that greatly simplifies the process of finding and connecting to one of the free servers, for the less technically inclined. The 28 year-old doctoral student at Tsukuba University, about 30 miles northeast of Tokyo, wasn't sure what the reaction would be when he launched last Friday. He did little to advertise it outside of the home page and a few mentions on tech forums. Five days later, the service has drawn 77,000 users and served nearly 4 terabytes of data. "There are a lot of users from around the world, so I'm very happy," he said, but "the large amount of data transfer charges are a problem. This is coming from my credit card." Nobori had originally planned to host the service on his university's servers, but they have been down recently so he switched it to the Windows Azure cloud platform. He has spent about $9,000 keeping it up so far, and will move it back to the university as soon as he can. He also operates his own VPN company, income from which has helped with expenses. The service is based on "SoftEther," open-source VPN software he built. He says most of it will be released as open source in the next few months. He said he plans to keep certain small portions related to custom protocols private, for security reasons. He was motivated to create VPN Gate when he learned about the firewalls imposed on people living in Middle East countries such as Egypt and Libya. The Web page is currently offered in English, Chinese and his native Japanese, but he says that is more based on the number of language speakers worldwide than any political feelings about a particular country. "I'm an engineer, I don't have any interest in politics," he said. "If people somewhere want to study and can't use services like Wikipedia or Google, this is a big problem. Wikipedia has political articles, but also articles about science and other topics." The service's public access logs show that the vast majority of connections are coming from China. He had friends at his university help him translate his materials into Chinese, but they asked that he not credit them by name for fear of repercussions. Nobori said that while few people in countries like Japan feel threatened by government firewalls, he remains concerned. In Japan, police have publicized a plan to block access to a genre of sites that give advice on how to kill yourself, to cut down on the country's high suicide rate. "It is probably acceptable to block the suicide sites, but you don't know what happens next. There is always a chance it will expand." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 21:05:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 22:05:09 -0400 Subject: [Infowarrior] - Google yanks ad-blocker apps from Google Play Message-ID: Google yanks ad-blocker apps from Google Play A handful of app developers receive notices from the Web giant saying that their ad-blocking software "interferes with or accesses another service or product in an unauthorized manner." http://news.cnet.com/8301-1035_3-57574213-94/google-yanks-ad-blocker-apps-from-google-play/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 13 21:06:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Mar 2013 22:06:55 -0400 Subject: [Infowarrior] - US national vulnerability database hacked Message-ID: US national vulnerability database hacked http://www.theregister.co.uk/2013/03/14/us_malware_catalogue_hacked/ By Jack Clark in San Francisco ? Get more from this author Posted in Security, 14th March 2013 01:17 GMT The US government's online catalog of cyber-vulnerabilities has been taken offline ? ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two web servers, it emerged on Wednesday. The Register received an anonymous tip-off about the infection on Wednesday afternoon, which led us to a Google+ post containing information from NIST. "On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet," Gail Porter of NIST's public inquiries office told a concerned chief security officer in an email, according to the post. "NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability." There is no evidence that NIST web pages were used to serve malware, Porter wrote, and the organization is "continuing to respond to the incident." So far, NIST is doing everything by the literal book, as section 4.3.4 of its own Guide to Malware Incident Prevention and Handling (PDF) says that if you do get infected by malware, "containing incidents by placing temporary restrictions on network connectivity can be very effective". The Register has requested more information o --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 14 15:01:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Mar 2013 16:01:19 -0400 Subject: [Infowarrior] - OPM Mulls Changes to Security Clearance Questionnaire Message-ID: <1586D0E1-9535-4A10-86E6-4B12E1E6149C@infowarrior.org> OPM Mulls Changes to Security Clearance Questionnaire http://www.fas.org/blog/secrecy/2013/03/opm_sf86.html ... Fed Register entry: http://www.fas.org/sgp/news/2013/03/fr-sf86.html From rforno at infowarrior.org Thu Mar 14 15:02:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Mar 2013 16:02:31 -0400 Subject: [Infowarrior] - The Great Cyberscare Message-ID: ForeignPolicy.com March 13, 2013 The Great Cyberscare Why the Pentagon is razzmatazzing you about those big bad Chinese hackers. By Thomas Rid The White House likes a bit of threat. In his State of the Union address, Barack Obama wanted to nudge Congress yet again into passing meaningful legislation. The president emphasized that America's enemies are "seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems." After two failed attempts to pass a cybersecurity act in the past two years, he added swiftly: "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy." Fair enough. A bit of threat to prompt needed action is one thing. Fear-mongering is something else: counterproductive. Yet too many a participant in the cybersecurity debate reckons that puffery pays off. The Pentagon, no doubt, is the master of razzmatazz. Leon Panetta set the tone by warning again and again of an impending "cyber Pearl Harbor." Just before he left the Pentagon, the Defense Science Board delivered a remarkable report, Resilient Military Systems and the Advanced Cyber Threat. The paper seemed obsessed with making yet more drastic historical comparisons: "The cyber threat is serious," the task force wrote, "with potential consequences similar to the nuclear threat of the Cold War." The manifestations of an all-out nuclear war would be different from cyberattack, the Pentagon scientists helpfully acknowledged. But then they added, gravely, that "in the end, the existential impact on the United States is the same." A reminder is in order: The world has yet to witness a single casualty, let alone fatality, as a result of a computer attack. Such statements are a plain insult to survivors of Hiroshima. Some sections of the Pentagon document offer such eye-wateringly shoddy analysis that they would not have passed as an MA dissertation in a self-respecting political science department. But in the current debate it seemed to make sense. After all a bit of fear helps to claim -- or keep -- scarce resources when austerity and cutting seems out-of-control. The report recommended allocating the stout sum of $2.5 billion for its top two priorities alone, protecting nuclear weapons against cyberattacks and determining the mix of weapons necessary to punish all-out cyber-aggressors. Then there are private computer security companies. Such firms, naturally, are keen to pocket some of the government's money earmarked for cybersecurity. And hype is the means to that end. Mandiant's much-noted report linking a coordinated and coherent campaign of espionage attacks dubbed Advanced Persistent Threat 1, or "APT1," to a unit of the Chinese military is a case in point: The firm offered far more details on attributing attacks to the Chinese than the intelligence community has ever done, and the company should be commended for making the report public. But instead of using cocky and over-confident language, Mandiant's analysts should have used Words of Estimative Probability, as professional intelligence analysts would have done. An example is the report's conclusion, which describes APT1's work: "Although they control systems in dozens of countries, their attacks originate from four large networks in Shanghai -- two of which are allocated directly to the Pudong New Area," the report found. Unit 61398 of the People's Liberation Army is also in Pudong. Therefore, Mandiant's computer security specialists concluded, the two were identical: "Given the mission, resourcing, and location of PLA Unit 61398, we conclude that PLA Unit 61398 is APT1." But the report conspicuously does not mention that Pudong is not a small neighborhood ("right outside of Unit 61398's gates") but in fact a vast city landscape twice the size of Chicago. Mandiant's report was useful and many attacks indeed originate in China. But the company should have been more careful in its overall assessment of the available evidence, as the computer security expert Jeffrey Carr and others have pointed out. The firm made it too easy for Beijing to dismiss the report. My class in cybersecurity at King's College London started poking holes into the report after 15 minutes of red-teaming it -- the New York Times didn't. Which leads to the next point: The media want to sell copy through threat inflation. "In Cyberspace, New Cold War," the headline writers at the Times intoned in late February. "The U.S. is not ready for a cyberwar," shrieked the Washington Post earlier this week. Instead of calling out the above-mentioned Pentagon report, the paper actually published two supportive articles on it and pointed out that a major offensive cyber capability now seemed essential "in a world awash in cyber-espionage, theft and disruption." The Post should have reminded its readers that the only military-style cyberattack that has actually created physical damage-- Stuxnet -- was actually executed by the United States government. The Times, likewise, should have asked tough questions and pointed to some of the evidential problems in the Mandiant report; instead, it published what appeared like an elegant press release for the firm. On issues of cybersecurity, the nation's fiercest watchdogs too often look like hand-tame puppies eager to lap up stories from private firms as well as anonymous sources in the security establishment. Finally, the intelligence community tags along with the hype because the NSA and CIA are still traumatized by missing 9/11. Missing a "cyber 9/11" would be truly catastrophic for America's spies, so erring on the side of caution seems the rational choice. Yes, Director of National Intelligence James Clapper's recent testimony was more nuanced than reported and toned down the threat of a very serious cyberattack. But at the same time America's top spies are not as forthcoming with more detailed information as they could be. We know that the intelligence community, especially in the United States, has far better information, better sources, better expertise, and better analysts than private companies like Symantec, McAfee, and Kaspersky Lab. But for a number of reasons they keep their findings and their analysis classified. This means that the quality of the public debate suffers, as experts as well as journalists have no choice but to rely on industry reports of sometimes questionable quality or anonymous informants whose veracity is hard to assess. The tragedy is that Obama actually has it right: Something needs to be done, urgently. But Washington's high-octane mix of profiteering, protectiveness, and politics is sadly counterproductive for four reasons: First, the hype actually makes it harder to focus on crucial engineering details. Security standards in industrial control systems and SCADA networks -- the networks that control stuff that physically moves around, from trains to gas to elevators -- are shockingly low. The so-called Programmable Logic Controllers widely used in critical infrastructure are designed to be safe and reliable in tough factory-floor conditions and harsh weather, not secure against outside attack. This year's S4-conference in Miami Beach, organized by the small and specialized security outfit Digital Bond, again showcased how vulnerable these systems are. But Washington is too busy screaming havoc and too ill-informed to do something meaningful about concrete engineering issues. Just sharing information, as the inspector general of the Department of Homeland Security recommended in a report last month, is useful but it will not deliver security. Connecting critical infrastructure that was never designed to be linked to the Internet is also not the root of the problem -- the built-in security flaws and fragility of these systems needs to be fixed, as Digital Bond's Dale Peterson pointed out last week in response to the timid DHS report. The political dynamic behind this logic is clear: The more is declared critical, the harder it becomes to act on the really critical. Second, the hype clouds badly needed visibility. A fascinating project at Free University Berlin has produced a vulnerability map. The map uses publicly available data from Shodan, the Google for control system hackers, and adds a layer of information crawled from the web to geo-locate the systems that often should not be connected to the Internet in the first place. Red dots on the map show those systems. The United States looks as if it has the measles. But note that the map is incomplete: It is biased towards German products, the project's founder told me. If that flaw can be fixed, the United States and other countries would look as bloody red as Germany does already. The U.S. government's attention-absorbing emphasis on offensive capabilities means it has very little visibility into what this vulnerability map would actually look like. Third, sabotage and espionage are rather different things -- technically as well as politically. SCADA systems are highly specific kit, often old and patched together over years, if not decades. That means these systems are highly specific targets, not generic ones. Affecting critical operations requires reprogramming these systems, not just disrupting them; the goal is modifying output parameters in a subtle way that serves the saboteur's purpose. With Stuxnet, the U.S. government provided the -- so far -- most extreme and best-documented case study. The operation showed that successful sabotage that goes beyond just deleting data is far more difficult than successful espionage: It requires testing and fine-tuning an attack over many iterations in a lab environment, as well as acquiring highly specific and hard-to-get target intelligence. Stealing large volumes of intellectual property from a commercial competitor, by contrast, is a technically rather different operation -- there is little to no valuable IP hidden inside control systems. To put it bluntly: China and others have a high commercial incentive to steal stuff, but they have no commercial incentive to break stuff. All threats are not created equal. What's needed is nuance, surgical precision, differentiation, and sober analysis -- not funk, flap, and fluster. Finally, hype favors the offense over the defense. The offense is already sexier than the defense. Many software engineers who consider a career in public administration want to head north to the dark cubicle at Fort Meade, not bore themselves in the Department of Homeland Security -- if they are not working happily in the Googleplex on bouncing rubber balls already. If the NSA sucks up most of the available talent and skill and puts it to work on the offense, the defense will continue to suffer. By overstating the threat, and by lumping separate issues into one big bad problem, the administration also inadvertently increases the resistance of powerful business interests against a regulatory over-reaction. As President Obama mentioned in his State of the Union address, if we look back years from now and wonder why we did nothing in the face of real threats, the answer may be straightforward: too much bark, not enough bite. Thomas Rid, reader in war studies at King's College London, is the author of Cyber War Will Not Take Place. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 14 15:07:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Mar 2013 16:07:47 -0400 Subject: [Infowarrior] - =?windows-1252?q?Hey_Internet=2C_where=92s_the_ou?= =?windows-1252?q?trage=3F?= Message-ID: Posted at 02:27 PM ET, 03/13/2013 Hey Internet, where?s the outrage? By Gregory Ferenstein http://www.washingtonpost.com/blogs/innovations/post/hey-internet-wheres-the-outrage/2013/03/13/caf1f4b2-8c03-11e2-b63f-f53fb9f2fcb4_blog.html Gregory Ferenstein is a writer for TechCrunch. This piece reflects his opinion. Compare, for a moment, the Internet industry?s outrage against potential government censorship, as they see it, with the seeming indifference to government surveillance. In 2012, major Web sites staged a massive global protest against a law that would have given the government new powers to shut down sites associated with piracy. Yet, as Congress considers sweeping new surveillance procedures over popular Internet companies, with three House committee hearings Wednesday, those same digital activists are largely silent. It begs the question, does this younger, tech-savvy generation care more about innovation than civil liberties? The ?Cyber Intelligence Sharing and Protection Act? would give the government broad new powers to collect personal data from telecommunication and social network companies, often without warrant. Provisions in CISPA give legal immunity to companies, including those in social media and search, for sharing information with authorities and also helps them combat malicious hackers. So, unlike the power to shut down Web sites, intrusive surveillance doesn?t represent an existential threat to the Web. Civil liberty groups, such as the Electronic Frontier Foundation (EFF), are predictably outraged over both the law and industry?s acquiescence. In response, Facebook justified its support of CISPA in a rare blog post in April 2012. ?We recognize that a number of privacy and civil liberties groups have raised concerns about the bill,? wrote Facebook?s Vice President of U.S. Public Policy, Joel Kaplan. However, ?if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems.? The complicit support is curious, since around that time last year, netizens and large Internet companies staged a coordinated global Web site ?blackout? when Congress attempted to pass the Stop Online Piracy Act (SOPA). The bill would have allowed copyright holders and the Justice Department to severely hinder or even shut down sites that ?engage in, enable, or facilitate? piracy. Given CISPA?s legal benefits to private companies such as Google and Facebook, it?s easier to see why the corporate pillars of the Internet haven?t jumped on the outrage bandwagon. However, it?s not as clear why other major Internet players, such as Craigslist or Wikipedia, who participated in SOPA protests aren?t being as vocal now. Reddit co-founder Alexis Ohanian, who decided to blackout the popular site to protest SOPA, explained to me in an e-mail why CISPA hasn?t inspired the same reaction from this community: ?The big reason is the imminent threat of shutting down things we love (like reddit, all of social media, etc.) that SPOA/PIPA provided. Whereas the obliteration of 4th amendment rights to privacy online isn?t as blatant, sadly, so it?s harder to rally around.? Ohanian?s argument might fully explain the muted response, were it not for other, past mass protests unrelated to Web site seizures. Twitter lit up over a D.C. bill that would have increased the price of smartphone car service Uber. ?Wow, a business (Uber) is prevented from lowering its prices.. wait.. what? We live in America, right?? tweeted Digg Co-Founder and Google Venture Partner, Kevin Rose, to his 1 million followers. Within 24 hours, state assemblywoman Mary Cheh was drowning in thousands of angry e-mails, buttressed by scathing blog posts all over the media. ?Uber vs. Washington, D.C.: This Is Insane,? ran a headline on The Atlantic. So, users do, in fact, get angry, but the common thread between SOPA and Uber is an almost parental protection of information and innovation. Privacy is treated like a convenience--nice to have, but not essential. This principle seems to hold true even outside of the United States. Malaysia Wikipedia officially participated in a country-wide ?blackout? protest against a bill that held Web site owners responsible for the slanderous comments of their users. A copycat blackout was held in the Philippines against a law, The Cybercrime Prevention Act, that threatened jail-time over commenters who were critical of the government. Yet, when South Korea enacted one of the most aggressive anti-privacy laws in recent memory, a ban on anonymous commenting on large Web sites in 2007, the law went through smoothly. So, civil liberties groups can try to force-feed rage all they want ? and they are, as this letter signed by 34 civil liberties groups in protest of CISPA shows. But the Internet community will only rise up when they feel threatened. Their inaction is sending the message, whether intended or not, that privacy is not a priority. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 15 07:26:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Mar 2013 08:26:12 -0400 Subject: [Infowarrior] - Google Takes the Dark Path, Censors AdBlock Plus on Android Message-ID: <40AA669D-60A3-4AD2-B2C2-57F45291C27C@infowarrior.org> https://www.eff.org/deeplinks/2013/03/google-censoring-android-apps March 14, 2013 | By Peter Eckersley Google Takes the Dark Path, Censors AdBlock Plus on Android In a shocking move, Google has recently deleted AdBlock Plus from the Android Play Store. This is hugely disappointing because it demonstrates that Google is willing to censor software and abandon its support for open platforms as soon as there's an ad-related business reason for doing so. Until now, the Internet and software development communities have relied on Google to be safely on their side when it comes to building open platforms, encouraging innovation, and giving users maximum choice about how their computers will function. But with today's news, that commitment to openness suddenly looks much, much weaker. Google clearly has a vested interest in preventing people from installing ad blocking software like AdBlock Plus.1 But until recently, the company did an admirable job of leaving that matter aside and letting users make their own choices about whether they wanted to hide ads on their phones and in their browsers. Google established a reputation for building tools that put the interests of their users first. This new form of censorship is the exact opposite. It is not only a betrayal of the principle of openness, but a betrayal of the trust that people put in Google when they decide to buy an Android phone. Google's stated reason for the ban is that the Android app allegedly "interferes with or accesses another service or product in an unauthorized manner." This policy is broad, vague, and arbitrary. It isn't clear yet how far Google is going to go in censoring the Play Store. Are they just going to target ad blockers? Ad blockers are not only useful and extremely popular, but also currently the only way that Internet users can effectively protect themselves against non-consensual third party tracking. Or is Google going to follow the letter of its policy closely, in which case we would expect to see other useful privacy-enhancing technologies blocked from the Play Store, such as the apps that control the permissions of other apps (for instance, preventing the Skype app from tracking your location or the Foursquare app from grabbing the contents of your addressbook) or a hypothetical future port of HTTPS Everywhere? 2 Google may try to reply to this criticism by saying that on most (but not all) Android devices, there is still a way to tweak the system settings to allow installation of AdBlock Plus from outside of the Play Store. This is of limited reassurance. Making it hard to install useful software will have the concrete effect of greatly reducing how many people actually succeed when they try to do so. This is the kind of manipulative attack against openness that we've learned to expect from Apple, but we're extremely distressed to see it from Google. For developers on the Android and other Google teams who are reading this, we urge you to rethink this terrible decision. Stand up for users. Don't let Android take the dark path. Don't be evil. ? 1. Although it's worth noting that AdBlock Plus isn't hostile to all advertising-based business models and only blocks a fraction of Google's ads by default ? 2. There is currently no HTTPS Everywhere port for Android because the OS lacks an adequate API for implementing it elegantly on non-rooted devices. Certainly, those apps could be argued to "intefere with other apps" just as much as AdBlock Plus does. From a user's point of view, the question is not whether an app alters the behavior of other apps, but whether the app does what the user wanted it to do. In the case of AdBlock Plus, the answer is clearly "yes". Actually, ABP on Android is flawed on non-rooted devices because it doesn't interfere with other apps as much as the user would want it to. That's a result of restrictions that Google has built into the Android API. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 15 07:26:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Mar 2013 08:26:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?Paramount_Censors_Torrentz=92s_T?= =?windows-1252?q?orrentless_Homepage_from_Google?= Message-ID: Paramount Censors Torrentz?s Torrentless Homepage from Google ? Ernesto ? March 15, 2013 http://torrentfreak.com/paramount-censors-torrentzs-torrentless-homepage-from-google-130315/ The homepage of the popular torrent search engine Torrentz disappeared from Google this week after Hollywood studio Paramount sent a peculiar DMCA takedown request. Paramount claims in the notice that the URL links to infringing content, but there are no links to torrents or even other torrent sites on Torrentz? homepage. The meta-search engine has filed a counterclaim and is waiting for Google to respond. Every week copyright holders send millions of DMCA takedown notices to Google, hoping to make pirated movies and music harder to find. Unfortunately not all of these notices are correct. Because of the high number of often automated notices, neither the copyright holder nor the recipient can check the validity of all requests, leading to questionable take-downs. This problem is illustrated by a recent DMCA notice sent to Google on behalf of movie studio Paramount. The notice in question alerts Google to the existence of alleged pirated versions of ?Jack Reacher? and ?Rise of the Guardians? listed on the homepage of BitTorrent search engine Torrentz.eu. Interestingly, however, Torrentz doesn?t list any links to torrent files on its homepage. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 15 10:20:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Mar 2013 11:20:50 -0400 Subject: [Infowarrior] - Oregon Company to Sell Drone Defense Technology to Public Message-ID: <88AD3D13-6239-41AE-BEFC-7B972098A57C@infowarrior.org> (Nice idea, but more info would make this story sound less like vaporware or wishfulware. --rick) Oregon Company to Sell Drone Defense Technology to Public The company says it won't knock drones down, but will stop them from 'completing their mission' By Jason Koebler March 15, 2013 http://www.usnews.com/news/articles/2013/03/15/oregon-company-to-sell-drone-defense-technology-to-public Do you want to keep drones out of your backyard? An Oregon company says that it has developed and will soon start selling technology that disables unmanned aircraft. The company, called Domestic Drone Countermeasures, was founded in late February because some of its engineers see unmanned aerial vehicles?which are already being flown by law enforcement in some areas and could see wider commercial integration into American airspace by 2015?as unwanted eyes in the sky. "I was personally concerned and I think there's a lot of other people worried about this," says Timothy Faucett, a lead engineer on the project. "We've already had many inquiries, a lot of people saying 'Hey, I don't want these drones looking at me.'" Domestic Drones Countermeasures was formed as a spin-off company from Aplus Mobile, which sells rugged computer processors to defense contractors?though the company won't discuss its specific technology because it is still applying for several patents. Faucett says that work has helped inform its anti-drone technology. The company will sell land-based boxes that are "non-offensive, non-combative and not destructive." According to the company, "drones will not fall from the sky, but they will be unable to complete their missions." Though Faucett wouldn't discuss specifics, he says the boxes do not interfere with a drone's navigation system and that it doesn't involve "jamming of any kind." He says their technology is "an adaptation of something that could be used for military application" with the "combat element replaced with a nondestructive element." "We understand the nature of the equipment drone manufacturers are using and understand how to counter their sensors," Faucett says. "We're not going to be countering Predator drones that are shooting cruise missiles, but we're talking about local law enforcement drones and commercial ones that people might be using for spying." For now, Faucett admits the technology is "expensive," but the company is already ready to design custom anti-drone boxes for customers. "We envision it could be cheap enough for residential use very soon," he says. "It's quite possible to deploy it if you were shooting a movie and wanted to protect your set, or if you had a house in Malibu and wanted to protect that, we could deploy it there. If a huge company like Google wanted to protect its server farms, it can be scaled up for a larger, fixed installation." As drones become more commonplace, Faucett says more people will begin searching for a way to protect their privacy. "The thing that brought it home for me was Senator [Rand] Paul doing the filibuster, there's a lot of unanswered questions," he says. "We think there might be as much business for this counter drone stuff as there is for the drones themselves." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 15 10:24:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Mar 2013 11:24:27 -0400 Subject: [Infowarrior] - Veoh Wins Important Case Against Universal Music Over DMCA Safe Harbors Again; But Is Still Dead Due To Legal Fees Message-ID: <3E3E5231-AD7B-4120-9DA9-CB7DA77AD5C7@infowarrior.org> Veoh Wins Important Case Against Universal Music Over DMCA Safe Harbors Again; But Is Still Dead Due To Legal Fees http://www.techdirt.com/articles/20130314/16415922328/veoh-wins-important-case-against-universal-music-over-dmca-safe-harbors-again-is-still-dead-due-to-legal-fees.shtml from the a-sad-tale-of-copyright-destroying-innovation dept We've written a few times about the sad case of Veoh. Veoh was a YouTube-like site, funded by Hollywood insiders like Michael Eisner, but who got sued by Universal Music Group, claiming copyright infringement (using more or less the same theories used by Viacom against YouTube). Technically, Veoh sued first (filing for declaratory judgment after receiving a threat letter from UMG, but UMG quickly followed with its own lawsuit). UMG played dirty, not just suing the company but directly suing its investors as well. This was a pure intimidation technique, designed to scare major investors into either pulling investment or ordering the company to change course, even if what they were doing was legal. While the court dismissed the charges against the investors (and scolded UMG in the process), the intimidation might have worked. In the middle of all of this, Veoh shut down, because it ran out of money, mainly due to the lawsuit. It sold off its assets to another party, and somehow scraped together a little money to keep the lawsuit, and just the lawsuit, going. < -- > So, once again, Veoh has proven that internet services like it are protected by the DMCA from being blamed for users infringing. And yet, the fact that it had to effectively shut down and just sell off its assets, is a reminder of just how much the big copyright players can stifle and kill off innovative services via copyright law, even when they have no case. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 15 16:04:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Mar 2013 17:04:39 -0400 Subject: [Infowarrior] - Federal Judge Finds National Security Letters Unconstitutional, Bans Them Message-ID: <2625CFFE-D864-4922-A741-AF8FB03AE6C6@infowarrior.org> Federal Judge Finds National Security Letters Unconstitutional, Bans Them ? By Kim Zetter ? 03.15.13 ? 4:27 PM http://www.wired.com/threatlevel/2013/03/nsl-found-unconstitutional Ultra-secret national security letters that come with a gag order on the recipient are an unconstitutional impingement on free speech, a federal judge in California ruled Friday. U.S. District Judge Susan Illston ordered the government to stop issuing so-called NSLs across the board, in a stunning defeat for the Obama administration?s surveillance practices. However, she also stayed her order for 90 days to give the government a chance to appeal to the Ninth Circuit Court of Appeals. ?We are very pleased that the Court recognized the fatal constitutional shortcomings of the NSL statute,? said Matt Zimmerman, senior staff attorney for the Electronic Frontier Foundation, which filed a challenge to NSLs on behalf of a telecom that received an NSL in 2011. ?The government?s gags have truncated the public debate on these controversial surveillance tools. Our client looks forward to the day when it can publicly discuss its experience.? The telecommunications company received the ultra-secret demand letter in 2011 from the FBI seeking information about a customer or customers. The telecom took the extraordinary and rare step of challenging the underlying authority of the National Security Letter, as well as the legitimacy of the gag order that came with it. Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans? finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and been reprimanded for abusing them ? though almost none of the requests have been challenged by the recipients. After the telecom challenged the NSL, the Justice Department took its own extraordinary measure and sued the company, arguing in court documents that the company was violating the law by challenging its authority. The move stunned the Electronic Frontier Foundation, which is representing the anonymous telecom. ?It?s a huge deal to say you are in violation of federal law having to do with a national security investigation,? says Zimmerman. ?That is extraordinarily aggressive from my standpoint. They?re saying you are violating the law by challenging our authority here.? The case is a significant challenge to the government and its efforts to obtain documents in a manner that the EFF says violates the First Amendment rights of free speech and association. It?s only the second time that such a serious and fundamental challenge to NSLs has arisen. The first occurred in 2004 in the case of a small ISP owner named Nicholas Merrill, who challenged an NSL seeking info on an organization that was using his network. He asserted that customer records were constitutionally protected information. But that issue never got a chance to play out in court before the government dropped its demand for documents. With this new case, civil libertarians are getting a second opportunity to fight NSLs head-on in court. NSLs are written demands from the FBI that compel internet service providers, credit companies, financial institutions and others to hand over confidential records about their customers, such as subscriber information, phone numbers and e-mail addresses, websites visited and more. NSLs are a powerful tool because they do not require court approval, and they come with a built-in gag order, preventing recipients from disclosing to anyone that they have even received an NSL. An FBI agent looking into a possible anti-terrorism case can self-issue an NSL to a credit bureau, ISP or phone company with only the sign-off of the Special Agent in Charge of their office. The FBI has to merely assert that the information is ?relevant? to an investigation into international terrorism or clandestine intelligence activities. The lack of court oversight raises the possibility for extensive abuse of NSLs under the cover of secrecy, which the gag order only exacerbates. In 2007 a Justice Department Inspector General audit found that the FBI had indeed abused its authority and misused NSLs on many occasions. After 9/11, for example, the FBI paid multimillion-dollar contracts to AT&T and Verizon requiring the companies to station employees inside the FBI and to give these employees access to the telecom databases so they could immediately service FBI requests for telephone records. The IG found that the employees let FBI agents illegally look at customer records without paperwork and even wrote NSLs for the FBI. Before Merrill filed his challenge to NSLs in 2004, ISPs and other companies that wanted to challenge NSLs had to file suit in secret in court ? a burden that many were unwilling or unable to assume. But after he challenged the one he received, a court found that the never-ending, hard-to-challenge gag orders were unconstitutional, leading Congress to amend the law to allow recipients to challenge NSLs more easily as well as gag orders. Now companies can simply notify the FBI in writing that they oppose the gag order, leaving the burden on the FBI to prove in court that disclosure of an NSL would harm a national security case. The case also led to changes in Justice Department procedures. Since Feb. 2009, NSLs must include express notification to recipients that they have a right to challenge the built-in gag order that prevents them from disclosing to anyone that the government is seeking customer records. Few recipients, however, have ever used this right to challenge the letters or gag orders. The FBI has sent out nearly 300,000 NSLs since 2000, about 50,000 of which have been sent out since the new policy for challenging NSL gag orders went into effect. Last year alone, the FBI sent out 16,511 NSLs requesting information pertaining to 7,201 U.S. persons, a technical term that includes citizens and legal aliens. But in a 2010 letter (.pdf) from Attorney General Eric Holder to Senator Patrick Leahy (D-Vermont), Holder said that there had ?been only four challenges,? and those involved challenges to the gag order, not to the fundamental legality of NSLs. At least one other challenge was filed earlier this year in a secret case revealed by Wired. But the party in that case challenged only the gag order, not the underlying authority of the NSL. When recipients have challenged NSLs, the proceedings have occurred mostly in secret, with court documents either sealed or redacted heavily to cover the name of the recipient and other identifying details about the case. The latest case is remarkable then for a number of reasons, among them the fact that a telecom challenged the NSL in the first place, and that EFF got the government to agree to release some of the documents to the public, though the telecom was not identified in them. The Wall Street Journal, however, used details left in the court records, and narrowed the likely plaintiffs down to one, a small San-Francisco-based telecom named Credo. The company?s CEO, Michael Kieschnick, didn?t confirm or deny that his company is the unidentified recipient of the NSL. The case began sometime in 2011, when Credo or another telecom received an NSL from the FBI. EFF filed a challenge on behalf of the telecom (.pdf) in May that year on First Amendment grounds, asserting first that the gag order amounted to unconstitutional prior restraint and, second, that the NSL statute itself ?violates the anonymous speech and associational rights of Americans? by forcing companies to hand over data about their customers. Instead of responding directly to that challenge and filing a motion to compel compliance in the way the Justice Department has responded to past challenges, government attorneys instead filed a lawsuit against the telecom, arguing that by refusing to comply with the NSL and hand over the information it was requesting, the telecom was violating the law, since it was ?interfer[ing] with the United States? vindication of its sovereign interests in law enforcement, counterintelligence, and protecting national security.? They did this, even though courts have allowed recipients who challenge an NSL to withhold government-requested data until the court compels them to hand it over. The Justice Department argued in its lawsuit that recipients cannot use their legal right to challenge an individual NSL to contest the fundamental NSL law itself. After heated negotiations with EFF, the Justice Department agreed to stay the civil suit and let the telecom?s challenge play out in court. The Justice Department subsequently filed a motion to compel in the challenge case, but has never dropped the civil suit. Justice Department spokesman Wyn Hornbuckle declined to comment on the case. The redacted documents don?t indicate the exact information the government was seeking from the telecom, and EFF won?t disclose the details. But by way of general explanation, Zimmerman said that the NSL statute allows the government to compel an ISP or web site to hand over information about someone who posted anonymously to a message board or to compel a phone company to hand over ?calling circle? information, that is, information about who has communicated with someone by phone. An FBI agent could give a telecom a name or a phone number, for example, and ask for the numbers and identities of anyone who has communicated with that person. ?They?re asking for association information ? who do you hang out with, who do you communicate with, [in order] to get information about previously unknown people. ?That?s the fatal flaw with this [law],? Zimmerman told Wired last year. ?Once the FBI is able to do this snooping, to find out who Americans are communicating with and associating with, there?s no remedy that makes them whole after the fact. So there needs to be some process in place so the court has the ability ahead of time to step in [on behalf of Americans].? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 15 16:08:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Mar 2013 17:08:01 -0400 Subject: [Infowarrior] - Appeals Court deals blow to CIA drone secrecy Message-ID: Court deals blow to CIA drone secrecy By: Josh Gerstein March 15, 2013 11:26 AM EDT http://dyn.politico.com/printstory.cfm?uuid=5B201C32-6351-433B-8D52-0F18CDE166E1 For now, the Central Intelligence Agency can still maintain its official silence on whether it uses armed drones. But a new court decision Friday could force the agency to provide some information about what kind of records they have on the subject and spell out why it?s not required to say more about them. In the first judicial blow to secrecy surrounding the Obama Administration?s armed drone program, a three-judge panel of the U.S. Court of Appeals for the D.C. Circuit unanimously rejected the CIA?s claim that it could refuse to confirm or deny whether it possesses any records related to drone strikes. But whether the ruling will result in more drone-related documents actually being released to the public remains murky. The judges found that public statements about drones from President Barack Obama, former CIA director Leon Panetta and new Central Intelligence Agency Director and former White House counterterrorism adviser John Brennan made it implausible for the CIA to assert that it needed to keep secret the very question of whether it maintains any information on the subject. ?Although these statements do not acknowledge that the CIA itself operates drones, they leave no doubt that some U.S. agency does,? Judge Merrick Garland wrote in an opinion joined by Judges David Tatel and Thomas Griffith. ?Given these statements by the Director, the President, and the President?s counterterrorism advisor, the Agency?s declaration that ?no authorized CIA or Executive Branch official has disclosed whether or not the CIA?has an interest in drone strikes??is at this point neither logical nor plausible.? ?As it is now clear that the Agency does have an interest in drone strikes, it beggars belief that it does not also have documents relating to the subject,? Garland added. The judges did not rule that any specific documents must be made public by the CIA. However, the CIA will now be obligated to make some further filings with a lower court, describing the relevant records in some fashion and explaining why they are covered by one or more Freedom of Information Act exemptions. That process usually results in the disclosure of some records ? whether it will in this case and whether such records will add meaningfully to the hot public debate over drones is unclear. The appeals court acted on a lawsuit the American Civil Liberties Union brought under the Freedom of Information Act. In 2011, a district court judge accepted the CIA?s argument to apply the so-called Glomar doctrine to the case. Under that theory, named for a ship the CIA used on a secret 1974 mission to raise a sunken Russian submarine from the ocean floor, agencies can sometimes refuse to acknowledge even whether they have certain documents on a subject if disclosing that fact would undermine interests protected by one or more exemptions to the Freedom of Information Act. Garland and Tatel are appointees of President Bill Clinton. Griffith was appointed by President George W. Bush. Even before the judges? ruling Friday, the CIA seemed to be backing away from its previous refusal to say whether it had any drone records whatsoever. In a filing with the appeals court last June, Justice Department lawyers said they had disclosed in a separate case that the CIA had some drone-related records, like a copy of Brennan?s speech on the subject last year. In what may have been a bid to head off a defeat like Friday?s one, the government asked the D.C. Circuit to return the case to the district court, but DOJ lawyers were vague about what they planned to do if the case was sent back there. The ACLU opposed remanding the case and the appeals court panel denied the motion the following month, without explanation. A DOJ spokesman, Dean Boyd, said, ?We?re reviewing the decision.? But the ACLU?s Jameel Jaffer called Friday?s decision ?an important victory.? ?We hope that this ruling will encourage the Obama administration to fundamentally reconsider the secrecy surrounding the targeted killing program,? Jaffer said. ?The public surely has a right to know who the government is killing, and why, and in which countries, and on whose orders.? ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 18 08:46:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Mar 2013 09:46:49 -0400 Subject: [Infowarrior] - List of active bug bounty programs Message-ID: <7E2D63AC-63A5-401D-BBDD-B39F5E6A3E70@infowarrior.org> List of active bug bounty programs http://blog.bugcrowd.com/list-of-active-bug-bounty-programs/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 18 08:46:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Mar 2013 09:46:55 -0400 Subject: [Infowarrior] - Twitter Just Crushed Wall Street After The Cyprus Bailout Message-ID: <3EDA9F2A-BE37-4FFF-B58D-5BC3037F70B8@infowarrior.org> Twitter Just Crushed Wall Street After The Cyprus Bailout Joe Weisenthal | Mar. 17, 2013, 3:32 PM This process has been happening for a long time, but for those in finance, the value of Twitter is increasingly equaling or surpassing the value of traditional sell-side research from Wall Street analysts. This weekend's surprise bailout of Cyprus (surprise, because of the fact that depositors in Cypriot banks are seeing a 'one-off' tax) is a major moment in the evolution of financial information. Because the news was so surprising, and because there's so little time between when the bailout was announced early Saturday morning, and when trading begins Sunday evening, there's been an aggressive thirst for information and analysis on what it all means. But the sell-side has been fairly slow, and the Twittersphere has come to the rescue. < - > And this is why Twitter is so killer. In a very unusual crisis, the local knowledge was key. So it was essential to follow someone like Yiannis Mouzakis (to get the reaction from the Cyprus street) or Nick Malkouzis and Efthimia Efthimiou for the Greek perspective. Bottom line: The value of Twitter (and Twitterers' blogs) have been growing for some time. But on a weekend, with a high degree of local knowledge and nuance required, the best information out there was all free. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 18 11:08:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Mar 2013 12:08:07 -0400 Subject: [Infowarrior] - Pharmocracy Message-ID: <37F90ACF-A7F7-4258-A675-5CCB783EE31C@infowarrior.org> Giant Pharma Company Claims Releasing Data On Drug Safety Is Illegal As It's Confidential And 'Commercially Sensitive' < - > What makes this a little confusing is that the company is quoted in that article as saying that it "firmly supports transparency" -- and yet here it is fighting tooth and nail against precisely that. Apparently, Monsanto also wants the regulatory environment in Europe to be "science-based". Modern science requires experimental data to be made available so that anyone can check the validity of the conclusions that have been drawn from it. If it can't be scrutinized, the conclusions can't be confirmed, and it's not science. So, given its call for "science-based" regulation, why does the company want to keep that data hidden? A cynic might almost suspect that Monsanto and AbbVie have something to hide. http://www.techdirt.com/articles/20130315/04370222337/giant-pharma-company-claims-releasing-data-drug-safety-is-illegal-as-its-confidential-commercially-sensitive.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 18 12:55:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Mar 2013 13:55:17 -0400 Subject: [Infowarrior] - Twitter's growing monopoly Message-ID: <26A180C9-E0DF-47B3-A6DB-3249B6E3C69B@infowarrior.org> #FirstWorldProblems: Twitter third party clients continue to shut down and its API is just getting more restrictive By AJ Dellinger ? March 18, 2013 http://www.digitaltrends.com/mobile/firstworldproblems-twitter-api-and-third-party-problem/ though Google sometimes reaches over into the territory of being too invasive or a bit overreaching with its services, it can often get away with it thanks to it?s insistence on not being evil. In contrast, when Facebook violates the privacy of its users, there is usually a fair amount of outcry about it. But Twitter?s treatment of third party clients, while stirring the news cycle, has prompted relatively little reaction. Just this month, though, two of the most popular Twitter clients ? TweetDeck and Falcon Pro ? cited social network?s API as reasons for major changes. It?s all part of Twitter?s attempt to make its own platform profitable, but is imposing a near monopoly the way to do it? For some time now, Twitter has been focused on strengthening its bottom line and turning a profit as a business ? something that many weren?t sure was possible. The best way for the microblogging service to do that, especially with its service being used so regularly while on the go, is through its official app. But it?s methods of making sure people use its in-house app have been a bit restrictive on its would be competition. Falcon Pro was one of the first to deal with this, hitting the wall of 100,000 users even though there isn?t that many actively using the app. Twitter operates that limit with what it calls tokens. A user who buys Falcon Pro and uses it on both their phone and a tablet count as two tokens. People who have pirated the app take up the token of a would be paying user as well. The developer behind Falcon Pro claims just 40,000 of its 100,000 tokens are paying, active users. The other 60,000 consist of pirates, multiplatform users, and people who returned the app within Google?s 15 minute refund window. Perhaps the worst part about this policy for Falcon Pro, aside from a mandated ceiling for its success, is that new users who buy the app won?t be able to access the services they paid for. A petition to increase the limits has been started by the Falcon Pro team so they may provide their customers with what they bought. The formal request for additional tokens was denied by Twitter on the grounds that there is no feature that Falcon Pro provides and Twitter?s own client doesn?t. Meanwhile, TweetDeck will have its app presence withdrawn all together. One of the biggest names in Twitter clients, TweetDeck is getting the plug pulled on it by its owner, Twitter itself. The removal with take place in May, not coincidentally coinciding with an update to the Twitter API. TweetDeck will continue to live on as a Web-based client, which Twitter claims that most of its power users have been trending toward. It was still made clear that TweetDeck?s disappearance is related to API changes, and the road before its death won?t be an easy one as outages are expected as Twitter tests out the new API. None of these limitations used to be in place back when Twitter first started. It?s API was open, which made it possible for Twitter clients like the ones that are dying out to exist in the first place. But with loss of the platform comes loss of profit, at least in Twitter?s eyes. One doesn?t have to look any further than Facebook, a social network with minimal competition and a closed API, to see a similar strategy that is viable. Twitter doesn?t want to force users to use the official client because no company wants to force anyone to use their product. Force would indicate there is some reason people wouldn?t want to use it in the first place. Instead it?s simply suggesting people not get caught up in third party options and instead focus on Twitter?s own app, the one that features ads and sponsored tweets. The already tight noose around the neck of Twitter developers is about to get tighter with API version 1.1. In addition to the current 100,000 token limit, a new requirement of Twitter?s approval on pre-installed Twitter apps will be put in effect. This shift will give Twitter the ability to comb over applications before they ship, allowing Twitter to play emperor and give the thumbs up or thumbs down to a third party client?s app. Twitter further made clear its intentions, through about as much jargon as possibly utterable, that it had little interest in new Twitter clients. In a blog post about API v. 1.1, it is explained through a graph that the company will be discouraging anything that falls into the ?Traditional Twitter Client,? instead erging developers to focus on things like ?social analytics? and ?social influence ranking? (think Klout), or even media integration. Essentially, have a new idea for something that works with Twitter? Great, do that. Just stay away from Twitter?s territory. Perhaps the biggest change to Twitter?s API is a move toward more control over who can access Twitter?s information and user data. For a social service, that information is proprietary ? it?s what Twitter can offer that no one else can. Another short burst social network could pop up at some point, but it doesn?t have the users, the history, or the acquired data that is housed in Twitter?s servers. Twitter will be putting a tighter lock on that information, though it doesn?t appear to be for security reasons. Current API allows access to API endpoints without authentication. The new API will guarantee that Twitter knows exactly who is accessing it?s information as every request to the API will require authentication. There will also be new limitations on how often the API may be called per hour from a client. This tightening of security shouldn?t be mistaken as a favor for its user?s data ? this is so Twitter has sole ownership rather than giving away it?s special sauce. After the leaking of Twitter?s API keys hit GitHub, there is really no time better than now for Twitter to address this issue. This information was never really secret as it has to be available somewhere, it?s just knowing where to find it. Now people know where to find it, and worse for Twitter, they know what it entails. For all intents and purposes, this could allow unsanctioned Twitter clients to work around the restrictions Twitter has asked them to play by ? at least until Twitter catches up and changes the keys again. Then again, it could also be grounds for shutting down third party options all together. It?s the perfect opportunity for Twitter to make a move toward more openness, the way it started, while still finding a way to work with developers and make Twitter itself profitable. It?s also the perfect excuse for Twitter to shut down third party options all together, closing off its data for good from sources that may want to access it. Whatever decision Twitter takes, this is the fork in the road that Twitter faces. Move toward Google?s ?don?t be evil? policy or Facebook?s ?we?re successful and unchallenged in the market so who really cares?? plan. No one faults Twitter for wanting to make money, but is keeping competition from doing the same really the best way to reach that goal? Either way, it?s the ultimate #FirstWorldProblem. Read more: http://www.digitaltrends.com/mobile/firstworldproblems-twitter-api-and-third-party-problem/#ixzz2NunkL9EZ Follow us: @digitaltrends on Twitter | digitaltrendsftw on Facebook --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 19 07:56:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Mar 2013 08:56:57 -0400 Subject: [Infowarrior] - More Details On US Copyright Reform Ideas Message-ID: <5D8B6A88-0F14-4492-876A-1F9EFEA950EE@infowarrior.org> More Details On Copyright Register Maria Pallante's Call For Comprehensive, 'Forward-Thinking, But Flexible' Copyright Reform from the details,-details,-details dept On Friday, we had two stories breaking the news that the Register of Copyright is expected this week to call for comprehensive copyright reform, including both a slight reduction in term as well as some of other changes. It's somewhat surprising that (as far as I can tell), no other publications are reporting on this, considering the magnitude of this bit of news. There was a brief bit of speculation in Billboard, but most other publications have stayed silent so far. Today we have even more details. First, we have Pallante's expected testimony on Wednesday before the IP subcommittee of the House Judiciary Committee. It's a pretty short and simple piece that basically says "let's get this process started, because Copyright Reform is going to be a long and arduous process, but it needs to be done." And, as we noted last week, it sounds like a lot of stuff is on the table.... < big snip > http://www.techdirt.com/articles/20130318/11114922368/more-details-copyright-register-maria-pallantes-call-comprehensive-forward-thinking-flexible-copyright-reform.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 19 10:12:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Mar 2013 11:12:00 -0400 Subject: [Infowarrior] - SCOTUS denies appeal of woman who owes RIAA $222, 000 Message-ID: <6F9C2AC4-E80A-496F-81A7-846D3762B41F@infowarrior.org> Supreme court denies appeal of woman who owes RIAA $222,000 Copyright case finally concludes with woman owing music labels a bundle By Greg Sandoval on March 18, 2013 02:10 pm http://www.theverge.com/policy/2013/3/18/4119550/supreme-court-denies-appeal-of-woman-who-owes-riaa-222000 The seven-year copyright battle waged by Jammie Thomas-Rasset against the largest music recording companies has finally come to an end. And for Thomas-Rasset, the story ends nearly exactly where it began: with her owing the top record labels $222,000. The U.S. Supreme Court has declined to hear an appeal from the Minnesota woman who was accused in a 2006 copyright lawsuit of illegally sharing 24 songs online, according to a report by The Associated Press. The case received wide attention among music fans because it initially appeared that the music industry was setting itself up for a public-relations Waterloo. When the case was brought, the Recording Industry Association of America (RIAA), the trade group representing the top labels were preparing to end years of litigation against file sharers. Thomas-Rasset was the first person to refuse to settle with the RIAA and argue her case before a jury. The cost of settling back then? $3,500. On Monday, Thomas-Rasset and her lawyers were not immediately available for comment. An RIAA spokeswoman said in a statement: "We appreciate the Court?s decision and are pleased that the legal case is finally over. We've been willing to settle this case from day one and remain willing to do so." Thomas-Rasset went before two different juries and in each case they hammered her. In her first trial, the jury ordered her to pay the labels $222,000. That decision was tossed by the judge, and the case was retried. In the second trial, the jury ordered Thomas-Rasset to pay $1.9 million. The district judge in the case called the award "monstrous," and reduced the award. But the Eighth Circuit Court of Appeals reversed the district court's reduction and returned the award to the original $222,000. Critics of the RIAA predicted Thomas-Rasset would become the Joan of Arc for file sharing and bring a lot of bad press to the labels. But the RIAA ended the litigation campaign against its customers in December 2008. Meanwhile, popular legal music sites, such as Spotify and Pandora, began to offer convenience at a low price and file sharing is now on the wane. Still, the RIAA is sensitive about how it looks if they impoverish a woman of modest means. Look for them to ask her for far less than the $222,000. Update 4:29 p.m. ET: Kiwi Camara, one of Thomas-Rasset's attorneys replied to an interview request. "We are disappointed in the outcome," Camara wrote. "The issue will next come before the Supreme Court in the [Joel] Tenenbaum case, which is currently pending in the First Circuit." Tenenbaum was the second person to challenge RIAA copyright claims in court. The Supreme Court denied an earlier request by Tenenbaum to hear his case but he may get a second chance to go before the court depending on how the First Circuit decides. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 19 10:40:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Mar 2013 11:40:36 -0400 Subject: [Infowarrior] - Rep Gohmert wants to destroy hacker PCs virtually Message-ID: .... this is reminiscent of Rep Berman's infamous "Hollywood Hacking Bill" proposal from back in 2002, though Gohmert's comments are more oriented towards striking-back at hackers, it wouldn't take much to "re-interpret" such ideas more broadly again. Now if only he knew how to solve the 100% attribution problem....... Rep. Gohmert Wants A Law That Allows Victims To Destroy The Computers Of People Who Hacked Them http://www.techdirt.com/articles/20130316/01560522347/rep-gohmert-wants-law-that-allows-victims-to-destroy-computers-people-who-hacked-them.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 19 11:46:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Mar 2013 12:46:35 -0400 Subject: [Infowarrior] - SCOTUS upholds first-sale doctrine Message-ID: Court sides with student in case over textbooks http://www.salon.com/2013/03/19/court_sides_with_student_in_case_over_textbooks/singleton/ WASHINGTON (AP) ? The Supreme Court has sided with a Thai graduate student in the U.S. who sold cheap foreign versions of textbooks on eBay without the publisher?s permission, a decision with important implications for goods sold online and in discount stores. The justices, in a 6-3 vote Tuesday, threw out a copyright infringement award to publisher John Wiley & Sons. Thai graduate student Supap Kirtsaeng used eBay to resell copies of the publisher?s copyrighted books that his relatives first bought abroad at cut-rate prices. Justice Stephen Breyer said in his opinion for the court that the publisher lost any ability to control what happens to its books after their first sale abroad. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 19 11:47:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Mar 2013 12:47:48 -0400 Subject: [Infowarrior] - Cyberwar manual lays down rules for online attacks Message-ID: <0F6DEDB8-3F38-400D-A69E-4283A41EAF0E@infowarrior.org> Cyberwar manual lays down rules for online attacks By RAPHAEL SATTER | Associated Press ? 34 mins ago http://news.yahoo.com/cyberwar-manual-lays-down-rules-online-attacks-161234113--finance.html LONDON (AP) ? Even cyberwar has rules, and one group of experts is publishing a manual to prove it. A handbook due to be published later this week applies the venerable practice of international law to the world of electronic warfare in an effort to show how hospitals, civilians, and neutral nations can be protected in an information age fight. "Everyone was seeing the Internet as the 'Wild, Wild, West,'" U.S. Naval War College Professor Michael Schmidt, the manual's editor, said in an interview ahead of its official release. "What they had forgotten is that international law applies to cyberweapons like it applies to any other weapons." The Tallinn Manual ? named for the Estonian capital where it was compiled ? was created at the behest of the NATO Cooperative Cyber Defense Center of Excellence, a NATO think tank. It takes existing rules on battlefield behavior ? such as the 1949 Geneva Convention ? to the Internet, occasionally in creative or unexpected ways. The manual's central premise is that war doesn't stop being war just because it happens online. Hacking a dam's controls to release its reservoir into a river valley can have the same effect as breaching it with explosives, its authors argue. Legally speaking, a cyberattack which sparks a fire at a military base is indistinguishable from an attack that uses an incendiary shell. The humanitarian protections don't disappear online either. Medical computers get the same protection that brick-and-mortar hospitals do. The personal data related to prisoners of war have to be kept safe in the same way that the prisoners themselves are ? for example by having the information stored separately from military servers which might be subject to attack. Cyberwar can lead to cyberwar crimes, the manual warned. Launching an attack from a neutral nation's computer network is forbidden in much the same way that hostile armies aren't allowed to march through a neutral country's territory. Shutting down the Internet in an occupied area in retaliation against a rebel cyberattack could fall afoul of international prohibitions on collective punishment. Marco Roscini, who teaches international law at London's University of Westminster, described the 282-page manual as well-drafted and comprehensive, predicting that it would play an important role as military lawyers across the world grapple with issues of online warfare. "I'm sure it will be quite influential," he said. ___ Online: The Tallinn Manual: http://www.ccdcoe.org/249.html Raphael Satter can be reached at: http://raphae.li/twitter --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 20 08:27:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 09:27:43 -0400 Subject: [Infowarrior] - The Real Purpose of DRM Message-ID: The Real Purpose of DRM Ian Hickson https://plus.google.com/107429617152575897589/posts/iPmatxBYuj2 Discussions about DRM often land on the fundamental problem with DRM: that it doesn't work, or worse, that it is in fact mathematically impossible to make it work. The argument goes as follows: 1. The purpose of DRM is to prevent people from copying content while allowing people to view that content, 2. You can't hide something from someone while showing it to them, 3. And in any case widespread copyright violations (e.g. movies on file sharing sites) often come from sources that aren't encrypted in the first place, e.g. leaks from studios. It turns out that this argument is fundamentally flawed. Usually the arguments from pro-DRM people are that #2 and #3 are false. But no, those are true. The problem is #1 is false. The purpose of DRM is not to prevent copyright violations. The purpose of DRM is to give content providers leverage against creators of playback devices. Content providers have leverage against content distributors, because distributors can't legally distribute copyrighted content without the permission of the content's creators. But if that was the only leverage content producers had, what would happen is that users would obtain their content from those content distributors, and then use third-party content playback systems to read it, letting them do so in whatever manner they wanted. Here are some examples: A. Paramount make a movie. A DVD store buys the rights to distribute this movie from Paramount, and sells DVDs. You buy the DVD, and want to play it. Paramount want you to sit through some ads, so they tell the DVD store to put some ads on the DVD labeled as "unskippable". Without DRM, you take the DVD and stick it into a DVD player that ignores "unskippable" labels, and jump straight to the movie. With DRM, there is no licensed player that can do this, because to create the player you need to get permission from Paramount -- or rather, a licensing agent created and supported by content companies, DVD-CCA -- otherwise, you are violating some set of patents, anti-circumvention laws, or both. B. Columbia make a movie. Netflix buys the rights to distribute this movie from Columbia, and sells access to the bits of the movie to users online. You get a Netflix subscription. Columbia want you to pay more if you want to watch it simultaneously on your TV and your phone, so they require that Netflix prevent you from doing this. Now. You are watching the movie upstairs with your family, and you hear your cat meowing at the door downstairs. Without DRM, you don't have to use Netflix's software, so maybe just pass the feed to some multiplexing software, which means that you can just pick up your phone, tell it to stream the same movie, continue watching it while you walk downstairs to open the door for the cat, come back upstairs, and turn your phone off, and nobody else has been inconvenienced and you haven't missed anything. With DRM, you have to use Netflix's software, so you have to play by their rules. There is no licensed software that will let you multiplex the stream. You could watch it on your phone, but then your family misses out. They could keep watching, but then you miss out. Nobody is allowed to write software that does anything Columbia don't want you to do. Columbia want the option to charge you more when you go to let your cat in, even if they don't actually make it possible yet. C. Fox make a movie. Apple buys the rights to sell it on iTunes. You buy it from iTunes. You want to watch it on your phone. Fox want you to buy the movie again if you use anything not made by Apple. Without DRM, you just transfer it to your phone and watch it, since the player on any phone, whether made by Apple or anyone else, can read the video file. With DRM, only Apple can provide a licensed player for the file. If you're using any phone other than an iPhone, you cannot watch it, because nobody else has been allowed to write software that decrypts the media files sold by Apple. In all three cases, nobody has been stopped from violating a copyright. All three movies are probably available on file sharing sites. The only people who are stopped from doing anything are the player providers -- they are forced to provide a user experience that, rather than being optimised for the users, puts potential future revenues first (forcing people to play ads, keeping the door open to charging more for more features later, building artificial obsolescence into content so that if you change ecosystem, you have to purchase the content again). Arguing that DRM doesn't work is, it turns out, missing the point. DRM is working really well in the video and book space. Sure, the DRM systems have all been broken, but that doesn't matter to the DRM proponents. Licensed DVD players still enforce the restrictions. Mass market providers can't create unlicensed DVD players, so they remain a black or gray market curiosity. DRM failed in the music space not because DRM is doomed, but because the content providers sold their digital content without DRM, and thus enabled all kinds of players they didn't expect (such as "MP3" players). Had CDs been encrypted, iPods would not have been able to read their content, because the content providers would have been able to use their DRM contracts as leverage to prevent it. DRM's purpose is to give content providers control over software and hardware providers, and it is satisfying that purpose well. As a corollary to this, look at the companies who are pushing for DRM. Of the ones who would have to implement the DRM, they are all companies over which the content providers already, without DRM, have leverage: the companies that both license content from the content providers and create software or hardware players. Because they license content, the content providers already have leverage against them: they can essentially require them to be pro-DRM if they want the content. The people against the DRM are the users, and the player creators who don't license content. In other words, the people over whom the content producers have no leverage. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 20 11:42:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 12:42:55 -0400 Subject: [Infowarrior] - Voyager 1 has left the solar system Message-ID: (Snarky V'Ger ST:TMP comments aside, this is pretty cool. --rick) Voyager 1 has left the solar system, sudden changes in cosmic rays indicate 20 March 2013 AGU Release No. 13-11 http://www.agu.org/news/press/pr_archives/2013/2013-11.shtml For Immediate Release WASHINGTON ? Thirty-five years after its launch, Voyager 1 appears to have travelled beyond the influence of the Sun and exited the heliosphere, according to a new study appearing online today. The heliosphere is a region of space dominated by the Sun and its wind of energetic particles, and which is thought to be enclosed, bubble-like, in the surrounding interstellar medium of gas and dust that pervades the Milky Way galaxy. On August 25, 2012, NASA's Voyager 1 spacecraft measured drastic changes in radiation levels, more than 11 billion miles from the Sun. Anomalous cosmic rays, which are cosmic rays trapped in the outer heliosphere, all but vanished, dropping to less than 1 percent of previous amounts. At the same time, galactic cosmic rays ? cosmic radiation from outside of the solar system ? spiked to levels not seen since Voyager's launch, with intensities as much as twice previous levels. The findings have been accepted for publication in Geophysical Research Letters, a journal of the American Geophysical Union. "Within just a few days, the heliospheric intensity of trapped radiation decreased, and the cosmic ray intensity went up as you would expect if it exited the heliosphere," said Bill Webber, professor emeritus of astronomy at New Mexico State University in Las Cruces. He calls this transition boundary the "heliocliff." In the GRL article, the authors state: "It appears that [Voyager 1] has exited the main solar modulation region, revealing [hydrogen] and [helium] spectra characteristic of those to be expected in the local interstellar medium." However, Webber notes, scientists are continuing to debate whether Voyager 1 has reached interstellar space or entered a separate, undefined region beyond the solar system. "It's outside the normal heliosphere, I would say that," Webber said. "We're in a new region. And everything we're measuring is different and exciting." The work was funded by NASA's Jet Propulsion Laboratory in Pasadena, Calif. Notes for Journalists Journalists and members of the public can download a PDF copy of this accepted article by clicking on this link: http://onlinelibrary.wiley.com/doi/10.1002/grl.50383/abstract Or, you may order a copy of the final paper by emailing your request to Peter Weiss at pweiss at agu.org. Please provide your name, the name of your publication, and your phone number. Neither the paper nor this press release are under embargo Title: ?Recent Voyager 1 Data Indicate that on August 25, 2012 at a Distance of 121.7 AU From the Sun, Sudden and Unprecedented Intensity Changes were Observed in Anomalous and Galactic Cosmic Rays? Authors: W.R. Webber New Mexico State University, Department of Astronomy, Las Cruces, New Mexico, USA; F.B. McDonald University of Maryland, Institute of Physical Science and Technology, College Park, Maryland, USA. (Deceased) Contact information for the authors: W.R. Webber, Email: bwebber at nmsu.edu, Telephone: (575) 646-2007 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 20 13:44:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 14:44:02 -0400 Subject: [Infowarrior] - Rep. Gohmert's Record For Stunning Technological Ignorance Is Broken By... Rep. Gohmert Message-ID: Rep. Gohmert's Record For Stunning Technological Ignorance Is Broken By... Rep. Gohmert from the having-quite-a-week dept My goodness. Yesterday we posted about Rep. Louis Gohmert's incredible, head-shakingly ignorant exchange with lawyer Orin Kerr during a Congressional hearing concerning "hacking" and the CFAA. In that discussion, Gohmert spoke out in favor of being able to "hack back" and destroy the computers of hackers -- and grew indignant at the mere suggestion that this might have unintended consequences or lead people to attack the wrong targets. Gohmert thought that such talk was just Kerr trying to protect hackers. I thought perhaps Rep. Gohmert was just having a bad day. Maybe he's having a bad month. In a different hearing, held yesterday concerning ECPA reform, Gohmert opened his mouth again, and it was even worse. Much, much worse. Cringe-inducingly clueless. Yell at your screen clueless. Watch for yourself, but be prepared to want to yell. < -- > http://www.techdirt.com/articles/20130320/03244622387/rep-gohmerts-record-stunning-technological-ignorance-is-broken-rep-gohmert.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 20 15:52:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 16:52:09 -0400 Subject: [Infowarrior] - Carreon's baaaaack! Message-ID: <2B63A6FF-B1FB-4253-8FA4-0C5B9713CC8F@infowarrior.org> Charles Carreon Claims A First Amendment Right To Make Vexatious Legal Threats Without Consequence http://www.techdirt.com/articles/20130319/18061522383/charles-carreon-claims-first-amendment-right-to-make-vexatious-legal-threats-without-consequence.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 20 16:33:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 17:33:37 -0400 Subject: [Infowarrior] - More on....Fwd: Voyager 1 has left the solar system References: <6E242AB16EEDB540BA9F71DDD6C5074E7AEC5ED1@CTCXMBX01.ap.org> Message-ID: <420075E3-0A4E-475C-9BCD-ACDD50497B8E@infowarrior.org> Clarification from those closest to knowing. --rick Begin forwarded message: > From: "Bridis, Ted" > > Or not? > > http://www.nasa.gov/mission_pages/voyager/voyager20130320.html > > 03.20.13 > > "The Voyager team is aware of reports today that NASA's Voyager 1 has left the solar system," said Edward Stone, Voyager project scientist based at the California Institute of Technology, Pasadena, Calif. "It is the consensus of the Voyager science team that Voyager 1 has not yet left the solar system or reached interstellar space.? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Wed Mar 20 16:52:19 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 17:52:19 -0400 Subject: [Infowarrior] - Register Of Copyright Suggests That Personal Downloading Should Not Be Seen As 'Piracy' Message-ID: <956E2618-782C-4132-915A-AB461F0C3A18@infowarrior.org> How much you want to bet the MPAA/RIAA are cranking up their maximalist lobby teams to get Pallante removed from office after publicly uttering such heresy? --rick Register Of Copyright Suggests That Personal Downloading Should Not Be Seen As 'Piracy' from the good-to-see dept We've been discussing Maria Pallante's plans for copyright reform, which include a whole bunch of ideas -- some good, some bad and many as yet undetermined. In hearings today before the House Judiciary Committee, Pallante discussed a lot of this, but one surprising point that she had not clearly stated before is that "piracy should not be about the teenager downloading music at home." Instead, she talked about focusing on "the big pirates" who were doing it as a business. This is a fascinating statement as it may be the first time I've heard the Copyright Office suggest that personal use maybe shouldn't be considered infringement. I'm sure we'll have more on the (still ongoing) hearing later, but for now, this admission was a bit of a surprise worth noting. http://www.techdirt.com/articles/20130320/13493222399/register-copyright-suggests-that-personal-downloading-should-not-be-seen-as-piracy.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 20 21:44:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Mar 2013 22:44:07 -0400 Subject: [Infowarrior] - Secret report raises alarms on intelligence blind spots because of AQ focus Message-ID: Secret report raises alarms on intelligence blind spots because of AQ focus By Greg Miller http://www.washingtonpost.com/world/national-security/secret-report-raises-alarms-on-intelligence-blind-spots-because-of-aq-focus/2013/03/20/1f8f1834-90d6-11e2-9cfd-36d6c9b5d7ad_print.html A panel of White House advisers warned President Obama in a secret report that U.S. spy agencies were paying inadequate attention to China, the Middle East and other national security flash points because they had become too focused on military operations and drone strikes, U.S. officials said. Led by influential figures including new Defense Secretary Chuck Hagel and former senator David L. Boren (D-Okla.), the panel concluded in a report last year that the roles of the CIA, the National Security Agency and other spy services had been distorted by more than a decade of conflict. The classified document called for the first significant shift in intelligence resources since they began flowing heavily toward counterterrorism programs and war zones after the attacks of Sept. 11, 2001. The findings by the President?s Intelligence Advisory Board may signal a turning point in the terrorism fight. The document was distributed to senior national security officials at the White House whose public remarks in recent weeks suggest that they share some of the panel?s concerns. John O. Brennan, Obama?s former top counterterrorism adviser, who was sworn in as CIA director this month, told Congress in February that he planned to evaluate the ?allocation of mission? at the agency. He described the scope of CIA involvement in lethal operations as an ?aberration from its traditional role.? U.S. intelligence officials cautioned that any course adjustments are likely to be more incremental than wholesale. One reason is continued concern about the al-Qaeda threat. But another is the influence accumulated by counterterrorism institutions such as the CIA?s Counterterrorism Center as they have expanded over the past decade. Even Brennan made it clear that the CIA will not relinquish its fleet of armed drones, saying in written answers submitted to lawmakers as part of his confirmation that the agency had a long paramilitary history and ?must continue to be able to provide the president with this option.? Still, the advisory board?s previously undisclosed report reflects a broader concern about central aspects of the way counterterrorism operations are being prosecuted nearly 12 years after they began. Last year, Brennan led a multi-agency effort to impose tighter rules on the targeted killing of terrorism suspects overseas. In recent weeks, the administration has been forced to disclose details about the legal basis for drone strikes on U.S. citizens abroad amid an uproar in Congress over the secrecy surrounding such decisions. The White House also is weighing whether to give the Defense Department more control over the drone campaign and reduce the CIA?s role, although officials said the change could take years and probably would not involve CIA drone operations in Pakistan. The intelligence board is made up of 14 experts, many of whom formerly held top government posts. They meet in secret and have extensive access to intelligence officials and records. Members declined to discuss the contents of the report, citing the confidential nature of the group?s work. But several expressed deep misgivings about the increasingly paramilitary missions of the CIA and other intelligence agencies. ?The intelligence community has become to some degree a military support operation,? said Boren, a former chairman of the Senate Intelligence Committee who serves as co-chairman of the Intelligence Advisory Board. Boren said the deployment of intelligence personnel and resources has become so unbalanced that it ?needs to be changed as dramatically as it was at the end of the Cold War.? Another panelist, former congressman Lee H. Hamilton (D-Ind.), said traditional espionage ?has suffered as the CIA has put more and more effort into the operational side.? Hamilton was co-chairman of the 9/11 Commission, whose findings helped usher in far-reaching intelligence changes, including shifting huge resources to counter the terrorist threat. Now concerned that the shift has gone too far, Hamilton said that it is time to ?redirect the war footing that we?ve had, the focus on counterterrorism .?.?. and go back to the traditional functions of gathering and analyzing.? U.S. intelligence officials acknowledged that demands on spy agencies have grown in recent years, driven by political turmoil associated with the Arab Spring, the cyber-espionage threat posed by China and the splintering of militant groups in North Africa. The pressure has been compounded by shrinking or stagnant budgets for most agencies after years of double-digit increases. But officials disputed the suggestion that spy agencies have faltered in their ability to stay abreast of developments. Shawn Turner, spokesman for Director of National Intelligence James R. Clapper Jr., said that despite facing ?a more varied and voluminous array of challenges than we?ve seen in recent history,? U.S. spy agencies continue ?to successfully gather and analyze the intelligence that helps protect us from threats around the world.? Officials who have reviewed the panel?s report, however, said it documents numerous intelligence vulnerabilities created by the flow of people and resources to conflict zones. The CIA?s stations in Iraq and Afghanistan were among the largest in agency history, with thousands of case officers, analysts and support workers assigned to fortified compounds in Baghdad and Kabul and smaller bases outside the capitals. Those deployments have diminished with the winding down of those wars. But Boren suggested that there is a significant imbalance in ?how many personnel and experts we have in places like Iraq and Afghanistan versus other countries of great importance.? The need for better intelligence on China ?doesn?t mean we?re going to come to blows? with that country, Boren said. ?But in the long run, what?s more important to America: Afghanistan or China?? Boren also warned that repeated deployments to war zones have warped the training of a post-9/11 generation of spies. ?So far, nearly all of their experience has been in what I would call military support,? he said. ?Almost none of it has been in traditional intelligence-gathering and analysis.? U.S. intelligence officials stressed that counterterrorism accounts for only a small fraction of their resources. They said hundreds of analysts track political and economic developments in China as well as dozens of other topics. Even at the height of the Iraq and Afghan wars, the CIA and the Defense Intelligence Agency established divisions devoted to monitoring Iran and its alleged pursuit of a nuclear weapon, officials said. But those efforts are still dwarfed by entities focused on al-Qaeda. The CIA?s Counterterrorism Center had about 300 employees on the day of the Sept. 11 attacks. In recent years, its workforce has hovered around 2,000, roughly one in 10 CIA employees. Preston Golson, a CIA spokesman, said the agency was asked to take on a great deal of responsibility after the terrorist attacks. ?We?ve met those missions and, with our trademark agility, we will continue to meet both new and traditional intelligence roles and challenges,? he said. Karen DeYoung contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 06:54:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 07:54:50 -0400 Subject: [Infowarrior] - Tone Down the Cyberwarfare Rhetoric, Expert Urges Congress Message-ID: <8941D59F-AD8F-4EAD-B4A1-BC788D651A07@infowarrior.org> (Agree COMPLETELY! ---rick) Tone Down the Cyberwarfare Rhetoric, Expert Urges Congress ? By Kim Zetter ? 03.20.13 ? 6:36 PM http://www.wired.com/threatlevel/2013/03/tone-down-cyberwar-rhetoric/ As the nation spent this week pondering the wisdom of its decision to invade Iraq a decade ago, a witness urged Congress on Wednesday to consider more carefully how the United States will respond to a cyber 9/11 should one occur and to weigh carefully the use of strong statements that could force the nation to respond forcefully to a cyberattack, whether doing so is wise or not. Referring to last week?s announcement by the U.S. director of national intelligence that cyberattacks were the biggest threat the nation faced, Martin Libicki, senior management scientist at the RAND Corporation, told the House Homeland Security Committee that making strong statements about cyberattacks ?tends to compel the United States to respond vigorously should any such cyberattack occur, or even merely when the possible precursors to a potential cyberattack have been identified. Having created a demand among the public to do something, the government is then committed to doing something even when doing little or nothing is called for.? Put in perspective, cyber attacks might disrupt life, but they cannot be used to occupy another nation?s capital or force regime change. No one has yet died from a cyberattack either, he noted. Therefore, a cyberattack in and of itself, ?does not demand an immediate response to safeguard national security,? Libicki said during a hearing on cyberthreats against critical infrastructure from China, Russia and Iran. In order to avoid a rash decision in the wake of an attack, he said the nation needs to exert now as much effort worrying about how to respond to such an attack as it spends worrying and warning that such an attack will occur. ?[W]e are right to be worried about a ?9/11 in cyberspace,? but we also ought to worry about what a ?9/12 in cyberspace? would look like,? he said. The government should take the time to carefully consider the risks and consequences that a strong reaction to a cyber attack will produce and weigh them carefully against alternatives that could be more effective and cost less in the long run, such as downplaying the damages or disruptive effects of an enemy attack or simply ?fixing or forgoing software or network connections whose vulnerabilities permitted cyber-attacks in the first place.? By wailing about the damages of an attack in order to drum up outrage, we?re inviting more attacks, Libicki suggested. ?The more emphasis on the pain from a cyberattack, the greater the temptation to others to induce such pain ? either to put fear into this country or goad it into a reaction that rebounds to their benefit. Conversely, fostering the impression that a great country can bear the pain of cyberattacks, keep calm, and carry on reduces such temptation,? he said. Even though there might be good arguments in favor of ?drawing red lines for deterrence purposes ? ?if you do this, I will surely do that? ? ? if deterrence fails, such a declaration tends to constrain one into carrying out retaliation.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 06:58:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 07:58:11 -0400 Subject: [Infowarrior] - Level 3: The 10 Most Bizarre and Annoying Causes of Fiber Cuts Message-ID: <3BF199A1-0160-484B-8918-378936E126A4@infowarrior.org> The 10 Most Bizarre and Annoying Causes of Fiber Cuts August 4, 2011 By Fred Lawler 98 Comments When asked to name one of the great things about our network, I have to say it?s our fiber footprint. With over 57,000 miles of intercity and 27,000 miles of metro fiber, our footprint is a grand design of both buried and aerial paths. It makes us unique, but with that also comes one of the worst things about our network, and that is the different types of damage we see to our fiber plant. From errant excavators to crazed squirrels, there are so many different ways to wreak havoc on our network, it boggles the imagination! < -- > http://blog.level3.com/level-3-network/the-10-most-bizarre-and-annoying-causes-of-fiber-cuts/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 07:12:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 08:12:46 -0400 Subject: [Infowarrior] - Shouldn't heroes last forever? Message-ID: (c/o DS) Shouldn't heroes last forever? http://www.latimes.com/news/opinion/commentary/la-oe-handleman-nasa--renaming-neil-armstrong-20130320,0,5906835.story In honoring heroes by naming things after them, why must Congress downgrade and displace previous ones? By Philip Handleman March 20, 2013 In late February, the House cast a 394-0 vote to rename NASA's cutting-edge flight research center in Southern California after the late astronaut Neil Armstrong. What could possibly be wrong with that? In their advocacy, the bill's sponsors pointed out that Armstrong spent seven years at the desert center as a test pilot. Before the U.S. had a spaceship, Armstrong flew the next closest thing, the X-15 rocket plane, from there. That led to his joining the astronaut corps in 1962 and becoming the first person to set foot on the moon in 1969. His life will always be linked to the hallowed ground of the Mojave's lake beds where gutsy fliers infused with the "right stuff" still aim skyward to push the proverbial envelope ever farther, faster and higher. As well-intentioned as it is to recognize our most iconic space traveler, the measure that awaits the Senate's approval would strip the name of the prior honoree, Hugh L. Dryden, from the center where it has graced the entrance for 37 years. Dryden died in 1965 after a long and distinguished career advancing aerospace at NASA, its precursor, the National Advisory Committee for Aeronautics, or NACA, and other government agencies. As he put it, "The airplane and I grew up together." Dryden was a math and science prodigy. At 14, he entered Johns Hopkins University and graduated with honors in three years, and later earned graduate degrees. The head of the university's physics department referred to Dryden as "the brightest young man ? without exception." As a researcher, he contributed to the development of the laminar-flow wing, which helped to make the P-51 Mustang the premier fighter of World War II. He also oversaw development of the initial U.S. guided missiles used in the conflict. After the war, Dryden fostered a golden age of aeronautical breakthroughs at NACA's fledgling desert facility, exemplified by the trailblazing flights of the X-15. In 1957, the U.S. was jolted by the Soviet Union's launch of Sputnik. Soon afterward, NACA morphed into NASA, and Dryden became the new agency's No. 2 official. Dryden encouraged President Kennedy to set the nation's sights on a manned lunar mission. In 1961, the year the decision to go to the moon was made, Dryden wrote: "The discipline of cooperation in a great national effort may well be the instrument of great social gain." As a kind of consolation prize, the pending legislation relegates Dryden's name to the Western Aeronautical Test Range, the airspace that overlies 12,000 square miles of Mojave terrain. But based on experience with a similar game of name-related musical chairs at NASA's facility in Cleveland, this stepped-down recognition is likely to fade into vacuity. In 1999, the Lewis Research Center was renamed the Glenn Research Center at Lewis Field. With the passage of time, the lessened reference to Lewis simply evaporated. Lewis was George W. Lewis, an eminent engineer who had handed off the leadership of NACA to Dryden. Of course, Glenn is former Ohio Sen. John Glenn, the first American to orbit the planet. The danger in this shuffling of honors is that the honors will be diluted with each upstaging by the celebrity du jour. The names of Armstrong and Glenn could eventually suffer the same short shrift as Dryden and Lewis, when future explorers arguably eclipse their feats. In honoring new heroes, why must Congress downgrade and displace past heroes? An irony here is that Armstrong eschewed the limelight. His ethos was manifested by his admirable refusal to capitalize on his exalted status. In his NASA oral history, his humility shined when he acknowledged the extraordinary exertion of his teammates: "[T]hat's the only reason we could have pulled this whole thing off...." It makes one wonder whether Armstrong would have wanted his name to bump the name of one of those teammates. There is a veritable universe full of other material things that can be named after the first moon walker. There is the launch pad for the next heavy-lift booster. Or the booster rocket itself. The Armstrong 1969 has a stirring ring as a successor to the Saturn V. Perhaps the most fitting tribute, however, would be to finally resume the journey to the stars that Armstrong brilliantly represented and passionately advocated. Philip Handleman is the author of 22 books on aviation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 07:28:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 08:28:41 -0400 Subject: [Infowarrior] - Saudis gain Global Entry access to US Message-ID: <8D049747-FE65-461D-9D5E-E1468D76BB08@infowarrior.org> (Perhaps this is a diplomatic 'payment' in exchange for supporting future US actions in the region? Saudi Arabia is so very convenient to ...... oh, I don't know ..... Iran? --rick) DHS questioned over decision to let Saudi passengers skip normal passport controls Published March 20, 2013 http://www.foxnews.com/politics/2013/03/20/decision-to-extend-trusted-traveler-program-to-saudi-scrutinized/ A Department of Homeland Security program intended to give "trusted traveler" status to low-risk airline passengers soon will be extended to Saudi travelers, opening the program to criticism for accommodating the country that produced 15 of the 19 hijackers behind the Sept. 11, 2001, terrorist attacks. Sources voiced concern about the decision to the Investigative Project on Terrorism, which issued a report Wednesday on the under-the-radar announcement -- which was first made by Homeland Security Secretary Janet Napolitano after meeting in January with her Saudi counterpart. According to the IPT, this would be the first time the Saudi government has been given such a direct role in fast-tracking people for entry into the United States. "I think you have radical Wahhabism in certain elements in Saudi Arabia, and I think to be more lenient there than in other places would be a mistake," Rep. Frank Wolf told the Investigative Project on Terrorism. "There were 15 [hijackers] from that country, and there is a lot taking place in that region." Only an exclusive handful of countries enjoy inclusion in the Global Entry program -- Canada, Mexico, South Korea and the Netherlands. According to the IPT, some officials are questioning why Saudi Arabia gets to reap the benefits of the program, when key U.S. allies like Germany and France are not enrolled; Israel has reached a deal with the U.S., but that partnership has not yet been implemented. Any Saudi travelers cleared through the program will be able to bypass the normal customs line after providing passports and fingerprints. The status lasts for five years. The decision is a turnaround, the IPT notes, from when Saudi Arabia was briefly placed on a list of countries whose U.S.-bound travelers would face higher scrutiny, in the wake of the failed Christmas Day bombing attempt in 2009. But Napolitano spoke highly of "the bond between the United States and the Kingdom of Saudi Arabia" when she announced the change in January. "By enhancing collaboration with the government of Saudi Arabia, we reaffirm our commitment to more effectively secure our two countries against evolving threats while facilitating legitimate trade and travel," Napolitano said. The Global Entry program was launched in 2008 to expedite pre-approved passengers through the airport customs and security process when they arrive in the U.S. The program is designed to weed out low-risk passengers and enable authorities to zero in on those who may be more likely to pose a threat. But the program has sparked controversy in the past. Critics objected in late 2010 when Mexican citizens were included in the program, raising concerns that drug cartels would quickly learn how to exploit loopholes in the plan. DHS officials, however, insisted at the time that people who attain trusted traveler status don't get a free pass and are still subject to random searches. The program allows travelers who have undergone a thorough vetting process -- fingerprinting, background checks, interviews with customs agents, etc.-- to attain a low-risk status that allows them to skip the line at customs and complete their entry process at an automatic kiosk. Read more: http://www.foxnews.com/politics/2013/03/20/decision-to-extend-trusted-traveler-program-to-saudi-scrutinized/?test=latestnews#ixzz2OB0dCISB --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 07:32:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 08:32:39 -0400 Subject: [Infowarrior] - Inside the South Korean cyber-attack Message-ID: <37EAE823-30F6-459D-B8EA-425AF3EBA814@infowarrior.org> Your hard drive will self-destruct at 2pm: Inside the South Korean cyber-attack But the defacement of a website during the attack may be a separate problem. by Sean Gallagher - Mar 20 2013, 10:15pm EDT A cyber-attack in South Korea on Wednesday took the networks of several companies offline. While some recovered in a matter of hours, South Korea's public broadcasting organization, KBS, is still offline. But the identity of the person or group behind the attacks is still an open question?one muddied by the hackers who are taking credit for at least part of it. It's not clear at this point if the attack was state-sponsored, cyber-warfare by North Korea or simply an act of cyberterrorism by hackers looking to make a virtual name for themselves. As we reported earlier, at about 2pm Seoul time, the networks of three broadcasters and three banks were affected by an attack that disrupted their networks, possibly caused by malware. But while malware was initially blamed for the outage, the malware that's been discovered thus far could not have taken networks down by itself. There was a lot more going on than just a malware attack; the convergence of multiple types of attacks suggests a coordinated effort by an organized attacker. The latest update from South Korean officials is that the attack emanated from a Chinese IP address. But the identity of the attackers is still unclear..... < -- > http://arstechnica.com/security/2013/03/your-hard-drive-will-self-destruct-at-2pm-inside-the-south-korean-cyber-attack/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 13:09:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 14:09:18 -0400 Subject: [Infowarrior] - Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate Message-ID: <656CC807-51B9-45CA-A90C-6B6A1F6DDC67@infowarrior.org> Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate The Huffington Post | By Mollie Reilly Posted: 03/21/2013 1:06 am EDT | Updated: 03/21/2013 1:34 pm EDT http://www.huffingtonpost.com/2013/03/21/tom-coburn-national-science-foundation_n_2921081.html A measure limiting National Science Foundation funding for political science research projects passed the U.S. Senate on Wednesday, quietly dealing a blow to the government agency. Sen. Tom Coburn (R-Okla.) submitted a series of amendments to the Continuing Appropriations Act of 2013, the Senate bill to keep the government running past March 27. One of those amendments would prohibit the NSF from funding political science research unless a project is certified as "promoting national security or the economic interests of the United States." "Studies of presidential executive power and Americans' attitudes toward the Senate filibuster hold little promise to save an American's life from a threatening condition or to advance America's competitiveness in the world," Coburn wrote in a letter to NSF director Subra Suresh last week explaining his proposal. Coburn's NSF amendment was approved by the Senate during a voice vote on Wednesday afternoon. "I?m pleased the Senate accepted an amendment that restricts funding to low-priority political science grants," Coburn said in a statement following the vote. "There is no reason to spend $251,000 studying Americans' attitudes toward the U.S. Senate when citizens can figure that out for free." NSF funding for such research has long been a target of Coburn's. The Republican offered a similar amendment in 2009, and in 2011 released an oversight report on the NSF's "mismanagement and misplaced priorities." The passage of Coburn's amendment was met with backlash from members of the academic community, including the American Political Science Association. "Adoption of this amendment is a gross intrusion into the widely-respected, independent scholarly agenda setting process at NSF that has supported our world-class national science enterprise for over sixty years," the association said in a statement. "The amendment creates an exceptionally dangerous slippery slope. While political science research is most immediately affected, at risk is any and all research in any and all disciplines funded by the NSF. The amendment makes all scientific research vulnerable to the whims of political pressure." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 13:24:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 14:24:42 -0400 Subject: [Infowarrior] - Big Sis Refuses To Answer Congress On Bullet Purchases Message-ID: <8D0232EB-34F8-47C1-9EDC-5F5FBD5DAE85@infowarrior.org> Big Sis Refuses To Answer Congress On Bullet Purchases Steve Watson Infowars.com Mar 21, 2013 http://www.infowars.com/big-sis-refuses-to-answer-congress-on-ammo-purchases/ Speaking at CPAC with Infowars and We Are Change reporter, Luke Rudkowski, Congressman Timothy Huelscamp revealed this week that the Department of Homeland Security has refused to answer questions from ?multiple? members of Congress regarding its recent purchase of huge amounts of weapons and ammunition. ?They have no answer for that question. They refuse to answer to answer that,? Huelscamp said. ?I?ve got a list of various questions of agencies about multiple things. Far from being the most transparent administration in the world, they are the most closed and opaque,? the Congressman added. ?They refuse to let us know what is going on, so I don?t really have an answer for that. Multiple members of Congress are asking those questions,? he added. ?It comes down to during the budget process, during the appropriations process, are we willing to hold DHS?s feet to the fire?? ?We?re going to find out? I say we don?t fund them ?til we get an answer. Those type of things really challenge Americans. They are worried about this administration,? Huelscamp urged. Watch the clip below: The Congressman?s comments come in the wake of a demand for answers from New Jersey Congressman Leonard Lance on the same subject. ?I would like a full explanation as to why that has been done and I have every confidence that the oversight committee ?.should ask those questions,? said Lance, adding that he shared a belief, ?that Congress has a responsibility to ask Secretary Napolitano as to exactly why these purchases have occurred.? The DHS has purchased over 1.6 billion rounds of ammunition over the past year ? enough to wage a 20 year plus war. Earlier this month, Forbes Magazine called for a ?national conversation? on the matter. During the CPAC interview, Congressman Huelscamp also spoke briefly about why he voted twice against the National Defense Authorization Act, stating that it was because of the lack of detail regarding the provision in the bill to allow for incarceration of Americans without due process. ?I think it?s something that is so Constitutionally suspect,? Huelscamp said. ?It?s one of those things, if you?re not absolutely crystal clear on a Constitutional issue like that, we shouldn?t take those chances.? ?I gather there are folks on the other side who think they covered that. I just don?t think we did a good enough job,? the Congressman added. ?And based on how hard it was for Senator Paul to get an answer out of the administration, very clearly we need to make it absolutely clear that there are Constitutional protections in this country.? The Congressman also spoke with regards to the recent and ongoing furor over the Obama administration?s intentions for using drones domestically and it?s withholding of information on it?s overseas drone program. ?One of the difficulties I have as a member of Congress is the failure of this administration to provide information on what is actually going on,? Huelscamp said. ?When we take office we sign an oath to office, but we also sign a little card that says we have access to classified military intelligence, and I?ll just tell you, this administration and prior administrations are not very clear or transparent with the folks that actually control their budget.? ?Every member of Congress should know the answers to those questions, and whether or not they can share them,? the Congressman concluded. ?????????????????????- Steve Watson is the London based writer and editor for Alex Jones? Infowars.com, and Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham, and a Bachelor Of Arts Degree in Literature and Creative Writing from Nottingham Trent University. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 13:25:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 14:25:44 -0400 Subject: [Infowarrior] - TSA tested, scrapped program that tracked Bluetooth devices Message-ID: <1741BAF3-E232-4555-974B-71E2B4C742FE@infowarrior.org> Posted: 6:12 p.m. Wednesday, March 20, 2013 TSA tested, scrapped program that tracked Bluetooth devices http://www.wpxi.com/news/news/local/tsa-tested-scrapped-program-tracked-bluetooth-devi/nWyfh/ WASHINGTON, D.C. ? Lines can be long at airport security. The Transportation Security Administration knows too. Documents obtained by Eyewitness News showed TSA tested a project to measure how long. Sensors in the terminal found Bluetooth devices, honed in on the signals and tracked how long it took people to get through security. An internal TSA document stated it worked by, "?detecting signals broadcast to the public by individual devices and calculating a wait time as the signal passes sensors positioned to cover the area in which passengers may wait in line." It said the information would be encrypted and destroyed within two hours to protect people's privacy. TSA tested the technology in 2012 in Las Vegas and Indianapolis, but bailed on it. "This is an expensive and needlessly complicated way of estimating wait times, compared with say a ticket agent writing the time at the front of the line," said Julian Sanchez, author of "Wiretapping the Internet." TSA has taken criticism in the recent months for its handling of passenger privacy, including enhanced pat downs and whole body scanners. A spokesman for the Association of Airline Passengers Rights said his group isn't comfortable with Bluetooth tracking and TSA has a history of saying it's keeping passenger information private and then changing its story. TSA documents show the agency considered posting warning signs alerting passengers that Bluetooth sensors were active, but officials didn't return comment when Eyewitness News asked if the signs were posted at the cities where the technology was tested. A spokesman confirmed they've scrapped the program before it became public. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 20:09:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 21:09:20 -0400 Subject: [Infowarrior] - US plan calls for more scanning of private Web traffic, email Message-ID: <138800B1-8C8B-4592-BE93-D2D065AF52FE@infowarrior.org> Joseph Menn and Deborah Charles , Reuters ? 5 hrs. US plan calls for more scanning of private Web traffic, email http://www.nbcnews.com/technology/technolog/us-plan-calls-more-scanning-private-web-traffic-email-1C9001922 The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks. Under last month's White House executive order on cybersecurity, the scans will be driven by classified information provided by U.S. intelligence agencies ? including data from the National Security Agency (NSA) ? on new or especially serious espionage threats and other hacking attempts. U.S. spy chiefs said on March 12 that cyber attacks have supplanted terrorism as the top threat to the country. The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program. DHS as the middleman By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping. The telecom companies will not report back to the government on what they see, except in aggregate statistics, a senior DHS official said in an interview granted on condition he not be identified. "That allows us to provide more sensitive information," the official said. "We will provide the information to the security service providers that they need to perform this function." Procedures are to be established within six months of the order. The administration is separately seeking legislation that would give incentives to private companies, including communications carriers, to disclose more to the government. NSA Director General Keith Alexander said last week that NSA did not want personal data but Internet service providers could inform the government about malicious software they find and the Internet Protocol addresses they were sent to and from. "There is a way to do this that ensures civil liberties and privacy and does ensure the protection of the country," Alexander told a congressional hearing. Fears grow of destructive attack In the past, Internet traffic-scanning efforts were mainly limited to government networks and Defense Department contractors, which have long been targets of foreign espionage. But as fears grow of a destructive cyber attack on core, non-military assets, and more sweeping security legislation remained stalled, the Obama administration opted to widen the program. Last month's presidential order calls for commercial providers of "enhanced cybersecurity services" to extend their offerings to critical infrastructure companies. What constitutes critical infrastructure is still being refined, but it would include utilities, banks and transportation such as trains and highways. Under the program, critical infrastructure companies will pay the providers, which will use the classified information to block attacks before they reach the customers. The classified information involves suspect Web addresses, strings of characters, email sender names and the like. Not all the cybersecurity providers will be telecom companies, though AT&T is one. Raytheon said this month it had agreed with DHS to become a provider, and a spokesman said that customers could route their traffic to Raytheon after receiving it from their communications company. As the new set-up takes shape, DHS officials and industry executives said some security equipment makers were working on hardware that could take classified rules about blocking traffic and act on them without the operator being able to reverse-engineer the codes. That way, people wouldn't need a security clearance to use the equipment. Civil liberties implications The issue of scanning everything headed to a utility or a bank still has civil liberties implications, even if each company is a voluntary participant. Lee Tien, a senior staff attorney with the nonprofit Electronic Frontier Foundation, said that the executive order did not weaken existing privacy laws, but any time a machine acting on classified information is processing private communications, it raises questions about the possibility of secret extra functions that are unlikely to be answered definitively. "You have to wonder what else that box does," Tien said. One technique for examining email and other electronic packets en route, called deep packet inspection, has stirred controversy for years, and some cybersecurity providers said they would not be using that. In deep packet inspection, communication companies or others with network access can examine all the elements of a transmission, including the content of emails. "The signatures provided by DHS do not require deep packet inspection," said Steve Hawkins, vice president at Raytheon's Intelligence and Information Systems division, referring further questions to DHS. The DHS official said the government is still in conversations with the telecom operators on the issue. The official said the government had no plans to roll out any such form of government-guided close examination of Internet traffic into the communications companies serving the general public. Copyright 2013 Thomson Reuters. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 21 20:26:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Mar 2013 21:26:57 -0400 Subject: [Infowarrior] - MPAA: International box office revenues soared in 2012 Message-ID: But....but.....aren't you also saying how piracy is killing your profits? Or are your amazing profit numbers just as made-up as your alleged losses due to piracy? If so, then we should ignore all of your statistics, right? --rick International box office revenues soared in 2012, MPAA reports By Richard Verrier March 21, 2013, 1:15 p.m. http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-mpaa-report-20130321,0,4678358.story Hollywood remains a hot global commodity, according to a new industry report. Global movie ticket sales soared to new heights last year, climbing 6% to $34.7 billion, fueled mainly by growth in international box office revenue, according to a report by the Motion Picture Assn. of America, the chief lobbying arm for the major studios. International ticket sales reached $23.9 billion, up 6% compared to 2011 and up 32% over five years ago, driven by growth in Russia, Brazil, and China, which last year surpassed Japan as the world's largest international box office market for movies, the MPAA said in its annual survey of the industry. China had $2.7 billion in movie ticket sales last year, while Japan had $2.4 billion. The U.K., the third-largest international market, sold $1.7 billion in tickets. In the U.S. and Canada, 2012 box office revenue was $10.8 billion, up 6% from 2011 and 12% from five years ago, as theaters profited from such hits as "The Avengers" and "The Dark Knight Rises." The increase was driven largely by an increase in admissions to 2-D films. Revenue from higher-priced 3-D films was flat and average ticket prices remained virtually unchanged. Theaters sold 1.36 billion tickets in 2012, up 6% from 2011 and reversing two years of declines. Nonetheless, admissions were down from 1.52 billion in 2003, underscoring the long-term challenges exhibitors face to grow their business as consumers get increasingly more entertainment options in the home. For 2013, box office sales have slowed considerably. Ticket sales are down 12%, a result of several misfires, including Warner Bros.' comedy "Jack the Giant Slayer." From rforno at infowarrior.org Fri Mar 22 14:32:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Mar 2013 15:32:43 -0400 Subject: [Infowarrior] - Pay with $100 bill? Fill out the form. Message-ID: Customers to fill out form if paying with $100 bill Posted: Mar 20, 2013 6:19 AM EDT Updated: Mar 20, 2013 6:19 AM EDT Brian Crandall - email http://www.turnto10.com/story/21728102/customers-to-fill-out-form-if-paying-with-100-bill#.UUxpJtzUe7Q.twitter A local restaurant chain is now asking customers to fill out a form before paying with a 100. They say that's because they are often on the losing end off counterfeit $100 bills. Bob Bacon, owner Gregg's restaurants, said his four locations have received 5 fake $100 bills in the last three months. "When this happened once a year, it was kinda the cost of doing business," said Bacon. This starts to happen as frequently as it has since December, then it becomes something you at least have to do something about," Bacon told NBC10 News. The form asks for name, phone number, and drivers license number, which Bacon says is like what some places ask for from check users. Bacon does not think his customers are the counterfeiters. He says, "We're not getting the information so we can call up and say, you owe us a hundred dollars. That's not it at all. It's not about restitution. It's about gathering information and being able to maybe create a paper trail that leads to some resolution on this and maybe finding the origin of it." Bacon admits some customers have complained about the new policy. But he also adds the restaurants have not gotten any fake $100 bills since the policy was implemented 10 days ago. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 22 14:51:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Mar 2013 15:51:55 -0400 Subject: [Infowarrior] - Leaked! MPAA Talking Points On Copyright Reform Message-ID: <0159E611-B805-4DA1-9C99-7DB33D75680F@infowarrior.org> (as if we didn't guess what they'd be saying....--rick) Leaked! MPAA Talking Points On Copyright Reform: Copyright Is Awesome For Everyone! http://www.techdirt.com/articles/20130321/18271522414/leaked-mpaa-talking-points-copyright-reform-copyright-is-awesome-everyone.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 22 14:56:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Mar 2013 15:56:55 -0400 Subject: [Infowarrior] - CISPA sponsor inadvertently donates to anti-CISPA campaign Message-ID: CISPA sponsor inadvertently donates to anti-CISPA campaign ? By Kevin Collier on March 22, 2013 http://www.dailydot.com/politics/mike-rogers-cispaalert-cispa-eff/ There's a little hitch in congressman Mike Rogers's plan to use a popular Twitter hashtag to counter criticism of his most infamous, allegedly privacy violating bill. With each tweet, he's funding the Internet activists who oppose him. Rogers (R-Mich.)'s official Twitter account has, since Wednesday, been using the hashtag #CISPAalert to address criticism of his Cyber Intelligence Security Protection Act (CISPA). Activists are wrong, he says. CISPA wouldn't allow government "monitoring anyone?s email or personal information." But the congressman?or whoever runs his Twitter account?doesn't seem to have gotten the memo. A domain name registrar called Namecheap is running a promotion: offering a dollar to Internet activists at the Electronic Frontier Foundation for each tweet with that hashtag. The EFF is actively campaigning against CISPA, calling it a ?privacy-invading cybersecurity spying bill.? CISPA would allow companies whose networks are under attack to share what they know with federal agencies?that could include users' information?and those companies would be immune from violating privacy laws in such circumstances. So Rogers is right in the sense that the bill wouldn't allow continual monitoring, though it could certainly allow the government to end up with information on its citizens?and if it finds evidence of serious wrongdoing, it could prosecute. Privacy advocates almost unanimously decry the bill. Ditto the overwhelming majority of tweets with the #CISPAalert hashtag. More than 200 tweets have used it since Wednesday, mostly with sentiments like "This law would make every privacy policy on the web a total joke," and "Let's stop this terrible bill." Rogers has used it four times so far. His use alone wouldn't make much of a dent, but fortunately for the EFF, Namecheap's promotion includes a few other ways to donate, like Facebook shares or entering a code when you buy a new domain name. To date, it's raised $13,766 for the advocacy group. CISPA currently stands before the House of Representatives. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 22 19:40:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Mar 2013 20:40:14 -0400 Subject: [Infowarrior] - DHS Denies Massive Ammo Purchase Message-ID: DHS Denies Massive Ammunition Purchase By Elizabeth Flock March 22, 2013 http://www.usnews.com/news/blogs/washington-whispers/2013/03/22/dhs-denies-massive-ammunition-purchase Rep. Tim Huelskamp, R-Kan., says the Department of Homeland Security was planning to buy 1.6 billion rounds of ammunition over the next five years. The Department of Homeland Security responded Friday to questions from Rep. Tim Huelskamp, R-Kan., about why the agency was allegedly planning to buy some 1.6 billion rounds of ammunition over the next five years. DHS told Whispers it regularly fills all of its goods and services requirements at one time because it's cheaper for the agency, and that the 1.6 billion number was misleading because the language of DHS's purchase said it would need "up to" a certain amount. One solicitation by the agency?for training centers and law enforcement personnel?was for "up to" 750 million rounds of training ammunition over the next five years, DHS spokesman Peter Boogaard told Whispers. Another five-year contract allows for the purchase of "up to" 450 million rounds of ammunition, he said, and was also for law enforcement. Boogaard noted that the contract would be used by all DHS agencies except the Coast Guard. "With more than 100,000 armed law enforcement personnel in DHS, significant quantities of ammunition are used to support law enforcement operations, quarterly qualifications, and training, to include advanced firearms training exercises," Boogaard told Whispers. According to a letter to one lawmaker detailing DHS ammunition purchases, the department procured 148 million rounds in 2012. Questions over DHS's big ammunition purchases have been bouncing around the right-wing blogosphere for months. But the story came to a head Friday after a video was posted to the website Infowars of Rep. Huelskamp saying at CPAC that he had expressed concerns to DHS over the purchase but received no response. "They have no answer for that question. They refuse to answer to answer that," Huelskamp said on the video of the purchases. His office told Whispers that he had sent a letter to DHS with his concerns but had not heard back. In the letter to DHS Secretary Janet Napolitano, Huelskamp wrote that it had "become clear" that DHS was "purchasing vast quantities of ammunition" and that "estimates show that this ... would be enough for 24 Iraq wars." The Kansas congressman also said the timing of the purchase was "of great interest" because of gun control legislation currently being pushed by the Obama administration. "The extraordinary level of ammunition purchases made by Homeland Security seems to have, in states such as my own, created an extreme shortage of ammunition to the point where many gun owners are unable to purchase any," he wrote. DHS previously responded to concerns over the purchase voiced by Sen. Tom Coburn, R-Okla., noting in a detailed letter sent to the senator's office in February just how much had been purchased and for what purpose. "DHS routinely establishes strategic sourcing contracts that combine the requirements of all its components for commonly purchased goods and services such as ammunition," a DHS legislative affairs person wrote to Coburn. "These strategic sourcing contracts help leverage the purchasing power of DHS to efficiently procure equipment and supplies at significantly lower costs," the department told Coburn. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 22 19:43:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Mar 2013 20:43:07 -0400 Subject: [Infowarrior] - 'Government Cover-up of Ammo Buys' Implodes Message-ID: Government Cover-up of Ammo Buys Implodes Steve Watson Infowars.com Mar 22, 2013 http://www.infowars.com/government-cover-up-of-ammo-buys-implodes/ The failure on behalf of the federal government to provide any explanation for why the Department of Homeland Security is arming to the teeth with high powered weapons and billions of hollow point bullets, as well as crude efforts by mainstream media mouthpieces to debunk the war-like preparations, have backfired massively, propelling the story to a viral status. As we reported today, 15 Congressman have written a letter to the DHS demanding to know why the federal agency is buying so many rounds of ammunition and whether the purchases are part of a deliberate attempt to restrict supply to the American people. Big Sis has remained silent on the issue, refusing to answer questions from reporters and even from multiple elected representatives, about the ammo buys. The continued huge orders for weapons and bullets have prompted attendances at gun shows to explode, as gun store owners say they having to contend with significant national shortages. Efforts to portray the very real stockpiling by the federal agency as a conspiracy theory have fallen flat on their face, and have only served to further highlight how suspect the DHS? actions are. When Media Matters and Raw Story both recently attacked Fox Business host Lou Dobbs for daring to raise the issue on his show, it quickly became clear that neither had any prevailing counter point, and were dismissing the facts only by regurgitating a glib statement of a single DHS official. Media Matters, which has been documented to be little more than an Obama administration mouthpiece, reported that, ?The claim that DHS bought a 1.6 billion bullet stockpile is also misleading,? while simultaneously admitting that ?DHS did buy 1.6 billion rounds of ammunition.? The source of the claim that concerns over the bullet buys are a conspiracy theory or ?misleading,? is a February 14 Associated Press report which did not conduct any actual investigation into why the DHS was purchasing the ammo, instead regurgitating a statement from DHS official Peggy Dixon, who claimed the bullets were bought in bulk to save money and were for training purposes only. As we have tirelessly noted, however, hollow point bullets are completely unsuitable for training purposes because they cost significantly more money compared to standard firing range bullets. In one fell swoop, this fact debunks claims that the agency was attempting to save money argument and is intending to use the ammo in training exercises. Military veterans and ammunition experts have also confirmed that they have never used hollow points for training purposes, expressing confusion at why the DHS is buying up so many of them. When Atlantic Wire and Politico also attempted to debunk the issue, they completely ignored the DHS? admitted purchases of close to 2 billion bullets, instead focusing only on the Social Security Administration?s purchase of 174,000 bullets, as if it were some how proof that the DHS is not involved in stockpiling at all. Snopes.com, a site that profits from debunking anything and everything, also failed to even address the DHS bullet purchases, again pointing only to SSA and National Oceanic and Atmospheric Administration purchases. Apparently, the mainstream media has failed to grasp that concerns about government activity cannot be ?debunked? by merely repeating glib statements issued by government officials, particularly given the amount of times the DHS has been caught lying about other issues such as TSA body scanners and most recently with Janet Napolitano?s erroneous claim that the sequester debate was causing delays in airports. Amidst all the so-called ?debunkings? of the bullet buys, the aforementioned media sources have also conveniently omitted details regarding the DHS? purchase of 7,000 fully automatic assault rifles, as well as a $2 million dollar relationship with a contractor that recently had to apologize for producing shooting targets of pregnant women, children and elderly gun owners depicted in residential settings. The DHS has also been busy buying large supplies of body armor, leading to shortages. Last year, the agency put out an urgent order for ?riot gear? in anticipation of civil unrest. The agency has also ordered bullet-proof checkpoint booths and hired hundreds of new security guards to protect government buildings over the course of the last 12 months. There have also been reported purchases of around 2,700 armored trucks. None of this has been addressed by the mainstream media. Government silence, sustained secrecy, and media mouthpieces declaring it isn?t real has only served to implode an already shoddy cover-up attempt, further shining a light on the secretive prepping actions of Big Sis and her army of goons. ?????????????????????- Steve Watson is the London based writer and editor for Alex Jones? Infowars.com, and Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham, and a Bachelor Of Arts Degree in Literature and Creative Writing from Nottingham Trent University. This article was posted: Friday, March 22, 2013 at 11:52 am --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 22 19:44:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Mar 2013 20:44:33 -0400 Subject: [Infowarrior] - When the Whole World Has Drones Message-ID: NATIONAL SECURITY When the Whole World Has Drones The precedents the U.S. has set for robotic warfare may have fearsome consequences as other countries catch up. by Kristin Roberts Updated: March 22, 2013 | 12:29 p.m. March 21, 2013 | 8:20 p.m. A slim aircraft glided through Israeli airspace, maintaining low altitude and taking a winding path to avoid detection. It flew over sensitive military installations and was beginning its approach to the Dimona nuclear reactor when it was blown from the sky by the Israel Defense Forces. The plane was pilotless, directed by agents elsewhere, and had been attempting to relay images back home. Whether they were successfully transmitted, Israelis won?t say, perhaps because they don?t know. But here?s what?s certain: It wasn?t American. It wasn?t Russian or Chinese. It was an Iranian drone, assembled in Lebanon and flown by Hezbollah. The proliferation of drone technology has moved well beyond the control of the United States government and its closest allies. The aircraft are too easy to obtain, with barriers to entry on the production side crumbling too quickly to place limits on the spread of a technology that promises to transform warfare on a global scale. Already, more than 75 countries have remote piloted aircraft. More than 50 nations are building a total of nearly a thousand types. At its last display at a trade show in Beijing, China showed off 25 different unmanned aerial vehicles. Not toys or models, but real flying machines. It?s a classic and common phase in the life cycle of a military innovation: An advanced country and its weapons developers create a tool, and then others learn how to make their own. But what makes this case rare, and dangerous, is the powerful combination of efficiency and lethality spreading in an environment lacking internationally accepted guidelines on legitimate use. This technology is snowballing through a global arena where the main precedent for its application is the one set by the United States; it?s a precedent Washington does not want anyone following. America, the world?s leading democracy and a country built on a legal and moral framework unlike any other, has adopted a war-making process that too often bypasses its traditional, regimented, and rigorously overseen military in favor of a secret program never publicly discussed, based on legal advice never properly vetted. The Obama administration has used its executive power to refuse or outright ignore requests by congressional overseers, and it has resisted monitoring by federal courts. To implement this covert program, the administration has adopted a tool that lowers the threshold for lethal force by reducing the cost and risk of combat. This still-expanding counterterrorism use of drones to kill people, including its own citizens, outside of traditionally defined battlefields and established protocols for warfare, has given friends and foes a green light to employ these aircraft in extraterritorial operations that could not only affect relations between the nation-states involved but also destabilize entire regions and potentially upset geopolitical order..... < - big snip - > http://www.nationaljournal.com/magazine/when-the-whole-world-has-drones-20130321?print=true --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 22 23:11:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Mar 2013 00:11:59 -0400 Subject: [Infowarrior] - Good read: Five myths about Chinese hackers Message-ID: Five myths about Chinese hackers By James Andrew Lewis http://www.washingtonpost.com/opinions/five-myths-about-chinese-hackers/2013/03/22/4aa07a7e-7f95-11e2-8074-b26a871b165a_story_1.html If you work in Washington ? on the Hill or on K Street, at a law firm or at a think tank ? you?ve probably been hacked. If you work at a major American company, you?ve probably been hacked, too. The penetration of U.S. computer networks by Chinese hackers has been going on for more than three decades. It?s good that it is finally getting attention, but with that spotlight have come exaggeration and myths that need to be discarded. 1. We are in a cyber cold war with China. We are not in a war ? cold, cool or hot ? with China in cyberspace. There have been none of the threats, denouncements or proxy conflicts that characterize a cold war. In fact, the administration appears to have omitted any mention of the Chinese military in recent high-profile speeches on Chinese hacking. After Treasury Secretary Jack Lew met recently with top Chinese officials in Beijing, he told reporters there that cyberattacks and cyber-espionage are a ?very serious threat to our economic interests.? ?Cyberattack? is one of the most misused terms in the discussion of Chinese hackers. With very few exceptions, China has not used force against the United States in cyberspace. What it has been doing is spying. And spying, cyber or otherwise, is not an attack or grounds for war, even if military units are the spies. Spying isn?t even a crime under international law, and it wouldn?t be in Washington?s interest to make it so. Trying to cram Chinese hackers into antiquated cold war formulas doesn?t help, either. America?s relationship with China is very different from the one it had with the Soviet Union, in which contacts were extremely limited and there was no economic interdependence. The idea of ?containment? for China is inane. How would you ?contain? a major economic partner? 2. China?s hackers are unstoppable cyberwarriors. The problem isn?t that the Chinese are so skilled; it?s that U.S. companies are so inept. A survey I published last monthfound that more than 90 percent of corporate-network penetrations required only the most basic techniques, such as sending a bogus e-mail with an infected attachment, and that 85 percent went undetected for months ? another sign of lax security. (One more sign: They were usually discovered by an outsider rather than the victimized company.) There is debate within the U.S. intelligence community about whether the Chinese have more sophisticated cyberattackers waiting in the wings or whether we?ve seen the best they can do. But it?s clear that so far, they haven?t had to bring their A-game to break into our networks. 3. China is poised to launch crippling attacks on critical U.S. infrastructure. Obama?s State of the Union address included a line about how ?our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air-traffic-control systems.? Similarly, a recent report by the security firm Mandiant suggested that China?s hackers are increasingly focused on companies with ties to U.S. critical infrastructure. In peacetime, however, China is no more likely to launch a cyberattack on American infrastructure than it is to launch a missile at us. It has no interest in provoking a war it couldn?t win or in harming an economy it depends on. Even in wartime, China would want to avoid escalation and would be more apt to launch cyberattacks on the Pacific Command or other deployed U.S. forces than on domestic American targets. China would attack civilian infrastructure only in extremis ? if the survival of its regime were threatened. 4. Cyber-espionage is causing the greatest transfer of wealth in history. This claim has been repeated by the likes of the head of U.S. Cyber Command. It?s a dramatic way to describe the theft, mainly by China, of American intellectual property, but it doesn?t make economic sense. Putting a dollar value on the loss from cyber-espionage is very difficult, and many estimates are wild guesses. A reasonable assessment would be that it costs the United States no more than $100 billion a year and perhaps much less ? what some economists would describe as a rounding error in our $15 trillion economy. This is not death by a thousand cuts. It probably isn?t even slowing the U.S. economy. Even when China steals intellectual property, it can take years to turn it into a competitive advantage. The right technical skills and manufacturing base are needed to turn advanced designs into high-end competitive products. China is still lagging in many high-tech arenas, such as semiconductors. The one area where this is not true is military technology. Chinese espionage has led to rapid improvements in that country?s stealth, submarine-quieting, nuclear weapons and sensor technologies. While the economic risk from cyber-espionage is generally overstated, the United States has probably underestimated the damage to its lead in military technology. 5. America spies on China, too, so what can we complain about? Chinese officials portray their country as a victim of hacking. Meanwhile, some American scholars question whether the United States is in a position to criticize, since it also engages in cyber-espionage. ?Perhaps the complaint is that the Chinese are doing better against our government networks than we are against theirs,? law professor Jack Goldsmith wrote. That misstates the issue. The Internet, poorly secured and poorly governed, has been a tremendous boon for spying. Every major power has taken advantage of this, but there are unwritten rules that govern espionage, and China?s behavior is out of bounds. Where Beijing crosses the line is in economic espionage: stealing secrets from foreign companies to help its own. China also outmatches all other countries in the immense scale of its spying effort, and the United States is far from the only nation to have suffered. The United States, by contrast, does not engage in economic espionage. As one Chinese official put it in recent talks at the Center for Strategic and International Studies: ?In America, military espionage is heroic and economic espionage is a crime, but in China the line is not so clear.? The United States and other countries need to make that line clearer and discourage China from crossing it. jalewis at csis.org --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 23 17:28:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Mar 2013 18:28:18 -0400 Subject: [Infowarrior] - Senators introduce bill to create teams of cyber guardsmen at state-level Message-ID: <8595A50A-DA77-4ACA-9167-7F16C30E4938@infowarrior.org> Hrmmm.....this sounds a mite familiar. Oh, yes: I proposed a very similar concept 15 years ago in Campen & Dearth's book 'Cyberwar 2.0' (AFCEA Press, 1998) --rick Senators introduce bill to create teams of cyber guardsmen at state-level By Jennifer Martinez - 03/22/13 04:51 PM ET http://thehill.com/blogs/hillicon-valley/technology/289931-senators-introduce-bill-to-create-teams-of-cyber-guards-at-state-level A bipartisan group of eight senators introduced a bill on Friday that would establish teams of cyber guards in each state and territory that could be called upon to respond to local cyberattacks and computer security emergencies. These cyber response teams would be part of the National Guard and could be activated by a state governor or the secretary of Defense to respond to a local cyber incident. The bill, called the Cyber Warriors Act, is designed to expand the cyber mission and capabilities of the National Guard, as well as boost the pool of skilled cyber professionals in the United States who are equipped to respond to computer security incidents. ?Terrorists could shut down electric grids in the middle of winter, zero-out bank accounts, or take down a stock exchange causing an unimaginable amount of disruption and harm. Meanwhile, our military and homeland cyber defense forces are thousands short of the need identified by our leaders," Sen. Kirsten Gillibrand (D-N.Y.), the lead sponsor of the bill, said in a statement. "We must ensure that we can recruit and retain talented individuals who can protect our nation?s cybersecurity at home and abroad.? The bill would also allow governors to call on the cyber guard to train state and local law enforcement on methods to defend computer networks from online threats and attacks, as well as develop best practices that would allow these local entities to work more cohesively with federal responders. Additionally, the bill would require the secretary of Defense to report on ways to recruit and retrain more skilled cyber professionals. To this end, the Defense chief would report on the training requirements and demands in cyber-focused divisions and methods used to recruit members of the Armed Forces. Boosting the nation's cybersecurity has become a top priority for President Obama and Congress this year after intelligence officials have warned about the rising cyber threat facing the country. When testifying before Congress this month, Director of National Intelligence James Clapper said a cyberattack is the number threat to the country. Top defense officials and lawmakers have issued warnings about the shortfall of skilled cyber professionals in the U.S. Homeland Security Secretary Janet Napolitano has talked about the urgent need to educate and develop the next generation of cyber defense workers. Along with Gillibrand, Sens. Chris Coons (D-Del.), David Vitter (R-La.), Roy Blunt (R-Mo.), Mary Landrieu (D-La.), Patrick Leahy (D-Vt.), Mark Warner (D-Va.) and Patty Murray (D-Wash.) also co-sponsored the bill. The House is expected to vote on cybersecurity legislation next month, while the upper chamber will likely put forward a bill later this year. Read more: http://thehill.com/blogs/hillicon-valley/technology/289931-senators-introduce-bill-to-create-teams-of-cyber-guards-at-state-level#ixzz2OP7TBvsV Follow us: @thehill on Twitter | TheHill on Facebook --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 23 18:27:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Mar 2013 19:27:17 -0400 Subject: [Infowarrior] - Twitter sued for $50 million for refusing to reveal anti-semites Message-ID: <92E93F44-8178-4714-95A1-13191574527F@infowarrior.org> (c/o KM) Twitter sued for $50 million for refusing to reveal anti-semites Cites First Amendment, lack of jurisdiction in its refusal. by Ian Steadman, wired.co.uk - Mar 22 2013, 4:28pm EDT http://arstechnica.com/tech-policy/2013/03/twitter-sued-50-million-for-refusing-to-reveal-anti-semites/ In January, a French court ruled that Twitter must hand over the details of people who had tweeted racist and anti-semitic remarks, and set up a system that would alert the police to any further such posts as they happen. Twitter has ignored that ruling, and now the Union of French Jewish Students (UEJF) is suing it for ?38.5 million ($49.96 million) for its failure. The case revolves around a hashtag?#unbonjuif ("a good Jew")?which became the third-most popular on the site in October 2012. The UEJF took Twitter to court, demanding that those who had tweeted anti-semitic remarks using the hashtag be named by Twitter so the police could prosecute them for hate speech. Twitter refused, arguing it was based in the United States and thus protected by the First Amendment's freedom of speech guarantees. A Parisian circuit court ruled against the social network, giving it two weeks to comply or face a fine of up to ?1,000 ($1,298) for each day it doesn't. The UEJF want considerably more than that, says its president, Jonathan Hayoun, because the site "is making itself an accomplice and offering a highway for racists and anti-Semites". "Twitter is playing the indifference card in not respecting the decision of 24 January," he added, when speaking to AFP. If the UEFJ wins its case, it plans to donate the money to the Shoah Memorial Fund. Twitter has said it will appeal the decision. It deleted many of the offensive tweets in January after the earlier court ruling, but has so far held back on using its country withheld content feature to pre-filter potentially offensive content, as it does with neo-Nazi posts in Germany. This post originally appeared on Wired UK. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 23 21:40:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Mar 2013 22:40:29 -0400 Subject: [Infowarrior] - The Changing TV News Landscape Message-ID: (c/o ST) The Changing TV News Landscape by Mark Jurkowitz, Paul Hitlin, Amy Mitchell, Laura Santhanam, Steve Adams, Monica Anderson and Nancy Vogt of Pew Research Center The news programs that Americans watch on national cable channels and their local television stations have changed significantly in recent years while the network evening newscasts have remained remarkably stable, according to a new study from the Pew Research Center. On cable, the news structure of the three channels?the mix of interviews, packaged segments and live coverage?has changed. After relying on significantly distinct formats five years ago, the three rivals now look strikingly similar. At the same time, some of the differences that demarcated daytime cable from prime time have also eroded in the past five years. Traditionally known for its attention to breaking news, daytime cable?s cuts in live event coverage and its growing reliance on interviews suggest it may be moving more toward the talk-oriented evening shows. This transition may cut the costs of having a crew and correspondent provide live event coverage. < - > http://stateofthemedia.org/2013/special-reports-landing-page/the-changing-tv-news-landscape/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 24 10:31:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Mar 2013 11:31:03 -0400 Subject: [Infowarrior] - Movie, TV ads annoying? You ain't seen nothin' yet Message-ID: <4D22F417-6D55-46E3-86D6-6E2F7B8129C2@infowarrior.org> Movie, TV ads annoying? You ain't seen nothin' yet http://www.theregister.co.uk/2013/03/23/digital_advertising_futures/ 'Don't want to watch ads? Then we'll slip 'em into the show, just for you!' By Rik Myslewski in San Francisco ? Get more from this author Posted in Media, 23rd March 2013 01:23 GMT GTC 2013 Digital-content producers, distributors, broadcasters, and advertising firms are developing new strategies about how to monetize movies and TV shows in a world in which consumers want their content for free, skip past ads on their DVRs, and despite high-profile efforts to stop them, still find piracy an attractive option. "There's a real tension out there today ? almost a crisis, not quite ? between the big content producers, and I mean broadcasters and Hollywood, about how they continue to fund these multi-billion-dollar global content initiatives at the same time as satisfying the needs of people who aren't prepared to really pay for them," said MirriAd CEO Mark Popkiewicz during a session on the monetization of visual content at this week's GPU Technology Conference in San Jos?, California. MirriAd, as its name implies, focuses on the advertising side of monetization. "The whole industry has rallied to find ways in which to make advertising more compelling and deliver more value to the audience," Popkiewicz said, "because at the end of the day we will tolerate advertising when it gives us something back. When it doesn't, it's called spam ? it gets in the way and it's intrusive." We'll leave it to you, dear Reg reader, to determine for yourself whether Popkiewicz's solution should be deemed spam or whether it "gives something back" to you in exchange for your content-watching time and effort ? and your money, should you be one of those honest folks who pays for content either by purchase or subscription. What MirriAd does is vault the time-honored practice of product placement ? well, "honored" may not be the proper term among many observers ? into the 21st century by digitally placing products, logos, billboards, and the like into video content. A few years back, Popkiewicz spotted what he identified as "a very fast-growing environment for branded entertainment" ? that is, video or film content in which brands themselves play a role in storytelling, either in a supporting role or as background. Traditional product placement is straightforward: an advertiser or brand manager pays a content producer a chunk o' change to have their product included in a movie or TV sequence. MirriAd, on the other hand, adds a product, logo, billboard, or whatever into already-completed content through digital means. It appears as if the product were there for the shot, but it wasn't. "Using technology like ours is likely to deliver a better result than a hurried placement of brands on a studio floor where they're running out of time and budget, and they're just going to shove them in and God knows what the results will be," Popkiewicz said. That may be an arguable point, but one unarguable advantage of MirriAd's method is that paid placements can not only be added and subtracted at will, but can also be targeted at specific markets, such as the 20 different worldwide markets in which their technology is already in use. "It's being used on TV content and increasingly online," Popkiewicz said, "and we've scaled the platform to deliver circa 15,000 seconds of digital placement on a monthly basis. So if you consider there's about 30 seconds of placement in, say, a 30-minute show, you can do the math and see there's actually quite a lot of content being processed." Not that traditional product placement hasn't had its success. Popkiewicz cited the recent James Bond vehicle, Skyfall, as one example. "Heineken replaced in Skyfall the vodka martini, I believe, rather well ? although you didn't actually see him order one from the bar," he said. "... And it's boosted the brand enormously. If Heineken wasn't already a well-known brand, it certainly is now." But once that can of watery Dutch lager made it into Skyfall, it would be a collosal pain to either remove it or replace it with a pint of Theakston's Old Peculier. Not so with MirriAd's digital product placement. Nor could that Heinie perform another trick that Popkiewicz sees coming down the advertising pike: product placement personalized just for you. MirriAd is already working with marketing communications company WPP to match the products digitally placed in a video segment to the products in the pre-roll ads that, for example, Google targets to you on YouTube. "The impact from a marketing point of view of those two is much higher," he said, when one reinforces the other. But that's just the beginning. Imagine that you search for, say, a blender on Google one afternoon, then that evening when you sit down on your couch to indulge in a little mindless Big Bang Theory video-streaming entertainment, you're treated to Sheldon and Leonard* in a bit of madcap smoothie-making madness with a seven-speed Oster BVCB07-Z. Your next-door neighbor, however, whom the all-seeing intertubes know to be of more modest means, sees the same hijinks ? but they're taking place with a low-rent Oster 6706. That won't happen tomorrow. As Popkiewicz admits, "Targeting the right thing to the right person in the right way at the right time, whether it be the content or the ad that goes with it, is still quite a big challenge." But trust us, that day will arrive. "I think we're on the brink of a massive change in the industry," Popkiewicz said, "which I think is going to be driven by the immense power and processing capabilities that are out there, and the solutions that can actually bring to bear some enormous firepower on solving some of these [challenges] that sound simple, but are very difficult to deliver." Not that there aren't people who are trying. Popkiewicz related how a "major advertising executive at a major corporation" recently said that all he's currently focused on is "understanding how the noodle works," and investing heavily in neuroscience to determine what and how we humans either enjoy or don't enjoy. Once advertisers crack the codes to our pleasure centers, Katy bar the door. Or as Popkiewicz put it, "I think understanding human behavior is going to drive what technology is going to deliver in the coming years, particularly --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 25 07:33:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Mar 2013 08:33:11 -0400 Subject: [Infowarrior] - Schneier: Our Internet Surveillance State Message-ID: <1C038366-0940-404B-92D2-47FB02242994@infowarrior.org> March 25, 2013 Our Internet Surveillance State (This essay previously appeared on CNN.com, where it got 23,000 Facebook likes and 2,500 tweets -- by far the most widely distributed essay I've ever written.) http://www.schneier.com/blog/archives/2013/03/our_internet_su.html I'm going to start with three data points. One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks. Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement, was identified and arrested last year by the FBI. Although he practiced good computer security and used an anonymous relay service to protect his identity, he slipped up. And three: Paula Broadwell, who had an affair with CIA director David Petraeus, similarly took extensive precautions to hide her identity. She never logged in to her anonymous e-mail service from her home network. Instead, she used hotel and other public networks when she e-mailed him. The FBI correlated hotel registration data from several different hotels -- and hers was the common name. The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we're being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period. Increasingly, what we do on the Internet is being combined with other data about us. Unmasking Broadwell's identity involved correlating her Internet activity with her hotel stays. Everything we do now involves computers, and computers produce data as a natural by-product. Everything is now being saved and correlated, and many big-data companies make money by building up intimate profiles of our lives from a variety of sources. Facebook, for example, correlates your online behavior with your purchasing habits offline. And there's more. There's location data from your cell phone, there's a record of your movements from closed-circuit TVs. This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it's efficient beyond the wildest dreams of George Orwell. Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters. There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it's fanciful to expect people to simply refuse to use them just because they don't like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don't spy. This isn't something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cell phone companies routinely undo the web's privacy protection. One experiment at Carnegie Mellon took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos. Maintaining privacy on the Internet is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, and you've permanently attached your name to whatever anonymous service you're using. Monsegur slipped up once, and the FBI got him. If the director of the CIA can't maintain his privacy on the Internet, we've got no hope. In today's world, governments and corporations are working together to keep things that way. Governments are happy to use the data corporations collect -- occasionally demanding that they collect more and save it longer -- to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they're not going to give up their positions of power, despite what the people want. Fixing this requires strong government will, but they're just as punch-drunk on data as the corporations. Slap-on-the-wrist fines notwithstanding, no one is agitating for better privacy laws. So, we're done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites. And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant. Welcome to an Internet without privacy, and we've ended up here with hardly a fight. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 25 07:40:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Mar 2013 08:40:39 -0400 Subject: [Infowarrior] - Blackberry launching invasive 'takeover' ads Message-ID: <8C8DE0FD-DD11-4577-A3FC-11DFB5AE1EA6@infowarrior.org> < - > These takeovers, piloted in the United Kingdom, will hit U.S. customers soon on computers and their non-Blackberry devices. BlackBerry built out two digital takeovers for desktop, first with The Guardian in the United Kingdom and now with the New York Times. ?I think these are a world first,? Boulben says. Those takeovers fill your browser with ad that ?takes over? your display, in this case designed to resemble the Hub feature that helps users organize their content on the new BlackBerry 10 devices. Users who see the New York Times takeover, for example, will see the takeover pull in content from the different verticals on the Times? site feeds, its Facebook page and official tweets. Android and iPhone users?and chances you are one, given those companies? combined 85% market share?will also experience BlackBerry?s ad content in the form of mobile takeovers starting the week of March 25. Those mobile takeovers will fill your screen with what looks like a BlackBerry 10?s, demoing a specific feature like its photo ?Time Shift? capability that allows you to scroll through several captured options for each face in a picture. < - > http://www.forbes.com/sites/alexkonrad/2013/03/23/blackberry-real-time-marketing/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 25 09:30:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Mar 2013 10:30:33 -0400 Subject: [Infowarrior] - Proposed CFAA changes go from bad to worse Message-ID: Rather Than Fix The CFAA, House Judiciary Committee Planning To Make It Worse... Way Worse http://www.techdirt.com/articles/20130324/14342822435/rather-than-fix-cfaa-house-judiciary-committee-planning-to-make-it-worse-way-worse.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 25 11:54:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Mar 2013 12:54:31 -0400 Subject: [Infowarrior] - Copyright Lobby: The Public Has 'No Place In Policy Discussions' Message-ID: <544926C6-D169-408D-9376-9B31B9A2743F@infowarrior.org> Copyright Lobby: The Public Has 'No Place In Policy Discussions' http://www.techdirt.com/articles/20130322/23560222425/copyright-lobby-public-has-no-place-policy-discussions.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 26 12:21:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Mar 2013 13:21:50 -0400 Subject: [Infowarrior] - Under CISPA, Who Can Get Your Data? Message-ID: March 20, 2013 | By Rainey Reitman Under CISPA, Who Can Get Your Data? Under CISPA, companies can collect your information in order to "protect the rights and property" of the company, and then share that information with third parties, including the government, so long as it is for "cybersecurity purposes." Companies aren't required to strip out personally identifiable information from the data they give to the government, and the government can then use the information for purposes wholly unrelated to cybersecurity ? such as "national security," a term the bill leaves undefined. One question we sometimes get is: Under CISPA, which government agencies can receive this data? For example, could the FBI, NSA, or Immigration and Customs Enforcement receive data if CISPA were to pass? The answer is yes. Any government agency could receive data from companies if this were to pass, meaning identifiable data could be flowing to the Bureau of Alcohol, Tobacco, Firearms and Explosives, the National Security Agency, or even the Food and Drug Administration. Below is a list of agencies that could get your data under CISPA (Thanks, Wikipedia!). Note that this is just agencies we've identified; it's possible there are even more we haven't listed here. < - > https://www.eff.org/deeplinks/2013/03/under-cispa-who-can-get-your-data --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 26 13:18:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Mar 2013 14:18:40 -0400 Subject: [Infowarrior] - Janet Napolitano has no use for email Message-ID: ....then IMHO she is not qualified to speak as an 'expert' or 'thought leader' on any matters of cybersecurity, privacy, or tech policies. --rick Janet Napolitano has no use for email By KATIE GLUECK | 3/26/13 10:11 AM EDT Updated: 3/26/13 10:59 AM EDT Homeland Security Secretary Janet Napolitano doesn?t believe in using email. ?I think email just sucks up time,? Napolitano told an incredulous group of reporters on Tuesday, speaking at a breakfast hosted by The Christian Science Monitor. Napolitano, who said she doesn?t text or ?Twitter? either, said she may use email ?at some point,? but right now, it?s not in the cards. ?In many respects, in a job like mine, it?s inefficient,? Napolitano said, noting that she is briefed by staff frequently and prefers to use the phone for much of her work. ?I stopped using email when I was attorney general of Arizona. I was like, ?Why am I spending my time scrolling through this??? Read more: http://www.politico.com/story/2013/03/janet-napolitano-email-89317.html#ixzz2OffhN4Ij --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 26 14:35:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Mar 2013 15:35:43 -0400 Subject: [Infowarrior] - Senator Fido Wants To Create Official Ambassador For Hollywood's Interests Message-ID: <3C06F59D-E990-401C-857C-BB5D3C15BCDC@infowarrior.org> Senator Fido Wants To Create Official Ambassador For Hollywood's Interests from the what-is-he-smoking dept Senator Orrin Hatch has taken a back seat on various "intellectual property" issues in the past few years, as some other Senators have stepped up. But, for years, he was Hollywood's "go to" Senator for bad legislation. One of the running gags throughout Rob Reid's awesome novel Year Zero is how Senator Orrin Hatch is called "Senator Fido" because he's "the entertainment industry's pet Senator." Among his list of bad ideas was a plan to destroy the computers of people accused of downloading, a bill called the PIRATE Act which would have given the FBI authority over civil copyright infringement claims so they could go after your kids for downloading, and the infamous INDUCE Act which would have made a ton of stuff illegal, including potentially iPods, FTP, 3D printers and much much more. When asked to defend such craziness, Hatch claimed that it might not work but it still needed to be done. Thankfully, it did not pass. And while others in the Senate have been proposing bad IP bills over the past few years, Hatch is now back with a proposal to create a special US Ambassador position solely focused on expanding intellectual property around the globe. The so-called Innovation Through Trade Act (S.660) would create a "Chief Innovation and Intellectual Property Negotiator" who would have the official rank of Ambassador. Incredibly, Hatch claims that IP issues aren't getting enough attention when it comes to trade policy.... < -- > http://www.techdirt.com/articles/20130326/10400322463/senator-fido-wants-to-create-official-ambassador-hollywoods-interests.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 26 17:18:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Mar 2013 18:18:38 -0400 Subject: [Infowarrior] - How the Maker of TurboTax Fought Free, Simple Tax Filing Message-ID: <51EB6DA1-BC93-4A43-AF36-E02BCBE147E3@infowarrior.org> How the Maker of TurboTax Fought Free, Simple Tax Filing http://www.propublica.org/article/how-the-maker-of-turbotax-fought-free-simple-tax-filing/single#republish --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 07:06:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 08:06:58 -0400 Subject: [Infowarrior] - Science: Custodians of the code Message-ID: (One of now-deceased Michael Crichton's last books dealt with this very thing, fwiw saying --rick) March 26, 2013 6:53 pm Science: Custodians of the code By Stephanie Kirchgaessner http://www.ft.com/intl/cms/s/0/6e93c6fa-9180-11e2-b839-00144feabdc0.html#axzz2Ok0Y3ZsY Scientists and biotechnology companies are locked in a debate over the ethics of genetic patents Joanna Hershey?s gut told her the news would be bad when she decided to undergo genetic testing to see if she was at high risk of breast cancer. Her grandmother had died of the disease. Her mother and two aunts had fought and survived it. When the results came back, her fears were confirmed. But she had a plan: relentless vigilance until the first possible sign of disease, at which point, she says, she will opt for a double mastectomy, even if such radical surgery is not immediately required. ?One sign of it, and they?re gone,? she says. For now, the 31-year-old lawyer is participating in a screening programme for high-risk women at Memorial Sloan Kettering in New York, where she has either a mammogram or an MRI every six months. ?The only reason I?m in that programme is because I got the genetic testing done,? she says. ?It has been drilled into my head that early detection is the key to surviving.? Advancements in the scientific understanding of human genetics, and new tests such as the one that revealed Ms Hershey?s risk, are offering patients life-saving information ? as well as groundbreaking medical treatments ? to fight disease and live longer lives. But for scores of scientists, doctors, and women?s health advocates, there is another side to the story, one that raises profound legal and even moral questions that will come before the US Supreme Court on April 15. The gene mutations Ms Hershey shares with other women in her family are patented by Mark Skolnick, the scientist from the University of Utah who first isolated and sequenced them. That means that only one company, Myriad Genetics, which was co-founded by Mr Skolnick, has the exclusive right in the US to perform clinical tests or research on these genes, known as BRCA1 and BRCA2. Myriad model falls apart outside the US Myriad Genetics? monopoly over the US market has been controversial but undoubtedly successful. The company is expected to generate total revenue of up to $565m this fiscal year on the back of its testing services. Its model has not worked as well around the world, however, reflecting stark differences in how gene patents are seen in other markets. Myriad approached the international market much as it did the US. It sought patent rights internationally, then pursued licensee relationships in every country or region in which it wished to market its test for the BRCA genes. The BRCA gene test identifies mutations that make women more susceptible to breast cancer. It also insisted initially on performing the primary genetic test at its facilities in Utah. Continue reading For the past 19 years, Myriad?s patents have raised questions about whether any single entity should control the rights to DNA and whether an individual ? or company ? that discovers a particular gene should be granted the same privileges and protections that Thomas Edison once sought for his lightbulb. A legal challenge against Myriad by the American Civil Liberties Union, an activist group known for its defence of free speech, is forcing the high court to confront this question: can genes be patented? The case could have sweeping implications for the $83bn biotechnology industry, which has argued that a whole range of patents that encourage private investment in start-ups could be at stake. Legal scholars are closely watching the patent case, too. There is a suspicion ? feared by some, celebrated by others ? that the court is drawing important new distinctions about what constitutes an invention (which is patent-eligible) and what is simply a discovery of a naturally occurring phenomenon (which may not be patent-eligible, even if it represents cutting-edge science). In the age of genetics, when a gene found in a human is identical to one found in a fly, knowing the difference is more complex than it seems. ?The court appears to be narrowing the boundaries of patentable subject matter in a field that has long taken for granted the availability of patent protection,? says Rebecca Eisenberg, a professor at the University of Michigan Law School. While the immediate focus is on the Supreme Court, European challenges to gene patents are also becoming important test cases. This story begins in 1994. A race was under way to sequence cancer-causing mutations on a gene whose association with cancer had been discovered four years earlier by a geneticist named Mary-Claire King, then at the University of California, Berkeley. Mr Skolnick won that race when he uncovered the BRCA1 sequence and later tied another group of researchers, led by Michael Stratton at the UK Institute of Cancer Research, to clone and sequence another set of mutations on the BRCA2 gene. A person carrying mutations for those genes has up to an 87 per cent risk of breast cancer. Myriad Genetics? new patents allowed it to become the only company in the US that could offer genetic testing for those mutations ? even though some of its early research was helped by government funding. It also received funding from the drugmaker Eli Lilly. It has long been held in patent law that a product or law of nature ? like an element on the periodic table ? cannot be patented. Nor can abstract ideas. But the decision by the US Patent and Trademark office to grant the BRCA patents in 1997 was based on earlier court decisions that found that patents on naturally occurring substances were allowed if ? like a modified bacterium that was the subject of a landmark 1980 case ? it had ?markedly different characteristics? than any found in nature. The question of whether isolated DNA molecules such as Myriad?s BRCA genes are indeed found in nature is at the heart of the challenge against the company?s patents. ?What the ACLU is trying to do is say that they are a product of nature. And our response is that this has not been the standard for 30 years,? says Rick Marsh, Myriad?s lawyer. The isolated fragments of DNA in question, he says, are only in existence because of the ?handiwork of man?. Some of the world?s most renowned scientists have weighed in on this question in briefs to the court, including Eric Lander, the genome pioneer. Prof Lander took issue with a lower-court ruling that found that while a whole genome was not patentable because it was found in nature, that DNA fragments were patentable, because they were not found in nature. ?It is well accepted in the scientific community that chromosomes are constantly being broken up into DNA fragments by natural biological processes ... these DNA fragments are ubiquitous in the human body,? he wrote, adding that the BRCA genes were ?unambiguously? products of nature. What worries many in the biotech industry is that this case could reach far beyond Myriad if its patents are invalidated. ?The legal reasoning in this case transfers directly to others. Scientifically, there?s no distinction. It is just DNA, whether it is found in a bacterial body or human body. There is no law or science that would allow the Supreme Court to say ?we are just going to strike down patents in human DNA?,? says Hans Sauer, a lawyer at the Biotechnology Industry Organization, a trade group. The BRCA genes in the human body are probably identical to the ones found in a chimp, Mr Sauer notes. The implications also reach beyond the medical applications of genetics. Companies that own patents for DNA sequences of sugar cane and all sorts of innovations are growing nervous, incredulous that what Mr Sauer calls the ?marketplace behaviour by a single diagnostic company? could draw them in to a legal storm. But the ACLU says these concerns have been overblown, because they are not challenging the merits of patents on DNA that has in any way been transformed or altered, which is what often happens with genes used in therapies or for new functions. Mr Lander agrees, saying that a narrowly crafted decision by the court that explicitly gave patent protection only to non-natural DNA molecules ? as opposed to naturally occurring genomic DNA ? would foster scientific progress by guaranteeing unfettered access to study a ?remarkable product of nature?: the human genome. But this case is about more than science. It is about the way Myriad exercised its patent rights to the detriment ? the company?s critics allege ? of medical advances. In 1999, a scientist at the University of Pennsylvania named Arupa Ganguly was issued a cease-and-desist order from Myriad after she developed an alternative test to screen patients for the BRCA genes. ?I could not believe that an academic lab was being prohibited from doing a test that was going to have so many implications,? she says. ?We were cheaper and using a different technique.? Myriad acknowledges it has blocked others from performing diagnostic tests for patients but insists that it has never obstructed research. Mr Marsh says Myriad abides by the unwritten rule that companies never enforce their patents against researchers. At the same time, however ? and this is a sore point for scientists ? Myriad has never explicitly assured those researchers that it would not claim in the future that they had infringed Myriad?s patent rights. The ACLU contends that Myriad?s patents have limited the availability of genetic tests. Sandra Park, a lawyer for the ACLU, says a test developed by the University of Washington that looks at 20 genes that are correlated with breast and ovarian cancer excludes the BRCA genes, so patients who want a full diagnosis would have to undergo a separate genetic test from Myriad. Myriad criticises the ACLU tactics, saying that its case was cherry-picked by the ACLU because of the emotional reaction people have to breast cancer. ?If we had patent claims on isolated DNA for toe fungus, then they would not have brought this case against us. They wanted to hit a public nerve,? says Mr Marsh. . . . Robert Cook-Deegan, a research professor of genome ethics, law and policy at Duke University, is a man staking out the middle ground. Both sides, he says, have exaggerated the harms and the benefits of gene patents. Yes, patents have encouraged private investment in biotech. But the benefits have been marginal. And yes, Myriad?s control of the BRCA patents has delayed some clinical research. However, given the thousands of research papers that have been published on the genes, it does not appear to have done real harm. The frequently cited high cost of Myriad?s test (about $3,300) is more of a reflection of the US healthcare system than it is of Myriad?s monopoly. But there have been real-life harms from Myriad?s patents, he says, and here is one example. There are a small number of patients ? about 3 per cent ? who are tested for the BRCA mutations but do not get the clear-cut results that Ms Hershey did. For patients who are told they have a ?variant of unknown significance?, there are few options, because Myriad does not perform all the kinds of further testing that can be needed, Dr Cook-Deegan says. There are labs that do perform those tests, but they do so quietly, in a ?world of shadows?, because they are infringing Myriad?s patents and could be liable. Patients must ?know the right doctors? to get the answers they need. ?It is not just a patent law case. It is a lawsuit about who gets to decide questions about healthcare and whether patent law trumps all other things that people care about,? he says. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 07:12:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 08:12:21 -0400 Subject: [Infowarrior] - Firm Is Accused of Sending Spam, and Fight Jams Internet Message-ID: <23F4DDCB-D8B2-46A0-BCA4-BF8711BC3188@infowarrior.org> http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=1&hpw Firm Is Accused of Sending Spam, and Fight Jams Internet By JOHN MARKOFF and NICOLE PERLROTH Published: March 26, 2013 A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. However, for the Internet engineers who run the global network the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach basic Internet services, like e-mail and online banking. The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Cyberbunker, named for its headquarters, a five-story former NATO bunker, offers hosting services to any Web site ?except child porn and anything related to terrorism,? according to its Web site. A spokesman for Spamhaus, which is based in Europe, said the attacks began on March 19, but had not stopped the group from distributing its blacklist. Patrick Gilmore, chief architect at Akamai Networks, a digital content provider, said Spamhaus?s role was to generate a list of Internet spammers. Of Cyberbunker, he added: ?These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.? Mr. Gilmore said that the attacks, which are generated by swarms of computers called botnets, concentrate data streams that are larger than the Internet connections of entire countries. He likened the technique, which uses a long-known flaw in the Internet?s basic plumbing, to using a machine gun to spray an entire crowd when the intent is to kill one person. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target. ?These things are essentially like nuclear bombs,? said Matthew Prince, chief executive of Cloudflare. ?It?s so easy to cause so much damage.? The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second. ?It is a real number,? Mr. Gilmore said. ?It is the largest publicly announced DDoS attack in the history of the Internet.? Spamhaus, one of the most prominent groups tracking spammers on the Internet, uses volunteers to identify spammers and has been described as an online vigilante group. In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks, in which they flood Spamhaus with traffic requests from personal computers until its servers become unreachable. But in recent weeks, the attackers hit back with a far more powerful strike that exploited the Internet?s core infrastructure, called the Domain Name System, or DNS. That system functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet?s underlying technology can understand. Millions of computer servers around the world perform the actual translation. In the latest incident, attackers sent messages, masquerading as ones coming from Spamhaus, to those machines, which were then amplified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers. When Spamhaus requested aid from Cloudflare, the attackers began to focus their digital ire on the companies that provide data connections for both Spamhaus and Cloudflare. Questioned about the attacks, Sven Olaf Kamphuis, an Internet activist who said he was a spokesman for the attackers, said in an online message that, ?We are aware that this is one of the largest DDoS attacks the world had publicly seen.? Mr. Kamphuis said Cyberbunker was retaliating against Spamhaus for ?abusing their influence.? ?Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,? Mr. Kamphuis said. ?They worked themselves into that position by pretending to fight spam.? A typical denial-of-service attack tends to affect only a small number of networks. But in the case of a Domain Name System flood attack, data packets are aimed at the victim from servers all over the world. Such attacks cannot easily be stopped, experts say, because those servers cannot be shut off without halting the Internet. ?The No. 1 rule of the Internet is that it has to work,? said Dan Kaminsky, a security researcher who years ago pointed out the inherent vulnerabilities of the Domain Name System. ?You can?t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.? The heart of the problem, according to several Internet engineers, is that many large Internet service providers have not set up their networks to make sure that traffic leaving their networks is actually coming from their own users. The potential security flaw has long been known by Internet security specialists, but it has only recently been exploited in a way that threatens the Internet infrastructure. An engineer at one of the largest Internet communications firms said the attacks in recent days have been as many as five times larger than what was seen recently in attacks against major American banks. He said the attacks were not large enough to saturate the company?s largest routers, but they had overwhelmed important equipment. Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its ?many controversial customers.? The company claims that at one point it fended off a Dutch SWAT team. ?Dutch authorities and the police have made several attempts to enter the bunker by force,? the site said. ?None of these attempts were successful.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 07:14:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 08:14:25 -0400 Subject: [Infowarrior] - =?windows-1252?q?OT=3A_How_to_Overcome_Fear_of_Mi?= =?windows-1252?q?stakes=3A_One_Coach=92s_Story?= Message-ID: <5C6905F9-A422-41D7-AA5D-398A895E7C23@infowarrior.org> (This story works on many levels. --rick) How to Overcome Fear of Mistakes: One Coach?s Story Scientists call it the ?sweet spot? ? that highly productive zone on the edge of our abilities where learning happens fastest. The problem, of course, is that the sweet spot doesn?t feel sweet. In fact, it feels sour and uncomfortable, because being there you have to take risks and make mistakes. And most of us hate making mistakes. Basically, we?re allergic. But what?s kick-assingly powerful is when somebody finds a simple way to reverse that allergy. With that in mind, check out the following letter from Jared Mathes, who coaches a U-14 volleyball team in Calgary, Alberta. < - big snip - > http://thetalentcode.com/2013/03/20/how-to-overcome-fear-of-mistakes-one-coachs-story/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 07:21:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 08:21:07 -0400 Subject: [Infowarrior] - =?windows-1252?q?FBI_Pursuing_Real-Time_Gmail_Spy?= =?windows-1252?q?ing_Powers_as_=93Top_Priority=94_for_2013?= Message-ID: FBI Pursuing Real-Time Gmail Spying Powers as ?Top Priority? for 2013 By Ryan Gallagher Posted Tuesday, March 26, 2013, at 4:58 PM http://www.slate.com/blogs/future_tense/2013/03/26/andrew_weissmann_fbi_wants_real_time_gmail_dropbox_spying_power.html Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a ?top priority? this year. Last week, during a talk for the American Bar Association in Washington, D.C., FBI general counsel Andrew Weissmann discussed some of the pressing surveillance and national security issues facing the bureau. He gave a few updates on the FBI?s efforts to address what it calls the ?going dark? problem?how the rise in popularity of email and social networks has stifled its ability to monitor communications as they are being transmitted. It?s no secret that under the Electronic Communications Privacy Act, the feds can easily obtain archive copies of emails. When it comes to spying on emails or Gchat in real time, however, it?s a different story. That?s because a 1994 surveillance law called the Communications Assistance for Law Enforcement Act only allows the government to force Internet providers and phone companies to install surveillance equipment within their networks. But it doesn?t cover email, cloud services, or online chat providers like Skype. Weissmann said that the FBI wants the power to mandate real-time surveillance of everything from Dropbox and online games (?the chat feature in Scrabble?) to Gmail and Google Voice. ?Those communications are being used for criminal conversations,? he said. While it is true that CALEA can only be used to compel Internet and phone providers to build in surveillance capabilities into their networks, the feds do have some existing powers to request surveillance of other services. Authorities can use a ?Title III? order under the ?Wiretap Act? to ask email and online chat providers furnish the government with ?technical assistance necessary to accomplish the interception.? However, the FBI claims this is not sufficient because mandating that providers help with ?technical assistance? is not the same thing as forcing them to ?effectuate? a wiretap. In 2011, then-FBI general counsel Valerie Caproni?Weissmann?s predecessor?stated that Title III orders did not provide the bureau with an "effective lever" to "encourage providers" to set up live surveillance quickly and efficiently. In other words, the FBI believes it doesn?t have enough power under current legislation to strong-arm companies into providing real-time wiretaps of communications. Because Gmail is sent between a user?s computer and Google?s servers using SSL encryption, for instance, the FBI can?t intercept it as it is flowing across networks and relies on the company to provide it with access. Google spokesman Chris Gaither hinted that it is already possible for the company to set up live surveillance under some circumstances. ?CALEA doesn't apply to Gmail but an order under the Wiretap Act may,? Gaither told me in an email. ?At some point we may expand our transparency report to cover this topic in more depth, but until then I'm not able to provide additional information.? Either way, the FBI is not happy with the current arrangement and is on a crusade for more surveillance authority. According to Weissmann, the bureau is working with ?members of intelligence community? to craft a proposal for new Internet spy powers as ?a top priority this year.? Citing security concerns, he declined to reveal any specifics. ?It's a very hard thing to talk about publicly,? he said, though acknowledged that ?it's something that there should be a public debate about.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 07:22:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 08:22:58 -0400 Subject: [Infowarrior] - Experts Scratching Their Heads At House Judiciary's Awful CFAA Reform Proposal Message-ID: <7BF8D271-F7C9-4212-9BC1-F30B6AEA411F@infowarrior.org> Experts Scratching Their Heads At House Judiciary's Awful CFAA Reform Proposal http://www.techdirt.com/articles/20130326/14213522465/cybersecurity-experts-scratching-their-heads-house-judiciarys-awful-cfaa-reform-proposal.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 11:24:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 12:24:24 -0400 Subject: [Infowarrior] - Byzantium Linux 0.3a release Message-ID: <403062A3-532D-4ED2-AD04-C1D42A88DF64@infowarrior.org> (c/o The Doctor) http://project-byzantium.org/announcing-the-release-of-v0-3a-codename-beach-cat/ ANNOUNCING BYZANTIUM LINUX V0.3a (Beach Cat) Approved for: GENERAL RELEASE, DISTRIBUTION UNLIMITED NOTE: This is Byzantium Linux for x86-compatible laptops and desktops. This release is not compatible with the Raspberry Pi. We just started work on that port. Project Byzantium, a working group of HacDC (http://hacdc.org/) is proud to announce the release of v0.3 alpha of Byzantium Linux, a live distribution of Linux which makes it fast and easy to construct an ad-hoc wireless mesh network which can augment or replace the current telecommunications infrastructure in the event that it is knocked offline (for example, due to a natural disaster) or rendered untrustworthy (through widespread surveillance or disconnection by hostile entities). Byzantium Linux is designed to run on any x86 computer with at least one 802.11 a/b/g/n wireless interface. Byzantium can be burned to a CD- or DVD-ROM (the .iso image is around 372 megabytes in size), booted from an external hard drive, or can even be installed in parallel with an existing operating system without risk to the user's data and software. Byzantium Linux will act as a node of the mesh and will automatically connect to other mesh nodes and act as an access point for wifi-enabled mobile devices. This release is unique because it is based upon the work we did in New York City in the weeks following Hurricane Sandy in late 2012. We were asked by FEMA (Federal Emergency Management Agency) to help restore the telecommunications network in the neighborhood of Red Hook, and the design requirements were dictated by the needs of the community as described by leaders and elders. v0.3a constitutes a formalization of those requirements rather than the ad-hoc build we deployed in Red Hook. THIS IS AN ALPHA RELEASE! Do NOT expect Byzantium to be perfect. Some features are not ready yet, others need work. Things are going to break in weird ways and we need to know what those ways are so we can fix them. Please, for the love of LOLcats, do not deploy Byzantium in situations where lives are at stake. FEATURES: - - Binary compatible with Slackware-CURRENT. Existing Slackware packages can be converted with a single command. - - Automatically configures itself on boot. There is no longer a need for a control panel. - - Can act as a gateway to the Internet if a link is available (via Ethernet or tethered smartphone). - - Linux kernel v3.4.4 - - Drivers for dozens of wireless chipsets - - KDE Trinity r14.0.0 (Development) - - LXDE (2011 release of all components) - - Mplayer v4.5.1 - - GCC v4.5.2 - - Perl v5.14 - - Python v2.7.3 - - Firefox v13.0.1 - - X.org SYSTEM REQUIREMENTS (to use) - - Minimum of 1GB of RAM (512MB without copy2ram boot option) - - i586 CPU or better - - CD- or DVD-ROM drive - - BIOS must boot removable media - - At least one (1) 802.11 a/b/g/n interface SYSTEM REQUIREMENTS (for persistent changes) - - The above requirements to use Byzantium - - 2+GB of free space on thumbdrive or harddrive WHAT WE NEED: - - Developers. - - Developers! - - DEVELOPERS! - - No more Bill Ballmer impersonations. - - People running Byzantium to find bugs. - - People reporting bugs on our Github page (https://github.com/Byzantium/Byzantium/issues). We can't fix what we don't know about! - - Patches. - - People booting Byzantium and setting up small meshes (2-5 clients) to tell us how well it works for you with your hardware. We have a hardware compatibility list on our wiki that needs to be expanded. - - Help translating the user interface. We especially need people fluent in dialects of Chinese, Arabic, Farsi, and Urdu. - - Help us write and translate documentation. Homepage: http://project-byzantium.org/ Download sites: http://project-byzantium.org/download/ This announcement is published under a Creative Commons By Attribution / Noncommercial / Share Alike v3.0 License. (http://creativecommons.org/licenses/by-nc-sa/3.0/) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 27 12:56:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Mar 2013 13:56:15 -0400 Subject: [Infowarrior] - Facebook ad trial risks new privacy fears Message-ID: <68E897B1-06D0-4344-9AE6-2E49BD9C5ABC@infowarrior.org> Facebook ad trial risks new privacy fears By Richard Waters , FT.com March 27, 2013 -- Updated 1002 GMT (1802 HKT) CNN.com http://edition.cnn.com/2013/03/26/business/facebook-privacy-fears (Financial Times) -- Watch this space: advisers say that businesses will do themselves few favours if they cut staff off from using consumer tools such as Twitter, Facebook or LinkedIn Facebook is testing adverts in its members' newsfeeds that are tied to their behaviour on other websites, bringing one of the web's most effective forms of advertising into the heart of its social network. The experiment could turn into one of the company's most profitable forms of advertising, though it also risks stirring up fresh privacy concerns if users find it intrusive, according to analysts. The move, announced in a blogpost on Tuesday, marks Facebook's latest attempt to find new ways for advertisers to tap the largest online audience. The approach, known as "retargeting", is based on a formula that has proved effective on the web, though it does little to draw on the social relevance that Facebook has long said sets its service apart. Using retargeting, advertisers can place their messages in front of internet users based on what they have done on other websites. A user who researches a holiday or a car online, for instance, may find adverts for those things appearing on other, unconnected websites. Facebook first trialled retargeting in mid-2012, shortly after its tumultuous IPO led it to redouble efforts to boost its advertising revenue. At the time, it limited the ads to the right side of its pages. On Tuesday, the company said it had begun a global test that put retargeted ads between the posts in its users' newsfeeds, considered the prime location on the social network. The news feed accounts for about 40 per cent of Facebook users' attention and adverts placed there are estimated to be eight times more effective than those on the right side of the page. Putting retargeted ads inside the feed where users are engaging most directly with friends and family members could backfire, said Rebecca Lieb, an analyst at Altimeter Group. Adverts that appeared to follow users around the web risked being seen as "creepy", an effect that might be accentuated when they appeared in such a personal place on the page, she added. To soften the impact of advertising in the news feed, Facebook has previously used approaches that draw on social context. Using a format called "sponsored stories", for instance, advertisers have been able to buy space in a user's feed when one of their friends has visited the advertiser's page or engaged with it in some other way. Showing retargeted ads without this type of social context risks making the social network feel increasingly "spammy", said Richard Greenfield, an analyst at BTIG Research. Facebook said that the commercial messages, which will be delivered through the online exchange it set up last year, "will create more relevant ads for people". It added that the new type of advertising would not increase the overall number of ads that it places in users' newsfeeds. ? The Financial Times Limited 2013 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 28 08:39:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Mar 2013 09:39:38 -0400 Subject: [Infowarrior] - Twitter Caves to Putin, Censors Content Within Russia Message-ID: <5C76FCE1-00BF-4F3A-826D-041E98C7635D@infowarrior.org> Twitter Caves to Vladimir Putin, Censors Content Within Russia Appeasing the dictator, 140 characters at a time. by Kim Zigfeld March 27, 2013 - 12:03 am If you have been following the Internet crackdown underway in Russia, you will not be surprised to learn that Vladimir Putin?s Kremlin has recruited many websites ? which are either terrified of his wrath or interested in currying his favor ? to help crush and eradicate criticism of his government online. However, you may be surprised to learn that one of those websites is Twitter. The Moscow Times reported last week that ? according to the Kremlin itself ? for the past several weeks Twitter has been blocking Russian access to any tweets designated by the Kremlin as ?extremist.? Twitter has also deleted at least one user account at the Kremlin?s request. On its applicable agency website (known by its acronym Roskomnadzor), the Kremlin praises Twitter?s management team for its ?constructive position? in reconfiguring its website in a manner ?acceptable to Russian side.? Here is the full Kremlin statement, via Russian wire service Interfax: < -- > http://pjmedia.com/blog/twitter-caves-to-vladimir-putin-censors-content-within-russia/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 28 08:46:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Mar 2013 09:46:31 -0400 Subject: [Infowarrior] - OT: Bank of America gets foreclosed by wronged homeowner Message-ID: <3F485253-C33E-4439-9615-8B13ABAD2C1F@infowarrior.org> Nice to see justice served! --rick Bank of America Gets Pad Locked After Homeowner Forecloses On It http://www.digtriad.com/news/watercooler/article/178031/176/Florida-Homeowner-Forecloses-On-Bank-Of-America --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 28 09:11:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Mar 2013 10:11:16 -0400 Subject: [Infowarrior] - =?windows-1252?q?New_e-mails_reveal_Feds_not_=93f?= =?windows-1252?q?orthright=94_about_fake_cell_tower_devices?= Message-ID: <62E406B1-DD78-4607-8A5D-779467980209@infowarrior.org> New e-mails reveal Feds not ?forthright? about fake cell tower devices E-mails could have implications for accused tax fraudster caught via "stingray." by Cyrus Farivar - Mar 27 2013, 9:20pm EDT According to new Justice Department e-mails obtained by the American Civil Liberties Union (ACLU) of Northern California, and published on Wednesday, federal investigators have been routinely using ?stingrays" to catch bad guys. A stingray is a device that can create a false cellphone tower, and allows authorities to determine a particular mobile phone?s precise location. Stingrays aren't new?law enforcement agencies nationwide are believed to have been using them for years. But one e-mail in the new trove reveals something brand-new: that the Feds were not fully clear about the fact that they were specifically using stingrays (also known as ?IMSI catchers?) when asking for permission to conduct electronic surveillance from federal magistrate judges. A press representative from the United States Department of Justice did not respond to Ars? request for comment. Groups like the ACLU are concerned that unsupervised use of such technology can inadvertently collect information of people who are not suspected of any crime, nor under investigation. Stringray-based surveillance The ACLU intervened as an amicus in the case of a federal defendant, Daniel David Rigmaiden, who is facing dozens of federal charges of identify theft, mail fraud, and other charges stemming from an alleged massive fraudulent tax refund ring. Rigmaiden and another as-yet unnamed co-conspirator are in federal custody. A third man, Ransom Marion Carter, III, remains a federal fugitive. Rigmaiden maintains his innocence, and argues that using a stingray without a warrant is unconstitutional. ?Before this e-mail, we did not know whether Rigmaiden was an outlier,? Linda Lye told Ars, explaining that little is known about the scope of stingrays? use. Now it's clear they have been using stingrays as a matter of course. As a result of this new disclosure, Lye has filed a motion to leave the new file with the court. Consequently, Rigmaiden filed a motion that the evidence resulting from the stingray?which allowed authorities to arrest Rigmaiden and search his apartment?be suppressed. ?There's definitely a lot riding on [his] motion,? Lye added. ?The government would have to establish that there was independent probable cause without using this device to know that this was the right apartment to search.? If they can't prove that, substantial evidence is likely to be suppressed, and that would throw a wrench into the prosecution. Between 2005 and 2008, federal investigators allege that the trio (Rigmaiden, Carter and the unnamed person) filed over 1,900 fake tax returns online, yielding $4 million sent to over 170 bank accounts. The ACLU received the group of e-mails last week as the result of a Freedom of Information Act request jointly filed with the San Francisco Bay Guardian, a local alt-weekly newspaper. On Wednesday, Lye published (PDF) the e-mails, and will formally present them Thursday to a federal court in Arizona, where Rigmaiden?s case is ongoing. Lye wrote that these e-mails confirm ?the need for suppressing the evidence in the Rigmaiden case because it shows that the government was engaged in a widespread practice of withholding important information for judges, and that it did so for years.? ?We hope that the court sends the clear message to the government that it cannot keep judges in the dark. Judges are not rubber stamps?they are constitutional safeguards of our privacy.? A May 23, 2011 e-mail from Miranda Kane, chief of the criminal division at the United States Attorney?s Office, to her colleagues, states... < -- > http://arstechnica.com/tech-policy/2013/03/new-e-mails-reveal-feds-not-forthright-about-fake-cell-tower-devices/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 28 09:12:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Mar 2013 10:12:01 -0400 Subject: [Infowarrior] - Apple's broken promise: why doesn't iCloud 'just work'? Message-ID: <93C05799-B5A2-4400-A2B9-059F8E0CA937@infowarrior.org> Apple's broken promise: why doesn't iCloud 'just work'? http://www.theverge.com/2013/3/26/4148628/why-doesnt-icloud-just-work --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 28 13:53:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Mar 2013 14:53:32 -0400 Subject: [Infowarrior] - Government Can Keep Key Emails With Hollywood Lobbyists About 'Six Strikes' Secret Message-ID: <1E5E6ECF-5ABA-4A66-914D-E47B4F44D0B7@infowarrior.org> Government Can Keep Key Emails With Hollywood Lobbyists About 'Six Strikes' Secret from the can't-interfere-with-that-'commercial'-relationship dept While we keep hearing folks in the entertainment industry and their supporters in DC talk about how great it is that the "six strikes" "Copyright Alert System" (CAS) was a "voluntary" agreement between industry players, one of the worst kept secrets in the world was that the White House was heavily involved. They basically helped Hollywood out and at least hinted strongly at the fact that if no "voluntary" agreement came through, legislation might have to be put in place (creating a novel definition of "voluntary"). Specifically, it came out that Victoria Espinel, the White House's IP Enforcement Coordinator (IPEC), had been emailing with people about the program. That news came out because Chris Soghoian had submitted a Freedom of Information Act (FOIA) request, seeking details of all communications between Espinel and her staff and the various players in six strikes, both the entertainment industry and the various ISPs (no need to seek communications with the real stakeholders, the public, since they weren't even invited to the table). However, Soghoian felt that the Office of Management and Budget (OMB), in which Espinel works, kept key documents from being revealed, and appealed. Following that, OMB released a few more documents, but still kept many secret. Soghoain then went to court over the issue -- arguing specifically that exemptions claimed for "trade secrets, commercial or financial interesets" and "privileged intra-agency memoranda and letters" were inappropriate. Unfortunately, the court has now rejected that case, siding with OMB. At issue are some details of the draft "memorandum of understanding" that created the six strikes CAS program. Apparently, entertainment industry lobbyists shared those drafts with Espinel, but OMB won't release them, claiming that they're commercial, confidential information. OMB also argued that the documents were provided voluntarily and that the drafts "were not compelled or obligated." In response, Soghoian argued that the documents were clearly provided to OMB for the sake of having Espinel "press ISPs for additional steps to combat copyright infringement (steps they are not legally obligated to take)." The court rejects this, saying that the info was provided confidentially, and voluntarily, and it represents commercial information. So... they remain secret. The court also rejected an attempt to see internal discussions within the government about the six strike plans (as well as discussions on foreign laws like the Hadopi six strikes plan in France). Espinel's office argued that these are protected because they're a part of the "deliberative process privilege" that lets them withhold internal deliberative discussions about policy (so that government employees can discuss stuff openly before coming to an official policy position). However, here, Soghoian argued that Espinel and the IPEC have almost no policy setting role under the law, and thus this exemption makes little sense. Once again, the court disagreed. Here, they argued that since the government may make policy decisions based on whether or not six strikes formed (or how well it works) that these communications were properly classified as privileged and not open to FOIA requests. The court goes into a bit more detail on a few specific withheld documents, but the conclusion is all the same: OMB can keep these documents secret because they involve internal deliberative discussions. This isn't too surprising, but it also means that we don't get to learn the full extent of the government's involvement in this "voluntary" process. http://www.techdirt.com/articles/20130327/10355122485/government-can-keep-key-emails-with-hollywood-lobbyists-about-six-strikes-secret.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 30 09:52:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Mar 2013 10:52:34 -0400 Subject: [Infowarrior] - How Terrible Copyright Law Hurts Security Research Message-ID: <644AC2F5-9FCF-40A1-8785-5894AF9B7277@infowarrior.org> How Terrible Copyright Law Hurts Security Research By Edward Felten | Posted Friday, March 29, 2013, at 7:45 AM | Posted Friday, March 29, 2013, at 7:45 AM Slate.com http://www.slate.com/articles/technology/future_tense/2013/03/dmca_chilling_effects_how_copyright_law_hurts_security_research.single.html It was hard to believe, but the student insisted it was true. He had discovered that compact discs from a major record company, Sony BMG, were installing dangerous software on people?s computers, without notice. The graduate student, Alex Halderman (now a professor at the University of Michigan), was a wizard in the lab. As experienced computer security researchers, Alex and I knew what we should do: First, go back to the lab and triple-check everything. Second, warn the public. But by this point, in 2005, the real second step was to call a lawyer. Security research was increasingly becoming a legal minefield, and we wanted to make sure we wouldn?t run afoul of the Digital Millennium Copyright Act. We weren?t afraid that our research results were wrong. What scared us was having to admit in public that we had done the research at all. Meanwhile, hundreds of thousands of people were inserting tainted music CDs into their computers and receiving spyware. In fact, the CDs went beyond installing unauthorized software on the user?s computer. They also installed a ?rootkit??they modified the Windows operating system to create an invisible area that couldn?t be detected by ordinary measures, and in many cases couldn?t be discovered even by virus checkers. The unwanted CD software installed itself in the invisible area, but the rootkit also provided a safe harbor for any other virus that wanted to exploit it. Needless to say, this was a big security problem for users. Our professional code told us that we had to warn them immediately. But our experience with the law told us to wait. The law that we feared, the DMCA, was passed in 1998 but has been back in the news lately because it prohibits unlocking cellphones and interferes with access by people with disabilities. But its impact on research has been just as dramatic. Security researchers have long studied consumer technologies, to understand how they work, how they can fail, and how users can protect themselves from malfunctions and security flaws. This research benefits the public by making complex technologies more transparent. At the same time, it teaches the technology community how to design better, safer products in the future. These benefits depend on researchers being free to dissect products and talk about what they find. We were worried about the part of the DMCA called 17 U.S.C. ? 1201(a)(1), which says that ?No person shall circumvent a technological measure that effectively controls access to a work protected under [copyright law].? We had to disable the rootkit to detect what it was hiding, and we had to partially disable the software to figure out what it was doing. An angry record company might call either of those steps an act of circumvention, landing us in court. Instead of talking to the public, we talked to our lawyer. This wasn?t the first time the DMCA had interfered with my security research. Back in 2001, my colleagues and I had had to withdraw a peer-reviewed paper about CD copy protection, because the Recording Industry Association of America and others were threatening legal action, claiming that our paper was a ?circumvention technology? in violation of another section of the DMCA. Later we sued for the right to publish these results?and we did publish, four months later. We had won, but we had also learned firsthand about the uncertainty and chaos that legal threats can cause. I was impressed that some of my colleagues had been willing to risk their jobs for our work, but none of us wanted to relive the experience. Alex had dealt with his own previous DMCA threat, although this one was more comical than frightening. After he revealed that a CD copy protection product from a company called SunnComm could be defeated by holding down the computer?s Shift key while inserting the disc, the company had threatened him with DMCA action. Given the colorful history of the company?it had started corporate life as a booking agency for Elvis impersonators?and the company?s subsequent backtracking from the threat, we weren?t too worried about being sued. Nevertheless, it showed that the DMCA had become a go-to strategy for companies facing embarrassing revelations about their products. What was Congress thinking when it passed this part of the DMCA? The act was meant to update copyright law for the 21st century, to shore up the shaky technologies that tried to stop people from copying music and movies. But the resulting law was too broad, ensnaring legitimate research activities. The research community saw this problem coming and repeatedly asked Congress to amend the bill that would become the DMCA, to create an effective safe harbor for research. There was a letter to Congress from 50 security researchers (including me), another from the heads of major scientific societies, and a third from the leading professional society for computer scientists. But with so much at stake in the act for so many major interests, our voice wasn?t heard. As they say in Washington, we didn?t have a seat at the table. Congress did give us a research exemption, but it was so narrowly defined as to be all but useless. (So perhaps we did have a seat?at the kids? table.) I?ll spare you the details, but basically, there is a 116-word section of the Act titled ?Permissible Acts of Encryption Research,? and it appears to have been written without consulting any researchers. There may be someone, somewhere, who has benefited from this exemption, but it fails to protect almost all of the relevant research. It didn?t protect Alex and me, because we were investigating spyware that didn?t rely on the mathematical operations involved in encryption. We sat on our Sony BMG CD spyware results for almost a full month. In the meantime, another researcher, Mark Russinovich, went public with a detailed technical report on one of the two CD spyware systems. When nobody sued him, we decided to go public. In the weeks that followed, things happened quickly. Sony BMG recognized that it had overstepped, it distributed an uninstaller for the spyware, we discovered that the uninstaller opened further security holes in users? computers, the record company recalled the affected CDs, and we determined that the CDs were reporting users? listening habits back to the record company. Class action suits were filed. The Federal Trade Commission investigated, and the company eventually settled the FTC charges, agreeing to reimburse affected consumers up to $150 for damage to their computers. We had managed to publish our results, but we were troubled by the incident. Our decision to withhold the news of the rootkit from the public seemed necessary, even in hindsight, but it was contrary to our mission as researchers. It was the last research Alex and I did on copy-protected CDs. Although I have a higher tolerance for lawyers than many of our research colleagues do, I still prefer the laboratory and the classroom to the courtroom. My peers seem to feel similarly?the volume of peer-reviewed research on copy protection technologies fell off about this time and has not recovered. The good news is that this problem is easily fixed. Congress could amend the DMCA to create a robust safe harbor for legitimate research?not limited to encryption, not tied down with detailed requirements and limitations. There is a growing groundswell to address the DMCA?s ban on unlocking cellphones and its roadblocks to access for the disabled. Bills have been introduced in Congress to legalize cellphone unlocking. While we?re tinkering with the statute, let?s create a safe harbor for the researchers who can be our early warning system against unpleasant surprises in the next generation of technologies. These days almost everything we do in life is mediated by technology. Too often the systems we rely on are black boxes that we aren?t allowed to adjust, repair, or?too often?even to understand. A new generation of students wants to open them up, see how they work, and improve them. These students are the key to our future productivity?not to mention the security of our devices today. What we need is for the law to get out of their way. This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 30 09:54:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Mar 2013 10:54:01 -0400 Subject: [Infowarrior] - Password denied: when will Apple get serious about security? Message-ID: Password denied: when will Apple get serious about security? It's time for some real talk about how data is kept and accessed By Tim Carmody on March 29, 2013 12:45 pm @tcarmody < - > http://www.theverge.com/2013/3/29/4158594/password-denied-when-will-apple-get-serious-about-security --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.