From rforno at infowarrior.org Sat Nov 2 08:58:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Nov 2013 09:58:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?RIAA_and_BPI_Use_=93Pirated=94_C?= =?windows-1252?q?ode_on_Their_Websites?= Message-ID: RIAA and BPI Use ?Pirated? Code on Their Websites ? Ernesto ? November 2, 2013 It turns out that even the most vocal anti-piracy advocates are guilty of infringing the copyrights of others on the Internet. TorrentFreak has discovered that the websites of the music industry groups RIAA and BPI have removed the copyright notices from popular web software, violating the open source licenses these scripts are distributed under. Copyright is a double-edged sword, and those who sharpen one side often get cut by the other. Two weeks ago we reported that the new Healthcare.gov website had stripped the copyright notice from one of the scripts it used. This blatant act of ?piracy? prompted us to take a closer look at the websites of several anti-piracy organizations, and today we present our findings. As it turns out the U.S. Government is not the only one violating copyright licenses. The websites of music industry groups RIAA and BPI also use infringing code. On both sites we found open source JQuerys scripts that are released under the MIT license. This license permits any person or organization to use, copy, modify, merge, distribute, or even sell copies of the software. There?s only one condition users have to agree to; that the original copyright notice stays intact. Ironically, the scripts used on the RIAA and BPI websites have the copyright licenses removed. BPI uses the depreciated template script jQuery.tmpl.min.js, and as can be seen below, yesterday there was no reference to the MIT license or the copyright holder listed at the top of the file. < - > http://torrentfreak.com/riaa-and-bpi-use-pirated-code-on-their-websites-131102/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 2 08:59:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Nov 2013 09:59:47 -0400 Subject: [Infowarrior] - UK: Snowden reporter's partner involved in 'espionage' and 'terrorism' Message-ID: <42FF8932-3E58-465F-A636-236E42A14019@infowarrior.org> UK: Snowden reporter's partner involved in 'espionage' and 'terrorism' By Mark Hosenball WASHINGTON | Fri Nov 1, 2013 7:23pm EDT http://www.reuters.com/article/2013/11/01/us-uk-nsa-idUSBRE9A013O20131101 (Reuters) - British authorities claimed the domestic partner of reporter Glenn Greenwald was involved in "terrorism" when he tried to carry documents from former U.S. intelligence contractor Edward Snowden through a London airport in August, according to police and intelligence documents. Greenwald's partner, David Miranda, was detained and questioned for nine hours by British authorities at Heathrow on August 18, when he landed there from Berlin to change planes for a flight to Rio De Janeiro, Brazil. After his release and return to Rio, Miranda filed a legal action against the British government, seeking the return of materials seized from him by British authorities and a judicial review of the legality of his detention. At a London court hearing this week for Miranda's lawsuit, a document called a "Ports Circulation Sheet" was read into the record. It was prepared by Scotland Yard - in consultation with the MI5 counterintelligence agency - and circulated to British border posts before Miranda's arrival. The precise date of the document is unclear. "Intelligence indicates that Miranda is likely to be involved in espionage activity which has the potential to act against the interests of UK national security," according to the document. "We assess that Miranda is knowingly carrying material the release of which would endanger people's lives," the document continued. "Additionally the disclosure, or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism..." Miranda was not charged with any offense, although British authorities said in August they had opened a criminal investigation after initially examining materials they seized from him. They did not spell out the probe's objectives. A key hearing on Miranda's legal challenge is scheduled for next week. The new details of how and why British authorities decided to act against him, including extracts from police and MI5 documents, were made public during a preparatory hearing earlier this week. British authorities have said in court that items seized from Miranda included electronic media containing 58,000 documents from the U.S. National Security Agency and its British counterpart, Government Communications Headquarters (GCHQ). Greenwald, who previously worked for Britain's Guardian newspaper, has acknowledged that Miranda was carrying material supplied by Snowden when he was detained. In an email to Reuters, Greenwald condemned the British government for labeling his partner's actions "terrorism." "For all the lecturing it doles out to the world about press freedoms, the UK offers virtually none...They are absolutely and explicitly equating terrorism with journalism," he said. Separately on Friday, media disclosed details of an open letter Snowden issued to Germany from his place of exile in Russia, in which he says his revelations have helped to "address formerly concealed abuses of the public trust" and added that "speaking the truth is not a crime. Snowden said he was counting on international support to stop Washington's "persecution" of him for revealing the scale of its worldwide phone and Internet surveillance. Steven Aftergood, a secrecy expert with the Federation of American Scientists, said that given the nature of the material that Miranda was carrying, a harsh response by British authorities was not unexpected. "It seems that UK authorities were attempting to seize or recover official documents, to which they arguably have a claim," Aftergood said. "The authorities' action was harsh, but not incomprehensible or obviously contrary to law." In a separate document read into the court record, MI5, also known as the Security Service, indicated British authorities' interest in Miranda was spurred by his apparent role as a courier ferrying material from Laura Poitras, a Berlin-based filmmaker, to Greenwald, who lives with Miranda in Brazil. "We strongly assess that Miranda is carrying items which will assist in Greenwald releasing more of the NSA and GCHQ material we judge to be in Greenwald's possession," said the document, described as a "National Security Justification" prepared for police. "Our main objectives against David Miranda are to understand the nature of any material he is carrying, mitigate the risks to national security that this material poses," the document added. A spokesman for the British Embassy in Washington had no comment on the court proceedings or documents. (Editing by Warren Strobel and Ken Wills) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 2 09:21:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Nov 2013 10:21:27 -0400 Subject: [Infowarrior] - NIST Initiating Review of Cryptographic Standards Development Process Message-ID: NIST Initiating Review of Cryptographic Standards Development Process http://csrc.nist.gov/groups/ST/crypto-review/index.html Recent news reports about leaked classified documents have caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process. NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the worldwide cryptography community to help us develop and vet algorithms included in our cryptographic guidance. NIST endeavors to promote confidence in our cryptographic guidance through these inclusive and transparent development processes, which we believe are the best in use. Trust is crucial to the adoption of strong cryptographic algorithms. To ensure that our guidance has been developed according the highest standard of inclusiveness, transparency and security, NIST has initiated a formal review of our standards development efforts. We are compiling our goals and objectives, principles of operation, processes for identifying cryptographic algorithms for standardization, methods for reviewing and resolving public comments, and other important procedures necessary for a rigorous process. Once complete, we will invite public comment on this process. We also will bring in an independent organization to conduct a formal review of our standards development approach and to suggest improvements. Based on the public comments and independent review, we will update our process as necessary to make sure it meets our goals for openness and transparency, and leads to the most secure, trustworthy guidance practicable. Furthermore, we will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines. If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible. Our mission is to protect the nation?s IT infrastructure and information through strong cryptography. We cannot carry out that mission without the trust and assistance of the world?s cryptographic experts. We?re committed to continually earning that trust. Contact: Donna Dodson, Chief, Computer Security Division donna.dodson at nist.gov --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 2 09:28:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Nov 2013 10:28:09 -0400 Subject: [Infowarrior] - Happy 25th, Morris Worm Message-ID: <58D5515C-476E-4664-917C-D4796DA74444@infowarrior.org> Eye-opening ?Morris worm? turns 25 tomorrow Here?s how a Boston PBS station covered the story at the time By Paul McNamara on Fri, 11/01/13 - 7:00am. On Nov. 2, 1988, mainstream America learned for the first time that computers get viruses, too, as what would become known as the Morris worm - named for its author, Cornell University student Robert Tappan Morris - made front-page headlines after first making life miserable for IT professionals. TV news coverage from the time, plucked off YouTube, offers a telling look at how computer viruses were perceived (or not) at the time. Here's a clip from a rather melodramatic newscast by the Boston PBS affiliate, followed by a transcript for those who prefer to read: < - > http://www.networkworld.com/community/blog/eye-opening-%E2%80%98morris-worm%E2%80%99-turns-25-tomorrow From rforno at infowarrior.org Sat Nov 2 10:18:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Nov 2013 11:18:17 -0400 Subject: [Infowarrior] - FNC's Napolitano: A government of secrecy and fear Message-ID: A government of secrecy and fear -- why Edward Snowden deserves the thanks of every freedom-loving American By Judge Andrew P. Napolitano Published October 24, 2013 FoxNews.com http://www.foxnews.com/opinion/2013/10/24/government-secrecy-and-fear-why-edward-snowden-deserves-thanks-every-freedom/ Every American who values the rights to life, liberty and the pursuit of happiness, every American who enjoys the right to be different and the right to be left alone, and every American who believes that the government works for us and we don?t work for the government should thank Edward Snowden for his courageous and heroic revelations of the National Security Agency?s gargantuan spying operations. Without Snowden?s revelations, we would be ignorant children to a paternalistic government and completely in the dark about what the government sees of us and knows about us. And we would not know that it has stolen our freedoms. When I saw Snowden?s initial revelation -- a two-page order signed by a federal judge on the FISA court -- I knew immediately that Snowden had a copy of a genuine top-secret document that even the judge who signed it did not have. Without Snowden?s revelations, we would be ignorant children to a paternalistic government and completely in the dark about what the government sees of us and knows about us. The NSA reluctantly acknowledged that the document was genuine and claimed that all its snooping on the 113,000,000 Verizon customers covered by that order was lawful because it had been authorized by that federal judge. The NSA also claims that as a result of its spying, it has kept us safe. I reject the argument that the government is empowered to take our liberties -- here, the right to privacy -- by majority vote or by secret fiat as part of an involuntary collective bargain that it needs to monitor us in private in order to protect us in public. The government?s job is to keep us free and safe. If it keeps us safe but not free, it is not doing its job. Since the revelations about Verizon, we have learned that the NSA has captured and stored in its Utah computers the emails, texts, telephone conversations, utility bills, bank statements, credit card statements and digital phone books of everyone in America for the past two and a half years. It also has captured hundreds of millions of phone records in Brazil, France, Germany and Mexico -- all U.S. allies -- and it has shared much of the seized raw American data with intelligence agencies in Great Britain and Israel. Its agents have spied on their girlfriends and boyfriends literally thousands of times, and they have combed the collected raw data and selectively revealed some of it to law enforcement. All of this directly contradicts the Constitution. And, if all of this is not enough to induce one to realize that the Orwellian future is here thanks to the secret governments of George W. Bush and Barack Obama, Snowden also revealed that the NSA can hack into anyone?s mobile phone, even when it is turned off, and use each phone as a listening device and as a GPS to track whoever possesses it. When Gen. Keith Alexander, the head of the NSA, was confronted with this litany of unlawful and unconstitutional behavior, he replied by claiming that his spies have saved the U.S. from 54 terrorist plots. He pleaded with lawmakers not to strip him of the power to spy or of the billions they have given him to spend on spying, lest another 9/11 plot befall us. Many Americans were willing to make this trade: spy on 330,000,000 Americans in order to stop 54 plots. But the government lacks the moral and constitutional power to compel this trade, because the right to privacy is a personal, individual and inalienable right, and so it cannot lawfully be taken away by majority vote (which never happened) or by secret fiat (which did happen). The government also lacks the authority to spy without legal constraint on anyone it wishes, because that violates the Constitution and fundamentally changes our open and free society. All-hearing ears and all-seeing eyes and unconstrained power exercised in secret are a toxic mix destined to destroy personal freedom. Now we know that Alexander has lied yet again to a congressional committee. He recently acknowledged that the number of plots foiled is not the stated-under-oath 54, but is either two or three. He won?t say which two or three or how spying on every American was the only lawful or constitutional way to uncover these plots. He also won?t say why he originally said 54, instead of two or three; but he did say last week that he will retire next spring. This is maddening. The government breaks the law it has been hired to enforce and violates the Constitution its agents have sworn to uphold; it gets caught and lies about it; and no one in government is punished or changes his behavior. Then we realize that the so-called court that authorized all of this is not a court at all. Federal judges may only exercise the judicial function when they are addressing cases or controversies; and their opinions only have the force of law when they emanate from that context. But when federal judges serve an essentially clerical function, they are not serving as judges, their opinions are self-serving and legally useless, and their apparent imprimatur upon spying gives it no moral or legal legitimacy. All of this -- which is essentially undisputed -- leads me to the question: Where is the outrage? I think the government has succeeded in so terrifying us at the prospect of another 9/11 that we are afraid to be outraged at the government when it claims to be protecting us, no matter what it does. C.S. Lewis once remarked that the greatest trick the devil has pulled off is convincing us that he does not exist. The government?s greatest trick has been persuading us to surrender our freedoms. Will we ever get them back? The answer to that depends upon the fidelity to freedom of those in whose hands we have reposed the Constitution for safekeeping. At present, those hands are soiled with the filth of totalitarianism and preoccupied with the grasp of power. And they seem to be getting dirtier and their grip tighter every day. Andrew P. Napolitano, a former judge of the Superior Court of New Jersey, is the senior judicial analyst at Fox News Channel. Judge Napolitano has written seven books on the U.S. Constitution. His latest is ?Theodore and Woodrow: How Two American Presidents Destroyed Constitutional Freedom.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 4 09:25:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Nov 2013 10:25:17 -0500 Subject: [Infowarrior] - CIA made doctors torture suspected terrorists after 9/11, taskforce finds Message-ID: CIA made doctors torture suspected terrorists after 9/11, taskforce finds Doctors were asked to torture detainees for intelligence gathering, and unethical practices continue, review concludes ? Sarah Boseley, health editor ? The Guardian, Sunday 3 November 2013 http://www.theguardian.com/world/2013/nov/04/cia-doctors-torture-suspected-terrorists-9-11 Doctors and psychologists working for the US military violated the ethical codes of their profession under instruction from the defence department and the CIA to become involved in the torture and degrading treatment of suspected terrorists, an investigation has concluded. The report of the Taskforce on Preserving Medical Professionalism in National Security Detention Centres concludes that after 9/11, health professionals working with the military and intelligence services "designed and participated in cruel, inhumane and degrading treatment and torture of detainees". Medical professionals were in effect told that their ethical mantra "first do no harm" did not apply, because they were not treating people who were ill. The report lays blame primarily on the defence department (DoD) and the CIA, which required their healthcare staff to put aside any scruples in the interests of intelligence gathering and security practices that caused severe harm to detainees, from waterboarding to sleep deprivation and force-feeding. The two-year review by the 19-member taskforce, Ethics Abandoned: Medical Professionalism and Detainee Abuse in the War on Terror, supported by the Institute on Medicine as a Profession (IMAP) and the Open Society Foundations, says that the DoD termed those involved in interrogation "safety officers" rather than doctors. Doctors and nurses were required to participate in the force-feeding of prisoners on hunger strike, against the rules of the World Medical Association and the American Medical Association. Doctors and psychologists working for the DoD were required to breach patient confidentiality and share what they knew of the prisoner's physical and psychological condition with interrogators and were used as interrogators themselves. They also failed to comply with recommendations from the army surgeon general on reporting abuse of detainees. The CIA's office of medical services played a critical role in advising the justice department that "enhanced interrogation" methods, such as extended sleep deprivation and waterboarding, which are recognised as forms of torture, were medically acceptable. CIA medical personnel were present when waterboarding was taking place, the taskforce says. Although the DoD has taken steps to address concerns over practices at Guant?namo Bay in recent years, and the CIA has said it no longer has suspects in detention, the taskforce says that these "changed roles for health professionals and anaemic ethical standards" remain. "The American public has a right to know that the covenant with its physicians to follow professional ethical expectations is firm regardless of where they serve," said Dr Gerald Thomson, professor of medicine emeritus at Columbia University and member of the taskforce. He added: "It's clear that in the name of national security the military trumped that covenant, and physicians were transformed into agents of the military and performed acts that were contrary to medical ethics and practice. We have a responsibility to make sure this never happens again."The taskforce says that unethical practices by medical personnel, required by the military, continue today. The DoD "continues to follow policies that undermine standards of professional conduct" for interrogation, hunger strikes, and reporting abuse. Protocols have been issued requiring doctors and nurses to participate in the force-feeding of detainees, including forced extensive bodily restraints for up to two hours twice a day. Doctors are still required to give interrogators access to medical and psychological information about detainees which they can use to exert pressure on them. Detainees are not permitted to receive treatment for the distress caused by their torture. "Putting on a uniform does not and should not abrogate the fundamental principles of medical professionalism," said IMAP president David Rothman. "'Do no harm' and 'put patient interest first' must apply to all physicians regardless of where they practise."The taskforce wants a full investigation into the involvement of the medical profession in detention centres. It is also calling for publication of the Senate intelligence committee's inquiry into CIA practices and wants rules to ensure doctors and psychiatrists working for the military are allowed to abide by the ethical obligations of their profession; they should be prohibited from taking part in interrogation, sharing information from detainees' medical records with interrogators, or participating in force-feeding, and they should be required to report abuse of detainees. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 4 13:19:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Nov 2013 14:19:38 -0500 Subject: [Infowarrior] - =?windows-1252?q?Death_Of_=93Early_Bird=94_Epitom?= =?windows-1252?q?izes_What=92s_Wrong_With_The_Pentagon?= Message-ID: Death Of ?Early Bird? Epitomizes What?s Wrong With The Pentagon Author: Daniel Goure, Ph.D. Date: Monday, November 04, 2013 http://www.lexingtoninstitute.org/death-of-early-bird-epitomizes-whats-wrong-with-the-pentagon?a=1&c=1171 Gregory Lubold's story in Situation Report on the Department of Defense's termination of its widely read and influential daily news summary, the Early Bird, is a case study in bad Pentagon decision making. On its face, the decision makes little sense. With 1.5 million daily subscribers, the Early Bird was outperforming every other defense-related news outlet and most general news sources. It provided defense officials and the broader national security community with what can reasonably be described as a comprehensive common operating picture of the international defense news environment. If this were a commercial operation, it would be considered a gold mine. The Pentagon could have made money by selling advertising space in the Early Bird, offsetting part of the cost of sequestration. According to Lubold, four reasons were given for the decision. First, Pentagon Public Affairs discovered something called the Internet which supported more rapid, convenient and broad-based access to news. Second, the Early Bird risked copyright infringement because it failed to provide links to the original source for its stories. Never mind that dozens of foreign affairs and defense news compilers on the Internet do this routinely, including the aforementioned Situation Report. Third, and most significant, the Early Bird had become "too influential." According to the individual behind the execution order, Colonel Steve Warren, "people would organize their day around what was in the Early Bird." The fourth reason was that the publication was seen by some (of course unidentified) as serving the Pentagon?s public relations interests rather than providing honest and full spectrum reportage, or ?situational awareness,? to use the military?s term. The four-part explanation for the demise of the Early Bird frames perfectly the problems with the way the Pentagon operates. It failed to recognize and respond to new information technologies and communications systems. It wasn?t just a late adopter; it persisted for decades in the belief that it could ignore technology. Then it failed to learn from the innovations made by the private sector in the exploding world of electronic information. Every electronic information provider, many of who are connected to Washington-based think tanks and public policy institutions, has learned how to attach links to information sources, except for the Pentagon. But rather than modernizing its product and delivery, Pentagon Public Affairs decided ?what the heck? and just cancelled the whole thing. But when it comes to dysfunctional decision making, nothing beats the rationale that the Early Bird needed to be cancelled because it was ?too influential.? The Early Bird broke no stories; it merely reported what was already out in the public domain. The military talks endlessly about the need for improved situational awareness and the development of common operating pictures. Because the Early Bird provided situational awareness in a timely manner that enabled defense officials to respond agilely and flexibly to issues and problems, it needed to be cancelled. Does that make sense? People inside and outside government responded to its stories because they had to. Heaven forbid that anyone in the Pentagon should be required to spend their day responding to a story that reflects poorly on the Department of Defense, its decisions or any of its programs. Or is the idea that no one at the Pentagon listens to the major news outlets, reads newspapers or subscribes to defense and foreign policy periodicals and consequently they won?t have to address stories about problems in the department if the Early Bird is cancelled? What if the reason the Early Bird appeared too influential is that program managers, senior civilians and military leaders figured that they could avoid dealing with problems until they appeared in major media stories and, hence, in the Early Bird? Only government bureaucrats could define the problem as too much information and believe that the solution is to shut down the source. I have a better idea. How about closing the Pentagon Public Affairs operation? If one criticism of the Early Bird was that at times it appeared to act as a public relations front for the department then solve that problem by firing the public relations people. We can start with the genius who came up with the idea of cancelling the Early Bird. But let?s get rid of the whole organization, all the way up to the Assistant Secretary. That way the department will not have to hear bad news and there won?t be anybody around to respond to stories put out by other sources. The Pentagon would save money and, like the three monkeys, see, hear and speak no evil. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 4 16:40:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Nov 2013 17:40:15 -0500 Subject: [Infowarrior] - DIRNSA likely to lose CYBERCOM Message-ID: <8B020464-4A37-4261-BEE3-9AAC98770806@infowarrior.org> November 04, 2013, 06:00 am NSA chief likely to lose cyber war powers By Brendan Sasso http://thehill.com/blogs/hillicon-valley/technology/189036-nsa-chief-likely-to-be-stripped-of-cyber-war-powers Senior military officials are leaning toward removing the National Security Agency director?s authority over U.S. Cyber Command, according to a former high-ranking administration official familiar with internal discussions. Keith Alexander, a four star general who leads both the NSA and Cyber Command, plans to step down in the spring. No formal decision has been made yet, but the Pentagon has already drawn up a list of possible civilian candidates for the next NSA director, the former official told The Hill. A separate military officer would head up Cyber Command, a team of military hackers that trains for offensive cyberattacks and protects U.S. computer systems. The administration might also decide to have two military officers lead the two agencies. The fact that the administration is considering whether to split the commands isn?t a direct response to the revelations about the NSA?s surveillance operations, but it does reflect growing concern over the power of the NSA director and a shortage of oversight of the position. It also is an indication of the growing importance of cyberattacks in military operations. But Alexander is lobbying policymakers to keep the positions united. ?I believe it has to remain dual-hatted,? he said last month during a discussion on cybersecurity hosted by Politico. ?If you try to break them up, what you have is two teams not working together. Our nation can't afford, especially in this budget environment, to have one team try to rebuild what the other team does,? he said. Laura Magnuson, a White House spokeswoman, declined to comment on the decision, noting that Alexander would not retire until next year. Congress is also reviewing whether one official should lead both the NSA and Cyber Command. ?Oh yeah, we're looking at it,? Senate Armed Services Committee Chairman Carl Levin (D-Mich.) told The Hill. ?I hope they're [the administration] looking at it too.? But Levin said he doesn't have any final thoughts on what the Pentagon should do. Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, argued that uniting the two commands centralizes too much power in the hands of one general. ?Some things are better to have two centers of power,? Healey said. ?If you have just one, it's more efficient, but you end up making dumb decisions.? He argued that the current command structure is leading the United States to both conduct more surveillance and be more aggressive in attacking enemy computer networks. Alexander has so much clout within the administration that few are able to challenge him on national security issues, Healey said. He argued the government would never, for example, put one general in charge of gathering intelligence in China, commanding covert forces against China and setting policy toward China. ?We've now created a center of power that we would never allow in any other area,? Healey said. ?And it certainly shouldn't be allowed in something so critical to our future and national security as the Internet and cyberspace.? Adam Segal, a senior fellow at the Council on Foreign Relations, said the current command structure makes it difficult for anyone to fully oversee Alexander. As NSA director, Alexander reports to James Clapper, the director of national intelligence. But for his Cyber Command responsibilities, he reports to U.S. Strategic Command. There is a similarly divided oversight in Congress with the Intelligence committees having oversight of surveillance programs, but the Armed Services committees having jurisdiction over military cyber operations. ?You want to be careful that the decisionmakers are able to evaluate the costs and benefits of both espionage and our possible military operations,? Segal said. ?I think it's probably better put forward by two separate voices. That way it would be easier for them to weigh the values.? Jim Lewis, a senior fellow at the Center for Strategic and International Studies, acknowledged that there is an ?appearance problem? with centralizing so much power with one commander. But he expressed concern that Cyber Command doesn't yet have the technical expertise to operate on its own. ?It's still small; it's still growing. There's a real shortage of bodies in the U.S. government,? Lewis said. ?Cyber Command depends on NSA.? Alexander has led Cyber Command since it was created in 2009. It's based at Fort Meade in Maryland along with the NSA headquarters. ?I think Secretary [Robert] Gates and the decision and the rationale that he put into putting these together remains true today,? Alexander said at the event last month. He warned that splitting the agencies would result in fights over resources and command decisions. ?When they sit down together, you know what they call themselves? Team Cyber,? Alexander said. ?They act as a team all the way, and the reason is we treat them as one team, not two. And that's what our nation needs.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 5 07:13:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Nov 2013 08:13:28 -0500 Subject: [Infowarrior] - South Korea is stuck with Internet Explorer for online shopping because of security law Message-ID: South Korea is stuck with Internet Explorer for online shopping because of security law By Chico Harlan http://www.washingtonpost.com/world/asia_pacific/due-to-security-law-south-korea-is-stuck-with-internet-explorer-for-online-shopping/2013/11/03/ffd2528a-3eff-11e3-b028-de922d7a3f47_print.html SEOUL ? South Korea is renowned for its digital innovation, with coast-to-coast broadband and a 4G LTE network that reaches into Seoul?s subway system. But this tech-savvy country is stuck in a time warp in one way: its slavish dependence on Internet Explorer. For South Koreans who use other browsers such as Chrome or Safari, online shopping often begins with a pop-up notice warning that they might not be able to buy what they came for. ?Purchases can only be made through Internet Explorer,? says one such message on the Web site of Asiana Airlines, one of South Korea?s two major carriers. In much of the world, Internet Explorer, initially developed by Microsoft in the 1990s, has faced fierce competition from browsers developed by Google and Apple. IE is bashed by tech snobs as a BlackBerry-like bygone. Internet Explorer?s fall has been profound enough that its own video ads have poked fun at its image as ?ancient? ? but it argues at its Web site ?browseryoulovedtohate? that the the latest versions, IE 9 and IE 10, are vastly improved and give the company a shot at ?browser redemption?. But South Koreans remain captive to laws passed 14 years ago, which ? in the name of Internet security ? require citizens to bank and make nearly all purchases with Internet Explorer. Three-quarters of the country?s Web usage involves Internet Explorer, according to a measurement by the Web analytics firm StatCounter ? among the highest in the world. Internet Explorer is nearly as much a part of a Korean computer as the screen itself. ?Internet Explorer has bugs. It freezes. It requires all these annoying updates,? said Lee Dong-won, a 35-year-old businessman. ?But everybody I know uses it,? said Seo Yeon-ho, a 25-year-old design student. Only the daring stray from Internet Explorer ? and when they do, they need to come up with some other way to shop and pay bills online. Those with computers that run Windows have no problem: Even if they otherwise browse through Chrome or Firefox, they can still double-click on IE when it?s time to make purchases. But those with Apple computers ? for which IE isn?t available ? have it harder. Some go to Internet cafes. Some rely on their office desktops. Some dash into hotel business centers. Some hold on to their old computers and boot them up when it?s time to make purchases. Still others depend on a secret weapon called Boot Camp, a software program that allows a Mac to run Windows. ?Just look at this,? one salesman said at an Apple reseller in downtown Seoul, demonstrating on a laptop that he pulled out from behind the help desk. All it takes to buy a plane ticket on an Apple computer in South Korea, he said, is the $70 special software and a $250 copy of Windows 7. ?No problem,? he said, smiling. Security concerns The story of how South Korea became dependent on Internet Explorer begins in the late 1990s. South Korea?s government was among the first to encourage shopping and banking online, but many people were concerned about Internet safety. The government?s goal was to make Internet shopping nearly as secure as a trip to a small-town market, one where vendors know all their customers by name and face. To reassure South Korean customers, the government created its own system to authenticate the identities of online buyers. To make purchases, shoppers had to supply their names and social security numbers and apply for government-issued ?digital certificates,? which they could present to sellers as proof of ID. The whole process took just a few clicks. But the back-and-forth was technologically complicated, and it came with a catch: It required a piece of additional software, or ?plugin,? known as ActiveX ? which is also made by Microsoft and worked in tandem only with Internet Explorer. That system, implemented in 1999, remains largely in place today. The certificates are not necessary on international sites such as eBay and Amazon, in which credit card information is passed from buyer to seller ? and verified by a third, private party ? with technology built into Web browsers. And under the law, the government-issued certificates are necessary only for transactions above 300,000 won ? about $280. But cheaper purchases inside the country are subject to a separate but similarly restrictive certificate system created by Internet sellers and credit card companies. South Korean Internet security officials insist that the certificates are necessary to maintain trust on the Internet, though they have been recently approved two approaches ? rarely used ? for smaller purchases that don?t require ActiveX. Neither Samsung nor Apple, the warring tech giants, has been involved in drafting the security standards, but the regulations tend to favor South Korea?s most iconic company, whose computers use Windows. On tablets and smartphones, South Koreans don?t need any particular browser for purchases ? but they do need to download special security apps that meet government standards. Users vs. retailers Many Koreans say they are happy, in theory, to trade a little inconvenience for the sake of security. But critics here argue that the dependence on Internet Explorer has actually made the nation more vulnerable to malware. They point to a string of massive data thefts and cyberattacks in recent years. In current versions of Internet Explorer, Web surfers must approve the use of ActiveX by clicking ?Yes? to a question asking whether to proceed. This gives users the chance to avoid accessing or passing along untrusted material. But South Koreans are so accustomed to saying ?yes? that they sometimes mistakenly download malicious software. ?The fiction is that our [e-commerce] system is safer,? said Park Kyung-sin, director of Open Net, a nonprofit organization in Seoul. ?But in the end it makes it easier for hackers. This culture of saying ?yes? to unknown software has really downgraded people?s vigilance.? In South Korea?s National Assembly, a small group of lawmakers is pushing a bill to loosen the security laws. ?We?ve fallen behind the times, and we?re clinging to an old tech trend,? said Lee Jong-kul, an opposition party member who drafted the legislation. Few South Korean computer users are campaigning to keep the current system. The greater obstacle comes from the government itself, and from the major banks and credit card companies that have followed its path. When Aladin, Korea?s fourth-largest online bookseller, tried this year to institute a system similar to PayPal?s, a slew of domestic credit card companies rejected the payments. Chung Tae-young, the chief executive of Hyundai Card, wrote on Twitter that Aladin?s system ?wasn?t safe.? Aladin relented and resorted to its traditional ?inconvenient? sales method, company spokesman Kim Seong-dong said. ?I think the payment process in Korea must create a lot of jobs,? Kim said. ?Because all the Internet shopping retailers need customer service reps to deal with the disgruntled customers.? Yoonjung Seo contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 5 08:07:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Nov 2013 09:07:32 -0500 Subject: [Infowarrior] - IG: DHS cybersecurity tools, training not up to par Message-ID: <3C31BD59-D65B-483D-B38D-BA5817A7CCF9@infowarrior.org> IG: DHS cybersecurity tools, training not up to par By: Tony Romm November 5, 2013 05:06 AM EST http://dyn.politico.com/printstory.cfm?uuid=170C01EB-3708-4D54-A5A8-D513E58FF517 The Department of Homeland Security has struggled to respond to cybersecurity threats and disseminate information about them because of lingering technical, funding and staffing woes, according to the agency?s inspector general. As hackers increasingly take aim at U.S. banks and other top targets, DHS still lacks some tools to track the attacks, desperately needs additional analysts to interpret and share its information in real time and lags in its efforts to train its existing cybersecurity workforce, the watchdog found in a report released Monday. The inspector general?s audit ? conducted between January and May ? comes at a time of total flux for DHS, which currently lacks a leader. President Barack Obama has nominated Jeh Johnson for the post; he?s yet to have a confirmation hearing. In the meantime, though, DHS is center stage in the Obama administration?s ongoing campaign to raise the country?s digital defenses. An executive order signed by the president in February tasks the agency with standing up a new system to share threat data with industry while encouraging those businesses to improve their cybersecurity practices. That itself represents a daunting undertaking ? and it?s one DHS faces as it also confronts lingering structural issues in its existing cybersecurity programs. As it?s currently organized, the agency?s National Protection and Programs Directorate houses its cybersecurity work. A key component to that setup is the National Cybersecurity and Communications Integration Center, known as the NCCIC. The center serves as a 24/7 hub that works with other elements of the federal government as well as state and business leaders on cybersecurity. The NCCIC is relatively new, and it has worked hard to establish partnerships with federal and state agencies while issuing bulletins on cyberthreats as they emerge, according to the inspector general?s report, which was completed in late October. But the audit also revealed the center and other DHS branches still face ?challenges in sharing cyber threat information with other federal cyber operations centers.? For one, NCCIC and federal cyber operations centers lack a single, common management system that ?tracks, shares and coordinates cyber information with each other,? the report found. It?s not to say there aren?t any tools at DHS for tracking cybersecurity incidents, the inspector general noted or that the agency?s leaders aren?t communicating with each other. Rather, DHS has many security bulletins and cyber incident details living in disparate databases, which aren?t ?seamlessly? connected and coordinated. ?[N]o single entity combines all information available from these centers and other sources to provide a continuously updated, comprehensive picture of cyberthreat and network status to provide indications and warning of imminent incidents, and to support a coordinated incident response,? the inspector general reported. For its part, DHS indicated in its September reply to the IG that it was working on a fix and would deploy new tools to share cybersecurity threat data beginning in the 2014 fiscal year. And an agency spokesman told POLITICO it?s already making strides to fix all the areas its inspector general had highlighted ? including ?establishing common cyber tools.? ?The Department of Homeland Security actively collaborates and shares information with public- and private-sector partners every day to respond to and coordinate mitigation in the face of attempted disruptions to the nation?s critical cyber and communications networks and to reduce adverse impacts on critical network systems,? the aide said. Perhaps exacerbating those internal technical troubles are the serious staffing woes at the agency, the report further found. An agency in the DHS umbrella that provides operational support and cyberthreat analysis ?can currently provide coverage only for 14 hours per day for 5 days per week,? according to the inspector general, leaving ?a weekly total of 98 hours? that it?s ?not providing coverage support.? And there?s a similar staffing shortage at the Industrial Control Systems Cyber Emergency Response Team, a DHS entity. ?ICS-CERT does not currently have the required personnel to assist in the continuous operations? at its current levels, according to the study. In part, the inspector general and DHS agreed that funding shortages contributed to some of the staffing troubles. For those already hired, the IG expressed concerns that existing training resources are insufficient. The NCCIC ?does not have sufficient resources to provide specialized training to incident responders,? the report documented, noting that a review of the center?s records between 2009 and 2013 revealed only 10 analysts of 22 analysts had ?technical training.? The IG points to sequestration, however, as one driving factor behind the delay ? and DHS said it would further ?expand? its training once more money is available. ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 5 15:39:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Nov 2013 16:39:18 -0500 Subject: [Infowarrior] - =?windows-1252?q?Don=92t_Compare_The_Brazilian_Sp?= =?windows-1252?q?ying_Case_To_The_NSA=92s_Mass_Surveillance_Efforts?= Message-ID: <94CC7886-6546-4701-94C9-C85BF91C64A0@infowarrior.org> Don?t Compare The Brazilian Spying Case To The NSA?s Mass Surveillance Efforts http://techcrunch.com/2013/11/05/dont-compare-the-brazilian-spying-case-to-the-nsas-mass-surveillance-efforts/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 5 17:39:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Nov 2013 18:39:28 -0500 Subject: [Infowarrior] - Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant Message-ID: <29634A08-DA91-4EC3-9670-CBA781D93DB1@infowarrior.org> Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant http://www.techdirt.com/articles/20131105/11325125139/former-dhsnsa-official-attacks-bruce-schneier-with-bizarre-factually-incorrect-non-sensical-rant.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 5 19:15:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Nov 2013 20:15:17 -0500 Subject: [Infowarrior] - Congress Sells Out To Wall Street, Again Message-ID: Congress Sells Out To Wall Street, Again http://www.zerohedge.com/news/2013-11-05/guest-post-congress-sells-out-wall-street-again The U.S. House just passed a bill called H.R. 992 ? the Swaps Regulatory Improvement Act ? that was literally written by mega-bank lobbyists. It repeals the laws passed in 2010 to prevent another meltdown like the one that crashed our economy in 2008. The repeal was cosponsored by a former Goldman Sachs executive and passed with bipartisan support from some of the House?s largest recipients of Wall Street cash. It?s so appalling? so unbelievable? so blatantly corrupt? that you?ve got to see it to believe it: In 2010, Congress passed the ?Dodd-Frank? law to clamp down on risky ?derivatives trading? that led to the financial collapse of 2008. Dodd-Frank was weakened by banking lobbyists from the start and has been under attack by those lobbyists ever since. Now a new law written by Citigroup lobbyists (we couldn?t make this stuff up if we tried) exempts derivatives trading from regulation, and was passed this week by the House of Representatives with broad bipartisan support. It sounds bad? but don?t worry, it gets much, much worse: ? The New York Times reports that 70 of the 85 lines in the new House bill were literally written by Citigroup lobbyists (Citigroup was one of the mega-banks that brought our economy to its knees in 2008 and received billions in taxpayer money.) ? The same report also revealed ?two crucial paragraphs?were copied nearly word for word.? You can even view the original documents and see how Citigroup?s lobbyists redrafted the House Bill, striking out ideas they didn?t like and replacing them with ones they did. ? The bills are sponsored by Randy Hultgren (R ? IL), and co-sponsored by Rep. Jim Himes (D-CT) and others. Himes is a former Goldman Sachs executive, and chief fundraiser for the Democratic Congressional Campaign Committee. ? Maplight reports that the financial industry is the top source of campaign funding for 6 of the bills? 8 cosponsors. ? Maplight?s data shows that members of the House received $22,425,740 million from interest groups that support the bill ? that?s 5.8 times more than it received from interest groups opposed. ? ?House aides, when asked why Democrats would vote for this proposal even though the Obama administration opposes it, offered a political explanation. Republicans have enough votes to pass it themselves, so vulnerable House Democrats might as well join them, and collect industry money for their campaigns.? ? New York Times Yep, it?s actually that bad. For the full story, check out this revealing piece by Represent.Us Communications Director Mansur Gidfar. You can also find out if your Rep. voted for H.R.992 here. We elect Representatives to the House to represent us, the people ? but both parties now refuse to do the job we elected them to do. And they won?t until we force them to. The American Anti-Corruption Act would stop this corruption, and Represent.Us is the movement behind the Act. Together, we can make blatant corruption illegal with simple reforms. It?s common sense that elected officials should be barred from collecting money from the industries they regulate. Help us build enough momentum to take America back. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 6 15:34:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Nov 2013 16:34:21 -0500 Subject: [Infowarrior] - UK: "journalism can be an act of terrorism" Message-ID: <26C746FB-D2AE-4940-9F04-BA3B2918CDCC@infowarrior.org> UK Gov't: David Miranda Might Be A Terrorist Because Journalism Can Be Terrorism; Also: We Had No Idea He Was A Journalist http://www.techdirt.com/articles/20131106/10352625149/uk-govt-david-miranda-might-be-terrorist-because-journalism-can-be-terrorism-also-we-had-no-idea-he-was-journalist.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 06:38:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 07:38:49 -0500 Subject: [Infowarrior] - Australian Government Announces Rare Public Consultation On TPP -- Then Bans All Journalists From Attending Message-ID: <24DFC79B-95DA-496F-8065-B6F760339EBF@infowarrior.org> Australian Government Announces Rare Public Consultation On TPP -- Then Bans All Journalists From Attending http://www.techdirt.com/articles/20131105/02334725128/australian-government-holds-rare-public-consultation-tpp-then-bans-all-journalists-attending.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 06:54:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 07:54:18 -0500 Subject: [Infowarrior] - U.S. weighs option to end dual leadership role at NSA, Cyber Command Message-ID: <4112A906-C8FE-4228-BC86-F867A8A5F42D@infowarrior.org> U.S. weighs option to end dual leadership role at NSA, Cyber Command By Ellen Nakashima http://www.washingtonpost.com/world/national-security/us-weighs-proposal-to-end-dual-leadership-role-at-nsa-cyber-command/2013/11/06/e64a23d8-4701-11e3-b6f8-3782ff6cb769_print.html The Obama administration is considering ending a controversial policy that since 2010 has placed one military official at the head of both the nation?s largest spy agency and its cyber-operations command, U.S. officials said. National Security Council officials are scheduled to meet soon to discuss the issue of separating the leadership of the National Security Agency and Cyber Command, a shift that some officials say would help avoid an undue concentration of power in one individual and separate entities with two fundamentally different missions: spying and conducting military attacks. The administration is also discussing whether the NSA should be led by a civilian. Officials said privately that the changes could help tamp the current furor over the NSA?s sweeping powers by narrowing the authorities assigned to its director. Because of heightened political sensitivities, what might ordinarily be an internal Defense Department policy matter is now being coordinated by the White House, said officials who spoke on the condition of anonymity to discuss internal deliberations. The White House sees an opportunity to address the issue with the NSA?s director, Gen. Keith Alexander, due to retire in March. Alexander has led the NSA since 2005 and Cyber Command since its full launch in 2010. He was nominated by President Obama in 2009 to head the command, which defends Pentagon networks and, when directed, attacks adversaries? computers. Administration officials say that no decision has been made. But other officials said privately that some in the administration are inclined to end the ?dual hat? practice and put a civilian at the NSA?s helm. ?The political side says, ?We?ve got to make a big change,??? said a U.S. official familiar with aspects of the deliberations. ?You can?t take all this heat you?ve been taking and not do something.? The White House has solicited views from the Pentagon and Director of National Intelligence James R. Clapper Jr. In recent weeks, Defense Secretary Chuck Hagel has outlined to the White House courses of action that could be taken, including splitting the roles and maintaining the status quo, along with the benefits of each, officials said. Meanwhile, Clapper told the White House that he believes that under Alexander?s leadership ?the dual-hat construct has worked well? and that if a policy decision is made to continue it, ?we can .?.?. make it work,? said his spokesman, Shawn Turner. But Clapper also recognizes that both are ?big jobs with an enormous amount of responsibility? and that ?there are a number of potential benefits to having separate leaders,? Turner said. He added that Clapper ?thinks it?s important to take a thorough look at the possibility of separating the positions.? Laura Lucas Magnuson, a White House spokeswoman, said: ?Obviously we?re aware that some have proposed splitting the NSA and Cyber Command positions. .?.?. The current arrangement was designed to ensure that both organizations complement each other effectively. That said, in consultation with appropriate agencies, we are always looking to ensure we are appropriately postured to address current and future security needs.? Changing the policy would run counter to positions long held by senior defense officials. Senior officials, including Alexander, have long argued that the current arrangement makes sense operationally, in part because Cyber Command depends heavily on the NSA?s capabilities. ?We all operate on the same network,? Alexander told The Washington Post last month. ?You create more problems by trying to separate them and have two people fighting over who?s in charge than putting it all together.? Hitching Cyber Command to the NSA ?has provided a much greater ability for Cyber Command to leverage the intelligence resources of NSA,? a senior defense official said in an interview this year. ?It helps Cyber Command see things from a global picture much better than they would [otherwise]. That?s a powerful relationship.? Other current and former officials have argued that the NSA and Cyber Command have such distinct missions that they deserve separate leaders. In a recent article in Foreign Affairs, James G. Stavridis, former supreme allied commander of NATO, and Dave Weinstein, a strategic planner at Cyber Command, urged decision makers to use Alexander?s departure ?as an opportunity to dissolve the marriage between the two agencies.? ?Not only do the organizations have starkly different cultures, their missions are vastly different, even contradictory,? they said. ?There is, indeed, an overlap between military and intelligence missions in cyberspace. But it was a mistake to assume that they would complement, rather than impede, each other.? The men said publicly what some military officials say privately ? that the problem with the ?dual-hatted? authority is that Alexander is ?at once an operator and a collector in cyberspace and the arbiter for both.? The result, Weinstein and Stavridis said, is ?a dizzying conundrum for his staffs in both organizations, who find themselves having to read between the lines to ascertain which hat their boss is wearing at any given time.? The Pentagon separately for several months has been studying options for the future of Cyber Command, including whether to elevate the organization to full combatant command status on a par with U.S. Central Command and U.S. Pacific Command. An alternative would be to elevate the command and give it budget authority similar to Special Operations Command. That decision also has not been made. But some officials said the discussion seems to focus on separating the organizations and elevating Cyber Command. ?The split gives you the political leeway to say, ?Now that it?s a separate command, it ought to be a combatant command,??? one official said. The move to a full combatant command seemed to be on a glide path last year, but concerns on Capitol Hill and a change in Pentagon leadership put the decision on hold. The House and Senate Armed Services Committees expect to be consulted whenever such changes are proposed, and department officials have pledged to do so. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 06:58:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 07:58:29 -0500 Subject: [Infowarrior] - Archive.Org suffers major fire at scanning center Message-ID: <2F7CA5E8-7F7B-4EA2-9752-FF14689A087B@infowarrior.org> Scanning Center Fire ? Please Help Rebuild Posted on November 6, 2013 by brewster https://blog.archive.org/2013/11/06/scanning-center-fire-please-help-rebuild/ This morning at about 3:30 a.m. a fire started at the Internet Archive?s San Francisco scanning center. The good news is that no one was hurt and no data was lost. Our main building was not affected except for damage to one electrical run. This power issue caused us to lose power to some servers for a while. Some physical materials were in the scanning center because they were being digitized, but most were in a separate locked room or in our physical archive and were not lost. Of those materials we did unfortunately lose, about half had already been digitized. We are working with our library partners now to assess. The San Francisco Fire Department was fast and great. Our city supervisor and a representative of the mayor?s office have come by to check up on us. There has been a pulling together on the Internet as news has spread. This episode has reminded us that digitizing and making copies are good strategies for both access and preservation. We have copies of the data in the Internet Archive in multiple locations, so even if our main building had been involved in the fire we still would not have lost the amazing content we have all worked so hard to collect. Fire in the Scanning Center An early estimate shows we may have lost about $600,000 worth of high end digitization equipment, and we will need to repair or rebuild the scanning building. It is in difficult times like these that we turn to our community. What help could we use? ? Funding. Your donations will help us rebuild the scanning capabilities in books, microfilm, and movies. ? Scanning. The employees affected by the fire will need continued digitization work at our alternate location while we recover. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 07:22:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 08:22:31 -0500 Subject: [Infowarrior] - Twitter IPOs today Message-ID: (I'm not interested in the social media stock mania -- and remember, most times 'IPO" stands for "it's probably overpriced" anyway --rick) Twitter?s Market Valuation Suggests Wall St. Sees Huge Growth Potential By PETER EAVIS Twitter is a young company generating large losses as it competes in a highly uncertain sector of the economy. And that is exactly why investors clamored for a piece of its initial public offering, which closed on Wednesday evening. Twitter?s shares were priced at $26, giving the company an overall value of $18.1 billion, including stock that the company is likely to issue to employees. That makes Twitter worth more than many storied American corporations, like Alcoa and Harley-Davidson. At that valuation, each of Twitter?s 230 million users around the world is worth $78. Going by such numbers, the public offering has been a tremendous success for the company, which raised $1.8 billion from the offering, a hefty war chest. All this is impressive for a company that has racked up more than $300 million of losses in the last three years ? and may not show real profits until 2015. But investors are betting that Twitter is virtually destined to become wildly profitable as advertisers pay it increasing amounts of money to reach consumers who use the service. < - > http://dealbook.nytimes.com/2013/11/06/twitters-market-valuation-suggests-wall-st-sees-huge-growth-potential/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 07:51:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 08:51:09 -0500 Subject: [Infowarrior] - =?windows-1252?q?U=2ES=2E_to_EU=3A_Don=92t_scapeg?= =?windows-1252?q?oat_Safe_Harbor_over_NSA?= Message-ID: <6C895484-CAA5-4240-B184-61572D019844@infowarrior.org> U.S. to EU: Don?t scapegoat Safe Harbor over NSA By: Erin Mershon November 7, 2013 05:13 AM EST http://dyn.politico.com/printstory.cfm?uuid=401FEDCB-F3D4-42C6-AD50-8273CE197940 U.S. regulators are urging their European Union counterparts to preserve a more than decade-old data transfer agreement amid mounting European anger over NSA spying. An important but little-known mechanism, the Safe Harbor Framework, lets more than 3,000 companies, including Google and Facebook, process data from European citizens without running afoul of the region?s privacy laws. It has emerged as a friction point between the United States and EU as European officials move to tighten their data protection rules ? an effort that has intensified in the wake of revelations about NSA surveillance. Some EU officials, alarmed by reports of the NSA?s work with Internet companies, say Safe Harbor gives U.S. tech firms a way to skirt their more stringent privacy regime. U.S. officials, however, maintain that the Safe Harbor agreement is well-enforced and represents the best way to protect privacy across transatlantic data flows that serve millions of consumers. Compared with alternatives, the mechanism ?provides more, not less, privacy protection,? argued Commissioner Julie Brill of the Federal Trade Commission in a speech last week. Safe Harbor was formalized for the legal transfer of data between the U.S. and EU in 2000 after the EU passed a data-protection directive and determined that U.S. standards were ?inadequate.? The framework consists of seven principles on topics like notice, choice and data security, broadly modeled on European standards. American firms that want to handle or store European citizens? data have to self-certify annually with the Department of Commerce that they will abide by the standards. Breaches of that agreement are enforced by the FTC. European regulators ramped up their criticisms of the framework following the first Edward Snowden leaks this summer, pointing out that Safe Harbor specifically provides for exemptions ?to the extent necessary to meet national security, public interest or law-enforcement requirements.? European Parliament member Jan Philipp Albrecht, who authored an updated EU data protection regulation that passed out of committee last month, told U.S. officials last week that the agreement inappropriately allows U.S companies to ?circumvent? democratically established law. His draft regulation contains a so-called anti-FISA clause that would forbid U.S. companies from complying with government requests for personal data unless expressly approved by EU authorities. Since American companies can?t agree to rules that would require them to ignore lawful U.S. requests for information, the law could effectively undermine U.S.-EU data transfers. Recent NSA revelations should not ?distort? discussions about the framework, Brill has argued. Regardless of what mechanism is in place, U.S. as well as EU companies will have to comply with lawful domestic requests related to national security or law enforcement, said Jules Polonetsky, executive director of the Future of Privacy Forum, which is currently drafting a report on the Safe Harbor program. ?Europeans seem to be using [Safe Harbor] as a sacrificial lamb to express their frustration with NSA and law enforcement access to data,? he said. ?There?s a lot of misunderstanding about Safe Harbor.? If European attempts to suspend Safe Harbor are successful, U.S. companies may have to turn to alternative data transfer methods, such as ?model contracts? drafted by EU commissioners or corporate privacy rules that require approval from data protection authorities in each relevant EU country. Both options are more ?burdensome? and difficult to use than Safe Harbor, said Jeremy Mittman, an attorney with Proskauer Rose in Los Angeles who has experience drafting Safe Harbor certifications and EU model contracts. None of those mechanisms is subject to FTC enforcement or annual renewal, he said. ?One of the things to consider is, if you get rid of Safe Harbor, what are you really achieving?? Mittman said. ?Companies are going to be transferring data and they?re going to find ways to do it.? In addition to their critiques of Safe Harbor?s stringency, European regulators and others have attacked the agreement on the grounds that it is poorly enforced. EU officials released two reports critical of the program?s enforcement in 2002 and 2004, and the Australian consulting firm Galexia reported hundreds of Safe Harbor violations in a 2008 report that lambasted both the EU and the U.S. for not taking enforcement more seriously. Indeed, the FTC did not bring its first enforcement under Safe Harbor rules until 2009, and its batch of seven enforcement actions that year targeted companies for falsely advertising their Safe Harbor certification, not for any failures to protect Europeans? data. Since then, the agency has brought three Safe Harbor enforcement actions against Facebook, Google and MySpace as part of larger privacy-related investigations of the companies. Brill said the FTC hasn?t received many Safe Harbor-related referrals or complaints from Europeans and has instead taken the initiative itself to enforce the framework. Mittman and several other U.S. attorneys versed in Safe Harbor certification said their clients had not received any Safe Harbor-related complaints following successful certification. An FTC spokesman declined to comment on the specific number of complaints the agency has received. FTC Chairwoman Edith Ramirez recently jumped in to defend the agency?s enforcement efforts on Safe Harbor, telling the Trans Atlantic Consumer Dialogue forum in Brussels last week that the agency?s ?track record in consumer privacy enforcement is unrivaled among data protection authorities around the world.? The agency has been ?vigorously enforcing? a range of laws governing consumer information, she said. Both Brill and Ramirez also hinted that there are more enforcement efforts on the way, without providing details. ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 18:27:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 19:27:16 -0500 Subject: [Infowarrior] - TrueCrypt to go through a crowdfunded, public security audit Message-ID: <22D68CB3-B027-4D35-BA90-D10FDE955E3B@infowarrior.org> TrueCrypt to go through a crowdfunded, public security audit Posted on 06 November 2013 http://www.net-security.org/secworld.php?id=15899 After all the revelations about NSA?s spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, Principal Scientist at Social & Scientific Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Available for Windows, Linux and OSX, the user-friendly software is developed by unknown developers and has, so far, never been audited for intentional or unintentional security flaws. In order to fund the auditing project, Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total. The goals of the project are several: ? To implement deterministic / reproducible builds in order to be sure that the software binaries have not been tampered with. ? To do a complete source code audit conducted by a security evaluation company that is qualified to review cryptographic software. ? To do a legal review of the software licence, and see whether there is a way to allow TrueCrypt to be bundled with many of the popular Linux distributions. Green and White are hoping that the company that accepts to do the audit will also donate their employees? time or reduce the rates for this project, as well as that they will have enough money to reward bug hunters who get involved. ?We don't expect any single person to do all of this. The exact balance of payouts from our collected fund is still TBD, but we will be formalizing it soon. We also want specialists and experts, and we also want people to donate their time wherever possible,? they stated. ?The 'problem' with Truecrypt is the same problem we have with any popular security software in the post-September-5 era: we don't know what to trust anymore,? Green explained in blog post. ?But quite frankly there are other things that worry me about Truecrypt. The biggest one is that nobody knows who wrote it.? Also because there have been some indications that the Windows executable of Truecrypt 7.0a is compiled from a different source code than the one published. ?Even if the Truecrypt source code is trustworthy, there's no reason to believe that the binaries are. And many, many people only encounter Truecrypt as a Windows binary,? he pointed out. ?In short: there are numerous reasons we need to audit this software -- and move its build process onto safe, deterministic footing.? According to the latest update, they have contacted the (anonymous) TrueCrypt development team who have voiced its support for the effort. ?They did ask that we remind the community (and fellow researchers) of the TrueCrypt security model, and related caveats of what the software does and does not guarantee to do,? they noted. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 7 20:55:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Nov 2013 21:55:05 -0500 Subject: [Infowarrior] - =?windows-1252?q?Canonical_=93abused_trademark_la?= =?windows-1252?q?w=94_to_target_Ubuntu_critic?= Message-ID: Canonical ?abused trademark law? to target a site critical of Ubuntu privacy http://arstechnica.com/information-technology/2013/11/canonical-abused-trademark-law-to-target-a-site-critical-of-ubuntu-privacy/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 8 10:45:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Nov 2013 11:45:33 -0500 Subject: [Infowarrior] - Government Asks Court To Bar Opposing Lawyer From Calling It 'The Government'; Hilarity Ensues Message-ID: <0066E998-A591-43E1-AFE0-17B389DDCCAE@infowarrior.org> (Friday funnies!! --rick) Government Asks Court To Bar Opposing Lawyer From Calling It 'The Government'; Hilarity Ensues http://www.techdirt.com/articles/20131105/05483425132/government-asks-court-to-bar-opposing-lawyer-calling-it-government-hilarity-ensues.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 9 08:06:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Nov 2013 09:06:37 -0500 Subject: [Infowarrior] - Seattle PD Mum On Tracking By Its New Wi-Fi Mesh Network Message-ID: You Are a Rogue Device A New Apparatus Capable of Spying on You Has Been Installed Throughout Downtown Seattle. Very Few Citizens Know What It Is, and Officials Don?t Want to Talk About It. http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143845 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 9 08:07:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Nov 2013 09:07:52 -0500 Subject: [Infowarrior] - EFF Files 22 Firsthand Accounts of How NSA Surveillance Chilled the Right to Association Message-ID: <37BA898B-CE4E-4F6A-BA3D-08A5E496CAD6@infowarrior.org> EFF Files 22 Firsthand Accounts of How NSA Surveillance Chilled the Right to Association Advocacy Organizations Seek Immediate Court Ruling on the Legality of the NSA?s Mass Collection of Telephone Records The Electronic Frontier Foundation (EFF) has provided a federal judge with testimony from 22 separate advocacy organizations detailing how the National Security Agency's (NSA) mass telephone records collection program has impeded the groups' work, discouraged their members and reduced the numbers of people seeking their help via hotlines. The declarations accompanied a motion for partial summary judgment filed late Wednesday, in which EFF asks the court to declare the surveillance illegal on two levels?the law does not authorize the program, and the Constitution forbids it. < - > https://www.eff.org/press/releases/eff-files-22-firsthand-accounts-how-nsa-surveillance-chilled-right-association --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 9 08:16:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Nov 2013 09:16:03 -0500 Subject: [Infowarrior] - WWII Doolittle Raiders making final toast Message-ID: <294603C5-6D2B-45FB-9E87-BF7B8C3F9F91@infowarrior.org> WWII Doolittle Raiders making final toast Modified: November 9, 2013 at 3:35 am ? Published: November 9, 2013 http://newsok.com/wwii-doolittle-raiders-making-final-toast/article/feed/614458 DAYTON, Ohio (AP) ? The few surviving Doolittle Raiders are making their final toast to comrades who died in or since their World War II bombing attack on Japan. The toast grew from reunions led by James "Jimmy" Doolittle, who commanded the daring mission credited with boosting American morale and throwing the Japanese off balance after a string of military successes. Officials at the National Museum of the U.S. Air Force near Dayton say more than 600 people, including Air Force leaders and Raiders widows and children, planned to attend the invitation-only ceremony Saturday evening. Also expected were relatives of Chinese villagers who helped Raiders elude capture. After Thomas Griffin of Cincinnati died in February at age 96, the survivors decided they would gather this autumn for one last toast together. Only four of the 80 Raiders are still alive, and one wasn't able to travel because of his health. Raiders expected to attend were Richard Cole, Doolittle's co-pilot, of Comfort, Texas; David Thatcher of Missoula, Mont., and Edward Saylor of Puyallup, Wash. Fourth surviving Raider, Robert Hite, 93, won't make it but his son and other family members from Nashville, Tenn., planned to be there. Hite is the last alive of eight Raiders who were captured by Japanese soldiers. Three were executed; another died in captivity. The goblets, presented to the Raiders in 1959 by the city of Tucson, Ariz., have the Raiders' names engraved twice, the second upside-down. During the ceremony, white-gloved cadets pour cognac into the participants' goblets. Those of the deceased are turned upside-down. The cognac will be from 1896, Doolittle's birth year. The Air Force planned to live-stream the traditionally closed ceremony. Many more people were expected to greet the Raiders at public events Saturday and see a B-25 bomber flyover. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 10 07:54:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Nov 2013 08:54:16 -0500 Subject: [Infowarrior] - Feinstein's NSA bill shows she doesn't have a clue about intelligence reform Message-ID: <891334E5-6B09-4F06-87EE-CCE545BA6E5D@infowarrior.org> Feinstein's NSA bill shows she doesn't have a clue about intelligence reform Senator Feinstein's bill is a big step backwards for privacy. In contrast, the USA Freedom Act would stop intelligence abuses ? Michelle Richardson ? theguardian.com, Friday 8 November 2013 09.30 EST http://www.theguardian.com/commentisfree/2013/nov/08/dianne-feinstein-nsa-intelligence-reform-bill Members of Congress have introduced almost 30 separate bills to rein in NSA spying, increase transparency, or rework the secret court process that has sanctioned these programs. Two pieces of legislation, however, have momentum, and they couldn't be more different. The Senate Select Committee on Intelligence ? the body charged with oversight of these very programs ? advanced legislation introduced by its chair, Senator Dianne Feinstein (Democrat from California), last week that would entrench the current spying programs and give them explicit Congressional authorization to continue. The legislation would make clear in no uncertain terms that communication records like phone, email, and internet data can be collected without even an ounce of suspicion, pursuant to the so-called privacy rules already in place. Being silent on other types of data like location information or financial records, it passively condones their collection too, but without even the benefit of the paltry protections in place now. For the first time in history, Congress would explicitly and intentionally authorize dragnet domestic spying programs targeting every day Americans. The Feinstein bill also makes the current situation even worse. It gives the government a 72-hour grace period to warrantlessly spy on foreigners who enter the US, without even the attorney general approval that is currently required in emergency situations. It explicitly states that none of its provisions should be read to prevent law enforcement from digging through massive NSA databases for evidence of criminal activity. By doing so, it authorizes that specific practice in a roundabout way. Finally, it sets up the prospect of all members of Congress accessing important court orders and other information, but then undercuts this requirement by endorsing current rules and practices that have been used to prevent members of the House from reading foundational documents that could inform the votes they must make on whether to continue these programs. The counterproposal is called the USA Freedom Act. Introduced by Rep James Sensenbrenner (a Wisconsin Republican) and Senator Patrick Leahy (a Vermont Democrat) of the powerful House and Senate Judiciary Committees, the bill has already picked up over 100 bipartisan members of Congress as cosponsors. Unlike Sen. Feinstein's bill, the USA Freedom Act would start to rein in the NSA's dragnet surveillance programs by banning the suspicionless collection of Americans' phone calls. It would also amend the Patriot Act so that it could not be used for bulk collection of other forms of communications data under other abused authorities, like national security letters and pen registers. The USA Freedom Act would also narrow collection of data under the FISA Amendments Act of 2008 and require court approval before the government could search the rich data troves collected under that law for US persons. It would direct the administration to find a way to release the secret court opinions underpinning these programs, as well as provide for a privacy advocate who could advise the surveillance court. The bill fixes the draconian and unconstitutional gag orders that come with surveillance court orders, so the companies that receive them can provide basic information to their customers and the public. In total, the bill starts to chip away at the indiscriminate surveillance state and redirect the government towards surveillance focused on suspected terrorists ? and not the rest of us. No matter how you cut it, the Feinstein bill is a big step backwards for privacy, and the USA Freedom Act is an incredibly important step forward. To be clear, Congress will not be choosing between two reform proposals that differ only in degree. It will be choosing, instead, between one bill that allows the government to engage in indiscriminate surveillance of its citizens and another that subjects government surveillance to the common-sense limits that are required by the Constitution and fundamental in any democratic society. If you think the government's actions are beyond the pale now, wait until you see what it does with something like the Feinstein bill and a congressional stamp of approval for its past overreach. Americans have the right to be left alone unless suspected of wrongdoing. Rep Sensenbrenner and Senator Leahy understand this simple and revered American ideal; Senator Feinstein does not. There's only one way forward that will protect privacy: the USA Freedom Act, and Congress needs to act on it immediately. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 10 10:32:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Nov 2013 11:32:27 -0500 Subject: [Infowarrior] - Paranoia Has Undermined US Democracy Message-ID: <323B4031-DC59-49ED-9D5F-4D15F92E02DB@infowarrior.org> 11/08/2013 04:54 PM Paradise Lost Paranoia Has Undermined US Democracy By Dirk Kurbjuweit http://www.spiegel.de/international/world/paranoia-has-undermined-united-states-claim-to-liberal-democracy-a-932326-druck.html While far from a dictatorship, the United States has employed a number of paranoid tactics that delegitimize its democracy. This phenomenon is on display in the fictional TV series "Homeland," which depicts hysterical CIA agents in a hysterical country. Agent Carrie Mathison is a topical figure. The main character in the American TV series "Homeland," played by the wonderful Claire Danes, shows her true relevance in the first few episodes, in which Mathison is nervously sitting at home, observing and listening in on the life of a terror suspect on a large screen. His apartment is bugged and Mathison is determined to find out as much as she can about him. She is hysterical, bipolar, paranoid and sick -- all advantageous traits for her job. The real-life intelligence services of the United States take things much further than agent Carrie Mathison. They spy on just about anyone, even German Chancellor Angela Merkel, who, so far, has not been suspected of maintaining ties to Islamist terrorism, and yet whose cellphone was tapped. It is often assumed that intelligence agencies are worlds of their own, and that they sometimes act on their own authority. However, they are also an expression of the societies in which they exist, especially of their fears. In other words, it is quite possible that there are not just paranoid agents, but also paranoid democracies that act in hysterical ways out of fear. They are characterized by a strong freedom myth, which leads to paranoia. It, in turn, poses a threat to freedom. The United States is currently in a late phase of this cycle. Freedom means that there is an endless range of possibilities, and that anything can happen, including both good and bad things. That's why freedom engenders fear. The greater the freedom, the greater the fear. Where does America's fear come from? To answer this question, it's worth taking a look at scenes from a typical Hollywood Western, in which covered wagons pass through a harsh, unwelcoming landscape, and where the silence feels ominous and the settlers are constantly casting anxious looks at the hills to the left and right. Is anyone there? Of course there is. A group of Indians has congregated and will soon attack the wagon train. There will be deaths, and a few crosses will be left behind in the wilderness. Paradise of Freedom? The United States is a relatively young country that began as a society of settlers. They came to America to escape oppression at the hands of European monarchies, and they developed a strong desire for freedom in the process -- a freedom they could find in the continent's vast expanses. As political individuals, they refused to accept that even though they lived on the other side of the Atlantic, they were still controlled by the British colonial power, and they fought for their independence and democracy. Because the settlers made such great sacrifices to seize their magnificent country -- from British troops, from the Indians and from the wilderness -- their achievements became imbued with a religious exaggeration. The country was essentially declared a paradise, or, in the words of the national anthem, "the land of the free and the home of the brave." But the nation's genetic code has also retained the fear that many settlers had to endure, both on their treks and in wars. A covered wagon with a man, a woman and a horde of children -- it's the perfect symbol of the land of unlimited opportunity, a land where total freedom and maximum vulnerability go hand-in-hand. To understand the United States, it's worth taking a look at other paranoid democracies. In southern Africa, Boer settlers battled the local population for land. To this day, the Boers still have a glorified view of their history, as suggested by Boer expressions like "Eie land, vrye volk," or "One land, free people." A strict apartheid system was implemented in South Africa starting in 1948. The system enabled the Boers to isolate themselves from the black majority and create a democracy, but only for whites, making it entirely undemocratic. Fear was the basis of that state. It built nuclear bombs, even though it had no enemies. Politics Shaped by Fear Israel is the promised land of the Jews. It was created primarily to give Holocaust survivors a place where they could feel free and safe. That freedom and safety was fought for and preserved in wars against the Palestinians and neighboring powers, wars that claimed many casualties. To this day, Israel retains elements of a settler society, as the country continues to expand into the West Bank. In Israel, too, politics are shaped by fear -- and a justified one. The country is surrounded by enemies, some of which have made the renewed extermination of the Jews their objective. But does that mean that the Israelis have to have their presumed enemies murdered abroad? One of today's symbols of political paranoia is the giant wall that seals off Palestinian areas from Israeli territory. "Homeland" is actually based on an Israeli TV series. The United States differs in many respects from South Africa during apartheid and Israel today. But the three countries are similar in terms of the triad of freedom myth, paradise and fear. This has led to the development of a tremendous ability to put up a fight, but also a heightened sensitivity. Political paranoia requires an enemy, or at least the concept of an enemy. For a long time after the society of white settlers had destroyed or banished the Indian tribes, there was no enemy to threaten the Americans in their paradise. It was only the Soviet Union's bombers armed with nuclear missiles that made the United States vulnerable again and fanned new fears. At the same time, the rival in the East served as the alternative model to the freedom myth, because it was a society of compulsion and limited opportunity. It also offered an austere alternative model to the American paradise, which by then had become primarily a paradise of consumerism. America felt threatened to its very core. A defeat against the Soviet Union would have turned the United States into either a nuclear desert or a Socialist satellite with cheap goods and no more than two available car models -- two nightmares for Americans that generated considerable fear. Soon a paranoia developed that was reflected in one of its early excesses, the McCarthyism of the 1950s. Those suspected of harboring sympathy for communism were persecuted. Throughout the Cold War, anti-communism remained a hysterical and fundamental element of American policy. Need for Enemies, at Home and Abroad After the Soviet Union collapsed in 1991, the United States experienced a relatively relaxed decade, until hijacked jetliners crashed into the World Trade Center and destroyed parts of the Pentagon on Sept. 11, 2001. The men at the controls were belligerent Islamists, whose ideas also formed an antithesis to American society. They were foes of a liberal and individualistic way of life, and they yearned for a paradise where credit cards would be worthless. They were also the first to severely wound the United States in its own "homeland." They were the ideal enemy for the next wave of paranoia. The hour of the Carrie Mathisons of the intelligence world had arrived. While far from all democracies are paranoid, virtually all dictatorships are. For dictators, paranoia helps shape and preserve their autocratic systems. Autocrats need an enemy -- always an internal enemy and sometimes an external one, too -- to legitimize violence and coercion, and to generate allegiance. The Nazis are unparalleled in this art of hysterical governance. Their declared internal enemies were Jews, Communists, Social Democrats, the Sinti and the Roma, homosexuals and anyone who told jokes about Adolf Hitler. The external enemies were all the countries that Germany attacked, which was a large number, as well as the overseas democracies, especially the United States. For the Chinese party dictatorship, dissidents are the internal enemies, often people who express their criticism with a paintbrush, pen or laptop. Although China lacks an external enemy, it does have an aversion to Japan. The United States cannot be compared with Nazi Germany or with China. Unfortunately, however, a paranoid democracy tends to use tools that are beneath a democracy, the tools of a dictatorship, and they include as much surveillance as possible. US No Longer a Model of Democracy Information is the most valuable thing in a paranoid world. Those who feel threatened want to know as much as possible about potential threats, so as to be able to control their fears and prepare preventive attacks. Even in the days of covered wagons, alertness was an important protection against attack. Before Sept. 11, the intelligence agencies were asleep at the wheel and overlooked many of the clues the attackers left behind during their preparations. One of the reasons agent Carrie Mathison is traumatized is that she let her guard down once, and she is determined not to let it happen again, even if it means breaking the law. Now the intelligence services have developed a giant information procurement machine, which is also useful in industrial espionage. To ensure that nothing escapes their notice, they violate the privacy of millions and millions of people and alienate allied nations and their politicians. Another form of paranoid information procurement is torture, used by American intelligence agencies to gain information about terrorists. Torture is the negation of democracy, freedom and human rights. If a democratic country allows itself to sink to the level of torture, it must already be extremely hysterical and anxious. It isn't as if nuclear bombs were at issue. The aim of some of today's intelligence methods is to prevent attacks that could be very painful for America, but in truth do not threaten the American founding myths and are not capable of extinguishing the American paradise. Only the Americans themselves can do that. The fear aspect of freedom is destructive to freedom, because it allows the need for security to get out of hand. While paranoia legitimizes a dictatorship, it can achieve the opposite effect in a democracy. The United States is no longer a model of liberal democracy. That much has been made clear in light of mass surveillance, torture, the extralegal detention camp at Guantanamo and an isolationist ideology that leads to author Ilija Trojanow being denied entry to the country, presumably because of his criticism of American policy. Other nations also have their fears, but they lack the power to turn the world upside down. Power and paranoia are a dangerous mix. Translated from the German by Christopher Sultan URL: ? http://www.spiegel.de/international/world/paranoia-has-undermined-united-states-claim-to-liberal-democracy-a-932326.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 11 06:02:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Nov 2013 07:02:41 -0500 Subject: [Infowarrior] - =?utf-8?q?Poll=E2=80=99s_lesson_for_NSA=3A_Show_t?= =?utf-8?q?hat_surveillance_programs_actually_combat_terrorism?= Message-ID: (Sad but not surprising that TV dramas change the percpetion of what 'should' be done in the name of fighting terrorism. Is why I never got into 24 or Homeland or any of the other homeland-industrial-security complex type shows....feels too much like cheerleading & propaganda to me. --rick) Poll?s lesson for NSA: Show that surveillance programs actually combat terrorism By Walter Pincus, E-mail the writer http://www.washingtonpost.com/world/national-security/polls-lesson-for-nsa-show-that-surveillance-programs-actually-combat-terrorism/2013/11/10/1e095442-47ed-11e3-a196-3544a03c2351_story.html?tid=hpModule_308f7142-9199-11e2-bdea-e32ad90da239 Almost two-thirds of Americans with higher perceptions of terrorist threats said they would be willing to have the United States carry out assassinations of known terrorists ?if it was necessary to combat terrorism,? according to a poll last month. The survey about intelligence agencies was sponsored by Amy Zegart, co-director of Stanford University?s Center for International Security and Cooperation and a senior fellow at the Hoover Institute. Thirteen percent of respondents opposed U.S. personnel carrying out such an act, and 23 percent had no opinion. In the poll of 1,000 people, conducted by YouGov from Oct. 5 to Oct. 7, 31 percent said they would be willing to have the United States kill leaders of countries that harbor terrorists, even though such assassinations are prohibited under a presidential executive order. The poll noted that 39 percent opposed our government killing foreign leaders, while 30 percent had no opinion. On the Lawfare blog Thursday, Zegart wrote that her poll showed ?Americans will give their government more leeway if they can be convinced counterterrorism tools are effective.? She said the poll indicated, however, that the National Security Agency had not demonstrated that its phone and Internet data-collection programs were ?necessary to combat terrorism? as it tried to deal with recent disclosures based on documents released to journalists by former NSA contractor Edward Snowden. As Zegart put it, ?What is currently missing in the NSA debate is a fulsome discussion that links those tools to the greater security they are supposed to provide.? The poll also showed that despite all the recent testimony about the legality of the programs and the oversight governing them, the initial news reports generated misleading commentary and gave many Americans an inaccurate impression of what is involved in the NSA efforts: ?Thirty-nine percent of those questioned believe that the NSA?s bulk collection of all U.S. telephone records ? the 215 metadata program ? includes listening in to the contents of those calls. In fact, the NSA collects data on the numbers dialed and the length of calls, not their content. ?Almost one-third ?believe NSA conducts operations to capture or kill foreign terrorists and another 39 percent were not sure.? The agency doesn?t do either. ?The poll also found that ?35 percent believe NSA interrogates detainees and another 42 percent were not sure.? The NSA does not conduct interrogations. The survey also shows that television and movies affect people?s opinions of reality. ?I found that the more people watched spy-themed television shows and movies, the more they liked the NSA, the more they approved of NSA?s phone and Internet collection programs, and the more they believed the NSA was telling them the truth,? Zegart wrote. Specifically: ?A majority of people who in the past year watched at least six spy movies ?had favorable views of NSA, but only 34 percent of infrequent spy moviegoers reported favorable views of the agency,? according to the poll. ?Forty-four percent of those who watched spy-themed TV shows frequently or occasionally approved of the NSA programs that collected telephone records and Internet data. By comparison, 29 percent of those who rarely watched such shows approved of the surveillance. ?When it came to whether NSA officials were being honest when they said the agency did not listen to phone calls as part of its metadata collection, 23 percent of frequent or occasional watchers of spy-focused TV shows were believers, while 15 percent of infrequent watchers thought officials were telling the truth. Where does all this lead? One finding of the study, according to Zegart, is that the Snowden disclosures have not only revealed once-secret activities, they have also led to a drop in public confidence ?in the accuracy of the intelligence enterprise writ large.? Zegart compared the answers from last month to those in a poll she sponsored a year ago. One question asked how confident people were about the accuracy of intelligence information given to the Obama administration on possible threats from places like Iran and North Korea; Zegart reported that the share of respondents who were ?very confident? dropped from 23 percent to 15 percent. The number that were ?not at all confident? rose from 8 percent to 11 percent. One of Zegart?s final conclusions is that ?NSA has shown its programs are legal. It has not shown that they are valuable.? In short, she said, ?the agency has not given a compelling or consistent account to the knowledgeable skeptic of how its programs are effective, efficient, and prudent in scope.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 11 06:29:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Nov 2013 07:29:09 -0500 Subject: [Infowarrior] - GCHQ Used Fake LinkedIn Pages to Target Engineers Message-ID: <5FEEDCB1-C99B-4816-B1D7-618101C2EF1C@infowarrior.org> Quantum Spying GCHQ Used Fake LinkedIn Pages to Target Engineers By SPIEGEL Staff http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821-druck.html Elite GCHQ teams targeted employees of mobile communications companies and billing companies to gain access to their company networks. The spies used fake copies of LinkedIn profiles as one of their tools. The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on LinkedIn, the professional networking site. The pages looked the way they always did, and they didn't take any longer than usual to load. The victims didn't notice that what they were looking at wasn't the original site but a fake profile with one invisible added feature: a small piece of malware that turned their computers into tools for Britain's GCHQ intelligence service. The British intelligence workers had already thoroughly researched the engineers. According to a "top secret" GCHQ presentation disclosed by NSA whistleblower Edward Snowden, they began by identifying employees who worked in network maintenance and security for the partly government-owned Belgian telecommunications company Belgacom. Then they determined which of the potential targets used LinkedIn or Slashdot.org, a popular news website in the IT community. 'Quantum Insert' The computers of these "candidates" were then infected with computer malware that had been placed using infiltration technology the intelligence agency refers to as "Quantum Insert," which enabled the GCHQ spies to deeply infiltrate the Belgacom internal network and that of its subsidiary BICS, which operates a so-called GRX router system. This type of router is required when users make calls or go online with their mobile phones while abroad. SPIEGEL's initial reporting on "Operation Socialist," a GCHQ program that targeted Belgacom, triggered an investigation by Belgian public prosecutors. In addition, two committees of the European Parliament are investigating an attack by a European Union country on the leading telecommunications provider in another EU member state. The operation is not an isolated case, but in fact is only one of the signature projects of an elite British Internet intelligence hacking unit working under the auspices of a group called MyNOC, or "My Network Operations Centre." MyNOCs bring together employees from various GCHQ divisions to cooperate on especially tricky operations. In essence, a MyNOC is a unit that specializes in infiltrating foreign networks. Call it Her Majesty's hacking service, if you like. When GCHQ Director Iain Lobban appeared before the British parliament last Thursday, he made an effort to reassure lawmakers alarmed by recent revelations. British intelligence couldn't exactly stand back and watch the United Kingdom be targeted for industrial espionage, Lobban said. But, he noted, only those whose activities pose a threat to the national or economic security of the United Kingdom could in fact be monitored by his agency. A Visit from Charles and Camilla Even members of the royal family occasionally stop by to see what British intelligence is up to. In one photo that appears in a secret document, Charles, the Prince of Wales, and his wife Camilla, the Duchess of Cornwall, are shown listening to a presentation at a MyNOC workstation called "A Space". The tongue-in-cheek caption reads "Interlopers in A Space." The presentation does not indicate the extent to which the royal family is kept abreast of current espionage operations. Their last visit was reportedly about Afghanistan, not Belgium. But the visit had been to the same location where what the secret document described as the "very successful" operation against Belgacom as well as "Operation Wylekey," also run by a MyNOC unit, had been conducted. This also relates to an issue that the British have made a focal point of their intelligence-gathering activities: the most comprehensive access possible to worldwide mobile networks, the critical infrastructures for the digital age. Mobile networks are a blessing and a curse for spies worldwide. Because each major wireless communications company operates its own networks, tapping into them becomes more complex. On the other hand, the mobile multi-use devices in our pockets are a blessing, because they often reveal more personal information than stationary computers, such as the user's lifestyle habits and location. They can also be transformed into bugging devices that can be activated remotely at any time to listen in on the user's conversations. Mobile Phones Become Monitoring Tools "We can locate, collect, exploit (in real time where appropriate) high value mobile devices & services in a fully converged target centric manner," a GCHQ document from 2011 states. For years, the British spies have aspired to potentially transform every mobile phone on the planet into a monitoring tool that could be activated at any time. But the government hackers apparently have to employ workarounds in order to infiltrate the relatively inaccessible mobile phone networks. According to the presentation, in the case of Belgacom this involved the "exploitation of GRX routers," from which so-called man-in-the-middle attacks could be launched against the subjects' smartphones. "This way, an intelligence service could read the entire Internet communications of the target and even track their location or implant spying software on their device," mobile networks expert Philippe Langlois says of the development. It is an effective approach, Langlois explains, since there are several hundred wireless companies, but only about two dozen GRX providers worldwide. But this isn't the only portal into the world of global mobile communications that GCHQ has exploited. Another MyNOC operation, "Wylekey," targets "international mobile billing clearinghouses." These clearinghouses, which are relatively unknown to the general public, process international payment transactions among wireless companies, giving them access to massive amounts of connection data. The GCHQ presentation, which SPIEGEL was able to view, contains a list of the billing companies that are on the radar of the British. At the top of the list are Comfone, a company based in Bern, Switzerland, and Mach, which has since been split into two companies, one owned by another firm called Syniverse and another called Starhome Mach. Syniverse was also on the list of companies to monitor. Together, these companies dominate the industry worldwide. In the case of Mach, the GCHQ personnel had "identified three network engineers" to target. Once again, the Quantum Insert method was deployed. The spies first determine who works for a company identified as a target, using open source data like the LinkedIn professional social networking site. IT personnel and network administrators are apparently of particular interest to the GCHQ attackers, because their computers can provide extensive access privileges to protected corporate infrastructures. Targeting an Innocent Employee In the case of Mach, for example, the GCHQ spies came across a computer expert working for the company's branch in India. The top-secret document shows how extensively the British intelligence agents investigated the life of the innocent employee, who is listed as a "target" after that. A complex graph of his digital life depicts the man's name in red crosshairs and lists his work computers and those he uses privately ("suspected tablet PC"). His Skype username is listed, as are his Gmail account and his profile on a social networking site. The British government hackers even gained access to the cookies on the unsuspecting victim's computers, as well as identifying the IP addresses he uses to surf the web for work or personal use. In short, GCHQ knew everything about the man's digital life, making him an open book for its spies. SPIEGEL has contacted the man, but to protect his privacy is not publishing his name. But that was only the preparatory stage. After mapping the man's personal data, now it was time for the attack department to take over. On the basis of this initial information, the spies developed digital attack weapons for six Mach employees, described in the document as "six targeting packs for key individuals," customized for the victims' computers. GCHQ Wants To Make Mobile Web an All-Seeing Surveillance Machine In an article in Britain's Guardian newspaper, American IT security expert Bruce Schneier describes in detail how Quantum Insert technology is used to place malware. Apparently, the agencies use high-speed servers located at key Internet switching points. When a target calls up a specific website, such as LinkedIn, these servers are activated. Instead of the desired website, they supply an exact copy, but one that also smuggles the government hackers' spying code onto the target computers. According to other secret documents, Quantum is an extremely sophisticated exploitation tool developed by the NSA and comes in various versions. The Quantum Insert method used with Belgacom is especially popular among British and US spies. It was also used by GCHQ to infiltrate the computer network of OPEC's Vienna headquarters. The injection attempts are known internally as "shots," and they have apparently been relatively successful, especially the LinkedIn version. "For LinkedIn the success rate per shot is looking to be greater than 50 percent," states a 2012 document. Much like the Belgacom spying operation, Wylekey is considered a great success. According to a summary, it provided GCHQ with detailed information about Mach, its communications infrastructure, its business profile and various key individuals. Another document indicates that the operation yielded much more than that. In addition to "enhanced knowledge of the various clearinghouses, their customers," it also provided "knowledge of and access to encrypted links between the clearinghouses and various mobile network operators." Interim reports on the course of the Belgacom operation were even more enthusiastic, concluding that the British spies had penetrated "deep into the network" of the Belgian company and were "at the edge of the network." This enabled the British internal encryption specialists ("Crypt Ops") to launch their "Operation Socialist II," so as to crack the encrypted connections, or VPNs. 'LinkedIn Would Not Authorize Such Activity' When contacted, LinkedIn stated that the company takes the privacy and security of its members "very seriously" and "does not sanction the creation or use of fake LinkedIn profiles or the exploitation of its platform for the purposes alleged in this report." "To be clear," the company continued, "LinkedIn would not authorize such activity for any purpose." The company stated it "was not notified of the alleged activity." A spokesman for Starhome Mach said his company is "with immediate effect undertaking a full security audit to ensure that our infrastructure is secure" and that its platform had recently switched to a completely new configuration with mainly new hardware. Officials at Comfone said: "We have no knowledge of the British intelligence service infiltrating our systems." Syniverse also stated "there have been no known breaches of the Syniverse or MACH data centers by any government agency." GCHQ did not comment on questions posed by SPIEGEL. 'Any Mobile Device, Anywhere, Anytime!' For the British, all of this was apparently only an intermediate step on the path to a greater goal. In addition to the conventional Internet, GCHQ now wants to turn the mobile web into an all-seeing surveillance machine. This is how the GCHQ spies described their "vision" in 2011: "Any mobile device, anywhere, anytime!" In this context, the attacks on Belgacom and the clearinghouses merely serve as door openers. Once the telecommunications companies' actual mobile phone networks have been infiltrated, completely new monitoring possibilities present themselves to the spies. A briefing dating from 2011 stated the agency wanted to "increase operational capability to remotely deploy implants when we only know the MSISDN." In other words, GCHQ's phone hackers would ideally like to repurpose every mobile phone in the world into a bugging device, merely on the basis of the phone number. "That would be game changing," the document reads. REPORTED BY LAURA POITRAS, MARCEL ROSENBACH, CHRISTOPH SCHEUERMANN, HOLGER STARK AND CHRISTIAN ST?CKER URL: ? http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 11 06:30:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Nov 2013 07:30:54 -0500 Subject: [Infowarrior] - How Silicon Valley Helped the NSA Message-ID: Privacy Pretense How Silicon Valley Helped the NSA By Abraham Newman November 6, 2013 http://www.foreignaffairs.com/articles/140246/abraham-newman/privacy-pretense A Google Street View camera at an event in Riga, August 26, 2011. (Ints Kalnins / Courtesy Reuters) Last month, Silicon Valley purported to be shocked by revelations that the National Security Agency (NSA) has routinely accessed the servers of tech giants Google and Yahoo, which store data for hundreds of millions of users. In response, the companies pledged to step up privacy protections. There is only one problem: Such protections run counter to the business model and public policy agenda that tech companies have pursued for decades. For years, U.S. information technology (IT) firms have actively backed weak privacy rules that let them collect massive amounts of personal data. The strategy enabled the companies to work their way into every corner of consumers? lives and gave them a competitive edge internationally. Those same policies, however, have come back to haunt IT firms. Lax rules created fertile ground for NSA snooping. In the wake of the surveillance scandals, as consumer confidence plummets, technology companies? economic futures are threatened. Since the 1990s, companies from Google to Yahoo and Microsoft have done their best to ward off national privacy rules, calling instead for self-regulation. Early attempts to pass privacy laws, such as the Online Privacy Protection Act in 2000, died thanks to lobbying by the Direct Marketing Association and the Information Technology Association of America, which represent most of the country?s major information and communications technology firms. The firms have stood behind an older 1997 government framework, ?Privacy and Self-Regulation in the Information Age,? which maintained that the best way to protect consumers was to let the technology market handle sensitive issues on its own. More recent efforts at reform have stalled as well. Bills have included the Do Not Track Me Online Act of 2011, brought by Congresswoman Jackie Speier (D?Calif.), a new Commercial Privacy Bill of Rights of 2011, brought by then Senator John Kerry (D?Mass.) and Senator John McCain (R?Ariz.), and the Do Not Track Online Act of 2011, brought by Senator Jay Rockefeller (D?W. Va.). Each has faced stiff opposition from the IT industry. Linda Woolley, vice president of the Direct Marketing Association, has even gone so far as to argue that such legislation would ?kill the Internet.? For its part, the Obama administration has seemed all too happy to go along with this self-regulatory agenda, recently putting forward a set of best practices known as a ?privacy bill of rights.? The rights range from transparency about how data is used to better security for the data that is collected. Yet barring congressional action (which seems unlikely), these codes will never become mandatory. For now, they are simply another recommendation for companies to take under advisement as they build their own policies for personal-data management. U.S. Internet companies have also backed lax privacy rules outside of the United States. Under the auspices of Asia-Pacific Economic Cooperation, a regional trade organization linking the economies of North America and Asia, Google has actively campaigned for a new privacy framework for all member countries. In contrast to Europe?s legally enforceable privacy rights for consumers, the APEC guidelines once again stress self-regulation and internal solutions, such as codes of conduct based on principles similar to those in the Obama privacy bill of rights. The APEC framework would allow companies to transfer personal information around the globe, following only their internal codes of conduct rather than national privacy legislation. Supporters of the APEC plan suggest that it could serve as an alternative to the European privacy rules, which impose strict legal restrictions on such international data transmissions. Meanwhile, Yahoo, Google, and Facebook have also lobbied heavily within Europe to weaken EU standards, specifically those relating to cross-border data transfers, transnational cloud computing, and data breaches. Their efforts have been so aggressive that a group of European nongovernmental organizations recently called on U.S. IT companies to stay out of EU legislative affairs. Until this year, the self-regulation strategy paid off: With their nearly unrestricted access to U.S. consumer data, IT companies were able to mine information in ways that many of their European competitors could never imagine. For example, Acxiom, one of the major direct marketing companies in online advertising, developed software called ?Audience Operating System,? which allows companies such as Facebook to link consumers? online and offline data -- from credit card purchases to web interests -- even when those consumers use different names for each activity. What has become all too clear, though, is that what was good for Google was also good for the NSA, which could use the lax rules and resulting hoards of data to its own advantage. The public is aware of that now, and it will be less trusting of IT giants in the future, especially as the companies develop technologies that increase the amount and types of personal information that they can collect. Take Google Glass, which will digitize our visual experiences, creating a whole new world of personal data based on what we are looking at in real time. To regain consumer confidence and ensure their economic fortunes, technology firms will have to transform the way they view the regulation of personal information. Self-regulation is necessary but not sufficient. A better privacy system would have four key parts. First, consumers need an advocate that can help them navigate the overly complex and technical world of information technology. Something like the European data privacy offices would be a good start. Independent agencies offer individuals a point of contact and help in responding to data breaches or abuses. They also focus on working with governments and industry to build technology that takes privacy and security into account. Second, Congress should pass national data-breach legislation. Such rules, which have already been passed in California, require companies to notify consumers when their data has been lost or stolen. By giving individuals notices when their data has been compromised -- and naming the companies responsible -- these rules raise awareness about the amount of information in circulation and the risks associated with its use. By mobilizing consumers, data-breach rules build a constituency that can push companies to take privacy and security seriously. Third, much as energy companies have had to reconfigure their attitudes about natural resources, IT companies must change their attitudes toward consumer information. Far from a limitless good that can be exploited forever, personal data is precious and requires good husbandry. Firms, then, need to find ways to limit unnecessary data collection and integrate privacy and consumer stakeholders into their business models. Privacy by Design, an initiative that helps raise privacy concerns at each stage of a technology?s lifecycle, offers one concrete example of how firms might do this. Rather than thinking of themselves as data vacuums (as the NSA does), IT companies should build a system of data stewardship. Doing so will make good business sense: The trustworthy companies will sell more products. Finally, U.S. IT firms need to play a constructive role in building a global framework for the protection of personal information. This model should not seek to undermine strong privacy rules, such as those in Europe, but extend the lessons learned from the best privacy policies around the globe. This approach would promote technological innovation over the long term: New products such as Google Glass will be better received if consumers do not think that they will misuse the data that they collect. In the end, constructing a better privacy system will not only help the IT sector grow, but it is also the right thing to do. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 11 13:53:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Nov 2013 14:53:25 -0500 Subject: [Infowarrior] - Cyber-Pearl Harbor is a myth Message-ID: <1DC734D2-A53B-4876-911A-D8D3577B1BDA@infowarrior.org> Cyber-Pearl Harbor is a myth ? By Henry Farrell ? November 11 at 11:57 am http://www.washingtonpost.com/blogs/monkey-cage/wp/2013/11/11/cyber-pearl-harbor-is-a-myth Or so argues Eric Gartzke in an article in the newest issue of International Security (temporarily ungated). Over the last several years, both pundits and government officials have argued that the United States is unprotected against a major online attack aimed at taking down key communications systems. Billions of dollars have been spent on securing government and private sector networks. Gartzke is skeptical about the punditry. While he recognizes that many actors have an interest in penetrating U.S. networks to spy or to carry out covert actions, his argument suggests that Pearl Harbor-type cyberattacks don?t happen outside terrible Bruce Willis movies. Gartzke argues that attackers don?t have much motive to stage a Pearl Harbor-type attack in cyberspace if they aren?t involved in an actual shooting war. It isn?t going to accomplish any very useful goal. Attackers cannot easily use the threat of a cyberattack to blackmail the U.S. (or other states) into doing something they don?t want to do. If they provide enough information to make the threat credible, they instantly make the threat far more difficult to carry out. For example, if an attacker threatens to take down the New York Stock Exchange through a cyberattack, and provides enough information to show that she can indeed carry out this attack, she is also providing enough information for the NYSE and the U.S. government to stop the attack. Cyberattacks usually involve hidden vulnerabilities ? if you reveal the vulnerability you are attacking, you probably make it possible for your target to patch the vulnerability. Nor does it make sense to carry out a cyberattack on its own, since the damage done by nearly any plausible cyberattack is likely to be temporary. Cyberattacks disrupt communications and power systems, but they probably cannot take them down permanently. Where cyberattacks can be very useful is in combination with more traditional physical attacks. For example, if you want to mount a massive airstrike against a target, it is obviously helpful to be able to take out their communications and radar systems. Here, the temporary chaos caused by a cyberattack can allow an attacker to sneak past traditional defenses and do real physical damage. However, this suggests that we are not likely to see large scale cyberattacks happen outside actual wars. Cyberattacks on their own are likely to annoy and aggravate their targets but not disable them. Of course, cyberattacks can still be used for specific and limited goals. For example, the so-called Stuxnet/Olympic Games attack on the Iranian nuclear program was apparently mounted jointly by the United States and Israel. However, here too, military force is important. Gartzke argues that one of the reasons that the U.S. and Israel could carry out this attack is because they are militarily powerful in conventional terms, making it unattractive for Iran (or other adversaries) to attack them back directly. More generally, Gartkze?s arguments imply that cyberwar isn?t a weapon of the weak. Instead, it?s a weapon of the strong ? it will be most attractive to those who already have powerful conventional militaries. It works best in conjunction with traditional warfare, or, in a pinch, when deployed by states that no one else dares to attack in retaliation. The conventional wisdom among cybersecurity specialists is that cyberwar upsets the balance of traditional power by making it easier for weak states or non-state actors to deploy powerful attacks against countries such as the U.S. If Gartzke is right, this assumption is completely wrong ? cyberwar is likely to strengthen the military predominance of the U.S. and other powerful countries rather than undermine them. Many people are strongly invested in the current wisdom ? Gartzke?s piece is likely to stir up quite a bit of debate. Henry Farrell is associate professor of political science and international affairs at George Washington University. He works on a variety of topics, including trust, the politics of the Internet and international and comparative political economy. In addition to his academic work, he has written for Foreign Affairs, Foreign Policy, the Financial Times, Democracy, the Washington Monthly and The American Prospect as well as other publications, --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 11 18:34:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Nov 2013 19:34:33 -0500 Subject: [Infowarrior] - Sony amends usage terms, disallows reselling PS4 games Message-ID: <225B585A-834F-4A61-9466-7F6D2C06A6FD@infowarrior.org> Sony amends usage terms, disallows reselling PS4 games Linked by Thom Holwerda on Mon 11th Nov 2013 22:49 UTC http://www.osnews.com/comments/27415 .....Sony, June this year: "PlayStation 4 won't impose any new restrictions on used games. This is a good thing," said Tretton, to huge applause from the audience in attendance. "When a gamer buys a PS4 disc, they have the rights to that copy of the game." .... Sony's Software Usage Terms, updated today: 6.3. You must not lease, rent, sublicense, publish, modify, adapt, or translate any portion of the Software. 7.1. You must not resell either Disc-based Software or Software Downloads, unless expressly authorised by us and, if the publisher is another company, additionally by the publisher. ....Liars. Similar language has been found on the boxes of previous PlayStation models, but that's hardly a comfort. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 12 08:06:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Nov 2013 09:06:53 -0500 Subject: [Infowarrior] - Renault Introduces DRM For Cars Message-ID: The level of idiotic fail in this initiative is epic. --rick Renault Introduces DRM For Cars http://www.techdirt.com/articles/20131108/09350825182/renault-introduces-drm-cars.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 12 15:03:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Nov 2013 16:03:24 -0500 Subject: [Infowarrior] - Author Of The PATRIOT Act Goes To EU Parliament To Admit Congress Failed, And The NSA Is Out Of Control Message-ID: Author Of The PATRIOT Act Goes To EU Parliament To Admit Congress Failed, And The NSA Is Out Of Control from the didn't-see-that-coming dept It's already strange enough that the author of the PATRIOT Act, Rep. Jim Sensenbrenner, has come out strongly against the NSA's mass spying, said that James Clapper should be fired and prosecuted, and introduced sweeping new legislation that would significantly curtail the NSA's activities. If you've followed civil liberties issues over the past dozen years or so, Sensenbrenner used to be very much in the camp of folks like Rep. Mike Rogers and Senator Dianne Feinstein -- seen as carrying water for the intelligence community (and industry). The change of heart (even if he claims the original PATRIOT Act was never meant to allow this stuff) is quite impressive. Even so, it's perhaps even more incredible to see that Sensenbrenner has now gone over to the EU Parliament to admit that the NSA is out of control and needs to be reined in. While it doesn't sound like he got all the way to a complete apology, he appears to have come pretty close. According to Bridget Johnson's writeup at the PJ Tatler: < - > http://www.techdirt.com/articles/20131112/08342525213/author-patriot-act-goes-to-eu-parliament-to-admit-congress-failed-nsa-is-out-control.shtml From rforno at infowarrior.org Tue Nov 12 17:35:24 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Nov 2013 18:35:24 -0500 Subject: [Infowarrior] - Report: Government Spying Causing Self-Censorship, Privacy Fears Among US Writers Message-ID: <021E9FA5-518F-45A6-8C8D-0734859DE5C3@infowarrior.org> Report: Government Spying Causing Self-Censorship, Privacy Fears Among US Writers Benjamin Fearnow November 12, 2013 9:49 AM http://washington.cbslocal.com/2013/11/12/report-government-spying-causing-self-censorship-privacy-fears-among-us-writers/ WASHINGTON (CBS DC) ? In the wake of revelations about intrusive government surveillance, many American authors are worrying about the freedom of the press and some simply are avoiding controversial topics. A new report from the PEN Center and the FDR Group entitled ?Chilling Effects: NSA Surveillance Drives U.S. Writers to Self-Censor? finds that 85 percent of surveyed writers are worried about government surveillance of Americans, and nearly three-quarters (73 percent) ?have never been as worried about privacy rights and freedom of the press as they are today.? Sixteen percent of writers have avoided writing or speaking about certain topics due to threatening privacy concerns, and an additional 11 percent have seriously considered such avoidance. Writer comments included statements such as, ?I assume everything I do electronically is subject to monitoring.? Another responded, ?I feel that increased government surveillance has had a chilling effect on my research, most of which I do on the Internet. This includes research on issues such as the drug wars and mass incarceration, which people don?t think about as much as they think about foreign terrorism, but is just as pertinent.? Many expressed concerns that if the U.S. is conducting far-reaching surveillance then it would become a new ?norm? for governments across the world to use stronger police and military surveillance tactics. Others reflected that today?s privacy threats are much greater than former President Richard Nixon and Cold War-era intrusion, especially because of advanced technology. According to their website, PEN Center looks to both protect the rights and freedoms of writers around the world, while also promote literary culture and interest in the written word. Their survey of over 520 American writers asked for long-form responses to the information being revealed by National Security Agency leaker Edward Snowden and other government whistleblowers. The survey looked at the harms caused by widespread surveillance, and the possibly ?chilling effect? that could affect the amount and type of information written and reported. Nearly a quarter of the writers surveyed (24 percent) reported deliberately avoiding certain topics in phone or email conversations, and an additional 9 percent have seriously considered such action. A small portion of respondents said they had even declined opportunities to meet with people deemed ?security threats by the government? because of privacy fears. The report notes several revelations from Snowden?s leaked documents which have shown ?ever-greater infringements on privacy by the NSA.? The report cites that the NSA ?has broken into the main telecommunication companies, has built a system that can reach deep into U.S. Internet backbone and cover 75 percent of traffic in the country, including not only metadata but the content of online communications.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 12 18:31:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Nov 2013 19:31:13 -0500 Subject: [Infowarrior] - Confessions of a Quantitative Easer Message-ID: Andrew Huszar: Confessions of a Quantitative Easer We went on a bond-buying spree that was supposed to help Main Street. Instead, it was a feast for Wall Street. By ANDREW HUSZAR, Nov. 11, 2013 7:00 p.m. ET http://online.wsj.com/news/articles/SB10001424052702303763804579183680751473884 I can only say: I'm sorry, America. As a former Federal Reserve official, I was responsible for executing the centerpiece program of the Fed's first plunge into the bond-buying experiment known as quantitative easing. The central bank continues to spin QE as a tool for helping Main Street. But I've come to recognize the program for what it really is: the greatest backdoor Wall Street bailout of all time. Five years ago this month, on Black Friday, the Fed launched an unprecedented shopping spree. By that point in the financial crisis, Congress had already passed legislation, the Troubled Asset Relief Program, to halt the U.S. banking system's free fall. Beyond Wall Street, though, the economic pain was still soaring. In the last three months of 2008 alone, almost two million Americans would lose their jobs. The Fed said it wanted to help?through a new program of massive bond purchases. There were secondary goals, but Chairman Ben Bernanke made clear that the Fed's central motivation was to "affect credit conditions for households and businesses": to drive down the cost of credit so that more Americans hurting from the tanking economy could use it to weather the downturn. For this reason, he originally called the initiative "credit easing." My part of the story began a few months later. Having been at the Fed for seven years, until early 2008, I was working on Wall Street in spring 2009 when I got an unexpected phone call. Would I come back to work on the Fed's trading floor? The job: managing what was at the heart of QE's bond-buying spree?a wild attempt to buy $1.25 trillion in mortgage bonds in 12 months. Incredibly, the Fed was calling to ask if I wanted to quarterback the largest economic stimulus in U.S. history. This was a dream job, but I hesitated. And it wasn't just nervousness about taking on such responsibility. I had left the Fed out of frustration, having witnessed the institution deferring more and more to Wall Street. Independence is at the heart of any central bank's credibility, and I had come to believe that the Fed's independence was eroding. Senior Fed officials, though, were publicly acknowledging mistakes and several of those officials emphasized to me how committed they were to a major Wall Street revamp. I could also see that they desperately needed reinforcements. I took a leap of faith. In its almost 100-year history, the Fed had never bought one mortgage bond. Now my program was buying so many each day through active, unscripted trading that we constantly risked driving bond prices too high and crashing global confidence in key financial markets. We were working feverishly to preserve the impression that the Fed knew what it was doing. It wasn't long before my old doubts resurfaced. Despite the Fed's rhetoric, my program wasn't helping to make credit any more accessible for the average American. The banks were only issuing fewer and fewer loans. More insidiously, whatever credit they were extending wasn't getting much cheaper. QE may have been driving down the wholesale cost for banks to make loans, but Wall Street was pocketing most of the extra cash. From the trenches, several other Fed managers also began voicing the concern that QE wasn't working as planned. Our warnings fell on deaf ears. In the past, Fed leaders?even if they ultimately erred?would have worried obsessively about the costs versus the benefits of any major initiative. Now the only obsession seemed to be with the newest survey of financial-market expectations or the latest in-person feedback from Wall Street's leading bankers and hedge-fund managers. Sorry, U.S. taxpayer. Trading for the first round of QE ended on March 31, 2010. The final results confirmed that, while there had been only trivial relief for Main Street, the U.S. central bank's bond purchases had been an absolute coup for Wall Street. The banks hadn't just benefited from the lower cost of making loans. They'd also enjoyed huge capital gains on the rising values of their securities holdings and fat commissions from brokering most of the Fed's QE transactions. Wall Street had experienced its most profitable year ever in 2009, and 2010 was starting off in much the same way. You'd think the Fed would have finally stopped to question the wisdom of QE. Think again. Only a few months later?after a 14% drop in the U.S. stock market and renewed weakening in the banking sector?the Fed announced a new round of bond buying: QE2. Germany's finance minister, Wolfgang Sch?uble, immediately called the decision "clueless." That was when I realized the Fed had lost any remaining ability to think independently from Wall Street. Demoralized, I returned to the private sector. Where are we today? The Fed keeps buying roughly $85 billion in bonds a month, chronically delaying so much as a minor QE taper. Over five years, its bond purchases have come to more than $4 trillion. Amazingly, in a supposedly free-market nation, QE has become the largest financial-markets intervention by any government in world history. And the impact? Even by the Fed's sunniest calculations, aggressive QE over five years has generated only a few percentage points of U.S. growth. By contrast, experts outside the Fed, such as Mohammed El Erian at the Pimco investment firm, suggest that the Fed may have created and spent over $4 trillion for a total return of as little as 0.25% of GDP (i.e., a mere $40 billion bump in U.S. economic output). Both of those estimates indicate that QE isn't really working. Unless you're Wall Street. Having racked up hundreds of billions of dollars in opaque Fed subsidies, U.S. banks have seen their collective stock price triple since March 2009. The biggest ones have only become more of a cartel: 0.2% of them now control more than 70% of the U.S. bank assets. As for the rest of America, good luck. Because QE was relentlessly pumping money into the financial markets during the past five years, it killed the urgency for Washington to confront a real crisis: that of a structurally unsound U.S. economy. Yes, those financial markets have rallied spectacularly, breathing much-needed life back into 401(k)s, but for how long? Experts like Larry Fink at the BlackRock investment firm are suggesting that conditions are again "bubble-like." Meanwhile, the country remains overly dependent on Wall Street to drive economic growth. Even when acknowledging QE's shortcomings, Chairman Bernanke argues that some action by the Fed is better than none (a position that his likely successor, Fed Vice Chairwoman Janet Yellen, also embraces). The implication is that the Fed is dutifully compensating for the rest of Washington's dysfunction. But the Fed is at the center of that dysfunction. Case in point: It has allowed QE to become Wall Street's new "too big to fail" policy. Mr. Huszar, a senior fellow at Rutgers Business School, is a former Morgan Stanley managing director. In 2009-10, he managed the Federal Reserve's $1.25 trillion agency mortgage-backed security purchase program. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 13 06:22:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Nov 2013 07:22:50 -0500 Subject: [Infowarrior] - Facebook Patented Making NSA Data Handoffs Easier Message-ID: <882C578B-D294-43C6-90B8-E302D1C191CF@infowarrior.org> Facebook Patented Making NSA Data Handoffs Easier "In June, Facebook CEO Mark Zuckerberg blasted 'outrageous press reports' about the PRISM surveillance program, denying that Facebook was ever 'part of any program to give the U.S. or any other government direct access to our servers.' What Zuckerberg didn't mention, and what the press overlooked, is that the USPTO granted Facebook a patent in May for its Automated Writ Response System. Like the NSA-enabling systems described by the NY Times on the same day Zuckerberg cried foul, the patent covers technical methods to more efficiently share the personal data of users with law enforcement agencies (LEAs) in response to lawful government requests via APIs and secured portals installed at company-controlled locations. 'While handing over data in response to a legitimate FISA request is a legal requirement,' the Times noted, 'making it easier for the government to get the information is not, which is why Twitter could decline to do so.'" http://yro.slashdot.org/story/13/11/13/0358206/facebook-patented-making-nsa-data-handoffs-easier --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 13 06:28:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Nov 2013 07:28:22 -0500 Subject: [Infowarrior] - Apple II DOS source code released by Computer History Museum Message-ID: <2BA89AEB-BEA7-4150-A87B-B91B89563013@infowarrior.org> Apart from feeling a bit nostalgic, all I can say is.....LINE PRINTERS!!!! :) --rick Apple II DOS source code released by Computer History Museum http://9to5mac.com/2013/11/12/apple-ii-dos-source-code-released-by-computer-history-museum/ With permission from Apple, The Computer History Museum and the Digibarn Computer Museum announced today it is publishing the original DOS source code for Apple?s 1978 Apple II. The Apple II was the first fully assembled computer with a monitor that Apple sold following the Apple I and originally retailed for $1298 for the base model with just 4K of memory. A blog post from The History Computer Museum explains that Apple contracted Paul Laughton of Shepardson Microsystems to write the Disk Operating System for the Apple II in just seven weeks. In April of 78, Steve Jobs and Shepardson signed a contract (pictured below) that would see Apple pay $13,000 for a file manager, a BASIC interface, and utilities. The source code being released today is scans of original documents that Laughton kept over the last 30+ years: < - > The museums are also releasing source code for other historic software including Apple?s Macpaint and Quickdraw and Adobe Photoshop. You can view the source code for the Apple II on The Computer History Museum?s website here, which also has an in-depth history of how Paul hooked up with Apple and worked with Woz and others to create the DOS. You?ll also find some other documents that Laughton has kept over the years including meeting notes and the original contracts between Steve Jobs and Shepardson Microsystems to write the Apple II DOS: --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 13 14:20:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Nov 2013 15:20:30 -0500 Subject: [Infowarrior] - UK conservatives erase Internet history Message-ID: <452870F7-F837-47B5-B472-7D33AA0A4506@infowarrior.org> Conservatives erase Internet history By Mark Ballard on November 12, 2013 5:02 PM http://www.computerweekly.com/blogs/public-sector/2013/11/conservatives-erase-internet-h.html The Conservative Party has attempted to erase a 10-year backlog of speeches from the internet, including pledges for a new kind of transparent politics the prime minister and chancellor made when they were campaigning for election. Prime minister David Cameron and chancellor George Osborne campaigned on a promise to democratise information held by those in power, so people could hold them to account. They wanted to use the internet transform politics. But the Conservative Party has removed the archive from its public facing website, erasing records of speeches and press releases going back to the year 2000 and up until it was elected in May 2010. It also struck the record of their past speeches off internet engines including Google, which had been a role model for Cameron and Osborne's "open source politics". And it erased the official record of their speeches from the Internet Archive, the public record of the net - with an effect as alarming as sending Men in Black to strip history books from a public library and burn them in the car park. Sometime after 5 October, when Computer Weekly last took a snapshot of a Conservative speech from the Internet Archive, the Tory speech and news archive was eradicated. Conservatives posted a robot blocker on their website, which told search engines and the Internet Archive they were no longer permitted to keep a record of the Conservative Party web archive. The Internet Archive was unavailable for comment. But a fortnight after Computer Weekly started asking its San Francisco HQ for an explanation, the Conservative speeches have begun reappearing on its site. CW had asked the Internet Archive to explain how the historic record of the lead party in the coalition that holds power in the UK could simply be erased. The Conservative Party's robot blocker forced the Internet Archive to remove the entire record of speeches and news it had collected, in 1,158 snapshots it took of the Conservative website since 8 May 1999. The Conservative bot blocker listed all the pages barred for public consumption thus (excerpt): Disallow: /News/News_stories/2000/ Disallow: /News/News_stories/2001/ Disallow: /News/News_stories/2002/ Disallow: /News/News_stories/2003/ Disallow: /News/News_stories/2004/ Disallow: /News/News_stories/2005/ Disallow: /News/News_stories/2006/ Disallow: /News/News_stories/2007/ Disallow: /News/News_stories/2008/ Disallow: /News/News_stories/2009/ Disallow: /News/News_stories/2010/01/ Disallow: /News/News_stories/2010/02/ Disallow: /News/News_stories/2010/03/ Disallow: /News/News_stories/2010/04/ Disallow: /News/News_stories/2010/05/ Disallow: /News/Speeches/2000/ Disallow: /News/Speeches/2001/ Disallow: /News/Speeches/2002/ Disallow: /News/Speeches/2003/ Disallow: /News/Speeches/2004/ Disallow: /News/Speeches/2005/ Disallow: /News/Speeches/2006/ Disallow: /News/Speeches/2007/ Disallow: /News/Speeches/2008/ Disallow: /News/Speeches/2009/ Disallow: /News/Speeches/2010/01/ Disallow: /News/Speeches/2010/02/ Disallow: /News/Speeches/2010/03/ Disallow: /News/Speeches/2010/04/ Disallow: /News/Speeches/2010/05/ Disallow: /News/Articles/2000/ Disallow: /News/Articles/2001/ Disallow: /News/Articles/2002/ Disallow: /News/Articles/2003/ Disallow: /News/Articles/2004/ Disallow: /News/Articles/2005/ Disallow: /News/Articles/2006/ Disallow: /News/Articles/2007/ Disallow: /News/Articles/2008/ Disallow: /News/Articles/2009/ Disallow: /News/Articles/2010/01/ Disallow: /News/Articles/2010/02/ Disallow: /News/Articles/2010/03/ Disallow: /News/Articles/2010/04/ Disallow: /News/Articles/2010/05/ For pages at these addresses, the Internet Archive reported: "Page cannot be crawled or displayed due to robots.txt". An administrator at the Internet Archive HQ in San Francisco said its guidance for lawyers explained the mechanism. That was that if a website, like Conservatives.com, put up a robot blocker, those pages it blocked would simply be erased from the record as a matter of etiquette. The erasure had the effect of hiding Conservative speeches in a secretive corner of the internet like those that shelter the military, secret services, gangsters and paedophiles. The Conservative Party HQ was unavailable for comment. A spokesman said he had referred the matter to a "website guy", who was out of the office. It wasn't always going to be like this. Such as when the prime minister first floated his groovy idea that the democratisation of information would transform politics, at the Google Zeitgeist Europe Conference, on 22 May 2006. "You've begun the process of democratising the world's information," he told the Googlers. "Democratising is the right word to use because by making more information available to more people, you're giving them more power. "Above all, the power for anyone to hold to account those who in the past might have had a monopoly of power - whether it's government, big business, or the traditional media," said Cameron, who was then campaigning for power as leader of the Conservative opposition. Cameron was going to make sure the information revolution would hold people like prime ministers to account, he said another speech on 11 October 2007, at the Google Zeitgeist Conference in San Francisco. "It's clear to me that political leaders will have to learn to let go," he said then. "Let go of the information that we've guarded so jealously." Transparency would make public officials accountable to the people, said Cameron then. He was riding at the front of the wave that would wash us into a new world, and a new age. Likewise the chancellor, who on delivering his landmark "Open Source Politics" speech at the Royal Society of Arts on 8 March 2007, declared his ambition was "to recast the political settlement for the digital age". "We need to harness the Internet to help us become more accountable, more transparent and more accessible - and so bridge the gap between government and governed," said Osborne. "The democratization of access to information... is eroding traditional power and informational imbalances. "No longer is there an asymmetry of information between the individual and the state, or between the layperson and the expert," said the Chancellor when he was campaigning for election. If the Conservative Party had moved its speeches and news archive to a more convenient location it had managed to do it in a way that hid it from the search engines. It might before long end up at the Oxford University's Bodleian Library, which keeps the official Conservative Party archive of really old stuff like speeches from the days before the internet. The robot blocker - a robots.txt file - tells software bots run by sites like Google and the Internet Archive to bog off. The bots grab web pages for the benefit of plebs like those Cameron and Osborne claimed to be speaking for in those years before they were elected. The bots were what made the democratization of information possible. It was bots that inspired Cameron and Osborne. It was bots that were going to free us from serfdom in the way they said we would be. Without the bots you just had pockets of power and privilege for those in the know. Without the bots you just had the same old concentration of wealth and power there had always been, since long before the Internet Archive started taking snapshots of the Conservative website in 1999. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 13 15:05:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Nov 2013 16:05:31 -0500 Subject: [Infowarrior] - GAO: TSA screening works only 'a little better than chance, Message-ID: TSA screening works only 'a little better than chance,' according to government report By Russell Brandom on November 13, 2013 03:09 pm http://www.theverge.com/2013/11/13/5100702/tsa-screening-works-only-a-little-better-than-chance-according-to The Transportation Safety Administration has long relied on singling out airline passengers that agents believe are behaving suspiciously, even as outside groups like the General Accounting Office maintain that these behavioral indicators are unreliable. But today, the GAO has science on their side, with a new report giving a comprehensive look at the TSA's the Screening of Passengers by Observation Techniques or SPOT program. And the results aren't pretty. The most damning info comes from a broad analysis of the program in 2011 and 2012, which found wildly different techniques and rates of success. The report also highlights the extensive scientific literature on the human ability to identify deceptive behavior. Summarizing 400 studies over the past 60 years, the report concludes that humans perform only "the same as or slightly better than chance." Given that the TSA has spent almost a billion dollars on the program, that's a pretty poor record. As a result, the GAO is requesting that both Congress and the president withhold funding from the program until the TSA can demonstrate its effectiveness. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 13 17:40:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Nov 2013 18:40:02 -0500 Subject: [Infowarrior] - Wikileaks leaks (secret) TPP IP treaty. Scary stuff. Message-ID: <2B193599-00D7-4F00-9300-B673C7094AAC@infowarrior.org> Wikileaks leaks SECRET copyright treaty: The Trans-Pacific Partnership DMCA robocops link arms with Monsanto triffids to take over the world in revealed docs By Richard Chirgwin, 13th November 2013 http://www.theregister.co.uk/2013/11/13/wikileaks_posts_tpp_text/ The text of the secretive Trans-Pacific Partnership Agreement (TPP) isn't as bad as we thought. It's worse. A draft, published by Wikieaks, offers a patent-and-copyright wish-list that would see the infamous DMCA automatic take-downs spread throughout the Pacific, plants and animals become patentable with few restrictions, and pharmaceutical companies empowered to tax citizens by way of patent evergreening. With political candidacy off the table for now, Wikileaks has returned to the business of publishing leaked documents with a bang: it has posted the current negotiating text of the proposed Trans Pacific Partnership treaty. The TPP is a document supposed to harmonise intellectual property protections in participating nations ? America, Canada, Australia, New Zealand, Japan, Malaysia, Vietnam, Brunei, Singapore, Chile and Peru. Instead, it looks like a an Australia-US-Japan club force-marching the treaty into America's favoured position on nearly everything, from criminalisation of copyright infringements through to a blank cheque for pharmaceutical companies. The document, here, is huge, but some of the key items include: ? Criminalisation of copyright infringement by all signatories; ? Stronger DRM and ?technological protection measure? regimes; ? ISPs to be made liable for copyright infringement on their networks; ? A ?take it down first, argue later? DMCA-like process for notifying copyright infringements; ? Patentable plants and animals; ? The evergreening of patents ? this has become particularly notorious in the pharmaceutical business, where the repackaging of an out-of-patent medication is used to keep common compounds out of the public domain. America and Japan are opposing consumer protections proposed by the other nations (Australia excepted). These provisions, in Article QQ.A.9, would be designed to prevent the abuse of copyright processes, use of intellectual property rights as a restraint of trade or as the basis of anticompetitive practises. In Article QQ.A.12, Australia joins with the US, Japan and Mexico to oppose a mechanism for the international exhaustion of rights (meaning that different countries would still retain different dates for material to enter the public domain. America also wants pharmaceutical patents to be extended if there's a delay between patent publication and getting marketing approval for a product. America has also asked that the treaty hide clinical data from the public eye, in Article QQ.E.16: it even demands that the existence of clinical data about a particular drug be hidden. America manages to put itself beyond the pale as the sole sponsor of Article QQ.E.1, pretty much a ?Monsanto clause? by pushing for patent coverage of plants and animals, including ?biological processes for the production of plants and animals.? New Zealand, Canada, Singapore, Chile and Mexico want to specifically exclude these, along with ?diagnostic, therapeutic and surgical methods for the treatment of humans or animals?. Copyright crunch Moving onto copyright: the treaty seems to include text, in Article QQ.G.4 to try and slap down the so-called ?grey marketing? (currently legal at least in Australia) of works: ?Each Party shall provide to authors, [NZ/MX oppose: performers,] and producers of phonograms the right to authorize or prohibit the making available to the public of the original and copies137 of their works, [NZ/MX oppose: performances,] and phonograms through sale or other transfer of ownership.? Alert readers might also wonder if this clause could stand as an attack on the ?first sale doctrine?, at least as it applies to music. America ? with support from Australia, Singapore and Mexico ? wants to export the duration of copyright (the ?Mickey Mouse? law) to other countries, while New Zealand, Brunei, Malaysia, Vietnam, Canada and Japan want to retain the right to set their own terms for how long copyright should endure. The leaked text puts out in the open the TPP's proposed hardening of ?technical protection measures? (TPMs), and it's a work of wonder, seeking the outright criminalisation of things like ?mod chips? ? but at least, in a tiny nod to the legality (in some territories) of products like multi-region DVD players, Article QQ.G.10, at least doesn't demand that every product produced by every vendor in every country include technological protection measures. The US and its lapdogs allies also want criminal punishments for circumventing TPMs to be ?independent of any infringement? of national copyright law ? in effect creating a new offence. It may be legal, at the moment, for someone to modify a device to play out-of-region DVDs (to pick an easy example), with no offence so long as they owner of the DVD player only uses it to play legally-purchased DVDs from another region. The TPP, however, seeks to separate the two activities ? so that even if someone never violated copyright by removing a geo-lock, they will have broken the law anyway. Only Singapore and Chile seem to have their citizens' freedoms in mind, proposing in Article QQ.G.11 that TPMs that only exist to force market segmentation be exempted from the TPP treaty. In Article QQ.G.13, the TPP also proposes extending the TPM regime to DRM, making it a crime to remove or alter any rights-management information from a work. [The Register apologises that this looks something like reading out a charge sheet ? but that's exactly how it seems.] Even before all the lawsuits around Internet retransmission of broadcast TV is settled in its own country, America wants a Pacific-wide ban on the practise, in Article QQ.H.12: ?no Party may permit the retransmission of television signals (whether terrestrial, cable, or satellite) on the Internet without the authorization of the right holder or right holders of the content of the signal and, if any, of the signal.? Farewell the ?safe harbour? America and Australia ? and only those two ? have opposed the limitation of liability on ISPs for copyright infringements committed by their users (something which in the case of Australia has been settled by the High Court, in light of the legislation that now exists, in the famous iiNet trial). Canada has stood in favour of retaining ?safe harbour? provisions. The relevant Article QQ.I.1 is extensively revised and debated, but amounts to an MPAA/RIAA wishlist, most vigorously opposed by New Zealand (Australia is either silent in the debate, or stands next to America). Australia and Singapore have joined with America to propose a regime very much like the DMCA's auto-takedowns, with rights-holders given the first-mover advantage in the process. The proposed mechanism for opposing a take-down notice is a gem: if you think you've been unfairly treated in a takedown notice, you have to accept jurisdiction of ?any court that has jurisdiction over the place where the subscriber's address is located, or, if that address is located outside the Party's territory, any other court with jurisdiction over any place in the Party's territory where the service provider may be found, and in which a copyright infringement suit could be brought with respect to the alleged infringement? (emphasis added). We'll leave the permutations of this last item to our readers. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 14 16:13:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Nov 2013 17:13:14 -0500 Subject: [Infowarrior] - =?windows-1252?q?Our_Government_Has_Weaponized_th?= =?windows-1252?q?e_Internet=2E_Here=92s_How_They_Did_It?= Message-ID: <38CFF319-D5EF-4CA7-931F-E818D072D034@infowarrior.org> Our Government Has Weaponized the Internet. Here?s How They Did It ? By Nicholas Weaver ? 11.13.13 ? 9:30 AM http://www.wired.com/opinion/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/ The internet backbone ? the infrastructure of networks upon which internet traffic travels ? went from being a passive infrastructure for communication to an active weapon for attacks. According to revelations about the QUANTUM program, the NSA can ?shoot? (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, ?It wasn?t us. And even if it was, you started it.? If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own. Which means the rest of us ? and especially any company or individual whose operations are economically or politically significant ? are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector. Here?s how it works. The QUANTUM codename is deliciously apt for a technique known as ?packet injection,? which spoofs or forges packets to intercept them. The NSA?s wiretaps don?t even need to be silent; they just need to send a message that arrives at the target first. It works by examining requests and injecting a forged reply that appears to come from the real recipient so the victim acts on it. In this case, packet injection is used for ?man-on-the-side? attacks ? which are more failure-tolerant than man-in-the-middle attacks because they allow one to observe and add (but not also subtract, as the man-in-the-middle attacks do). That?s why these are particularly popular in censorship systems. It can?t keep up? That?s okay. Better to miss a few than to not work at all. Nicholas Weaver Nicholas Weaver is a researcher at the International Computer Science Institute in Berkeley and U.C. San Diego (though this opinion is his own). He focuses on network security as well as network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user?s network connection. Weaver received his Ph.D. in Computer Science from U.C. Berkeley. The technology itself is actually pretty basic. And the same techniques that work on on a Wi-Fi network can work on a backbone wiretap. I personally coded up a packet-injector from scratch in a matter of hours five years ago, and it?s long been a staple of DefCon pranks. So how have nations used packet injection, and what else can they do with it? These are some of the known uses. Censorship The most infamous use of packet injection prior to the Snowden leaks was censorship, where both internet service providers (ISPs) and the Great Firewall of China injected TCP reset packets (RST) to block undesired traffic. When a computer receives one of these injected RST packets, it closes the connection, believing that all communication is complete. Although public disclosure forced ISPs to stop this behavior, China continues to censor with injected resets. It also injects the Domain Name System (DNS) ? the system all computers use to turn names such as ?www.facebook.com? into IP addresses ? by inserting a fake reply whenever it sees a forbidden name. (It?s a process that has caused collateral damage by censoring non-Chinese internet traffic). User Identification User cookies, those inserted by both advertising networks and services, also serve as great identifiers for NSA targeting. Yet a web browser only reveals these cookies when communicating with such sites. A solution lies in the NSA?s QUANTUMCOOKIE attack, which they?ve utilized to de-anonymize Tor users. A packet injector can reveal these cookies by replying to an unnoticed web fetch (such as a small image) with a HTTP 302 redirect pointing to the target site (such as Hotmail). The browser now thinks ?hey, should really go visit Hotmail and ask it for this image?. In connecting to Hotmail, it reveals all non-secure cookies to the wiretap. This both identifies the user to the wiretap, and also allows the wiretap to use these cookies. So for any webmail service that doesn?t require HTTPS encryption, QUANTUMCOOKIE also allows the wiretap to log in as the target and read the target?s mail. QUANTUMCOOKIE could also tag users, as the same redirection that extracts a cookie could also set or modify a cookie, enabling the NSA to actively track users of interest as they move across the network ? although there is no indication yet that the NSA utilizes this technique. User Attack The NSA has a collection of FOXACID servers, designed to exploit visitors. Conceptually similar to Metasploit?s WebServer browser autopwn mode, these FOXACID servers probe any visiting browser for weaknesses to exploit. All it takes is a single request from a victim passing a wiretap for exploitation to occur. Once the QUANTUM wiretap identifies the victim, it simply packet injects a 302 redirect to a FOXACID server. Now the victim?s browser starts talking to the FOXACID server, which quickly takes over the victim?s computer. The NSA calls this QUANTUMINSERT. The NSA and GCHQ used this technique not only to target Tor users who read Inspire (reported to be an Al-Qaeda propaganda magazine in the English language) but also to gain a foothold within the Belgium telecommunication firm Belgacom, as a prelude to wiretapping Belgium phones. One particular trick involved identifying the LinkedIn or Slashdot account of an intended target. Then when the QUANTUM system observed individuals visiting LinkedIn or Slashdot, it would examine the HTML returned to identify the user before shooting an exploit at the victim. Any page that identifies the users over HTTP would work equally well, as long as the NSA is willing to write a parser to extract user information from the contents of the page. Other possible QUANTUM use cases include the following. These are speculative, as we have no evidence that the NSA, GCHQ, or others are utilizing these opportunities. Yet to security experts they are obvious extensions of the logic above. HTTP cache poisoning. Web browsers often cache critical scripts, such as the ubiquitous Google Analytics script ?ga.js?. The packet injector can see a request for one of these scripts and instead respond with a malicious version, which will now run on numerous web pages. Since such scripts rarely change, the victim will continue to use the attacker?s script until either the server changes the original script or the browser clears its cache. Zero-Exploit Exploitation. The FinFly ?remote monitoring? hacking tool sold to governments includes exploit-free exploitation, where it modifies software downloads and updates to contain a copy of the FinFisher Spyware. Although Gamma International?s tool operates as a full man-in-the-middle, packet injection can reproduce the effect. The injector simply waits for the victim to attempt a file download, and replies with a 302 redirect to a new server. This new server fetches the original file, modifies it, and passes it on to the victim. When the victim runs the executable, they are now exploited ? without the need for any actual exploits. Mobile Phone Applications. Numerous Android and iOS applications fetch data through simple HTTP. In particular, the ?Vulna? Android advertisement library was an easy target, simply waiting for a request from the library and responding with an attack that can effectively completely control the victim?s phone. Although Google removed applications using this particular library, other advertisement libraries and applications can present similar vulnerabilities. DNS-Derived Man-in-the-Middle. Some attacks, such as intercepting HTTPS traffic with a forged certificate, require a full man in the middle rather than a simple eavesdropper. Since every communication starts with a DNS request, and it is only a rare DNS resolver that cryptographically validates the reply with DNSSEC, a packet injector can simply see the DNS request and inject its own reply. This represents a capability upgrade, turning a man-on-the-side into a man-in-the-middle. One possible use is to intercept HTTPS connections if the attacker has a certificate that the victim will accept, by simply redirecting the victim to the attacker?s server. Now the attacker?s server can complete the HTTPS connection. Another potential use involves intercepting and modifying email. The attacker simply packet-injects replies for the MX (Mailserver) entries corresponding to the target?s email. Now the target?s email will first pass through the attacker?s email server. This server could do more than just read the target?s incoming mail, it could also modify it to contain exploits. Amplifying Reach. Large countries don?t need to worry about seeing an individual victim: odds are that a victim?s traffic will pass one wiretap in a short period of time. But smaller countries that wish to utilize the QUANTUMINSERT technique need to force victims traffic past their wiretaps. It?s simply a matter of buying the traffic: Simply ensure that local companies (such as the national airline) both advertise heavily and utilize in-country servers for hosting their ads. Then when a desired target views the advertisement, use packet injection to redirect them to the exploit server; just observe which IP a potential victim arrived from before deciding whether to attack. It?s like a watering hole attack where the attacker doesn?t need to corrupt the watering hole. *** The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary. Encryption doesn?t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic. There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 14 16:13:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Nov 2013 17:13:27 -0500 Subject: [Infowarrior] - FBI deems PhD thesis a national security concern Message-ID: Meet the Punk Rocker Who Can Liberate Your FBI File Ryan Shapiro's technique is so effective at unburying sensitive documents, the feds are asking the courts to stop him. < - > http://www.motherjones.com/politics/2013/11/foia-ryan-shapiro-fbi-files-lawsuit --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 14 19:59:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Nov 2013 20:59:04 -0500 Subject: [Infowarrior] - Seattle police deactivate surveillance system after public outrage Message-ID: <618BDD34-B68C-4905-9A8A-94548CA4C467@infowarrior.org> eattle police deactivate surveillance system after public outrage Published time: November 13, 2013 18:20 Get short URL Reuters / Matt Mills McKnight http://rt.com/usa/seattle-mesh-network-disabled-676/ Police in Seattle, Washington have responded to a major public outcry by disabling a recently discovered law enforcement tool that critics said could be used to conduct sweeping surveillance across the city. Last week, Seattle?s The Stranger published an in-depth look at a little known new initiative taking place within the city that involved the installation of dozens of devices that would create a digital mesh network for law enforcement officers. The devices ? small white-boxes equipped with antennas and adorned on utility poles ? would broadcast data wirelessly between nodes so police officers could have their own private network to more easily share large amounts of data. As The Stranger pointed out, however, those same contraptions were able to collect data on internet-ready devices of anyone within reach, essentially allowing the Seattle Police Department to see where cell phones, laptops and any other smart devices operating within reach were located. The SPD said they had no bad intentions with installing the mesh network, but The Stranger article and the subsequent media coverage it spawned quickly caused the system to receive the type of attention that wasn?t very welcomed. Now only days after citizens began calling for the dismantling of the mesh network, The Stranger has confirmed that the SPD are disabling the devices until a proper policy could be adopted by the city. "The wireless mesh network will be deactivated until city council approves a draft policy and until there's an opportunity forvigorous public debate," Police Chief Jim Pugel told The Stranger for an article published late Tuesday. "Our position is that the technology is the technology," Whitcomb said, "but we want to make sure that we have safeguards and policies in place so people with legitimate privacy concerns aren't worried about how it's being used." The SPD told The Stranger previously that the system was not being used, but anyone with a smart phone who wandered through the jurisdiction covered by the digital nodes could still notice that their devices were being discovered by the internet-broadcasting boxes, just as a person?s iPhone or Android might attempt to connect to any network within reach. In theory, law enforcement could take the personal information transmitted as the two devices talk to each other and use that intelligence to triangulate the location of a person, even within inches. When the SPD was approached about the system last week, they insisted that it wasn?t even in operation yet. David Ham of Seattle?s KIRO-7 News asked, however, how come ?we could see these network names if it?s not being used?? ?Well, they couldn?t give us an explanation,? Ham said at the time. ?They now own a piece of equipment that has tracking capabilities so we think that they should be going to city council and presenting a protocol for the whole network that says they won?t be using it for surveillance purposes,? Jamela Debelak of the American Civil Liberties Union told the network. Now just days later, the SPD has admitted to The Stranger that indeed the mesh network was turned on ? it just wasn?t supposed to be. ?SPD maintains it has not been actively using the network ? it was operational without being operated, having been turned on for DHS grant-mandated testing and then never turned off ? so shutting it down won't hamper any current SPD activities,? The Stranger reporter. According to The Stranger, the SPD will begin disabling the system immediately, although Whitcomb said it involves ?more than just flipping a switch.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 15 12:46:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Nov 2013 13:46:13 -0500 Subject: [Infowarrior] - Google Mocks The Gag Order FISC Puts On Them Over NSA Requests Message-ID: <6913BD07-426C-41C6-AA59-3DFE5B71C352@infowarrior.org> Google's Latest Transparency Report Mocks The Gag Order FISC Puts On Them Over NSA Requests from the not-so-subtle dept Google has released the latest version of its transparency report concerning government requests. While they focus on how government requests for information have doubled over the past three years, they also have a not-at-all-subtle jab at the FISA Court and the DOJ for continuing to block their efforts to reveal how many FISA Amendments Act Section 702 requests (the so-called PRISM requests) they get from the government, and how many people it impacts. As you hopefully already know, Google (along with other tech companies) is in the process of suing the government over this restriction on its free speech. You can see that demonstrated pretty clearly in the bottom righthand quadrant of the graphic they released. Just call it the "redacted" infographic. <-> http://www.techdirt.com/articles/20131114/11363325246/googles-latest-transparency-report-mocks-gag-order-fisc-puts-them-over-nsa-requests.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 15 12:48:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Nov 2013 13:48:28 -0500 Subject: [Infowarrior] - Silicon Valley Nerds Seek Revenge on NSA Spies With Coding Message-ID: <0B3F3D30-CF10-458D-846E-BB18F5B1D3B0@infowarrior.org> Silicon Valley Nerds Seek Revenge on NSA Spies With Coding By Chris Strohm - Nov 15, 2013 http://www.bloomberg.com/news/print/2013-11-15/silicon-valley-nerds-seek-revenge-on-nsa-spies-with-super-coding.html Google Inc. (GOOG), Facebook Inc. (FB) and Yahoo! Inc. (YHOO) are fighting back against the National Security Agency by using harder-to-crack code to shield their networks and online customer data from unauthorized U.S. spying. The companies, burned by disclosures they?ve cooperated with U.S. surveillance programs, are protecting user e-mail and social-media posts with strengthened encryption that the U.S. government says won?t be easily broken until 2030. While the NSA may find ways around the barriers, the companies say they have to assure users their online connections are secure and data can?t be grabbed when transmitted over fiber-optic networks or digitally stored. Microsoft Corp. (MSFT) is convinced it must ?invest in protecting customers? information from a wide range of threats, which if the allegations are true, include governments,? Matt Thomlinson, general manager of trustworthy computing, said in an e-mail. He didn?t provide details. Internet companies including Google, Yahoo, Facebook, Microsoft and Apple Inc. (AAPL) are trying to distance themselves from news reports that they gave the agency data on electronic communications of Americans and foreigners or have lax security. While the companies are trying to prevent the NSA from gaining unauthorized access to their data, they say they comply with legal court orders compelling them to provide the government information. The NSA has tapped fiber-optic cables abroad in order to siphon off data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into coding, according to reports in the Washington Post, the New York Times and the U.K.?s Guardian newspaper based on documents leaked by former NSA contractor Edward Snowden. Game On Companies are fighting back primarily by using increasingly complex encryption, which scrambles data using a mathematical formula that can be decoded only with a special digital key. The idea is to protect sensitive information like e-mails, Internet searches and digital calls. Google has accelerated efforts to encrypt information flowing between its data centers, doubled the length of its digital keys and implemented measures to detect fraudulent certificates for verifying the authenticity of websites, according to a statement from the Mountain View, California-based company. NSA spy programs have ?the great potential for doing serious damage to the competitiveness? of U.S. companies, Richard Salgado, Google?s director of law enforcement and information security, told a Senate subcommittee Nov. 13. ?It?s very important that the users of our services understand that we are stewards of their data, we hold it responsibly, we treat it with respect,? Salgado said. ?We?ve already seen impacts on the businesses.? Government Threat Google, Yahoo and Facebook generated $44.4 billion in advertising revenue so far in 2013 in part by mining users? private data, according to Bloomberg Industries. An Aug. 14 analysis by Forrester Research Inc. (FORR) analyst James Staten found the U.S. cloud computing industry could lose as much as $180 billion by 2016 due to the spying disclosures. Yahoo will make encrypted connections standard by January for all its Mail users with 2048-bit digital keys, Sarah Meron, a spokeswoman for the Sunnyvale, California-based company, said in an e-mail. Facebook, in addition to moving toward 2048-bit encryption keys, is accelerating a tactic known as ?perfect forward secrecy? that prevents the NSA from deciphering the communications of users if it obtains a security code, Jodi Seth, a company spokeswoman, said in an e-mail. Slow Adoption While Google has led the industry in adopting security practices, ?many of its competitors have been slow to follow,? Christopher Soghoian, principal technologist for the American Civil Liberties Union?s speech, privacy and technology project, said in e-mail. ?Yahoo is waiting until 2014 to do what Google did in 2010,? he said. ?The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans.? The National Institute of Standards and Technology has determined that known computing power won?t be able to break 2048-bit encryption until at least 2030. Agencies like the NSA use stronger encryption, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School. Schneier recommends companies encrypt everything even though the NSA can often defeat it by, among other tactics, installing malicious software on computers to steal the security keys that unlock encryption codes. Backdoor Grab ?The NSA has turned the Internet into a giant surveillance platform,? Schneier, a computer security and privacy specialist, said in a phone interview. The companies may not be moving fast enough in a cat-and-mouse game with the NSA, said Kurt Opsahl, senior staff attorney for the San Francisco-based digital rights group Electronic Frontier Foundation. ?The NSA is one of the largest, most powerful, well-funded intelligence agencies in the world,? Opsahl said in a phone interview. ?While the government has been misusing its legal authorities to require a set of data at the front door, the NSA has been sneaking in the back door to grab all the data.? The NSA collects ?the communications of targets of foreign intelligence value, irrespective of the provider that carriers them,? the agency said in an Oct. 31 statement. ?Political Problem? The U.S. uses ?every intelligence tool available? to intercept electronic communications of suspected terrorists relying on ?the very same social networking sites, encryption tools and other security features? as innocent Americans, Director of National Intelligence James Clapper said in an Oct. 4 statement. Encryption isn?t foolproof. The NSA can use hacking attacks to obtain security keys or compel companies to hand them over with court orders, said Jonas Falck, chief executive officer and co-founder of Halon Security Inc., a network security company with U.S. headquarters in San Francisco. Companies like Google also introduce security vulnerabilities when they decrypt data to analyze user trends for advertising purposes, Falck said in a phone interview. Google spokeswoman Niki Fenwick said the company declined to respond to this concern. Companies have different levels of encryption, which mean electronic communications sent between them may not be protected from starting point to end point, Opsahl said. Encrypting data can, at the least, make it harder for the NSA to gain unauthorized access to information, forcing the agency to pick targets or come out of the shadows and go before a court to obtain it legally, Opsahl said. The other thing companies can do is lobby Congress to change the law to restrict what the NSA is able to do, according to Schneier. ?There is a technology component, but primarily this is a political problem,? Schneier said. To contact the reporter on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 15 12:49:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Nov 2013 13:49:31 -0500 Subject: [Infowarrior] - Jeremy Hammond gets 10 years Message-ID: <5F5CB5F2-7F50-4E32-AE19-B0DA96AF5115@infowarrior.org> (c/o ajr) http://rt.com/usa/jeremy-hammond-sentence-nyc-785/ "Internet activist Jeremy Hammond who pleaded guilty to hacking servers of the private intelligence company Statfor and leaking its information to anti-secrecy site, WikiLeaks, was sentenced to ten years in jail on Friday, November 15." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 15 14:18:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Nov 2013 15:18:15 -0500 Subject: [Infowarrior] - CME Group Says Its Computers Were Hacked, No Trades Affected Message-ID: <24AD5271-00D2-4EF3-9C20-1CD6B46FDB12@infowarrior.org> CME Group Says Its Computers Were Hacked, No Trades Affected By Matthew Leising - Nov 15, 2013 http://www.bloomberg.com/news/print/2013-11-15/cme-group-says-its-computers-were-hacked-no-trades-affected.html CME Group Inc. (CME), operator of the world?s largest futures market, said its computer systems were hacked in July and ?certain customer information? for its ClearPort platform was compromised. The owner of the Chicago Mercantile Exchange said there?s no evidence that transactions on its electronic-trading system or its clearing services were affected. The incident is the subject of a U.S. government investigation, according to CME Group and the Federal Bureau of Investigation. Cyber security has been flagged as one of the biggest threats to markets and governments by industry groups and international regulators. A study in July found that computers at about 53 percent of exchanges around the world were attacked during the previous year. Nasdaq OMX Group Inc. discovered suspicious files on its website in 2011, prompting a federal investigation. ?Assuming no customer assets were affected, this is useful as an eye-opener,? said Pete Lindstrom, an analyst at Spire Security in Philadelphia. ?We continue to see various types of folks who are hacked,? he said. ?It starts to generate concern over our financial infrastructure.? CME ClearPort provides clearing services for over-the-counter products including energy and metals trades. ?To protect participants, CME Group forced a change to customer credentials impacted by the incident, and is corresponding directly with the impacted customers,? the company said in today?s statement. FBI Investigates Michael Shore, a CME Group spokesman, declined to elaborate on the statement. ?We did receive the referral? from CME Group, said Joan Hyde, a spokeswoman for the Chicago office of the FBI. ?We are looking into the matter.? While cyber attacks are global, American exchanges have reported the most instances of attempted sabotage via the Internet, according to a July study co-authored by the World Federation of Exchanges and the International Organization of Securities Commissions. About 67 percent of U.S.-based trading venues said they had to fight them off, the study showed. About 89 percent said it represents a systemic risk. That?s in line with the conclusion of the Depository Trust & Clearing Corp., which processes U.S. stock trades. It said in August that hacking is the gravest threat to government and financial markets. `Big One' ?Cyber-security is a large and growing problem for all financial service providers,?Howard Ward, the chief investment officer for growth equity at Rye, New York-based Gamco Investors Inc., which oversees about $40 billion, wrote in an e-mail. ?We must accelerate our investments in protecting our financial system and power grid from intruders before they score a big one.? On July 25, U.S. prosecutors said they indicted four Russians and a Ukrainian in what was called the largest hacking and data breach scheme in U.S. history. Nasdaq OMX was among their targets. Nasdaq OMX in 2011 disclosed an intrusion involving ?suspicious? files on its Directors Desk system, which lets corporate board members communicate and share information. The National Security Agency, the top U.S. electronic intelligence service, joined a probe of the 2010 attack, people familiar with the investigation said in March 2011. To contact the reporter on this story: Nick Baker in Chicago at nbaker7 at bloomberg.net To contact the editor responsible for this story: Nick Baker at nbaker7 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 15 14:44:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Nov 2013 15:44:20 -0500 Subject: [Infowarrior] - MPAA at it again.... Message-ID: The MPAA's Plan To Piss Off Young Moviegoers And Make Them Less Interested In Going To Theaters http://www.techdirt.com/articles/20131115/02104625254/mpaas-plan-to-piss-off-young-moviegoers-make-them-less-interested-going-to-theaters.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 17 18:28:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Nov 2013 19:28:35 -0500 Subject: [Infowarrior] - Still on Facebook, but Finding Less to Like Message-ID: <296A7BBA-4842-4CDA-AAA5-868A4579C2D8@infowarrior.org> Social November 16, 2013, 1:43 pm Still on Facebook, but Finding Less to Like By JENNA WORTHAM http://bits.blogs.nytimes.com/2013/11/16/still-on-facebook-but-finding-less-to-like/?hp Just a few years ago, most of my online social activity revolved around Facebook. I was an active member of several Facebook groups, including one that helped me and others find apartments and sell used items. Another group was wonderful for organizing midnight movie screenings. And I used Facebook to stay up-to-date on the latest achievements of my sisters and their children, and the many members of my extended family. But lately, my formerly hyperactive Facebook life has slowed to a crawl. I?ve found that most of my younger relatives have graduated from high school and have deleted their accounts or whittled them down until there is barely any personal information left. As for my own account, I rarely add photographs or post updates about what I?ve been doing. Often, the only interesting thing on the site is the latest Buzzfeed article that my friends are reading ? and I can go directly to Buzzfeed for that. Is it just me, or is Facebook fading? The company has long denied that public interest in it may be waning ? or that social upstarts may be luring away users. But this month, during a quarterly earnings call, David A. Ebersman, Facebook?s chief financial officer, made a startling acknowledgment. Facebook had noticed ?a decrease in daily users, specifically among younger teens,? he said. Those teenagers, mostly American and likely around 13 or 14, weren?t deleting their accounts, he said, but they were checking the site less often. The comment confirmed what many of us had suspected but were never able to prove ? that the service had become less appealing for at least some of its users. And though Facebook is still the default social network for many people, perhaps it is no longer as crucial as it once was for social survival. One explanation is that Facebook?s function may now be different from what it was in its earlier days. Nathan Jurgenson, a sociologist who studies the Internet and was recently hired as a researcher by Snapchat, a mobile messaging app that is rapidly growing in popularity, described mainstream social networking sites as ?kind of like the mall.? People mill about, peeking through windows into one another?s lives, for lack of something better to do online. That is especially true for teenagers, he said. ?It?s very clean and highly policed,? he said of that mainstream ?mall.? In other words, he said, it is not really a playground, where youngsters can have fun and enjoy themselves and truly be themselves. It is a place for preening and performing and checking out others who are doing the same thing. Mr. Jurgenson also said mainstream sites had evolved into a kind of ?decoy social media.? In his view, it has become akin to a yearbook or yellow pages ? a static home on the web that offers proof of someone?s existence, and perhaps little else. That might explain in part the popularity of a wave of new services like his company, Snapchat, as well as Twitter, Tumblr, Pinterest and even Vine. They have taken root, particularly among teenagers. It may seem counterintuitive that Facebook would become less interesting and relevant as more people sign up for the service. For its part, said Tucker Bounds, a Facebook spokesman, the company is ?fully committed to building engaging products that will appeal to the entire community of people on Facebook.? But S. Shyam Sundar, a director of the Media Effects Research Lab at Pennsylvania State University, said that Facebook had become a utility, like a phone carrier. People go to Facebook to document the major events in their lives, he said, and keep track of those of others, not unlike a public, community scrapbook. ?It has an identity as a catchall, a repository across generations,? he said. ?It?s a place where everyone is, that has a purpose and a place, but doesn?t necessarily represent a place where people will want to go on a frequent basis.? In other words, as it has become nearly universal, Facebook may have lost some of its edge ? or, at the very least, it may no longer feel novel or original to some of its users. It?s possible that it has lost some of the cachet that made it appealing, especially for young users. Many people have become much more wary of the longer-term implications of sharing on Facebook and on other social media. In recent months, it has become clear that seemingly harmless antics online can lead to serious repercussions in the real world. Young people may be particularly vulnerable. Those cracks in Facebook?s veneer have provided a market opening for other messaging services among young people in the United States and worldwide. Mr. Sundar calls those services ? which include WhatsApp, Line (popular in Japan), Snapchat, WeChat of China and the Korean service KakaoTalk ? ?mini social media,? because they satisfy one desire among teenagers: keeping in constant communication. ?That is an aspect of being a teen ? they love chatting with their friends and they are always on their phones,? he said. With the lightning speed at which social media is evolving, it is at least possible that Facebook is already entering a midlife crisis. Could we be approaching peak Facebook? The company is certainly paying attention to its footprint in the market ? it bought Instagram, the popular photo-sharing service, and Onavo, a mobile analytics company that monitored what services were gaining traction and who their primary users were. Most recently, Facebook offered to acquire Snapchat for $3 billion but the company refused. Perhaps a better question to ask is whether teenagers are crucial for Facebook to thrive. After all, shares of Twitter soared during the company?s first few days on the public markets. The company?s market capitalization is now almost $25 billion. And it was able to achieve that without a firm grasp on the teenage demographic. But if teenagers use Facebook less often, youth-oriented advertisers might spend less of their marketing budget on the site. And if teenagers are ultimately spending less time there, other users might follow suit, affecting the company?s overall potential for moneymaking. Facebook can manage very well without the support of teenagers, Mr. Sundar said. ?But the truth is that teens are often the initial adopters,? he said. ?The real danger to Facebook might be the companies where they are going.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 17 18:28:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Nov 2013 19:28:40 -0500 Subject: [Infowarrior] - Trusted Computing Must Repudiate The NSA Message-ID: <307523F6-847F-4722-98FD-3C7A9C6D7EB1@infowarrior.org> Richard Stiennon, Contributor 11/16/2013 @ 2:25PM |910 views Trusted Computing Must Repudiate The NSA http://www.forbes.com/sites/richardstiennon/2013/11/16/trusted-computing-must-repudiate-the-nsa/ Trust is fragile and the decade long effort on the part of the NSA to compromise all security models has destroyed trust. From its inception the coalition of industry giants who have backed the concept of hardware-based security, the Trusted Computing Group (TCG), have been at odds with the ?information should be free? crowd. The problem these giants (Microsoft, Intel, AMD, IBM, HP) faced a decade ago was software and media piracy. As the biggest backer, Microsoft, was the most suspect. In recent weeks that suspicion of Microsoft has exploded into bald-face claims from the German BSI that the Trusted Platform Module, the hardware component of Trusted Computing is an NSA backdoor. And who knows what further releases of the Snowden files will unveil about the NSA?s involvement with the Trusted Computing Group? The NSA jumped on the Trusted Computing bandwagon early. In recent years they have sponsored the Trusted Computing Conference in Orlando, often shrouded in spookiness as Ellen Mesmer, the intrepid industry reporter, relates. This year the NSA begged off sponsoring the event claiming Sequester, despite its $10 billion budget. The remaining sponsors and organizers could only muster about 60 attendees. Speakers from Microsoft, Wave, Infineon, and other hard core crypto security experts only alluded to the elephant in the room, usually to deride the poor state of journalism and laugh off the unsupported claims of the German government. Denial is a common symptom in reaction to tsunami shifts in markets and global politics. Those who have devoted their careers to parenting super secure architectures are overly confident in their own children. They neglect the perfidy of unconstrained government forces such as an intelligence community whose budget is twice the size of that of Australia?s Ministry of Defense. The Trusted Computing standard is open and good. It offers a solution to all of the issues that plague the Internet today. Device attestation, strong crypto with unbreakable key storage, identity, code signing, Trusted Network Connections, even secure end-to-end communication are all made possible by a little silicon wafer shipped with most business computers. The day is coming when over a billion computers will be equipped with TPMs. Yet, the actual number of TPMs that are utilized is miniscule. The reasons for the failure of Trusted Computing will be familiar to many in the security industry. Products do not sell unless they solve a real problem, and security products do not sell unless they address a real and present danger. The community of Trusted Computing advocates, which includes the manufacturers of TPMs, Microsoft, and the Information Assurance Directorate of the NSA, are frustrated that their perfect security models do not catch on. There has been no market driver to incorporate TPMs into security architectures. Until now. In an ironic twist, the other side of the NSA, the Signals Intelligence Directorate, has inadvertently created the market driver that could propel Trusted Computing forward. In its blind pursuit of its mission the NSA has embarked on a massive surveillance program to ?collect everything.? The NSA has compromised all security. All communication is targeted. It has used its legal muscle to force vendors to give up the keys to the kingdom. It has corrupted security models that rely on trust: trust of Certificate Authorities, trust of vendors, trust of encryption protocols. The NSA has done irreparable harm to trust. The Trusted Computing Group, in order to realize its own mission of moving the world towards a hardware root of trust for security, must completely repudiate the NSA. It must formally cut the ties that bind it to the NSA with a public statement of repudiation. Current and former members of the NSA must be barred from participation at all levels including working committees, the board, and from a presence at the Trusted Computing Conference. The members of the Trusted Computing Group must seek to re-establish trust by demonstrating the absence of complicity in the NSA?s surveillance programs. The manufacturers of TPMs must demonstrate that there are no back doors in their products. Only after repudiating the NSA can the Trusted Computing Group begin to participate in the tenfold boom in IT security spending that has begun. New products and services can be deployed that completely prevent communications from being consumed by the NSA. Trusted Computing will immunize the Internet from a pathogen that is killing trust. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 17 18:28:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Nov 2013 19:28:45 -0500 Subject: [Infowarrior] - A Russian GPS Using U.S. Soil Stirs Spy Fears Message-ID: <0E1CF6C2-80CD-47E7-B0FB-A29ACB30509D@infowarrior.org> November 16, 2013 A Russian GPS Using U.S. Soil Stirs Spy Fears By MICHAEL S. SCHMIDT and ERIC SCHMITT http://www.nytimes.com/2013/11/17/world/europe/a-russian-gps-using-us-soil-stirs-spy-fears.html WASHINGTON ? In the view of America?s spy services, the next potential national security threat from Russia may not come from a nefarious cyberweapon or intelligence gleaned from the files of Edward J. Snowden, the former security contractor now in Moscow. Instead, this menace may come in the form of a seemingly innocuous dome-topped antenna perched atop an electronics-packed building surrounded by a security fence somewhere in the United States. In recent months, the Central Intelligence Agency and the Pentagon have been quietly waging a campaign to stop the State Department from allowing Roscosmos, the Russian space agency, to build about half a dozen of these structures, known as monitor stations, on United States soil, several American officials said. They fear that these structures could help Russia spy on the United States and improve the precision of Russian weaponry, the officials said. These monitor stations, the Russians contend, would significantly improve the accuracy and reliability of Moscow?s version of the Global Positioning System, the American satellite network that steers guided missiles to their targets and thirsty smartphone users to the nearest Starbucks. ?They don?t want to be reliant on the American system and believe that their systems, like GPS, will spawn other industries and applications,? said a former senior official in the State Department?s Office of Space and Advanced Technology. ?They feel as though they are losing a technological edge to us in an important market. Look at everything GPS has done on things like your phone and the movement of planes and ships.? The Russian effort is part of a larger global race by several countries ? including China and European Union nations ? to perfect their own global positioning systems and challenge the dominance of the American GPS. For the State Department, permitting Russia to build the stations would help mend the Obama administration?s relationship with the government of President Vladimir V. Putin, now at a nadir because of Moscow?s granting asylum to Mr. Snowden and its backing of President Bashar al-Assad of Syria. But the C.I.A. and other American spy agencies, as well as the Pentagon, suspect that the monitor stations would give the Russians a foothold on American territory that would sharpen the accuracy of Moscow?s satellite-steered weapons. The stations, they believe, could also give the Russians an opening to snoop on the United States within its borders. The squabble is serious enough that administration officials have delayed a final decision until the Russians provide more information and until the American agencies sort out their differences, State Department and White House officials said. Russia?s efforts have also stirred concerns on Capitol Hill, where members of the intelligence and armed services committees view Moscow?s global positioning network ? known as Glonass, for Global Navigation Satellite System ? with deep suspicion and are demanding answers from the administration. ?I would like to understand why the United States would be interested in enabling a GPS competitor, like Russian Glonass, when the world?s reliance on GPS is a clear advantage to the United States on multiple levels,? said Representative Mike D. Rogers, Republican of Alabama, the chairman of a House Armed Services subcommittee. Mr. Rogers last week asked the Pentagon to provide an assessment of the proposal?s impact on national security. The request was made in a letter sent to Defense Secretary Chuck Hagel, Secretary of State John Kerry and the director of national intelligence, James R. Clapper Jr. The monitor stations have been a high priority of Mr. Putin for several years as a means to improve Glonass not only to benefit the Russian military and civilian sectors but also to compete globally with GPS. Earlier this year, Russia positioned a station in Brazil, and agreements with Spain, Indonesia and Australia are expected soon, according to Russian news reports. The United States has stations around the world, but none in Russia. Russian and American negotiators last met on April 25 to weigh ?general requirements for possible Glonass monitoring stations in U.S. territory and the scope of planned future discussions,? said a State Department spokeswoman, Marie Harf, who said no final decision had been made. Ms. Harf and other administration officials declined to provide additional information. The C.I.A. declined to comment. The Russian government offered few details about the program. In a statement, a spokesman for the Russian Embassy in Washington, Yevgeniy Khorishko, said that the stations were deployed ?only to ensure calibration and precision of signals for the Glonass system.? Mr. Khorishko referred all questions to Roscosmos, which did not respond to a request for comment last week. Although the Cold War is long over, the Russians do not want to rely on the American GPS infrastructure because they remain suspicious of the United States? military capabilities, security analysts say. That is why they have insisted on pressing ahead with their own system despite the high costs. Accepting the dominance of GPS, Russians fear, would give the United States some serious strategic advantages militarily. In Russians? worst fears, analysts said, Americans could potentially manipulate signals and send erroneous information to Russian armed forces. Monitor stations are essential to maintaining the accuracy of a global positioning system, according to Bradford W. Parkinson, a professor emeritus of aeronautics and astronautics at Stanford University, who was the original chief architect of GPS. As a satellite?s orbit slowly diverges from its earlier prediction, these small deviations are measured by the reference stations on the ground and sent to a central control station for updating, he said. That prediction is sent to the satellite every 12 hours for subsequent broadcast to users. Having monitor stations all around the earth yields improved accuracy over having them only in one hemisphere. Washington and Moscow have been discussing for nearly a decade how and when to cooperate on civilian satellite-based navigation signals, particularly to ensure that the systems do not interfere with each other. Indeed, many smartphones and other consumer navigation systems sold in the United States today use data from both countries? satellites. In May 2012, Moscow requested that the United States allow the ground-monitoring stations on American soil. American technical and diplomatic officials have met several times to discuss the issue and have asked Russian officials for more information, said Ms. Harf, the State Department spokeswoman. In the meantime, C.I.A. analysts reviewed the proposal and concluded in a classified report this fall that allowing the Russian monitor stations here would raise counterintelligence and other security issues. The State Department does not think that is a strong argument, said an administration official. ?It doesn?t see them as a threat.? David M. Herszenhorn and Andrew E. Kramer contributed reporting from Moscow. Kitty Bennett contributed research. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 18 06:56:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Nov 2013 07:56:42 -0500 Subject: [Infowarrior] - Bloomberg News Kills All Credibility: Kills Story Critical Of China, Fires Reporter Who Reveals This Fact Message-ID: <9198EB22-D6B1-4BE2-A5E4-12184331C681@infowarrior.org> Bloomberg News Kills All Credibility: Kills Story Critical Of China, Fires Reporter Who Reveals This Fact from the who-would-trust-them-again? dept http://www.techdirt.com/articles/20131117/00183425267/bloomberg-news-kills-all-credibility-kills-story-critical-china-fires-reporter-who-reveals-this-fact.shtml Yet another major news organization has decided that it no longer needs credibility. Bloomberg News got some attention last week after it came out that the editor-in-chief had told reporters to kill a series of stories "that might anger China" and then defended that decision by arguing it was similar to appeasing the Nazis. I'm not joking. In the call late last month, Mr. Winkler defended his decision, comparing it to the self-censorship by foreign news bureaus trying to preserve their ability to report inside Nazi-era Germany, according to Bloomberg employees familiar with the discussion. Apparently, the main story that was killed was by reporter Michael Forsythe, who had been working on it for nearly a year. And, oh yeah, it was scheduled to run the very same month that Bloomberg's CEO was "visiting China to strengthen business ties between the media-sensitive country and the financial services company." I'm sure that's a coincidence. And... once the NY Times broke the story, Bloomberg fired Forsythe. Perhaps the firing isn't too surprising: revealing to a competing publication embarrassing information about your own publisher self-censoring to appease China (and justifying it by positively calling up images of appeasing Hitler) probably means you're going to lose your job. But, of course, the way to have built back at least some credibility after the news was revealed would have been to admit the mistake and let Forsythe publish the story. As it stands now, any reporting from Bloomberg should be automatically seen as suspect, as the editor-in-chief has admitted that he will appease local governments to keep them happy, and the reporting is expected to reflect that sort of propaganda-happy posture. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 18 10:59:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Nov 2013 11:59:57 -0500 Subject: [Infowarrior] - SCOTUS rejects challenge to NSA program over Verizon phone records Message-ID: Supreme Court rejects challenge to NSA program over Verizon phone records By Jeff John Roberts http://gigaom.com/2013/11/18/supreme-court-rejects-challenge-to-nsa-program-over-verizon-phone-records/ Summary: Advocacy group EPIC?s unusual request for the Supreme Court to rule on a controversial program to collect phone records was turned aside. The Supreme Court on Monday announced it would not hear an unusual legal challenge related to the NSA?s ongoing collection of phone records under a controversial program disclosed this summer by leaker Edward Snowden. The case was brought by the Electronic Privacy Information Center (EPIC), which argued that America?s secret spy court, the Foreign Intelligence Surveillance Court, exceeded its authority when it granted the NSA permission to force Verizon to disclose all of its data records ?wholly within the United States, including local telephone calls.? The Supreme Court did not include reasons for rejecting the petition, but the refusal is likely rooted in EPIC?s unusual legal tactic of attempting to hop-scotch directly to the high court rather than proceed up the ladder through the federal court system. EPIC had argued the case was of such pressing importance that it called for the Supreme Court to step in immediately. There are other legal challenges ongoing in lower courts in which citizens are challenging the controversial surveillance practices disclosed by Snowden; these include sweeping up meta-data from phone and internet companies so that intelligence agencies can look for suspicious patterns. Meanwhile, big technology companies, including Google and Microsoft, continue to fight the government in the secret FISA spy court for the right to disclose more data about the surveillance requests they receive. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 18 11:36:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Nov 2013 12:36:46 -0500 Subject: [Infowarrior] - =?windows-1252?q?DHS_must_disclose_=91Internet_Ki?= =?windows-1252?q?ll_Switch=2C=92_court_rules?= Message-ID: <0ECB2A4F-E0A2-4A60-858C-69907DF6AF7F@infowarrior.org> Homeland Security must disclose ?Internet Kill Switch,? court rules By CJ Ciaramella ? The Washington Free Beacon Wednesday, November 13, 2013 http://www.washingtontimes.com/news/2013/nov/13/homeland-security-must-disclose-internet-kill-swit/print/ The Department of Homeland Security (DHS) must disclose its plans for a so-called Internet ?kill switch,? a federal court ruled on Tuesday. The United States District Court for the District of Columbia rejected the agency?s arguments that its protocols surrounding an Internet kill switch were exempt from public disclosure and ordered the agency to release the records in 30 days. However, the court left the door open for the agency to appeal the ruling. The Electronic Privacy Information Center (EPIC) is seeking ?Standard Operating Procedure 303,? also known as the ?Internet kill switch? from Homeland Security. The protocols govern shutting down wireless networks to prevent the remote detonation of bombs. The broad government power to shut down communications networks worries civil libertarians. However, the agency argues the protocols must be kept secret to protect national interests and the safety of individuals. EPIC filed a FOIA request for the protocols in July 2012. The Department of Homeland Security originally said it could not find any records on the kill switch. After EPIC appealed, the agency located the protocol, but redacted nearly all of the information. The agency cited exemptions that allow the withholding of information that could ?disclose techniques and procedures for law enforcement investigations or prosecutions? or ?could reasonably be expected to endanger the life or physical safety of any individual.? The court said Homeland Security wrongly claimed that it could withhold Standard Operating Procedure 303 as a ?technique for law enforcement investigations or prosecutions.? The court also found that interpreting a safety exemption to ?encompass possible harm to anyone anywhere in the United States within the blast radius of a hypothetical unexploded bomb also flies in the face of repeated Supreme Court direction to read FOIA exemptions narrowly.? While the court rejected the agency?s broad interpretation of FOIA exemptions, it left the door open for further appeals by Homeland Security. The agency has 30 days to release the protocols to EPIC, but the court issued a 30-day additional stay on its opinion to allow the agency time to appeal. ? CJ Ciaramella is a staff writer for the Washington Free Beacon. His Twitter handle is @cjciaramella. His email address is ciaramella at freebeacon.com. Read more: http://www.washingtontimes.com/news/2013/nov/13/homeland-security-must-disclose-internet-kill-swit/#ixzz2l1HsCXvp Follow us: @washtimes on Twitter --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 18 14:04:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Nov 2013 15:04:13 -0500 Subject: [Infowarrior] - InfoWarCon Early (50% off) Registration Open Message-ID: <0DA446FA-A63C-4DEB-A22A-ED726A9956DE@infowarrior.org> (disclosure: I am an advisor to the conference & also speaking there. --rick) http://infowarcon.com/ Early Registration Extended to Dec. 13th! Visit https://www.regonline.com/InfowarCon2014 to register now! Don't delay, attendance will be strictly limited, and you can SAVE ALMOST 50% by registering before December 13th!! InfowarCon 2014 will feature some of the finest interdisciplinary minds engaging on very important global national security issues. Many conferences choose to avoid these issues, but not us: InfowarCon encourages discussions, and the more controversial, the better! Don't expect to be molly-coddled with the "samo-samo" presentations. At InfowarCon, we engage; we test your limits; we expand your ideas... and in return, we expect that you will actively participate with speakers, sponsors, and colleagues from around the world. InfowarCon 2014 Speakers: Winn Schwartau ?? Michelle Markoff ?? Melissa Hathaway ?? Matthew G. Devost ?? Jason Healey ?? Richard Thieme ?? Marcus H. Sachs, PE ?? Eneken Tikk-Ringas ?? Scott Borg ??? Bill Gertz ?? Michael J. Daugherty ?? Paul Coggin ?? Chris Roberts & Renderman ?? Tim Medin & Ed Skoudis ?? Dmitri Alperovitz ?? Michael LeGary ?? Joshua Crumbaugh ?? Travis Hartman & Pete Fortman ?? Lars Nicander & LTC Erik Biverot ?? Lt. Col. (ret.) Timothy L. Thomas ?? Dr. Magnus Ranstop & Fredrik Konnander ?? Jacob Loukkula ?? Dr. Richard Forno ?? Spencer Wilcox ?? Patrick J. Scribner, Ctr. ?? Maj. Gen. (ret.) Charles J. Dunlap, Jr. ?? Georgia Weidman http://infowarcon.com/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 18 17:35:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Nov 2013 18:35:32 -0500 Subject: [Infowarrior] - TSA debuts airport 'exit pods' Message-ID: <1A80DD51-2F83-49AD-8A7B-A825A1B258F8@infowarrior.org> Syracuse airport renovation introduces new 'exit portals' by Alex Dunbar Posted: 10.18.2013 at 12:25 PMUpdated: 10.18.2013 at 5:50 PM http://www.cnycentral.com/news/story.aspx?id=960396#.Uoqj4Y1YeCO SYRACUSE -- On the way out of Syracuse's airport terminal, the new exits get some strange looks. Paul Trudeau thought they looked like a science fiction intergalactic time machine as he passed though on his way out. "I was expecting to get transported somewhere like on Star Trek. I was like - Yeah! We finally got there!" Others were wondering if it was an X-ray chamber or might fill up with dollar bills like on a on game show "It was odd, I was like - where did they come up with this?" asked Patricia Goodrich. A robotic voice gives instructions to enter the portal and wait for the doors to close behind you. A few seconds later the outer door opens. The new exits are part of the airport's $60 million dollar renovation. The portals are one way. If anyone tries to get back into the secure area, the door automatically locks. "We need to be vigilant and maintain high security protocol at all times. These portals were designed and approved by TSA which is important," said Syracuse Airport Commissioner Christina Callahan. Syracuse is one of the first airports in the country to have the new exit portals. Previously the exits were monitored by police or security guards who stood in the hallway. Callahan says security will respond to any indication of trouble in the portals but not having to staff them round the clock should save money in the long term. "The more cost effective we become, the more attractive we are when the airlines are looking at new markets or increasing service," said Callahan. Syracuse is the first airport in New York to have the exit portals but Callahan says they will likely be showing up around the country very soon. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 19 07:03:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Nov 2013 08:03:27 -0500 Subject: [Infowarrior] - WH Tries to Ban Phone Unlocking, Claims to Support It Message-ID: <1E80C6BA-90E1-47C6-AB40-8B3B2A9A6B6A@infowarrior.org> (not unexpected, given how "transparent" and pro-IP-cartels the TPP talks have been. Still ugly, though. ---rick) Obama?s Secret Attempt to Ban Cellphone Unlocking, While Claiming to Support It By Derek Khanna http://www.slate.com/blogs/future_tense/2013/11/18/tpp_wikileaks_white_house_claims_to_support_cellphone_unlocking_but_treaty.html Last week, WikiLeaks made public a portion of a treaty that the White House has been secretly negotiating with other nations and 600 special interest lobbyists. The draft of the Trans-Pacific Partnership Treaty, which is on intellectual property, shows that HealthCare.gov isn?t the only tech topic on which the Obama administration has some serious explaining to do. The White House claims that it supports copyright reform. It should be in favor of remaking the framework, because today?s copyright system is a mess: It grants protection that is too long (70 years or more), fair use is notoriously unclear and vague, and statutory damage laws create a massive deterrent to lawful creation. Economists and scholars argue that modern copyright, as opposed to constitutional copyright, greatly impedes innovation and content creation. But the TPP, which is being negotiated by 11 countries, would be a step in the completely wrong direction. In its present state, treaty would expand copyright and effectively make real reform impossible. Worse, it would essentially disregard constitutional limitations on copyright and reject pillars like fair use, the first-sale doctrine, and having copyright be for ?limited times.? The worst part: While the White House was publicly proclaiming its support of cellphone unlocking, it was secretly negotiating a treaty that would ban it. Cellphone unlocking is the ability to take a phone and alter its settings so that it can be used on other carriers. Essentially this technology allows a consumer to bring her phone from one carrier to another when her contract expires (if technologies are compatible). In January, following appeals by AT&T/Verizon?s main trade association, the Librarian of Congress issued a ruling making unlocking a felony punishable by five years in prison and a $500,000 fine. This was a terrible idea: Economists and market participants have explained that this ruling would result in reduced competition in the industry, a decimated resale market, and restricted consumer rights. And indeed the impact has been devastating. At the time, I spearheaded an unpaid national campaign to legalize unlocking, which included a White House ?We the People? petition (I wrote a bit about our campaign here). Our petition reached 114,000 signatures, and the White House responded in favor of cellphone unlocking: ?The White House agrees with the 114,000+ of you who believe that consumers should be able to unlock their cell phones. ... It's common sense, crucial for protecting consumer choice, and important for ensuring we continue to have the vibrant, competitive wireless market that delivers innovative products and solid service to meet consumers' needs.? The FCC came out in favor of our petition, as did numerous outside groups such as Freedomworks, Public Knowledge, R Street and the editorial boards of the New York Times and the Washington Examiner. We were unable to find a single group, or Member of Congress, that was in favor of unlocking being a felony. But somehow, while a number of bills were introduced, none passed, and the one that had widespread support, H.R. 1892, never received a hearing or was brought up for a vote. The leaked treaty draft shows that while the White House was championing restoring free market principles to phones, the U.S. proposed that the TPP lock in the process that allowed the Librarian of Congress to rule this technology as illegal through international law. This would make potential reforms like H.R. 1892 impossible.* It should be noted that Canada did submit an amendment proposal that could allow unlocking, but neither the United States nor any other country supported it. But the TPP draft doesn?t stop there. It would ban numerous other technologies that have beneficial uses. In particular, the legislation would ensure that jailbreaking?which is installing a different operating system on your phone, tablet, or e-reader?is illegal. It?s already on precarious ground in the United States, but under TPP it would be illegal in all circumstances. What type of nation would arrest 23 million people for installing a different operating system on their own device? This treaty is still being negotiated, so all of these issues could be addressed in the final text, but so far what has been made public demonstrates a massive and nearly unprecedented power grab by special interests rather than sound public policy considerations. This treaty has long been shrouded in unprecedented secrecy. Congressional staff, press and general public weren?t allowed to read it; in many cases, even members of Congress were kept in the dark. Meanwhile, special interests were given full access. Now we know why: The White House didn?t want the public to know what was being negotiated in their name. Correction, Nov 18, 2013: This blog post originally misstated effect of the U.S. proposal to TPP. < -- > http://www.slate.com/blogs/future_tense/2013/11/18/tpp_wikileaks_white_house_claims_to_support_cellphone_unlocking_but_treaty.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 19 07:07:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Nov 2013 08:07:28 -0500 Subject: [Infowarrior] - =?windows-1252?q?Another_FISC_judge=3A_=93NSA_exc?= =?windows-1252?q?eeded_the_scope_of_authorized_acquisition_continuously?= =?windows-1252?q?=94?= Message-ID: <2AEC48C0-56D1-48C4-8F30-99DE71F8B2C5@infowarrior.org> Judge: ?NSA exceeded the scope of authorized acquisition continuously? New declassifed documents show legal arguments over bulk metadata collection. by Cyrus Farivar - Nov 19 2013, 1:36am EST Yet another Foreign Intelligence Surveillance Court (FISC) judge has blasted United States government and intelligence officials for disregarding the court?s guidelines for domestic surveillance of American e-mail metadata traffic, a program that ran for around a decade before ending in 2011. ?As noted above, [National Security Agency?s] record of compliance with these rules has been poor,? wrote Judge John D. Bates, in a 117-page opinion (PDF) whose date was redacted. The opinion is one of was just one of a series of documents released and declassified late Monday evening by the Office of the Director of National Intelligence (ODNI). ?Most notably, NSA generally disregarded the special rules for disseminating United States person information outside of NSA until it was ordered to report such disseminations and certify to the FISC that the required approval had been approved. The government has provided no meaningful explanation why these violations occurred, but it seems likely that widespread ignorance of the rules was a contributing factor.? The documents, which include annual reports from the Attorney General to Congress, memos, presentations, and training documents, were released in relation to an Electronic Frontier Foundation lawsuit. The second batch was released in September 2013, and the first in August 2013. In total, ODNI says it has now released nearly 2,000 new documents in recent months. ?Release of these documents reflects the Executive Branch?s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States,? James Clapper, the head of the ODNI, wrote on Monday. ?Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215 [of the Patriot Act]. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed.? The Bates opinion is the second of the two most revealing documents in this new tranche. The first, written by FISC Judge Colleen Kollar-Kotelly, responds to a government request that allows the NSA to use pen register and trap and trace devices (?pen/trap devices?) as a way to access metadata on electronic communication. She granted approval for the bulk surveillance, but laid out specific guidelines. The subsequent second FISC opinion, authored by Judge Bates, is in response to a government request that aimed to expand the metadata collection program by ?11-24 times.? Bates slams the government for not adhering to its guidelines, but ?reluctantly? allows them to continue, citing deference to the Executive Branch (and intelligence agencies, like the NSA, whose powers are granted through the Reagan-era Executive Order 12333). In the opinion, Judge Bates appears unwilling or unable to meaningfully punish any government officials despite clear violations of the court?s prior orders. ?I see a lot of similarities between the Bates opinion and the Walton opinion,? Mark Rumold, a staff attorney at the Electronic Frontier Foundation, told Ars. Rumold was referring to a 2009 opinion by FISC Judge Reggie Walton, who equally lambasted the government. ?It?s essentially the same thing, FISC taking NSA and [the Department of Justice] to task for violating their orders, for accessing more information than they were allowed to access under the orders and laying out under the ways that they had violated the court?s orders, [but then] letting them continue,? Rumold added. ?The executive branch has pushed the judiciary so far and hopefully now we?re at that tipping point that the judiciary is comfortable with and they?ll start pushing back on executive misrepresentations.? Not your father's pen/trap application The Kollar-Kotelly opinion (PDF) describes her response to a government application that ?seeks authority for a much broader type of collection than other pen register/trap and trace applications,? compared to what had previously been done before. As we?ve reported in the past, pen/trap devices are a type of legal order that has recently skyrocketed in use in the US. Originally designed to apply to telephone companies, they are now being increasingly applied to tech companies as a way to capture user metadata, too. Of the total number of American law enforcement orders that it received in six months, Google said recently that 2 percent of those were pen/trap orders. Applied to a Google user, for example, a pen register would likely record who that user was sending e-mail to. A corresponding ?trap and trace order? would likely include metadata from e-mails received, likely including date, time, IP address, and other routing information. It could also include attachments, and perhaps even?if broadly interpreted enough?anything but the actual content of an e-mail. Secure e-mail service Lavabit recently received such an order prior to its shutdown. In the Monday night Tumblr post, the ODNI defined this program this way: < - BIG SNIP AND MORE - > http://arstechnica.com/tech-policy/2013/11/judge-nsa-exceeded-the-scope-of-authorized-acquisition-continuously/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 19 08:01:30 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Nov 2013 09:01:30 -0500 Subject: [Infowarrior] - OT: Stupid Things Finance People Say Message-ID: <750A957E-843F-4F13-BF70-2C41CD042F3A@infowarrior.org> Stupid Things Finance People Say By Morgan Housel November 14, 2013 My job requires reading a lot of financial news. It's one of my favorite parts. But it gives me a front-row seat to the downside of financial journalism: gibberish, nonsense, garbage, and drivel. And let me tell you, there's a lot of it. Here are a few stupid things I hear a lot. "They don't have any debt except for a mortgage and student loans." OK. And I'm vegan except for bacon-wrapped steak. "Earnings were positive before one-time charges." This is Wall Street's equivalent of, "Other than that Mrs. Lincoln, how was the play?" "Earnings missed estimates." No. Earnings don't miss estimates; estimates miss earnings. No one ever says "the weather missed estimates." They blame the weatherman for getting it wrong. Finance is the only industry where people blame their poor forecasting skills on reality. < - more sad-but-true snark well-worth-reading at the link below - > http://www.fool.com/investing/general/2013/11/14/stupid-things-finance-people-say.aspx --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 19 15:33:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Nov 2013 16:33:36 -0500 Subject: [Infowarrior] - Feds: Even Though We've Been Ordered To Reveal Secret Interpretation Of The PATRIOT Act, We're Not Going To Do That Message-ID: Feds: Even Though We've Been Ordered To Reveal Secret Interpretation Of The PATRIOT Act, We're Not Going To Do That from the secret-laws! dept http://www.techdirt.com/articles/20131119/09272825290/feds-even-though-weve-been-ordered-to-reveal-secret-interpretation-patriot-act-were-not-going-to-do-that.shtml You may recall that, back in early September, the FISA Court (FISC) agreed that its various rulings that secretly interpreted Section 215 of the PATRIOT Act to mean something entirely different than any plain language reading of the law implies should be declassified. Here's what the court said at the time: "The unauthorized disclosure in June 2013 of a Section 215 order, and government statements in response to that disclosure, have engendered considerable public interest and debate about Section 215. Publication of FISC opinions relating to this provision would contribute to an informed debate. Congressional amici emphasize the value of public information and debate in representing their constituents and discharging their legislative responsibilities. Publication would also assure citizens of the integrity of this Court's proceedings. In addition, publication with only limited redactions may now be feasible, given the extent of the government's recent public disclosures about how Section 215 is implemented. Indeed, the government advises that a declassification review process is already underway. " In view of these circumstances, and as an exercise of discretion, the Court has determined that it is appropriate to take steps toward publication of any Section 215 Opinions that are not subject to the ongoing FOIA litigation, without reaching the merits of the asserted right of public access under the First Amendment. It then instructed the DOJ to figure out what to redact, so it could be declassified and released. Except... the DOJ instead fought that order, and while it did find some documents that meet the criteria -- namely a ruling from February of this year -- the DOJ is now telling the FISA Court that despite the order, it would really prefer to keep that interpretation of the law a complete secret. Actually, it goes further than that. It doesn't ask for permission to keep it secret, it just says that it cannot reveal the interpretation. "After careful review of the Opinion by senior intelligence officials and the U.S. Department of Justice, the Executive Branch has determined that the Opinion should be withheld in full and a public version of the Opinion cannot be provided." Got that? This secret court interpretation of a law that we all live under, which the court itself has ordered to be revealed, is unlikely to be revealed because the intelligence community really, really doesn't want it revealed. Again, this is not about so-called "sources and methods." This is entirely about understanding how a US court interprets a US law. But that interpretation is secret, meaning that the law itself is secret, and apparently the executive branch of the federal government is going to fight to keep it that way. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 20 06:58:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Nov 2013 07:58:52 -0500 Subject: [Infowarrior] - =?windows-1252?q?TPP=3A_Obama=92s_Secrecy_Is_Hurt?= =?windows-1252?q?ing_Free-Trade_Talks?= Message-ID: <48E1E9AA-2AC1-4D8E-95A2-CD46B99F962C@infowarrior.org> Bloomberg Obama?s Secrecy Is Hurting Free-Trade Talks By the Editors Nov 18, 2013 5:42 PM ET http://www.bloomberg.com/news/2013-11-18/obama-s-secrecy-is-hurting-free-trade-talks.html Negotiators meeting this week to put the final touches on what would be the biggest free-trade deal in U.S. history must be wondering if their American hosts are helping or hurting the cause. The talks concern the Trans-Pacific Partnership, a trade agreement linking several economies -- those of the U.S., Japan, Malaysia, Vietnam and eight other Pacific Rim countries -- whose output exceeds $28 trillion. Along with an even bigger trade deal under way with the European Union, the TPP would create tens of thousands of new jobs in the U.S. and help spur growth in the global economy. Not incidentally, it could also provide a much-needed salve to a wounded White House. But both pacts could founder for some of the same reasons President Barack Obama?s health-care law is in trouble: the administration?s penchant for secrecy and a reluctance to consult lawmakers. The president risks losing both deals unless members of Congress are allowed to help define their contents. Michael Froman, the U.S. trade representative, calls this week?s meeting in Salt Lake City ?the endgame? for the TPP, which has been three years in the making. Yet even lawmakers who sit on committees with jurisdiction over trade complain about being in the dark. Some have been allowed to view portions of drafts of the text, but never the entire thing. The information blackout has led 151 Democrats and 30 Republicans to oppose giving Obama the fast-track authority he seeks to ratify the trade deals. That?s a problem. No major trade agreement has been clinched without fast-track legislation, which expired in 2007. It?s a powerful tool that lets the president assure trading partners that what the U.S. has agreed to won?t be undone by lawmakers who dislike some of the parts. Congress gets an up-or-down vote, but it doesn?t get to amend the proposed treaty. In return for giving up its prerogatives, however, Congress deserves to be clued in. It should play a role in refining the deal?s components, which cover everything from pharmaceutical patents to new rules for the Internet. In short, fast-track authority must be earned. So far, Obama hasn?t done that. The lack of openness was apparent last week when Wikileaks released a draft of the TPP?s intellectual property chapter, complete with the negotiating positions of all 12 countries. One surprise: The U.S. wants to give brand-name drugs more than 20 years of protection against generic competition, potentially raising the cost of treating HIV/AIDS, malaria and other diseases in low-income countries and alarming some public-health advocates. The U.S. also wants the signatories to allow patents for surgical procedures, life forms and seeds, possibly raising the cost of food and health care in developing countries. And it wants to extend copyright terms to the life of the author plus 70 years (95 years for corporate-owned works). The leak also revealed that the U.S. wants tougher legal measures so it can pursue hackers and others who violate digital copyrights. This was the goal of Hollywood?s ill-considered pet legislation, the Stop Online Piracy Act, which was thankfully shelved last year. The administration may cite the controversies such provisions would provoke as a reason for keeping them secret. Yet just because a deal creates tension among competing interests isn?t a license to keep them uninformed. And the U.S. has invited more than 500 corporate advisers to help it negotiate a deal. Corporations and trade groups, however, don?t represent the broader interests of consumers, workers, environmentalists and ? oh, yes, taxpayers. Theoretically at least, representing them is Congress?s rightful role. Keeping it in the dark feeds the perception that the TPP is a special-interest free-for-all. More trade is, in general, a good thing. It can lead to better-paying jobs and faster-growing economies. At the same time, free-trade deals can result in job losses and pay cuts among blue-collar workers. Today?s trade deals, moreover, aren?t just about eliminating quotas and tariffs. Environmental regulations, food safety, public health and worker rights all get wrapped up in modern trade talks, which are as much about shaping global rules of competition as about prying open markets. The TPP and the EU treaties will have more legitimacy, and the odds of Obama getting fast-track authority will grow, if more transparency leads to more debate. Voters and taxpayers shouldn?t have to rely on leaks to find out what?s in a trade treaty. To contact the Bloomberg View editorial board: view at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 20 09:10:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Nov 2013 10:10:13 -0500 Subject: [Infowarrior] - Technology Outpacing Policymakers, Needs Of NSA Message-ID: Technology Outpacing Policymakers, Needs Of NSA by Tom Gjelten November 19, 2013 2:54 AM http://www.npr.org/blogs/alltechconsidered/2013/11/19/246049281/technology-outpacing-policymakers-needs-of-nsa The controversy over the National Security Agency's surveillance programs has exposed a problem in the oversight of those programs: The development of the relevant technology has outpaced the laws and policies that govern its use. "The technology is moving very fast," says Joel Brenner, a former NSA general counsel. "Legislation moves very slowly. Policy moves pretty slowly. The people who write policy don't always understand technology, and the people who write legislation almost never understand technology. And so in an era when the technology is moving quickly, it's really hard for the policy to keep up with it." Examples of that mismatch arise from the NSA's main responsibility, which is to gather signal intelligence. Since the Sept. 11 attacks, its paramount mission has been to listen in when terrorists communicate. Anne Neuberger, a special assistant to NSA Director Keith Alexander, says the challenge can be summed up in a single sentence: "Our duty," she says, "requires us to attempt to collect terrorist communications wherever they traverse global infrastructure." A key word there is "wherever." If a terrorist is using a particular communications system the NSA will go there to intercept it, even if means breaking an encrypted communication. Inevitably, this can raise privacy concerns. "If the NSA wants to collect the emails or phone calls of a terrorist or a foreign diplomat, that target is probably using ... a BlackBerry or an iPhone," Brenner says. "That means that in order to collect that person's communication, the NSA has to be able to break the encryption that you or I might use." And there may be no way around that fact, says Neuberger, whose job at the NSA is to work with the private tech companies that carry those communications. "We'd love to magically segregate bad guys' 'comms,' as we call them, and good guys' 'comms,' " she says. "You can't technically do it. They're intermixed. Communications are fundamentally intermixed today." Privacy Versus Security If the NSA is going to intercept terrorist communications, it has to be capable of intercepting everyone's communications. This raises a conflict between ensuring privacy and ensuring national security. It's one of the problems that need to be sorted out as the country considers new surveillance rules. Another conflict arises from NSA's efforts to break into the computer systems that foreign intelligence targets may use. To do that, NSA technicians may look for a software flaw in that computer system; a flaw, for example, in some commercial product used in that system. It's called a "vulnerability," and the NSA can take advantage of it to penetrate the system. Christopher Soghoian, a technologist at the American Civil Liberties Union, says NSA officials therefore have an interest in not telling the commercial provider of that software about any flaw they find in the product. "When they learn about those vulnerabilities, they have to sit on them and exploit them rather than telling Microsoft or Google or Apple or Facebook," Soghoian says. In Soghoian's view, this means another conflict between the government's interest in ensuring the security of our networks against cyberattacks and the government's interest in being able to go into those networks to gather intelligence. "If cybersecurity is, in fact, a big threat, then our government should be doing everything in its power to make sure that systems are as safe and secure as possible against all adversaries," Soghoian argues. "But what we've learned is that the NSA is willing to weaken the security of systems and software used by U.S. companies because it gives them an edge in surveillance." 'Defense Wins' NSA officials insist that whatever they're doing with U.S. companies is within the law. And Neuberger says her boss, Alexander, says protecting U.S. computer systems is the priority. "Gen. Alexander has given clear guidance," she says. "Defense wins." But there is a tension. Right now, the agency with the cybersecurity mission ? the U.S. military's Cyber Command ? is co-located with the NSA. Alexander oversees both agencies. The NSA surveillance controversy has raised the question of whether the two should be separate. It's one of the many surveillance issues currently under debate by policymakers and legislators. President Obama himself has welcomed the debate. In a recent interview with NBC News, Obama said the NSA's technology, budget and capacity have "outstripped the constraints. And we've got to rebuild those." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 20 20:16:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Nov 2013 21:16:44 -0500 Subject: [Infowarrior] - Google to Unveil the Google Wallet Debit Card Message-ID: Google to Unveil the Google Wallet Debit Card November 20, 2013 at 11:19 am PT http://allthingsd.com/20131120/google-to-unveil-the-google-wallet-debit-card It?s not the Google payments card that has long been planned, but Google is set to announce today that it is releasing a Google Wallet debit card that allows people to pay at stores that accept Mastercard using their Google Wallet balance. Cardholders will also be able to withdraw cash from their Wallet account using ATMs. With the card, Google isn?t going for mass adoption; instead, the card is expected to mainly appeal to a subset of Google Wallet users who have had money transferred to them from another Google Wallet user and don?t want to wait a couple of days for the money to appear in their bank account. Once money lands in someone?s Google Wallet account, it will connect with the debit card almost instantly. To some people, that instant access to money will now make Google Wallet?s peer-to-peer payments service more attractive than Square Cash, which takes one or two days to deposit funds. In a blog post, Google said there are no monthly or annual fees associated with the card. Google has come very close to launching a plastic card in the recent past. In May, my colleague Liz Gannes reported that the company had shelved the launch of a physical card shortly before what some partners were expecting to be a demo of the product at the I/O developer conference. The pullback also coincided with the departure of Google Wallet boss Osama Bedier. But, last month, Google commerce chief Sridhar Ramaswamy hinted in an interview with AllThingsD that another card product might be in the pipeline. ?Things like prepaid-card programs are pretty standard,? he said at the time. ?So, there?s nothing, in theory, wrong with something like that. We?re thinking about it; I would not say it has been ruled out. But we have to make sure that we create the right consumer experience. It has to work overall with Wallet, and we have to look at it and have it make sense.? The card is operational only in the U.S. and can be ordered for free from the Android Google Wallet app or from a Google Wallet account page. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 21 07:54:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Nov 2013 08:54:39 -0500 Subject: [Infowarrior] - Exclusive: Inside America's Plan to Kill Online Privacy Rights Everywhere Message-ID: <72636FBC-BB0D-4547-9B9A-6C2667AEFF55@infowarrior.org> Exclusive: Inside America's Plan to Kill Online Privacy Rights Everywhere http://thecable.foreignpolicy.com/posts/2013/11/20/exclusive_inside_americas_plan_to_kill_online_privacy_rights_everywhere The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable. The diplomatic battle is playing out in an obscure U.N. General Assembly committee that is considering a proposal by Brazil and Germany to place constraints on unchecked internet surveillance by the National Security Agency and other foreign intelligence services. American representatives have made it clear that they won't tolerate such checks on their global surveillance network. The stakes are high, particularly in Washington -- which is seeking to contain an international backlash against NSA spying -- and in Brasilia, where Brazilian President Dilma Roussef is personally involved in monitoring the U.N. negotiations. The Brazilian and German initiative seeks to apply the right to privacy, which is enshrined in the International Covenant on Civil and Political Rights (ICCPR), to online communications. Their proposal, first revealed by The Cable, affirms a "right to privacy that is not to be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence." It notes that while public safety may "justify the gathering and protection of certain sensitive information," nations "must ensure full compliance" with international human rights laws. A final version the text is scheduled to be presented to U.N. members on Wednesday evening and the resolution is expected to be adopted next week. A draft of the resolution, which was obtained by The Cable, calls on states to "to respect and protect the right to privacy," asserting that the "same rights that people have offline must also be protected online, including the right to privacy." It also requests the U.N. high commissioner for human rights, Navi Pillay, present the U.N. General Assembly next year with a report on the protection and promotion of the right to privacy, a provision that will ensure the issue remains on the front burner. Publicly, U.S. representatives say they're open to an affirmation of privacy rights. "The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights," Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. "We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations." But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that "extraterritorial surveillance" and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage. In recent days, the United States circulated to its allies a confidential paperhighlighting American objectives in the negotiations, "Right to Privacy in the Digital Age -- U.S. Redlines." It calls for changing the Brazilian and German text so "that references to privacy rights are referring explicitly to States' obligations under ICCPR and remove suggestion that such obligations apply extraterritorially." In other words: America wants to make sure it preserves the right to spy overseas. The U.S. paper also calls on governments to promote amendments that would weaken Brazil's and Germany's contention that some "highly intrusive" acts of online espionage may constitute a violation of freedom of expression. Instead, the United States wants to limit the focus to illegal surveillance -- which the American government claims it never, ever does. Collecting information on tens of millions of people around the world is perfectly acceptable, the Obama administration has repeatedly said. It's authorized by U.S. statute, overseen by Congress, and approved by American courts. "Recall that the USG's [U.S. government's] collection activities that have been disclosed are lawful collections done in a manner protective of privacy rights," the paper states. "So a paragraph expressing concern about illegal surveillance is one with which we would agree." The privacy resolution, like most General Assembly decisions, is neither legally binding nor enforceable by any international court. But international lawyers say it is important because it creates the basis for an international consensus -- referred to as "soft law" -- that over time will make it harder and harder for the United States to argue that its mass collection of foreigners' data is lawful and in conformity with human rights norms. "They want to be able to say ?we haven't broken the law, we're not breaking the law, and we won't break the law,'" said Dinah PoKempner, the general counsel for Human Rights Watch, who has been tracking the negotiations. The United States, she added, wants to be able to maintain that "we have the freedom to scoop up anything we want through the massive surveillance of foreigners because we have no legal obligations." The United States negotiators have been pressing their case behind the scenes, raising concerns that the assertion of extraterritorial human rights could constrain America's effort to go after international terrorists. But Washington has remained relatively muted about their concerns in the U.N. negotiating sessions. According to one diplomat, "the United States has been very much in the backseat," leaving it to its allies, Australia, Britain, and Canada, to take the lead. There is no extraterritorial obligation on states "to comply with human rights," explained one diplomat who supports the U.S. position. "The obligation is on states to uphold the human rights of citizens within their territory and areas of their jurisdictions." The position, according to Jamil Dakwar, the director of the American Civil Liberties Union's Human Rights Program, has little international backing. The International Court of Justice, the U.N. Human Rights Committee, and the European Court have all asserted that states do have an obligation to comply with human rights laws beyond their own borders, he noted. "Governments do have obligation beyond their territories," said Dakwar, particularly in situations, like the Guantanamo Bay detention center, where the United States exercises "effective control" over the lives of the detainees. Both PoKempner and Dakwar suggested that courts may also judge that the U.S. dominance of the Internet places special legal obligations on it to ensure the protection of users' human rights. "It's clear that when the United States is conducting surveillance, these decisions and operations start in the United States, the servers are at NSA headquarters, and the capabilities are mainly in the United States," he said. "To argue that they have no human rights obligations overseas is dangerous because it sends a message that there is void in terms of human rights protection outside countries territory. It's going back to the idea that you can create a legal black hole where there is no applicable law." There were signs emerging on Wednesday that America may have been making ground in pressing the Brazilians and Germans to back on one of its toughest provisions. In an effort to address the concerns of the U.S. and its allies, Brazil and Germany agreed to soften the language suggesting that mass surveillance may constitute a violation of human rights. Instead, it simply deep "concern at the negative impact" that extraterritorial surveillance "may have on the exercise of and enjoyment of human rights." The U.S., however, has not yet indicated it would support the revised proposal. The concession "is regrettable. But it?s not the end of the battle by any means," said Human Rights Watch?s PoKempner. She added that there will soon be another opportunity to corral America's spies: a U.N. discussion on possible human rights violations as a result of extraterritorial surveillance will soon be taken up by the U.N. High commissioner. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 21 08:06:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Nov 2013 09:06:38 -0500 Subject: [Infowarrior] - USG looks to scrub security clearance list Message-ID: <38435BFA-596A-4378-A421-65DC59BE36E9@infowarrior.org> Obama administration looks to scrub security clearance list By: Josh Gerstein November 21, 2013 08:48 AM EST http://dyn.politico.com/printstory.cfm?uuid=B01821A6-6A94-450B-9606-D7D129C935A7 The Obama administration has ordered a government-wide reassessment of how almost 5 million Americans have been granted classified information security clearances and whether each person currently approved to see sensitive national security secrets truly has a need for such access. Reeling from National Security Agency contractor Edward Snowden?s leaks of top-secret surveillance programs and mentally computer contractor Aaron Alexis?s deadly shooting rampage at the Washington Navy Yard, the intelligence community is coming to the conclusion that the sheer number of personnel with clearances is making the government and the country as a whole vulnerable to a slew of dangers. In a directive obtained by POLITICO, Director of National Intelligence James Clapper questioned the booming rolls of security-clearance holders. At last count, more than 4.9 million people held clearances, of whom over 1.4 million were cleared for access at the ?Top Secret? level. ?I write to express my concern about threats to national security resulting from the increasing number of people with eligibility for access to classified national security information, particularly Top Secret (TS) and Top Secret/Secure Compartmented Information (TS/SCI),? Clapper wrote in a three-page memo, dated Oct. 31 and cited at a Senate hearing Wednesday. Clapper asked agencies to perform a top-to-bottom scrub of the teeming rolls of people authorized to access classified information and to remove anyone deemed not to have a so-called need to know. The memo itself does not set a deadline for the government-wide clearance review, but an aide to Clapper told a Senate Homeland Security and Government Affairs subcommittee that agencies have until the end of January to complete the process. The new order may not have much immediate effect on the number of people with security clearances. That?s because individuals retain their clearances for a period of time even after they leave their jobs or are deemed to no longer require access to classified information. ?I ask that agency heads? conduct a comprehensive review validating that each government employee or contractor who has been granted a security clearance continues to require such eligibility for access to classified national security information in support of their current position or your agency?s mission,? Clapper wrote. ?Agencies should debrief all government and contractor personnel who no longer require such access and update the appropriate national security database or repository.? Clapper?s directive indicates that the Obama administration has not only begun to view the huge number of clearances as a security risk, but a serious budgetary stress. The federal government spends about $1 billion a year on background checks, according to the Government Accountability Office. Under government rules, employees and contractors with top secret clearances are supposed to have their backgrounds re-checked at least every five years and people with secret clearances are supposed to undergo such reviews at least every ten years. Due to budget issues, that simply isn?t happening, Clapper acknowledges. ?As a result of budget shortfalls and the impacts of sequestration, several agencies temporarily suspended the initiation of periodic reinvestigations,? he wrote. ?Such actions foster counterintelligence and national security risk.? The bulk of Clapper?s memo is devoted to encouraging agencies to prioritize such reviews to address the most likely and most significant potential threats. The priority list he lays out clearly appears to have been influenced by the case of Snowden, who served as a computer technician and systems administrator for contractor Booz Allen Hamilton at a National Security Agency facility in Hawaii. Officials have said Snowden used his administrator privileges to obtain many of the thousands of sensitive documents he allegedly copied. Others he reportedly obtained by using his tech support role to convince NSA colleagues to share their passwords. Included on Clapper?s list of ?highest-risk? groups worthy of frequent reinvestigation: ?Privileged Users, or other information technology specialists involved with information sharing activities.? The category includes ?Data Transfer Officers, System Administrators (Sys Admins) with unlimited access, Sys Admins who can access more than a local system, or Sys Admins with localized permissions.? At Wednesday?s hearing, Sen. Jon Tester (D-Mont.) suggested the number of Americans with security clearances has grown far too large. ?I don?t know about you, but 5 million seems like a heck of a lot of folks to have security clearance. And 1.4 million top-secret security clearances seems like a pile,? Tester said. ?That?s more than live in the state of Montana by about 40 percent.? Initially, ODNI official Brian Prioletti defended the system that has delivered a security clearance to roughly one in every 61 Americans. ?Are we making sure security clearance[s] are going to those who absolutely need that access to that information to be able to do their jobs?? Tester asked. ?Yes, sir. I believe they are ? because they are continually reviewed and revisited to determine, to ensure that they are meeting today?s environment in which we work,? said Prioletti, an assistant director in ODNI?s Office of the National Counterintelligence Executive. However, near the end of the hearing, Prioletti spoke up to acknowledge that the roster of those with clearances might be getting a little overgrown. ?We?re very sensitive to what you say about that number?. 5 million of anything is a lot,? he said, later mentioning Clapper?s directive triggering the government-wide review. Earlier in the session, a GAO official said her organization recommended to ODNI more than a year ago that agencies be required to conduct reviews of who has access to classified information on a periodic basis. ?We still believe this needs to be done,? GAO?s Brenda Farrell said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 21 17:05:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Nov 2013 18:05:09 -0500 Subject: [Infowarrior] - Former NSA Lawer Stewart Baker: FISA Minimization Policies Are To Blame For 9/11 Attacks Message-ID: <330208F9-1BF5-48C5-BDBD-6F279451A23B@infowarrior.org> Former NSA Lawer Stewart Baker: FISA Minimization Policies Are To Blame For 9/11 Attacks from the next-up:-opinion-blogs-to-blame-for-9/11-attacks! dept Stewart Baker, former DHS official and NSA counsel, has plenty of blame to spread around for the 9/11 attacks. None of it seems to lay at the feet of the terrorists who performed the attacks, however. He's entertained various theories over the past few months as he's defended the actions of the NSA, TSA and various other government agencies. Most egregiously, Baker claimed civil liberties activists were to blame for the 9/11 attacks because their concern over warrantless wiretap programs somehow made the FISA court so defensive it wouldn't let the FBI pursue terrorists it knew were currently in the country. Baker expounds on this further in his post criticizing the NSA-targeting Leahy-Sensenbrenner bill, making the argument that FISA minimization policies prevent < - > http://www.techdirt.com/articles/20131121/10485625324/former-nsa-lawer-stewart-baker-fisa-minimization-policies-are-to-blame-911-attacks.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 22 08:26:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Nov 2013 09:26:50 -0500 Subject: [Infowarrior] - =?windows-1252?q?WashTimes_sues_DHS_over_seizure_?= =?windows-1252?q?of_reporter=92s_notes?= Message-ID: Washington Times sues Homeland over seizure of reporter?s notes Newspaper accuses feds of unlawful search and seizure By Kellan Howell The Washington Times Thursday, November 21, 2013 http://www.washingtontimes.com/news/2013/nov/21/washington-times-sues-homeland-over-seizure-report/print/ The Washington Times and one of its former journalists on Thursday sued the Department of Homeland Security, accusing federal agents of illegally seizing the newspaper's reporting materials during the execution of a search warrant in an unrelated case. In a motion filed in federal court in Greenbelt, The Times and reporter Audrey Hudson asked a judge to force the federal agency to return all reporting files and documents it seized from Ms. Hudson's home office during a raid in early August. The newspaper alleged that federal agents accompanying Maryland State Police on the raid took materials from Ms. Hudson's office that were not covered by the search warrant that authorized the collection solely of evidence about guns and a potato launcher allegedly possessed by her husband, Paul Flanagan. The seized materials included documents the newspaper had obtained under the Freedom of Information Act as well as notes and memos that identified confidential sources from a series of investigative stories that exposed problems inside the Homeland Security Department's Federal Air Marshal Service. The seizure violated Ms. Hudson's and the newspaper's constitutional rights, the court filing argued. The filing asks a federal judge to order the return of "property that has been unlawfully seized ... in violation of the Fourth and First Amendments to the Constitution of the United States." The newspaper also asked for permission to take testimony from an agent for Homeland Security's Coast Guard Investigative Service who attended the raid and was involved in collecting the reporter's materials to determine how widely information from the newspaper's documents was distributed within the government. The newspaper has "substantial reason to believe that the information contained in the five file folders seized from Hudson's home office has been disseminated to or within" multiple federal agencies, the court filing said. Homeland Security officials declined Thursday night to comment about the legal case. The newspaper's motion told the court that the government had ample reason to know it was taking First Amendment protected materials not covered by the search warrant, noting that one of the federal agents on the raid specifically asked Ms. Hudson whether she was the reporter who wrote the stories about the Air Marshal Service. The court filing also stressed how sensitive information in Ms. Hudson's seized files were, noting that they contained information directly from confidential sources and included "a memorandum from Hudson to an editor at The Washington Times outlining Hudson's concern that some of her confidential sources were being retaliated against" by Homeland Security. "There was no basis for the law enforcement officers to open and inspect the file folders during the search, much less to seize the contents," the newspaper argued. Ms. Hudson's home was raided by Maryland State Police at 4:30 a.m. on Aug. 6. The investigators, including Miguel Bosch, a federal agent with the Homeland Security's Coast Guard Investigative Service, had a warrant to search for unregistered firearms and a potato launcher belonging to Ms. Hudson's husband. To date, Mr. Flanagan has not been charged with any wrongdoing in the case. The warrant did not give investigators permission to seize personal records and documents unrelated to the firearms investigation, the newspaper's court filing argued. An evidence log from Maryland State Police shows that on Sept. 3, the documents were removed from the evidence holding room by a federal agent and returned an hour later, but the log gives no record of what was done with the documents and why they were removed. The legal filing recounts how Ms. Hudson told The Times that Mr. Bosch, who had worked for the Federal Air Marshal Service, specifically asked her whether she was the same "Audrey Hudson" who wrote "the air marshal stories" for The Washington Times. In March 2005, Ms. Hudson authored a series of articles for The Times that were critical of the Homeland Security Department, the Transportation Security Administration and the Federal Air Marshal Service. Her report detailed how air marshals were protecting less than 10 percent of flights during the month of December 2004. The information published by The Times led to a congressional investigation of the Federal Air Marshal Service. From 2005 to 2009, Ms. Hudson wrote several more investigative reports on operational deficiencies within the Federal Air Marshal Service, the TSA and the Department of Homeland Security. ? Copyright 2013 The Washington Times, LLC. Click here for reprint permission. Read more: http://www.washingtontimes.com/news/2013/nov/21/washington-times-sues-homeland-over-seizure-report/#ixzz2lNuDwDdV Follow us: @washtimes on Twitter --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 22 23:07:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Nov 2013 00:07:54 -0500 Subject: [Infowarrior] - N.S.A. Report Outlined Goals for More Power Message-ID: <10A7307C-1014-4981-9190-8E13B8CBB504@infowarrior.org> November 22, 2013 N.S.A. Report Outlined Goals for More Power By JAMES RISEN and LAURA POITRAS http://www.nytimes.com/2013/11/23/us/politics/nsa-report-outlined-goals-for-more-power.html WASHINGTON ? Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document. In a February 2012 paper laying out the four-year strategy for the N.S.A.?s signals intelligence operations, which include the agency?s eavesdropping and communications data collection around the world, agency officials set an objective to ?aggressively pursue legal authorities and a policy framework mapped more fully to the information age.? Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the N.S.A. to conduct broad surveillance in what it cited as ?the golden age of Sigint,? or signals intelligence. ?The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on N.S.A.?s mission,? the document concluded. Using sweeping language, the paper also outlined some of the agency?s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from ?anyone, anytime, anywhere.? The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing ?the global commercial encryption market through commercial relationships,? human spies and intelligence partners in other countries. It also talked of the need to ?revolutionize? analysis of its vast collections of data to ?radically increase operational impact.? The strategy document, provided by the former N.S.A. contractor Edward J. Snowden, was written at a time when the agency was at the peak of its powers and the scope of its surveillance operations was still secret. Since then, Mr. Snowden?s revelations have changed the political landscape. Prompted by a public outcry over the N.S.A.?s domestic operations, the agency?s critics in Congress have been pushing to limit, rather than expand, its ability to routinely collect the phone and email records of millions of Americans, while foreign leaders have protested reports of virtually unlimited N.S.A. surveillance overseas, even in allied nations. Several inquiries are underway in Washington; Gen. Keith B. Alexander, the N.S.A.?s longest-serving director, has announced plans to retire; and the White House has offered proposals to disclose more information about the agency?s domestic surveillance activities. The N.S.A. document, titled ?Sigint Strategy 2012-2016,? does not make clear what legal or policy changes the agency might seek. The N.S.A.?s powers are determined variously by Congress, executive orders and the nation?s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency?s ?culture of compliance? would not be compromised, N.S.A. officials argued that they needed more flexibility, according to the paper. Senior intelligence officials, responding to questions about the document, said that the N.S.A. believed that legal impediments limited its ability to conduct surveillance of terrorism suspects inside the United States. Despite an overhaul of national security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the United States, the agency has to stop monitoring him until it obtains a warrant from the Foreign Intelligence Surveillance Court. ?N.S.A.?s Sigint strategy is designed to guide investments in future capabilities and close gaps in current capabilities,? the agency said in a statement. ?In an ever-changing technology and telecommunications environment, N.S.A. tries to get in front of issues to better fulfill the foreign-intelligence requirements of the U.S. government.? Critics, including some congressional leaders, say that the role of N.S.A. surveillance in thwarting terrorist attacks ? often cited by the agency to justify expanded powers ? has been exaggerated. In response to the controversy about its activities after Mr. Snowden?s disclosures, agency officials claimed that the N.S.A.?s sweeping domestic surveillance programs had helped in 54 ?terrorist-related activities.? But under growing scrutiny, congressional staff members and other critics say that the use of such figures by defenders of the agency has drastically overstated the value of the domestic surveillance programs in counterterrorism. Agency leaders believe that the N.S.A. has never enjoyed such a target-rich environment as it does now because of the global explosion of digital information ? and they want to make certain that they can dominate ?the Sigint battle space? in the future, the document said. To be ?optimally effective,? the paper said, ?legal, policy and process authorities must be as adaptive and dynamic as the technological and operational advances we seek to exploit.? Intent on unlocking the secrets of adversaries, the paper underscores the agency?s long-term goal of being able to collect virtually everything available in the digital world. To achieve that objective, the paper suggests that the N.S.A. plans to gain greater access, in a variety of ways, to the infrastructure of the world?s telecommunications networks. Reports based on other documents previously leaked by Mr. Snowden showed that the N.S.A. has infiltrated the cable links to Google and Yahoo data centers around the world, leading to protests from company executives and a growing backlash against the N.S.A. in Silicon Valley. Yet the paper also shows how the agency believes it can influence and shape trends in high-tech industries in other ways to suit its needs. One of the agency?s goals is to ?continue to invest in the industrial base and drive the state of the art for high performance computing to maintain pre-eminent cryptanalytic capability for the nation.? The paper added that the N.S.A. must seek to ?identify new access, collection and exploitation methods by leveraging global business trends in data and communications services.? And it wants to find ways to combine all of its technical tools to enhance its surveillance powers. The N.S.A. will seek to integrate its ?capabilities to reach previously inaccessible targets in support of exploitation, cyberdefense and cyberoperations,? the paper stated. The agency also intends to improve its access to encrypted communications used by individuals, businesses and foreign governments, the strategy document said. The N.S.A. has already had some success in defeating encryption, The New York Times has reported, but the document makes it clear that countering ?ubiquitous, strong, commercial network encryption? is a top priority. The agency plans to fight back against the rise of encryption through relationships with companies that develop encryption tools and through espionage operations. In other countries, the document said, the N.S.A. must also ?counter indigenous cryptographic programs by targeting their industrial bases with all available Sigint and Humint? ? human intelligence, meaning spies. The document also mentioned a goal of integrating the agency?s eavesdropping and data collection systems into a national network of sensors that interactively ?sense, respond and alert one another at machine speed.? Senior intelligence officials said that the system of sensors is designed to protect the computer networks of the Defense Department, and that the N.S.A. does not use data collected from Americans for the system. One of the agency?s other four-year goals was to ?share bulk data? more broadly to allow for better analysis. While the paper does not explain in detail how widely it would disseminate bulk data within the intelligence community, the proposal raises questions about what safeguards the N.S.A. plans to place on its domestic phone and email data collection programs to protect Americans? privacy. N.S.A. officials have insisted that they have placed tight controls on those programs. In an interview, the senior intelligence officials said that the strategy paper was referring to the agency?s desire to share foreign data more broadly, not phone logs of Americans collected under the Patriot Act. Above all, the strategy paper suggests the N.S.A.?s vast view of its mission: nothing less than to ?dramatically increase mastery of the global network.? Other N.S.A. documents offer hints of how the agency is trying to do just that. One program, code-named Treasure Map, provides what a secret N.S.A. PowerPoint presentation describes as ?a near real-time, interactive map of the global Internet.? According to the undated PowerPoint presentation, disclosed by Mr. Snowden, Treasure Map gives the N.S.A. ?a 300,000 foot view of the Internet.? Relying on Internet routing data, commercial and Sigint information, Treasure Map is a sophisticated tool, one that the PowerPoint presentation describes as a ?massive Internet mapping, analysis and exploration engine.? It collects Wi-Fi network and geolocation data, and between 30 million and 50 million unique Internet provider addresses ? code that can reveal the location and owner of a computer, mobile device or router ? are represented each day on Treasure Map, according to the document. It boasts that the program can map ?any device, anywhere, all the time.? The documents include addresses labeled as based in the ?U.S.,? and because so much Internet traffic flows through the United States, it would be difficult to map much of the world without capturing such addresses. But the intelligence officials said that Treasure Map maps only foreign and Defense Department networks, and is limited by the amount of data available to the agency. There are several billion I.P. addresses on the Internet, the officials said, and Treasure Map cannot map them all. The program is not used for surveillance, they said, but to understand computer networks. The program takes advantage of the capabilities of other secret N.S.A. programs. To support Treasure Map, for example, the document states that another program, called Packaged Goods, tracks the ?traceroutes? through which data flows around the Internet. Through Packaged Goods, the N.S.A. has gained access to ?13 covered servers in unwitting data centers around the globe,? according to the PowerPoint. The document identifies a list of countries where the data centers are located, including Germany, Poland, Denmark, South Africa and Taiwan as well as Russia, China and Singapore. Despite the document?s reference to ?unwitting data centers,? government officials said that the agency does not hack into those centers. Instead, the officials said, the intelligence community secretly uses front companies to lease space on the servers. Despite the N.S.A.?s broad surveillance powers, the strategy paper shows that N.S.A. officials still worry about the agency?s ability to fend off bureaucratic inertia while keeping pace with change. ?To sustain current mission relevance,? the document said, Signals Intelligence Directorate, the N.S.A.?s signals intelligence arm, ?must undertake a profound and revolutionary shift from the mission approach which has served us so well in the decades preceding the onset of the information age.? James Risen reported from Washington, and Laura Poitras from Berlin. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 22 23:15:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Nov 2013 00:15:00 -0500 Subject: [Infowarrior] - Meet the Spies Doing the NSA's Dirty Work Message-ID: <6B7D934B-7DC2-46B2-97E4-F7D29A2BB01F@infowarrior.org> Meet the Spies Doing the NSA's Dirty Work http://www.foreignpolicy.com/articles/2013/11/21/the_obscure_fbi_team_that_does_the_nsa_dirty_work With every fresh leak, the world learns more about the U.S. National Security Agency's massive and controversial surveillance apparatus. Lost in the commotion has been the story of the NSA's indispensable partner in its global spying operations: an obscure, clandestine unit of the Federal Bureau of Investigation that, even for a surveillance agency, keeps a low profile. When the media and members of Congress say the NSA spies on Americans, what they really mean is that the FBI helps the NSA do it, providing a technical and legal infrastructure that permits the NSA, which by law collects foreign intelligence, to operate on U.S. soil. It's the FBI, a domestic U.S. law enforcement agency, that collects digital information from at least nine American technology companies as part of the NSA's Prism system. It was the FBI that petitioned the Foreign Intelligence Surveillance Court to order Verizon Business Network Services, one of the United States' biggest telecom carriers for corporations, to hand over the call records of millions of its customers to the NSA. But the FBI is no mere errand boy for the United States' biggest intelligence agency. It carries out its own signals intelligence operations and is trying to collect huge amounts of email and Internet data from U.S. companies -- an operation that the NSA once conducted, was reprimanded for, and says it abandoned. The heart of the FBI's signals intelligence activities is an obscure organization called the Data Intercept Technology Unit, or DITU (pronounced DEE-too). The handful of news articles that mentioned it prior to revelations of NSA surveillance this summer did so mostly in passing. It has barely been discussed in congressional testimony. An NSA PowerPoint presentation given to journalists by former NSA contractor Edward Snowden hints at DITU's pivotal role in the NSA's Prism system -- it appears as a nondescript box on a flowchart showing how the NSA "task[s]" information to be collected, which is then gathered and delivered by the DITU. But interviews with current and former law enforcement officials, as well as technology industry representatives, reveal that the unit is the FBI's equivalent of the National Security Agency and the primary liaison between the spy agency and many of America's most important technology companies, including Google, Facebook, YouTube, and Apple. The DITU is located in a sprawling compound at Marine Corps Base Quantico in Virginia, home of the FBI's training academy and the bureau's Operational Technology Division, which runs all the FBI's technical intelligence collection, processing, and reporting. Its motto: "Vigilance Through Technology." The DITU is responsible for intercepting telephone calls and emails of terrorists and foreign intelligence targets inside the United States. According to a senior Justice Department official, the NSA could not do its job without the DITU's help. The unit works closely with the "big three" U.S. telecommunications companies -- AT&T, Verizon, and Sprint -- to ensure its ability to intercept the telephone and Internet communications of its domestic targets, as well as the NSA's ability to intercept electronic communications transiting through the United States on fiber-optic cables. For Prism, the DITU maintains the surveillance equipment that captures what the NSA wants from U.S. technology companies, including archived emails, chat-room sessions, social media posts, and Internet phone calls. The unit then transmits that information to the NSA, where it's routed into other parts of the agency for analysis and used in reports. After Prism was disclosed in the Washington Post and the Guardian, some technology company executives claimed they knew nothing about a collection program run by the NSA. And that may have been true. The companies would likely have interacted only with officials from the DITU and others in the FBI and the Justice Department, said sources who have worked with the unit to implement surveillance orders. "The DITU is the main interface with providers on the national security side," said a technology industry representative who has worked with the unit on many occasions. It ensures that phone companies as well as Internet service and email providers are complying with surveillance law and delivering the information that the government has demanded and in the format that it wants. And if companies aren't complying or are experiencing technical difficulties, they can expect a visit from the DITU's technical experts to address the problem. * * * Recently, the DITU has helped construct data-filtering software that the FBI wants telecom carriers and Internet service providers to install on their networks so that the government can collect large volumes of data about emails and Internet traffic. The software, known as a port reader, makes copies of emails as they flow through a network. Then, in practically an instant, the port reader dissects them, removing only the metadata that has been approved by a court. The FBI has built metadata collection systems before. In the late 1990s, it deployed the Carnivore system, which the DITU helped manage, to pull header information out of emails. But the FBI today is after much more than just traditional metadata -- who sent a message and who received it. The FBI wants as many as 13 individual fields of information, according to the industry representative. The data include the route a message took over a network, Internet protocol addresses, and port numbers, which are used to handle different kinds of incoming and outgoing communications. Those last two pieces of information can reveal where a computer is physically located -- perhaps along with its user -- as well as what types of applications and operating system it's running. That information could be useful for government hackers who want to install spyware on a suspect's computer -- a secret task that the DITU also helps carry out. Page 2 of 3 The DITU devised the port reader after law enforcement officials complained that they weren't getting enough information from emails and Internet traffic. The FBI has argued that under the Patriot Act, it has the authority to capture metadata and doesn't need a warrant to get them. Some federal prosecutors have gone to court to compel port reader adoption, the industry representative said. If a company failed to comply with a court order, it could be held in contempt. The FBI's pursuit of Internet metadata bears striking similarities to the NSA's efforts to obtain the same information. After the 9/11 terrorist attacks, the agency began collecting the information under a secret order signed by President George W. Bush. Documents that were declassified Nov. 18 by Barack Obama's administration show that the agency ran afoul of the Foreign Intelligence Surveillance Court after it discovered that the NSA was collecting more metadata than the court had allowed. The NSA abandoned the Internet metadata collection program in 2011, according to administration officials. But the FBI has been moving ahead with its own efforts, collecting more metadata than it has in the past. It's not clear how many companies have installed the port reader, but at least two firms are pushing back, arguing that because it captures an entire email, including content, the government needs a warrant to get the information. The government counters that the emails are only copied for a fraction of a second and that no content is passed along to the government, only metadata. The port reader is designed also to collect information about the size of communications packets and traffic flows, which can help analysts better understand how communications are moving on a network. It's unclear whether this data is considered metadata or content; it appears to fall within a legal gray zone, experts said. * * * The DITU also runs a bespoke surveillance service, devising or building technology capable of intercepting information when the companies can't do it themselves. In the early days of social media, when companies like LinkedIn and Facebook were starting out, the unit worked with companies on a technical solution for capturing information about a specific target without also capturing information related to other people to whom the target was connected, such as comments on posts, shared photographs, and personal data from other people's profiles, according to a technology expert who was involved in the negotiations. The technicians and engineers who work at the DITU have to stay up to date on the latest trends and developments in technology so that the government doesn't find itself unable to tap into a new system. Many DITU employees used to work for the telecom companies that have to implement government surveillance orders, according to the industry representative. "There are a lot of people with inside knowledge about how telecommunications work. It's probably more intellectual property than the carriers are comfortable with the FBI knowing." The DITU has also intervened to ensure that the government maintains uninterrupted access to the latest commercial technology. According to theGuardian, the unit worked with Microsoft to "understand" potential obstacles to surveillance in a new feature of Outlook.com that let users create email aliases. At the time, the NSA wanted to make sure that it could circumvent Microsoft's encryption and maintain access to Outlook messages. In a statement to theGuardian, Microsoft said, "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." It's the DITU's job to help keep companies in compliance. In other instances, the unit will go to companies that manufacture surveillance software and ask them to build in particular capabilities, the industry representative said. The DITU falls under the FBI's Operational Technology Division, home to agents, engineers, electronic technicians, computer forensics examiners, and analysts who "support our most significant investigations and national security operations with advanced electronic surveillance, digital forensics, technical surveillance, tactical operations, and communications capabilities," according to the FBI's website. Among its publicly disclosed capabilities are surveillance of "wireline, wireless, and data network communication technologies"; collection of digital evidence from computers, including audio files, video, and images; "counter-encryption" support to help break codes; and operation of what the FBI claims is "the largest fixed land mobile radio system in the U.S." The Operational Technology Division also specializes in so-called black-bag jobs to install surveillance equipment, as well as computer hacking, referred to on thewebsite as "covert entry/search capability," which is carried out under law enforcement and intelligence warrants. The tech experts at Quantico are the FBI's silent cybersleuths. "While [the division's] work doesn't typically make the news, the fruits of its labor are evident in the busted child pornography ring, the exposed computer hacker, the prevented bombing, the averted terrorist plot, and the prosecuted corrupt official," according to the website. According to former law enforcement officials and technology industry experts, the DITU is among the most secretive and sophisticated outfits at Quantico. The FBI declined Foreign Policy's request for an interview about the unit. But in a written statement, an FBI spokesperson said it "plays a key role in providing technical expertise, services, policy guidance, and support to the FBI and the intelligence community in collecting evidence and intelligence through the use of lawfully authorized electronic surveillance." In addition to Carnivore, the DITU helped develop early FBI Internet surveillance tools with names like CoolMiner, Packeteer, and Phiple Troenix. One former law enforcement official said the DITU helped build the FBI's Magic Lanternkeystroke logging system, a device that could be implanted on a computer and clandestinely record what its user typed. The system was devised to spy on criminals who had encrypted their communications. It was part of a broader surveillance program known as Cyber Knight. Page 3 of 3 In 2007, Wired reported that the FBI had built another piece of surveillance malware to track the source of a bomb threat against a Washington state high school. Called a "computer and Internet protocol address verifier," it was able to collect details like IP addresses, a list of programs running on an infected computer, the operating system it was using, the last web address visited, and the logged-in user name. The malware was handled by the FBI's Cryptologic and Electronic Analysis Unit, located next door to the DITU's facilities at Quantico. Wired reported that information collected by the malware from its host was sent via the Internet to Quantico. The DITU has also deployed what the former law enforcement official described as "beacons," which can be implanted in emails and, when opened on a target's computer, can record the target's IP address. The former official said the beacons were first deployed to track down kidnappers. * * * Lately, one of the DITU's most important jobs has been to keep track of surveillance operations, particularly as part of the NSA's Prism system, to ensure that companies are producing the information that the spy agency wants and that the government has been authorized to obtain. The NSA is the most frequent requester of the DITU's services, sources said. There is a direct fiber-optic connection between Quantico and the agency's headquarters at Fort Meade, Maryland; data can be moved there instantly. From the companies' perspective, it doesn't much matter where the information ends up, so long as the government shows up with a lawful order to get it. "The fact that either the targets are coming from the NSA or the output goes to the NSA doesn't matter to us. We're being compelled. We're not going to do any more than we have to," said one industry representative. But having the DITU act as a conduit provides a useful public relations benefit: Technology companies can claim -- correctly -- that they do not provide any information about their customers directly to the NSA, because they give it to the DITU, which in turn passes it to the NSA. But in the government's response to the controversy that has erupted over government surveillance programs, FBI officials have been conspicuously absent. Robert Mueller, who stepped down as the FBI's director in September, testified before Congress about disclosed surveillance only twice, and that was in June, before many of the NSA documents that Snowden leaked had been revealed in the media. On Nov. 14, James Comey gave his first congressional testimony as the FBI's new director, and he was not asked about the FBI's involvement in surveillance operations that have been attributed to the NSA. Attorney General Eric Holder has made few public comments about surveillance. (His deputy has testified several times.) The former law enforcement official said Holder and Mueller should have offered testimony and explained how the FBI works with the NSA. He was concerned by reports that the NSA had not been adhering to its own minimization procedures, which the Justice Department and the FBI review and vouch for when submitting requests to the Foreign Intelligence Surveillance Court. "Where they hadn't done what was represented to the court, that's unforgivable. That's where I got sick to my stomach," the former law enforcement official said. "The government's position is, we go to the court, apply the law -- it's all approved. That makes for a good story until you find out what was approved wasn't actually what was done." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 23 21:31:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Nov 2013 22:31:45 -0500 Subject: [Infowarrior] - OT: Farewell, SQ21/22 Message-ID: <0763A485-8CF7-40A8-8F55-1F4A2B404F46@infowarrior.org> (Awesome experience, glad I got to take it a few times on my way to Australia over the years. --rick) Singapore 21: a farewell trip on the world's longest flight As of tomorrow, the longest flight in the world will shuttle passengers on a 747-400 from Dallas, Texas to Sydney, Australia. That 15-hour, 25-minute hop on board Qantas 7 may not be the lengthiest in duration, but at 8,578 miles gate to gate, it'll lead the industry in miles flown. For a few more hours, however, Singapore Airlines' decade-long run from Newark, N.J., to Singapore remains the record holder for both time (more than 18 hours) and distance (9,534 miles). It's a journey that's been on the bucket lists of the world's most ambitious aviation enthusiasts since the city-state's namesake airline first launched the service in 2004, and following tonight's final jaunt, this record-setting A340-500 will touch down at Changi Airport for the very last time. < - big snip - > http://www.engadget.com/2013/11/23/flying-singapore-21/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 25 06:35:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Nov 2013 07:35:52 -0500 Subject: [Infowarrior] - NYT reporting on Bloomberg news changes Message-ID: <9F09EFCF-8D3B-42BE-A9AA-6699DE5936EE@infowarrior.org> Signs of Change in News Mission at Bloomberg http://www.nytimes.com/2013/11/25/business/media/signs-of-change-in-news-mission-at-bloomberg.html At Bloomberg, Special Code Keeps Some Articles Out of China http://sinosphere.blogs.nytimes.com/2013/11/13/at-bloomberg-special-code-keeps-some-articles-out-of-china/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 25 13:36:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Nov 2013 14:36:17 -0500 Subject: [Infowarrior] - Overhaul of spy programs so far cloaked in more secrecy Message-ID: <2DB0DBBC-634C-4F37-95B5-BC8C15192600@infowarrior.org> Obama?s overhaul of spy programs so far cloaked in more secrecy By Anita Kumar McClatchy Washington Bureau November 25, 2013 http://www.mcclatchydc.com/2013/11/25/209465/obamas-overhaul-of-spy-programs.html WASHINGTON ? President Barack Obama has faced withering criticism around the globe for his secret spying programs. How has he responded? With more secrecy. Obama has been gradually tweaking his vast government surveillance policies. But he is not disclosing those changes to the public. Has he stopped spying on friendly world leaders? He won?t say. Has he stopped eavesdropping on the United Nations, the World Bank and the International Monetary Fund? He won?t say. Even the report by the group Obama created to review and recommend changes to his surveillance programs has been kept secret. Critics note that this comes after he famously promised the most open administration in history. ?They seem to have reverted to a much more traditional model of secrecy except when it?s politically advantageous,? said Steven Aftergood, who directs the Federation of American Scientists Project on Government Secrecy, and is an expert on ? and prominent critic of ? government secrecy. ?That?s normal but not consistent with their pledge.? For five months, former government contractor Edward Snowden has steadily released classified information to the media that shows the breadth of the federal government programs that have guided intelligence gathering since the Sept. 11, 2001, terrorist attacks. Documents show the National Security Agency had been collecting telephone and email records on tens of millions of Americans and foreigners, eavesdropping on allies such as Germany and Brazil, and spying on a host of global institutions. As criticism swelled at home and abroad, Obama said the nation should examine how the government can strike a balance between national security and privacy concerns. He said at an August news conference that Americans will resolve any disagreements about the NSA programs through ?vigorous public debate.? But what started out as a national examination largely turned into a private review with few public meetings, little document disclosure and next to no public debate, say some lawmakers, technology organizations and civil liberties groups. And now, as those behind-the-scenes reviews begin to wind down, Obama is not providing details of the results. ?As part of the overall review of our intelligence-gathering practices, decisions are being made by the president and implemented by the president, but beyond that, I have to ask you to wait until the reviews, the various reviews have been completed and we have more to say,? White House spokesman Jay Carney said. Sherwin Siy, vice president of legal affairs at Public Knowledge, which promotes Internet openness and provided recommendations to the White House on this issue, said administration officials are asking Americans to trust them, but their past actions have provided no reason to do so. ?Where are the reserves of trust supposed to come from?? he asked. On his first day in office, Obama offered a sweeping promise of transparency, issuing a number of executive actions to provide more openness at every level of the federal government and greater disclosure under the Freedom of Information Act. ?My administration is committed to creating an unprecedented level of openness in government,? Obama wrote at the time. ?Openness will strengthen our democracy and promote efficiency and effectiveness in government.? But over the last five years, watchdog groups say, Obama has relied on state secrets and secret laws to make national security decisions with little congressional or public oversight, much as did his predecessor, President George W. Bush. In recent months, Obama and James Clapper, the director of the Office of National Intelligence, have made statements that diminished the scope of ? or outright denied the existence of ? surveillance programs. Carney and other administration officials say they are prohibited by law from revealing more details because the surveillance programs are classified and revelations could threaten national security. Sascha Meinrath, director of the Open Technology Institute at the New America Foundation, which pushes Internet freedom and provided recommendations to the White House on this issue, suggested it declassify more programs in order to talk about them. ?The blowback is only going to get worse,? he said. In the past several months the government has released some documents, primarily about phone and email record collections. Some are heavily redacted, with thick black lines obscuring numerous dates, names and entire paragraphs. Clapper says that he has released them at Obama?s request to be more transparent, but many were released as a result of court orders as part of a lawsuit filed by the American Civil Liberties Union and the Electronic Frontier Foundation, a privacy advocacy group. ?The American people deserve an open conversation about how the administration is interpreting its authority to conduct surveillance of Americans,? said Sen. Tom Udall, D-N.M., who has advocated for NSA changes. ?I believe we can protect our national security and our constitutional rights, and I would like to see the administration make a genuine effort to respond to the many legitimate concerns that have been raised. So far, its efforts have raised more questions than they have answered.? In response to criticism about NSA programs, Obama expects to receive recommendations from at least two government groups ? an advisory group he created this summer and an independent organization within the executive branch with presidentially nominated members. The first panel ? the Review Group on Intelligence and Communications Technology ? provided an interim report to National Security Adviser Susan Rice and Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco last week, but it was not released to the public. A final report is due Dec. 15, but it?s not clear if the entire document would be made public. ?We expect that the outcomes of their work will be made public in some way,? said Caitlin Hayden, a National Security Council spokeswoman. The second panel ? the Privacy and Civil Liberties Oversight Board ? recently held its first substantive hearing since its creation by Congress in 2004. It plans to provide recommendations to the White House but has not released a timetable. Mark Jaycox, a policy analyst for the Electronic Frontier Foundation, said he doesn?t expect the administration to change much even amid the intense criticism. This administration, he said, has always held fast against similar criticism. For example, it resisted for years bipartisan pressure to release more information about its top-secret targeted killing program. ?It?s a pattern of the Obama administration,? he said. Email: akumar at mcclatchydc.com; Twitter: @anitakumar01 Read more here: http://www.mcclatchydc.com/2013/11/25/209465/obamas-overhaul-of-spy-programs.html#storylink=cpy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 30 21:08:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Nov 2013 22:08:34 -0500 Subject: [Infowarrior] - MPAA Banned From Using Piracy and Theft Terms in Hotfile Trial Message-ID: <447C9C3F-D2E4-4C36-9E3E-BB68339FEA68@infowarrior.org> MPAA Banned From Using Piracy and Theft Terms in Hotfile Trial ? Ernesto ? November 29, 2013 http://torrentfreak.com/mpaa-banned-from-using-piracy-and-theft-terms-in-hotfile-trial-131129/ Leading up to the trial, Hotfile has scored several significant wins against the MPAA. The Florida federal court ruled on several motions this week, and many went in favor of the file-hosting service. Most prominently, Judge Kathleen Williams decided that the movie studios and its witnesses are not allowed to use ?pejorative? terms including ?piracy,? ?theft? and ?stealing? during the upcoming proceedings. The ongoing legal battle between Hotfile and the MPAA is nearing its climax. In August the movie studios won summary judgment on the issues of DMCA defense and vicarious liability, while the file-hosting site was cleared of direct copyright infringement. The remaining issues, including the damages amount, will be decided during a trial early next month. In preparation for the trial both parties have submitted motions to the court in recent weeks. Hotfile, for example, asked the court to prevent the MPAA from using ?pejorative? terms including piracy, theft and stealing as these could misguide the jury. District Court Judge Kathleen Williams has now ruled on these motions, with the file-hosting service scoring several important victories. The Judge granted Hotfile?s ?pejorative? terms motion, which means that the movie studios and its witnesses are not allowed to use words including ?piracy,? ?theft? and ?stealing? during the trial. ?Defendants? Motion in Limine to Preclude Use of Pejorative Terms is GRANTED IN PART. The parties may not use pejorative terms but may use terms of art,? the order reads. The file-hosting service previously argued that since piracy and theft-related terms are derogatory, their use could mislead the jury and possibly influence their judgment. According to Hotfile there is no ground to substantiate the use of such terms. ?In the present case, there is no evidence that the Defendants (or Hotfile?s founders) are ?pirates? or ?thieves,? nor is there evidence that they were ?stealing? or engaged in ?piracy? or ?theft.? Even if the Defendants had been found to have directly infringed on the Plaintiffs? copyrights, such derogatory terms would add nothing to the Plaintiffs? case, but would serve to improperly inflame the jury.? The MPAA countered that there is absolutely no reason to exclude words that are commonly used in cases related to copyright infringement. Banning the terms would make it hard for MPAA?s lawyers and the witnesses to describe the events that took place, according to the movie studios. ?Terms like ?piracy? and ?theft? are commonplace terms often used in court decisions, statutes, and everyday speech to describe the conduct in which Hotfile and its users engaged, and for which the Court has already found Defendants liable,? MPAA?s legal team wrote. With her ruling Judge Williams clearly sides with Hotfile?s argument that the jury could be misled by piracy and theft-related descriptions. This is a clear win for the file-hosting service, but it also leads to the awkward situation that several witnesses can?t name their job titles, such as Warner?s head of Global Corporate Anti-Piracy. Additionally, the MPAA can no longer quote Vice President Joe Biden?s famous comment: ?Piracy is theft, clean and simple.? The full list of motions Judge Williams ruled on includes more good news for Hotfile. For example, with regard to Hotfile?s countersuit over alleged DMCA abuse by the movie studio, Warner?s motions to exclude the term ?perjury? and the studio?s audit of its anti-piracy system from trial were both denied. On the downside, Hotfile?s request to prevent the MPAA from bringing up the criminal indictment against ?Megaupload? was denied. This means that in describing the Megaupload case the movie studios can?t quote passages that reference piracy or theft. It will be interesting to see how the MPAA tackles Hotfile now that they are restricted in the language they can use. It probably means that the term ?copyright infringement? will be used more often than they had hoped. To be continued. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 30 21:08:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Nov 2013 22:08:46 -0500 Subject: [Infowarrior] - Britain targets Guardian newspaper over intelligence leaks related to Edward Snowden Message-ID: <25CFEE84-4634-4DA5-9BCB-3B07466B4F7D@infowarrior.org> Britain targets Guardian newspaper over intelligence leaks related to Edward Snowden By Anthony Faiola http://www.washingtonpost.com/world/europe/britain-targets-guardian-newspaper-over-intelligence-leaks-related-to-edward-snowden/2013/11/29/1ec3d9c0-581e-11e3-bdbf-097ab2a3dc2b_print.html LONDON ? Living in self-imposed exile in Russia, former National Security Agency contractor Edward Snowden may be safely out of reach from Western powers. But dismayed by the continued airing of trans?atlantic intelligence, British authorities are taking full aim at a messenger shedding light on his secret files here ? the small but mighty Guardian newspaper. The pressures coming to bear against the Guardian, observers say, are testing the limits of press freedoms in one of the world?s most open societies. Although Britain is famously home to a fierce pack of news media outlets ? including the tabloid hounds of old Fleet Street ? it also has no enshrined constitutional right to free speech. The Guardian, in fact, has slipped into the single largest crack in the free speech laws that are on the books here ? the dissemination of state secrets protecting queen and country in the British homeland. A feisty, London-based news outlet with a print circulation just shy of 200,000 ? albeit with a far bigger footprint online with users in the many millions ? the Guardian along with The Washington Post was the first to publish reports based on classified data spirited out of the United States by Snowden. In the months since, the Guardian has continued to make officials here exceedingly nervous by exposing the joint operations of U.S. and British intelligence ? particularly their cooperation in data collection and snooping programs involving British citizens and close allies on the European continent. In response, the Guardian is being called to account by British authorities for jeopardizing national security. The Guardian?s top editor, Alan Rusbridger, is being forced to appear before a parliamentary committee Tuesday to explain the news outlet?s actions. The move comes after British officials ordered the destruction of hard drives at the Guardian?s London headquarters, even as top ministers have taken to the airwaves to denounce the newspaper. Scotland Yard has also suggested it may be investigating the paper for possible breaches of British law. The government treatment of the Guardian is highlighting the very different way Britons tend to view free speech, a liberty that here is seen through the prism of the public good and privacy laws as much as the right to open expression. Nevertheless, the actions against the paper have led to growing concern in Britain and beyond. Frank La Rue, the U.N. special rapporteur on free expression, has denounced the Guardian?s treatment as ?unacceptable in a democratic society.? The World Association of Newspapers and News Publishers, a Paris-based trade association, will send a delegation of ?concerned? publishers and editors from five continents to London in January on a ?U.K. press freedom mission.? ?The kind of threats and intimidation being experienced by the Guardian, especially compared to the different responses in the United States and Germany, is something that we should all be very worried about,? said Jo Glanville, director of English PEN, a London-based freedom of expression group. Threat to national security? The Guardian is among the global news outlets thoroughly studying the Snowden files and publishing key parts, a club that in addition to The Post has expanded to include the New York Times and Germany?s Der Spiegel, among others. U.S. intelligence officials have said publicly that the disclosures endanger national security, and the head of the National Security Agency, Gen. Keith B. Alexander, has said the federal government needs to a find a way to stop them. ?We ought to come up with a way of stopping it. I don?t know how to do that. That?s more of the courts and the policymakers, but, from my perspective, it?s wrong to allow this to go on,? Alexander told the Defense Department?s Armed With Science blog in October. The Post does not show stories to U.S. officials in advance of publication, nor does it routinely agree to official requests. But language in some articles has occasionally been modified when officials cited very specific risks to certain intelligence operations and individuals, according to the paper?s executive editor, Martin Baron. A spokeswoman for the New York Times pointed to statements by executive editor Jill Abramson in which she said the paper had turned down at least one request by U.S. officials to withhold a story. Although legal experts say the First Amendment offers stronger protection for the news media in the United States than their counterparts enjoy in Britain, U.S. authorities still have tools at their disposal to limit the disclosure of classified data. Those tools include the 1917 Espionage Act, which federal prosecutors have used to charge Snowden. Nevertheless, U.S. officials have thus far stopped short of the more aggressive tactics being deployed against the Guardian in Britain. The German government has also taken a relatively hands-off approach. ?At Der Spiegel we have not encountered anything similar,? managing editor Klaus Brinkb?umer said in an e-mail. ?There is no serious pressure.? In contrast, Rusbridger must explain to the parliamentary committee the paper?s dissemination and handling of the Snowden data. The move came after Prime Minister David Cameron, speaking on the floor of Parliament in October, offered comments that seemed to open the door for the editor?s public grilling. Scotland Yard, meanwhile, has suggested that it might be investigating the Guardian in connection to the authorities? continuing probe of David Miranda, the partner of Brazil-based freelance journalist Glenn Greenwald, who formerly worked with the Guardian on its Snowden stories. In August, British authorities arrested Miranda at Heathrow Airport while he was on an information-gathering trip funded by the Guardian. British officials interrogated Miranda for nine hours before confiscating his laptop, cellphone, USB memory sticks and video-game consoles. Miranda was released after being questioned, but the confiscated items remain in official custody. Hard drives destroyed After Miranda?s arrest, Rusbridger disclosed that more-direct pressure had been brought to bear on the paper from the top levels of the British government. In June, he said he was contacted by a senior official in the first of several communications aimed at pressuring the Guardian to destroy hard drives storing data from Snowden that were being kept at the paper?s London headquarters. Ultimately, Rusbridger said, he agreed to the government?s request for two reasons. First, because copies of the data were already being safely kept outside Britain, and secondly, because government officials had implied that they would take far more drastic action against the paper if he did not comply. ?Some of this behavior is clearly designed to be intimidatory and/or chilling,? Rusbridger said in an e-mail. ?Most of it would be unimaginable in America or parts of Europe. So, yes, I think there are disturbing implications for press freedom in the U.K.? In the summer, a senior official at the British Embassy in Washington also called Abramson at the New York Times to request the return of Snowden data ? a request Abramson has said she denied. ?We were made aware that the NYT might be in possession of a large number of stolen, highly classified documents,? said a British official who declined to be named. ?Would it be unreasonable of us to ask for them back?? A spokesman at No. 10 Downing Street declined to comment for this article, instead referring to published comments by the prime minister. In October, Cameron, a Conservative, took a thinly veiled swipe at the left-leaning Guardian: ?I will back the work [security services] do and I will criticize those that make public some of the techniques they use because that is helping our enemies.? The Guardian has also become the target of a number of other Conservative lawmakers. One, Julian Smith, has pointedly sought information from the paper on whether it willfully shipped the names of British secret service agents overseas ? an act that could be punishable by law in Britain. ?I?ve got numerous concerns about how the Guardian has conducted itself,? Smith said. ?I believe in freedom of the press and the Guardian?s right to write about these leaks, but there also needs to be a sense of moral responsibility.? Asked in an e-mail whether the Guardian sent data with names of British agents overseas, Rusbridger did not answer directly. He said: ?It?s been apparent to any casual reader since early June that the Snowden documents contain names of some employees of the NSA and GCHQ [Government Communications Headquarters, an arm of British Intelligence]. We have had no approaches from government or agencies in relation to any names. We have published no names, nor lost control of any material.? Rusbridger said the paper is keenly aware of its moral responsibility ? to continue publishing stories in the public interest. ?Some people, especially in the U.K., would like newspapers to be gagged or prosecuted,? Rusbridger said. ?But be careful what you wish for. Kick newspapers by all means, but, without them, be prepared for something much worse.? Karla Adam contributed to this report. Click here to read excerpts from the interview. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 30 21:08:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Nov 2013 22:08:57 -0500 Subject: [Infowarrior] - Who Is Watching the Watch Lists? Message-ID: <13B459A4-9D79-4DF4-A065-BB7890304AA0@infowarrior.org> November 30, 2013 Who Is Watching the Watch Lists? By SUSAN STELLIN http://www.nytimes.com/2013/12/01/sunday-review/who-is-watching-the-watch-lists.html GOVERNMENTS wade into treacherous waters when they compile lists of people who might cause their countries harm. As fears about Japanese-Americans and Communists have demonstrated in the past, predictions about individual behavior are often inaccurate, the motivations for list-making aren?t always noble and concerns about threats are frequently overblown. So it might seem that current efforts to identify and track potential terrorists would be approached with caution. Yet the federal government?s main terrorist watch list has grown to at least 700,000 people, with little scrutiny over how the determinations are made or the impact on those marked with the terrorist label. ?If you?ve done the paperwork correctly, then you can effectively enter someone onto the watch list,? said Anya Bernstein, an associate professor at the SUNY Buffalo Law School and author of ?The Hidden Costs of Terrorist Watch Lists,? published by the Buffalo Law Review in May. ?There?s no indication that agencies undertake any kind of regular retrospective review to assess how good they are at predicting the conduct they?re targeting.? What?s more, the government refuses to confirm or deny whether someone is on the list, officially called the Terrorist Screening Database, or divulge the criteria used to make the decisions ? other than to say the database includes ?individuals known or suspected to be or have been engaged in conduct constituting, in preparation for, in aid of, or related to terrorism and terrorist activities.? Even less is known about the secondary watch lists that are derived from the main one, including the no-fly list (used to prevent people from boarding aircraft), the selectee and expanded selectee lists (used to flag travelers for extra screening at airport checkpoints), the TECS database (used to vet people entering or leaving the United States), the Consular Lookout and Support System (used to screen visa applications) and the known or suspected terrorists list (used by law enforcement in routine police encounters). For people who have landed on these lists, the terrorist designation has been difficult to challenge legally ? although that may be about to change. On Monday, a lawsuit brought by a traveler seeking removal of her name from the no-fly list, or at least due process to challenge that list, is going to trial in Federal District Court in San Francisco, after almost eight years of legal wrangling. In that case, a Stanford University Ph.D. student named Rahinah Ibrahim was prevented from boarding a flight at San Francisco International Airport in 2005, and was handcuffed and detained by the police. Ultimately, she was allowed to fly to Malaysia, her home country, but she has been unable to return to the United States because the State Department revoked her student visa. According to court filings, two agents from the Federal Bureau of Investigation visited Ms. Ibrahim a week before her trip and asked about her religious activities (she is Muslim), her husband and what she might know of a Southeast Asian terrorist organization. A summary of that interview obtained by Ms. Ibrahim?s lawyer includes a code indicating that the visit was related to an international terrorism investigation, but it is not clear what other evidence ? like email or phone records ? was part of that inquiry. ?We?ve tried to get discovery into whether our client has been surveilled and have been shut down on that,? said Elizabeth Pipkin, a lawyer with McManis Faulkner, the firm representing Ms. Ibrahim pro bono. ?They won?t answer that question for us.? The government says that revealing this type of information would jeopardize national security. In April, Attorney General Eric H. Holder Jr. asserted to the court ?a formal claim of the state secrets privilege? in the case. In another case, Latif v. Holder, 13 American citizens who have been denied boarding on flights are seeking removal of their names from any watch list, as well as the reasons they have been banned and an opportunity to rebut any derogatory information. ?People who are accused of being enemy combatants at Guant?namo have the ability to challenge their detention, however imperfect that now is,? said Hina Shamsi, a lawyer with the American Civil Liberties Union, which is representing the plaintiffs. ?It makes no sense that people who have not actually been accused of any wrongdoing can?t challenge? their inclusion on a watch list. The Terrorist Screening Center, which administers the main terrorist watch list, declined to discuss its procedures, or to release current data about the number of people on various watch lists, and how many of them are American citizens. A T.S.C. official did say that fewer than 1 percent of the people in the main terrorist database are United States citizens or legal permanent residents, but there is no way to confirm that number. Reports by the Government Accountability Office and other oversight agencies have raised concerns about how people are nominated to be on the terrorist watch list, the accuracy of information in the database and the effectiveness of procedures to remove or correct inaccurate records. Travelers are entitled to file a complaint with the Homeland Security Department?s Traveler Redress Inquiry Program, although that process offers limited recourse. Much information in the databases is exempt from Privacy Act disclosure requirements, so those who submit complaints often get a response saying the government can?t reveal details about their cases ? one issue underlying the legal challenges now being reviewed by the courts. Professor Bernstein of SUNY Buffalo proposes rethinking that Privacy Act exemption, requiring regular evaluations of watch list nominations and examining the accuracy of algorithms in predicting ?something as rare and idiosyncratic as terrorism.? ?When you have a huge list of people who are likely to commit terrorist acts, it?s easy to think that terrorism is a really big problem and we should be devoting a lot of resources to fighting it,? she said. ?As a society, we have choices about what we really think are the important problems.? Susan Stellin is a frequent contributor to The New York Times. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 30 21:09:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Nov 2013 22:09:04 -0500 Subject: [Infowarrior] - Speed Traders Meet Nightmare on Elm Street With Nanex Message-ID: Speed Traders Meet Nightmare on Elm Street With Nanex By Michael P. Regan - Nov 26, 2013 http://www.bloomberg.com/news/print/2013-11-26/speed-traders-meet-nightmare-on-elm-street-with-nanex.html The nemesis of Wall Street?s high-frequency traders operates out of an apartment-sized office above the Bliss Salon -- manicure/pedicure $45 -- on Elm Street in the Chicago suburb of Winnetka. Staring at four computer monitors,Eric Scott Hunsader, the founder of market-data provider Nanex LLC, looks for hints of illicit trading hidden in psychedelic images of triangles dancing with dots that represent quotes to buy and sell U.S. stocks broken down by the millisecond. Charts of trading produced by Hunsader?s eight-person firm have captivated everyone from regulators to art gallery owners. One stunt involved a computerized piano piece mimicking quotes for an exchange-traded fund. He infuriates some traders, who say Nanex draws unwarranted conclusions and spreads conspiracy theories. To Hunsader, the images created from market feeds are evidence of high-frequency trading firms exploiting market rules to turn a profit in a lawless environment. Though others in the industry see his reports and charts as propaganda, Nanex?s interpretations are helping to drive the public debate about the fundamental fairness of the modern stock market. ?You ever see ?Lord of the Flies? or read that book?? he said, using the William Golding novel about boys stranded on an uninhabited island as a metaphor for the stock market. ?When you don?t have a parent around, things fall apart.? ?Ticker Plant? As the 51-year-old Hunsader sees it, that?s especially true for a market capable of spewing out quotes to buy and sell stocks at rates as fast as 2 million per second, compared with about 1,000 in the 1990s. The options market can produce quotes at a rate of more than 10 million per second, according to Nanex, whose business is to process the data and distribute it to users in what?s known as a ?ticker plant.? Hunsader?s firm detected what it said was suspicious trading before the government?s jobs report on Oct. 22. On Oct. 16, Nanex identified a buy order worth more than $400 million shortly before the open of European exchanges. The orders for E-mini S&P 500 futures were canceled ?just before selling began in earnest,? Nanex said. Nanex labeled the report ?Panthers on the Loose?,? arguing the trades resembled a case that caused the Commodity Futures Trading Commission to order Panther Energy Trading LLC to pay $2.8 million in fines and forfeited trading profits. The firm was accused of ?spoofing,? or using an algorithm to illegally place and quickly cancel bids and offers in futures contracts in order to create the false impression of demand. David, Goliath ?It shouldn?t take the regulator more than an hour to figure out who did it, and a day to find out the intent,? Nanex wrote in the Oct. 16 report. ?We?ll wait.? Hunsader?s firm portrays itself as David fighting industry Goliaths, the deep-pocketed HFT firms that dominate U.S. stock trading. That industry has started fighting back -- accusing Hunsader of drawing the wrong conclusions about what his charts show. Related: Hedge-Fund Fight Club Traded Illegal Tips Not Punches Making a joke about Nanex was the first thing Chris Concannon, a partner at proprietary trading firm Virtu Financial LLC in New York and former Securities and Exchange Commission attorney, did when he stepped to the microphone at an industry event last month. ?I?m required to announce our sponsor of this segment, which is Nanex,? Concannon said to laughter at the Security Traders Association?s Market Structure Conference in Washington. Nanex?s tag-line, he said, is ?making markets better with inaccurate information.? Advance Word Virtu and Nanex had traded insults since Hunsader published a report on Sept. 20, two days after the Federal Reserve surprised markets by not reducing the $85 billion of monthly bond purchases it makes in its quantitative easing program. Titled ?Einstein and The Great Fed Robbery,? the report cited market data that it said showed some trading firm or firms got advance word about the Fed?s decision and then used the milliseconds-long head start to place bets totaling more than $1 billion. A millisecond is one-thousandth of a second, or three places to the right of the decimal point -- one farther out than how Olympic track and swim times are posted. Following the report, the central bank began a review and ultimately tightened the way it releases its statements. Virtu?s report said Nanex?s study was ?severely flawed? because of the type of data feed it relied on. Hunsader replied that Virtu needs to buy a ?new calculator? and that if you read the report closely enough it corroborates his own theory that the information left Washington early. Concannon didn?t respond to five phone calls and e-mails seeking comment on Nanex?s statements. ?Disprove Mine? Hunsader, dressed in jeans, a white short-sleeved shirt and running shoes in the Winnetka office, points at the approximately 3,000 pieces of trading research he?s released, claiming he has never stood down from a finding. How do you publish that many reports, he said, ?and not ever have to retract them?? ?If you can?t prove your point, then disprove mine,? he said. ?But don?t go around saying we think you?re making leaps without backing it up.? A high-frequency tweeter with more than 11,000 followers, Hunsader conducts his crusade on the Internet and with interviews with journalists, documentary film-makers and others looking for someone to explain today?s computerized market. Many of his more than 11,500 Twitter posts contain links to his charts highlighting unusual patterns in stock quotes and often blaming computer algorithms being used by HFT firms. ?Obscene manipulation in $AAPL stock. Where?s @SEC_News on this & 1000?s of other examples?? he posted on Oct. 5, referencing the symbol for Apple Inc. and a Twitter feed run by the SEC. Market Police Regulation NMS, the set of rules that opened stock trading to greater competition six years ago, has helped fragment the almost $22 trillion U.S. market to the point where orders to buy and sell bounce between 13 exchanges and more than 40 alternative platforms. Bloomberg LP, parent of Bloomberg News, operates an equities venue called Tradebook and is a provider of market data and analytics. In Hunsader?s view, the computerized firms that benefit from the fragmentation by profiting off fleeting price discrepancies between markets are not being policed enough. The results, according to Hunsader, included higher data-processing fees and unexplained lurches in the prices of individual stocks that cause investors anxiety. There is also the potential for more outright disasters, he said, like the May 2010 ?flash crash? when the Dow Jones Industrial Average extended a drop to almost 1,000 points within minutes. ?Truthers? Nanex regularly misunderstands what it sees in market data and is fueling misconceptions that damage investor confidence, according to Manoj Narang, founder and chief executive officer of HFT firm Tradeworx Inc. in Red Bank, New Jersey. He compared Nanex to the ?truthers? who doubt the official explanation of the Sept. 11 terrorist attacks. There are usually benign explanations for what look to Nanex like attempts to manipulate prices through what it calls ?quote stuffing,? he said. For example, he said, bursts of quotes could be trading algorithms reacting when the difference between the best bid to buy and the best offer to sell grows to more than a penny. The programs automatically cancel the orders after exchanges modify them to avoid markets where bids equal offers, according to Narang, resulting in ?inadvertent repetitive behavior? by algorithms. ?The conclusions that they form generally have a paranoid or conspiracist sort of bent to them,? said Narang. ?Stirring the pot like that and dabbling in all of these conspiracy theories, and having those things get a serious airing, undermines investor confidence. And for no real reason.? Simplifying a market that is spread across so many trading venues is easier said than done, said Larry Tabb, chief executive officer of market-research firm Tabb Group LLC. ?Too Complex? ?The markets are certainly too complex,? Tabb said in an e-mail. ?The problem is how do you simplify it? Are there too many exchanges? Too many dark pools? Too many algorithms? To simplify the structure the SEC needs to make some very unpopular decisions that go against 15 years of market structure history, which actually benefits many investors. They are in a difficult spot.? The Nanex founder said one place for the SEC to start is to use its new Market Information Data Analytics System, known as Midas and built by Tradeworx, to explore what he considers one of the top issues with modern markets. Direct data streams from the exchanges, which HFT firms such as Virtu receive, are delivering more timely information than the consolidated feeds that are sent to the rest of the market and were meant to level the playing field, Hunsader said. Hunsader?s firm uses the consolidated feeds. Boutiques, Nanex SEC spokesman John Nester declined to comment on Nanex?s assertions. Also declining to comment were Eric Ryan, a New York Stock Exchange spokesman; Rob Madden of Nasdaq OMX Group Inc.; and Randy Williams of Bats Global Markets Inc., which is combining with Direct Edge Holdings LLC. Nanex?s office in a village of upscale cafes and boutiques consists of a room dominated by Hunsader?s wall of monitors, another filled with stacks of servers, a common area with a mini-fridge stocked with soda -- and not much else. Answering the front door is Nate Rock, a 34-year-old software engineer with a bushy beard and a penchant for dropping references to Dungeons and Dragons into conversation. He became interested in Hunsader?s work after trying to invest some spare money made at a previous job at Infinite Campus Inc., which makes software for educators and students. Barefoot ?Dogbert? Barefoot, wearing camouflage shorts and a black T-shirt that says ?meh,? Rock uses the professional title ?Dogbert? in reference to the canine sidekick in the ?Dilbert? comic strip. He read about Hunsader?s work on the blog Zero Hedge and got a job after exchanging e-mails with Nanex programmer Jeff Donovan during a vacation day spent drinking with a buddy and watching Facebook Inc.?s initial public offering in May 2012. ?My original schooling was in sciences and I saw the work that Eric was doing and I was like, he?s a scientist,? Rock said. ?It?s very detailed down to the millisecond. And I hadn?t seen that anywhere.? Among those who have come here to pick Hunsader?s brain is Jim Angel, a finance professor at Georgetown University who studies market-structure issues. He said Hunsader?s research is a valuable service even if he doesn?t always agree with the conclusions, since there?s not enough information available to prove what is happening in the charts. ?Some Blemishes? ?I don?t think his analysis is always correct,? Angel said. ?He doesn?t know who?s trading, who?s putting in the various quotes. But there are imperfections in our market operations. And even though on average our markets are a whole lot better than they were 10 or 20 years ago, the reality is, hey, there?s still some blemishes around the edges that can and should be addressed. And he draws attention to them.? Hunsader has delivered his critique of the markets to everyone from officials at the Federal Reserve Bank of Chicago to members of Britain?s government at 10 Downing Street in London. ?He?s kind of the mosquito in the room that people pay attention to,? said Van Hutcherson, trader at JonesTrading Institutional Services LLC in Oak Brook, Illinois. ?He shines a light on some pretty important situations that I think go unnoticed because the majority of folks, unless you?re super sophisticated, don?t have the technology.? YouTube To illustrate computerized trading to the general public, Nanex has turned trading data into animated videos, with triangles and dots representing tens of thousands of orders dashing between exchanges. One video he posted on YouTube showed a 50-millisecond period in which quotes for Nokia Oyj dashed around the market at a rate of 22,000 per second. The video, published on Oct. 9, has been viewed more than 6,400 times. He programmed a computer to play piano notes corresponding to different bids and offers for a popular exchange-traded fund, resulting in a manic staccato composition even when slowed down. It was meant to highlight what Hunsader says is the absurdity of modern computerized trading. ?Everybody who?s gone this route has had to be a little bit theatrical and Wall Street doesn?t like it,? said Haim Bodek, founder of Decimus Capital Markets LLC, which develops computer programs to help institutions better trade with HFT firms and avoid ?predatory? behavior. ?Deep Flaws? ?The irony here is that he really is addressing these deep flaws,? said Bodek, who previously founded Trading Machines LLC, a high-frequency options firm, and headed electronic volatility trading at UBS AG. One of Nanex?s charts was featured in artist Trevor Paglen?s book ?The Last Pictures,? an archival disc of which was launched into space aboard a satellite a year ago as part of a project to leave ?artifacts of human civilization? that will continue to orbit Earth long after humans are gone, according to the project?s website. Hunsader started in the era of floppy disks, spending ?my total life savings,? he said, to buy a personal computer in 1984, a machine he still keeps under his desk. He stored each day?s trading data from the Chicago Mercantile Exchange and sold the information on a computer bulletin board, the precursor of the Internet. Cadillac, Compaq In 1987 he got a job offer from Tom Joseph, founder of Trading Techniques Inc., who developed technical-analysis charts to study movements of asset prices. While most traders were still shouting or making hand signals on exchange floors or hunched over early desktop PCs, Hunsader and Joseph were able to check stock charts as they rode around in Joseph?s Cadillac with a Compaq computer hooked up to a car phone. Trading Techniques was bought by CQG, a trading software maker, and Hunsader went to work for that firm. He read a book on Java code, then wrote an application that allowed users to get streaming intraday stock charts on the newly developing Internet. The founder of the website Quote.com was interested in the application and hired Hunsader. ?We put it up on their site and we went from zero to 10,000 paying subscribers in about 18 months,? he recalls. ?About $100 a month these guys are paying for this little thing on the net. They had to hire temps in on the weekends to freaking process all the credit cards.? Number Five The Internet portal Lycos Inc. bought Quote.com in 1999 and Hunsader left. The next year he focused on writing the software for his own venture, into which he poured thousands of hours of development time. The result was the ticker plant Nanex, which receives quotes from consolidated market feeds and distributes the data to users through software that allows them to analyze, chart it and write their own trading programs to complement its software. The flash crash inspired Hunsader to look more closely at the data he was distributing. He set out to figure out what was going on with Donovan, a southern California surfer and ticker-plant programmer who also develops three-dimensional graphics software. ?We saw the SEC was kind of dragging,? Hunsader recalls, ?I said to him, ?you know what, we?ve got the data. We could do this. Let?s see what we could do, let?s just have fun.?? As the pair drilled through the quotes, unexpected patterns emerged in charts for stock orders. They called them crop circles, a reference to the mysterious patterns sometimes reported in grain fields, and published them as research on the firm?s website. ?That was a blessing and a curse,? Hunsader said. ?It was a blessing because it caught the eye of Main Street, and it got us into the Atlantic which got us into the New York Times. But the curse was that the Wall Street glitterati, or elites, used that to paint these as conspiracy.? To contact the reporter on this story: Michael P. Regan in New York at mregan12 at bloomberg.net To contact the editor responsible for this story: Nick Baker at nbaker7 at bloomberg.net ?2013 BLOOMBERG L.P. ALL RIGHTS RESERVED. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 30 21:09:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Nov 2013 22:09:12 -0500 Subject: [Infowarrior] - =?windows-1252?q?Dial_00000000_for_Armageddon=2E_?= =?windows-1252?q?US=92s_top_secret_launch_nuclear_launch_code_was_frighte?= =?windows-1252?q?ningly_simple?= Message-ID: <66DBCD19-BE0F-4EDB-B641-80CFAC81967C@infowarrior.org> For Nearly Two Decades the Nuclear Launch Code at all Minuteman Silos in the United States Was 00000000 http://www.todayifoundout.com/index.php/2013/11/nearly-two-decades-nuclear-launch-code-minuteman-silos-united-states-00000000/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 30 21:16:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Nov 2013 22:16:05 -0500 Subject: [Infowarrior] - Saved $130 Million by Stealing Software Message-ID: <2DDABB93-EF89-4EE1-8AAE-A86730FCBD2B@infowarrior.org> Saved $130 Million by Stealing Software http://gizmodo.com/u-s-army-saved-130-million-by-stealing-software-1474068702 The U.S. Army just paid a $50 million settlement over accusations that it illegally installed software on thousands of devices without a license. Even after the settlement, the Army ended up saving a bunch of cash. Maybe crime really does pay? The court battle, revealed this week by The Washington Post, centers around personnel-tracking software made by Apptricity. The Army originally purchased a number of software licenses from Apptricity in 2004, with a second purchase about five years later. But the Army kept installing the software even after its licenses had run out, eventually putting unaccounted copies on 100 servers and 9,000 devices. It would seem the overshoot was not a mistake: Apptricity's complaint alleges that in or before the year 2010, the Army hired a different contractor to reverse-engineer portions of the unlicensed software, to avoid being held accountable for the unpaid fees. All told, the Washington Post calculates the purchase price of the illegally copied software at around $180 million, not including support and maintenance. If the allegations are true, it sure sounds like the Army came out ahead on the deal. [Washington Post] --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.