From rforno at infowarrior.org Tue Oct 1 06:49:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Oct 2013 07:49:12 -0400 Subject: [Infowarrior] - Snowden Speech: 'Economies are built on creativity, curiosity- and privacy' Message-ID: <8585DAB0-1C66-464B-86AE-4CE73F583D3B@infowarrior.org> Snowden: 'Economies are built on creativity, curiosity- and privacy' http://www.theguardian.com/world/2013/sep/30/nsa-files-edward-snowden-gchq-whistleblower#block-524a9cf8e4b00c9d0a810fee Unsurprisingly, Edward Snowden chose to submit a statement on paper, rather than appear by weblink at yesterday's hearing of the European Parliament Committee on Civil Liberties, Justice and Home Affairs. But appear he did - an exile has apparently not compromise his decision to blow the whistle. In a three-minute reading, Jesselyn Radack, National Security & Human Rights Director of the Government Accountability Project read the statement in full, and Snowden kicked off by calling the mass surveillance of whole populations "the greatest human rights challenge of our time". We've transcribed Snowden's speech in full: I thank the European parliament and the LIBE committee for taking up the challenge of mass surveillance. The surveillance of whole populations rather than individuals threatens to be the greatest human rights challenge of our time. The success of economies in developed nations relies increasingly on their creative output, and if that success is to continue we must remember that creativity is the product of curiosity, which in turn is the product of privacy. A culture of secrecy has denied our societies the opportunity to determine the appropriate balance between the human right of privacy and the governmental interest in investigation. These are not decisions that should be made for a people but only by the peopler after full, informed and fearless debate. Yet public debate is not possible without public knowledge - and in my country the cost of one in my position of returning public knowledge to public hands has been persecution and exile. If we are to enjoy such debates in the future we cannot rely upon individual sacrifice. We must create better channels for people of conscience to inform not only trusted agents of government but independent representatives of the public outside government. When I began my work it was with the sole intention of making possible the debate we see occurring here in this body and in many other bodies around the world. Today we see legislative bodies forming new committees calling for investigations and proposing new solutions for modern problems. We see emboldened courts that are no longer afraid to consider critical questions of national security. We see brave executives remembering that if a public is prevented from knowing how they are being governed the necessary result is that they are no longer self governing. And we see the public reclaiming an equal seat at the table of government. The work of a generation is beginning here with your hearing, and you have the full measure of my gratitude and support. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 1 06:52:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Oct 2013 07:52:17 -0400 Subject: [Infowarrior] - OT: Your False-Equivalence Guide to the Days Ahead Message-ID: <2986E6EA-45CE-4B87-8A13-8077C760FD77@infowarrior.org> Your False-Equivalence Guide to the Days Ahead A kind of politics we have not seen for more than 150 years James Fallows Sep 27 2013, 12:15 PM ET http://www.theatlantic.com/politics/archive/2013/09/your-false-equivalence-guide-to-the-days-ahead/280062/ Two big examples of problematic self-government are upon us. They are of course the possible partial shutdown of the federal government, following the long-running hamstringing of public functions via "the sequester"; and a possible vote not to raise the federal debt ceiling, which would create the prospect of a default on U.S. Treasury debt. The details are complicated, but please don't lose sight of these three essential points: ? As a matter of substance, constant-shutdown, permanent-emergency governance is so destructive that no other serious country engages in or could tolerate it. The United States can afford it only because we are -- still -- so rich, with so much margin for waste and error. Details on this and other items below.* ? As a matter of politics, this is different from anything we learned about in classrooms or expected until the past few years. We're used to thinking that the most important disagreements are between the major parties, not within one party; and that disagreements over policies, goals, tactics can be addressed by negotiation or compromise. This time, the fight that matters is within the Republican party, and that fight is over whether compromise itself is legitimate.** Outsiders to this struggle -- the president and his administration, Democratic legislators as a group, voters or "opinion leaders" outside the generally safe districts that elected the new House majority -- have essentially no leverage over the outcome. I can't recall any situation like this in my own experience, and the only even-approximate historic parallel (with obvious differences) is the inability of Northern/free-state opinion to affect the debate within the slave-state South from the 1840s onward. Nor is there a conceivable "compromise" the Democrats could offer that would placate the other side. ? As a matter of journalism, any story that presents the disagreements as a "standoff," a "showdown," a "failure of leadership," a sign of "partisan gridlock," or any of the other usual terms for political disagreement, represents a failure of journalism*** and an inability to see or describe what is going on. For instance: the "dig in their heels" headline you see below, which is from a proprietary newsletter I read this morning, and about which I am leaving off the identifying details. This isn't "gridlock." It is a ferocious struggle within one party, between its traditionalists and its radical factions, with results that unfortunately can harm all the rest of us -- and, should there be a debt default, could harm the rest of the world too. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 1 08:35:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Oct 2013 09:35:08 -0400 Subject: [Infowarrior] - SEC Once Slowed by Data Gap to Report High-Speed Trader Research Message-ID: <7B9D7339-8540-4FBD-A374-D84CBD67BB6B@infowarrior.org> SEC Once Slowed by Data Gap to Report High-Speed Trader Research By Dave Michaels and Sam Mamudi - Oct 1, 2013 http://www.bloomberg.com/news/print/2013-10-01/sec-once-slowed-by-data-gap-to-report-high-speed-trader-research.html The U.S. Securities and Exchange Commission will soon issue research from its new system for monitoring markets, including a look at practices that some blame for giving high-speed traders an unfair edge. The reports will use data from the SEC?s Midas market-surveillance system, according to two people briefed on the plans. The findings could help inform whether new regulations are needed to address strategies such as canceling a high percentage of orders, said the people, who asked not to be identified because the plan isn?t ready to be announced. The SEC lacked such a tool during the May 2010 plunge known as the flash crash, when the agency was criticized for taking four months to report the cause of turbulence that erased about $862 billion in U.S. equity value in minutes before share prices recovered. ?This shows to the outside world that the SEC has been quite active in terms of thinking about these issues in sophisticated ways,? said Henry Hu, a professor at the University of Texas who led the SEC?s research division from 2009 to 2011. ?Too often, people outside the SEC are not really aware of just how much effort goes on.? The SEC acquired its Midas system last year from high-frequency trading firm and technology vendor Tradeworx Inc. Midas, an acronym for Market Information Data Analytics System, collects about 1 billion trading records per day from 13 U.S. equity exchanges, which sell similar data to high-speed firms and brokers that want information milliseconds before the public. More Data Midas provides the regulator with more complete data than traders and researchers can see from the public feeds operated by NYSE Euronext (NYX) and Nasdaq OMX Group Inc. (NDAQ), SEC Associate Director Gregg E. Berman has said. The SEC?s feed includes every displayed order for shares on exchanges, not just the best offers reported to the public tape. It also gathers data on orders that are modified, canceled or filled. One of the first reports to be published will present information on whether stock-market liquidity is affected by the high volume of orders that are canceled before being filled, which can give the false appearance of real bids and offers for stocks. Some automated strategies may cancel more than 90 percent of the orders they send to exchanges, the SEC said in a 2010 report. Better Decisions ?People have questioned the fact that there are so many order cancellations and that there is a relatively small fraction of orders from certain market players that get executed,? former SEC Chairman Elisse B. Walter said last week in a phone interview. ?To have better data analysis about that is going to help the SEC in making a policy decision about whether or not that presents a problem and, if so, what to do about it.? Midas allows the SEC to view what exchanges and some high-speed traders already know about markets, Berman said in a June speech at the Securities Industry and Financial Markets Association?s Tech conference. It?s not a perfect view of market surveillance, because it doesn?t show the SEC how orders are routed or include information about the brokers or customers behind trades, Berman said. Berman is leading the SEC?s effort to analyze Midas data and publish analyses based on findings. It?s not clear when the SEC will publish its first report, but the two people said it would be soon. In a phone interview last week, Berman declined to discuss specific reports or when they would be made public. He said each analysis began as a research project that his staff has worked to translate for a general audience. ?Shed Light? ?We focus on using this data in ways that makes sense to understand market structure,? Berman said. ?This is all around helping people better understand markets and shed light on a variety of different topics.? The decision to present research from Midas began under Walter, who said in a February speech that the reports would explore subjects such as the speed of quotes and subsequent cancellations. The information could help people understand the impact of new rules sought by critics of high-frequency trading, said Walter, who left the agency in August after serving a five-year term as a commissioner and chairman. Midas gives the SEC a view into market behavior that some of the most sophisticated trading firms don?t have, Berman said in a speech in June. The data allows the regulator to study the speed at which traders respond to quotes, as well as what fraction of orders are canceled ?within 1 second, 100 milliseconds, or even 10 microseconds,? Berman said in the June speech. ?Starting Point? ?Answering these basic factual questions must be the starting point for any serious dialogue about market speed, and I?m very glad we now have the tools and technology to be able to do so,? Berman said in the speech. Canadian regulators have similarly used a data-driven approach as they seek to analyze the role of high-frequency traders, said Adam Sussman, director of research at New York-based Tabb Group LLC. The Investment Industry Regulatory Organization of Canada has used its real-time market surveillance database to identify traders who produce a high number of orders relative to the number of trades that were consummated, Sussman said in a phone interview. The Canadian regulator?s study found that high-frequency trading accounted for one-fifth of all trading in that country and 94 percent of order messages. Providing different types of aggregated market data to the public is a good thing, said Haoxiang Zhu, assistant professor of finance at Massachusetts Institute of Technology?s Sloan School of Management who specializes in market structure issues. ?Many everyday investors, and even some smaller institutions, have little idea how their stock orders are routed, for example, let alone the complexity of market structure,? he said in a phone interview. ?More transparency on the structure of markets can only help.? To contact the reporters on this story: Dave Michaels in Washington at dmichaels5 at bloomberg.net; Sam Mamudi in New York at smamudi at bloomberg.net To contact the editor responsible for this story: Maura Reynolds at mreynolds34 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 1 08:47:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Oct 2013 09:47:45 -0400 Subject: [Infowarrior] - Virginia developing a master identity database Message-ID: Va. starting to develop a master identity database BY PETER BACQU? Richmond Times-Dispatch | Posted: Sunday, September 29, 2013 12:00 am http://www.timesdispatch.com/news/state-regional/government-politics/va-starting-to-develop-a-master-identity-database/article_772d70fe-28ac-11e3-95ec-001a4bcf6878.html?mode=print Using Department of Motor Vehicles records as its core, the state government is quietly developing a master identity database of Virginia residents for use by state agencies. The state enterprise record - the master electronic ID database - would help agencies ferret out fraud and help residents do business electronically with the state more easily, officials said. While officials say the e-ID initiative will be limited in scope and access, it comes at a time of growing public concern about electronic privacy, identity theft and government intrusion. "It makes it easier to compromise your privacy," said Claire Guthrie Gasta?aga, executive director of the American Civil Liberties Union of Virginia. "They're using DMV for some other purpose than driving." DMV points out that, in today's world, state driver's licenses are the fundamental identification documents used by most Americans. State officials say participation in the e-ID system will be voluntary, but the reason that the state has been moving to offer "privacy-enhancing credentials" to Virginia residents is the increasing number of government services offered online. However, "anything you make more accessible and efficient for the user, you potentially open up for opportunities for risk, for attack," said Robby Demeria, executive director of RichTech, Richmond's technology council. The first state agency using the largely federally funded Commonwealth Authentication Service system will be the Department of Social Services, aiming to satisfy federal Medicaid requirements under the Affordable Care Act and to reduce eligibility fraud and errors. The system goes live Tuesday. About 70 percent of Social Services' clients are in DMV's database, said David W. Burhop, the Department of Motor Vehicles' deputy commissioner and chief information officer. Four state agencies are now involved in Virginia's e-ID initiative: DMV, the state's "ID professionals"; the Virginia Information Technologies Agency, which runs the state's IT systems; the Department of Social Services; and the Department of Medical Assistance Services. DMV has the records of about 5.9 million licensed drivers and ID card holders. Some of that information - names, addresses, dates of birth, driver's license numbers - will form the core of the state's identity authentication system. "To us, it is a tool that allows individuals to create online accounts," said Craig C. Markva, communications director of the Department of Medical Assistance Services, speaking for Secretary of Health and Human Resources William A. Hazel Jr. "When someone wants to do this, we need to be able to verify that the person trying to access the account is who he or she claims to be," Markva said. "This requires that they provide basic demographic information ... that we can compare to what is known by DMV or by DSS (Department of Social Services) already." So far there's been no public discussion in Virginia of the state's electronic personal identity initiative or the use of the Internet for increasingly more transactions with the state government. "When we allow governments to do that," said Virginia ACLU's Gasta?aga, "it facilitates and empowers things that we might not want to have happen if the wrong people get into power." Decisions based on the convenience of using information technology are often done with a short-term perspective, said Rob S. Hegedus, chief executive officer of Sera-Brynn, a cybersecurity company in Suffolk. "The privacy aspect catches up afterwards," he said. The state does not plan to hold public hearings on the Commonwealth Authentication Service system, officials said, but Demeria with RichTech contends "there's plenty of reason for us to have a public discussion, debate, (and) consideration." "We want to make sure all the i's are dotted and t's are crossed before we execute," he said. For members of the public, Burhop said, e-ID would allow use of the Internet with security and privacy while needing only a single sign-on, providing faster service and lowering service costs. "This is geared toward citizens who say, 'Why do I have to fill out this again?' " DMV's Burhop said. Virginia is a leader in using online transactions, DMV said. But in order to move higher-risk transactions to the Internet, a more robust authentication method is needed, officials said. For example, if a Virginian sells a car to another state resident, the deal requires a physical exchange of the registration card and the handwritten information on the card that is often hard for DMV representatives to read when the buyer registers the vehicle at the agency, noted Pam Goheen, DMV's assistant commissioner for communications. "If both parties had a high-assurance credential such as an e-ID," Goheen said, "this transaction could be done entirely online which would include the registration and title updates eliminating the need to visit the DMV and speeding up the process." The Virginia Information Technologies Agency and contractor Northrop Grumman are responsible for state IT infrastructure, but state agencies are responsible for their business applications and the data they hold, said Sam Nixon Jr., the state's chief information officer. IT security is a shared responsibility between VITA and the state agencies it serves, Nixon said. DMV says the $4.3 million Commonwealth Authentication Service system will be safe from abuse because agencies will control individuals' files. Those files will not all be put into a single database open to other agencies. Agencies using the service to verify a client's identity will get only a yes-or-no reply from the Commonwealth Authentication Service system, DMV said. And the DMV has not suffered a data breach, Burhop said. Nonetheless, cyberhackers are always trying to break into the state's IT system. In 2012, VITA and Northrop Grumman blocked more than 110 million cyberattacks on the state's data networks, Nixon said. "You can do the math, but that represents hundreds of thousands of blocked attacks each day." More than 47,000 viruses were blocked before they affected Virginia's government IT assets, Nixon said, and the number of security incidents VITA detects and fixes has tripled since 2011. But in 2009, before the Northrop Grumman took over the state's IT system, hackers got into the Virginia Department of Health Professions' prescription-monitoring database. Though it was unclear what records were actually taken, the database contained records of more than half a million people and more than 35 million prescriptions. Also in 2009, the Department of Education sent a thumb drive to another agency that contained more than 103,000 sensitive records. It was later determined that the thumb drive was lost. "When you ask a government entity to keep something like this safe, they really can't," Sera-Brynn's Hegedus said. "Nobody can guarantee it." pbacque at timesdispatch.com (804) 649-6813 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 2 10:54:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Oct 2013 11:54:02 -0400 Subject: [Infowarrior] - Novelist Tom Clancy Dies at 66 Message-ID: October 2, 2013 Tom Clancy, Best-Selling Novelist of Military Thrillers, Dies at 66 By JULIE BOSMAN http://www.nytimes.com/2013/10/03/books/tom-clancy-best-selling-novelist-of-military-thrillers-dies-at-66.html Tom Clancy, whose complex, adrenaline-fueled military novels made him one of the world?s best-selling and best-known authors, died on Tuesday in a hospital in Baltimore. He was 66. Ivan Held, the president of G. P. Putnam?s Sons, his publisher, did not provide a cause of death. Mr. Clancy?s books were successfully transformed into blockbuster Hollywood films, including ?Patriot Games,? ?The Hunt for Red October? and ?Clear and Present Danger.? His next book, ?Command Authority,? is planned for publication on Dec. 3. Seventeen of his novels were No. 1 New York Times best sellers, including his most recent, "Threat Vector," which was released in December 2012. Mr. Clancy was an insurance salesman when he sold his first novel, ?The Hunt for Red October,? to the Naval Institute Press for only $5,000. That publisher had never released a novel before, but the editors were taken with Mr. Clancy?s manuscript. They were concerned, however, that there were too many technical descriptions, so they asked him to make cuts. Mr. Clancy made revisions and cut at least 100 pages. The book took off when the publisher gave a copy to a friend of the Reagans, who made sure that President Ronald Reagan saw it. The president said that the book was ?my kind of yarn.? After the book?s publication in 1985, Mr. Clancy was praised for his mastery of technical details about Soviet submarines and weaponry. Even high-ranking members of the military took notice of the book?s apparent inside knowledge. In an interview in 1986, Mr. Clancy said, ?When I met Navy Secretary John Lehman last year, the first thing he asked me about the book was, ?Who the hell cleared it?? ? David Shanks, a Penguin executive who worked with Mr. Clancy for decades, called him ?a consummate author, creating the modern-day thriller, and one of the most visionary storytellers of our time.?Born to a middle-class family in Baltimore on April 12, 1947, Mr. Clancy skipped over the usual children?s literature and became obsessed by naval history from a young age, reading journals and books whose intended audience was career military officers and engineering experts. He absorbed details of submarine warfare, espionage, missile systems and covert plots between superpowers. He harbored ambitions to join the military, but his eyesight was too poor. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 2 10:57:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Oct 2013 11:57:53 -0400 Subject: [Infowarrior] - US denies entry to German writer and NSA critic Trojanow Message-ID: US denies entry to German writer and NSA critic Trojanow http://www.dw.de/us-denies-entry-to-german-writer-and-nsa-critic-trojanow/a-17131039 Questions have arisen after the German author Ilija Trojanow was denied entry to the United States, apparently without reason. A colleague of the writer claims his call for clarity about US spying activity is the answer. The 48-year-old Trojanow had been invited to a German language convention in the US city of Denver. However, he was left stranded at Salvador da Bahia airport, in Brazil. "The woman told me curtly and without emotion that entry to the United States was being denied to me - without giving any reason," Trojanow told the German newspaper the Frankfurter Allgemeine Zeitung on Tuesday. Trojanow and co-author Juli Zeh had been behind an open letter to Chancellor Angela Merkel that demanded the German government "tell the nation the full truth about the spying offensive." The document was written in light of former US intelligence operative Edward Snowden's revelations about far-reaching and unsupervised electronic spying operations by the National Security Agency (NSA). The letter was signed by some 70,000 people and handed to Merkel ahead of Germany's general election. It stated that there was a growing impression that Berlin had approved the methods of US and British authorities in spying on German citizens. "For this reason we ask you, is it politically desirable that the NSA monitors German citizens in a way that the German authorities are forbidden from doing by the constitution and the German Constitutional Court?" the authors wrote. German election campaigns have rarely been so spiritless - only the issue of data protection has been able to drive intellectuals to lift their pens in protest. Have polarizing debates become a thing of the past? (19.09.2013) Zeh now claims there was a connection between Trojanow's being denied entry to the US and his criticism of the spying operations of the NSA and other government agencies. "It is more than ironic that an author who raises his voice against the dangers of surveillance and the secret state within a state over the years could be denied entry to the 'land of the free and the home of the brave,'" Zeh wrote on her Facebook page. "To look at it in a positive way - everything we are doing is having an effect; It is being brought to public attention," Zeh observed. "To look at it negatively, it is a farce, pure paranoia. People who stand up for civil rights are being treated as enemies of the state." "It may only be an individual case, but it illustrates the consequences of a disastrous development and exposes the na?ve attitude of many citizens who reassure themselves with the mantra that this does not affect them," Zeh said. A spokeswoman for Trojanow's publisher said he was on the on way back to Germany on Tuesday, the news agency DPA reported. Zeh and Trojanow co-authored a 2009 book in German: "Attack on Freedom: Security Paranoia, the Surveillance State and the Dismantling of Civil Rights." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 2 12:34:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Oct 2013 13:34:59 -0400 Subject: [Infowarrior] - =?utf-8?q?NSA_had_test_project_to_collect_data_on?= =?utf-8?q?_Americans=E2=80=99_cellphone_locations=2C_director_says?= Message-ID: <5DDE367A-06BF-4D35-BD7E-B40DC73CD095@infowarrior.org> NSA had test project to collect data on Americans? cellphone locations, director says By Ellen Nakashima http://www.washingtonpost.com/world/national-security/nsa-had-test-project-to-collect-data-on-americans-cellphone-locations-director-says/2013/10/02/65076278-2b71-11e3-8ade-a1f23cda135e_print.html The National Security Agency launched a test project to collect data about ordinary Americans? cellphone locations in 2010 but later discontinued it, the agency?s director said Wednesday. In response to questioning at a Senate hearing, Gen. Keith Alexander said the secret effort ended in 2011 and that the data collected were never available for intelligence analysis purposes. ?This may be something that may be a future requirement for the country,? Alexander told the Senate Judiciary Committee, ?but it is not right now. .?.?. That?s the reason we stopped in 2011.? The NSA received ?samples? of cellphone location data ?in order to test the ability of its systems to handle the data format, but that data was not used for any other purpose,? Alexander said, reading from a one-paragraph statement that was provided to the congressional intelligence committees. In a brief interview after his testimony, Alexander said the NSA ended the program because it didn?t have ?the operational value? it needed.? The disclosure before the Senate Judiciary Committee confirmed recent speculation that the NSA had collected records showing the location of Americans? cellphones. Alexander and James R. Clapper Jr., the director of national intelligence, declined to answer questions on the issue at a hearing last month. At the time, Alexander said only that the intelligence community was not currently collecting so-called metadata on cellphone locations. Following a series of leaks by former NSA contractor Edward Snowden, U.S. officials have faced growing questions about the kinds of information that they are collecting, particularly when it comes to data about Americans. The British newspaper the Guardian first disclosed that the NSA collects the records of phone calls placed by millions of Americans. Intelligence officials have said such collection efforts are important counterterrorism measures and are legal. They have also said that the phone-records collection program does not mean the NSA is listening to most Americans? phone calls. The call database contains only phone numbers and the time and duration of calls, but no conversation content, subscriber names or cell site location. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 2 17:08:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Oct 2013 18:08:49 -0400 Subject: [Infowarrior] - DIRNSA admits 'attacks foiled' stats are misleading Message-ID: <9F61D159-7B41-46A0-A010-C5963054631E@infowarrior.org> NSA chief admits figures on terror plots foiled by snooping are misleading By Shaun Waterman The Washington Times Wednesday, October 2, 2013 http://www.washingtontimes.com/news/2013/oct/2/nsa-chief-figures-foiled-terror-plots-misleading/print/ The Obama administration issued misleading figures about terrorist plots foiled by the National Security Agency's warrantless mass-collection of records of Americans' every phone call, NSA chief Gen. Keith Alexander admitted to lawmakers Wednesday. "There is no evidence that [bulk] phone records collection helped to thwart dozens or even several terrorist plots," Senate Judiciary Committee Chairman Patrick Leahy, told Gen. Alexander of the 54 cases that administration officials have cited as the fruit of the NSA's controversial domestic snooping. "These weren't all plots, and they weren't all foiled," he said. The Vermont Democrat asked the general to admit that only 13 of the 54 cases had any connection at all to the United States, "Would you agree with that, yes or no?" "Yes," replied Gen. Alexander, who is both director of NSA and commander of the U.S. military's Cyber Command. In response to a follow-up question, Mr. Alexander also acknowledged that only one or two of the cases cited by senior officials at previous hearings had actually been foiled by the NSA's vast database. "The American people are getting left with an inaccurate impression of the effectiveness of NSA programs," Mr. Leahy said. He added that details of the 54 cases, even those provided to lawmakers in special classified briefings, were "unconvincing." "We get more from the newspapers than we do in the classified briefings that you give us," he told Gen. Alexander. "And we get a crossword puzzle, too," he added. "The government has not made its case that bulk collection of domestic phone records is an effective counterterrorism tool, especially in light of the intrusion on Americans' privacy," the senator concluded. The NSA's bulk collection program uses a provision of the USA Patriot Act to acquire telephone company records of the time, duration and numbers calling and called of every single phone call made in the United States. It was exposed in documents leaked by former NSA contract computer technician Edward J. Snowden. Director of National Intelligence James Clapper, who testified alongside Gen. Alexander, told the hearing that the number of plots foiled should not be the only metric by which the success of the program is measured. "I think there's another metric here that's very important. ... I would call it the peace-of-mind metric." He explained that they could also use the database to satisfy themselves that global terrorists abroad did not have connections or associates in the United States. Read more: http://www.washingtontimes.com/news/2013/oct/2/nsa-chief-figures-foiled-terror-plots-misleading/#ixzz2gbZdQVjK Follow us: @washtimes on Twitter --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 06:51:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 07:51:34 -0400 Subject: [Infowarrior] - =?windows-1252?q?Piracy_Isn=92t_Killing_The_Enter?= =?windows-1252?q?tainment_Industry=2C_Scholars_Show?= Message-ID: <7457C1EF-4365-4C2C-9DFE-4C593A21EC6D@infowarrior.org> Piracy Isn?t Killing The Entertainment Industry, Scholars Show ? Ernesto ? October 3, 2013 http://torrentfreak.com/piracy-isnt-hurting-the-entertainment-industry-121003/ The London School of Economics and Political Science has released a new policy brief urging the UK Government to look beyond the lobbying efforts of the entertainment industry when it comes to future copyright policy. According to the report there is ample evidence that file-sharing is helping, rather than hurting the creative industries. The scholars call on the Government to look at more objective data when deciding on future copyright enforcement policies. Over the past years there have been ample research reports showing that file-sharing can have positive effects on the entertainment industries. Industry lobbyists are often quick to dismiss these findings as incidents or weak research, and counter them with expensive studies they have commissioned themselves. The London School of Economics and Political Science (LSE) jumps into the discussion this week with a media policy brief urging the UK Government to look beyond the reports lobbyists hand to them. Their report concludes that the entertainment industry isn?t devastated by piracy, and that sharing of culture has several benefits. ?Contrary to the industry claims, the music industry is not in terminal decline, but still holding ground and showing healthy profits. Revenues from digital sales, subscription services, streaming and live performances compensate for the decline in revenues from the sale of CDs or records,? says Bart Cammaerts, LSE Senior Lecturer and one of the report?s authors. The report shows that the entertainment industries are actually doing quite well. The digital gaming industry is thriving, the publishing sector is stable, and the U.S. film industry is breaking record after record. ?Despite the Motion Picture Association of America?s (MPAA) claim that online piracy is devastating the movie industry, Hollywood achieved record-breaking global box office revenues of $35 billion in 2012, a 6% increase over 2011,? the report reads. Even the music industry is doing relatively well. Revenue from concerts, publishing and digital sales has increased significantly since the early 2000s and while recorded music revenues show a decline, there is little evidence that piracy is the lead cause. ?The music industry may be stagnating, but the drastic decline in revenues warned of by the lobby associations of record labels is not in evidence,? the report concludes. Music industry revenue The authors further argue that file-sharing can actually benefit the creative industries in various ways. The report mentions the success of the SoundCloud service where artists can share their work for free through Creative Commons licenses, the promotional effect of YouTube where copyrighted songs are shared to promote sales, and the fact that research shows that file-sharers actually spend more money on entertainment than those who don?t share. ?Within the creative industries there is a variety of views on the best way to benefit from online sharing practices, and how to innovate to generate revenue streams in ways that do not fit within the existing copyright enforcement regime,? the authors write. Finally, the report shows that punitive enforcement strategies such as the three strikes law in France are not as effective as the entertainment industries claim. The researchers hope that the U.K. Government will review the Digital Economy Act in this light, and make sure that it will take into account the interests of both the public and copyright holders. This means expanding fair use and private copying exceptions for citizens, while targeting enforcement on businesses rather than individuals. ?We recommend a review of the DEA and related legislation that strikes a healthy balance among the interests of a range of stakeholders including those in the creative industries, Internet Service Providers and internet users.? ?When both [the creative industries and citizens] can exploit the full potential of the internet, this will maximize innovative content creation for the benefit of all stakeholders,? the authors write. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 10:22:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 11:22:44 -0400 Subject: [Infowarrior] - Snowden should be put on kill list, joke US intelligence chiefs Message-ID: <25568E95-30EC-44D2-BCD1-10150E5FDF83@infowarrior.org> Edward Snowden should be put on kill list, joke US intelligence chiefs http://www.theguardian.com/world/2013/oct/03/edward-snowden-kill-list-joke-us-intelligence-chiefs --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 13:58:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 14:58:14 -0400 Subject: [Infowarrior] - Shots heard at US Capitol, building under lockdown Message-ID: Shots heard at Capitol, building under lockdown http://www.wtop.com/41/3471724/Shots-heard-at-Capitol-building-under-lockdown Thursday - 10/3/2013, 2:55pm ET WASHINGTON (AP) - A police officer was reported injured after gunshots at the U.S. Capitol, police said Thursday while putting the entire complex on lockdown. "There are reports of injuries," said Terrance Gainer, the Senate's Sergeant at Arms. FBI agents were also headed to the scene. The reports comes two weeks after a deadly shooting at the nearby Navy Yard and amid a government shutdown. As a warning was sounded, the House abruptly went into recess and lawmakers left the chamber floor. The House had just finished approving legislation aimed at partly lifting the government shutdown by paying National Guard and Reserve members. People standing outside the Supreme Court across the street from Congress were hurried into the court building by authorities. The White House was quickly locked down after the incident at Capitol Hill and the stretch of Pennsylvania Avenue in front of the compound was closed to pedestrians. Secret Service said the procedures were precautionary. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 15:15:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 16:15:56 -0400 Subject: [Infowarrior] - Security firm says iPhone bug can thwart device wiper Message-ID: Exclusive: Security firm says iPhone bug can thwart device wiper By Jim Finkle BOSTON | Thu Oct 3, 2013 3:42pm EDT http://www.reuters.com/article/2013/10/03/us-iphone-hackers-exclusive-idUSBRE9920YX20131003 (Reuters) - A German security company has uncovered a bug in the new iPhone's software that it said enables hackers to overcome a safeguard allowing users to remotely wipe stolen or lost phones. Berlin's Security Research Labs, known as SRL, said on Thursday that the vulnerability could potentially give criminals time to break into the Apple Inc phones, gain complete control of data, access email accounts and then potentially take over the user's bank accounts. The research firm also said it has figured out an easier way to crack the iPhone fingerprint scanner than has been demonstrated thus far. SRL, which this summer disclosed a major security flaw in SIM card technology that affected mobile systems around the globe, said it has shared its research with Apple's security team. Apple declined to comment. The company sometimes refrains from discussing potential security bugs while it reviews research. If SRL's findings are verified, this would mark at least the fifth security bug in the iPhone and its iOS operating system uncovered since July. Apple has already fixed some of those flaws, including one disclosed at a summer hacking conference that make the devices vulnerable to snooping. The company has remained silent since concerns have been raised about the security of its "Touch ID" fingerprint scanner on its top-of-the-line iPhone 5S, which went on sale last month. A German hacker known as Starbug was able to crack Touch ID within two days of its release. Several experts in mobile security and biometrics say they have independently verified his work. ANOTHER WAY TO SKIN A CAT Apple's "Find My iPhone" feature aims to thwart thieves and hackers. It lets users log into Apple's iCloud and wipe a device, giving victims a chance to disable the phone before criminals can gain access. It also prevents criminals from registering those devices to another account. Ben Schlabs, an SRL project manager in biometric security, told Reuters he has identified a new method for preventing those features from being initiated. He was able to put an iPhone 5S on "airplane mode," cutting off iCloud's ability to communicate with the device to initiate the features. That bought him time to create a "fake finger" to fool Touch ID. He said he created a fingerprint mold using the same basic approach as Starbug, who took a photo of an iPhone user's fingerprint with a high resolution camera, printed it out on a plastic sheet, then etched the mold. Schlabs used a previous-generation iPhone 4S to take the photo. Once he gained access to the iPhone 5S with the fake finger, he looked up the user's email address. He then went to Apple's website on an ordinary computer and instructed it to send credentials for resetting its password to the account of the phone's owner. At that point, he turned off airplane mode for several seconds: just enough time to retrieve email, but not enough for the "Find My iPhone" feature to disable the device or initiate a wipe. Once he reset the password, Schlabs said he was able to completely "own" the iPhone: he could take over accounts from outside email providers, and reset passwords by getting email providers to send SMS messages to the hijacked phone. "Once you have access to the email, you can engage in total online identity theft. You can get bank credentials or anything else," Schlabs said. Chris Morales, a hacking expert and research director with NSS Labs of Austin, Texas, said the growing research on Touch ID underscores what members of the security community have long known: biometrics are not as secure as passwords. He said a facial recognition feature in Google Android operating system has been defeated using photos. "As bad as passwords are, it's more secure to know something than to be something," Morales said. "Biometrics only extends security for people who are extremely lazy." IPhone users can take steps to mitigate the potential for attacks using the newly identified approach, Schlabs said. For instance, users can adjust the phone's settings to prevent airplane mode from being activated when devices are locked. Customers in Australia, Ireland, New Zealand, the United Kingdom and the United States can opt for two-factor authentication, which requires the user to enter a four-digit code that is sent to their iPhone or other device. (Reporting by Jim Finkle; Editing by Edwin Chan, Martin Howell, Tiffany Wu and Phil Berlowitz) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 16:00:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 17:00:48 -0400 Subject: [Infowarrior] - NAS: Cybersecurity is an occupation, not a profession Message-ID: <7424297E-A2FC-4C05-AE6E-D72385EFEB85@infowarrior.org> (Report @ http://www.nap.edu/catalog.php?record_id=18446) Cybersecurity should be seen as an occupation, not a profession, report says http://www.csoonline.com/article/740456/cybersecurity-should-be-seen-as-an-occupation-not-a-profession-report-says September 26, 2013 ? A panel from the National Academy of Sciences, commissioned by the U.S. Department of Homeland Security, says that cybersecurity should be seen as an occupation and not a profession. After being commissioned by the U.S. Department of Homeland Security, a panel from the National Academy of Sciences reported that the cybersecurity field is too young, and the technologies, threats, and actions taken to counter them change too rapidly, for professionalization to be considered. Thus, cybersecurity is an occupation and not a profession. For some organizations, making cybersecurity a profession may provide a useful degree of quality control, the report says, but at the same time, professionalization also imposes barriers, which would prevent talented workers from entering the field at a time when "demand for cybersecurity workers exceeds supply." Sticking to the quality control aspect of the report, professionalization, it says, has the potential to attract workers and establish long-term paths to improving the work force overall, but measures such as standardized education or requirements for certification, have their disadvantages too. For example, formal education or certification could be helpful to employers looking to evaluate the skills and knowledge of a given applicant, but it takes time to develop curriculum and reach a consensus on what core knowledge and skills should be assessed in order to award any such certification. For direct examples of such a quandary, InfoSec needs only to look at the existing certification programs, and the criticisms directed that certifications such as the CISSP and C|EH. Once a certification is issued, the previously mentioned barriers start to emerge. The standards used to award certifications will run the risk of becoming obsolete. Furthermore, workers may not have incentives to update their skills in order to remain current. Again, this issue is seen in the industry today, as some professionals chose to let their certifications lapse rather than renew them or try and collect the required CPE credits. But the largest barrier that some of the most talented individuals in cybersecurity are self-taught. So the requirement of formal education or training may, as mentioned, deter potential employees from entering the field at a time when they are needed the most. So while professionalization may be a useful tool in some circumstances, the report notes, it shouldn't be used as a proxy for "better." "It would be very hard to professionalize the field of cybersecurity. The complexities are such that the subject matter experts in any particular security field are not necessarily individuals that have passed exams certifying their level of knowledge or competence, but rather independent thinkers that have pieced together solutions, programs, and assessments from years of hands-on experience and analysis of event details," Sarah Isaacs, CEO of Conventus, an IT Security consultancy, told CSO. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 16:43:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 17:43:58 -0400 Subject: [Infowarrior] - Twitter files IPO Message-ID: <5CE61E98-61ED-4DB9-9C9C-3109A4556B70@infowarrior.org> No more secrets: Twitter IPO filing is now public Published: Thursday, 3 Oct 2013 | 5:14 PM ET By: Cadie Thompson | Technology Reporter, CNBC.com http://www.cnbc.com/id/101074151 Twitter made its S-1 filing available to the public on Thursday, finally shedding some light on its initial public offering plans. The company plans to trade under the ticker TWTR and seeks to raise $1 billion, according to the filing. Twitter has seen rapid growth recently. In 2012 the company saw an increase in revenue of 198 percent to about $317 million and a net loss decrease of 38 percent to about $79 million, according to the filing. According to the filing, Twitter has 250 million monthly active users, 100 million of those are daily active users. The company said in the filing that mobile is the primary driver of its business and that 75 percent of the monthly active users access Twitter from a mobile device. Those monthly active mobile users account for over 65 percent of Twitter's advertising revenue coming from mobile. Twitter said it expects its mobile revenue to continue to grow in the near term. There's still a lot of information that is missing from the filing, like the number of shares the company plans to offer and the price of the shares, but it does give some insight into which investors stand to make the most money off the offering. Jack Dorsey has a 4.9 percent stake in the company, Evan Williams has a 12 percent stake and Peter Fenton, a Twitter board member, has a 6.7 percent stake. In September, the company announced it had confidentially submitted documents to the U.S. Securities and Exchange Commission with plans to go public, but Twitter didn't reveal anything else about its IPO plans. The filing was made under the JOBS Act, which allows companies making less than $1 billion in revenue to work with regulators on IPO plans before actually making it public. The micro-blogging site has been valued at about $10 billion and is one of the most anticipated Silicon Valley IPOs since Facebook. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 3 17:41:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Oct 2013 18:41:16 -0400 Subject: [Infowarrior] - Adobe Data Breach Exposes 3 Million Customer Credit Cards Message-ID: <46CFE3FC-DE48-4D64-88B2-7C3A51531E6B@infowarrior.org> Adobe Data Breach Exposes 3 Million Customer Credit Cards By Paul WagenseilOctober 3, 2013 4:10 PM - Source: Tom's Guide US | B 2 comments http://www.tomsguide.com/us/adobe-data-breach,news-17642.html Adobe Systems, maker of Photoshop, InDesign, Premiere and other professional creative software products, said today (Oct. 3) that the personal and financial data of nearly 3 million Adobe customers, as well as the source code for Adobe products, had been stolen in a massive data breach. "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," read an Adobe company blog post attributed to Chief Security Officer Brad Arkin. "We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers," Arkin added, "including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders." Arkin said the company was resetting passwords on affected accounts, notifying customers whose credit- or debit-card information was exposed, notifying the financial institutions handling customer accounts and working with law enforcement. "Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available," Arkin said. Adobe set up a page with instructions for customers on how to reset their Adobe passwords. Apart from what Adobe recommends, customers who have ever bought software directly from the Adobe website should immediately change their passwords for the Adobe account, as well as for any account that shares that password, and also closely monitor their financial records for the next several months. In a separate blog posting dated yesterday (Sept. 2), Arkin said that "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party." "Based on our findings to date," Arkin said, "we are not aware of any specific increased risk to customers as a result of this incident." Arkin thanked Brian Krebs, the independent security blogger who has been investigating professional identity thieves at his KrebsOnSecurity blog. Krebs has revealed that a single gang used sophisticated malware to breach the networks of Dun & Bradstreet, LexisNexis and the National White Collar Crime Center, and then resold the information in underground criminal marketplaces. Examining the gang's server contents (which were posted online by a rival group of hackers), Krebs and fellow researcher Alex Holden of Hold Security found source code for Adobe products in a 40-gigabyte trove of stolen software. Krebs informed Adobe of the findings a week ago, and in return Adobe told Krebs the company had been conducting its own investigation since mid-September. In June, Adobe began a multi-year process to shift its software distribution from the traditional model of boxed DVDs sold in stores to an open-ended subscription model, in which paying customers download software straight from the Adobe website. (The new subscriptions were almost immediately hacked and pirated.) That's a noble effort to combat piracy and unauthorized re-use of Adobe products ? millions of Americans have copies of Photoshop they didn't directly pay for ? but it also means that Adobe aims to retain the credit-card information of almost all its customers. Judging by today's events, that might not be such a good idea. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 4 07:44:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Oct 2013 08:44:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?Swiss_authorities_investigate_po?= =?windows-1252?q?tential_manipulation_of_=A33tn_currency_markets?= Message-ID: <12173269-2DC6-4E89-8D81-D4588272C707@infowarrior.org> Swiss authorities investigate potential manipulation of ?3tn currency markets ? Jill Treanor ? theguardian.com, Friday 4 October 2013 06.26 EDT http://www.theguardian.com/business/2013/oct/04/switzerland-foreign-exchange-manipulation-currency-markets-banks Currencies are traded on some of the most liquid and active markets in the world. Photograph: Alamy Switzerland is investigating several financial firms over the potential manipulation of currency markets where ?3tn changes hands every day. The country's markets regulator said that "multiple banks around the world" were also potentially involved in an investigation that will raise fresh questions about the integrity of financial markets. The Swiss Financial Market Supervisory Authority said in a brief statement: "FINMA is currently conducting investigations into several Swiss financial institutions in connection with possible manipulation of foreign exchange markets. FINMA is co-ordinating closely with authorities in other countries as multiple banks around the world are potentially implicated." The regulator said it would give no further details on the investigations or the banks potentially involved. In June the UK's Financial Conduct Authority, the City regulator, launched an investigation into potential manipulation of currency markets and the role of benchmarks in some of the most liquid and activity traded markets in the world. The FCA investigation emerged after a Bloomberg report alleged that traders at banks were putting in orders ahead of a 60-second window when benchmarks for a series of currency indices run by WM Reuters, a joint venture between the WM company and Thomson Reuters, were set. The role played by benchmarks in financial markets has been highlighted since the Libor-rigging scandal exposed traders at banks and financial firms around the world manipulating the key standards for interest rates. Barclays was the first major bank to be fined, paying ?290m in June last year, but others have since followed including Royal Bank of Scotland, UBS and more recently the interdealer broker Icap. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 4 09:43:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Oct 2013 10:43:57 -0400 Subject: [Infowarrior] - OT: Vo Nguyen Giap, renowned Vietnamese general, dies in Hanoi Message-ID: <7F7D703A-55AC-4F08-9700-630C943129F6@infowarrior.org> Vo Nguyen Giap, renowned Vietnamese general, dies in Hanoi By Bart Barnes http://www.washingtonpost.com/local/obituaries/military-leader-vo-nguyen-giap-defeated-french-us-forces-in-vietnam-conflicts/2013/10/04/897ffff2-c5da-11df-94e1-c5afa35a9e59_print.html Vo Nguyen Giap, the Vietnamese military commander and national folk hero who organized the army that defeated the French and then the Americans in 30 years of Southeast Asian warfare, is dead. That war ended in 1975 when the last remaining U.S. military forces evacuated Saigon, leaving behind a war-torn and battle-scarred nation, united under Communist rule. He died Oct. 4 in a hospital in Hanoi, a government official told the Associated Press. He was 102. No cause of death was immediately reported. Gen. Giap was the last survivor in a triumvirate of revolutionary leaders who fought France?s colonial forces and then the United States to establish a Vietnam free of Western domination. With the Vietnamese Communist leader Ho Chi Minh, who died in 1969, and former prime minister Pham Van Dong, who died in 2000, Gen. Giap was venerated in his homeland as one of the founding fathers of his country. To military scholars around the world, he was one of the 20th century?s leading practitioners of modern revolutionary guerrilla warfare. From a ragtag band of 34 men assembled in a forest in northern Vietnam in December 1944, Gen. Giap built the fighting unit that became the Vietnam People?s Army. At the beginning, its entire supply of weapons consisted of two revolvers, one light machine gun, 17 rifles and 14 flintlocks, some of them dating to the Russo-Japanese War of 1904-05, said Cecil B. Currey, Gen. Giap?s biographer. But the original 34 men took a solemn oath to fight to the death for a Vietnam independent of foreign rule, and they promised not to help or cooperate with colonial or any other foreign authorities. By August 1945, when the surrender of Japan ended World War II, they had become an army of 5,000, equipped with American weapons supplied by the U.S. Office of Strategic Services, the precursor of the CIA, to use against the Japanese who had occupied Vietnam. For almost three decades, Gen. Giap led his army in battle against better-supplied, better-equipped and better-fed enemies. In 1954, he effectively ended more than 70 years of French colonial rule in Indochina, dealing a humiliating defeat to a French garrison in a 55-day siege of the mountain-ringed outpost at Dien Bien Phu. To millions of Vietnamese, this was more than a military victory. It was a moral and psychological triumph over a hated colonial oppressor, and it earned Gen. Giap the status of a national legend. Twenty-one years later, on April 30, 1975, came the fall of Saigon, the capital of South Vietnam. This ended a prolonged and bitter war between Vietnamese communists, based in the north, and the U.S.-supported government of South Vietnam, which was based in Saigon and backed by the military might of the world?s greatest superpower. In an internal power struggle three years earlier, Gen. Giap was replaced as field commander of the communist forces, and in 1975 he watched from the sidelines as the army he created and nurtured took the enemy capital. Nevertheless, 25 years later, he would recall the fall of Saigon as the ?happiest moment in this short life of mine.? With the capture of Saigon, Vietnam was united under a single governmental authority for the first time since its partition into North and South Vietnam after the 1954 French defeat. Gen. Giap was defense minister in the Communist government that ruled the new Vietnam and a member of the powerful politburo. But it was as a military leader that he made his mark on history. In the course of his career, Gen. Giap commanded millions of men in regular army units, supplemented by local militia and self-defense outfits in villages and hamlets throughout Vietnam. He journeyed to the remotest areas of his country on recruiting missions, and he learned the art of combat the old-fashioned way ? by fighting. He waged all manner of warfare: guerrilla raids, sabotage, espionage, terrorism and combat on the battlefield, and he involved as much of the civilian population in this effort as he could. Peasant women carried concealed arms, ammunition and supplies to hiding guerrilla soldiers. Children passed along information about troop movements through their villages. Everyone was a lookout for enemy aircraft. ?All citizens are soldiers. All villages and wards are fortresses, and our entire country is a vast battlefield on which the enemy is besieged, attacked and defeated,? Gen. Giap was quoted as saying. To survive, he had to be flexible and adaptable, and he was. Facing an overpowering array of U.S. bombs and artillery, he employed a tactic that was sometimes likened to a boxer?s grabbing an opponent by the belt and drawing him too close for his punches to be effective. In close combat, the bombs and artillery shells of his enemy would be of limited use, but Gen. Giap?s men, operating in small units, could fight more effectively. In the end, Gen. Giap would outlast his enemies. The French grew tired of paying the price of fighting him in Southeast Asia, and so did the United States, after 58,000 American deaths in a war that promised no more than a stalemate. He said: ?The United States imperialists want to fight quickly. To fight a protracted war is a big defeat for them. Their morale is lower than grass. .?.?. National liberation wars must allow some time ? a long time. .?.?. The Americans didn?t understand that we had soldiers everywhere and that it was very hard to surprise us.? To at least one U.S. military commander, this strategy was apparent even in the early years of American involvement in the hostilities. Marine Corps Gen. Victor Krulak, in a 1966 memorandum to President Lyndon B. Johnson and Defense Secretary Robert S. McNamara, wrote that Gen. Giap ?was sure that if the cost in casualties and francs was high enough, the French would defeat themselves in Paris. He was right. It is likely that he feels the same about the USA.? A master of military logistics and administration, Gen. Giap directed construction, maintenance and operation of the Ho Chi Minh Trail, down which a steady stream of men and arms flowed from North Vietnam to support the war in the South. Under his command, a corps of 100,000 Vietnamese and Laotian laborers slogged under 70-pound packs through swamps and jungles, up and down mountains to deliver the supplies, weapons and ammunition to fuel the fight. From a network of mountain footpaths used by peasants and travelers for centuries, they built a 12,000-mile system of camouflaged roadways and spurs, much of it in the neutral territory of Laos. Some sections were two-lane paved roads, capable of handling tanks and heavy trucks. Others were primitive dirt roads. There were air raid shelters, rest stops and bridges. All of it demanded unremitting repair and upkeep. Gen. Giap was a hard-line and tenacious Communist, and one of the early members of the Vietnamese Communist Party, which was founded by Ho in 1930. In the late 1940s, he led a program aimed at eradication of non-communist political organizations in Vietnam that is said to have caused the death of thousands. One technique of this campaign was to tie opponents together in batches like cordwood, then throw them into the Red River and let them drown while floating out to sea. This was known as ?crab fishing.? From a manpower base of peasant farmers, Gen. Giap constructed a paramilitary guerrilla force, which he then transformed into an army of fully trained soldiers through a combination of rigorous training and political indoctrination. In three decades of combat, he is said to have had more than a million of his soldiers killed, a casualty level that would have cost any U.S. general his command. ?Every minute hundreds of thousands of people die all over the world. The life or death of a hundred, a thousand or tens of thousands of human beings, even if they are our own compatriots, represents really very little,? the French writer Bernard B. Fall quoted him as saying. Metaphorically, Gen. Giap was described in Vietnamese as ?Nui Lua,? which means roughly ?volcano beneath the snow.? On the surface, his personality was cold and arrogant, but he was seething on the inside and capable of fearsome explosions. Colleagues said he was impatient, dogmatic, energetic and loyal to his friends. He was ambitious and not above personal vanity. To several interviewers, he suggested that he could be considered an Asian Napoleon. Time magazine, in a 1968 article, described him as a ?dangerous and wily foe .?.?. a tactician of such talents that U.S. military experts have compared him with German Field Marshal Erwin Rommel.? Vo Nguyen Giap was born Aug. 25, 1911, in the province of Quang Binh in an area of central Vietnam, which, with Laos and Cambodia, was then part of the French protectorate of Indochina. His native village of An Xa consisted primarily of straw and bamboo huts, alongside a few tile-roofed buildings. As a boy, he attended local public schools, where his teachers beat him with a thin bamboo stick whenever he faltered in his lessons. At age 12, he failed the first examination that would have allowed him additional schooling. French colonial authorities discouraged advanced education throughout Indochina, knowing that an ignorant population would be easier to control. But the young Vo Nguyen Giap spent the next year in intensive study, and on his second try, he passed the exam that allowed him to attend secondary school in Hue. There, in 1926, the future general read a book that would change his life and influence the history of Southeast Asia. Its title was ?Colonialism on Trial,? written by Ho Chi Minh. Gen. Giap would recall years later that Ho?s book triggered in him an abiding hatred of the French, and it launched him on the revolutionary journey that would become his life?s work. He read other writings of Ho and studied the works of Karl Marx and Vladi?mir Lenin, organized an underground reading library and in 1927 was expelled from school for organizing a strike in support of a student who he was sure had been falsely accused of cheating. He wrote under pseudonyms for a reform-minded newspaper, became active with the Communist Party and was jailed for revolutionary activities from 1930 to 1932. On his release, he won a scholarship for a school in Hanoi and received a baccalaureate degree in 1934. Later he taught history and French at a private school in Hanoi, and he was admitted to the French-managed University of Hanoi?s law school, where he received a doctorate in 1938. In 1939 he married Quang Thai, a fellow member of the Communist Party, whom he had met in prison years earlier. She gave birth to their daughter, Hong Anh, in January 1940. Four months later, the central committee of the Communist Party decided to send him to join Ho, who was then living in exile in China, where he was preparing plans for the revolution he intended to launch. Soon after Gen. Giap left for China, his wife was taken into custody by French authorities and held in a prison facility that would become known 30 years later in the United States as the ?Hanoi Hilton,? where downed American fliers were held as prisoners of war. Quang Thai would die in prison, either by suicide or while being tortured. Since her arrest, their daughter had been cared for by Gen. Giap?s parents. But not until late in World War II did Gen. Giap learn of his wife?s death. In 1947, his father would also die while in French custody, refusing to publicly denounce his son, although he never agreed with his communist ideology. ?He carries in his soul wounds that even time cannot heal,? Hong Anh told Currey in a 1988 questionnaire, speaking of her father. In the spring of 1941, Ho and Gen. Giap had returned to Vietnam from China. At a remote hamlet called Pac Bo, Ho convened a meeting of the central committee of the Vietnamese Communist Party and created the organization that would become known as the ?Viet Minh,? to wage a war of independence against the French and the Japanese, who had occupied Vietnam after France fell to Nazi Germany early in World War II. Also to be eliminated were the Vietnamese ?jackals? who collaborated with the enemy. During the war years, Gen. Giap began traveling regularly to the hamlets and settlements of the Vietnamese countryside, laying the recruiting groundwork for the army he intended to raise. In July 1944, after the collapse of the Nazi collaborationist government of Vichy France, he wanted to launch an armed insurrection in Vietnam, but Ho vetoed the idea. The time was not ripe for open rebellion, he said. But with the end of World War II in 1945, it was possible to begin guerrilla operations against the French, who returned to Vietnam expecting to reclaim their colony. Throughout the late 1940s, Gen. Giap orchestrated hit-and-run operations against French forces. His plan was to entice the enemy to expend valuable energy in fruitless pursuit of an elusive quarry in remote areas or tie him down in an unproductive or static position. ?Use the feint, the ambush, the diversionary outrage,? he wrote in a training manual adapted from the Chinese Communist leader Mao Zedong. ?The enemy may outnumber you ten to one strategically, but if you compel him to disperse his forces widely, you may outnumber him ten to one locally wherever you choose to attack him.? His army suffered heavy casualties in the Red River offensive against the French in 1951, but the Viet Minh regrouped and vanquished the French at Dien Bien Phu in 1954. Just a month before that siege ended, top French military officials traveled to Washington, hoping for a pledge of U.S. assistance. There, on April 7, 1954, President Dwight D. Eisenhower declared: ?You have a row of dominoes set up and you knock over the first one, and what will happen to the last one is the certainty that it will go over very quickly. .?.?. The loss of Indochina will cause the fall of Southeast Asia like a set of dominoes.? No U.S. assistance was given to the French at Dien Bien Phu, but the domino theory that Eisenhower had articulated in response to the French request would influence U.S. military policy in that part of the world for the next two decades. At the Geneva Conference that followed the Battle of Dien Bien Phu, Vietnam was divided into two countries: north and south. In the north, the Communist Party ruled under the leadership of Ho. With the French colonialists out of the picture, an ambitious land-reform program was undertaken, for which Gen. Giap would later apologize. ?[W]e .?.?. executed too many honest people .?.?. and, seeing enemies everywhere, resorted to terror, which became far too widespread. .?.?. Worse still, torture came to be regarded as a normal practice,? he was quoted as having said by Neil Sheehan in his Pulitzer-winning 1988 book, ?A Bright Shining Lie.? In the south, the United States replaced France as the major foreign influence. CIA operatives worked to blunt communist initiatives, and by the early 1960s, U.S. soldiers began arriving as ?advisers? to the Army of the Republic of Vietnam. Men and supplies flowed southward from Hanoi, and indigenous guerrilla units throughout South Vietnam began raiding government troops and installations. The United States increased its level of support, which by 1968 had reached 500,000 military personnel. Arguably, the turning point of the war came during the 1968 Tet Offensive, which was orchestrated by Gen. Giap. To launch this campaign, he had directed the movement of 100,000 men and tons of supplies to strategic points throughout South Vietnam. On Jan. 30, communist forces attacked 40 provincial capitals and major cities, including an unsuccessful but widely publicized assault on the U.S. Embassy in Saigon. The offensive failed militarily, Gen. Giap?s forces suffered heavy casualties and a hoped-for civilian uprising against the U.S.-backed government of South Vietnam did not happen. But politically, the offensive was devastating in the United States, where it shattered public confidence in U.S. policy and led Johnson to decide against seeking reelection as president. In the next four years, Gen. Giap orchestrated guerrilla raids by small units against South Vietnamese and U.S. forces. In the spring of 1972, he was relieved of his command after his Easter offensive failed in the face of massive U.S. attacks, which included the bombing of North Vietnam and the mining of Haiphong Harbor. Viet Cong and North Vietnamese losses were said to have included more than 100,000 fatalities. Gen. Giap retained his position as defense minister, but command of the Vietnam People?s Army passed to longtime disciple Van Tien Dung. U.S. involvement in the war officially ended in January 1973 with the signing of peace accords and the withdrawal of American military forces. Without U.S. support, the South Vietnamese military collapsed in two years. ?American soldiers were just like any others,? Gen. Giap said years later in response to a question from a former U.S. service member. ?When led well, they fought well.? Rarely, if ever, did the general comment publicly on the millions of Vietnamese boat people who fled the country after the communist takeover or the stagnation of the economy under Communist Party leadership. After 1975, Gen. Giap faded from the public scene. He resigned as defense minister in 1980 and was dropped from the politburo in 1982. He continued to lead ceremonial functions and lived in comfort in a government-assigned villa in Hanoi. In 1992, he was awarded Vietnam?s highest honor, the Gold Star Order, for contributions to ?the revolutionary cause of party and nation.? In 1946, after the death of his first wife, Gen. Giap married Dang Bich Hai, the daughter of a former professor and mentor. They had two daughters, Vo Hua Binh and Vo Hahn Phuc, and two sons, Vo Dien Bien and Vo Hoai Nam. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 4 10:47:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Oct 2013 11:47:29 -0400 Subject: [Infowarrior] - Schneier: Why the NSA's attacks on the internet must be made public Message-ID: Why the NSA's attacks on the internet must be made public ? Bruce Schneier ? theguardian.com, Friday 4 October 2013 10.50 EDT http://www.theguardian.com/commentisfree/2013/oct/04/nsa-attacks-internet-bruce-schneier Today, the Guardian is reporting on how the NSA targets Tor users, along with details of how it uses centrally placed servers on the internet to attack individual computers. This builds on a Brazilian news story from last week that, in part, shows that the NSA is impersonating Google servers to users; a German story on how the NSA is hacking into smartphones; and a Guardian story from two weeks ago on how the NSA is deliberately weakening common security algorithms, protocols, and products. The common thread among these stories is that the NSA is subverting the internet and turning it into a massive surveillance tool. The NSA's actions are making us all less safe, because its eavesdropping mission is degrading its ability to protect the US. Among IT security professionals, it has been long understood that the public disclosure of vulnerabilities is the only consistent way to improve security. That's why researchers publish information about vulnerabilities in computer software and operating systems, cryptographic algorithms, and consumer products like implantable medical devices, cars, and CCTV cameras. It wasn't always like this. In the early years of computing, it was common for security researchers to quietly alert the product vendors about vulnerabilities, so they could fix them without the "bad guys" learning about them. The problem was that the vendors wouldn't bother fixing them, or took years before getting around to it. Without public pressure, there was no rush. This all changed when researchers started publishing. Now vendors are under intense public pressure to patch vulnerabilities as quickly as possible. The majority of security improvements in the hardware and software we all use today is a result of this process. This is why Microsoft's Patch Tuesday process fixes so many vulnerabilities every month. This is why Apple's iPhone is designed so securely. This is why so many products push out security updates so often. And this is why mass-market cryptography has continually improved. Without public disclosure, you'd be much less secure against cybercriminals, hacktivists, and state-sponsored cyberattackers. The NSA's actions turn that process on its head, which is why the security is so incensed. The NSA not only develops and purchases vulnerabilities, but deliberately creates them through secret vendor agreements. These actions go against everything we know about improving security on the internet. It's folly to believe that any NSA hacking technique will remain secret for very long. Yes, the NSA has a bigger research effort than any other institution, but there's a lot of research being done ? by other governments in secret, and in academic and hacker communities in the open. These same attacks are being used by other governments. And technology is fundamentally democratizing: today's NSA secret techniques are tomorrow's PhD theses and the following day's cybercrime attack tools. It's equal folly to believe that the NSA's secretly installed backdoors will remain secret. Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government. But it wouldn't take a rogue NSA employee; researchers or hackers could discover any of these backdoors on their own. This isn't hypothetical. We already know of government-mandated backdoors being used by criminals in Greece, Italy, and elsewhere. We know China is actively engaging in cyber-espionage worldwide. A recent Economist article called it "akin to a government secretly commanding lockmakers to make their products easier to pick ? and to do so amid an epidemic of burglary." The NSA has two conflicting missions. Its eavesdropping mission has been getting all the headlines, but it also has a mission to protect US military and critical infrastructure communications from foreign attack. Historically, these two missions have not come into conflict. During the cold war, for example, we would defend our systems and attack Soviet systems. But with the rise of mass-market computing and the internet, the two missions have become interwoven. It becomes increasingly difficult to attack their systems and defend our systems, because everything is using the same systems: Microsoft Windows, Cisco routers, HTML, TCP/IP, iPhones, Intel chips, and so on. Finding a vulnerability ? or creating one ? and keeping it secret to attack the bad guys necessarily leaves the good guys more vulnerable. Far better would be for the NSA to take those vulnerabilities back to the vendors to patch. Yes, it would make it harder to eavesdrop on the bad guys, but it would make everyone on the internet safer. If we believe in protecting our critical infrastructure from foreign attack, if we believe in protecting internet users from repressive regimes worldwide, and if we believe in defending businesses and ourselves from cybercrime, then doing otherwise is lunacy. It is important that we make the NSA's actions public in sufficient detail for the vulnerabilities to be fixed. It's the only way to force change and improve security. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 4 12:13:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Oct 2013 13:13:31 -0400 Subject: [Infowarrior] - Friday idiocy: 'Tweeter' is NOT 'Twitter' Message-ID: (supposedly the stock is halted, as ZeroHedge says, "to protect idiots from themselves.:" --rick) ?TWTRQ? stock up as much as 1,800% as investors confuse Tweeter for Twitter October 4, 2013, 11:59 AM http://blogs.marketwatch.com/thetell/2013/10/04/twtrq-stock-up-as-much-as-1800-as-investors-confuse-tweeter-for-twitter/ Twitter may be the story of the day, but Tweeter is threatening to push the social-media company off its perch. Tweeter Home Entertainment Group Inc. TWTRQ stock is up 523% Friday, trading at the whopping price of 5 cents. It hit as high as 13 cents in morning trade. Why is this penny stock jumping so much? We don?t have a precise answer for you except to say that its ticker bears a striking resemblance to a social-media company that recently started chirping about its long-awaited initial public offering. Twitter TWTR , which released its IPO plans on Thursday, will trade under the ticker ?TWTR? while Tweeter trades with the ticker ?TWTRQ.? Investors aren?t the only ones confused. As of 12:45 p.m. Eastern Google?s ticker page for Tweeter showed the company?s name as TWTR Inc. The page pulled news stories related to Twitter. Tweeter was a Boston-based consumer electronics chain that went into Chapter 11 bankruptcy in 2007; its operating company eventually liquidated in 2008. But its memory lives on through those raised in the Boston area with cherished memories of going to concerts at the Tweeter Center (now renamed the Comcast Center). And now its immortality is cemented in what has become a high-profile ticker. This kind of blooper unsurprisingly caused some grumbles on Twitter itself... < - > http://blogs.marketwatch.com/thetell/2013/10/04/twtrq-stock-up-as-much-as-1800-as-investors-confuse-tweeter-for-twitter/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 4 12:19:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Oct 2013 13:19:27 -0400 Subject: [Infowarrior] - Attacking Tor: how the NSA targets users' online anonymity Message-ID: <7D9DA295-94B7-4535-84A8-F83C4F39DBF8@infowarrior.org> Attacking Tor: how the NSA targets users' online anonymity Secret servers and a privileged position on the internet's backbone used to identify users and attack target computers ? Bruce Schneier ? theguardian.com, Friday 4 October 2013 10.50 EDT http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world. According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser. The NSA refers to these capabilities as CNE, or computer network exploitation. The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney. The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections. Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic. The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US. After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems. Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA. Exploiting the Tor browser bundle Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly. This, too, is difficult. Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle. According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in EX4, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 ? 16.0.2, as well as Firefox 10.0 ESR ? the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the EX4 library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR. The Quantum system To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server. In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks. They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack. The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access". This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique. The FoxAcid system According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate. The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA. However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks. FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag is given in another top-secret training presentation provided by Snowden. There is no currently registered domain name by that name; it is just an example for internal NSA training purposes. The training material states that merely trying to visit the homepage of a real FoxAcid server will not result in any attack, and that a specialized URL is required. This URL would be created by TAO for a specific NSA operation, and unique to that operation and target. This allows the FoxAcid server to know exactly who the target is when his computer contacts it. According to Snowden, FoxAcid is a general CNE system, used for many types of attacks other than the Tor attacks described here. It is designed to be modular, with flexibility that allows TAO to swap and replace exploits if they are discovered, and only run certain exploits against certain types of targets. The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target's technical sophistication, the value of the exploit, and other considerations. In the case of Tor users, FoxAcid might use EgotisticalGiraffe against their Firefox browsers. FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. One of the top-secret documents provided by Snowen demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process. According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer. These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual. FoxAcid payloads are updated regularly by TAO. For example, the manual refers to version 8.2.1.1 of one of them. FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. The operations manual states that a FoxAcid payload with the codename DireScallop can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process. The NSA also uses phishing attacks to induce users to click on FoxAcid tags. TAO additionally uses FoxAcid to exploit callbacks ? which is the general term for a computer infected by some automatic means ? calling back to the NSA for more instructions and possibly to upload data from the target computer. According to a top-secret operational management procedures manual, FoxAcid servers configured to receive callbacks are codenamed FrugalShot. After a callback, the FoxAcid server may run more exploits to ensure that the target computer remains compromised long term, as well as install "implants" designed to exfiltrate data. By 2008, the NSA was getting so much FoxAcid callback data that they needed to build a special system to manage it all. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 5 17:51:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Oct 2013 18:51:17 -0400 Subject: [Infowarrior] - =?utf-8?q?In_Obama=E2=80=99s_war_on_leaks=2C_repo?= =?utf-8?q?rters_fight_back?= Message-ID: In Obama?s war on leaks, reporters fight back By Leonard Downie Jr. http://www.washingtonpost.com/opinions/in-obamas-war-on-leaks-reporters-fight-back/2013/10/04/70231e1c-2aeb-11e3-b139-029811dbb57f_print.html Leonard Downie, a former executive editor of The Washington Post, is the Weil family professor of journalism at the Walter Cronkite School of Journalism at Arizona State University. This article is based on his report ?The Obama Administration and the Press,? forthcoming Thursday from the Committee to Protect Journalists. In the Watergate era, the Nixon administration?s telephone wiretaps were the biggest concern for journalists and sources worried about government surveillance. That was one of the reasons why Bob Woodward met with FBI official Mark Felt (a.k.a. ?Deep Throat?) in an underground parking garage in Arlington, and why he and Carl Bernstein did much of their reporting by knocking on the front doors of their sources? homes. Except for the aborted prosecution of Daniel Ellsberg for the leak of the Pentagon Papers, criminal culpability or pervasive surveillance were not major concerns, especially after Richard Nixon resigned the presidency in 1974. Not so now. With the passage of the Patriot Act after the Sept. 11, 2001, terrorist attacks, a vast expansion of intelligence agencies and their powers, the aggressive exploitation of intrusive digital surveillance capabilities, the excessive classification of public documents and officials? sophisticated control of the news media?s access to the workings of government, journalists who cover national security are facing vast and unprecedented challenges in their efforts to hold the government accountable to its citizens. They find that government officials are increasingly fearful of talking to them, and they worry that their communications with sources can be monitored at any time. So what are they doing? Many reporters covering national security and government policy in Washington these days are taking precautions to keep their sources from becoming casualties in the Obama administration?s war on leaks. They and their remaining government sources often avoid telephone conversations and e-mail exchanges, arranging furtive one-on-one meetings instead. A few news organizations have even set up separate computer networks and safe rooms for journalists trained in encryption and other ways to thwart surveillance. ?I worry now about calling somebody because the contact can be found out through a check of phone records or e-mails,? said veteran national security journalist R. Jeffrey Smith of the Center for Public Integrity, a nonprofit accountability news organization. ?It leaves a digital trail that makes it easier for government to monitor those contacts.? ?We have to think more about when we use cellphones, when we use e-mail and when we need to meet sources in person,? said Michael Oreskes, senior managing editor of the Associated Press. ?We need to be more and more aware that government can track our work without talking to our reporters, without letting us know.? These concerns, expressed by numerous journalists I interviewed, are well-founded. Relying on the 1917 Espionage Act, which was rarely invoked before President Obama took office, this administration has secretly used the phone and e-mail records of government officials and reporters to identify and prosecute government sources for national security stories. Just two weeks ago, the Justice Department announced that Donald J. Sachtleben, a former FBI bomb technician who had also worked as a contractor for the bureau, had agreed to plead guilty to ?unlawfully disclosing national defense information relating to a disrupted terrorist plot? in Yemen last year. ?Sachtleben was identified as a suspect in the case of this unauthorized disclosure? to an Associated Press reporter, according to the announcement, ?only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation.? The Justice Department secretly subpoenaed and seized from telephone companies two months of records for 20 AP phone lines and switchboards used by more than 100 reporters in four of its news bureaus. In other criminal leak investigations, the Obama administration has subpoenaed and seized records of telephone calls and e-mails between several New York Times reporters and government officials, between a Fox News reporter and a State Department contract analyst, and between two journalists and a former CIA officer. Times reporter Scott Shane, whose e-mail traffic with the former CIA officer was seized, told me that the chilling lesson ?is that seemingly innocuous e-mails not containing classified information can be construed as a crime.? In addition to ongoing leak investigations, six government employees and two contractors, including fugitive NSA contractor Edward Snowden, have been prosecuted since 2009 under the Espionage Act for providing information to reporters about, among other subjects, the NSA?s communications surveillance, the CIA?s aggressive interrogation of terrorism suspects and, in the case of Army Pvt. Bradley Manning, diplomatic cables and Iraq and Afghanistan war documents. Even though they violated laws governing classified information, many of the leakers could be characterized as whistleblowers rather than spies; they publicized actions for which the government should be held accountable. But the Obama administration has drawn a dubious distinction between whistleblowing that reveals bureaucratic waste or fraud, and leaks to the news media about unexamined secret government policies and activities; it punishes the latter as espionage. ?It was never a conscious decision to bring more of these cases than we ever had,? Matthew Miller, a former spokesman for Attorney General Eric H. Holder Jr., told me. ?Some strong cases,? inherited from the Bush administration, ?were already in process,? he said. ?And a number of cases popped up that were easier to prosecute? with ?electronic evidence,? including phone and e-mail records. ?Before, you needed to have the leaker admit it, which doesn?t happen,? Miller added, ?or the reporter to testify about it, which doesn?t happen.? Every disclosure to the press of classified information now triggers a leak investigation, said Washington Post national news editor Cameron Barr. ?Investigations can be done electronically. They don?t need to compel journalists to reveal sources.? The Post?s Justice Department reporter, Sari Horwitz, said a Justice official told her that ?access to e-mail, phone records and cellphones make it easier to do now.? After the New York Times published a 2012 story by David E. Sanger about covert cyberattacks by the United States and Israel against Iran?s nuclear enrichment facilities, federal prosecutors and the FBI questioned scores of officials throughout the government who were identified in computer analyses of phone, text and e-mail records as having contact with Sanger. ?A memo went out from the chief of staff a year ago to White House employees and the intelligence agencies that told people to freeze and retain any e-mail, and presumably phone logs, of communications with me,? Sanger said. As a result, longtime sources no longer talk to him. ?They tell me: ?David, I love you, but don?t e-mail me. Let?s don?t chat until this blows over.??? Sanger, who has worked for the Times in Washington for two decades, said, ?This is most closed, control-freak administration I?ve ever covered.? Many leak investigations include lie-detector tests for government officials with access to the information at issue. ?Reporters are interviewing sources through intermediaries now,? Barr told me, ?so the sources can truthfully answer on polygraphs that they didn?t talk to reporters.? The investigations have been ?a kind of slap in the face? for reporters and their sources, said Smith of the Center for Public Integrity. ?It means you have to use extraordinary measures for contacts with officials speaking without authorization.? In response to an uproar from journalists over the secret subpoenas and seizures of phone and e-mail records, the Justice Department somewhat tightened its guidelines for when and how reporters and their records can be subpoenaed. But it kept an exception for disclosures of classified information considered harmful to national security. And while Justice was working with the media on the guideline revisions, it was using the secretly seized AP phone records to identify and convict FBI contractor Sachtleben. In its announcement of his plea agreement, Justice vowed to continue making aggressive use of the national security exception. ?This prosecution demonstrates our deep resolve to hold accountable anyone who would violate their solemn duty to protect our nation?s secrets and to prevent future, potentially devastating leaks by those who would wantonly ignore their obligations to safeguard classified information,? it stated, adding that, ?with these charges, a message has been sent that this type of behavior is completely unacceptable and no person is above the law.? Obama and Holder have publicly endorsed a proposed federal shield law that would make it more difficult for the government to compel reporters to reveal sources or turn over records in federal investigations. But it also includes an exception for ?classified leak cases when information would prevent or mitigate an act of terrorism or harm to national security,? as decided by a federal judge. In the view of Scott Armstrong, a former Post reporter who is now an independent journalist, the legislation wouldn?t protect national security reporters. ?Federal agencies can still investigate us,? he said. In November, a presidential memorandum instructed all government departments and agencies to set up pervasive ?Insider Threat Programs? to monitor employees with access to classified information and to prevent ?unauthorized disclosure,? including to the news media. According to the policy, each agency must, among other things, develop procedures ?ensuring employee awareness of their responsibility to report, as well as how and to whom to report, suspected insider threat activity.? Officials cited the Manning leak as the kind of threat the program is intended to prevent. A survey of government departments and agencies this summer by the Washington bureau of McClatchy newspapers found that they had wide latitude in defining what kinds of behavior constitute a threat. ?Government documents reviewed by McClatchy illustrate how some agencies are using that latitude to pursue unauthorized disclosures of any information, not just classified material,? it reported in June. ?They also show how millions of federal employees and contractors must watch for ?high-risk persons or behaviors? among co-workers and could face penalties, including criminal charges, for failing to report them. Leaks to the media are equated with espionage.? Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, told me that the Insider Threat Program has already ?created internal surveillance, heightened a degree of paranoia in government and made people conscious of contacts with the public, advocates and the press.? At the same time, revelations in the documents Snowden gave to The Post and Britain?s Guardian about the NSA?s collection, storage and searches of phone, text and e-mail data have added to the fear surrounding contacts between reporters and sources. ?People think they?re looking at reporters? records,? Post national security reporter Dana Priest told me. ?I?m writing fewer things in e-mail. I?m even afraid to tell officials what I want to talk about because it?s all going into one giant computer.? This fear transcends American shores, especially because NSA surveillance of non-American communications is authorized by U.S. law. All journalists at Britain?s BBC, for example, must now take training in information security, according to Peter Horrocks, its director of global news. ?The nature of their work means journalists are often in touch with organizations representing extremist viewpoints and sources whose identities must be protected,? Horrocks said. Because of the sources? awareness of the possibility of NSA surveillance, ?the ability to communicate with them is potentially significantly compromised. Some won?t even consider talking to us.? Will Obama recognize that all this threatens his often-stated but unfulfilled goal of making government more transparent and accountable? None of the Washington news media veterans I talked to were optimistic. ?Whenever I?m asked what is the most manipulative and secretive administration I?ve covered, I always say it?s the one in office now,? Bob Schieffer, CBS News anchor and chief Washington correspondent, told me. ?Every administration learns from the previous administration. They become more secretive and put tighter clamps on information. This administration exercises more control than George W. Bush?s did, and his before that.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 6 13:45:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Oct 2013 14:45:36 -0400 Subject: [Infowarrior] - Russia to monitor 'all communications' at Winter Olympics in Sochi Message-ID: Russia to monitor 'all communications' at Winter Olympics in Sochi ? Shaun Walker in Moscow ? The Guardian, Sunday 6 October 2013 10.31 EDT http://www.theguardian.com/world/2013/oct/06/russia-monitor-communications-sochi-winter-olympics Athletes and spectators attending the Winter Olympics in Sochi in February will face some of the most invasive and systematic spying and surveillance in the history of the Games, documents shared with the Guardian show. Russia's powerful FSB security service plans to ensure that no communication by competitors or spectators goes unmonitored during the event, according to a dossier compiled by a team of Russian investigative journalists looking into preparations for the 2014 Games. In a ceremony on Red Square on Sunday afternoon, the president, Vladimir Putin, held the Olympic flame aloft and sent it on its epic journey around the country, saying Russia and its people had always been imbued with the qualities of "openness and friendship", making Sochi the perfect destination for the Olympics. But government procurement documents and tenders from Russian communication companies indicate that newly installed telephone and internet spying capabilities will give the FSB free rein to intercept any telephony or data traffic and even track the use of sensitive words or phrases mentioned in emails, webchats and on social media. The journalists, Andrei Soldatov and Irina Borogan, who are experts on the Russian security services, collated dozens of open source technical documents published on the Zakupki government procurement agency website, as well as public records of government oversight agencies. They found that major amendments have been made to telephone and Wi-Fi networks in the Black Sea resort to ensure extensive and all-permeating monitoring and filtering of all traffic, using Sorm, Russia's system for intercepting phone and internet communications. The Sorm system is being modernised across Russia, but particular attention has been paid to Sochi given the large number of foreign visitors expected next year. Technical specifications set out by the Russian state telecoms agency also show that a controversial technology known as deep packet inspection, which allows intelligence agencies to filter users by particular keywords, is being installed across Russia's networks, and is required to be compatible with the Sorm system. "For example you can use the keyword Navalny, and work out which people in a particular region are using the word Navalny," says Soldatov, referring to Alexei Navalny, Russia's best-known opposition politician. "Then, those people can be tracked further." Ron Deibert, a professor at the University of Toronto and director of Citizen Lab, which co-operated with the Sochi research, describes the Sorm amendments as "Prism on steroids", referring to the programme used by the NSA in the US and revealed to the Guardian by the whistleblower Edward Snowden. "The scope and scale of Russian surveillance are similar to the disclosures about the US programme but there are subtle differences to the regulations," says Deibert. "We know from Snowden's disclosures that many of the checks were weak or sidestepped in the US, but in the Russian system permanent access for Sorm is a requirement of building the infrastructure." "Even as recently as the Beijing Olympics, the sophistication of surveillance and tracking capabilities were nowhere near where they are today." Gus Hosein, executive director of Privacy International, which also co-operated with the research, said: "Since 2008, more people are travelling with smartphones with far more data than back then, so there is more to spy on." Wary of Sorm's capabilities, earlier this year a leaflet from the US state department's bureau of diplomatic security warned anyone travelling to the Games to be extremely cautious with communications. "Business travellers should be particularly aware that trade secrets, negotiating positions, and other sensitive information may be taken and shared with competitors, counterparts, and/or Russian regulatory and legal entities," the document reads. The advice contains an extraordinary list of precautions for visitors who wish to ensure safe communications, such as removing batteries from phones when not in use and only travelling with "clean" devices. Soldatov and Borogan have discovered that the FSB has been working since 2010 to upgrade the Sorm system to ensure it can cope with the extra traffic during the Games. All telephone and ISP providers have to install Sorm boxes in their technology by law, and once installed, the FSB can access data without the provider ever knowing, meaning every phone call or internet communication can be logged. Although the FSB technically requires a warrant to intercept a communication, it is not obliged to show it to anyone. Tellingly, the FSB has appointed one of its top counterintelligence chiefs, Oleg Syromolotov, to be in charge at Sochi: security will thus be overseen by someone who has spent his career chasing foreign spies rather than terrorists. Another target may well be gay rights, likely to be one of the biggest issues of the Games. Putin has said that competitors who wear rainbow pins, for example, will not be arrested under the country's controversial new law that bans "homosexual propaganda". However, it is likely that any attempts to stage any kind of rally or gathering to support gay rights will be ruthlessly broken up by police, as has been the case on numerous occasions in Russian cities in the past. Using DPI, Russian authorities will be able to identify, tag and follow all visitors to the Olympics, both Russian and foreign, who are discussing gay issues, and possibly planning to organise protests. "Athletes may have particular political views, or they may be openly gay," says Deibert. "I think given recent developments in Russia, we have to be worried about these issues." At a rare FSB press conference this week, an official, Alexei Lavrishchev, denied security and surveillance at the Games would be excessive, and said that the London Olympics featured far more intrusive measures. "There, they even put CCTV cameras in, excuse me for saying it, the toilets," said Lavrishchev. "We are not taking this kind of measure." The FSB did not respond to a request for comment from the Guardian, while a spokesperson for the Sochi Olympics referred all requests to the security services. But Russian authorities often express a belief that NGOs working on human rights and other issues have subversive agendas dictated from abroad, and the FSB apparently feels that with so many potentially dangerous foreigners descending on the Black Sea resort for the Olympics, it has a duty to keep an eye on them. In the end, the goal is overarching, but simple, says Soldatov: "Russian authorities want to make sure that every connection and every move made online in Sochi during the Olympics will be absolutely transparent to the secret services of the country." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 6 19:03:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Oct 2013 20:03:51 -0400 Subject: [Infowarrior] - OT: Governing by Blackmail Message-ID: <90518499-04FD-4C70-AE06-2D36F149A6B2@infowarrior.org> Governing by Blackmail By NICHOLAS D. KRISTOF Published: October 5, 2013 http://www.nytimes.com/2013/10/06/opinion/sunday/governing-by-blackmail.html SUPPOSE President Obama announced: Unless Republicans agree to my proposal for gun control, I will use my authority as commander in chief to scuttle one aircraft carrier a week in the bottom of the ocean. I invite Republican leaders to come to the White House and negotiate a deal to preserve our military strength. I hope Republicans will work with me to prevent the loss of our carrier fleet. If the Republicans refuse to negotiate, I will be compelled to begin by scuttling the U.S.S. George Washington in the Pacific Ocean?s Mariana Trench, with 80 aircraft on board. In that situation, we would all agree that Obama had gone nuts. Whatever his beefs with Republicans, it would be an inexcusable betrayal to try to get his way by destroying our national assets. That would be an abuse of power and the worst kind of blackmail. And in that kind of situation, I would hope that we as journalists wouldn?t describe the resulting furor as a ?political impasse? or ?partisan gridlock.? I hope that we wouldn?t settle for quoting politicians on each side as blaming the other. It would be appropriate to point out the obvious: Our president had tumbled over the edge and was endangering the nation. Today, we have a similar situation, except that it?s a band of extremist House Republicans who are deliberately sabotaging America?s economy and damaging our national security ? all in hopes of gaining leverage on unrelated issues. The shutdown of government by House Republicans has already cost at least $1.2 billion, with the tab increasing by $300 million a day. Some estimates are much higher than that. The 1995 and 1996 shutdowns cost the country $2.1 billion at today?s value, and the current one is also likely to end up costing billions ? a cost imposed on every citizen by House Republicans, even as members of Congress pay themselves. The government shutdown and risk of default also undermine America?s strength around the world. It?s not just that 72 percent of the intelligence community?s civilian work force has been furloughed. It?s not simply that ?the jeopardy to the safety and security of this country will increase? daily, according to James R. Clapper Jr., the director of national intelligence. Nor is it just that the White House telephone number is now answered with a recording that says to call back when government is functioning again. It?s not simply that several countries have issued travel advisories about visiting America. It?s not just that we?re mocked worldwide, with the French newspaper Le Monde writing: ?Jefferson, wake up! They?ve gone crazy!? Rather, it?s that America?s strength and influence derive in part from the success of our political and economic model. When House Republicans shut our government down and leave us teetering on the abyss of default, we are a diminished nation. We have less influence. We have less raw power, as surely as if we had fewer aircraft carriers. Some Americans think that this crisis reflects typical partisan squabbling. No. Democrats and Republicans have always disagreed, sometimes ferociously, about what economic policy is best, but, in the past, it was not normal for either to sabotage the economy as a negotiating tactic. In a household, husbands and wives disagree passionately about high-stakes issues like how to raise children. But normal people do not announce that if their spouse does not give in, they will break all the windows in the house. Hard-line House Republicans seem to think that their ability to inflict pain on 800,000 federal workers by furloughing them without pay gives them bargaining chips. The hard-liners apparently believe that their negotiating position is strengthened when they demonstrate that they can wreck American governance. The stakes rise as we approach the debt limit and the risk of default ? which the Treasury Department notes could have an impact like that of the 2008 financial crisis and ?has the potential to be catastrophic.? Astonishingly, Republican hard-liners see that potential catastrophe as a source of bargaining power in a game of extortion: We don?t want anything to happen to this fine American economy as we approach the debt limit, so you?d better meet our demands. In this situation, it strikes a false note for us as journalists to cover the crisis simply by quoting each side as blaming the other. That?s a false equivalency. The last time House Republicans played politics with this debt limit, in 2011, Standard & Poor?s downgraded America?s credit rating. In the long run, that may mean higher debt payments and higher taxes. My opening example of a president scuttling naval ships was ludicrous. No one would do that. But if we default because of extremist House Republicans, the cost could be much greater to our economy and to our national security than the loss of a few aircraft carriers. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 7 07:11:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Oct 2013 08:11:43 -0400 Subject: [Infowarrior] - =?windows-1252?q?Schneier=3A_Want_to_Evade_NSA_Sp?= =?windows-1252?q?ying=3F_Don=92t_Connect_to_the_Internet?= Message-ID: <50811023-BCC4-4420-A792-B4601E0DD70D@infowarrior.org> Want to Evade NSA Spying? Don?t Connect to the Internet ? By Bruce Schneier ? 10.07.13 ? 6:30 AM http://www.wired.com/opinion/2013/10/149481/ Since I started working with Snowden?s documents, I have been using a number of tools to try to stay secure from the NSA. The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible. I also recommended using an air gap, which physically isolates a computer or local network of computers from the internet. (The name comes from the literal gap of air between the computer and the internet; the word predates wireless networks.) But this is more complicated than it sounds, and requires explanation. Since we know that computers connected to the internet are vulnerable to outside hacking, an air gap should protect against those attacks. There are a lot of systems that use ? or should use ? air gaps: classified military networks, nuclear power plant controls, medical equipment, avionics, and so on. Osama Bin Laden used one. I hope human rights organizations in repressive countries are doing the same. Air gaps might be conceptually simple, but they?re hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the internet and never sends files out into the internet. What they want is a computer that?s not directly connected to the internet, albeit with some secure way of moving files on and off. But every time a file moves back or forth, there?s the potential for attack. And air gaps have been breached. Stuxnet was a U.S. and Israeli military-grade piece of malware that attacked the Natanz nuclear plant in Iran. It successfully jumped the air gap and penetrated the Natanz network. Another piece of malware named agent.btz, probably Chinese in origin, successfully jumped the air gap protecting U.S. military networks. These attacks work by exploiting security vulnerabilities in the removable media used to transfer files on and off the air gapped computers. Since working with Snowden?s NSA files, I have tried to maintain a single air-gapped computer. It turned out to be harder than I expected, and I have ten rules for anyone trying to do the same: 1. When you set up your computer, connect it to the internet as little as possible. It?s impossible to completely avoid connecting the computer to the internet, but try to configure it all at once and as anonymously as possible. I purchased my computer off-the-shelf in a big box store, then went to a friend?s network and downloaded everything I needed in a single session. (The ultra-paranoid way to do this is to buy two identical computers, configure one using the above method, upload the results to a cloud-based anti-virus checker, and transfer the results of that to the air gap machine using a one-way process.) 2. Install the minimum software set you need to do your job, and disable all operating system services that you won?t need. The less software you install, the less an attacker has available to exploit. I downloaded and installed OpenOffice, a PDF reader, a text editor, TrueCrypt, and BleachBit. That?s all. (No, I don?t have any inside knowledge about TrueCrypt, and there?s a lot about it that makes me suspicious. But for Windows full-disk encryption it?s that, Microsoft?s BitLocker, or Symantec?s PGPDisk ? and I am more worried about large U.S. corporations being pressured by the NSA than I am about TrueCrypt.) 3. Once you have your computer configured, never directly connect it to the internet again. Consider physically disabling the wireless capability, so it doesn?t get turned on by accident. 4. If you need to install new software, download it anonymously from a random network, put it on some removable media, and then manually transfer it to the air gapped computer. This is by no means perfect, but it?s an attempt to make it harder for the attacker to target your computer. 5. Turn off all auto-run features. This should be standard practice for all the computers you own, but it?s especially important for an air-gapped computer. Agent.btz used autorun to infect U.S. military computers. 6. Minimize the amount of executable code you move onto the air-gapped computer. Text files are best. Microsoft Office files and PDFs are more dangerous, since they might have embedded macros. Turn off all macro capabilities you can on the air-gapped computer. Don?t worry too much about patching your system; in general, the risk of the executable code is worse than the risk of not having your patches up to date. You?re not on the internet, after all. 7. Only use trusted media to move files on and off air-gapped computers. A USB stick you purchase from a store is safer than one given to you by someone you don?t know ? or one you find in a parking lot. 8. For file transfer, a writable optical disk (CD or DVD) is safer than a USB stick. Malware can silently write data to a USB stick, but it can?t spin the CD-R up to 1000 rpm without your noticing. This means that the malware can only write to the disk when you write to the disk. You can also verify how much data has been written to the CD by physically checking the back of it. If you?ve only written one file, but it looks like three-quarters of the CD was burned, you have a problem. Note: the first company to market a USB stick with a light that indicates a write operation ? not read or write; I?ve got one of those ? wins a prize. 9. When moving files on and off your air-gapped computer, use the absolute smallest storage device you can. And fill up the entire device with random files. If an air-gapped computer is compromised, the malware is going to try to sneak data off it using that media. While malware can easily hide stolen files from you, it can?t break the laws of physics. So if you use a tiny transfer device, it can only steal a very small amount of data at a time. If you use a large device, it can take that much more. Business-card-sized mini-CDs can have capacity as low as 30 MB. I still see 1-GB USB sticks for sale. 10. Consider encrypting everything you move on and off the air-gapped computer. Sometimes you?ll be moving public files and it won?t matter, but sometimes you won?t be, and it will. And if you?re using optical media, those disks will be impossible to erase. Strong encryption solves these problems. And don?t forget to encrypt the computer as well; whole-disk encryption is the best. One thing I didn?t do, although it?s worth considering, is use a stateless operating system like Tails. You can configure Tails with a persistent volume to save your data, but no operating system changes are ever saved. Booting Tails from a read-only DVD ? you can keep your data on an encrypted USB stick ? is even more secure. Of course, this is not foolproof, but it greatly reduces the potential avenues for attack. Yes, all this is advice for the paranoid. And it?s probably impossible to enforce for any network more complicated than a single computer with a single user. But if you?re thinking about setting up an air-gapped computer, you already believe that some very powerful attackers are after you personally. If you?re going to use an air gap, use it properly. Of course you can take things further. I have met people who have physically removed the camera, microphone, and wireless capability altogether. But that?s too much paranoia for me right now. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 7 19:37:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Oct 2013 20:37:50 -0400 Subject: [Infowarrior] - German NSA has deal to tap ISPs at major Internet Exchange Message-ID: <276F142D-0722-4BF0-AD0B-6B06F8DF577A@infowarrior.org> German NSA has deal to tap ISPs at major Internet Exchange Spy agency BND stays mum on how it's distinguishing domestic vs. foreign traffic. by Cyrus Farivar - Oct 7 2013, 2:12pm EDT http://arstechnica.com/tech-policy/2013/10/german-nsa-has-deal-to-tap-isps-at-major-internet-exchange/ The rough German equivalent of the National Security Agency has secret arrangements with local telecom firms, providing direct access to data flowing over domestic fiber. According to the German magazine Der Spiegel (Google Translate), the Federal Intelligence Service (known by its German acronym, BND) has taps on the major Internet exchange point in Frankfurt known as DE-CIX. On Sunday, the magazine cited a ?three-page confidential letter? that was signed by Chancellor Angela Merkel?s office and the Ministry of the Interior. The letter noted that the BND would also have access to data sent over 25 major German ISPs, including 1&1, Freenet, Strato, GSC, and Lambdanet Plus. The letter was sent to ECO, the German Internet business trade group, and the magazine did not specify how it obtained this letter. Neither DE-CIX nor ECO immediately responded to Ars? request for comment. However, 1&1 wrote on its blog (Google Translate) that it had "learned of the allegations for the first time from the press," and that this spying arrangement "is not known to us." 1&1 also noted that it had not received any notification from DE-CIX that this surveillance was taking place. 1&1 referenced a blog post by Thomas Stadler, a German tech lawyer, who wrote (Google Translate) on Monday that the BND is acting in a "legal vacuum." This revelation seems to be the rough German equivalent of the NSA's own XKeyscore surveillance system. The BND, which is prevented by German law from conducting domestic spying, ostensibly has its attention turned toward Russia, Central Asia, the Middle East, and North Africa. However, Der Spiegel does note that the BND is allowed to spy on Germans "in some cases." The German tech news site Heise (Google Translate) reports that it still unknown exactly how the BND avoids capturing domestic traffic sent over German networks. In September (Google Translate), Green Party members of German parliament asked the government about this point?and the government did not respond, citing reasons of national security. However, when asked how much data was being collected, the German government answered that a ?statistical analysis did not and will not take place.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 9 19:39:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Oct 2013 20:39:59 -0400 Subject: [Infowarrior] - CIA Halts Public Access to Open Source Service Message-ID: <7D74AC72-8D23-4D24-8519-38B33CCAD5D4@infowarrior.org> CIA Halts Public Access to Open Source Service http://blogs.fas.org/secrecy/2013/10/wnc-ends/ For more than half a century, the public has been able to access a wealth of information collected by U.S. intelligence from unclassified, open sources around the world. At the end of this year, the Central Intelligence Agency will terminate that access. The U.S. intelligence community?s Open Source Center (OSC), which is managed by the CIA, will cease to provide its information feed to the publicly accessible World News Connection as of December 31, 2013, according to an announcement from the National Technical Information Service (NTIS), which operates the World News Connection (WNC). The WNC ?is an online news service, only accessible via the World Wide Web, that offers an extensive array of translated and English-language news and information,? an NTIS brochure explains. ?Particularly effective in its coverage of local media sources, WNC provides you with the power to identify what really is happening in a specific country or region. Compiled from thousands of non-U.S. media sources, the information in WNC covers significant socioeconomic, political, scientific, technical, and environmental issues and events.? ?The information is obtained from full text and summaries of newspaper articles, conference proceedings, television and radio broadcasts, periodicals, and non-classified technical reports. New information is entered into WNC every government business day. Generally, new information is available within 48-72 hours from the time of original publication or broadcast.? ?For over 60 years, analysts from OSC?s domestic and overseas bureaus have monitored timely and pertinent open-source materials, including grey literature. Uniquely, WNC allows you to take advantage of the intelligence gathering experience of OSC,? the NTIS brochure says. Soon, that will no longer be true. The WNC public feed from the Open Source Center is a highly attenuated version of what is available to official government users. Within government, copyright considerations are ignored, but for public distribution they must be respected, and so (with some exceptions) only information products whose creators have signed a royalty agreement with NTIS are publicly released. Even with that significant limitation and the attendant public subscription fees, the NTIS World News Connection has remained a highly prized resource for news reporters, foreign policy analysts, students and interested members of the public. I check it almost every day. Recently, for example, I have been following official statements from Russian officials who allege that the U.S. is covertly developing biological weapons for use against Russia in a military laboratory in the Republic of Georgia. The claim seems bizarre, but may nevertheless be politically significant. Detailed English-language coverage of the matter, or of many other stories of regional interest and importance, is not readily available elsewhere. (Moreso than in the past, however, portions of the material that is publicly accessible through WNC can be obtained elsewhere, through other news services or foreign websites.) The reasons for the decision to terminate the World News Connection are a bit obscure. Producing it is not a drain on U.S. intelligence? the marginal costs of providing the additional feed to NTIS are close to zero. (The total budget for open source intelligence was about $384 million in FY2012, according to classified budget records obtained by the Washington Post from Edward Snowden.) However, the program is a headache for NTIS to manage, particularly since NTIS officials had to negotiate numerous contracts with media source providers to offer their products to the public. But the large majority of that work has already been accomplished, and now it will be rendered useless. Mary Webster of the Open Source Center had initially proposed to cancel the public information feed as of September 30, according to an NTIS official. Then she was persuaded to grant a six month reprieve. But in the end, a cut-off date of December 31, 2013 was set. If that comes to pass, it will be a blow to researchers and proponents of public intelligence. The Federation of American Scientists had previously argued that the U.S. government should actually expand public access to open source intelligence by publishing all unclassified, uncopyrighted Open Source Center products. (?Open Up Open Source Intelligence,? Secrecy News, August 24, 2011.) Instead, even the current range of publications will no longer be systematically released. (Only a small fraction of publicly unreleased OSC records ever seem to leak.) Although the Open Source Center is managed by the Central Intelligence Agency, it is formally a component of the Office of the Director of National Intelligence. Yet the move the terminate public access to OSC products seemed to catch the ODNI unawares. ?Obviously our attention is on a possible lapse in appropriations, but we are looking into this,? said an ODNI spokesman on September 30, just before the government shutdown. ?The information provided through NTIS makes an irreplaceable contribution to U.S. national security,? wrote Prof. Gary G. Sick of Columbia University in an October 1999 letter, in response to a previous proposal to curtail coverage in the World News Connection. The World News Connection ?informs us about other countries in ways that otherwise would be nearly impossible,? Dr. Sick wrote. ?It costs virtually nothing in comparison with almost any other national security system. It is not as sexy as a bomber or a missile, but its contributions to national security can be attested to by generations of policy-makers. I was in the White House during the Iranian revolution and the hostage crisis, and my respect for the power of this information was born at that time. I often found it more helpful than the reams of classified material that came across my desk at the NSC.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 07:03:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 08:03:03 -0400 Subject: [Infowarrior] - =?windows-1252?q?Alzheimer=92s_treatment_breakthr?= =?windows-1252?q?ough=3A_British_scientists_pave_way_for_simple_pill_to_c?= =?windows-1252?q?ure_disease?= Message-ID: Alzheimer?s treatment breakthrough: British scientists pave way for simple pill to cure disease Historic ?turning point? hailed as UK researchers discover how to halt death of brain cells, opening new pathway for future drug treatments Charlie Cooper Thursday 10 October 2013 http://www.independent.co.uk/news/uk/home-news/alzheimers-treatment-breakthrough-british-scientists-pave-way-for-simple-pill-to-cure-disease-8869716.html Scientists have hailed an historic ?turning point? in the search for a medicine that could beat Alzheimer's disease, after a drug-like compound was used to halt brain cell death in mice for the first time. Click image above to view graphic Although the prospect of a pill for Alzheimer's remains a long way off, the landmark British study provides a major new pathway for future drug treatments. The compound works by blocking a faulty signal in brains affected by neurodegenerative diseases, which shuts down the production of essential proteins, leading to brain cells being unprotected and dying off. It was tested in mice with prion disease - the best animal model of human neurodegenerative disorders - but scientists said they were confident the same principles would apply in a human brain with debilitating brain diseases such as Alzheimer's or Parkinson's. The study, published today in the journal Science Translational Medicine, was carried out at the Medical Research Council's (MRC) Toxicology Unit at the University of Leicester. ?It's a real step forward,? team leader Professor Giovanna Mallucci told The Independent. ?It's the first time a substance has been given to mice that prevents brain disease. The fact that this is a compound that can be given orally, that gets into the brain and prevents brain disease, is a first in itself? We can go forward and develop better molecules and I can't see why preventing this process should only be restricted to mice. I think this probably will translate into other mammalian brains.? In debilitating brain diseases like Alzheimer's, the production of new proteins in the brain is shut down by a build-up of ?misfolded proteins? or amyloids. This build-up leads to an ?over-activation? of a natural defence mechanism that stops essential proteins being produced. Without these proteins to protect them, brain cells die off - leading to the symptoms of diseases like Alzheimer's. The compound used in the study works by inhibiting an enzyme, known as PERK, which plays a key role in activating this defence mechanism. In mice with prion's disease, it restored proteins to protect brain cells ?stopping the disease in its tracks?, restoring some normal behaviours and preventing memory loss. Although the compound also produced significant side effects in mice, including weight loss and mild diabetes, which was caused by damage to the pancreas, Professor Mallucci said it would ?not be impossible? to develop a drug that protected the brain without the side effects and that work towards doing so had been ?very promising?. The breakthrough was greeted with excitement by scientists, who nonetheless cautioned that it remained a significant proof of principle and a possible basis for new treatments, rather than a guarantee of an Alzheimer's cure in the near future. Professor Roger Morris, acting head King's College London's department of chemistry, said: ?This is the first convincing report that a small drug, of the type most conveniently turned into medicines, stops the progressive death of neurons in the brain as found, for instance, in Alzheimer's disease. True, this study has been done in mice, not man; and it is prion disease, not Alzheimer's, that has been cured. However, there is considerable evidence that the way neurons die in both diseases is similar; and lessons learned in mice from prion disease have proved accurate guides to attenuate the progress of Alzheimer's disease in patients.? ?From finding the first effective drug in a mouse, to having an effective medicine in man, usually takes decades to bring to fruition, in the very few cases in which it is successful. So, a cure for Alzheimer's is not just around the corner. However, the critical point of principle made by Professor Mallucci's study is that a drug, given orally, can arrest neurodegeneration caused by amyloid in the brain. ?This finding, I suspect, will be judged by history as a turning point in the search for medicines to control and prevent Alzheimer's disease.? David Allsopp, professor of neuroscience at Lancaster University said that the study had thrown up ?very dramatic and highly encouraging results?, but said that more research was needed to overcome the "problematic side-effects" and to prove the technique would be effective against other disease like Alzheimer's and Parkinson's. There are currently 800,000 people in the UK with dementia and Alzheimer's disease is the most common cause. The number of people living with the condition is set to break one million by 2021, and represents an enormous health burden for the NHS and the social care system. Parkinson's affect 1 in 500 people and around 127,000 people suffer from the condition. Dr Eric Karran, director of research at Alzheimer's Research UK, said: "Targeting a mechanism relevant to a number of neurodegenerative diseases could yield a single drug with wide-reaching benefits, but this compound is still at an early stage. It will be important for these findings to be repeated and tested in models of other neurodegenerative diseases, including Alzheimer's disease. While Alzheimer's is the most common form of dementia, other diseases that cause dementia are also characterised by the abnormal build-up of proteins in the brain. ?If this process is also working overtime in these conditions too, targeting it could be a promising avenue for investigation. However, what is true in animals does not always hold true in people and the ultimate test for this compound will be to see whether it is safe and effective in people with these diseases.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 08:25:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 09:25:08 -0400 Subject: [Infowarrior] - The NSA's New Risk Analysis Message-ID: <542AA400-7D7A-4F93-A816-B9EA31665136@infowarrior.org> The NSA's New Risk Analysis bruce_schneier https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html As I recently reported in the Guardian, the NSA has secret servers on the Internet that hack into other computers, codename FOXACID. These servers provide an excellent demonstration of how the NSA approaches risk management, and exposes flaws in how the agency thinks about the secrecy of its own programs. Here are the FOXACID basics: By the time the NSA tricks a target into visiting one of those servers, it already knows exactly who that target is, who wants him eavesdropped on, and the expected value of the data it hopes to receive. Based on that information, the server can automatically decide what exploit to serve the target, taking into account the risks associated with attacking the target, as well as the benefits of a successful attack. According to a top-secret operational procedures manual provided by Edward Snowden, an exploit named Validator might be the default, but the NSA has a variety of options. The documentation mentions United Rake, Peddle Cheap, Packet Wrench, and Beach Head -- all delivered from a FOXACID subsystem called Ferret Cannon. Oh how I love some of these code names. (On the other hand, EGOTISTICALGIRAFFE has to be the dumbest code name ever.) Snowden explained this to Guardian reporter Glenn Greenwald in Hong Kong. If the target is a high-value one, FOXACID might run a rare zero-day exploit that it developed or purchased. If the target is technically sophisticated, FOXACID might decide that there's too much chance for discovery, and keeping the zero-day exploit a secret is more important. If the target is a low-value one, FOXACID might run an exploit that's less valuable. If the target is low-value and technically sophisticated, FOXACID might even run an already-known vulnerability. We know that the NSA receives advance warning from Microsoft of vulnerabilities that will soon be patched; there's not much of a loss if an exploit based on that vulnerability is discovered. FOXACID has tiers of exploits it can run, and uses a complicated trade-off system to determine which one to run against any particular target. This cost-benefit analysis doesn't end at successful exploitation. According to Snowden, the TAO -- that's Tailored Access Operations -- operators running the FOXACID system have a detailed flowchart, with tons of rules about when to stop. If something doesn't work, stop. If they detect a PSP, a personal security product, stop. If anything goes weird, stop. This is how the NSA avoids detection, and also how it takes mid-level computer operators and turn them into what they call "cyberwarriors." It's not that they're skilled hackers, it's that the procedures do the work for them. And they're super cautious about what they do. While the NSA excels at performing this cost-benefit analysis at the tactical level, it's far less competent at doing the same thing at the policy level. The organization seems to be good enough at assessing the risk of discovery -- for example, if the target of an intelligence-gathering effort discovers that effort -- but to have completely ignored the risks of those efforts becoming front-page news. It's not just in the U.S., where newspapers are heavy with reports of the NSA spying on every Verizon customer, spying on domestic e-mail users, and secretly working to cripple commercial cryptography systems, but also around the world, most notably in Brazil, Belgium, and the European Union. All of these operations have caused significant blowback -- for the NSA, for the U.S., and for the Internet as a whole. The NSA spent decades operating in almost complete secrecy, but those days are over. As the corporate world learned years ago, secrets are hard to keep in the information age, and openness is a safer strategy. The tendency to classify everything means that the NSA won't be able to sort what really needs to remain secret from everything else. The younger generation is more used to radical transparency than secrecy, and is less invested in the national security state. And whistleblowing is the civil disobedience of our time. At this point, the NSA has to assume that all of its operations will become public, probably sooner than it would like. It has to start taking that into account when weighing the costs and benefits of those operations. And it now has to be just as cautious about new eavesdropping operations as it is about using FOXACID exploits attacks against users. This essay previously appeared in the Atlantic. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 14:23:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 15:23:50 -0400 Subject: [Infowarrior] - Justin Amash: Mike Rogers Isn't Overseeing The Intelligence Community, He's Conspiring To Cover Up Its Activities Message-ID: <61B4E5D0-F6C2-41F8-B634-F8404EE8829F@infowarrior.org> Justin Amash: Mike Rogers Isn't Overseeing The Intelligence Community, He's Conspiring To Cover Up Its Activities from the does-the-nsa-have-a-talking-bear? dept http://www.techdirt.com/articles/20131010/02080524823/justin-amash-mike-rogers-isnt-overseeing-intelligence-community-hes-conspiring-to-cover-up-its-activities.shtml Rep. Justin Amash has been highlighting for months how Rep. Mike Rogers, the head of the House Intelligence Committee seems to have gone out of his way to withhold information from Congress. In a recent speech, he teed off on Rogers, noting that while his job as head of the Intelligence Committee is supposed to be "oversight," it's actually been one of collusion with the White House to "cover up" the intelligence community's activities. Amash also responded to completely misleading (and, frankly, insulting) statements from Rogers' office implying that Rogers did make the necessary information "available" by inviting them to "classified briefings." However, Amash explained how those sessions were ridiculous because they weren't explanations about what was going on, but a sick game of 20 questions where Reps who were interested had to poke around in the dark: But Amash said that intelligence officials are often evasive during classified briefings and reveal little new information unless directly pressed. "You don't have any idea what kind of things are going on," Amash said. "So you have to start just spitting off random questions. Does the government have a moon base? Does the government have a talking bear? Does the government have a cyborg army? If you don't know what kind of things the government might have, you just have to guess and it becomes a totally ridiculous game of twenty questions." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 15:03:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 16:03:22 -0400 Subject: [Infowarrior] - RIP Scott Carpenter, Mercury astronaut Message-ID: Scott Carpenter, Mercury Astronaut Who Orbited Earth, Dies at 88 http://www.nytimes.com/2013/10/11/us/scott-carpenter-mercury-astronaut-who-orbited-earth-dies-at-88.html M. Scott Carpenter, whose flight into space in 1962 as the second American to orbit the Earth was marred by technical glitches and ended with the nation waiting anxiously to see if he had survived a landing far from the target site, died on Thursday in Denver. He was 88 and one of the last two surviving astronauts of America?s original space program, Project Mercury. His wife, Patty Carpenter, announced the death, but no cause was given. He had entered hospice care recently after having a stroke. His death leaves John H. Glenn Jr., who flew the first orbital mission on Feb. 20, 1962, and later became a United States senator from Ohio, as the last survivor of the Mercury 7. When Lieutenant Commander Carpenter splashed down off Puerto Rico in his Aurora 7 capsule on May 24, 1962, after a harrowing mission, he had fulfilled a dream. ?I volunteered for a number of reasons,? he wrote in ?We Seven,? a book of reflections by the original astronauts published in 1962. ?One of these, quite frankly, was that I thought this was a chance for immortality. Pioneering in space was something I would willingly give my life for.? For almost an hour after his capsule hit the Caribbean, there were fears that he had, in fact, perished. He was 250 miles from his intended landing point after making three orbits in a nearly five-hour flight. Although radar and radio signals indicated that his capsule had survived re-entry, it was not immediately clear that he was safe. A Navy search plane finally spotted him in a bright orange life raft. He remained in it for three hours, accompanied by two frogmen dropped to assist him, before he was picked up by a helicopter and taken to the aircraft carrier Intrepid. The uncertainty over his fate was only one problem with the flight. The equipment controlling the capsule?s attitude (the way it was pointed) had gone awry; moreover, he fired his re-entry rockets three seconds late, and they did not carry the anticipated thrust. He also fell behind on his many tasks during the flight?s final moments, and his fuel ran low when he inadvertently left two control systems on at the same time. Some NASA officials found fault with his performance. ?He was completely ignoring our request to check his instruments,? Christopher Kraft, the flight director, wrote in his memoir ?Flight: My Life in Mission Control? (2001). ?I swore an oath that Scott Carpenter would never again fly in space. He didn?t.? Mr. Carpenter was the fourth American astronaut in space. Alan B. Shepard Jr. and Virgil I. Grissom flew the first two Mercury flights, and then Mr. Glenn orbited the Earth. Mr. Carpenter was the fourth man to go into orbit. Two Russians in addition to Mr. Glenn had preceded him. Malcolm Scott Carpenter was born on May 1, 1925, in Boulder, Colo. His family moved to the New York City region when his father, Marion, got a job there as a research chemist. His mother, Florence, contracted tuberculosis when Scott was a child, and she took him with her when she returned to Boulder to be treated at a sanitarium. The marriage broke up, and Scott was guided by his maternal grandfather, Victor Noxon, who owned and edited a Boulder newspaper. He grew fond of a rugged outdoor life and became enthralled by the prospect of flying. Mr. Carpenter became a naval aviation cadet in 1943, attending Colorado College, but World War II ended before he could obtain his wings. He entered the University of Colorado afterward but left school without a degree and received a Navy commission in 1949. He flew patrol planes in the Pacific during the Korean War, then trained as a test pilot, and in April 1959 he was among the seven military pilots chosen as the Mercury astronauts, the beginning of America?s quest to carry out President John F. Kennedy?s goal to put a man on the Moon. Mr. Carpenter was the only original astronaut without a college degree, but he was highly accomplished in communications and navigation in addition to his flying skills. He was also in outstanding physical condition, exceeding several NASA performance standards. He was Mr. Glenn?s backup for his epic orbital flight, and became his Capsule Communicator (CapCom), or radio link, famously exclaiming, ?Godspeed, John Glenn,? as Mr. Glenn?s Friendship 7 achieved liftoff. But Donald K. Slaton was scheduled to be the next astronaut in orbit. When Mr. Slaton was grounded because of a heart irregularity, Lieutenant Commander Carpenter got the flight. John L. Dorman contributed reporting. Page 2 of 2 His mission called for greater pilot involvement than Mr. Glenn?s, and with photographic tasks to perform and science experiments to oversee, he seemed to be having a grand time, though the cabin became uncomfortably warm. But serious trouble arose when the equipment controlling the way the capsule was facing malfunctioned, requiring him to determine the capsule?s proper attitude visually. ?The last 30 minutes of the flight, in retrospect, were a dicey time,? he recalled in his memoir ?For Spacious Skies? (2002), written with his daughter Kris Stoever. ?At the time, I didn?t see it that way. First, I was trained to avoid any intellectual comprehension of disaster ? dwelling on a potential danger, or imagining what might happen. I was also too busy with the tasks at hand.? Splashing down 250 miles from the nearest recovery ship, he got out of his capsule through a top hatch, then inflated his raft and waited to be picked up. Finally, the voice of mission control, Shorty Powers, announced, ?An aircraft in the landing area has sighted the capsule and a life raft with a gentleman by the name of Carpenter riding in it.? President Kennedy greeted Lieutenant Commander Carpenter and his family at the White House in June 1962 after the Carpenters had been hailed at parades in Denver and Boulder and honored at City Hall in New York. A few days after Mr. Carpenter?s mission, the University of Colorado gave him a long-delayed degree in aeronautical engineering at its commencement, citing his ?unique experience with heat transfer during his re-entry.? He had missed out on his degree by not completing a course in heat transfer as a senior in 1949. But the issue of the flight?s brush with disaster lingered. A NASA inquiry determined that because of a 25-degree error in the capsule?s alignment, the retro rockets had fired at an angle that caused a shallower than normal descent. That accounted for 175 miles of the overshoot, with the remaining 75 miles caused by the late firing of the rockets and their failure to provide the expected thrust. Mr. Kraft, the flight director, had been angry that Mr. Slaton was denied the mission because of his heart problem, and he was furious at Lieutenant Commander Carpenter, feeling that he had not paid sufficient attention to instructions from the ground. Mr. Carpenter?s prospect of obtaining another NASA mission was ended by a motorbike injury that led to his leaving NASA in 1967. In a 2001 letter to The New York Times in response to a review of Mr. Kraft?s book, Mr. Carpenter wrote that ?the system failures I encountered during the flight would have resulted in loss of the capsule and total mission failure had a man not been aboard.? ?My postflight debriefings and reports,? he added, ?led, in turn, to important changes in capsule design and flight plans.? In his book ?The Right Stuff? (1979), which told how the original astronauts reflected the coolness-under-pressure ethos of the test pilot, Tom Wolfe wrote that Mr. Kraft?s criticism fueled NASA engineers? simmering resentment of the astronauts? status as pop-culture heroes. The way Mr. Wolfe saw it, word spread within NASA that Mr. Carpenter had panicked, the worst sin imaginable in what Mr. Wolfe called the brotherhood of the right stuff. Mr. Wolfe rejected that notion. ?One might argue that Carpenter had mishandled the re-entry, but to accuse him of panic made no sense in light of the telemetered data concerning his heart rate and his respiratory rate,? he wrote. Mr. Carpenter also carved a legacy as a pioneer in the ocean?s depths. He was the only astronaut to become an aquanaut, spending a month living and working on the ocean floor, at a depth of 205 feet, in the Sealab project off San Diego in the summer of 1965. When he returned to NASA, he helped develop underwater training to prepare for space walks. He returned to the Sealab program, but a thigh injury resulting from his diving work kept him from exploring the ocean floor again. He retired from the Navy in 1969 with the rank of commander, pursued oceanographic and environmental activities and wrote two novels involving underwater adventures. Mr. Carpenter?s first three marriages ended in divorce. Besides his wife, Patty, Mr. Carpenter is survived by his sons Jay, Matthew, Nicholas and Zachary; his daughters Kristen Stoever and Candace; a granddaughter, and five stepgrandchildren. Two of his sons, Timothy and Scott, died before him. Mr. Glenn, the last Mercury 7 survivor, is 92. Mr. Grissom died in 1967 in an Apollo spacecraft fire during a launching-pad test. Mr. Slaton died in 1993; Mr. Shepard, the first American in space, died in 1998; L. Gordon Cooper Jr. died in 2004; and Walter M. Schirra Jr. died in 2007. Among his many projects, Mr. Carpenter joined with fellow astronauts of the original Mercury 7 to create the Astronaut Scholarship Foundation, aiding science and engineering students. In 2006, he returned to the University of Colorado to present a scholarship to a student studying plasma physics. He used the occasion to reflect on the thrill he experienced. Space flights had become ?old hat,? he said, but his ardor for space travel remained undimmed. ?The flight experience itself is incredible,? The Rocky Mountain News quoted him as saying. ?It?s addictive. It?s transcendent. It is a view of the grand plan of all things that is simply unforgettable.? Mr. Carpenter attended ceremonial events in his final years, when he was reunited with fellow astronauts. He joined with President George W. Bush and Buzz Aldrin, the second man to walk on the Moon, on Veterans Day 2008 in a ceremony on a Hudson River pier aboard the Intrepid Sea, Air and Space Museum, formerly the ship whose helicopter had plucked him to safety. Mr. Carpenter was on hand at Cape Canaveral with Mr. Glenn and veterans of the Project Mercury support teams at events a few days before the 50th anniversary of Mr. Glenn?s pioneering orbital flight. Both had expressed hopes that America?s space program would be revived. ?John, thank you for your heroic effort and all of you for your heroic effort,? Mr. Carpenter told the gathering. ?But we stand here waiting to be outdone.? John L. Dorman contributed reporting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 15:28:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 16:28:22 -0400 Subject: [Infowarrior] - CPJ Report: The Obama Administration and the Press Message-ID: The Obama Administration and the Press Leak investigations and surveillance in post-9/11 America U.S. President Barack Obama came into office pledging open government, but he has fallen short of his promise. Journalists and transparency advocates say the White House curbs routine disclosure of information and deploys its own media to evade scrutiny by the press. Aggressive prosecution of leakers of classified information and broad electronic surveillance programs deter government sources from speaking to journalists. A CPJ special report by Leonard Downie Jr. with reporting by Sara Rafsky.... < -- > https://www.cpj.org/reports/2013/10/obama-and-the-press-us-leaks-surveillance-post-911.php --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 19:41:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 20:41:17 -0400 Subject: [Infowarrior] - 'USA Freedom' Act to counter 'USA Patriot' Act Message-ID: (Again with the cutsey acronyms to name legislation. --rick) Patriot Act author prepares bill to put NSA bulk collection 'out of business' Exclusive: Bipartisan bill pulls together existing efforts to dramatically reform the NSA in the wake of Snowden disclosures ? Dan Roberts in Washington ? theguardian.com, Thursday 10 October 2013 15.37 EDT http://www.theguardian.com/world/2013/oct/10/nsa-surveillance-patriot-act-author-bill The conservative Republican who co-authored America's Patriot Act is preparing to unveil bipartisan legislation that would dramatically curtail the domestic surveillance powers it gives to intelligence agencies. Congressman Jim Sensenbrenner, who worked with president George W Bush to give more power to US intelligence agencies after the September 11 terrorist attacks, said the intelligence community had misused those powers by collecting telephone records on all Americans, and claimed it was time "to put their metadata program out of business". His imminent bill in the House of Representatives is expected to be matched by a similar proposal from Senate judiciary committee chair Patrick Leahy, a Democrat. It pulls together existing congressional efforts to reform the National Security Agency in the wake of disclosures by whistleblower Edward Snowden. Sensenbrenner has called his bill the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection, and Online Monitoring Act ? or USA Freedom Act, and a draft seen by the Guardian has four broad aims. It seeks to limit the collection of phone records to known terrorist suspects; to end "secret laws" by making courts disclose surveillance policies; to create a special court advocate to represent privacy interests; and to allow companies to disclose how many requests for users' information they receive from the USA. The bill also tightens up language governing overseas surveillance to remove a loophole which it has been abused to target internet and email activities of Americans. Many lawmakers have agreed that some new legislation is required in the wake of the collapse in public trust that followed Snowden's disclosures, which revealed how the NSA was collecting bulk records of all US phone calls in order to sift out potential terrorist targets. In July, a temporary measure to defund the NSA bulk collection programme was narrowly defeated in a 217 to 205 vote in the House, but Sensenbrenner said the appetite for greater privacy protections had only grown since. "Opinions have hardened with the revelations over the summer, particularly the inspector general's report that there were thousands of violations of regulations, and the disclosure that NSA employees were spying on their spouses or significant others, which was very chilling," he told the Guardian in an interview. Instead, the main opposition to Sensenbrenner and Leahy's twin-pronged effort is likely to come from the chair of the Senate intelligence committee, Dianne Feinstein, who is supportive of the NSA but who has proposed separate legislation focusing on greater transparency and checks rather than an outright ban on bulk collection. Sensenbrenner and other reformers have been scathing of this rival legislative approach, calling it a "fig leaf" and questioning the independence of the intelligence committee. "I do not want to see Congress pass a fig leaf because that would allow the NSA to say 'Well, we've cleaned up our act' until the next scandal breaks," he said. "[Party leaders] are going to have to review what kind of people they put on the intelligence committee. Oversight is as good as the desire of the chairman to do it." Sensenbrenner also called for the prosecution of Obama's director of national intelligence, James Clapper, who admitted misleading the Senate intelligence committee about the extent of bulk collection of telephone records. "Oversight only works when the agency that oversight is directed at tells the truth, and having Mr Clapper say he gave the least untruthful answer should, in my opinion, have resulted in a firing and a prosecution," said the congressman. Clapper has apologised for the incident, but reformers expect a fierce backlash to their proposals to rein in his powers in future. "I anticipate a big fight, and Senator Feinstein has already basically declared war," said Sensenbrenner. "If they use a law like Senator Feinstein is proposing, it will just allow them to do business as usual with a little bit of a change in the optics." His twin effort with Leahy to introduce legislation via the House and Senate judiciary committees is partly intended to circumvent such opposition among intelligence committee leaders. But there is plenty of support among other intelligence committee members. Democratic senators Ron Wyden and Mark Udall, who were first to seize on Snowden's disclosures as a way to make public their longstanding concerns, recently teamed up with Republican Rand Paul and colleague Richard Blumenthal to propose similar reforms of the NSA in their own bill. Sensenbrenner insisted the different reform efforts were likely to converge, rather than compete. "I wanted to get a bill passed, and the best way to get a bill passed is to have the chairman of the judiciary committee and the most senior US senator [Leahy] co-sponsoring it," he said. "We need to change the law, and we need to change the law quickly." Publication of the House version of the USA Freedom bill, jointly sponsored by Democrat John Conyers, has been held up by the government shutdown, which has furloughed a number of congressional legal staff, but is still expected within the next few days. A spokesman for Leahy's office told the Guardian on Thursday that the senator was still on track to introduce his version of the legislation through the Senate judiciary committee once the shutdown effects had passed. The main thrust of the bill would tighten section 215 of the Patriot Act to limit the collection of business records such as telephone metadata, to instances where the NSA was able to convince courts set up under the Foreign Intelligence Surveillance Act (Fisa) that the target was "an agent of a foreign power", was "subject of an investigation" or thought to be "in contact with an agent of a foreign power". Sensenbrenner said this tighter definition was needed because previous language had been improperly interpreted by Fisa courts. "Having the three qualifications would make it very clear that they have to find out who a bad person is first, get the Fisa order, and then see who that bad person was contacting to get the information rather than find the needle in a very large haystack, which is what the metadata was," he said. "We had thought that the 2006 amendment, by putting the word 'relevant' in, was narrowing what the NSA could collect. Instead, the NSA convinced the Fisa court that the relevance clause was an expansive rather than contractive standard, and that's what brought about the metadata collection, which amounts to trillions of phone calls." This approach has been justified by intelligence agencies as the only way to get enough data to allow them to sift through it looking for connections, but Sensebrenner claimed that NSA director general Keith Alexander only pointed to 13 possible suspicious individuals found through this method during his recent Senate testimony. "The haystack approach missed the Boston marathon bombing, and that was after the Russians told us the Tsarnaev brothers were bad guys," added Sensenbrenner. Another important aspect to the bill, in the draft seen by the Guardian, is a set of measures that would prevent the NSA using other legal powers to carry on collecting bulk data ? even if the Patriot Act language is tightened. "The concern that I have had is that if the shoe starts pinching on what the NSA is doing, they will simply try to use another mechanism to try to get the metadata and national security letters is the one that would rise to the top," said Sensenbrenner, who described ways to close this potential loophole. "I have always had a lot of questions about administrative subpoenas such as national security letters, and the bill adds a sunset date for national security letters, which were originally authorised in 1986." Staff members have been holding discussions behind the scenes about how to make sure the NSA can continue to get access to individual phone records when they do have specific concerns about terrorism activity. "We will have to figure out some kind of way for the NSA to get records, wether through a Fisa court order or a grand jury subpoena," said Sensenbrenner. This is likely to be opposed by the security services, who argued in recent congressional testimony that such a system would impose unacceptable delays in obtaining records. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 10 19:42:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Oct 2013 20:42:34 -0400 Subject: [Infowarrior] - The USA Freedom Act: a look at the key points of the draft bill Message-ID: The USA Freedom Act: a look at the key points of the draft bill Republican Jim Sensenbrenner prepares to publish legislation and says it's time 'to put their metadata program out of business' ? Dan Roberts in Washington ? theguardian.com, Thursday 10 October 2013 17.16 EDT http://www.theguardian.com/world/2013/oct/10/the-usa-freedom-act-a-look-at-the-key-points-of-the-draft-bill Jim Sensenbrenner, the conservative Republican who co-authored the Patriot Act, is preparing to publish legislation that would significantly curtail the domestic surveillance powers afforded to the US intelligence agencies. The bill has a somewhat cumbersome title: the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection and Online Monitoring Act. But it's one of those pieces of legislation that has been named for its acronym: the USA Freedom Act. Sensenbrenner, who worked with president George W Bush to give more power to US intelligence agencies after the September 11 terrorist attacks, said the intelligence community had misused those powers by collecting telephone records on all Americans, and claimed it was time "to put their metadata program out of business". The Guardian has seen a draft of the bill. Here are the key points: ? Ending bulk metadata collection. Section 215 of the Patriot Act would be tightened to place more onus on intelligence agencies to show they are looking for specific suspects and do not inadvertently sweep up information on innocent Americans. They would have to show a Fisa court judge that the target was thought to be an agent of a foreign power, was engaged in activity that was the subject of an investigation, or was an individual in contact with an agent of foreign power. ? Disclosure. The attorney general would be required to publicly disclose decisions by the Foreign Intelligence Surveillance (Fisa) court that contain a significant construction or interpretation of law, but may continue to classify confidential parts. Specific information on individuals would not be disclosed, but the policy changes would be. The intent is that the bill would end ?secret laws? being made behind closed doors by the Fisa courts and the intelligence community. ? Greater transparency. Internet and telephone companies that received Fisa court orders would be allowed to report the number of Fisa orders and national security letters complied with, and number of users on whom information was demanded. ? Privacy advocate. The bill creates an office of special advocate within the Fisa court who would have standing to appear to represent the public and privacy concerns. They would be chosen from a list recommended by Obama's privacy and civil liberties oversight board but a Fisa court judge would appoint from that list. This judicial appointment would have the power to appeal Fisa court decisions. ? Foreign loopholes. The bill amends section 702 (b) of the Foreign Intelligence Surveillance Act to prevent intelligence agencies from ?reverse targeting? that may allow them to intercept email and internet communications of Americans. It also calls on the US inspector general to investigate whether current minimization procedures adequately protect the constitutional rights of US persons and gives more legal powers to the privacy and civil liberties oversight board. ? Other loopholes. Title 4 of Fisa, known as the pen register and trap-and-trace provisions, would be amended to make sure the government does not just rebuild its metadata dragnet using different authorities. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 06:29:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 07:29:52 -0400 Subject: [Infowarrior] - Conflicts of interest in the Syria debate Message-ID: <84E52517-29CD-4F4C-947A-31F600B66958@infowarrior.org> Conflicts of interest in the Syria debate An analysis of the defense industry ties of experts and think tanks who commented on military intervention. < - > http://public-accountability.org/2013/10/conflicts-of-interest-in-the-syria-debate/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 06:44:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 07:44:33 -0400 Subject: [Infowarrior] - VA State Police Collected Massive Amounts Of License Plate Data By Scanning Plates At Political Rallies Message-ID: <58414E1D-3424-453B-81F0-08D5DCFBA6AE@infowarrior.org> Virginia State Police Used License Plate Readers At Political Rallies, Built Huge Database By Rebecca Glenberg, Legal Director, ACLU of Virginia at 5:14pm https://www.aclu.org/blog/technology-and-liberty-national-security/virginia-state-police-used-license-plate-readers From 2010 until last spring, the Virginia State Police (VSP) maintained a massive database of license plates that allowed them to pinpoint the locations of millions of cars on particular dates and times. Even more disturbing, the agency used automatic license plate readers (ALPRs) to collect information about political activities of law-abiding people. The VSP recorded the license plates of vehicles attending President Obama?s 2009 inauguration, as well as campaign rallies for Obama and vice presidential candidate Sarah Palin. (Documentation of this program, disclosed in response to an ACLU of Virginia public records request, can be found here.) These practices starkly illustrate the need for tight controls on government use of technology for surveillance purposes. To be sure, there are legitimate law enforcement purposes for ALPR. Some law enforcement agencies maintain ?hot lists? of vehicles that are stolen or that have been used in crimes. Data from ALPRs can be instantaneously checked against these lists to quickly locate suspect vehicles. The impact on privacy rights is minimal as long as information about license plates not on the hot list is disposed of promptly. But by creating and maintaining a database of millions of license plates and targeting political activity, the VSP crossed well over the line from legitimate law enforcement to oppressive surveillance. In the cases of the campaign rallies and the 2009 inauguration, the VSP collected personally identifying information on drivers solely because those drivers were heading to a political event. These drivers were not suspected of or connected to any crime ? their only offense was practicing their First Amendment rights to speak freely and assemble peacefully. Monitoring protests and political rallies will chill this fundamental form of expression. We must be able to participate in demonstrations and campaign events without fearing that our license plate will be scanned and stored by law enforcement. Surveillance or perceived surveillance of political events ? especially if participation might be controversial ? will make law-abiding people think twice before attending. This is a threat to democracy, and we are not the first to recognize that. Back in 2009, the police themselves beat us to this scoop ? the International Association of Chiefs of Police explained that when it comes to license plate readers, ?[t]he risk is that individuals will become more cautious in the exercise of their protected rights of expression, protest, association, and political participation because they consider themselves under constant surveillance.? Belatedly, the VSP asked Attorney General Ken Cuccinelli about the legality of its information-gathering practices. In a strong opinion, Cuccinelli explained that the use of ALPRs for ?passive? collection of information violates Virginia?s Government Data Collection and Dissemination Act. That is, law enforcement may use ALPRs to search for specific vehicles suspected of involvement in criminal activity, but it may not simply collect and save data on thousands of vehicles for which there is no grounds for suspicion. Since the Attorney General?s opinion was issued, the VSP says that it has purged its license plate database and now disposes of such information within 24 hours of collection, unless it is relevant to a clearly defined criminal investigation. But, return of passive data collection should not be just a bad Attorney General opinion away ? our lawmakers must act to clearly prohibit the VSP from resurrecting this surveillance in the future. The VSP?s former use of ALPR data is just one of the ways government uses technology to obtain detailed information about the everyday lives of Americans, along with the National Security Agency?s collection of data on every phone call to or from the United States, or the increasing warrantless tracking of cell phone locations by law enforcement agencies. It is essential that Americans remain alert to these encroachments on liberty and demand that their legislators rein in the use of surveillance technology by local, state, and national government. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 07:49:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 08:49:31 -0400 Subject: [Infowarrior] - WaPo: EFF can't avoid Washington Message-ID: Try as it might, anti-surveillance group can?t avoid Washington By Craig Timberg http://www.washingtonpost.com/business/technology/try-as-it-might-anti-surveillance-group-cant-avoid-washington/2013/10/11/2e14c0a0-2142-11e3-b73c-aab60bf735d0_print.html SAN FRANCISCO ? A jolt of pride and panic flashed through the Electronic Frontier Foundation when the first images of Edward Snowden appeared, showing a sandy-haired young man with glasses, a budding goatee and a bright red sticker on his laptop computer proclaiming, ?I Support Online Rights.? The sticker was part of the membership kit for EFF, a leading opponent of government surveillance, but one used to operating beyond the spotlight. Some of its leaders feared Snow?den?s public embrace would thrust it to the middle of a blazing Washington scandal just as the government was looking for someone to blame. ?My first thought was: This is attention we don?t need,? said John Gilmore, a tech millionaire who helped found EFF. ?In a sense, we were dragged into this by that sticker.? That was June. Four months later, worries that EFF would be cast as aiding and abetting the enemy have eased. Instead, the foundation?s donations have surged by a factor of 10. It has won victories in court, forcing the release of secret documents. Congress has begun considering bills that would curb surveillance, and polls show privacy concerns running higher than at any point since the Sept. 11, 2001, attacks. This political momentum has brought EFF to a crossroads. Rooted in San Francisco?s counterculture idealism and tech-industry ferment, the foundation has long shunned the dirty work of legislative politics. ?We are zealots. We don?t play the compromise game,? said Shari Steele, EFF?s executive director. But the foundation?s allies and even some of its own staff wonder if EFF is ready to capi?tal?ize on a potentially historic moment. Can a band of lawyers and technologists ? working from a brightly lit office emblazoned with free speech slogans and dark warnings about the government ? mount an effective fight in Washington, the home turf of what it calls ?the surveillance state?? The question is complicated by EFF?s own history, dating to a painful stretch in the 1990s when it was headquartered in the nation?s capital and sought to be a lobbying force there. Its members clashed over the compromises inherent in ?Beltway-style politics, and the most fervent idealists fled with the organization to the West Coast. More than a decade later, EFF is much larger, and so, arguably, are the stakes. The government?s surveillance tools have grown steadily more powerful and its legal authorities more expansive. Helping reverse those trends may require a foundation led by outsiders to do something they loathe: Play the inside game on Capitol Hill. ?I?d like to see them back,? said Christopher Soghoian of the American Civil Liberties Union, who has engaged in many debates in the capital about technology, privacy and security. ?Washington would be better if they were here.? The foundation was born in 1990 in Cambridge, Mass., as something of a legal defense fund for hackers amid a federal crackdown on alleged computer crimes. It moved to Washington two years later to ?reverse-engineer the architecture of the Beltway,? as Mitch Kapor, one of the founders, told Wired magazine at the time. Reality hit when EFF got involved in the backroom dealings over a federal bill requiring telephone companies to build surveillance capabilities into new digital communications networks. The foundation helped win several privacy protections, but when the bill passed in 1994, some of EFF?s leaders and members were furious that it had been a negotiating partner ? instead of a staunch opponent ? in creating a new era of mass surveillance. Some EFF staffers left amid the uproar to start a new group, the Center for Democracy and Technology, taking with them substantial industry funding. What was left of EFF departed for a fresh start in San Francisco. It arrived here in 1995 with little money, few remaining staffers and wounded pride. But it found a natural home in the city?s vibrant Mission District, a short drive from Silicon Valley. The move also brought the latest shift in institutional personality. Having started as a public interest law firm and dabbled in lobbying, EFF in San Francisco evolved into something more like a civil liberties think tank that happened to employ teams of crack technologists and grass-roots political activists. Legal Director Cindy Cohn said, ?My job is to make sure your constitutional rights make it into the digital age.? But that mission is defined broadly, involving work on copyright law, government transparency, net neutrality and cryptography. The combination can be hard to explain to those first encountering EFF. Danny O?Brien, the organization?s international director, said that when meeting political leaders and activists from other countries, the introduction goes something like this: ?Hi. We?re from the Internet, and we?re here to help you.? It also can be hard to place the foundation on a familiar ideological spectrum. EFF mixes ?60s-style liberalism with optimism about the transformative power of technology, then it spikes that combination with a libertarian distrust of government. National security officials find EFF strident in its almost total opposition to government surveillance. Yet when the snooping is being done by companies ? collecting personal data to better target ads at Internet users ? the foundation is more likely to favor technological solutions than new regulations. Some in Washington see EFF?s positions as tracking those of the tech industry. ?The idea that data should be available to companies so that they can sell us more soap that we might like, but not to protect us from terrorists, is just nutty,? said Stewart A. Baker, a former National Security Agency general counsel and senior Homeland Security official in the Bush administration. ?Governments want this data generally for pretty good reasons.? One constant at EFF has been the pursuit of what it calls ?impact litigation.? In 2006, the foundation?s lawyers filed a class-action lawsuit against AT&T after reports that the telecom giant was cooperating with a Bush administration program of warrantless wiretapping of Americans. As evidence, EFF produced an affidavit by a former AT&T technician detailing how the NSA installed monitoring equipment at a company facility in downtown San Francisco. That same year, EFF retained two D.C. lobbyists whose job was to fight a bill granting immunity to phone companies that assisted in government surveillance. When the bill passed anyway, it effectively ended EFF?s case against AT&T. The foundation eventually revived its legal attack, filing a new lawsuit against the NSA in 2008. But first, EFF retreated from the capital again, choosing to keep in touch by phone, e-mail and the occasional personal visit. ?You have to twist their arms to get them to come here,? said Jeffrey Chester, executive director of the Center for Digital Democracy, an advocacy group based in Washington. It?s easy to see why. Despite a reputation for mediocre pay, there is a relaxed, almost collegiate atmosphere at EFF?s spacious headquarters building. EFF staffers are encouraged to bring their dogs to work. There are free massages, paid sabbaticals after seven years on the staff and a subsidized vending machine that delivers coconut water, among other beverages, for 50 cents. Jeans and hoodies ? many bearing the EFF logo ? are typical work garb. The foundation?s annual budget grew by 40 percent this year, to $6.9 million, to keep pace with rising donations and expanded ambitions. The staff is approaching 50 people, while the list of dues-paying members tops 24,000, officials say. They would not say whether Snowden is on the list, though they acknowledged that the sticker pictured on his computer ? first published June 9 by the the British newspaper the Guardian ? is routinely issued to members. (Despite the unease at EFF over that photo, one of the founding members, John Perry Barlow, a former Grateful Dead lyricist, tweeted the image to his followers). A pair of Freedom of Information Act requests from EFF recently yielded front-page news when the Foreign Intelligence Surveillance Court agreed to release previously secret rulings about NSA spying programs. The requests were filed by David Sobel, a lawyer working part-time for EFF in Washington ? a location he says the foundation?s leaders ?tolerate? because of his desire to be there. The documents, though illuminating, came with such heavy redactions that the printers at EFF?s headquarters ran out of black ink. (The Washington Post filed an amicus brief this year supporting EFF?s request for the release of FISA court rulings on the section of the Patriot Act that concerns bulk collection of phone records.) EFF also played a role in opposing the Stop Online Piracy Act, better known as SOPA, that culminated last year in a massive service blackout involving Wikipedia, Google and thousands of other Web sites protesting what they said was infringement of free speech. The bill, backed by the movie, television and music industries, had been widely expected to pass, but it died soon after the Internet protest. EFF?s activism director, Rainey Reitman, says that congressional staffers who deal with the group?s members on bills sometimes ask, ?What do we have to do so that you don?t SOPA this bill?? Yet EFF officials acknowledge sometimes feeling far from the flow in the nation?s capital, with legislative intelligence reaching them secondhand, often from District-based advocacy groups. If a bill limiting government surveillance starts moving, officials at the ACLU, the Electronic Privacy Information Center and the Center for Democracy and Technology will be able to take cabs to key meetings. Anyone from EFF will have to board a plane. EFF is, however, helping sponsor the Rally Against Mass Surveillance on Oct. 26, along with tech companies and other activist groups, including the ACLU, Reddit, Mozilla and dozens of others. Those inspired by Snowden?s revelations can sign an online petition and watch the rally live at viewing parties around the country. Or they can attend in person. Where? Washington. Follow The Post?s new tech blog, The Switch, where technology and policy connect. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 09:41:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 10:41:55 -0400 Subject: [Infowarrior] - =?windows-1252?q?Stanford_researchers_discover_?= =?windows-1252?q?=91alarming=92_method_for_phone_tracking=2C_fingerprinti?= =?windows-1252?q?ng_through_sensor_flaws?= Message-ID: <593A8164-F8E1-4EE1-B23E-BC20692C006F@infowarrior.org> Stanford researchers discover ?alarming? method for phone tracking, fingerprinting through sensor flaws http://blog.sfgate.com/techchron/2013/10/10/stanford-researchers-discover-alarming-method-for-phone-tracking-fingerprinting-through-sensor-flaws/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 12:10:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 13:10:39 -0400 Subject: [Infowarrior] - Leaked Contract Reveals that Amazon Insists on DRM Message-ID: A Leaked Contract Reveals that Amazon Insists on DRM http://www.the-digital-reader.com/2013/10/11/leaked-contract-reveals-amazon-insists-drm/#.UlgvgCRbnc8 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 12:51:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 13:51:18 -0400 Subject: [Infowarrior] - =?utf-8?q?Google_Sets_Plan_to_Sell_Users=E2=80=99?= =?utf-8?q?_Endorsements?= Message-ID: (don't be evil??? --rick) Google Sets Plan to Sell Users? Endorsements http://www.nytimes.com/2013/10/12/technology/google-sets-plan-to-sell-users-endorsements.html?_r=1& SAN FRANCISCO ? Google, following in Facebook?s footsteps, wants to sell users? endorsements to marketers to help them hawk their wares. On Friday, Google announced an update to its terms of service that allows the company to include adult users? names, photos and comments in ads shown across the Web, based on ratings, reviews and posts they have made on Google Plus and other Google services like YouTube. When the new ad policy goes live Nov. 11, Google will be able to show what the company calls shared endorsements on Google sites and across the Web, on the more than two million sites in Google?s display advertising network, which are viewed by an estimated one billion people. If a user follows a bakery on Google Plus or gives an album four stars on the Google Play music service, for instance, that person?s name, photo and endorsement could show up in ads for that bakery or album. Google said it would give users the chance to opt out of being included in the new endorsements, and people under the age of 18 will automatically be excluded. Such product endorsements, especially coming from friends and acquaintances, are a powerful lure to brands, replicating word-of-mouth marketing on a broad scale. But as Facebook has learned, many users have strong and skeptical feelings about their endorsements being used in ads without their explicit permission. ?The trick to any advertising like this is to avoid coming across as creepy to your user base and have them say, ?I didn?t want anyone else to know that,'?? said Zachary Reiss-Davis, a Forrester analyst, speaking generally about social ads. In a notice to users posted on its site on Friday, Google said, ?Feedback from people you know can save you time and improve results for you and your friends across all Google services.? Facebook, the world?s largest social network with 1.2 billion users worldwide, has been aggressively marketing such social endorsements. For example, if you post that you love McDonald?s new Mighty Wings on the chain?s Facebook page, McDonald?s could pay Facebook to broadcast your kind words to all your friends, effectively using you as a product endorser. The company declined to specify exactly how it planned to use endorsements in advertising, what the ads would look like or how brands choose whether to include shared endorsements. Facebook does not allow its users to opt out of such ads, which it calls sponsored stories, although users can limit how their actions on the social network are used in some other types of advertising. Google Plus users, on the other hand, will be able to opt out of inclusion in ads on the social network?s settings page. If a Google Plus user has shared comments with a limited set of people, only people in that circle will see the personalized ads. Ratings and reviews on services like Google Plus Local are automatically public and can be used in ads, unless a user opts out of shared endorsements. Google had previously shown so-called Plus 1s, votes of approval similar to Facebook likes, in ads across Google sites and its ad network. Google plans to expand that to include ?follows,? comments, ratings, reviews and other interactions. Those who have already elected to opt out of using Plus 1s in ads will automatically be opted out of the expansion. Though 190 million users post on Google Plus and 390 million use the social network indirectly by sharing on other Google sites like YouTube, Google?s variety of services gives it a potentially wider reach. A user?s Google searches or Gmail correspondence, because they are not considered social interactions, would not be used to generate endorsement ads, although the company uses search history and the content of e-mail to display other ads to users. Currently, Google does not have an ad option incorporating more social data that ready to be used by advertisers, the company said. Instead, the company wants the ability to offer such ads in the future and is notifying users in advance. Although advertising irks some users ? even while it helps support free services ? social ads have proved particularly contentious. James Kanter contributed reporting from Brussels. Page 2 of 2 Facebook recently settled a class-action lawsuit that claimed it had not adequately notified users about how it was using endorsements. In late August, it tried to impose a new privacy policy that would have given the company clearer rights to run social ads without a user?s explicit permission. After privacy groups complained, the Federal Trade Commission began an inquiry into the changes, prompting Facebook to suspend the process. Google, which is under the supervision of the F.T.C. for a previous privacy violation and has agreed to privacy audits and fines for privacy misrepresentations, is taking pains to show that it has considered the privacy implications of the new ads. It will notify users of the change with banners on Google?s home page, in search results, in Google Plus notifications and elsewhere. And posts by users who have registered as being under age 18 will not appear in ads, though their posts can still appear in search results or other places that are not commercial in nature. Shared endorsements are the latest example of the continual push by Google and other Web companies to collate in one place the reams of personal information people share online and use it to personalize people?s online experiences. Privacy advocates say companies do not generally get meaningful consent from their users before using such information. ?Users reasonably expect that their comments should be used as they intended,? said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which has tangled with numerous Internet companies, most recently Facebook, over the use of personal information in ads. ?People don?t typically race around handing their friends leaflets and advertisements.? In Europe, where privacy is considered a personal right, early reaction was skeptical. ?What Google intends to do is get everyone involved in their advertising model without necessarily involving citizens in a decision about whether to participate in that model,? said Jan Philipp Albrecht, a German member of the European Parliament who is the main sponsor of legislation overhauling and updating the bloc's privacy standards, in a telephone interview on Friday. Google?s plan for social advertising is ?something we will have to react to in our legislation,? said Mr. Albrecht, who said he would like European Union governments and legislators to reach a final agreement on the complex law by April next year. James Kanter contributed reporting from Brussels. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 15:11:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 16:11:09 -0400 Subject: [Infowarrior] - Intelligence oversight has some limits in Congress Message-ID: <49D77C1F-64AD-4966-8E08-651135E0E799@infowarrior.org> Intelligence oversight has some limits in Congress By: Tony Romm October 10, 2013 05:04 AM EDT http://dyn.politico.com/printstory.cfm?uuid=6800326D-C598-4CDA-A1EF-B18C9535A6BD The White House insists members of Congress knew full well about the National Security Agency?s almost unabridged ability to scan phone logs and Internet chats for terrorist threats ? and the potential that Americans? communications could be caught in the fray. But evidence of the NSA?s many privacy missteps wasn?t widely shared on Capitol Hill, even during crucial moments when Congress voted to reauthorize the government?s controversial surveillance powers. One Obama administration report provided to lawmakers last year, for example, only opaquely referenced the NSA?s unlawful collection of thousands of Americans? emails. The document, declassified this fall, didn?t mention that a secret court had rebuked the agency for its misleading statements. Adding to the trouble, House leaders possessing the oversight report didn?t explicitly advertise it to members, and some lawmakers in both chambers who did see it weren?t allowed to take notes out of the room, according to documents and congressional staffers. Both the House and Senate still later in 2012 reauthorized some powers under the Foreign Intelligence Surveillance Act, or FISA, one of the laws in question in light of leaks from Edward Snowden. At a time when Congress is rethinking the rules that govern the NSA ? and whether or how to tighten them ? the Hill?s previous lapses raise as many questions about the intelligence agency as they do about congressional oversight. The agency?s chief defenders stress that Congress has done its part. Sen. Dianne Feinstein (D-Calif.), the powerful leader of the chamber?s Intelligence Committee, said at a hearing this month her panel ?informed all senators of additional classified information? as they weighed the NSA?s powers. Rep. Mike Rogers (R-Mich.), her counterpart in the House, emphasized at a POLITICO event on Tuesday that surveillance programs are ?some of the most overseen programs in the government.? But civil liberties leaders see it much differently. ?If a very small number of people on Capitol Hill who are closely tied to the intelligence committees have the data, and others do not, then we can?t have the kind of democratic debate we need,? said Leslie Harris, president and CEO of the Center for Democracy and Technology, adding: ?Secret law and secret oversight are an oxymoron.? The White House did not comment for this story. One mishap ? dating to 2011 ? perhaps precisely illustrates the problem. At issue was a ruling by the so-called FISA court, which reviews government surveillance requests. A judge in 2011 faulted the NSA for unlawfully lapping up some Americans? online communications over a three-year period, and forced the agency to change its data collection and retention practices. The mishap had been classified until the Obama administration ? under pressure to be more transparent ? revealed at the end of August the redacted court orders and opinions. Top White House intelligence officials at the time insisted it wasn?t a ?back door or a surprise,? as Congress had been properly informed about the program?s risks from the start. The House and Senate?s Judiciary and Intelligence committees had access to all of the related NSA court documents and decisions, according to James Clapper, the director of National Intelligence, who explained the process in a memo also released in August. In addition, he said the administration in May 2012 furnished a white paper to the House and Senate Intelligence committees, which were explicitly asked to make it available to all members of Congress. That document detailed the government?s checks and balances at the NSA. The Obama administration?s communication with the Hill, however, didn?t tell the story of an agency rebuked by the FISA court in 2011 for ?a substantial misrepresentation regarding the scope of a major collection program.? Instead, lawmakers got only one paragraph about the mishap, which had been obscured with technical details about ?multi-communication transactions.? Meanwhile, the administration touted the incident as a case study defending the NSA?s existing oversight mechanisms. Additionally, many Hill staff sources interviewed by POLITICO noted it may not have been easy for their bosses to digest that report: Lawmakers in many cases weren?t able to bring their own legal advisers or take notes, and they had to view the document in a special part of the Capitol reserved for classified material. Moreover, the House leaders who held the keys to the report did not loudly broadcast its existence to the rest of the chamber. The chairman of the Intelligence Committee, Rogers, and the panel?s ranking Democrat, Dutch Ruppersberger of Maryland, declined to say whether they even had sent a letter in 2012 informing members there had been a critical document to view. Hill sources say they don?t recall anything of the sort. Party leaders did hold unclassified and classified briefings on FISA, but they occurred just days before the House?s September 2012 vote to reauthorize the law. The Republican briefing, for example, occurred only two days before the House approved the FISA Amendments Act, according to an invite obtained by POLITICO. Yet nowhere in the message, sent Sept. 7, 2012, is any mention of the White House white paper on FISA oversight ? the document that detailed how the agency had erred in collecting U.S. communications. Committee leaders, though, stress they acted appropriately. ?Members were notified of the contents of the white paper through the briefing,? Ruppersberger told POLITICO. ?We felt that a briefing was an appropriate way to notify members of this important issue so that they would have the opportunity to get all of their questions answered immediately.? The congressman continued: ?Some members chose to take advantage of a briefing and some did not. We thought offering a briefing shortly before the vote was held would work best with members? busy schedules and keep the issue fresh in their minds as they cast their vote.? A spokeswoman for Rogers also defended the committee?s conduct. ?The House Intelligence Committee makes it a top priority to inform members about the intelligence issues on which members must vote,? she said. ?This process is always conducted consistent with the committee?s legal obligation to carefully protect the sensitive intelligence sources and methods that our intelligence agencies use to keep the American people safe.? Still, the House Intelligence Committee has faced criticism in the past for failing to share key documents with lawmakers. When Congress earlier in 2011 weighed whether to reauthorize the PATRIOT Act, which allows the government to obtain phone call logs, the administration similarly shared new information with the Hill?s intelligence leaders ? asking them at the time to communicate it to their colleagues. Yet the House?s intelligence chiefs again kept those documents close to the vest. The Washington Post first revealed that lapse in PATRIOT Act oversight in August, which at the time Rogers acknowledged ?very few members? had taken advantage of any related briefing opportunities. That same month, the FISA court issued a legal opinion that reauthorized the NSA?s ability to collect bulk telephone call logs under the law. As it did, a judge pointed to congressional oversight while defending the government?s request. Responding to the criticism, Rogers?s office told POLITICO that the committee ?hosted classified briefings? on both FISA and the PATRIOT Act.? For its part, the Senate Intelligence Committee did notify members in a June 19 ?Dear Colleague? letter that it had a ?classified document that provides an overview of these expiring provisions of FISA,? according to a copy obtained by POLITICO. Perhaps for security reasons, the missive ? signed by Feinstein and the Senate Intelligence Committee?s ranking Republican, Sen. Saxby Chambliss (R-Ga.) ? didn?t call attention to the fact the report vaguely detailed the NSA?s compliance troubles. The report, at the time, had been classified. Since declassified, much of the document remains heavily redacted. The two lawmakers did not comment on record for this story. But an Intelligence Committee aide told POLITICO the committee has been willing to make documents available to any lawmakers who asked ? including the classified, 2011 FISA court opinion. One of the panel?s Republican aides agreed ? the information was available. But the staffer still acknowledged a recognition on the committee that it ?should do more to independently verify that NSA?s operations are appropriate and its reports of compliance incidents are accurate.? Scrutiny may only intensify as Congress embarks on a debate that could result in new law that greatly restrains the NSA?s surveillance authorities. However, the intelligence committees historically complete their work in secret, with the process of writing and marking up legislation happening entirely behind closed doors to protect release of government secrets. Moreover, the committee still has to release full text of any new legislation ? though the bill will be available once a markup occurs, and before anything comes to the Senate floor. ? 2013 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 20:49:23 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 21:49:23 -0400 Subject: [Infowarrior] - TSA Loudspeakers Threaten Travelers With Arrest For Joking About Security Message-ID: <5921A40C-1649-42F2-A84A-5BEE8B6E7246@infowarrior.org> TSA Loudspeakers Threaten Travelers With Arrest For Joking About Security Prisoner training: Don?t complain about your grope down Paul Joseph Watson Infowars.com October 11, 2013 http://www.infowars.com/tsa-loudspeakers-threaten-travelers-with-arrest-for-joking-about-security/ Travelers who crack jokes about the TSA?s ludicrous security procedures could face arrest, according to a new loudspeaker warning being broadcast at airports in the U.S. While traveling through George Bush Intercontinental Airport in Houston, Matt Miller heard a security announcement repeatedly aired on the airport intercom that left him disturbed. ?You are also reminded that any inappropriate remarks or jokes concerning security may result in your arrest,? the loudspeaker message states. These new loudspeaker warnings remind us that the TSA continues to excel at indoctrinating Americans to be well-behaved prisoners via obedience training ? reminding them that they can be disappeared if they dare speak out of turn, even in a humorous way. This is a totally unlawful and illegitimate violation of the First Amendment and is obviously designed to intimidate travelers and stop them from complaining about aggressive grope downs which in some cases involve TSA workers touching travelers? genitals. The message is clear ? grovel and enjoy your genitals being groped or face arrest. The prospect of travelers cracking jokes about airport security procedures is by no means unlikely given the increasing absurdity of the policies being enforced by the TSA. As we reported last year, perhaps the mose ludicrous example is the TSA?s ?freeze? policy, where travelers are ordered to stand in place like statues while TSA agents resolve some unexplained security threat. The TSA has also provoked controversy by implementing other preposterous policies which have a tenuous security justification, most notably a procedure where TSA agents test travelers? drinks for explosives after they have already passed through security and purchased beverages inside the secure area of the airport. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 11 20:57:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Oct 2013 21:57:40 -0400 Subject: [Infowarrior] - NY Comic-Con hijacks attendees' Twitter accounts Message-ID: <5805C776-9AC7-47F7-9EC1-51EA06983FE9@infowarrior.org> New York Comic-Con hijacks attendees' Twitter accounts to send out shilling tweets Cory Doctorow at 8:56 am Fri, Oct 11, 2013 Attendees at New York Comic-Con were required to register their new, RFID-bugged badges online, in a process that encouraged them to link them to their Twitter accounts. Little did they suspect that NYCC would use their signups to send tweets from attendees' Twitter accounts, in a loose, conversational style ("So much pop culture to digest! Can't. handle. the. awesome."), linking back to NYCC's website, without any indication that they were spam. I'm reasonably certain that the fine-print on the NYCC signup gave them permission to do this stupid thing, and I'm also certain that almost no one read the fine-print, and that rather a large number of attendees objected strenuously to having their Twitter accounts used to shill for a service that they were already paying a large sum to enjoy. http://boingboing.net/2013/10/11/new-york-comic-con-hijacks-att.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 12 16:16:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Oct 2013 17:16:52 -0400 Subject: [Infowarrior] - N.S.A. Director Gives Firm and Broad Defense of Surveillance Efforts Message-ID: <22D6BFD2-B57B-44E9-A8D1-9036D965860D@infowarrior.org> N.S.A. Director Gives Firm and Broad Defense of Surveillance Efforts By DAVID E. SANGER and THOM SHANKER Published: October 12, 2013 http://www.nytimes.com/2013/10/13/us/nsa-director-gives-firm-and-broad-defense-of-surveillance-efforts.html FORT MEADE, Md. ? The director of the National Security Agency, Gen. Keith B. Alexander, said in an interview that to prevent terrorist attacks he saw no effective alternative to the N.S.A.?s bulk collection of telephone and other electronic metadata from Americans. But he acknowledged that his agency now faced an entirely new reality, and the possibility of Congressional restrictions, after revelations about its operations at home and abroad. While offering a detailed defense of his agency?s work, General Alexander said the broader lesson of the controversy over disclosures of secret N.S.A. surveillance missions was that he and other top officials have to be more open in explaining the agency?s role, especially as it expands its mission into cyberoffense and cyberdefense. ?Given where we are and all the issues that are on the table, I do feel it?s important to have a public, transparent discussion on cyber so that the American people know what?s going on,? General Alexander said. ?And in order to have that, they need to understand the truth about what?s going on.? General Alexander, a career Army intelligence officer who also serves as head of the military?s Cyber Command, has become the public face of the secret ? and, to many, unwarranted ? government collection of records about personal communications in the name of national security. He has given a number of speeches in recent weeks to counter a highly negative portrayal of the N.S.A.?s work, but the 90-minute interview was his most extensive personal statement on the issue to date. Speaking at the agency?s heavily guarded headquarters, General Alexander acknowledged that his agency, steeped in decades of secrecy, had stumbled in responding to the revelations by Edward J. Snowden, the contractor who stole thousands of documents about the N.S.A.?s most secret programs. But General Alexander insisted that the chief problem was a public misunderstanding about what information the agency collects ? and what it does not ? not the programs themselves. ?We, and that includes the press, have not informed the American people in such a way that they can make a right decision here,? he said. ?The way we?ve explained it to the American people has gotten them so riled up that nobody told them the facts of the program and the controls that go around it,? he added. But he was firm in saying that the disclosures had allowed adversaries, whether foreign governments or terrorist organizations, to learn how to avoid detection by American intelligence and had caused ?significant and irreversible damage? to national security. General Alexander said that he was extremely sensitive to the power of the software tools and electronic weapons being developed by the United States for surveillance and computer-network warfare, and that he set a very high bar for when the nation should use these powerful cybertools for offensive purposes. ?I see no reason to use offensive tools unless you?re defending the country or in a state of war, or you want to achieve some really important thing for the good of the nation and others,? he said. Those comments were prompted by a document in the Snowden trove that said the United States conducted more than 200 offensive cyberattacks in 2011 alone. But American officials say that in reality only a handful of attacks have been carried out. They say the erroneous estimate reflected an inaccurate grouping of other electronic missions. But General Alexander would not discuss any specific cases in which the United States had used those weapons, including the best-known example: its years-long attack on Iran?s nuclear enrichment facility at Natanz. To critics of President Obama?s administration, that decision made it easier for China, Iran and other nations to justify their own use of cyberweapons. General Alexander, who became the N.S.A. director in 2005, will retire early next year. The timing of his departure was set in March when his tour was extended for a third time, according to officials, who said it had nothing to do with the surveillance controversy spawned by the leaks. The appointment of his successor is likely to be a focal point of Congressional debate over whether the huge infrastructure that was built during his tenure will remain or begin to be restricted. Senator Patrick J. Leahy, a Vermont Democrat who leads the Senate Judiciary Committee, has already drafted legislation to eliminate the N.S.A.?s ability to systematically obtain Americans? calling records. And Representative Jim Sensenbrenner, a Wisconsin Republican and co-author of the Patriot Act, is drafting a bill that would significantly cut back on domestic surveillance programs. General Alexander was by turns folksy and firm in the interview. But he was unapologetic about the agency?s strict culture of secrecy and unabashed in describing its importance to defending the nation. That culture is embodied by two installations that greet visitors to Fort Meade. One is a wall to honor N.S.A. personnel killed on overseas missions. The other is a tribute to the Enigma program, the code-breaking success that helped speed the end of World War II and led to the creation of the N.S.A. The intelligence community kept Enigma secret for three decades. General Alexander insisted that it would have been impossible to have made public, in advance of the revelations by Mr. Snowden, the fact that the agency collected what it calls the ?business records? of all telephone calls, and many other electronic communications, made in the United States. The agency is under rules preventing it from investigating that so-called haystack of data unless it has a ?reasonable, articulable? justification, involving communications with terrorists abroad, he added. But he said the agency had not told its story well. As an example, he said, the agency itself killed a program in 2011 that collected the metadata of about 1 percent of all of the e-mails sent in the United States. ?We terminated it,? he said. ?It was not operationally relevant to what we needed.? However, until it was killed, the N.S.A. had repeatedly defended that program as vital in reports to Congress. Senior officials also said that one document in the Snowden revelations, an agreement with Israel, had been misinterpreted by those who believed that it meant the N.S.A. was sharing raw intelligence data on Americans, including the metadata on phone calls. Officials said the probability of American content in the shared data was extremely small. General Alexander said that confronting what he called the two biggest threats facing the United States ? terrorism and cyberattacks ? would require the application of expanded computer monitoring. In both cases, he said, he was open to much of that work being done by private industry, which he said could be more efficient than government. In fact, he said, a direct government role in filtering Internet traffic into the United States, in an effort to stop destructive attacks on Wall Street, American banks and the theft of intellectual property, would be inefficient and ineffective. ?I think it leads people to the wrong conclusion, that we?re reading their e-mails and trying to listen to their phone calls,? he said. Although he acknowledged that the N.S.A. must change its dialogue with the public, General Alexander was adamant that the agency adhered to the law. ?We followed the law, we follow our policies, we self-report, we identify problems, we fix them,? he said. ?And I think we do a great job, and we do, I think, more to protect people?s civil liberties and privacy than they?ll ever know.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 13 07:21:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Oct 2013 08:21:49 -0400 Subject: [Infowarrior] - OT: China Calls for World to Be 'De-Americanised' Message-ID: (When China starts issuing such statements publicly, you *know* things are about to get real. --rick) Debt Ceiling: China Calls for World to Be 'De-Americanised' Chinese government mouthpiece says 'Pax Americana' has failed on all fronts By Jijo Jacob : Subscribe to Jijo's RSS feed | October 13, 2013 9:17 AM BST http://www.ibtimes.co.uk/articles/513431/20131013/china-debt-ceiling-shutdown-xinhua-de-emericanised.htm Xinhua calls for de-Americanised world China's official news agency has called for the creation of a "de-Americanised world", saying the destinies of people should not be left in the hands of a hypocritical nation with a dysfunctional government. Heaping criticism and caustic ridicule on Washington, the Xinhua news agency called the US a civilian slayer, prisoner torturer and meddler in others' affairs, and said the 'Pax Americana' was a failure on all fronts. The official news agency of China, which is seen as the pretender to the world's superpower crown, then rubbed in more salt, calling American economic pre-eminence just a seeming dominance. "As US politicians of both political parties are still shuffling back and forth between the White House and the Capitol Hill without striking a viable deal to bring normality to the body politic they brag about, it is perhaps a good time for the befuddled world to start considering building a de-Americanised world," the editorial said. It asks why the self-declared protector of the world is sowing mayhem in the financial markets by failing to resolve political differences over key economic policy. "... the cyclical stagnation in Washington for a viable bipartisan solution over a federal budget and an approval for raising debt ceiling has again left many nations' tremendous dollar assets in jeopardy and the international community highly agonised," the agency said. It is not the first time Chinese leadership and newspapers have criticised Washington over a policy paralysis that threatens to devalue its dollar assets. According to US Treasury Department data, China is the biggest foreign owner of US Treasuries at $1.28 trillion as of July. Besides, China also holds close to $3.5 trillion of dollar-denominated assets. A US debt default and consequent credit downgrade would significantly erode the value of China's holdings. As the first step in creating a de-Americanised world, all nations must try to shape an international system that respects the sovereignty of all nations and ensures the US keeps out of the domestic affairs of others, Xinhua said. "The developing and emerging market economies need to have more say in major international financial institutions including the World Bank and the International Monetary Fund, so that they could better reflect the transformations of the global economic and political landscape," the editorial says. It also called for an end to the use of the US dollar as the international reserve currency, a step that would ensure the international community could maintain a safe distance from the side-effects of domestic political turmoil in the United States. To report problems or to leave feedback about this article, e-mail: j.jacob at ibtimes.co.uk To contact the editor, e-mail: editor at ibtimes.co.uk --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 13 08:36:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Oct 2013 09:36:05 -0400 Subject: [Infowarrior] - Where War Reporting Goes Wrong Message-ID: <8DBE2F3F-869B-4532-BA64-018ECB5F6207@infowarrior.org> Long, but well-worth reading. ---rick OCTOBER 07, 2013 A Diary of Four Wars Where War Reporting Goes Wrong by PATRICK COCKBURN, Counterpunch http://www.counterpunch.org/2013/10/07/where-war-reporting-goes-wrong/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 13 13:14:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Oct 2013 14:14:08 -0400 Subject: [Infowarrior] - CMU Cylab SafeSlinger for mobiles Message-ID: <39D5B7D4-0E84-4BD5-B65E-FC1AB6106009@infowarrior.org> ---SafeSlinger App for mobile devices http://www.cylab.cmu.edu/safeslinger/ SafeSlinger makes sending secure messages easy. Just keep your passphrase a secret, and only you and the other party can read messages. Messages cannot be read by your cellular carrier, Internet-provider, employer, or anyone else. SafeSlinger is the result of research at Carnegie Mellon?s CyLab that resolves a specific security problem. The problem: How can we start a trusted relationship between people, on the fly, without people having sophisticated knowledge of security protocols? Users regularly experience a crisis of confidence on the Internet. Is that email truly originating from the claimed individual? Is that Facebook invitation indeed from that person or is it a fake page set up by an impersonator? These doubts are usually resolved through a leap of faith, expressing the desperation of users. To establish a secure basis for Internet communication, we have implemented SafeSlinger, a system leveraging the proliferation of smartphones to enable people to securely and privately exchange their public keys. Through the exchanged authentic public key, SafeSlinger establishes a secure channel offering secrecy and authenticity, which we use to support secure messaging and file exchange. Essentially, we support an abstraction to safely ?sling? information from one device to another. SafeSlinger also provides an API for importing applications? public keys into a user?s contact information. By slinging entire contact entries to others, we support secure introductions, as the contact entry includes the SafeSlinger public keys as well as other public keys that were imported. As a result, SafeSlinger provides an easy-to-use and understand approach for trust establishment among people. Cryptography alone cannot address this problem. We have many useful protocols such as SSL or PGP for entities that already share authentic key material, but the root of the problem still remains: how do we obtain the authentic public key from the intended resource or individual? The global certification process for SSL is not without drawbacks and weaknesses, and the usability challenges of decentralized mechanisms such as PGP are well-known. The problem of human-oriented, trust establishment is fundamental; no amount of automation and ?fail-safe? defaults can avoid the need for basic trust decisions to be made by humans (system administrators and ordinary users alike), since they ultimately assume the risks of digital communication, accessing remote sites, allowing remote access to their local resources, and employing other users? services. Of course ordinary users can extensively rely on system administrators? help in making trust decisions. However, ordinary users inevitably face challenging decisions alone; most users at home, on travel, on vacation, or in small businesses do not benefit from skilled help. All this while the need and temptation to use new online services steadily increases. To realize the vision of secure online communication, we need to overcome several human challenges: some users are ambivalent about security or privacy, most users lack security expertise, and many users prefer convenience over security and may not want to expend much effort for security. To counteract these challenges, we designed SafeSlinger as an easy-to-use application that offers many benefits to drive usage. Per Metcalfe?s law, the utility of a system grows with the square of the number of users. Our goal is thus to provide immediate utility to enable epidemic growth. We achieve immediate utility through the robust exchange of contact list information between different smartphone platforms, which does not require any location information or leak private information outside the participating phones. SafeSlinger also provides simple and secure messaging and file transfer that is immediately usable. Because the messages are encrypted and require a password to access, many teens may find this appealing to protect their messages from peers and parents. Through free multi-platform applications available on smartphone markets, open documentation, and open-source code, we anticipate wide adoption of SafeSlinger. Assuming wide adoption, we hope to provide usable and secure communication for the masses, and a security platform that will enable numerous security services and applications. Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 13 19:18:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Oct 2013 20:18:02 -0400 Subject: [Infowarrior] - Paper - FPDetective: Dusting the Web for Fingerprinters Message-ID: FPDetective: Dusting the Web for Fingerprinters KU Leuven, Dept. of Electrical Engineering (ESAT), COSIC, iMinds, Leuven, Belgium {gunes.acar,marc.juarez,claudia.diaz,seda.guerses,bart.preneel}@esat.kuleuven.be IIIA-CSIC, Bellaterra, Spain mjuarez at iiia.csic.es KU Leuven, Dept. of Computer Science, iMinds-DistriNet, Leuven, Belgium {nick.nikiforakis,frank.piessens}@cs.kuleuven.be New York University, Dept. of Media, Culture, and Communication, NY, USA ABSTRACT In the modern web, the browser has emerged as the vehicle of choice, which users are to trust, customize, and use, to access a wealth of information and online services. However, recent studies show that the browser can also be used to invisibly ngerprint the user: a practice that may have serious privacy and security implications. In this paper, we report on the design, implementation and deployment of FPDetective, a framework for the de- tection and analysis of web-based ngerprinters. Instead of relying on information about known ngerprinters or third- party-tracking blacklists, FPDetective focuses on the detec- tion of the ngerprinting itself. By applying our framework with a focus on font detection practices, we were able to conduct a large scale analysis of the million most popular websites of the Internet, and discovered that the adoption of ngerprinting is much higher than previous studies had estimated. Moreover, we analyze two countermeasures that have been proposed to defend against ngerprinting and nd weaknesses in them that might be exploited to bypass their protection. Finally, based on our ndings, we discuss the current understanding of ngerprinting and how it is re- lated to Personally Identi able Information, showing that there needs to be a change in the way users, companies and legislators engage with fi ngerprinti..... http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 14 06:19:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Oct 2013 07:19:45 -0400 Subject: [Infowarrior] - Brazil announces secure email to counter US spying Message-ID: <67964422-9B44-4683-8232-F54D0C1C0A3C@infowarrior.org> Brazil announces secure email to counter US spying Brazilian President Dilma Rousseff in Brasilia on October 8, 2013 http://www.france24.com/en/20131014-brazil-announces-secure-email-counter-us-spying AFP - Brazilian President Dilma Rousseff announced Sunday that her government was creating a secure email system to try and shield official communications from spying by the United States and other countries. "We need more security on our messages to prevent possible espionage," Rousseff said on Twitter, ordering the Federal Data Processing Service, or SERPRO, to implement a safe email system throughout the federal government. The agency, which falls under Brazil's Finance Ministry, develops secure systems for online tax returns and also creates new passports. The move came after Rousseff publicly condemned spying against Brazilian government agencies attributed to the United States and Canada. "This is the first step toward extending the privacy and inviolability of official posts," Rousseff said. After bringing her complaints against US intelligence agencies to the United Nations General Assembly last month and canceling a state visit to Washington, Rousseff announced that the country will host an international conference on Internet governance in April. In recent months, Brazilian media outlets have published documents showing that the US National Security Agency's spied on Rousseff's official communications, her close associates and state-controlled oil giant Petrobras. The information was revealed by Edward Snowden, a 30-year-old former NSA contractor who has sought refuge in Russia and is wanted by the United States after revealing details of the agency's massive snooping activities. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 14 06:22:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Oct 2013 07:22:15 -0400 Subject: [Infowarrior] - Privacy Fears Grow as Cities Increase Surveillance Message-ID: <515711F2-AC05-4B72-8331-736099E801CF@infowarrior.org> Privacy Fears Grow as Cities Increase Surveillance By SOMINI SENGUPTA Published: October 13, 2013 http://www.nytimes.com/2013/10/14/technology/privacy-fears-as-surveillance-grows-in-cities.html?hp&_r=0 The new system, scheduled to begin next summer, is the latest example of how cities are compiling and processing large amounts of information, known as big data, for routine law enforcement. And the system underscores how technology has enabled the tracking of people in many aspects of life. The police can monitor a fire hose of social media posts to look for evidence of criminal activities; transportation agencies can track commuters? toll payments when drivers use an electronic pass; and the National Security Agency, as news reports this summer revealed, scooped up telephone records of millions of cellphone customers in the United States. Like the Oakland effort, other pushes to use new surveillance tools in law enforcement are supported with federal dollars. The New York Police Department, aided by federal financing, has a big data system that links 3,000 surveillance cameras with license plate readers, radiation sensors, criminal databases and terror suspect lists. Police in Massachusetts have used federal money to buy automated license plate scanners. And police in Texas have bought a drone with homeland security money, something that Alameda County, which Oakland is part of, also tried but shelved after public protest. Proponents of the Oakland initiative, formally known as the Domain Awareness Center, say it will help the police reduce the city?s notoriously high crime rates. But critics say the program, which will create a central repository of surveillance information, will also gather data about the everyday movements and habits of law-abiding residents, raising legal and ethical questions about tracking people so closely. Libby Schaaf, an Oakland City Council member, said that because of the city?s high crime rate, ?it?s our responsibility to take advantage of new tools that become available.? She added, though, that the center would be able to ?paint a pretty detailed picture of someone?s personal life, someone who may be innocent.? For example, if two men were caught on camera at the port stealing goods and driving off in a black Honda sedan, Oakland authorities could look up where in the city the car had been in the last several weeks. That could include stoplights it drove past each morning and whether it regularly went to see Oakland A?s baseball games. For law enforcement, data mining is a big step toward more complete intelligence gathering. The police have traditionally made arrests based on small bits of data ? witness testimony, logs of license plate readers, footage from a surveillance camera perched above a bank machine. The new capacity to collect and sift through all that information gives the authorities a much broader view of the people they are investigating. For the companies that make big data tools, projects like Oakland?s are a big business opportunity. Microsoft built the technology for the New York City program. I.B.M. has sold data-mining tools for Las Vegas and Memphis. Oakland has a contract with the Science Applications International Corporation, or SAIC, to build its system. That company has earned the bulk of its $12 billion in annual revenue from military contracts. As the federal military budget has fallen, though, SAIC has diversified to other government agency projects, though not without problems. The company?s contract to help modernize the New York City payroll system, using new technology like biometric readers, resulted in reports of kickbacks. Last year, the company paid the city $500 million to avoid a federal prosecution. The amount was believed to be the largest ever paid to settle accusations of government contract fraud. SAIC declined to comment. Even before the initiative, Oakland spent millions of dollars on traffic cameras, license plate readers and a network of sound sensors to pick up gunshots. Still, the city has one of the highest violent crime rates in the country. And an internal audit in August 2012 found that the police had spent $1.87 million on technology tools that did not work properly or remained unused because their vendors had gone out of business. The new center will be far more ambitious. From a central location, it will electronically gather data around the clock from a variety of sensors and databases, analyze that data and display some of the information on a bank of giant monitors. The center will collect feeds from cameras at the port, traffic cameras, license plate readers and gunshot sensors. The center will also be integrated next summer with a database that allows police to tap into reports of 911 calls. Renee Domingo, the city?s emergency services coordinator, said school surveillance cameras, as well as video data from the regional commuter rail system and state highways, may be added later. Far less advanced surveillance programs have elicited resistance at the local and state level. Iowa City, for example, recently imposed a moratorium on some surveillance devices, including license plate readers. The Seattle City Council forced its police department to return a federally financed drone to the manufacturer. In Virginia, the state police purged a database of millions of license plates collected by cameras, including some at political rallies, after the state?s attorney general said the method of collecting and saving the data violated state law. But for a cash-starved city like Oakland, the expectation of more federal financing makes the project particularly attractive. The City Council approved the program in late July, but public outcry later compelled the council to add restrictions. The council instructed public officials to write a policy detailing what kind of data could be collected and protected, and how it could be used. The council expects the privacy policy to be ready before the center can start operations. The American Civil Liberties Union of Northern California described the program as ?warrantless surveillance? and said ?the city would be able to collect and stockpile comprehensive information about Oakland residents who have engaged in no wrongdoing.? The port?s chief security officer, Michael O?Brien, sought to allay fears, saying the center was meant to hasten law-enforcement response time to crimes and emergencies. ?It?s not to spy on people,? he said. Steve Spiker, research and technology director at the Urban Strategies Council, an Oakland nonprofit organization that has examined the effectiveness of police technology tools, said he was uncomfortable with city officials knowing so much about his movements. But, he said, there is already so much public data that it makes sense to enable government officials to collect and analyze it for the public good. Still, he would like to know how all that data would be kept and shared. ?What happens,? he wondered, ?when someone doesn?t like me and has access to all that information?? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 14 09:01:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Oct 2013 10:01:56 -0400 Subject: [Infowarrior] - How a Growing Cyber Security Industry Is Manipulating You Message-ID: <0DE14491-E7DF-4B21-8CC4-51641A7E056C@infowarrior.org> How a Growing Cyber Security Industry Is Manipulating You ? Christian Stork http://www.policymic.com/articles/66727/how-a-growing-cyber-security-industry-is-manipulating-you With the world being integrated through access to the web, it?s hardly a shock to hear American officials and politicians voice concerns about the threat posed by ?hackers? and ?cyberwarfare? to American national security. But as with all warnings regarding the state?s villain du jour, a significant gap exists between the rhetoric and the reality. To evaluate claims made by ?cybersecurity? or ?information security? (InfoSec) advocates, either in government or industry (and usually both), one must understand exactly what types of hacking they're claiming poses a threat. Within cyberwarfare, there are two variants: espionage and sabotage. Cyber espionage refers to the intrusion into computer systems for the purposes of gathering information. This is by far the most common form of hacking that occurs between states. If done to pilfer economic intelligence, it can be damaging to the profits of companies trying to protect trade secrets or intellectual property. If targeting government facilities, it can spill secrets into the hands of geopolitical competitors. And as President Obama has made clear, even concerned citizens who use their access to leak secrets to the American public will be considered spies and "hackers," the definitions of which broaden at executive will. Judged in terms of potential damage caused, cybersabotage is the real threat ? which is why it likely is touted so often. This refers to computer network penetration for the purposes of disrupting a target?s industrial capabilities. In the case of critical infrastructure ? such as nuclear plants, water treatment facilities, and communications networks ? defense against this sort of intrusion seems reasonable, as the harm caused by the American-Israeli Stuxnet virus should make evident. But the ability to protect such areas of import are well within current means. For example, even the Stuxnet virus had to be introduced by spies within the Iranian nuclear program via USB drives because the computer systems in control of the Siemens industrial machinery were never built to be connected to the internet. Compartmentalization of networks is the easiest way to limit liability from without. Many of the hypothetical scenarios promoted by cybersecurity sages are easily debunked. Even the White House?s former cybersecurity Czar had to push back against the onslaught of alarmism that conflates cyberespionage, cybersabotage, and their respective dangers. Furthermore, the solutions proffered to confront the threat of cyberwar go far beyond their stated objectives, raising serious concern over their intent from the beginning. Nowhere was this more visible than in the debate over the now-shelved-but-not-dead Cyber Intelligence Sharing and Prevention Act (CISPA). The ostensible aim of CISPA ? first introduced in 2011 by House Intelligence Committee members Mike Rogers and ?Dutch? Ruppersberger, both drowning in defense and intelligence industry cash ? was to facilitate information sharing between government and private industry to mitigate the potential for cybersabotage. But the devilish details within told a different story: A definition nearly without limit of what customer information Internet Service Providers (ISPs) could share with the government, and very few restrictions on how Leviathan could then use that information. If passed, the bill would have effectively nullified a number of laws that provide judicial oversight and privacy protections to prevent companies from sharing your details willy-nilly. To critics, CISPA reeked of a massive power grab by the national security establishment to gather (even more) data on American citizens, while insulating private sector collaborators from any legal reproach. It aimed to be to the ISPs what the 2008 FISA Amendments Act (FAA) was to many of the same companies in their role as telecoms. So why are government officials and cybersecurity ?experts? hyping up and conflating the many forms of hacking into one big, scary, indistinguishable threat? Two (redundant) words: cash money. By 2015, the U.S. government is expected to spend $10.5 billion per year on cybersecurity, while the worldwide market is estimated to be between $80-140 billion a year. Defense contracting behemoths who live as leeches on the public dime are hip to the scheme, with L-3 Communications, SAIC, and Lockheed Martin all launching cybersecurity branches in recent years. And the same people hawking the threat also happen to sell solutions. Isn't that convenient? As an outgoing president so astutely pointed out 54 years ago, when an industry is created that exists exclusively on government security contracts, they?re incentivized to make the public feel insecure so they stay fed. The money can then be channeled back into Congressional coffers to ensure future contracts and lax oversight. Et voila, you have the Iron Triangle between business and politics. As corrosive as that arrangement can be to representative democracy, it can be even more harmful to the truth. As such, don?t expect to hear anything but hype over the threat posed by scary people on the internet ? and always check to see who?s paying the bills of the Chicken Littles spouting it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 14 18:43:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Oct 2013 19:43:45 -0400 Subject: [Infowarrior] - NSA collects millions of e-mail address books globally Message-ID: <5A716025-C776-4997-9A38-484452F01E4D@infowarrior.org> (c/o Ferg) Another revelation: "The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top secret documents provided by former NSA contractor Edward Snowden. " "The collection program, which has not been disclosed before, intercepts e-mail address books and 'buddy lists' from instant messaging services as they move across global data links. Online services often transmit those contacts when a user logs on, composes a message, or synchronizes a computer or mobile device with information stored on remote servers." < - > http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 06:37:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 07:37:15 -0400 Subject: [Infowarrior] - =?windows-1252?q?Gov=92t_moves_to_keep_NSA_survei?= =?windows-1252?q?llance_lawsuit_away_from_Supreme_Court?= Message-ID: <95098C09-0CBC-4BDB-8657-140D5797FF57@infowarrior.org> Gov?t moves to keep NSA surveillance lawsuit away from Supreme Court Gov't doesn't want critics of NSA spying to take their case to the high court. by Joe Mullin - Oct 14 2013, 9:00pm EDT http://arstechnica.com/tech-policy/2013/10/govt-moves-to-keep-nsa-surveillance-lawsuit-away-from-supreme-court/ Not long after widespread NSA phone surveillance was revealed by a series of leaks this summer, the Electronic Privacy Information Center, a privacy-oriented nonprofit, tried a bold and novel legal tactic: it appealed straight to the Supreme Court, asking for an immediate shutdown of the program. The high court was the only place to turn, wrote EPIC, because it can't go to Foreign Intelligence Surveillance Court (FISC), which actually authorized the orders. EPIC's argument was straightforward: the FISC could only authorize NSA spying on foreigners, not Americans. Now Solicitor General Donald Verrilli, who represents the Obama Administration at the Supreme Court, has advised the justices not to take the case. It's not a surprising move. Just the publicity of a Supreme Court debate over NSA spying would be a giant headache for the administration; not to mention, the government obviously doesn't want the program shut down. In the brief, published on EPIC's website today, the government argues that there's no justification for an immediate move to the Supreme Court. First of all, only the government itself or the actual recipient of an order (Verizon, in this case) can ask for a FISC court order to be reviewed, writes the solicitor general. And even if the Supreme Court should disagree with the government's view that EPIC can't challenge the telephone data program, they should at least force the group to file in district court and not allow it to hop straight to the Supreme Court. "That is the ordinary means to challenge assertedly unlawful government action, and petitioner has identified no special circumstances here that require its statutory challenge to begin in this court," writes the government. The brief also includes some description of the "Telephony Records Program," which builds a database of calls that "may be accessed only for counterterrorism purposes," the solicitor general writes. The brief goes on to describe how queries are "limited to records of communications within three 'hops' from the seed." "As of October 1, 2013, 14 different judges of the FISC, on 34 separate occasions, have approved... orders directing telecommunications service providers to produce records." EPIC wasn't "subject to, named in, or served with that [leaked Verizon] order." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 06:53:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 07:53:02 -0400 Subject: [Infowarrior] - 20% false positive rate okay for FBI Message-ID: <690BCE37-C123-4238-A87C-3DDB4255F6B0@infowarrior.org> Facial Recognition Software That Returns Incorrect Results 20% Of The Time Is Good Enough For The FBI from the 80%-of-the-time,-it-works-EVERY-time dept When deploying technology that has the potential to put actual human beings behind bars, what should be the acceptable margin of error? Most human beings, especially those who haven't committed any crime due to their natural aversion to being housed with actual criminals, would prefer (as if they had a choice) this number to be as close to zero as humanly (and technologically) possible. The FBI, on the other hand, which possesses the technology and power to nudge people towards years of imprisonment, apparently feels a one-in-five chance of bagging the wrong man (or woman) is no reason to hold off on the implementation of facial recognition software. Documents acquired by EPIC (Electronic Privacy Information Center) show the FBI rolled out a ton of new tech (under the name NGI -- "Next Generation Identification") with some very lax standards. While fingerprints are held to a more rigorous margin of error (5% max -- which is still a 1-in-20 "acceptable" failure rate), facial recognition is allowed much more leeway. (The TAR [True Acceptance Rate] details begin on page 247.) < - > http://www.techdirt.com/articles/20131010/07182224824/facial-recognition-software-that-returns-incorrect-results-20-time-is-good-enough-fbi.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 08:51:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 09:51:42 -0400 Subject: [Infowarrior] - Amaze project aims to take 3D printing 'into metal age' Message-ID: <17817132-EAC2-438E-AAE2-67DE00DA8948@infowarrior.org> 5 October 2013 Last updated at 06:22 ET Amaze project aims to take 3D printing 'into metal age' By James Morgan Science reporter, BBC News http://www.bbc.co.uk/news/science-environment-24528306?print=true The European Space Agency has unveiled plans to "take 3D printing into the metal age" by building parts for jets, spacecraft and fusion projects. The Amaze project brings together 28 institutions to develop new metal components which are lighter, stronger and cheaper than conventional parts. Additive manufacturing (or "3D printing") has already revolutionised the design of plastic products. Printing metal parts for rockets and planes would cut waste and save money. The layered method of assembly also allows intricate designs - geometries which are impossible to achieve with conventional metal casting. Parts for cars and satellites can be optimised to be lighter and - simultaneously - incredibly robust. Tungsten alloy components that can withstand temperatures of 3,000C were unveiled at Amaze's launch on Tuesday at London Science Museum. At such extreme temperatures they can survive inside nuclear fusion reactors and on the nozzles of rockets. "We want to build the best quality metal products ever made. Objects you can't possibly manufacture any other way," said David Jarvis, Esa's head of new materials and energy research. "To build a [fusion reactor], like Iter, you somehow have to take the heat of the Sun and put it in a metal box. "3,000C is as hot as you can imagine for engineering. "If we can get 3D metal printing to work, we are well on the way to commercial nuclear fusion." Amaze is a loose acronym for Additive Manufacturing Aiming Towards Zero Waste and Efficient Production of High-Tech Metal Products. The 20m-euro project brings together 28 partners from European industry and academia - including Airbus, Astrium, Norsk Titanium, Cranfield University, EADS, and the Culham Centre for Fusion Energy. Factory sites are being set up in France, Germany, Italy, Norway and the UK to develop the industrial supply chain. Amaze researchers have already begun printing metal jet engine parts and aeroplane wing sections up to 2m in size. These high-strength components are typically built from expensive, exotic metals such as titanium, tantalum and vanadium. Using traditional casting techniques often wastes precious source material. Additive manufacturing - building parts up layer-on-layer from 3D digital data - produces almost "zero waste". "To produce one kilo of metal, you use one kilo of metal - not 20 kilos," says Esa's Franco Ongaro. "We need to clean up our act - the space industry needs to be more green. And this technique will help us." Printing objects as a single piece - without welding or bolting - can make them both stronger and lighter. A weight reduction of even 1kg for a long range aircraft will save hundred of thousands of dollars over its lifespan. "Our ultimate aim is to print a satellite in a single piece. One chunk of metal, that doesn't need to be welded or bolted," said Jarvis. "To do that would save 50% of the costs - millions of euros." But Jarvis is candid about the problems and inefficiencies that still need to be overcome - what he calls the "dirty secrets" of 3D printing. "One common problem is porosity - small air bubbles in the product. Rough surface finishing is an issue too," he said. "We need to understand these defects and eliminate them - if we want to achieve industrial quality. "And we need to make the process repeatable - scale it up. "We can't do all this unless we collaborate between industries - space, fusion, aeronautics. "We need all these teams working together and sharing." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 08:56:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 09:56:49 -0400 Subject: [Infowarrior] - =?windows-1252?q?Are_Hollywood=92s_Artificial_Rel?= =?windows-1252?q?ease_Delays_Driving_Piracy=3F?= Message-ID: Are Hollywood?s Artificial Release Delays Driving Piracy? ? Ernesto ? October 15, 2013 http://torrentfreak.com/are-hollywoods-artificial-release-delays-driving-piracy-131015/ Is Hollywood partly to blame for the high piracy rates of some movies? A newly launched website suggests that this may be the case, as it shows that the most pirated movies are not available to stream, buy or rent legally. While the movie industry has built its business on release delays, people?s viewing demands are changing rapidly up to the point where and Hollywood may want to reconsider its model. Every day millions of people download the latest Hollywood blockbusters though unauthorized sources. The movie industry is not happy with the ever-increasing piracy rates and has called out Google and other stakeholders to ?do more? to help. At the same time, Hollywood keeps emphasizing the many legal options that are available to the public. A few months ago the MPAA launched the website WhereToWatch.org which provides an overview of dozens of legal video outlets that are available in the United States. ?Audiences want seamless access to film and TV shows. Our industry has listened, and we are now delivering more choices than ever before,? MPAA boss Senator Dodd said at the time. ?There have never been more ways to access movies and television legitimately online, and those platforms continue to grow and develop thanks in large part to a copyright system that encourages innovation, risk and growth,? Dodd added. While this sounds great, the WhereToWatch site doesn?t change the fact that many of the newer releases are simply not available online due to artificial release lags. After a movie?s box office premiere it usually takes months before people can access it online. This mismatch prompted public policy researchers at George Mason University?s Mercatus Center to take a close look at the online availability of some of the most pirated movies. On the newly launched Piracydata.org the researchers use TorrentFreak?s weekly lists of most pirated movies combined with information from CanIStreamIt to come up with an overview of the availability of these titles. The results from this week are listed below, and it?s clear that more than half of the movie titles don?t have any legal options at all, while none are available for streaming. TorrentFreak talked to Jerry Brito, director of Mercatus Center?s Technology Policy Program and one of the people behind the PiracyData website. Brito tells us that the MPAA and RIAA complaints that Google is placing pirate search results above legal alternatives was one of the motivations to look into the legal availability. ?We are compiling a dataset to help answer the question: Are the most-pirated movies available legally online? With only three weeks of data, the answer seems to be that very few are available legally. We?ll get a clearer picture in the months ahead as the dataset grows,? Brito says. The lack of legal alternatives they have found so far means that Google sometimes has no other choice than to place pirate sites high in the search results, as there simply are no authorized options available. ?One implication may be that when movies are unavailable, illegal sources are the most relevant search results, so search engines like Google are just telling it like it is. That is their job, after all,? Brito says. While the current dataset is limited to three weeks, it?s quite telling that of all movies listed none was available for streaming, while only 13% could be rented. Brito notes that the data doesn?t prove a causal effect between availability and piracy, but that it?s clear that Hollywood can ?do more? to increase access to popular movies themselves. ?While there is no way to draw causality between the fact that these movies are not available legally and that they are the most pirated, it does highlight that while the MPAA is asking Google to take voluntary action to change search results, it may well be within the movie studio?s power to change those results by taking voluntary action themselves.? ?They could make more movies available online and sooner, perhaps by collapsing the theatrical release window. Now, their business model is their prerogative, and it?s none of my business to tell them how to operate, but by the same token I don?t see how they can expect search engines and Congress to bend over backwards to protect the business model they choose,? Brito adds. Whether Hollywood will take up this suggestion has yet to be seen. Some movie studios have experimented a bit with shorter release delays, but unlike the TV and music industry it is still the core of its business model. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 09:15:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 10:15:20 -0400 Subject: [Infowarrior] - DiFi plays the 9/11 card to justify surveillance Message-ID: <1B7280A2-E4A1-4D00-8E62-AF5251A1D467@infowarrior.org> Dianne Feinstein Plays The 9/11 Card For Why The NSA Should Keep Spying On Every American http://www.techdirt.com/articles/20131014/12095624868/dianne-feinstein-plays-911-card-why-nsa-should-keep-spying-every-american.shtml from the because-FEAR! dept Given that others in the intelligence community have played the 9/11 card repeatedly, it really was only a matter of time until co-dependent "oversight" boss Senator Dianne Feinstein decided to trot out the same clearly bogus claptrap. She's now done so in a Wall Street Journal op-ed (behind the paywall, but if you Google it, you can read it), which makes arguments that are simply not true. < - > t seems to me that the "lesson of 9/11" is that blatantly dishonest politicians will call out to 9/11 when it's been proven that they realize they have no actual argument for supporting the surveillance state and clear violations of the 4th Amendment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 14:23:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 15:23:28 -0400 Subject: [Infowarrior] - Malay fund managers move servers to Russia amid 'dodge NSA' tech-trend Message-ID: Malay fund managers move servers to Russia amid 'dodge NSA' tech-trend Published time: October 15, 2013 05:03 Edited time: October 15, 2013 15:23 http://rt.com/news/governments-businesses-evading-nsa-196/ Private telecom providers, businesses and governments are increasingly compelled to move or reinforce web operations following disclosures of the NSA?s mass internet surveillance programs made by whistleblower Edward Snowden. Brazil is set to vote on the creation of a cyber-security system to thwart National Security Agency espionage of Brazilian government systems. US surveillance led by the NSA had infiltrated the highest levels of Brazil?s administration. The largest telecom provider in Germany, the formerly-state-run Deutsche Telekom, is seeking to keep their service in-country, out of the reach of foreign spying. But much smaller internet companies are also feeling the need, based on customer demand and common sense, to move their servers out of the reach of the NSA and the United States? partners in global surveillance, Australia, Canada, New Zealand and the UK - the ?Five Eyes.? Some have interests in Russia, like the Malaysia-based finance advisory firm, Najadi & Partners, which registered its servers using the .ru domain. ?In Russia data is protected by law? Snowden?s leaks showed that neither .com, nor European Internet domains can be trusted if you want your data to be private and safe, the president of Najadi & Partners, Pascal Najadi, told RT. ?Once reality conquers over illusion, it?s time to wake up,? Najadi told RT?s Aleksey Yaroshevsky. Najadi said that the decision to have his company?s servers moved to Moscow was driven by ?logic? and ?common sense,? with no direct business interest. Once Snowden?s files revealed the scale of the American and allied agencies? data snooping, the company ?decided to act accordingly.? In Russia, one?s data is protected by law, Najadi believes. Moreover, Russia is ?a protector of peace,? he said, adding that Russian President Vladimir Putin ?just saved the world from a serious, serious war,? referring to the diplomatic developments around the Syrian crisis. Najadi then pointed out there is an ?enormous? interest in his decision from global partners and media, adding he is ?sure there will be a follow-up.? ?We?re setting a trend. We?re not into Internet business ? we?re a consultancy firm, and we do not gain more business through having a .ru. Having said that, it shows our clients that we take confidentiality serious, and that is the message between the lines,? Najadi explained. While Najadi, as a head of a multibillion dollar family business, may be pioneering such step, foreign companies, including major international brands, have been steadily showing interest in having their sites registered in .ru domain, RT?s Yaroshevsky learned at RU-CENTER. Sergey Gorbunov, deputy director for International Relations at RU-CENTER, told RT that ?foreign intelligence agencies of course have less opportunities to control the equipment that is placed in Russia.? Up to 26 percent of domains registered in .ru are owned by foreign companies, with the same companies occupying 20 percent of the alternative .su domain. Meanwhile, other companies consider Iceland to be a safe place. An example is the encrypted communications provider Unseen, which relocated its operation there. Icelandic legal haven Unseen moved its servers and bank accounts from the US to Iceland, based on the NSA?s vast reach and the Nordic country?s commitment to privacy rights. ?Our customers demanded it. They wanted us to move to a place where they felt their data was safe,? Unseen founder Chris Kitze told RT. He said the move wasn?t based on a marketing gimmick but because ?everybody wants privacy for their data.? ?We?re actually getting calls from friends of mine who run businesses that store data for large multinational companies. Consumers are demanding this. This is what?s driving us,? Kitze said. Kitze described Iceland as dedicated to protecting the rights of its citizens, saying he believes his company?s servers can be safe there despite the NSA?s global capabilities. ?It?s just a very good moral climate,? he said of Iceland, though he said strong safety must always involve end-to-end encryption no matter where servers are. He said the NSA?s brazenness and the broader rhetoric of security used by the US to justify mass surveillance should not deter companies like his in providing safe havens. ?Instead of targeting people who they know or suspect of being terrorists or causing bad things, they?re expecting everyone to be a terrorist, and that of course is not true,? he said of the NSA. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 16:58:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Oct 2013 17:58:42 -0400 Subject: [Infowarrior] - Greenwald Will Leave Guardian To Create New News Organization Message-ID: <4564DBAD-7C7A-46CA-A3D6-B85CA5F6BF7C@infowarrior.org> Exclusive: Glenn Greenwald Will Leave Guardian To Create New News Organization http://www.buzzfeed.com/bensmith/exclusive-glenn-greenwald-will-leave-guardian-to-create-new The reporter who broke the NSA story promises ?a momentous new venture.? A ?very substantial new media outlet? with serious backing, he says. Updated posted on October 15, 2013 at 4:15pm EDT Glenn Greenwald, the lawyer and blogger who brought the Guardian the biggest scoop of the decade, is departing the London-based news organization, for a brand new, large-scale, broadly-focused media outlet, he told BuzzFeed Tuesday. Greenwald, 46, published revelations from former National Security Agency contractor Edward Snowden about the extent of American and British domestic spying and about officials deception about its scope. He said he is departing for a new, ?once-in-a-career dream journalistic opportunity? with major financial backing whose details will be public soon. ?My partnership with the Guardian has been extremely fruitful and fulfilling: I have high regard for the editors and journalists with whom I worked and am incredibly proud of what we achieved,? Greenwald said in an emailed statement. ?The decision to leave was not an easy one, but I was presented with a once-in-a-career dream journalistic opportunity that no journalist could possibly decline.? Greenwald said that because the news had leaked ?before we were prepared to announce it, I?m not yet able to provide any details of this momentous new venture.? It will, he said, ?be unveiled very shortly.? A Guardian spokeswoman, Jennifer Lindenauer, also stressed that the writer and his news organization are parting on good terms ? though she said the Guardian is ?disappointed? to lose him. ?Glenn Greenwald is a remarkable journalist and it has been fantastic working with him,? Lindenauer said in an email. ?Our work together over the last year has demonstrated the crucial role that responsible investigative journalism can play in holding those in power to account. We are of course disappointed by Glenn?s decision to move on, but can appreciate the attraction of the new role he has been offered. We wish him all the best.? The Guardian, with a tradition of rigorous, crusading liberal reporting and experience with two extremely sensitive international investigative stories ? WikiLeaks and the News Corp. phone tapping scandals ? was in some ways a perfect home for Greenwald?s reporting, which in turn offered a huge boost to the Guardian?s American and global prestige. But Greenwald never functioned as a typical employee of a news organization. He told BuzzFeed in August that he had not shared all of Snowden?s files with the Guardian, and that ?only [filmmaker] Laura [Poitras] and I have access to the full set of documents which Snowden provided to journalists.? The Guardian, facing intense pressure from the British government, has continued to publish Snowden?s revelations at a deliberate pace in recent weeks; but Greenwald has moved more quickly on his own, publishing stories in Brazil and India. He said recently that he will also publish stories soon in Le Monde. Greenwald declined to comment on the precise scale of the new venture or on its budget, but he said it would be ?a very well-funded? very substantial new media outlet.? He said the source of funding will be public when the venture is officially announced. Politico reported later Tuesday that a ?philanthropist? would fund the venture. A spokesman for George Soros, perhaps the most famous philanthropist of the American left, ruled Soros out as the backer. ?They have had no contact,? Soros spokesman Michael Vachon said of Greenwald. ?My role, aside from reporting and writing for it, is to create the entire journalism unit from the ground up by recruiting the journalists and editors who share the same journalistic ethos and shaping the whole thing ? but especially the political journalism part ? in the image of the journalism I respect most,? he said. Greenwald will continue to live in Rio de Janeiro, Brazil, he said, and would bring some staff to Rio, but the new organization?s main hubs will be New York City, Washington, D.C., and San Francisco, he said. The venture, which he said had ?hired a fair number of people already,? will be ?a general media outlet and news site ? it?s going to have sports and entertainment and features. I?m working on the whole thing but the political journalism unit is my focus.? Greenwald said he looked forward to creating a new organization with ?no preexisting institutional strictures on what you can do.? And he said his move is driven solely by the opportunity presented. ?When people hear what it is, there is almost no journalist who would say no to it,? he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 15 23:00:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 00:00:32 -0400 Subject: [Infowarrior] - OT: Massachusetts Teen, Punished By School After Trying To Drive Home Intoxicated Friend Message-ID: <701CD922-0F7A-4838-A571-EE03E14D3E58@infowarrior.org> Erin Cox, Massachusetts Teen, Punished By School After Trying To Drive Home Intoxicated Friend The Huffington Post | By Rebecca Klein Posted: 10/14/2013 2:33 pm EDT http://www.huffingtonpost.com/2013/10/14/erin-cox-punished-school-drinking-driving_n_4098086.html When Massachusetts high school senior Erin Cox went to pick up an intoxicated classmate from a party, she thought she was doing the right thing. However, administrators at North Andover High School are punishing her for the deed, citing the school?s zero tolerance policy on drugs on alcohol. Cox, an honor student and volleyball star, received a cell phone message from an intoxicated friend asking for a ride home from a party earlier this month, according to the Boston Herald. However, Cox arrived at the party at the same time as the police, who were arresting a slew of students for underage drinking. While Cox was cleared by police who recognized her sobriety, her school has given her a harsh punishment. The 17-year-old was stripped of her title as captain of the volleyball team, and she was suspended from five games. ?But I wasn?t drinking,? Cox told the Boston Herald. ?And I felt like going to get her was the right thing to do. Saving her from getting in the car when she was intoxicated and hurt herself or getting in the car with someone else who was drinking. I?d give her a ride home.? The Cox family filed a lawsuit against the school on Friday in an attempt to get officials to reverse the punishment. However, the district court judge ruled the court did not have jurisdiction over the issue, local station WBZ-TV reports. ?If a kid asks for help from a friend, you don?t want that kid to say ?I?m sorry I can?t help you. I might end up in trouble at school,?? Cox family attorney Wendy Murphy told the outlet. However, an attorney for the school told the Boston Herald that officials are standing firm on the punishment. The district could not be reached for further comment at this time. The Cox family is now hoping that pressure from supporters will persuade school officials to reverse their decision. A Reddit thread about the incident has already amassed more than 1,000 comments, most of which are in support of Cox. ?Better warn all students that they are not allowed to attend any party or enter an establishment that serves alcohol. That means no Applebee's, no family gatherings, and no professional sporting events. Eventually they will be imprisoned in a small room where they will not be allowed to leave unless they have a game or until they graduate,? user Drewkat99 said in a comment. Cox told the Herald she feels ?defeated,? but she said she doesn't regret her actions: "It was the right thing,? she said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 07:11:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 08:11:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?MPAA_Says_Piracy_Damages_Can=92t?= =?windows-1252?q?_Be_Measured?= Message-ID: <1E44506F-2531-437D-965E-3CE41DC47CCC@infowarrior.org> (Let's all just remember this when they come out with their next round of 'statistics' in public reports and Congressional hearings as they make their next case for more draconian and idiotic technology and policy controls. --rick) MPAA Says Piracy Damages Can?t Be Measured ? Ernesto ? October 16, 2013 http://torrentfreak.com/mpaa-says-piracy-damages-cant-be-measured-131016/ In a new filing submitted to a California federal court, the MPAA says that actual piracy damages ?are not capable of meaningful measurement.? The group fears that looking at actual damages in the isoHunt case would be ?perverse? and ?unfair.? What the MPAA can measure, however, is how much it will take to bankrupt the BitTorrent search engine isoHunt. According to the movie studios, two to five million dollars will be enough to put the Canadian company out of business. As the trial date moves closer, the arguments between the MPAA and BitTorrent search engine isoHunt are heating up. One of the issues the two parties are in disagreement over is whether isoHunt should be able to question the notion that piracy is actually hurting the movie industry. To argue that piracy might not be as disastrous as it?s often portrayed, the torrent site has listed researcher and economics professor Koleman Strumpf as one of its witnesses. Strumpf?s research has previously shown that piracy is not hurting sales at all, and isoHunt is expected to use this in its favor during the trial. The MPAA, however, prefers not to discuss the topic of actual damages during the trial. They argue that the issue is too complex and that it could mislead the jury. For example, isoHunt may be able to show that movie industry profits are increasing, but that doesn?t mean that piracy has had no effect. The movie studios are therefore asking the court to exclude the issue, arguing that actual damages can?t be measured. ?To permit consideration of actual damages under these circumstances would be perverse ? and particularly unfair ? given that Plaintiffs elected statutory damages precisely because their actual damages are not capable of meaningful measurement,? the MPAA?s legal team writes. The MPAA argues that since the court has decided to award statutory damages, it is irrelevant to what extent their revenues are negatively impacted by online piracy. ?Defendants should not be permitted to exploit the inherent difficulty of proving actual damages in a case such as this as a basis for lowering the statutory damages award, especially when the very purpose of statutory damages was to provide a remedy that is not dependent on proof of actual damages.? While the MPAA admits that the effect of online piracy is nearly impossible to measure, the movie studios do have a very clear picture of what?s needed to bankrupt isoHunt. The transcript from a recent court meeting reveals that two to five million should exhaust the company. Court: What do you estimate to be the resources of [Defendants]? . . . What do you suspect? MPAA?s counsel: Based on our estimate, Your Honor, we believe a couple to a few million dollars would exhaust Mr. Fung?s or defendants? ability to pay? MPAA?s counsel: A couple to a few million dollars would exhaust defendants?? Court: Does that mean, like $2 million MPAA?s counsel: Two million dollars to $4 million, $5 million at the most. When the court asked the MPAA?s counsel why it was going for nearly $600 million in damages when a few million would be enough to put the company out of business, the MPAA argued that the high amount is needed to deter others from starting their own torrent search engines. Court: So why are you making such a fetish about 2,000 or 3,000 or 10,000 or 100 copyrights? MPAA?s Mr. Fabrizio: Your Honor, the purpose of statutory damages is not only to seek compensation from the defendants, the extraordinarily important purpose is to create ? send a message to other would-be infringers like defendants, and there are thousands of them? Court: But if you strip him of all his assets ? and you?re suggesting that a much lesser number of copyright infringements would accomplish that, where is the deterrence by telling the world that you took someone?s resources away because of illegal conduct entirely or 50 times over? In a reply to the MPAA?s opposition, isoHunt argues that actual damages are important information for the jury to have, so a more balanced sum can be reached. If there is no proof of piracy hurting the movie industry, a $3 million fine might be more appropriate than $600 million. ?Evidence on Plaintiffs? overall and specific revenues relating to the works at issue will allow the jury to infer that Plaintiffs have not suffered any actual damages, which can be contrasted with the financial condition of Defendants in the jury fashioning an appropriate award,? isoHunt?s counsel argues. ?For example, if Plaintiffs enjoyed uninterrupted profits, and their overall revenues did not decline during the time that isoHunt was launched and Defendants began complying with the Injunction, the jury could conclude that it would be unjust and a windfall to award Plaintiffs anything more than the near $3 million statutory minimum.? The court will now have to decide whether the issue of actual damages can be brought up in court. If that?s the case, then the trial is going to be a numbers game with experts from all sides trying to prove whether or not piracy is hurting Hollywood, and if so to what extent. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 07:33:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 08:33:48 -0400 Subject: [Infowarrior] - Felten: A Court Order is an Insider Attack Message-ID: A Court Order is an Insider Attack October 15, 2013 By Ed Felten https://freedom-to-tinker.com/blog/felten/a-court-order-is-an-insider-attack/ Commentators on the Lavabit case, including the judge himself, have criticized Lavabit for designing its system in a way that resisted court-ordered access to user data. They ask: If court orders are legitimate, why should we allow engineers to design services that protect users against court-ordered access? The answer is simple but subtle: There are good reasons to protect against insider attacks, and a court order is an insider attack. To see why, consider two companies, which we?ll call Lavabit and Guavabit. At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party?in this case, the government. Meanwhile, over at Guavabit, an employee, on receiving a bribe or extortion threat from a drug cartel, copies user data and gives it to an outside party?in this case, the drug cartel. From a purely technological standpoint, these two scenarios are exactly the same: an employee copies user data and gives it to an outside party. Only two things are different: the employee?s motivation, and the destination of the data after it leaves the company. Neither of these differences is visible to the company?s technology?it can?t read the employee?s mind to learn the motivation, and it can?t tell where the data will go once it has been extracted from the company?s system. Technical measures that prevent one access scenario will unavoidably prevent the other one. Insider attacks are a big problem. You might have read about a recent insider attack against the NSA by Edward Snowden. Similar but less spectacular attacks happen all the time, and Lavabit, or any well-run service that holds user data, has good reason to try to control them. From a user?s standpoint, a service?s resistance to insider attacks does more than just protect against rogue employees. It also helps to ensure that a company will not be tempted to repurpose or sell user data for commercial gain without getting users? permission. In the end, what led to Lavabit?s shutdown was not that the company?s technology was too resistant to insider attacks, but that it wasn?t resistant. The government got an order that would have required Lavabit to execute the ultimate insider attack, essentially giving the government a master key to unlock the data of any Lavabit user at any time. Rather than do this, Lavabit chose to shut down. Had Lavabit had in place measures to prevent disclosure of its master key, it would have been unable to comply with the ultimate court order?and it would have also been safe against a rogue employee turning over its master key to bad actors. Users who want ultimate email security will now be looking for a provider that more strongly resists insider attacks. That level of security is very difficult to achieve?but law-abiding users have good reason to seek it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 07:33:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 08:33:51 -0400 Subject: [Infowarrior] - Neil Gaiman: Why our future depends on libraries, reading and daydreaming Message-ID: <4F0515DA-0B5B-40DC-80BA-9413A9504D3B@infowarrior.org> Neil Gaiman: Why our future depends on libraries, reading and daydreaming A lecture explaining why using our imaginations, and providing for others to use theirs, is an obligation for all citizens http://www.theguardian.com/books/2013/oct/15/neil-gaiman-future-libraries-reading-daydreaming --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 07:45:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 08:45:16 -0400 Subject: [Infowarrior] - Internet Governance Series: Breaking the Internet Message-ID: <94689028-9F25-4E9F-99B8-EAEECDBCA556@infowarrior.org> Internet Governance Series: Breaking the Internet Jacopo Genovese http://blogs.lse.ac.uk/mediapolicyproject/2013/10/16/internet-governance-series-breaking-the-internet/ Viewed from the United States, attempts by Brazil and others to change the governance arrangements of the internet look like they could seriously undermine both a free and interconnected internet, as well as the USA?s historical role as a steward of global freedom of expression. Sascha Meinrath, a vice president of the non-partisan New America Foundation and director of the Open Technology Institute (OTI), comments on the emerging fears of a ?Balkanized? internet. Brazilian President Dilma Rouseff?s recent indictment of the United States? cyber-spying practices has profound global repercussions for the U.S vision of a borderless, open Internet. What makes this backlash especially potent and lamentable is that it is being fueled, not by democracies that oppose American ideals, but rather, by allies that resent Washington?s betrayal of its own over-archingly positive vision. Rouseff?s offensive to change Internet governance follows reports that the National Security Agency?s watchful eye could see as far as her Pal?cio do Planalto in Bras?lia. According to leaked documents, the United States has been surveilling Rousseff?s email, intercepting internal government communications, and spying on the country?s national oil company. After canceling an official visit to meet with President Obama in Washington, Rousseff took to the podium at the UN?s General Assembly to call on other countries to disconnect from U.S. Internet hegemony and develop their own sovereign Internet and governance structures. Rousseff?s move could lead to a powerful chorus ? one that would transform the Internet of the future from a global commons to a fractured patchwork severely limited by the political boundaries on a map. Brazil is one of a handful of countries that includes Indonesia, Turkey, and India who have wavered in the debate over whether to develop an international framework to govern the Internet ? one that would replace the role that the United States has played as chief Internet steward. Traditionally, that debate has featured America in the role as champion of a free and open Internet, one that guarantees the right of all people to freely express themselves. Arguing against that ideal: repressive regimes have sought to limit connectivity and access to information. The NSA?s actions have shifted that debate, alienating key Internet Freedom allies and emboldening some of the most repressive regimes on the planet. Think of it as an emerging coalition between countries that object to how the United States is going about upholding its avowed principles for a free Internet, and countries that have objected to those avowed principles all along. Our close allies in the European Union, for instance, are now considering revoking data-sharing agreements with the United States and requiring American web site providers to prominently warn Europeans that their data is subject to U.S. government surveillance. Meanwhile, repressive regimes like Iran, Syria, and China are wresting control of information over their networks, poisoning popular applications and services, and undermining the foundations for the Internet?s open, interconnected structure. NSA misdeeds undoubtedly further embolden these regimes to do as they please. The motivations of those nations questioning America?s de facto control over the global Internet may vary, but their responses are all pointing in the same troubling direction: towards a Balkanized Internet. Today, the Internet is in danger of becoming like the European train system, where varying voltage and 20 different types of signaling technologies force operators to stop and switch systems or even to another locomotive, resulting in delays, inefficiencies, and higher costs. Netizens would fall under a complex array of different jurisdictions imposing conflicting mandates and conferring conflicting rights. And much like different signaling hampers the movement of people and the trade of physical goods, an Internet within such a complex jurisdictional structure would certainly hamper modern economic activity. The NSA has opened a Pandora?s box that treats ?citizens? and ?foreigners? differently (even defining both groups in myriad different ways). Its rules also impose geo-locational-based jurisdictional mandates (based upon the route of your Internet traffic or the location of the data services and databases you use). They also include requirements based upon ownership; the location of a company?s headquarters may lead to surveillance mandates covering services and infrastructure in other countries. This creates tremendous technical challenges for start-ups and entrepreneurs ? who will have to overcome impossible compatibility hurdles just to get up and running ? stifling innovation at a moment when we need greater economic momentum, not dead weight. Already, a German citizen accessing a New York City data center via a Chinese fiber line may find their data covered by an array of conflicting legal requirements requiring privacy and active surveillance at the same time. Fracturing the Internet undermines Internet freedom as well. The basic principle at the heart of Article 19 of the Universal Declaration of Human Rights ? protecting the right to freedom of opinion, expression, and the opportunity to participate in the information society ? is at risk. Brazil may not be pressing to assert control over everything online or censor its own people, or spy on them, but plenty of other countries with darker motives are cheering Brazil on. The U.S. has done a disservice to all people already living and working under repressive regimes by creating a new international norm that massive-scale surveillance is acceptable. As others adopt the U.S. model, particularly in areas where movements for fundamental freedoms are burgeoning and fighting against oppression, there will be even less access to basic communications, hampering the ability to interact online outside of the regime?s control and censorship. Furthermore, the NSA has made a remarkably myopic tradeoff ? overreaching its legal authorities for a slight boost in signals intelligence today that will lead to massive problems in response. Even before all the recent revelations of NSA misbehavior, the United States was already facing calls for a more ?democratic? global system of Internet regulation that gave other countries more say in setting rules. Now, for the sake of a free Internet, it is imperative for Washington to move fast to restore a belief that America is a trustworthy Internet steward. It?s time for bold leadership to defend our core principles. Reforms need to go far beyond pro-forma reviews carried out by intelligence and administration insiders. There are precedents for the United States exercising restraint in order to advance larger interests. As a country, we agreed to stop atmospheric testing of nuclear weapons, to not stockpile or deploy chemical weapons, and to not militarize outer space. There must be a cyberspace equivalent of this restraint ? a restoration of balance that prioritizes civil rights, not surveillance, as vital to (inter)national security. Is the benefit of spying on Brazil?s oil company worth the cost of antagonizing the people of our hemisphere?s second-largest democracy and giving China and Russia the moral high ground in debates over how people around the world should access information? Do we really want a world where this behavior is normalized and where it?s acceptable for every country to surveil and hack indiscriminately? The answer to that question seems pretty clear. Today we need bold reforms from Washington ? we need to curtail our unhealthy addiction to surveillance and covert hacking. Only by being radically transparent about the scope of current activities and ceasing activities that transgress national norms will we regain global trust and shift the rather bleak trajectory we are currently on. This post originally appeared on The Weekly Wonk digital magazine on 10 October and is re-posted with permission and thanks. This article gives the views of the author, and does not represent the position of the LSE Media Policy Project blog, nor of the London School of Economics. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 08:03:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 09:03:05 -0400 Subject: [Infowarrior] - A piracy defense walks the plank at the Post Message-ID: <8EDA46BE-4CD0-4A48-9C99-F7F356CE5DBF@infowarrior.org> A piracy defense walks the plank at the Post A blogger gets schooled by the meanies of Big Copyright By Ryan Chittum There are many problems with Timothy B. Lee?s Washington Post blog post on Hollywood?s supposed culpability for the theft of its own movies, beginning with the morally unserious jujitsu deployed in arguing that Hollywood is culpable for the theft of its own movies. The Mercatus- and Cato-connected editor of the Washington Post tech blog that aims ?to be indispensable to telecom lobbyists and IT professionals alike, while also being compelling and provocative to the average iPhone-toting commuter? also had a major correction that undermines the entire premise of the piece and reveals its one-sided reporting. The post initially was published with the Reddit-bait headline ?Here?s why Hollywood should blame itself for its piracy problems,? still appears on Wonkblog?s most-popular list as ?People pirate movies they can?t get legally,? and now is reduced to ?Many of the most-pirated movies aren?t available for legitimate online purchase.? Lee based his argument on bad data from PiracyData.org, which was co-founded by a couple of researchers at the Koch-funded anti-government think tank the Mercatus Center to document whether ?people turn to piracy when the movies they want to watch are not available legally.? Left unmentioned: That Lee himself contributed a chapter to a Mercatus book with the researchers (at least one of whom is his friend) called ?Copyright Unbalanced: From Incentive to Excess.? That would have been worth disclosing in the post. Readers would have had more reason to be skeptical. < - > http://www.cjr.org/the_audit/a_piracy_defense_walks_the_pla.php From rforno at infowarrior.org Wed Oct 16 08:26:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 09:26:25 -0400 Subject: [Infowarrior] - Aaron Swartz' SecureDrop Message-ID: https://pressfreedomfoundation.org/securedrop#faq SecureDrop is an open-source whistleblower submission system managed by Freedom of the Press Foundation that media organizations use to securely accept documents from anonymous sources. It was originally coded by the late Aaron Swartz. Any organization can install SecureDrop for free and can make modifications if they so choose. Check out our project page on GitHub for detailed installation instructions. Freedom of the Press Foundation also offers technical assistance to news organizations wishing to install SecureDrop and train its journalists in security best practices. https://pressfreedomfoundation.org/securedrop#faq --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 10:39:32 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 11:39:32 -0400 Subject: [Infowarrior] - The NSA's New Code Breakers Message-ID: The NSA's New Code Breakers BY MATTHEW M. AID | OCTOBER 15, 2013 http://www.foreignpolicy.com/articles/2013/10/15/the_nsa_s_new_codebreakers There was a time when the code breakers of the National Security Agency actually took the lead in solving enemy encryption systems. These days, not so much. In today's NSA, it's hackers, break-in artists, corporate liaisons, and shadow salesman using front companies who are at the forefront of this effort. Even so-called "hacktivists" play an unwitting role in helping the NSA gain access to computer networks -- both hostile and friendly. Just about the only place that's somewhat immune to the NSA's new style of code-breaking attacks? North Korea, because it's so disconnected from the rest of the world's networks. Former U.S. intelligence officials confirm that the more than 1,500 cryptanalysts, mathematicians, scientists, engineers, and computer technicians who comprise NSA's elite cryptanalytic unit, the Office of Cryptanalysis and Exploitation Services (S31), have had a remarkably large number of code-breaking successes against foreign targets since the 9/11 attacks. But these wins were largely dependent on clandestine intelligence activities for much of their success in penetrating foreign communications networks and encryption systems, and not the more traditional cryptanalytic attacks on encrypted messages that were the norm during the Cold War era. Prior to 9/11, the NSA's cryptanalysts used their huge stable of supercomputers to break cipher systems using what is referred to as "brute-force methods" -- using the supercomputers to run every cipher permutation until the message or messages in question become readable. It was a long, tedious, and extremely costly process (today the NSA spends over $247 million a year to buy and maintain its state-of-the-art supercomputer systems just for cryptanalytic use). But it did work if there were inherent vulnerabilities or structural weaknesses in the cipher being attacked or if the system's users did not practice proper communications security procedures, such as changing the cipher keys and passwords frequently. The NSA today has more supercomputers than ever, and the agency still employs a number of puzzle-solvers, linguists, and math geeks. But these classic cryptanalysts have, in part, given way to a new breed. You won't learn this in the files leaked by former NSA contractor Edward Snowden -- at least not directly. According to individuals who have reviewed the entire collection of 50,000 documents provided to the media by Snowden, what is missing from the papers is any document which lays out in detail just how successful the agency's code-breaking efforts have been. There are numerous documents in the Snowden collection describing individual NSA cryptologic programs, such as the NSA's mostly unsuccessful multiyear effort to crack the encryption protection used by the anonymizer service Tor. But no reports describing the agency's cryptanalytic successes and failures have been found in the Snowden collection to date. Interviews with current and former intelligence officials conducted over the past two months have revealed that since 9/11, the NSA's computer scientists, electronic engineers, software programmers, and collection specialists have been remarkably inventive in finding new and innovative ways to circumvent the protections supposedly offered by encryption systems by compromising them through clandestine means. Among these clandestine means are CIA and FBI "black-bag jobs," as well as secret efforts by the U.S. intelligence community to interdict the shipment of advanced encryption technology to America's enemies around the world and insert "back doors" into commercially available computer, communications, and encryption technologies that allow the NSA to covertly access these systems without the users knowing it. But the most sensitive of these clandestine techniques, and by far the most productive to date, is to covertly hack into targeted computers and copy the documents and message traffic stored on these machines before they are encrypted, a process known within the NSA as "Endpoint" operations. Responsibility for conducting these Endpoint operations rests with the computer hackers of the NSA's cyberespionage unit, the Office of Tailored Access Operations (TAO). According to sources familiar with the organization's operations, TAO has been enormously successful over the past 12 years in covertly inserting highly sophisticated spyware into the hard drives of over 80,000 computer systems around the world, although this number could be much higher. And according to the sources, these implants are designed in such a way that they cannot be detected by currently available commercial computer security software. It has been suggested to me by a reliable source that "this is not an accident," with the insinuation being that many of the biggest commercially available computer security software systems made in the United States and overseas have been compromised by the NSA, either covertly or with the knowledge and consent of the companies that manufacture these systems. Former agency personnel confirm that in innumerable instances, these TAO implants have allowed NSA analysts to copy and read all of the unencrypted documents stored on the targeted computer's hard drive, as well as copy every document and email message produced and/or transmitted by the machine. But more importantly, TAO has helped NSA cryptanalysts solve several hundred foreign government and commercial encryption systems because these spyware implants, if properly inserted into the computer, can covertly alter its security software as well as copy the encryption system's technical parameters, especially the system's encryption algorithm and access passwords, in a way that cannot be detected. These implants can compromise the encryption systems used by not only the targeted computer, but also by all other computer systems that it communicates with using encryption technology. According to confidential sources familiar with TAO's operations, many of the NSA's cryptanalytic "success stories" against high-priority targets such as Russia and the People's Republic of China in recent years have been the direct result of TAO's cyberespionage efforts. For example, sources confirm that much of what the U.S. intelligence community knows about China's computer-hacking efforts against targets in the United States, Europe, and Asia stems from TAO's intelligence collection efforts since 2005, when TAO reportedly achieved a major technical breakthrough against a Chinese target. But TAO doesn't just spy on America's rivals. In 2012, the group reportedly compromised the encryption system used by an important G-8 country to transmit sensitive diplomatic communications via satellite to its embassies around the world. The same is true with a number of countries in the Middle East and South Asia, including Egypt, Syria, Iran, and Pakistan, although the details of these successes are not yet known. And finally, sources report that TAO has successfully compromised the privacy protection systems currently used on a range of 4G cell phones and hand-held devices, thanks in large part to help from a major American telecommunications company. There are high-profile targets that have proved resistant to TAO's cyberespionage efforts over the years, however. For example, TAO has reportedly had virtually no success penetrating North Korean government computer systems or networks because there are so few of them and they are heavily protected from access to the outside world. Over time, TAO has become increasingly accomplished at its mission, thanks in part to the high-level cooperation that it secretly receives from the "big three" American telecommunications companies (AT&T, Verizon, and Sprint), most of the large U.S.-based Internet service providers, and many of the top computer security software manufacturers and consulting companies. According to a February 2012 budget document published this year by ProPublica, these companies "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" on behalf of TAO. TAO is also very active in the global computer security industry marketplace, using the CIA, Defense Intelligence Agency, and State Department to help it keep close tabs on the latest computer security devices and software systems being developed around the world. And while details are lacking, informed sources report that TAO has been active in covertly buying up commercially available "hacker tools" or spyware software systems from individuals and companies in the United States and overseas, particularly in Western Europe, to help facilitate its ever-growing computer network exploitation efforts. The extreme sensitivity of TAO's collection efforts has required the NSA to take extraordinary steps to try to disguise its computer-hacking activities. For instance, current and former intelligence sources confirm that TAO increasingly depends on clandestine techniques, such as commercial cover, to hide its activities. TAO uses an array of commercial business entities, some of them proprietary companies established specifically for this purpose, to try to hide its global computer-hacking activities from computer security experts in a maze of interlocking computer servers and command-and-control systems located in the United States and overseas that have no discernible link to the NSA or the U.S. government. These sources also say that TAO gets a lot of help from politically motivated hackers, or "hacktivists," who unintentionally help the NSA by providing ideas to improve TAO's collection efforts. (Exactly which hacktivists have been particularly helpful, these sources wouldn't say.) Working closely with the NSA's computer security experts at the NSA/CSS Threat Operations Center, TAO personnel perform detailed forensic postmortem studies of every major successful computer penetration operation around the world. Some of these are pulled off by criminal outfits, some by government-backed groups, and others by political actors. In each case, the agency's personnel look for new techniques or procedures that they can use to get inside computer systems around the world. There is no question that TAO's future looked incredibly bright before the first newspaper articles began appearing in the British and American press in June 2013 based on documents leaked by Snowden. Now, industry sources familiar with TAO say that the organization's future prospects have dimmed somewhat. A number of foreign-based computer systems and IT networks that formerly were major producers of intelligence information for TAO have over the past three months changed security procedures and encryption systems, routed traffic to more secure computer nodes or servers, erected new firewalls, or have gone offline altogether. According to recent press reports, the Russian government for a time reverted back to using manual typewriters rather than commit sensitive information to its computer systems. And a number of European countries and Brazil have begun shifting their most sensitive data and communications traffic to secure networks that they hope will be resistant to the NSA's intrusive surveillance activities. But this is, I am sure, just the tip of the iceberg. I have no doubt that the damage to TAO's foreign intelligence collection capabilities and its ability to facilitate the solution of foreign encryption systems by the NSA's cryptanalysts has been substantial. The big question that will determine TAO's future prospects is whether the damage done so far proves to be irreparable. From rforno at infowarrior.org Wed Oct 16 12:31:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 13:31:12 -0400 Subject: [Infowarrior] - Cryptographer Adi Shamir Prevented from Attending NSA History Conference Message-ID: <97980ABD-1BC5-4D6E-8A9C-307B4F756DBA@infowarrior.org> Cryptographer Adi Shamir Prevented from Attending NSA History Conference In this email message to colleagues, Israeli cryptographer Adi Shamir recounts the difficulties he faced in getting a visa to attend the 2013 Cryptologic History Symposium sponsored by the National Security Agency. Adi Shamir is the ?S? in the RSA public-key algorithm and is ?one of the finest cryptologists in the world today,? according to historian David Kahn. The NSA Symposium begins tomorrow. For the reasons described below, Dr. Shamir will not be there. < - more - > http://blogs.fas.org/secrecy/2013/10/shamir/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 20:08:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 21:08:33 -0400 Subject: [Infowarrior] - DIRNSA and Deputy announce departure plans Message-ID: <3C78835A-B64A-4F9A-90E3-500CB6FF65B2@infowarrior.org> U.S. eavesdropping agency chief, top deputy expected to depart soon By Warren Strobel and Mark Hosenball http://www.reuters.com/article/2013/10/16/us-usa-nsa-transition-idUSBRE99F12W20131016 WASHINGTON | Wed Oct 16, 2013 7:22pm EDT (Reuters) - The director of the U.S. National Security Agency and his deputy are expected to depart in the coming months, U.S. officials said on Wednesday, in a development that could give President Barack Obama a chance to reshape the eavesdropping agency. Army General Keith Alexander's eight-year tenure was rocked this year by revelations contained in documents leaked by former NSA contractor Edward Snowden about the agency's widespread scooping up of telephone, email and social-media data. Alexander has formalized plans to leave by next March or April, while his civilian deputy, John "Chris" Inglis, is due to retire by year's end, according to U.S. officials who spoke on condition of anonymity. One leading candidate to replace Alexander is Vice Admiral Michael Rogers, currently commander of the U.S. Navy's 10th Fleet and U.S. Fleet Cyber Command, officials told Reuters. The 10th Fleet and Fleet Cyber Command both have their headquarters at Fort Meade, Maryland, between Washington and Baltimore. The NSA is also headquartered at Fort Meade. There has been no final decision on selecting Rogers to succeed Alexander, and other candidates may be considered, the officials said. NSA spokeswoman Vanee Vines said Alexander planned to leave office in the spring after three extensions to his tenure, and the process for picking his successor was still under way. "This has nothing to do with media leaks, the decision for his retirement was made prior; an agreement was made with the (Secretary of Defense) and the Chairman for one more year - to March 2014," Vines told Reuters in an email. Alexander has served as NSA director since August 2005, making him its longest-serving chief. He also serves as commander of a related military unit, the U.S. Cyber Command. Alexander, who has vigorously defended the NSA's activities as lawful and necessary to detect and disrupt terrorist plots, said previously he planned to leave in the first half of 2014. Inglis, who began his NSA career as a computer security scientist, has been the NSA's second-ranking official since 2006. The NSA - which spies on electronic communications of all kinds and protects U.S. government communications - has been one of the most secretive of all U.S. intelligence outfits. Its employees used to joke that NSA stood for either "No Such Agency" or "Never Say Anything." But the agency became the focus of controversy this year when Snowden leaked to the media tens of thousands of highly classified documents from the NSA and its British eavesdropping partner. SEPARATE LEADERS? While both Alexander and Inglis are leaving voluntarily, the dual vacancies give Obama an opportunity to install new leadership following Snowden's revelations and to decide whether the NSA and Cyber Command should have separate leaders. Cyber Command, which has grown significantly in recent years, has the authority to engage in both defensive and offensive operations in cyberspace. Many NSA veterans argue that having the same person lead the spy agency and Cyber Command diminishes the emphasis on the NSA's work and its unique capabilities. Rogers has been the Navy's top cyber commander since September 2011. Before that, he was director of intelligence for the U.S. Joint Chiefs of Staff and for the U.S. Pacific Command. Rogers is "a good leader, very insightful and well thought of within the community," said a U.S. defense official who was not authorized to speak publicly on the matter. Gary Roughead, who retired as the Navy's top uniformed officer in September 2011, said Rogers would be a good choice. "During my time as CNO (chief of naval operations), I spent a great deal of time and attention on cyber, or as we characterized it, information dominance. Mike Rogers was the best in the business and a widely recognized leader in shaping the future in that important domain," he told Reuters. "He would be an extraordinary successor to Keith Alexander." (Additional reporting by Joseph Menn in San Francisco and Tabassum Zakaria, Andrea Shala-Esa and Deborah Charles in Washington; Editing by Will Dunham and Peter Cooney) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 16 20:18:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Oct 2013 21:18:46 -0400 Subject: [Infowarrior] - The Army's Cybersecurity Training Videos Are Embarrassing and Sad Message-ID: <8775BA09-01AF-450F-9CFC-CF263DA8D436@infowarrior.org> The Army's Cybersecurity Training Videos Are Embarrassing and Sad http://gizmodo.com/the-armys-cybersecurity-training-videos-are-embarrassi-1446639728 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 17 08:34:00 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Oct 2013 09:34:00 -0400 Subject: [Infowarrior] - Judge Isn't Buying Team Prenda's Excuses Message-ID: <525FE748.8080805@infowarrior.org> Judge Isn't Buying Team Prenda's Excuses from the of-course-not dept Team Prenda keeps trying... and failing. In the AF Holdings v. Joe Navasca case in northern California, Judge Edward Chen has accepted the findings of Magistrate Judge Nador Vadas, who had found that John Steele and Paul Hansmeier were clearly the forces behind AF Holdings and Prenda. Judge Chen completely rejects Hansmeier and Steele's protests about all of this, arguing that there is plenty of compelling evidence that Prenda was really managed by the two of them, and they failed to present any evidence to the contrary. Rather, Judge Chen notes, it appears that the protests from Steele and Hansmeier were almost always attempts to kick up dust to distract from the basic facts, rather than attempts to dispute them. http://www.techdirt.com/articles/20131016/18170424911/judge-isnt-buying-team-prendas-excuses.shtml -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 17 08:39:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Oct 2013 09:39:58 -0400 Subject: [Infowarrior] - Privacy Fears Grow as Cities Increase Surveillance Message-ID: <525FE8AE.50302@infowarrior.org> Privacy Fears Grow as Cities Increase Surveillance - NYTimes.com http://www.nytimes.com/2013/10/14/technology/privacy-fears-as-surveillance-grows-in-cities.html?_r=0 The new system, scheduled to begin next summer, is the latest example of how cities are compiling and processing large amounts of information, known as big data, for routine law enforcement. And the system underscores how technology has enabled the tracking of people in many aspects of life. The police can monitor a fire hose of social media posts to look for evidence of criminal activities; transportation agencies can track commuters? toll payments when drivers use an electronic pass; and the National Security Agency, as news reports this summer revealed, scooped up telephone records of millions of cellphone customers in the United States. Like the Oakland effort, other pushes to use new surveillance tools in law enforcement are supported with federal dollars. The New York Police Department, aided by federal financing, has a big data system that links 3,000 surveillance cameras with license plate readers, radiation sensors, criminal databases and terror suspect lists. Police in Massachusetts have used federal money to buy automated license plate scanners. And police in Texas have bought a drone with homeland security money, something that Alameda County, which Oakland is part of, also tried but shelved after public protest. Proponents of the Oakland initiative, formally known as the Domain Awareness Center, say it will help the police reduce the city?s notoriously high crime rates. But critics say the program, which will create a central repository of surveillance information, will also gather data about the everyday movements and habits of law-abiding residents, raising legal and ethical questions about tracking people so closely. Libby Schaaf, an Oakland City Council member, said that because of the city?s high crime rate, ?it?s our responsibility to take advantage of new tools that become available.? She added, though, that the center would be able to ?paint a pretty detailed picture of someone?s personal life, someone who may be innocent.? For example, if two men were caught on camera at the port stealing goods and driving off in a black Honda sedan, Oakland authorities could look up where in the city the car had been in the last several weeks. That could include stoplights it drove past each morning and whether it regularly went to see Oakland A?s baseball games. For law enforcement, data mining is a big step toward more complete intelligence gathering. The police have traditionally made arrests based on small bits of data ? witness testimony, logs of license plate readers, footage from a surveillance camera perched above a bank machine. The new capacity to collect and sift through all that information gives the authorities a much broader view of the people they are investigating. For the companies that make big data tools, projects like Oakland?s are a big business opportunity. Microsoft built the technology for the New York City program. I.B.M. has sold data-mining tools for Las Vegas and Memp Oakland entered into a a contract with the Science Applications International Corporation, or SAIC, to build its system. (In late September, that company was renamed Leidos Holdings.) The company?s contract to help modernize the New York City payroll system, using new technology like biometric readers, resulted in reports of kickbacks. Last year, the company paid the city $500 million to avoid a federal prosecution. The amount was believed to be the largest ever paid to settle accusations of government contract fraud. A representative of SAIC, now Leidos, declined to comment. Even before the initiative, Oakland spent millions of dollars on traffic cameras, license plate readers and a network of sound sensors to pick up gunshots. Still, the city has one of the highest violent crime rates in the country. And an internal audit in August 2012 found that the police had spent $1.87 million on technology tools that did not work properly or remained unused because their vendors had gone out of business. The new center will be far more ambitious. From a central location, it will electronically gather data around the clock from a variety of sensors and databases, analyze that data and display some of the information on a bank of giant monitors. The city plans to staff the center around the clock. If there is an incident, workers can analyze the many sources of data to give leads to the police, fire department or Coast Guard. In the absence of an incident, how the data would be used and how long it would be kept remain largely unclear. This article has been revised to reflect the following correction: Correction: October 16, 2013 An article on Monday about a police surveillance system in Oakland, Calif., gave an outdated name for the city?s contractor for the system. While the contract to build the system was with the Science Applications International Corporation, or SAIC, that company was renamed Leidos Holdings in late September. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 17 10:45:08 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Oct 2013 11:45:08 -0400 Subject: [Infowarrior] - Debunking Dianne Feinstein Message-ID: <52600604.4040604@infowarrior.org> Michael German October 16, 2013 No NSA Poster Child: The Real Story of 9/11 Hijacker Khalid al-Mihdhar Michael German is a senior policy counsel at the ACLU?s Washington Legislative Office and a former FBI agent. http://www.defenseone.com/ideas/2013/10/no-nsa-poster-child-real-story-911-hijacker-khalid-al-mihdhar/72047/#.Ul8PLYUY51Y.twitter Since whistleblower Edward Snowden exposed the incredible scope of the government?s domestic spying programs, two different narratives are moving forward in Congress. One, expressed most recently by Sen. Dianne Feinstein, D-Calif., in the Wall Street Journal, argues that the government?s collection of all Americans? calling data ?is necessary and must be preserved if we are to prevent terrorist attacks.? The other, offered by Sen. Ron Wyden, D-Ore., Rep. James Sensenbrenner, R-Ohio, and others is that the Justice Department, National Security Agency and FBI have repeatedly misled members of Congress and the public about the nature of their spying programs, as well as their effectiveness, and they need to be reined in to protect Americans? rights. Unfortunately for Feinstein, a simple review of the facts she marshals to support her position reveals a total reliance on dubious intelligence community statements that have already been widely debunked. The actual facts make clear that the NSA doesn?t need an enormous database of everyone?s phone records to track a discrete number of terrorists -- the NSA just needs to use the traditional tools it has to investigate its targets. Feinstein?s first claim, based on recent testimony from FBI Director Robert Mueller and the NSA?s director, Gen. Keith Alexander, is that the domestic telephone data collection program would have enabled the intelligence community to prevent the 9/11 attacks by revealing that al-Qaeda operative and future 9/11 hijacker Khalid al Mihdhar was inside the United States. On June 12, 2013, Alexander told the Senate Appropriations Committee: ?We all had this concern coming out of 9/11: How are we going to protect the nation? Because we did get intercepts on Mihdhar, but we didn?t know where he was. We didn?t have the data collected to know that he was a bad person. And because he was in the United States, the way we treat it is he?s a U.S. person. So we had no information on that.? Mueller made a similar statement the following day in testimony to the House Judiciary Committee: ?[Khalid al-Mihdhar] was being tracked by the intelligence agencies in the Far East. They lost track of him. At the same time, the intelligence agencies had identified an al Qaeda safe house in Yemen. They understood that the al-Qaeda safe house had a telephone, but they could not know who was calling into that particular safe house. We came to find out afterwards that the person who had called into that safe house was al-Mihdhar, who was in the United States in San Diego. If we had this program in place at the time, we would have been able to identify that particular telephone number in San Diego.? The Justice Department previously made this claim in classified talking points provided to the Senate and House Intelligence Committees in 2009, and again in 2011, as Congress was locked in a debate over reauthorizing the Patriot Act. There are a few problems with using Mihdhar as the poster child for new domestic spying programs, however. The intelligence agencies, which normally benefit from being able to keep secret any facts that might undermine their arguments, seem to have forgotten that the 9/11 Commission, the Justice Department Inspector General and the intelligence committees in Congress published in detail what the government knew about Mihdhar before the attacks. It turns out that the NSA was intercepting calls to the al Qaeda safe house in Yemen as early as 1999, and both the FBI and CIA knew Mihdhar was an al Qaeda operative long before the 9/11 attacks. The safe house was discovered during the FBI?s investigation into the 1998 bombings of two U.S. embassies in East Africa, and had been monitored by the NSA and CIA ever since. The inspector general?s report couldn?t be clearer that the intercepts were being broadly shared: ?The NSA?s reporting about these communications was sent, among other places, to FBI Headquarters, the FBI?s Washington and New York Field Offices, and the CIA?s CTC. At the FBI, this information appeared in the daily threat update to the Director on January 4, 2000.? Intercepted communications from this location allowed the CIA to follow Mihdhar to an al Qaeda meeting in Kuala Lumpur in January 2000. Though they lost him in Thailand, as Mueller suggested, the CIA knew he had a visa to enter the United States and that his travel companion and fellow hijacker, Nawaf al Hazmi, had a plane ticket to fly to Los Angeles. The CIA, however, failed to place Mihdhar on a watch list or ?notify the FBI when it learned Mihdhar possessed a valid U.S. visa,? according to the 9/11 Commission report. The inspector general?s report revealed that five FBI officials assigned to the CIA Counterterrrorism Center viewed CIA cables indicating Mihdhar had a U.S. visa. A week after the Kuala Lumpur meeting, Mihdhar and Hazmi flew into Los Angeles International Airport and entered the United States without a problem. After their entrance, the NSA would intercept at least six calls from the al Qaida safe house in Yemen to the United States, according to the Los Angeles Times. By all accounts FBI officials knew Mihdhar had a visa to enter the United States by July 2001, and knew he was in the United States by August 22, 2001. As the Joint Intelligence Committee investigation found: ?A review was launched at CIA of all cables regarding the Malaysia meeting. The task fell largely to an FBI analyst assigned to CTC. On August 21, 2001, the analyst put together two key pieces of information: the intelligence the CIA received in January 2000 that al-Mihdhar had a multiple entry visa to the United States, and the information it received in March 2000 that al Hazmi had traveled to the United States. Working with an INS representative assigned to CTC, the analyst learned that al-Mihdhar had entered the United States on January 15, 2000, had departed on June 10, and had re-entered the United States on July 4, 2001.? Yet neither the FBI nor NSA apparently attempted to trace the calls coming into the al Qaeda safe house until after 9/11, when telephone toll records obtained by the FBI confirmed Mihdhar made the calls. In other words, the problem was not that the government lacked the right tools to do its job (it had ample authority to trace Mihdhar?s calls). The problem was that the government apparently failed to use them. It?s pretty cynical for the intelligence community to use its repeated failures to properly assess information it collected prior to 9/11 as justification for wholesale spying on Americans. But Feinstein?s continuing reliance on the Mihdhar canard is even more inexplicable given that ProPublica published an article thoroughly rebutting these claims shortly after Alexander?s and Mueller?s June 2013 testimony. It?s troubling when the Senate Intelligence Committee Chairwoman ignores more accurate information from public sources in deference to U.S. intelligence agencies, which have not only misled members of Congress but the Foreign Intelligence Surveillance Court, as well. But Feinstein doesn?t only peddle falsehoods from the past. She then points to the NSA?s claim that dozens of terrorist events were disrupted through these domestic spying programs, though this too was publicly debunked. During a Senate Judiciary Committee hearing on Oct. 2, 2013, Sen. Patrick Leahy, D-Vt., questioned.Alexander directly on the NSA?s claims that these programs prevented 54 terrorist plots. Leahy called them ?plainly wrong? and pointed out that the listed incidents ?weren?t all plots and they weren?t all thwarted.? Only 13 had any nexus to the U.S. and only one case relied on the bulk call records? program in a significant way. And even that case didn?t involve any plot on the US -- it involved a material support prosecution relating to someone who allegedly sent $8500 to al Shabaab in Somalia. Alexander sheepishly agreed with Sen. Leahy?s analysis, leading the senator to tell the NSA director that the government?s use of inaccurate statistics undermined its credibility with Congress and the American people. Feinstein was on hand when Alexander admitted to Leahy that these statistics were misleading. These repeated efforts to mislead Congress and the American people only make the case more strongly that the government?s surveillance authorities need to be sharply curbed with strong legislation that ends the bulk collection programs, protects Americans? private communications and adds more transparency and public accountability to these activities. Americans have the right to truthful information about their government?s intelligence activities, and the current oversight system, which depends on whistleblowers willing to risk jail, certainly isn?t working. Michael German is a senior policy counsel at the ACLU?s Washington Legislative Office and a former FBI agent. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 17 15:26:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Oct 2013 16:26:16 -0400 Subject: [Infowarrior] - Obama to tap ex-Pentagon official for DHS chief Message-ID: <526047E8.5080804@infowarrior.org> Obama to tap ex-Pentagon official for homeland security David Jackson, USA TODAY 4:16 p.m. EDT October 17, 2013 http://www.usatoday.com/story/news/2013/10/17/obama-jeh-johnson-janet-napolitano-department-of-homeland-security/3003505/ President Obama plans to nominate former Pentagon official Jeh Johnson as the next secretary of homeland security, officials said Thursday. Johnson, general counsel for the Defense Department, will be introduced at a ceremony Friday. If confirmed by the Senate, Johnson would replace Janet Napolitano, who left the administration to run the University of California education system. "The President is selecting Johnson because he is one the most highly qualified and respected national security leaders, having served as the senior lawyer for the largest government agency in the world," said one White House official. The official said that during his tenure at the Defense Department, Johnson exhibited "sound judgement" and provided "prior legal review and approval of every military operation approved by the President and Secretary of Defense." The official spoke on condition of anonymity because Obama has not yet made his public announcement. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 17 20:14:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Oct 2013 21:14:25 -0400 Subject: [Infowarrior] - New NSA deputy expected to be leaks task force head: sources Message-ID: <52608B71.1040904@infowarrior.org> New NSA deputy expected to be leaks task force head: sources Reuters http://news.yahoo.com/nsa-deputy-expected-leaks-task-force-head-sources-223953172--finance.html By Tabassum Zakaria and Warren Strobel WASHINGTON (Reuters) - Richard Ledgett, who heads a new task force at the National Security Agency to handle information leaks, is expected to take over as the deputy director of the spy agency after the current No. 2 retires in January, sources told Reuters. Ledgett is the executive in charge of matters related to unauthorized media disclosures, a position that was created after the unauthorized leaks to media of top secret spy surveillance programs by former NSA contractor Edward Snowden this year. Ledgett's duties include overseeing improvements to internal systems and assessing what information was taken in unauthorized disclosures. He was previously director of the NSA's Threat Operations Center and director for collection/national intelligence manager for cyber at the Office of the Director of National Intelligence. He is expected to replace John "Chris" Inglis who is due to retire in January, said sources who spoke on condition of anonymity. An NSA spokeswoman declined to comment. Next year, the director and deputy directors of NSA and Cyber Command will be stepping down, giving President Barack Obama an opportunity to reshape the leadership structure. Army General Keith Alexander, who wears the dual hat of NSA director and head of Cyber Command, plans to leave in March. Cyber Command has the authority to engage in both defensive and offensive operations in cyberspace. The vacancies give Obama the opportunity to decide whether the NSA and Cyber Command should have separate leaders. The deputy at Cyber Command, Marine Corps Lieutenant General Jon Davis, is due to leave in June when his two-year assignment is completed. (Editing by Alistair Bell and Mohammad Zargham) -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 17 20:51:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Oct 2013 21:51:31 -0400 Subject: [Infowarrior] - Snowden Says He Took No Secret Files to Russia Message-ID: <52609423.8080409@infowarrior.org> Snowden Says He Took No Secret Files to Russia By JAMES RISEN Published: October 17, 2013 http://www.nytimes.com/2013/10/18/world/snowden-says-he-took-no-secret-files-to-russia.html WASHINGTON ? Edward J. Snowden, the former National Security Agency contractor, said in an extensive interview this month that he did not take any secret N.S.A. documents with him to Russia when he fled there in June, assuring that Russian intelligence officials could not get access to them. Mr. Snowden said he gave all of the classified documents he had obtained to journalists he met in Hong Kong, before flying to Moscow, and did not keep any copies for himself. He did not take the files to Russia ?because it wouldn?t serve the public interest,? he said. ?What would be the unique value of personally carrying another copy of the materials onward?? he added. He also asserted that he was able to protect the documents from China?s spies because he was familiar with that nation?s intelligence abilities, saying that as an N.S.A. contractor he had targeted Chinese operations and had taught a course on Chinese cybercounterintelligence. ?There?s a zero percent chance the Russians or Chinese have received any documents,? he said. American intelligence officials have expressed grave concern that the files might have fallen into the hands of foreign intelligence services, but Mr. Snowden said he believed that the N.S.A. knew he had not cooperated with the Russians or the Chinese. He said he was publicly revealing that he no longer had any agency documents to explain why he was confident that Russia had not gained access to them. He had been reluctant to disclose that information previously, he said, for fear of exposing the journalists to greater scrutiny. In a wide-ranging interview over several days in the last week, Mr. Snowden offered detailed responses to accusations that have been leveled against him by American officials and other critics, provided new insights into why he became disillusioned with the N.S.A. and decided to disclose the documents, and talked about the international debate over surveillance that resulted from the revelations. The interview took place through encrypted online communications. Mr. Snowden, 30, has been praised by privacy advocates and assailed by government officials as a traitor who has caused irreparable harm, and he is facing charges under the Espionage Act for leaking the N.S.A. documents to the news media. In the interview, he said he believed he was a whistle-blower who was acting in the nation?s best interests by revealing information about the N.S.A.?s surveillance dragnet and huge collections of communications data, including that of Americans. He argued that he had helped American national security by prompting a badly needed public debate about the scope of the intelligence effort. ?The secret continuance of these programs represents a far greater danger than their disclosure,? he said. He added that he had been more concerned that Americans had not been told about the N.S.A.?s reach than he was about any specific surveillance operation. ?So long as there?s broad support amongst a people, it can be argued there?s a level of legitimacy even to the most invasive and morally wrong program, as it was an informed and willing decision,? he said. ?However, programs that are implemented in secret, out of public oversight, lack that legitimacy, and that?s a problem. It also represents a dangerous normalization of ?governing in the dark,? where decisions with enormous public impact occur without any public input.? Mr. Snowden said he had never considered defecting while in Hong Kong, nor in Russia, where he has been permitted to stay for one year. He said he felt confident that he had kept the documents secure from Chinese spies, and that the N.S.A. knew he had done so. His last target while working as an agency contractor was China, he said, adding that he had had ?access to every target, every active operation? mounted by the N.S.A. against the Chinese. ?Full lists of them,? he said. ?If that was compromised,? he went on, ?N.S.A. would have set the table on fire from slamming it so many times in denouncing the damage it had caused. Yet N.S.A. has not offered a single example of damage from the leaks. They haven?t said boo about it except ?we think,? ?maybe,? ?have to assume? from anonymous and former officials. Not ?China is going dark.? Not ?the Chinese military has shut us out.? ? An N.S.A. spokeswoman did not respond Thursday to a request for comment on Mr. Snowden?s assertions. Mr. Snowden said his decision to leak N.S.A. documents developed gradually, dating back at least to his time working as a technician in the Geneva station of the C.I.A. His experiences there, Mr. Snowden said, fed his doubts about the intelligence community, while also convincing him that working through the chain of command would only lead to retribution. He disputed an account in The New York Times last week reporting that a derogatory comment placed in his personnel evaluation while he was in Geneva was a result of suspicions that he was trying to break in to classified files to which he was not authorized to have access. (The C.I.A. later took issue with the description of why he had been reprimanded.) Mr. Snowden said the comment was placed in his file by a senior manager seeking to punish him for trying to warn the C.I.A. about a computer vulnerability. Mr. Snowden said that in 2008 and 2009, he was working in Geneva as a telecommunications information systems officer, handling everything from information technology and computer networks to maintenance of the heating and air-conditioning systems. He began pushing for a promotion, but got into what he termed a ?petty e-mail spat? in which he questioned a senior manager?s judgment. Several months later, Mr. Snowden said, he was writing his annual self-evaluation when he discovered flaws in the software of the C.I.A.?s personnel Web applications that would make them vulnerable to hacking. He warned his supervisor, he said, but his boss advised him to drop the matter and not rock the boat. After a technical team also brushed him off, he said, his boss finally agreed to allow him to test the system to prove that it was flawed. He did so by adding some code and text ?in a nonmalicious manner? to his evaluation document that showed that the vulnerability existed, he said. His immediate supervisor signed off on it and sent it through the system, but a more senior manager ? the man Mr. Snowden had challenged earlier ? was furious and filed a critical comment in Mr. Snowden?s personnel file, he said. He said he had considered filing a complaint with the C.I.A.?s inspector general about what he considered to be a reprisal, adding that he could not recall whether he had done so or a supervisor had talked him out of it. A C.I.A. spokesman declined to comment on Mr. Snowden?s account of the episode or whether he had filed a complaint. But the incident, Mr. Snowden said, convinced him that trying to work through the system would only lead to punishment. He said he knew of others who suffered reprisals for what they had exposed, including Thomas A. Drake, who was prosecuted for disclosing N.S.A. contracting abuses to The Baltimore Sun. (He met with Mr. Snowden in Moscow last week to present an award to him for his actions.) And he knew other N.S.A. employees who had gotten into trouble for embarrassing a senior official in an e-mail chain that included a line, referring to the Chinese Army, that said, ?Is this the P.L.A. or the N.S.A.?? Mr. Snowden added that inside the spy agency ?there?s a lot of dissent ? palpable with some, even.? But he said that people were kept in line through ?fear and a false image of patriotism,? which he described as ?obedience to authority.? He said he believed that if he tried to question the N.S.A.?s surveillance operations as an insider, his efforts ?would have been buried forever,? and he would ?have been discredited and ruined.? He said that ?the system does not work,? adding that ?you have to report wrongdoing to those most responsible for it.? Mr. Snowden said he finally decided to act when he discovered a copy of a classified 2009 inspector general?s report on the N.S.A.?s warrantless wiretapping program during the Bush administration. He said he found the document through a ?dirty word search,? which he described as an effort by a systems administrator to check a computer system for things that should not be there in order to delete them and sanitize the system. ?It was too highly classified to be where it was,? he said of the report. He opened the document to make certain that it did not belong there, and after he saw what it revealed, ?curiosity prevailed,? he said. After reading about the program, which skirted the existing surveillance laws, he concluded that it had been illegal, he said. ?If the highest officials in government can break the law without fearing punishment or even any repercussions at all,? he said, ?secret powers become tremendously dangerous.? He would not say exactly when he read the report, or discuss the timing of his subsequent actions to collect N.S.A. documents in order to leak them. But he said that reading the report helped crystallize his decision. ?You can?t read something like that and not realize what it means for all of these systems we have,? he said. Mr. Snowden said that the impact of his decision to disclose information about the N.S.A. had been bigger than he had anticipated. He added that he did not control what the journalists who had the documents wrote about. He said that he handed over the documents to them because he wanted his own bias ?divorced from the decision-making of publication,? and that ?technical solutions were in place to ensure the work of the journalists couldn?t be interfered with.? Mr. Snowden declined to provide details about his living conditions in Moscow, except to say that he was not under Russian government control and was free to move around. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 18 06:26:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Oct 2013 07:26:56 -0400 Subject: [Infowarrior] - New EU rules to curb transfer of data to US after Edward Snowden revelations Message-ID: <52611B00.5010707@infowarrior.org> New EU rules to curb transfer of data to US after Edward Snowden revelations Regulations will make it harder to move European data to third countries, with fines running into billions for failure to comply Ian Traynor in Brussels theguardian.com, Thursday 17 October 2013 10.13 EDT http://www.theguardian.com/world/2013/oct/17/eu-rules-data-us-edward-snowden New European rules aimed at curbing questionable transfers of data from EU countries to the US are being finalised in Brussels in the first concrete reaction to the Edward Snowden disclosures on US and British mass surveillance of digital communications. Regulations on European data protection standards are expected to pass the European parliament committee stage on Monday after the various political groupings agreed on a new compromise draft following two years of gridlock on the issue. The draft would make it harder for the big US internet servers and social media providers to transfer European data to third countries, subject them to EU law rather than secret American court orders, and authorise swingeing fines possibly running into the billions for the first time for not complying with the new rules. "As parliamentarians, as politicians, as governments we have lost control over our intelligence services. We have to get it back again," said Jan Philipp Albrecht, the German Greens MEP who is steering the data protection regulation through the parliament. Data privacy in the EU is currently under the authority of national governments with standards varying enormously across the 28 countries, complicating efforts to arrive at satisfactory data transfer agreements with the US. The current rules are easily sidestepped by the big Silicon Valley companies, Brussels argues. The new rules, if agreed, would ban the transfer of data unless based on EU law or under a new transatlantic pact with the Americans complying with EU law. "Without any concrete agreement there would be no data processing by telecommunications and internet companies allowed," says a summary of the proposed new regime. Such bans were foreseen in initial wording two years ago but were dropped under the pressure of intense lobbying from Washington. The proposed ban has been revived directly as a result of the uproar over operations by the US's National Security Agency (NSA). Viviane Reding, the EU's commissioner for justice and the leading advocate in Brussels of a new system securing individuals' rights to privacy and data protection, argues that the new rulebook will rebalance the power relationship between the US and Europe on the issue, supplying leverage to force the American authorities and tech firms to reform. "The recent data scandals prove that sensitivity has been growing on the US side of how important data protection really is for Europeans," she told a German foreign policy journal. "All those US companies that do dominate the tech market and the internet want to have access to our goldmine, the internal market with over 500 million potential customers. If they want to access it, they will have to apply our rules. The leverage that we will have in the near future is thus the EU's data protection regulation. It will make crystal clear that non-European companies, when offering goods and services to European consumers, will have to apply the EU data protection law in full. There will be no legal loopholes any more." But the proposed rules remain riddled with loopholes for intelligence services to exploit, MEPs admit. The EU has no powers over national or European security, for example, nor its own proper intelligence or security services, which are jealously guarded national prerogatives. National security can be and is invoked to ignore and bypass EU rules. "This regulation does not regulate the work of intelligence services," said Albrecht. "Of course, national security is a huge loophole and we need to close it. But we can't close it with this regulation." Direct deals between the Americans and individual European governments might also allow the rules to be bypassed. Parallel to the proposed data privacy rules, there are various other transatlantic arrangements in place regulating European supply to the Americans of air passenger data, financial transactions and banking information aimed at suppressing terrorism funding and the so-called Safe Harbour accord allowing companies in Europe to send data to companies in the US where, as a result of Snowden, it is clear that that data can then be tapped by the NSA. "The Safe Harbour may not be so safe after all. It could be a loophole because it allows data transfers from EU to US companies, although US data protection standards are lower than our European ones," said Reding. "Safe Harbour is based on self-regulation and codes of conduct. In the light of the recent revelations, I am not convinced that relying on codes of conduct and self-regulation that are not policed in a strict manner offer the best way of protecting our citizens." The European commission is warning that it could suspend all these agreements unless the US commits to a new regime, but the commission's threats would also run into trouble with national governments, not least the British. Brussels and Washington have also been negotiating a deal on police data exchanges for two years, but the talks are deadlocked because there is no legal redress for an EU citizen in the US courts if the system is abused. Under the proposed new rules, the commission is calling for fines of up to 2% of a company's annual global turnover if it is found to be in breach, while the parliament calls for up to 5%. Senior officials in Brussels describe the current penalties as a joke for mega-companies such as Google or Yahoo. The US-based companies, even when breaking European law, officials say, simply argue that they are not subject to it despite operating in Europe, while they are subject to the secret court orders of the US Fisa system facilitating the work of the NSA. "On the basis of the US Patriot Act, US authorities are asking US companies based in Europe to hand over the data of EU citizens. This is however ? according to EU law ? illegal," said Reding. "The problem is that when these companies are faced with a request whether to comply with EU or US law, they will usually opt for the American law. Because in the end this is a question of power." If the new rules are agreed next week by the parliament, they still need to be negotiated with the commission, which broadly supports them, and the 28 governments. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 18 06:43:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Oct 2013 07:43:42 -0400 Subject: [Infowarrior] - TSA admits "terrorists in America are not plotting against aviation" Message-ID: <52611EEE.6010901@infowarrior.org> TSA admits "terrorists in America are not plotting against aviation" Cory Doctorow at 8:53 pm Thu, Oct 17, 2013 An accidentally published, unredacted document from a lawsuit against the TSA reveals that the Taking Shoes Away people believe that "terrorist threat groups present in the Homeland are not known to be actively plotting against civil aviation targets or airports." That is to say, there is no identifiable risk to America's skies -- and all of business with shoes and pornoscanners and horrible, abusive incidents involving toddlers, people with mental disabilities, cancer survivors, rape survivors, and the whole business of treating travellers like presumptive terrorists is all to prevent a problem that, to all intents and purposes, doesn't exist. < - > http://boingboing.net/2013/10/17/tsa-admits-terrorists-in-ame.html -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 18 10:34:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Oct 2013 11:34:34 -0400 Subject: [Infowarrior] - US drone strikes violate international law, says UN Message-ID: <5261550A.6040603@infowarrior.org> US drone strikes violate international law, says UN Report says 33 CIA attacks led to civilian deaths and casualties and says US protocols are 'hurdle to transparency' Owen Bowcott, legal affairs correspondent theguardian.com, Friday 18 October 2013 10.36 EDT http://www.theguardian.com/world/2013/oct/18/drone-strikes-us-violate-law-un A United Nations investigation has so far identified 33 drone strikes around the world that have resulted in civilian casualties and may have violated international humanitarian law. The report by the UN's special rapporteur on human rights and counter-terrorism, Ben Emmerson QC, calls on the US to declassify information about operations co-ordinated by the CIA and clarify its positon on the legality of unmanned aerial attacks. Published ahead of a debate on the use of remotely piloted aircraft, at the UN general assembly in New York next Friday, the 22-page document examines incidents in Afghanistan, Yemen, Iraq, Libya, Somalia, Pakistan and Gaza. It has been published to coincide with a related report released earlier on Thursday by Professor Christof Heyns, the UN's special rapporteur on extrajudicial, summary or arbitrary executions, which warned that the technology was being misused as a form of "global policing". Emmerson, who travelled to Islamabad for his investigation, said the Pakistan ministry of foreign affairs has records of as many as 330 drone strikes in the country's north-western tribal areas since 2004. Up to 2,200 people have been killed ? of whom at least 400 were civilians ? according to the Pakistan government. In Yemen, Emmerson's report says that as many as 58 civilians are thought to have been killed in attacks by UAVs (unmanned aerial vehicles). "While the fact that civilians have been killed or injured does not necessarily point to a violation of international humanitarian law, it undoubtedly raises issues of accountability and transparency," the study notes. Reaper UAVs, used by the RAF in Afghanistan, have a range of 3,700 miles (5,900 km), a maximum airspeed of 250 knots and can ascend to 15,300 metres (50,000 feet), the document explains. Their missions can last up to 18 hours. The Reaper carries three cameras as well as laser-guided bombs. Three communication networks relay information between the RAF ground station in the UK and the UAV: "a secure internet-based chat function, a secure radio routed via satellite and a secure telephone system". "The United Kingdom has reported only one civilian casualty incident, in which four civilians were killed and two civilians injured in a remotely piloted aircraft strike by the Royal Air Force in Afghanistan on 25 March 2011," Emmerson's report states. An RAF inquiry found that "the actions of the [ground] crew had been in accordance with the applicable rules of engagement". The special rapporteur said that he was informed that during RAF operations in Afghanistan, targeting intelligence is "thoroughly scrubbed" to ensure accuracy before authorisation to proceed is given. RAF strikes, he points out, are accountable in the UK through the Ministry of Defence and parliament. By contrast, Emmerson criticises the CIA's involvement in US drone strikes for creating "an almost insurmountable obstacle to transparency". He adds: "One consequence is that the United States has to date failed to reveal its own data on the level of civilian casualties inflicted through the use of remotely piloted aircraft in classified operations conducted in Pakistan and elsewhere." Recent prounouncments from Barack Obama, however, have stressed that "before any strike is taken, there must be near-certainty that no civilians will be killed or injured". Emmerson acknowledges that: "If used in strict compliance with the principles of international humanitarian law, remotely piloted aircraft are capable of reducing the risk of civilian casualties in armed conflict by significantly improving the situational awareness of military commanders." But, he cautions, there is "no clear international consensus" on the laws controlling the deployment of drone strikes. The special rapporteur concludes by urging: "the United States to further clarify its position on the legal and factual issues ? to declassify, to the maximum extent possible, information relevant to its lethal extraterritorial counter-terrorism operations; and to release its own data on the level of civilian casualties inflicted through the use of remotely piloted aircraft, together with information on the evaluation methodology used." -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 18 15:27:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Oct 2013 16:27:34 -0400 Subject: [Infowarrior] - =?windows-1252?q?Navy=92s_newest_warship_is_power?= =?windows-1252?q?ed_by_Linux?= Message-ID: <526199B6.8010900@infowarrior.org> When the USS Zumwalt (DDG 1000) puts to sea later this year, it will be different from any other ship in the Navy's fleet in many ways. The $3.5 billon ship is designed for stealth, survivability, and firepower, and it's packed with advanced technology. And at the heart of its operations is a virtual data center powered by off-the-shelf server hardware, various flavors of Linux, and over 6 million lines of software code. < - > http://arstechnica.com/information-technology/2013/10/the-navys-newest-warship-is-powered-by-linux -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 19 06:29:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Oct 2013 07:29:46 -0400 Subject: [Infowarrior] - New botox super-toxin has its details censored Message-ID: <52626D2A.6050808@infowarrior.org> (though I would say 'voluntarily censored' -- which in this case probably is a good thing. --rick) New botox super-toxin has its details censored 14:52 14 October 2013 by Debora MacKenzie http://www.newscientist.com/article/dn24398-new-botox-supertoxin-has-its-details-censored.html A new type of botulinum toxin ? the deadliest substance known ? has been discovered. Because it does not yet have an antidote, the DNA sequence behind it has been withheld from public databases. This is the first time a sequence has been kept secret over security concerns. Injecting a mere 2 billionths of a gram, or inhaling 13 billionths of a gram, of the protein botulinum produced by the soil bacterium Clostridium botulinum will kill an adult. The toxin blocks the release of acetylcholine, the chemical secreted by nerves that makes muscles work. People who accidentally ingest it, as can happen when the bacteria grow in food, develop botulism and often die of paralysis. Victims are treated with monoclonal antibodies, which are immune proteins produced artificially that react with the seven families of botulinum ? named A to G ? discovered so far. Stephen Arnon and colleagues at the California Department of Public Health in Sacramento report this week that they have found an 8th toxin ? type H ? in the faeces of a child who had the typical symptoms of botulism. Secret sequence The team sequenced the bacterial DNA that codes for the toxin, and found it constitutes a separate branch on the botulinum family tree. The new toxin only reacted weakly with a few of the standard antibodies supplied by the US Centers for Disease Control and Prevention (CDC) in Atlanta, Georgia. None of these antibodies protected mice from the effects of the toxin. The team also tried to grow antibodies to the type H toxin in rabbits. While these did protect mice, a larger dose was required than is needed to treat families A to G. Further work to develop a stronger antibody, scale up production and test it for safety in humans will be needed before there is an effective remedy for toxin H. Normally the gene sequence of the bacteria that create the toxin would be released to the public database GenBank, but it was decided that this was too risky at present. Toxic debate Editors of the Journal of Infectious Diseases, where the research was published, write: "Because no antitoxins as yet have been developed to counteract the novel C. Botulinum toxin, the authors had detailed consultations with representatives from numerous appropriate US government agencies." This included the US Army's infectious diseases laboratory, the US Department of Homeland Security, the Centers for Disease Control and Prevention and various other government health departments. The agencies approved the papers published this week, but without the gene sequence for the toxin. This will be published once an effective treatment is available. Dual use research Publishing the sequence would have posed "an immediate and unusually serious risk to society", said David Relman, at Stanford University in an accompanying comment. Relman was one of six members of a US government committee last year who disagreed with a decision to publish research showing how to make deadly H5N1 bird flu readily transmissible among mammals. That research was christened "dual use research of concern", because it carries the possibility of use for nefarious as well as scientific and medical ends. The idea of a bioterrorist putting botulinum in food ? dropping a few grams into a milk truck for example ? is a longstanding nightmare of biosecurity experts. Arnon's team warns that there are probably other botulinum toxins in nature, waiting to be discovered. Journal reference: Journal of Infectious Diseases, DOI: 10.1093/infdis/jit528 -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 19 15:43:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Oct 2013 16:43:40 -0400 Subject: [Infowarrior] - Seeking Online Refuge From Spying Eyes Message-ID: <5262EEFC.7060105@infowarrior.org> Seeking Online Refuge From Spying Eyes By JENNA WORTHAM http://bits.blogs.nytimes.com/2013/10/19/seeking-online-refuge-from-spying-eyes Consider this scene in ?The Circle,? Dave Eggers?s new novel that imagines a dystopian future dominated by an omnipotent social networking company: Mae, the young protagonist, tries to unplug from her hypernetworked life to go on a covert, solitary kayaking trip. But when she returns to shore, she is greeted by police officers who have been alerted to her excursion by several hidden cameras. She quickly realizes that very little in her life isn?t recorded, tracked and analyzed. It?s a troubling image, one that some fear might not be limited to works of fiction. In fact, some elements of Mae?s scenario have emerged recently in the news. There was the report that the National Security Agency can create sophisticated maps of some people?s personal information and social connections. There were the recent changes to Facebook?s privacy settings that will no longer allow users to hide their profiles from public searches. In addition, Google recently revealed that it was considering using anonymous identifiers to track browsing habits online, raising hackles among privacy advocates who have described it as ?the new way they will identify you 24/7.? And, at the same time, drones are becoming commonplace ? used by the government in counterterrorism efforts and by hobbyists ? prompting discussions about the long-term impact on privacy. These developments, among others, have spurred the creation of a handful of applications and services intended to give people respite and refuge from surveillance, both online and off. They have a simple and common goal: to create ways for people to use the Internet and to communicate online without surveillance. Nadim Kobeissi, a security adviser in Montreal who works on an encrypted-message service called Cryptocat, said the security and hacker circles of which he is a part have long suspected that the government is listening in on online conversations and exchanges but ?have never been able to prove it.? He added: ?It?s been a worst-case-scenario prediction that all turned out to be true, to a worrying extent.? If nothing else, the N.S.A. leaks and disclosures have brought these issues front and center for many people, myself included, who are troubled by how much of our daily and online interaction is concentrated in and around a handful of companies that have funneled data to the N.S.A. ?It?s sad that this is the proverbial kick in the butt that needs to bring awareness to this concept,? said Harlo Holmes, who works for the Guardian Project, a group that is building several anti-surveillance and privacy applications. Ms. Holmes says interest has been surging in the Guardian Project?s services, which include tools that let people make phone calls over the Internet which the organization says cannot be recorded. More than a million people have downloaded an app called Orbot that allows users to send e-mails anonymously through mobile devices. She said it was common to assume that people who want to avoid detection online are doing illicit things, like trying to buy drugs or look up illegal content ? and that may happen. But it is certainly not the intent. She says the Guardian Project and its peers are built for people who live under governments that don?t allow access to the Web or to certain apps, as well as for people who simply don?t like the idea of their online activity being tracked and monitored. Ms. Holmes says that most of the tools are used by people in totalitarian states. ?We get a lot of feedback from people who use it to get access to blogs and sites they can?t access because of a firewall,? she said, referring, for example, to a government blocking access to Twitter. Most of these services are still relatively small. For example, Cryptocat, the encrypted-message service, typically sees peaks of around 20,000 simultaneous users. In recent months, that number has grown to 27,000. But it?s a far cry from the hundreds of thousands, or even millions, that mainstream social networking tools and services can claim. ?As good as all of our intentions are, whatever looks good and is user-friendly gets critical mass,? she said. ?That is what is going to take off.? But those who work on these services say they don?t have to compete directly with the Facebooks, Twitters and Googles of the world. They just have to offer an alternative, independent space where people can interact if and when they need to. Dan Phiffer works on a project called Occupy.here that gives people access to a private messaging forum by creating small, localized pockets of Internet access. People who are nearby and whose laptops or mobile devices detect the network are directed to a discussion board where they can interact. Inspired by the Occupy Wall Street protests in 2011, the idea was to allow activists and organizers to interact in a way that would be hard for police officers to track. His project is naturally resistant to Internet surveillance, ?but its original purpose was not for countersurveillance,? he said. ?What I am trying to do is build alternative online spaces for supporting activists and those who might be sympathetic to their cause.? Mr. Phiffer also thinks that the project can have much larger implications and motivate ?broader political engagement by offering a tool for people who are tired of the disregard of their civil liberties by their government.? Of course, there is no guarantee that the Guardian Project, Mr. Kobeissi?s project, or any others like it are safe from being broken into by a government or a hacker or another entity. But Mr. Kobeissi said that there was an upside to all of the disturbing security disclosures: at least now, he said, the security world can deal with the information disclosed in leaks ?on a per-revelation basis? to make its own offerings stronger and more secure. The truth, he said, is that ?we are developing software in an unknown environment, even though we know so much about the threats being posed.? ?The specifics are always changing,? he added. Tools like Cryptocat, he said, are just the impetus for a larger discussion. ?It?s not an answer by itself,? he said. ?It is a combination of privacy and technology, democratic movement and political discussion that it is not acceptable to use the Internet as a surveillance medium.? -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 19 17:05:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Oct 2013 18:05:42 -0400 Subject: [Infowarrior] - isohunt shutting down Message-ID: <52630236.8090201@infowarrior.org> (c/o DM) http://www.digitalspy.co.uk/tech/news/a524623/isohunt-torrent-website-shut-down.html IsoHunt has been ordered to shut down within the next seven days after losing a copyright battle with the Motion Picture Association of America (MPAA). The torrent website will shutter after more than 10 years of operation, and the site's owner Gary Fung has been ordered to pay the MPAA $110 million (?67m) in damages. Read more: http://www.digitalspy.co.uk/tech/news/a524623/isohunt-torrent-website-shut-down.html#ixzz2iCxXSwHI -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 20 08:03:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Oct 2013 09:03:56 -0400 Subject: [Infowarrior] - NSA Accessed Mexican President's Email Message-ID: <5263D4BC.5020306@infowarrior.org> (Admittedly, this falls under the category of "that's what NSA does." --rick) 10/20/2013 11:37 AM Fresh Leak on US Spying NSA Accessed Mexican President's Email http://www.spiegel.de/international/world/nsa-hacked-email-account-of-mexican-president-a-928817-druck.html By Jens Gl?sing, Laura Poitras, Marcel Rosenbach and Holger Stark The NSA has been systematically eavesdropping on the Mexican government for years. It hacked into the president's public email account and gained deep insight into policymaking and the political system. The news is likely to hurt ties between the US and Mexico. The National Security Agency (NSA) has a division for particularly difficult missions. Called "Tailored Access Operations" (TAO), this department devises special methods for special targets. That category includes surveillance of neighboring Mexico, and in May 2010, the division reported its mission accomplished. A report classified as "top secret" said: "TAO successfully exploited a key mail server in the Mexican Presidencia domain within the Mexican Presidential network to gain first-ever access to President Felipe Calderon's public email account." According to the NSA, this email domain was also used by cabinet members, and contained "diplomatic, economic and leadership communications which continue to provide insight into Mexico's political system and internal stability." The president's office, the NSA reported, was now "a lucrative source." This operation, dubbed "Flatliquid," is described in a document leaked by whistleblower Edward Snowden, which SPIEGEL has now had the opportunity to analyze. The case is likely to cause further strain on relations between Mexico and the United States, which have been tense since Brazilian television network TV Globo revealed in September that the NSA monitored then-presidential candidate Enrique Pe?a Nieto and others around him in the summer of 2012. Pe?a Nieto, now Mexico's president, summoned the US ambassador in the wake of that news, but confined his reaction to demanding an investigation into the matter. Now, though, the revelation that the NSA has systematically infiltrated an entire computer network is likely to trigger deeper controversy, especially since the NSA's snooping took place during the term of Pe?a Nieto's predecessor Felipe Calder?n, a leader who worked more closely with Washington than any other Mexican president before him. Brazil Also Targeted Reports of US surveillance operations have caused outrage in Latin America in recent months. Brazilian President Dilma Rousseff cancelled a planned trip to Washington five weeks ago and condemned the NSA's espionage in a blistering speech to the United Nations General Assembly. The US surveillance of politicians in Mexico and Brazil is not a one-off. Internal documents show these countries' leaders represent important monitoring targets for the NSA, with both Mexico and Brazil ranking among the nations high on an April 2013 list that enumerates the US' surveillance priorities. That list, classified as "secret," was authorized by the White House and "presidentially approved," according to internal NSA documents. The list ranks strategic objectives for all US intelligence services using a scale from "1" for high priority to "5" for low priority. In the case of Mexico, the US is interested primarily in the drug trade (priority level 1) and the country's leadership (level 3). Other areas flagged for surveillance include Mexico's economic stability, military capabilities, human rights and international trade relations (all ranked at level 3), as well as counterespionage (level 4). It's much the same with Brazil -- ascertaining the intentions of that country's leadership ranks among the stated espionage targets. Brazil's nuclear program is high on the list as well. When Brazilian President Rousseff took office in early 2011, one of her goals was to improve relations with Washington, which had cooled under her predecessor, the popular former labor leader Luiz In?cio Lula da Silva. Lula focused primarily on establishing closer ties with China, India and African nations, and even invited Iran's then-President Mahmoud Ahmadinejad to Brazil, in a snub to the US. President Barack Obama postponed a planned visit to the capital, Bras?lia, as a result. Rousseff, however, has distanced herself from Iran. And the first foreign minister to serve under her, Antonio Patriota, who recently resigned, was seen as friendly toward the US, maintaining good ties with his counterpart Hillary Clinton. Obama made a state visit to Brazil two years ago and Rousseff had planned to reciprocate with a visit to Washington this October. Then came the revelation that US authorities didn't stop short of spying on the president herself. According to one internal NSA presentation, the agency investigated "the communication methods and associated selectors of Brazilian President Dilma Rouseff and her key advisers." It also said it found potential "high-value targets" among her inner circle. Economic Motives? Rousseff believes Washington's reasons for employing such unfriendly methods are partly economic, an accusation that the NSA and its director, General Keith Alexander, have denied. Yet according to the leaked NSA documents, the US also monitored email and telephone communications at Petrobras, the oil corporation in which the Brazilian government holds a majority stake. Brazil possesses enormous offshore oil reserves. Just how intensively the US spies on its neighbors can be seen in another, previously unknown operation in Mexico, dubbed "Whitetamale" by the NSA. In August 2009, according to internal documents, the agency gained access to the emails of various high-ranking officials in Mexico's Public Security Secretariat that combats the drug trade and human trafficking. This hacking operation allowed the NSA not only to obtain information on several drug cartels, but also to gain access to "diplomatic talking-points." In the space of a single year, according to the internal documents, this operation produced 260 classified reports that allowed US politicians to conduct successful talks on political issues and to plan international investments. The tone of the document that lists the NSA's "tremendous success" in monitoring Mexican targets shows how aggressively the US intelligence agency monitors its southern neighbor. "These TAO accesses into several Mexican government agencies are just the beginning -- we intend to go much further against this important target," the document reads. It goes on to state that the divisions responsible for this surveillance are "poised for future successes." While these operations were overseen from the NSA's branch in San Antonio, Texas, secret listening stations in the US Embassies in Mexico City and Bras?lia also played a key role. The program, known as the "Special Collection Service," is conducted in cooperation with the CIA. The teams have at their disposal a wide array of methods and high-tech equipment that allow them to intercept all forms of electronic communication. The NSA conducts its surveillance of telephone conversations and text messages transmitted through Mexico's cell phone network under the internal code name "Eveningeasel." In Bras?lia, the agency also operates one of its most important operational bases for monitoring satellite communications. This summer, the NSA took its activities to new heights as elections took place in Mexico. Despite having access to the presidential computer network, the US knew little about Enrique Pe?a Nieto, designated successor to Felipe Calder?n. Spying on Pe?a Nieto In his campaign appearances, Pe?a Nieto would make his way to the podium through a sea of supporters, ascending to the stage like a rock star. He is married to an actress, and also had the support of several influential elder statesmen within his party, the PRI. He promised to reform the party and fight pervasive corruption in the country. But those familiar with the PRI, which is itself regarded by many as corrupt, saw this pledge as little more than a maneuver made for show. First and foremost, though, Pe?a Nieto promised voters he would change Mexico's strategy in the war on drugs, announcing he would withdraw the military from the fight against the drug cartels as soon as possible and invest more money in social programs instead. Yet at the same time, he assured Washington there would be no U-turn in Mexico's strategy regarding the cartels. So what were Pe?a Nieto's true thoughts at the time? What were his advisers telling him? The NSA's intelligence agents in Texas must have been asking themselves such questions when they authorized an unusual type of operation known as structural surveillance. For two weeks in the early summer of 2012, the NSA unit responsible for monitoring the Mexican government analyzed data that included the cell phone communications of Pe?a Nieto and "nine of his close associates," as an internal presentation from June 2012 shows. Analysts used software to connect this data into a network, shown in a graphic that resembles a swarm of bees. The software then filtered out Pe?a Nieto's most relevant contacts and entered them into a databank called "DishFire." From then on, these individuals' cell phones were singled out for surveillance. According to the internal documents, this led to the agency intercepting 85,489 text messages, some sent by Pe?a Nieto himself and some by his associates. This technology "might find a needle in a haystack," the analysts noted, adding that it could do so "in a repeatable and efficient way." It seems, though, that the NSA's agents are no longer quite as comfortable expressing such pride in their work. Asked for a comment by SPIEGEL, the agency replied: "We are not going to comment publicly on every specific alleged intelligence activity, and as a matter of policy we have made clear that the United States gathers foreign intelligence of the type gathered by all nations. As the President said in his speech at the UN General Assembly, we've begun to review the way that we gather intelligence, so that we properly balance the legitimate security concerns of our citizens and allies with the privacy concerns that all people share." Meanwhile, the NSA's spying has already caused considerable political damage in the case of Brazil, seriously denting the mutual trust between Rousseff and Obama. Brazil now plans to introduce a law that will force companies such as Google and Facebook to store their data inside Brazil's borders, rather than on servers in the US, making these international companies subject to Brazilian data privacy laws. The Brazilian government is also developing a new encryption system to protect its own data against hacking. So far, Mexico has reacted more moderately -- although the fact that the NSA infiltrated even the presidential computer network wasn't known until now. Commenting after TV Globo first revealed the NSA's surveillance of text messages, Pe?a Nieto stated that Obama had promised him to investigate the accusations and to punish those responsible, if it was found that misdeeds had taken place. In response to an inquiry from SPIEGEL concerning the latest revelations, Mexico's Foreign Ministry replied with an email condemning any form of espionage on Mexican citizens, saying such surveillance violates international law. "That is all the government has to say on the matter," stated a spokesperson for Pe?a Nieto. Presumably, that email could be read at the NSA's Texas location at the same time. URL: http://www.spiegel.de/international/world/nsa-hacked-email-account-of-mexican-president-a-928817.html -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 20 13:42:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Oct 2013 14:42:51 -0400 Subject: [Infowarrior] - Obama Administration Uses Pirated Code on Healthcare.gov Message-ID: <5264242B.8040407@infowarrior.org> Obama Administration Uses Pirated Code on Healthcare.gov Ernesto October 19, 2013 http://torrentfreak.com/obama-administration-uses-pirated-code-on-healthcare-gov-131019/ The new Obamacare website Healthcare.gov has had its fair share of problems over the past weeks, and the trouble continues. As it turns out, the Government website uses the open source software DataTables, which is a plug-in for the jQuery Javascript library. While using open-source software is fine, the makers of Healthcare.gov decided to blatantly remove all references to its owners or the original copyright license. In other words, they simply took the open-source software and are passing it off as their own, a clear violation of the GPL v2 and BSD (3-point) licenses DataTables uses. For a comparison, here is the original DataTables file and this is how it looks on Healthcare.gov. < - > SpryMedia, the company behind Data Tables told The Weekly Standard that they are ?extremely disappointed? with the rip off and they will follow the issue up with the Department of Health and Human Services, who run Healthcare.gov. Perhaps they can also contact the Department of Homeland security who are known to seize domains that assist in copyright infringement? -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 21 06:57:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Oct 2013 07:57:36 -0400 Subject: [Infowarrior] - France in the NSA's crosshair : phone networks under surveillance Message-ID: <526516B0.2040007@infowarrior.org> France in the NSA's crosshair : phone networks under surveillance Le Monde.fr | 21.10.2013 ? 06h08 ? Mis ? jour le 21.10.2013 ? 10h25 | Par Jacques Follorou et Glenn Greenwald (Journaliste) http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-phone-networks-under-surveillance_3499741_651865.html The future will perhaps tell us one day why France has remained so discreet in comparison with Germany or Brazil, for example, after the first revelations about the extent of the American electronic espionage programmes in the world as revealed by Edward Snowden, the ex-employee of an NSA (National Security Agency) sub-contractor. France was also concerned and today has at its disposition tangible proof that its interests are targeted on a daily basis. According to the documents retrieved from the NSA database by its ex-analyst, telephone communications of French citizens are intercepted on a massive scale. Le Monde has been able to obtain access to documents which describe the techniques used to violate the secrets or simply the private life of French people. Some elements of information about this espionage have been referred to by Der Speigel and The Guardian, but others are, to date, unpublished. Amongst the thousands of documents extracted from the NSA by its ex-employee there is a graph which describes the extent of telephone monitoring and tapping (DNR ? Dial Number Recognition) carried out in France. It can be seen that over a period of thirty days ? from 10 December 2012 to 8 January 2013, 70,3 million recordings of French citizens' telephone data were made by the NSA. This agency has several methods of data collection. According to the elements obtained by Le Monde, when a telephone number is used in France, it activates a signal which automatically triggers the recording of the call. Apparently this surveillance system also picks up SMS messages and their content using key words. Finally, the NSA apparently stores the history of the connections of each target ? or the meta-data. This espionage is listed under the programme US-985D. The precise explanation of this acronym has not been provided, to date, by the Snowden documents nor by the former members of the NSA. By way of comparison, the acronyms used by the NSA for the same type of interception targeting Germany are US-987LA and US-987LB. According to some sources, this series of numbers corresponds to the circle referred to by the United States as the 'third party', to which belong France, Germany but also Austria, Poland or again Belgium. 'The second party' concerns the English-speaking countries historically close to Washington: the United Kingdom, Canada, Australia and New Zealand ? this group is known by the name the 'five eyes'. 'The first party' concerns the sixteen American secret services of which today the NSA has become the most important, according to a senior official from the French Intelligence community. The techniques used for these interceptions appear under the codenames 'DRTBOX' and 'WHITEBOX'. Their characteristics are not known either. But we do know that, thanks to DRTBOX, 62.5 million data were collected in France and that WHITEBOX enables the recording of 7.8 million elements. The documents which Le Monde has been able to see have not enabled the provision of further details on these methods. But they give sufficient explanation to lead us to think that the NSA targets concerned both people suspected of association with terrorist activities as well as people targeted simply because they belong to the worlds of business, politics or French state administration. The NSA graph shows an average of 3 million data intercepts per day with peaks at almost 7 million on 24 December 2012 and 7 January 2013. But between 28 and 31 December no interception seems to have taken place. This apparent stoppage of activity could be explained, in particular, by the time required at the end of December 2012, for the American Congress to renew section 702 of the law dealing with electronic espionage abroad. Similarly nothing appears on the 3, 5 and 6 January 2013; this time we cannot suggest any plausible reason. Many questions are still posed by this diagram ? to start with the precise identity of the targets and the justifications for such a large-scale collection of data in a foreign country which is both sovereign and an ally. When questioned, the American authorities did not wish to comment on these documents which they considered to be 'classified'. Nevertheless, they do refer to the statement made on 8 June 2013 by the Director of National Intelligence according to which, 'the government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and document foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose. France is not the country in which the NSA intercepts the most digital or telephone connections. The 'Boundless Informant' system, revealed in June by Edward Snowden to the British daily The Guardian, enabled an overall vision and in real time of the information gathered throughout the world, by means of the various NSA wire-tapping systems. This system gathers not only telephone data (DNR) but also digital data (DNI Digital Network Intelligence). One of the documents which Le Monde was able to consult notes that between 8 February and 8 March 2013, the NSA collected, throughout the world, 124,8 billion telephone data items and 97,1 billion computer data items. In Europe, only Germany and the United Kingdom exceed France in terms of numbers of interceptions. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 21 07:58:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Oct 2013 08:58:18 -0400 Subject: [Infowarrior] - "I Support an Orwellian Police State in America" Message-ID: <526524EA.1010004@infowarrior.org> ...presuming this was not something staged w/actors pretending to be the Average Idiot (which of course is entirely possible) if indeed real, it's unbelievable and depressing. --rick "I Support an Orwellian Police State in America" Political prankster Mark Dice asks San Diego beach-goers if they'll sign a petition supporting "the Police State" which includes "Orwellian" and "Nazi-Style" tactics to "keep Americans safe" in this "Brave New World." Video @ http://www.youtube.com/watch?v=l02E4cj4Vvo -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 21 16:29:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Oct 2013 17:29:57 -0400 Subject: [Infowarrior] - CryptoSeal shuts down commercial VPN service Message-ID: <52659CD5.8040806@infowarrior.org> https://privacy.cryptoseal.com/ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CryptoSeal Privacy Consumer VPN service terminated with immediate effect With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced (by design) during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability. Essentially, the service was created and operated under a certain understanding of current US law, and that understanding may not currently be valid. As we are a US company and comply fully with US law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product. Specifically, the Lavabit case, with filings released by Kevin Poulsen of Wired.com (https://www.documentcloud.org/documents/801182-redacted-pleadings-exhibits-1-23.html) reveals a Government theory that if a pen register order is made on a provider, and the provider's systems do not readily facilitate full monitoring of pen register information and delivery to the Government in realtime, the Government can compel production of cryptographic keys via a warrant to support a government-provided pen trap device. Our system does not support recording any of the information commonly requested in a pen register order, and it would be technically infeasible for us to add this in a prompt manner. The consequence, being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion, and likely unconstitutional, but until this matter is settled, we are unable to proceed with our service. We encourage anyone interested in this issue to support Ladar Levison and Lavabit in their ongoing legal battle. Donations can be made at https://rally.org/lavabit We believe Lavabit is an excellent test case for this issue. We are actively investigating alternative technical ways to provide a consumer privacy VPN service in the future, in compliance with the law (even the Government's current interpretation of pen register orders and compelled key disclosure) without compromising user privacy, but do not have an estimated release date at this time. To our affected users: we are sincerely sorry for any inconvenience. For any users with positive account balances at the time of this action, we will provide 1 year subscriptions to a non-US VPN service of mutual selection, as well as a refund of your service balance, and free service for 1 year if/when we relaunch a consumer privacy VPN service. Thank you for your support, and we hope this will ease the inconvenience of our service terminating. For anyone operating a VPN, mail, or other communications provider in the US, we believe it would be prudent to evaluate whether a pen register order could be used to compel you to divulge SSL keys protecting message contents, and if so, to take appropriate action. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) iEYEARECAAYFAlJSnR8ACgkQB62+B9LgMB+VQQCcCtJO9W9tNVZHd5q8YGBykO1+ PuEAn39cWbDwt6UQd2GyZUZ7y79cVQXh =vGGD -----END PGP SIGNATURE----- -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 21 20:02:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Oct 2013 21:02:11 -0400 Subject: [Infowarrior] - OT Humour: New, Improved Obamacare Program Released Message-ID: <34A649F8-F44F-4862-9848-201F12DC9B39@infowarrior.org> New, Improved Obamacare Program Released On 35 Floppy Disks WASHINGTON?Responding to widespread criticism regarding its health care website, the federal government today unveiled its new, improved Obamacare program, which allows Americans to purchase health insurance after installing a software bundle contained on 35 floppy disks. ?I have heard the complaints about the existing website, and I can assure you that with this revised system, finding the right health care option for you and your family is as easy as loading 35 floppy disks sequentially into your disk drive and following the onscreen prompts,? President Obama told reporters this morning, explaining that the nearly three dozen 3.5-inch diskettes contain all the data needed for individuals to enroll in the Health Insurance Marketplace, while noting that the updated Obamacare software is mouse-compatible and requires a 386 Pentium processor with at least 8 MB of system RAM to function properly. ?Just fire up MS-DOS, enter ?A:\>dir *.exe? into the command line, and then follow the instructions to install the Obamacare batch files?it should only take four or five hours at the most. You can press F1 for help if you run into any problems. And be sure your monitor?s screen resolution is at 320 x 200 or it might not display properly.? Obama added that the federal government hopes to have a six?CD-ROM version of the program available by 2016. http://www.theonion.com/articles/new-improved-obamacare-program-released-on-35-flop,34294/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 21 20:27:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Oct 2013 21:27:52 -0400 Subject: [Infowarrior] - OT: Your Lifestyle Has Already Been Designed Message-ID: <434BB3C8-87AA-4F3E-8694-BD2D9A664146@infowarrior.org> Your Lifestyle Has Already Been Designed http://www.raptitude.com/2010/07/your-lifestyle-has-already-been-designed/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 22 13:04:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Oct 2013 14:04:52 -0400 Subject: [Infowarrior] - DiFi Deploys All The 'Intelligence' Cliches In Op-Ed Defending Metadata Program Message-ID: <6C6D4621-549B-4AE1-9326-4070433C889E@infowarrior.org> Dianne Feinstein Deploys All The 'Intelligence' Cliches In Op-Ed Defending Metadata Program http://www.techdirt.com/articles/20131021/11110924946/dianne-feinstein-deploys-all-intelligence-cliches-op-ed-defending-metadata-program.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 22 22:54:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Oct 2013 23:54:11 -0400 Subject: [Infowarrior] - U.S. proposes minimal corporate cybersecurity standards Message-ID: <294CF647-51A5-404A-8A17-5641ADE8F3D3@infowarrior.org> U.S. proposes minimal corporate cybersecurity standards By Alina Selyukh 4 hours ago http://news.yahoo.com/u-proposes-minimal-corporate-cybersecurity-standards-231545123.html WASHINGTON (Reuters) - A U.S. bureau on Tuesday unveiled a draft of voluntary standards that companies can adopt to boost cybersecurity - part of an attempt to protect critical industries without setting restrictive and costly regulations. The National Institute of Standards and Technology (NIST), a nonregulatory agency that is part of the Department of Commerce, issued the so-called framework following input from some 3,000 industry and academic experts. Cybersecurity experts warn that relentless efforts to hack into U.S. banks and financial institutions, the power grid and other critical infrastructure, paired with instances of disruptive attacks abroad, pose a national security threat. President Barack Obama directed NIST to compile voluntary minimum standards in a February executive order aimed at countering the lack of progress on cybersecurity legislation in Congress. Action on bills this year is stalled after the disclosures of vast online U.S. government spying programs. The draft offers guidance on how companies could identify and protect network assets and detect, respond to and recover from breaches. Steps might include keeping inventories of software platforms and applications they use, ensuring that top executives know roles and responsibilities, and setting information security policies. The document also expands on how the companies could do all that while protecting privacy and civil liberties. (To read the framework, see: http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf) "Ultimately what we want to do is we want to turn today's best practices into common and expected practices," NIST Director Patrick Gallagher told reporters, calling the framework "a living document" that is expected to be flexible. 'STEPPING STONE' Many in the private sector have expressed fears that the voluntary framework will inevitably turn into a set of requirements or create new liabilities. Another concern is that companies have little incentive to adopt the framework - something being reviewed by the Departments of Homeland Security, Commerce and Treasury. "This is really just a stepping stone ... . The meat of all of this still remains in the incentives program," said Melanie Teplinsky, who teaches law at American University and serves as an adviser to cybersecurity firm CrowdStrike. "Even if this is perfect, who's going to adopt this and why?" Some trade groups and industry analysts say the framework appears vague and complex, and experts warn that may become a hurdle to adoption. "I understand their problem, they're trying to write something that any industry can apply. As soon as you do that, you're going to get to a very big level of abstraction," said Stewart Baker, a former Department of Homeland Security assistant secretary and now lawyer at Steptoe & Johnson. "Much of the document is very procedural," he said. "I fear that it won't measurably improve cybersecurity without making it more expensive for everybody." Gallagher said the "relative simplicity" of the document should not be construed as lack of specifics or impracticality. "It's still too soon to tell if the framework will achieve the challenging goal set by the executive order," said Norma Krayem, a senior policy advisor at law firm Patton Boggs. "At the same time, if there are sectors or companies that have not fully engaged in this process with the administration, they need to do so very quickly. The Congress and others are waiting to see how this process goes, but they may not wait forever." (Reporting by Alina Selyukh; Editing by Ros Krasny and Xavier Briand) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 24 23:03:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Oct 2013 00:03:15 -0400 Subject: [Infowarrior] - Germany, Brazil Turn to U.N. to Restrain American Spies Message-ID: <18CB721F-FA55-4943-B6FB-89AC685CC78A@infowarrior.org> Exclusive: Germany, Brazil Turn to U.N. to Restrain American Spies http://thecable.foreignpolicy.com/posts/2013/10/24/exclusive_germany_brazil_turn_to_un_to_restrain_american_spies Brazil and Germany today joined forces to press for the adoption of a U.N. General Resolution that promotes the right of privacy on the internet, marking the first major international effort to restrain the National Security Agency's intrusions into the online communications of foreigners, according to diplomatic sources familiar with the push. The effort follows a German claim that the American spy agency may have tapped the private telephone of German Chancellor Angela Merkel and dozens of other world leaders. It also comes about one month after Brazilian leader Dilma Rousseff denounced NSA espionage against her country as "a breach of international law" in a General Assembly speech and proposed that the U.N. establish legal guidelines to prevent "cyberspace from being used as a weapon of war." Brazilian and German diplomats met in New York today with a small group of Latin American and European governments to consider a draft resolution that calls for expanding privacy rights contained in the International Covenant Civil and Political Rights to the online world. The draft does not refer to a flurry of American spying revelations that have caused a political uproar around the world, particularly in Brazil and German. But it was clear that the revelation provided the political momentum to trigger today's move to the United Nations. Theblowback from the NSA leaks continues to agonize U.S. diplomats and military officials concerned about America's image abroad. "This is an example of the very worst aspects of the Snowden disclosures," a former defense official with deep experience in NATO, told The Cable, referring to former NSA contractor Edward Snowden. "It will be very difficult for the US to dig out of this, although we will over time. The short term costs in credibility and trust are enormous." Although the U.N.'s ability to fundamentally constrain the NSA is nil, the mounting international uproar over U.S. surveillance has security experts fearful for the ramifications. "The worst case scenario I think would be having our European allies saying they will no longer share signals intelligence because of a concern that our SigInt is being derived from mechanisms that violate their privacy rules," said Ray Kimball, an army strategist with policy experience on European issues. He stressed that he was not speaking for the military. Although the Germans have not indicated such a move is in the works, they do have a game plan for making their surveillance complaints heard. The International Covenant on Political and Civil Rights was written in 1966 and came into force in 1976, decades before the internet transformed the way people communicate around the world. A provision in the international covenant, Article 17, says "no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation." It also states that "everyone has the right to the protection of the law against such interference or attacks." "The covenant was formulated at a time when the internet didn't exist," said a diplomat familiar with the negotiations. "Everyone has the right to privacy and the goal is to this resolution is to apply those protections to online communications." Brazil and Germany are hoping to put the resolution to a vote in the U.N. General Assembly human rights committee later this year. The draft resolution, which has not been made public and which is still subject to negotiation among U.N. states, will seek to apply the those protections to online communications. "This is not just about spying," said the diplomat. This is about ensuring that "privacy of citizens in their home states under their own home legislation." "It calls on countries to put an end to violations of that right," the official said. "People have to be protected offline and online." Anyone who thinks this issue will only resonate in Brazil, Mexico, France, Italy, and Germany -- where the Snowden leaks recently revealed NSA datamining -- isn't paying attention. According to the latest internal NSA memo leaked to The Guardian, the list of targeted nations is even longer, which could give this U.N. effort additional momentum. The NSA monitored the communications of 35 unnamed "world leaders," whose phone numbers were given to the intelligence agency by a U.S. government official, according to the report. The agency has been collecting phone numbers, email addresses, and residential addresses of foreign officials from the people in the U.S. government who are in touch with them. The U.S. official, who is not named, personally handed over 200 phone numbers about the people he or she was in touch with. It's hardly a secret, or a surprise, that the NSA spies on foreign governments, including those friendly to the United States. Two former intelligence officials toldThe Cable that contact information like this is a regular source of intelligence for the NSA. And the memo acknowledges that the agency looks for officials' contact information in open sources, such as the Internet. But the revelation that U.S. officials are facilitating spying on the people they do business with to this extent has created the impetus for U.N. action, a first-of-its kind development. "There's a mixture of hypocrisy and feigned outrage along with real objections here," said a former senior intelligence official. "I don't know where the line is. The idea that political leaders are out of bounds for foreign intelligence is amusing. But on the other hand this business about trusting allies is a big thing. My guess is there's a real annoyance here" on the part of foreign allies. Merkel was so outraged by the news that her phone had been monitored that she called President Obama to discuss it. The White House issued a carefully wordedstatement, assuring that the German leader's phone would not be tapped now or in the future, but not saying whether it had been. It's not clear whether the NSA is still collecting information from the address books of U.S. officials. The memo was written in 2006. But at least at the time, such collection was a regular occurrence. "From time to time, SID [the agency's signals intelligence directorate] is offered access to the personal contact databases of U.S. officials," the memo states. It doesn't specify who those officials are, or where in the government they work. But, the memo goes on to say, the information provided by the one U.S. official was sufficiently helpful that the agency decided to go around asking for more such contacts from the NSA's "supported customers," which include the Departments of Defense and State, as well as the White House. (None of them are listed by name in the memo.) "These numbers have provided lead information to other numbers," the memo states. In the case of the one U.S. officials, the 200 numbers included 43 that previously weren't on the NSA's radar. "This success leads S2 [part of the signals intelligence directorate] to wonder if there are NSA liaisons whose supported customers may be willing to share" their contacts, as well. "S2 welcomes such information!" Apparently, though, success was measured not so much in secrets learned but just in having the data itself. The memo acknowledges that analysts "have noted little reported intelligence from these particular numbers, which appear not to be used for sensitive discussions." From this we might conclude that NSA's targets are not fools. Why would anyone in the senior ranks of a government or military have sensitive conversations or discuss classified information over the phone number or email on his business card? But, the NSA seems to have concluded, what could it hurt to find out? Time will tell. In a statement, a spokesperson for Merkel said she told Obama that tapping her phone would represent a "grave breach of trust" between the two allies. "She made clear that she views such practices, if proven true, as completely unacceptable and condemns them unequivocally." With the latest news from the U.N., it appears the U.S. might be in store for more than just a slap on the wrist. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 24 23:05:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Oct 2013 00:05:15 -0400 Subject: [Infowarrior] - Mozilla's Lightbeam Message-ID: <84BFD248-5732-4B35-BFF4-7FD78F10BA24@infowarrior.org> Mozilla's Lightbeam tool will expose who is looking over your shoulder on the web Adam Sherwin Thursday 24 October 2013 http://www.independent.co.uk/life-style/gadgets-and-tech/news/mozillas-lightbeam-tool-will-expose-who-is-looking-over-your-shoulder-on-the-web-8902269.html Just who is looking over your shoulder when you browse the Internet? Tomorrow, web users will be given a new tool to shine a light on the commercial organisations which track your every movement online. Lightbeam, a download produced by Mozilla, the US free software community behind the popular Firefox browser, claims to be a ?watershed? moment in the battle for web transparency. Everyone who browses the Internet leaves a digital trail used by advertisers to discover what your interests are. Users who activate Lightbeam will be able to see a real-time visualisation of every site they visit and every third-party that is active on those sites, including commercial organisations which might potentially be sharing your data. Mozilla wants users who install the Lightbeam add-on to Firefox, to crowd-source their data, to produce the first ?big picture? view of web tracking, revealing which third-parties are most active. Lightbeam promises a ?Wizard of Oz? moment for the web, ?where users collectively provide a way to pull back the curtains to see its inner workings,? Mozilla claimed. Mark Surman, Mozilla?s executive director, said: ?It?s a stake in the ground in terms of letting people know the ways they are being tracked. At Mozilla, we believe everyone should be in control of their user data and privacy and we want people to make informed decisions about their Web experience.? Mozilla already offers users the ability to disable ?cookies? - small files that download from websites onto a computer, allowing advertisers to target users based on their online activity ? an option taken up by 18 per cent of UK Firefox users. Lightbeam will reveal the source of the third-party adverts, scripts and images stored on a web page which are linked to servers in other domains. An expanding graph visualises the interactions between the sites a user intentionally visits and the third parties which may not be welcome. Mozilla has come under ?tremendous pressure? from trade bodies over its mission to bring transparency to the web, said Alex Fowler, the company?s Privacy Officer. The software company said it was responding to increased privacy concerns following the revelation that the US National Security Agency (NSA) had tapped directly into the servers of Internet firms including Facebook, to track online communication in a surveillance programme. Firefox released a security upgrade after it emerged that the NSA was exploiting vulnerabilities in the browser to gain access to computers using Tor, a sophisticated anonymity tool. But Mozilla insisted that Lightbeam itself will not compromise the privacy of users who agree to upload and share data. Lightbeam will not log IP addresses, the information will be aggregated anonymously and the software can be uninstalled, Mr Surman promised. Lightbeam initially will only be available for desktop browsers. Apple has reportedly rejected from its store apps by developers which incorporate ?cookie tracking? technology. ?The whole mobile environment is closed,? Mr Surman said. ?You have to go through Google and Apple for apps.? Mozilla, which is developing its own tablet, Mr Surman disclosed, is hosting its UK Mozfest this weekend, a brain-storming ?hack?, attended by 1,400 people. Mr Surman said: ?Our focus in on building a web based on openness and transparency. Our dream is a world where people know more about how the web works and take control of their lives online. We need a posse of people to get involved and make that happen.? He accepted that some cookies can help consumers navigate sites by providing content relevant to the user but said it was important that tracking happens with a person?s knowledge. Lightbeam is released ahead of ?Stop Watching Us,? a ?rally against mass surveillance? in response to the Snowden revelations, which will be held in Washington D.C. on Saturday. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 25 23:25:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Oct 2013 00:25:34 -0400 Subject: [Infowarrior] - Leaked memos reveal GCHQ efforts to keep mass surveillance secret Message-ID: Leaked memos reveal GCHQ efforts to keep mass surveillance secret Exclusive: Edward Snowden papers show UK spy agency fears legal challenge if scale of surveillance is made public ? James Ball ? The Guardian, Friday 25 October 2013 13.45 EDT http://www.theguardian.com/uk-news/2013/oct/25/leaked-memos-gchq-mass-surveillance-secret-snowden The UK intelligence agency GCHQ has repeatedly warned it fears a "damaging public debate" on the scale of its activities because it could lead to legal challenges against its mass-surveillance programmes, classified internal documents reveal. Memos contained in the cache disclosed by the US whistleblower Edward Snowden detail the agency's long fight against making intercept evidence admissible as evidence in criminal trials ? a policy supported by all three major political parties, but ultimately defeated by the UK's intelligence community. Foremost among the reasons was a desire to minimise the potential for challenges against the agency's large-scale interception programmes, rather than any intrinsic threat to security, the documents show. The papers also reveal that: ? GCHQ lobbied furiously to keep secret the fact that telecoms firms had gone "well beyond" what they were legally required to do to help intelligence agencies' mass interception of communications, both in the UK and overseas. ? GCHQ feared a legal challenge under the right to privacy in the Human Rights Act if evidence of its surveillance methods became admissible in court. ? GCHQ assisted the Home Office in lining up sympathetic people to help with "press handling", including the Liberal Democrat peer and former intelligence services commissioner Lord Carlile, who this week criticised the Guardian for its coverage of mass surveillance by GCHQ and America's National Security Agency. The most recent attempt to make intelligence gathered from intercepts admissible in court, proposed by the last Labour government, was finally stymied by GCHQ, MI5 and MI6 in 2009. A briefing memo prepared for the board of GCHQ shortly before the decision was made public revealed that one reason the agency was keen to quash the proposals was the fear that even passing references to its wide-reaching surveillance powers could start a "damaging" public debate. Referring to the decision to publish the report on intercept as evidence without classification, it noted: "Our main concern is that references to agency practices (ie the scale of interception and deletion) could lead to damaging public debate which might lead to legal challenges against the current regime." A later update, from May 2012, set out further perceived "risks" of making intercepts admissible, including "the damage to partner relationships if sensitive information were accidentally released in open court". It also noted that the "scale of interception and retention required would be fairly likely to be challenged on Article 8 (Right to Privacy) grounds". The GCHQ briefings showed the agency provided the Home Office with support in winning the PR battle on the proposed reforms by lining up people to talk to the media ? including Lord Carlile, who on Wednesday gave a public lecture condemning the Guardian's decision to publish stories based on the leaked material from Snowden. Referring to the public debate on intercept evidence, the document notes: "Sir Ken McDonald [sic] (former DPP [director of public prosecutions]), Lord Goldsmith (former AG [attorney general]) and David Davis (former Shadow HSec [home secretary) [have been] reiterating their previous calls for IaE [intercept as evidence]. "We are working closely with HO [Home Office] on their plans for press handling when the final report is published, e.g. lining up talking heads (such as Lord Carlisle [sic], Lord Stevens, Sir Stephen Lander, Sir Swinton Thomas)." Carlile was the independent reviewer of terrorism legislation in 2001-11, and was awarded a CBE in 2012 for his services to national security. Another top GCHQ priority in resisting the admission of intercepts as evidence was keeping secret the extent of the agency's co-operative relationships with telephone companies ? including being granted access to communications networks overseas. In June, the Guardian disclosed the existence of GCHQ's Tempora internet surveillance programme. It uses intercepts on the fibre-optic cables that make up the backbone of the internet to gain access to vast swaths of internet users' personal data. The intercepts are placed in the UK and overseas, with the knowledge of companies owning either the cables or landing stations. The revelations of voluntary co-operation with some telecoms companies appear to contrast markedly with statements made by large telecoms firms in the wake of the first Tempora stories. They stressed that they were simply complying with the law of the countries in which they operated. In reality, numerous telecoms companies were doing much more than that, as disclosed in a secret document prepared in 2009 by a joint working group of GCHQ, MI5 and MI6. Their report contended that allowing intercepts as evidence could damage relationships with "Communications Service Providers" (CSPs). In an extended excerpt of "the classified version" of a review prepared for the Privy Council, a formal body of advisers made up of current and former cabinet ministers, the document sets out the real nature of the relationship between telecoms firms and the UK government. "Under RIPA [the Regulation of Investigatory Powers Act 2000], CSPs in the UK may be required to provide, at public expense, an adequate interception capability on their networks," it states. "In practice all significant providers do provide such a capability. But in many cases their assistance ? while in conformity with the law ? goes well beyond what it requires." GCHQ's internet surveillance programme is the subject of a challenge in the European court of human rights, mounted by three privacy advocacy groups. The Open Rights Group, English PEN and Big Brother Watch argue the "unchecked surveillance" of Tempora is a challenge to the right to privacy, as set out in the European convention on human rights. That the Tempora programme appears to rely at least in part on voluntary co-operation of telecoms firms could become a major factor in that ongoing case. The revelation could also reignite the long-running debate over allowing intercept evidence in court. GCHQ's submission goes on to set out why its relationships with telecoms companies go further than what can be legally compelled under current law. It says that in the internet era, companies wishing to avoid being legally mandated to assist UK intelligence agencies would often be able to do so "at little cost or risk to their operations" by moving "some or all" of their communications services overseas. As a result, "it has been necessary to enter into agreements with both UK-based and offshore providers for them to afford the UK agencies access, with appropriate legal authorisation, to the communications they carry outside the UK". The submission to ministers does not set out which overseas firms have entered into voluntary relationships with the UK, or even in which countries they operate, though documents detailing the Tempora programme made it clear the UK's interception capabilities relied on taps located both on UK soil and overseas. There is no indication as to whether the governments of the countries in which deals with companies have been struck would be aware of the GCHQ cable taps. Evidence that telecoms firms and GCHQ are engaging in mass interception overseas could stoke an ongoing diplomatic row over surveillance ignited this week after the German chancellor, Angela Merkel, accused the NSA of monitoring her phone calls, and the subsequent revelation that the agency monitored communications of at least 35 other world leaders. On Friday, Merkel and the French president, Fran?ois Hollande, agreed to spearhead efforts to make the NSA sign a new code of conduct on how it carried out intelligence operations within the European Union, after EU leaders warned that the international fight against terrorism was being jeopardised by the perception that mass US surveillance was out of control. Fear of diplomatic repercussions were one of the prime reasons given for GCHQ's insistence that its relationships with telecoms firms must be kept private . Telecoms companies "feared damage to their brands internationally, if the extent of their co-operation with HMG [Her Majesty's government] became apparent", the GCHQ document warned. It added that if intercepts became admissible as evidence in UK courts "many CSPs asserted that they would withdraw their voluntary support". The report stressed that while companies are going beyond what they are required to do under UK law, they are not being asked to violate it. Shami Chakrabarti, Director of Liberty and Anthony Romero Executive Director of the American Civil Liberties Union issued a joint statement stating: "The Guardian's publication of information from Edward Snowden has uncovered a breach of trust by the US and UK Governments on the grandest scale. The newspaper's principled and selective revelations demonstrate our rulers' contempt for personal rights, freedoms and the rule of law. "Across the globe, these disclosures continue to raise fundamental questions about the lack of effective legal protection against the interception of all our communications. "Yet in Britain, that conversation is in danger of being lost beneath self-serving spin and scaremongering, with journalists who dare to question the secret state accused of aiding the enemy. "A balance must of course be struck between security and transparency, but that cannot be achieved whilst the intelligence services and their political masters seek to avoid any scrutiny of, or debate about, their actions. "The Guardian's decision to expose the extent to which our privacy is being violated should be applauded and not condemned." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 25 23:27:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Oct 2013 00:27:55 -0400 Subject: [Infowarrior] - Major New Anti-NSA Bill Dropping Next Week With Powerful Support Message-ID: <2816339A-B15A-4B2A-8E50-B69F2531D251@infowarrior.org> Major New Anti-NSA Bill Dropping Next Week With Powerful Support from the this-could-get-interesting dept http://www.techdirt.com/articles/20131025/13500025017/major-new-anti-nsa-bill-dropping-next-week-with-powerful-support.shtml We already knew that Rep. Jim Sensenbrenner was getting ready to release a major new anti-NSA spying bill called the USA Freedom Act, and Derek Khanna has just revealed many of the details of the bill, scheduled to be introduced in both houses of Congress this coming Tuesday. It will be backed by Sensenbrenner in the House and Pat Leahy in the Senate, and will have plenty of co-sponsors (already about 50 have signed up) including some who had initially voted against the Amash Amendment back in July. In other words, this bill has a very high likelihood of actually passing, though I imagine that the intelligence community, and potentially the White House, will push back on it. For Congress, gathering up a veto-proof majority may be a more difficult task. The bill appears to do a number of good things, focusing on limiting the NSA's ability to do dragnet collections, rather than specific and targeted data collection, while also significantly increasing transparency of the activities of the NSA as well as the FISA court when it comes to rulings that interpret the law. ? End bulk data collection under Section 215 of the PATRIOT Act. This is the program that collects metadata on every phone call based on a twisted interpretation of the law and a thorough revisionist dictionary for words like "targeted," "relevance," "search" and "surveillance." Sensenbrenner, who crafted much of the original PATRIOT Act insists that when he wrote it, it was intended to already ban this kind of dragnet. The new bill will make that explicit. Similarly, it appears that the bill will require the intelligence community to be much more proactive in filtering out unnecessary information and deleting information collected incidentally. ? Fixing the FISC: As many have recommended, the law would make sure that a public advocate can be present to be an adversarial presence, arguing in favor of protecting Americans' privacy. There will be a special Office of the Special Advocate (OSA) created for this role. Somewhat surprisingly, the OSA will even be allowed to appeal decisions that the FISA court makes if it believes they stray from the law or the Constitution. That could be a very big deal. Separately, the DOJ will be required to declassify all FISC decisions from the past decade that involve "a significant construction or interpretation of the law." That is, no more secret law-making by the FISC. ? Greater transparency for companies on the receiving end of demands for information. This would make it so companies that get orders to hand over information can reveal numbers of requests, effectively stopping the existing gag orders which prevent us from knowing how often the NSA is demanding info from internet companies. This legislation doesn't solve all the problems, but it does clearly attack the most egregious actions by the NSA and the wider intelligence community. I imagine those in that community will fight back hard on this. We'll be hearing outrageous claims about how people will die if they can't spy on all of us. But, in the end, if the NSA hadn't continued to expand its spying efforts, we wouldn't be in this mess to begin with. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 26 13:13:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Oct 2013 14:13:04 -0400 Subject: [Infowarrior] - Report: US to consider no-spy deal with allies upset over surveillance Message-ID: (Wonder how this would be enforced/verified-for-compliance? ---rick) Report: US to consider no-spy deal with allies upset over surveillance By Justin Sink - 10/25/13 09:06 PM ET http://thehill.com/blogs/hillicon-valley/technology/330751-report-us-might-consider-no-spy-agreements-with-allies-upset-over-surveillance The White House might be open to no-spy agreements with the governments of close allies outraged over surveillance of their leaders? phone and digital communications, NBC News reported Friday. The Obama Administration spent much of the week looking to quell concerns voiced by European leaders over alleged widespread spying by the National Security Agency that has sparked outrage across the globe. On Thursday, The Guardian reported that the U.S. government was monitoring the communications of 35 world leaders in 2006. That report came on the heels of a story in Le Monde indicating the NSA has secretly monitored millions of French emails earlier this year. German Chancellor Angela Merkel said she had reason to believe that American intelligence was surveilling her personal cell phone, accusing the U.S. of shattering trust between the nations. And Der Spiegel reported that the U.S. had hacked former Mexican president Felipe Calderon's email account. In the aftermath of those revelations, French and German leaders said they would insist the U.S. agree to limits on its surveillance practices by the end of the year. According to a report in the Associated Press, allies are likely to demand that the U.S. agrees to a code of conduct for intelligence gathering. Asked about that demand Friday, deputy national security adviser Ben Rhodes seemed open to the possibility. ?We are already in diplomatic and intelligence channels talking to the Germans, French, countries around the world ? Brazil and Mexico, as well,? Rhodes told NBC. ?I think we?ll have a series of bilateral discussions with these countries and look at multilateral discussions as well.? The U.S. has preexisting no-spy agreements with Canada, Australia, New Zealand, and Great Britain. Already, President Obama assured Merkel in a personal phone conversation that the U.S. would not monitor her personal communications in the future. But Rhodes refused to confirm whether the U.S. had done so in the past. ?We don?t want to get into the business of inventorying everything we?ve done on the intelligence side in the past,? he said. Read more: http://thehill.com/blogs/hillicon-valley/technology/330751-report-us-might-consider-no-spy-agreements-with-allies-upset-over-surveillance#ixzz2iqwyC2zu Follow us: @thehill on Twitter | TheHill on Facebook --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 15:26:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 16:26:40 -0400 Subject: [Infowarrior] - The NSA's Secret Spy Hub in Berlin Message-ID: http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-phone-from-berlin-embassy-a-930205-druck.html 10/27/2013 07:02 PM Embassy Espionage The NSA's Secret Spy Hub in Berlin By SPIEGEL Staff According to SPIEGEL research, United States intelligence agencies have not only targeted Chancellor Angela Merkel's cellphone, but they have also used the American Embassy in Berlin as a listening station. The revelations now pose a serious threat to German-American relations. It's a prime site, a diplomat's dream. Is there any better location for an embassy than Berlin's Pariser Platz? It's just a few paces from here to the Reichstag. When the American ambassador steps out the door, he looks directly onto the Brandenburg Gate. When the United States moved into the massive embassy building in 2008, it threw a huge party. Over 4,500 guests were invited. Former President George H. W. Bush cut the red-white-and-blue ribbon. Chancellor Angela Merkel offered warm words for the occasion. Since then, when the US ambassador receives high-ranking visitors, they often take a stroll out to the roof terrace, which offers a breathtaking view of the Reichstag and Tiergarten park. Even the Chancellery can be glimpsed. This is the political heart of the republic, where billion-euro budgets are negotiated, laws are formulated and soldiers are sent to war. It's an ideal location for diplomats -- and for spies. Research by SPIEGEL reporters in Berlin and Washington, talks with intelligence officials and the evaluation of internal documents of the US' National Security Agency and other information, most of which comes from the archive of former NSA contractor Edward Snowden, lead to the conclusion that the US diplomatic mission in the German capital has not merely been promoting German-American friendship. On the contrary, it is a nest of espionage. From the roof of the embassy, a special unit of the CIA and NSA can apparently monitor a large part of cellphone communication in the government quarter. And there is evidence that agents based at Pariser Platz recently targeted the cellphone that Merkel uses the most. The NSA spying scandal has thus reached a new level, becoming a serious threat to the trans-Atlantic partnership. The mere suspicion that one of Merkel's cellphones was being monitored by the NSA has led in the past week to serious tensions between Berlin and Washington. Hardly anything is as sensitive a subject to Merkel as the surveillance of her cellphone. It is her instrument of power. She uses it not only to lead her party, the center-right Christian Democratic Union (CDU), but also to conduct a large portion of government business. Merkel uses the device so frequently that there was even debate earlier this year over whether her text-messaging activity should be archived as part of executive action. 'That's Just Not Done' Merkel has often said -- half in earnest, half in jest -- that she operates under the assumption that her phone calls are being monitored. But she apparently had in mind countries like China and Russia, where data protection is not taken very seriously, and not Germany's friends in Washington. Last Wednesday Merkel placed a strongly worded phone call to US President Barack Obama. Sixty-two percent of Germans approve of her harsh reaction, according to a survey by polling institute YouGov. A quarter think it was too mild. In a gesture of displeasure usually reserved for rogue states, German Foreign Minister Guido Westerwelle summoned the new US ambassador, John Emerson, for a meeting at the Foreign Ministry. The NSA affair has shaken the certainties of German politics. Even Merkel's CDU, long a loyal friend of Washington, is now openly questioning the trans-Atlantic free trade agreement. At the Chancellery it's now being said that if the US government doesn't take greater pains to clarify the situation, certain conclusions will be drawn and talks over the agreement could potentially be put on hold. "Spying between friends, that's just not done," said Merkel on Thursday at a European Union summit in Brussels. "Now trust has to be rebuilt." But until recently it sounded as if the government had faith in its ally's intelligence agencies. In mid-August Merkel's chief of staff, Ronald Pofalla, offhandedly described the NSA scandal as over. German authorities offered none of their own findings -- just a dry statement from the NSA leadership saying the agency adhered to all agreements between the countries. Now it is not just Pofalla who stands disgraced, but Merkel as well. She looks like a head of government who only stands up to Obama when she herself is a target of the US intelligence services. The German website Der Postillon published a satirical version last Thursday of the statement given by Merkel's spokesman, Steffen Seibert: "The chancellor considers it a slap in the face that she has most likely been monitored over the years just like some mangy resident of Germany." Merkel has nothing to fear domestically from the recent turn of affairs. The election is over, the conservatives and the center-left Social Democrats are already in official negotiations toward forming a new government. No one wants to poison the atmosphere with mutual accusation. Nevertheless, Merkel must now answer the question of how much she is willing to tolerate from her American allies. Posing as Diplomats A "top secret" classified NSA document from the year 2010 shows that a unit known as the "Special Collection Service" (SCS) is operational in Berlin, among other locations. It is an elite corps run in concert by the US intelligence agencies NSA and CIA. The secret list reveals that its agents are active worldwide in around 80 locations, 19 of which are in Europe -- cities such as Paris, Madrid, Rome, Prague and Geneva. The SCS maintains two bases in Germany, one in Berlin and another in Frankfurt. That alone is unusual. But in addition, both German bases are equipped at the highest level and staffed with active personnel. The SCS teams predominantly work undercover in shielded areas of the American Embassy and Consulate, where they are officially accredited as diplomats and as such enjoy special privileges. Under diplomatic protection, they are able to look and listen unhindered. They just can't get caught. Wiretapping from an embassy is illegal in nearly every country. But that is precisely the task of the SCS, as is evidenced by another secret document. According to the document, the SCS operates its own sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks and satellite communication. The necessary equipment is usually installed on the upper floors of the embassy buildings or on rooftops where the technology is covered with screens or Potemkin-like structures that protect it from prying eyes. That is apparently the case in Berlin, as well. SPIEGEL asked British investigative journalist Duncan Campbell to appraise the setup at the embassy. In 1976, Campbell uncovered the existence of the British intelligence service GCHQ. In his so-called "Echelon Report" in 1999, he described for the European Parliament the existence of the global surveillance network of the same name. Campbell refers to window-like indentations on the roof of the US Embassy. They are not glazed but rather veneered with "dielectric" material and are painted to blend into the surrounding masonry. This material is permeable even by weak radio signals. The interception technology is located behind these radio-transparent screens, says Campbell. The offices of SCS agents would most likely be located in the same windowless attic. No Comment from the NSA This would correspond to internal NSA documents seen by SPIEGEL. They show, for example, an SCS office in another US embassy -- a small windowless room full of cables with a work station of "signal processing racks" containing dozens of plug-in units for "signal analysis." On Friday, author and NSA expert James Bamford also visited SPIEGEL's Berlin bureau, which is located on Pariser Platz diagonally opposite the US Embassy. "To me, it looks like NSA eavesdropping equipment is hidden behind there," he said. "The covering seems to be made of the same material that the agency uses to shield larger systems." The Berlin-based security expert Andy M?ller Maguhn was also consulted. "The location is ideal for intercepting mobile communications in Berlin's government district," he says, "be it technical surveillance of communication between cellphones and wireless cell towers or radio links that connect radio towers to the network." Apparently, SCS agents use the same technology all over the world. They can intercept cellphone signals while simultaneously locating people of interest. One antenna system used by the SCS is known by the affable code name "Einstein." When contacted by SPIEGEL, the NSA declined to comment on the matter. The SCS are careful to hide their technology, especially the large antennas on the roofs of embassies and consulates. If the equipment is discovered, explains a "top secret" set of classified internal guidelines, it "would cause serious harm to relations between the United States and a foreign government." According to the documents, SCS units can also intercept microwave and millimeter-wave signals. Some programs, such as one entitled "Birdwatcher," deal primarily with encrypted communications in foreign countries and the search for potential access points. Birdwatcher is controlled directly from SCS headquarters in Maryland. With the growing importance of the Internet, the work of the SCS has changed. Some 80 branches offer "thousands of opportunities on the net" for web-based operations, according to an internal presentation. The organization is now able not only to intercept cellphone calls and satellite communication, but also to proceed against criminals or hackers. From some embassies, the Americans have planted sensors in communications equipment of the respective host countries that are triggered by selected terms. How the Scandal Began There are strong indications that it was the SCS that targeted Chancellor Angela Merkel's cellphone. This is suggested by a document that apparently comes from an NSA database in which the agency records its targets. This document, which SPIEGEL has seen, is what set the cellphone scandal in motion. The document contains Merkel's cellphone number. An inquiry to her team revealed that it is the number the chancellor uses mainly to communicate with party members, ministers and confidants, often by text message. The number is, in the language of the NSA, a "Selector Value." The next two fields determine the format ("raw phone number") and the "Subscriber," identified as "GE Chancellor Merkel." In the next field, labeled "Ropi," the NSA defines who is interested in the German chancellor: It is the department S2C32. "S" stands for "Signals Intelligence Directorate," the NSA umbrella term for signal reconnaissance. "2" is the agency's department for procurement and evaluation. C32 is the unit responsible for Europe, the "European States Branch." So the order apparently came down from Europe specialists in charge of signal reconnaissance. The time stamp is noteworthy. The order was transferred to the "National Sigint Requirements List," the list of national intelligence targets, in 2002. That was the year Germany held closely watched parliamentary elections and Merkel battled Edmund Stoiber of Bavaria's Christian Social Union to become the conservatives' chancellor candidate. It was also the year the Iraq crisis began heating up. The document also lists status: "A" for active. This status was apparently valid a few weeks before President Obama's Berlin visit in June 2013. Finally, the document defines the units tasked with implementing the order: the "Target Office of Primary Interest": "F666E." "F6" is the NSA's internal name for the global surveillance unit, the "Special Collection Service." Thus, the NSA would have targeted Merkel's cellphone for more than a decade, first when she was just party chair, as well as later when she'd become chancellor. The record does not indicate what form of surveillance has taken place. Were all of her conversations recorded or just connection data? Were her movements also being recorded? 'Intelligence Target Number One' Among the politically decisive questions is whether the spying was authorized from the top: from the US president. If the data is accurate, the operation was authorized under former President George W. Bush and his NSA chief, Michael Hayden. But it would have had to be repeatedly approved, including after Obama took office and up to the present time. Is it conceivable that the NSA made the German chancellor a surveillance target without the president's knowledge? The White House and the US intelligence agencies periodically put together a list of priorities. Listed by country and theme, the result is a matrix of global surveillance: What are the intelligence targets in various countries? How important is this reconnaissance? The list is called the "National Intelligence Priorities Framework" and is "presidentially approved." One category in this list is "Leadership Intentions," the goals and objectives of a country's political leadership. The intentions of China's leadership are of high interest to the US government. They are marked with a "1" on a scale of 1 to 5. Mexico and Brazil each receive a "3" in this category. Germany appears on this list as well. The US intelligence agencies are mainly interested in the country's economic stability and foreign policy objectives (both "3"), as well as in its advanced weapons systems and a few other sub-items, all of which are marked "4." The "Leadership Intention" field is empty. So based on the list, it wouldn't appear that Merkel should be monitored. Former NSA employee Thomas Drake does not see this as a contradiction. "After the attacks of September 11, 2001, Germany became intelligence target number one in Europe," he says. The US government did not trust Germany, because some of the Sept. 11 suicide pilots had lived in Hamburg. Evidence suggests that the NSA recorded Merkel once and then became intoxicated with success, says Drake. "It has always been the NSA's motto to conduct as much surveillance as possible," he adds. A Political Bomb When SPIEGEL confronted the government on Oct. 10 with evidence that the chancellor's cellphone had been targeted, the German security apparatus became deeply unsettled. The Chancellery ordered the country's foreign intelligence agency, the Federal Intelligence Service (BND), to scrutinize the information. In parallel, Christoph Heusgen, Merkel's foreign policy adviser, also contacted his US counterpart, National Security Adviser Susan Rice, to tell her about SPIEGEL's research, which had been summarized on a single sheet of paper. Rice said she would look into it. Shortly afterwards, German security authorities got back to the Chancellery with a preliminary result: The numbers, dates and secret codes on the paper indicated the information was accurate. It was probably some kind of form from an intelligence agency department requesting surveillance on the chancellor's cellphone, they said. At this point, a sense of nervousness began to grow at government headquarters. It was clear to everyone that if the Americans were monitoring Merkel's phone, it would be a political bomb. But then Rice called the Chancellery on Friday evening to explain that if reports began to circulate that Merkel's phone had been targeted, Washington would deny it -- or at least that is how the Germans understood the message. White House Press Secretary Jay Carney assured his counterpart, Merkel's spokesperson Steffen Seibert, of the same thing. The message was passed on to SPIEGEL late that evening without comment, at which point editors decided to continue investigating. With this, both the US agencies and Berlin won themselves more time to come up with a battle plan for approaching the deep crisis of confidence between the two countries. And it was clearly already a crisis of confidence, because Berlin obviously doubted the statements coming from the US and hadn't called off its probe. And, as later became clear, there were also inquiries taking place in the US, despite the denial from Rice. Over the weekend, the tide turned. Rice contacted Heusgen once again, but this time her voice sounded less certain. She said that the possibility the chancellor's phone was under surveillance could only be ruled out currently and in the future. Heusgen asked for more details, but was put off. The chief adviser to the president on Europe, Karen Donfried, and the Assistant Secretary of State for Europe and Eurasia at the US State Department, Victoria Nuland, would provide further information midweek, he was told. By this time it was clear to the Chancellery that if Obama's top security adviser no longer felt comfortable ruling out possible surveillance, this amounted to confirmation of their suspicions. Going on the Offensive This detail only served to intensify the catastrophe. Not only had supposed friends monitored the chancellor's cellphone, which was bad enough on its own, but leaders in Berlin were also left looking like a group of amateurs. They had believed the assurances made this summer by Obama, who downplayed the notion of spying in Germany on a visit to Berlin. German Interior Minister Hans-Peter Friedrich had even gone so far as to say at the time that Germany's concerns had "dissipated." On Tuesday morning Merkel decided to go on the offensive. She had seen how strongly French President Fran?ois Hollande had reacted to allegations that US intelligence agencies had conducted widespread surveillance on French citizens. Hollande called Obama immediately to air his anger. Merkel now wanted to speak with Obama personally too -- before her planned meeting with Hollande at the upcoming EU summit in Brussels. Heusgen made a preliminary call to Obama to let him know that Merkel planned to make some serious complaints, with which she would then go public. At stake was control over the political interpretation of one of the year's most explosive news stories. Merkel spoke with Obama on Wednesday afternoon, calling him from her secure landline in her Chancellery office. Both spoke English. According to the Chancellery, the president said that he had known nothing of possible monitoring, otherwise he would have stopped it. Obama also expressed his deepest regrets and apologized. Around 5:30 p.m. the same day, Merkel's chief of staff, Pofalla, informed two members of the Parliamentary Control Panel, the body in Germany's parliament charged with keeping tabs on the country's intelligence agencies, of what was going on. At the same time, the administration went public with the matter. It contacted SPIEGEL first with a statement containing Merkel's criticism of possible spying on her cellphone. Her spokesman Seibert called it a "grave breach of trust" -- a choice of phrase seen as the highest level of verbal escalation among allied diplomats. Surprising Unscrupulousness The scandal revives an old question: Are the German security agencies too trusting of the Americans? Until now, German agencies have typically concerned themselves with China and Russia in their counterintelligence work, for which the domestic intelligence agency, the Federal Office for the Protection of the Constitution (BFV), is responsible. A year ago, there was already debate between the agencies, the Interior Ministry and the Chancellery over whether Germany should be taking a harder look at what American agents were up to in the country. But the idea was jettisoned because it seemed too politically sensitive. The main question at the time came down to whether monitoring allies should be allowed. Even to seasoned German intelligence officials, the revelations that have come to light present a picture of surprising unscrupulousness. It's quite possible that the BFV could soon be tasked with investigating the activities of the CIA and NSA. The ongoing spying scandal is also fueling allegations that the Germans have been allowing the NSA to lead them around by the nose. From the beginning of the NSA scandal, Berlin has conducted its attempts to clarify the allegations with a mixture of naivety and ignorance. Letters with anxious questions were sent, and a group of government department leaders traveled to Washington to meet with Director of National Intelligence James Clapper. The BND was also commissioned with negotiating a "no-spying pact" with the US agencies. In this way, Merkel's government feigned activity while remaining largely in the dark. In fact, it relied primarily on the assurance from the US that its intentions were good. It also seems to be difficult for German intelligence agencies to actually track the activities of the NSA. High-level government officials admit the Americans' technical capabilities are in many ways superior to what exists in Germany. At the BFV domestic intelligence agency, for example, not even every employee has a computer with an Internet connection. But now, as a consequence of the spying scandal, the German agencies want to beef up their capabilities. "We're talking about a fundamental realignment of counterintelligence," said one senior security official. There are already more than 100 employees at the BFV responsible for counterintelligence, but officials are hoping to see this double. One focus of strategic considerations is the embassy buildings in central Berlin. "We don't know which roofs currently have spying equipment installed," says the security official. "That is a problem." Trade Agreement at Risk? When the news of Merkel's mobile phone being tapped began making the rounds, the BND and the BSI, the federal agency responsible for information security, took over investigation of the matter. There too, officials have been able to do nothing more than ask questions of the Americans when such sensitive issues have come up in recent months. But now German-American relations are threatened with an ice age. Merkel's connection to Obama wasn't particularly good before the spying scandal. The chancellor is said to consider the president overrated -- a politician who talks a lot but does little, and is unreliable to boot. One example, from Berlin's perspective, was the military operation in Libya almost three years ago, which Obama initially rejected. When then-Secretary of State Hillary Clinton convinced him to change his mind, he did so without consulting his allies. Berlin saw this as evidence of his fickleness and disregard for their concerns. The chancellor also finds Washington's regular advice on how to solve the euro crisis irritating. She would prefer not to receive instruction from the country that caused the collapse of the global financial system in the first place. Meanwhile, the Americans have been annoyed for years that Germany isn't willing to do more to boost the world economy. Merkel also feels as though she was duped. The Chancellery now plans once again to review the assurances of US intelligence agencies to make sure they are abiding by the law. The chancellor's office is also now considering the possibility that the much-desired trans-Atlantic free trade agreement could fail if the NSA affair isn't properly cleared up. Since the latest revelations came out, some 58 percent of Germans say they support breaking off ongoing talks, while just 28 percent are against it. "We should put the negotiations for a free-trade agreement with the US on ice until the accusations against the NSA have been clarified," says Bavarian Economy Minister Ilse Aigner, a member of the Christian Social Union, the Bavarian sister party to Merkel's Christian Democrats. Outgoing Justice Minister Sabine Leutheusser-Schnarrenberger has used the scandal as an excuse to appeal to the conscience of her counterpart in Washington, Attorney General Eric Holder. "The citizens rightly expect that American institutions also adhere to German laws. Unfortunately, there are a number of indications to the contrary," she wrote in a letter to Holder last week. EU Leaders Consider Consequences The American spying tactics weren't far from the minds of leaders at the EU summit in Brussels last Thursday, either. French President Hollande was the first to bring it up at dinner, saying that while he didn't want to demonize the intelligence agencies, the Americans had so blatantly broken the law on millions of counts that he couldn't imagine how things could go on this way. Hollande called for a code of conduct among the intelligence agencies, an idea for which Merkel also showed support. But soon doubts emerged: Wouldn't Europe also have to take a look at its own surveillance practices? What if a German or French Snowden came forward to reveal dirty spy tactics? British Prime Minister David Cameron pointed out how many terror attacks had been prevented because of spying capabilities. Then it was asked whether it has been proven that Obama even knows what his agencies are doing. Suddenly, mutual understanding seemed to waft through the group. That was a bit too rich for Hollande: No, he interjected, spying to such an immense degree, allegedly on more than 70 million phone calls per month in France alone -- that has been undertaken by only one country: the United States. The interruption was effective. After nearly three hours, the EU member states agreed on a statement that can be read as clear disapproval of the Americans. Merkel no longer wants to rely solely on promises. This week G?nter Heiss, Chancellor Merkel's intelligence coordinator, will travel to Washington. Heiss wants the Americans finally to promise a contract excluding mutual surveillance. The German side already announced its intention to sign on to this no-spying pact during the summer, but the US government has so far shown little inclination to seriously engage with the topic. This is, of course, also about the chancellor's cellphone. Because despite all the anger, Merkel still didn't want to give up using her old number as of the end of last week. She was using it to make calls and to send text messages. Only for very delicate conversations did she switch to a secure line. BY JACOB APPELBAUM, NIKOLAUS BLOME, HUBERT GUDE, RALF NEUKIRCH, REN? PFISTER, LAURA POITRAS, MARCEL ROSENBACH, J?RG SCHINDLER, GREGOR PETER SCHMITZ AND HOLGER STARK Translated from the German by Kristen Allen and Charly Wilder URL: ? http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-on-merkel-cell-phone-from-berlin-embassy-a-930205.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 15:26:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 16:26:43 -0400 Subject: [Infowarrior] - Facebook May Join Forces With Police to Thwart Protests Message-ID: <75AAEAAE-E61A-498F-8EF0-7DD0853E60C3@infowarrior.org> (c/o ferg) Facebook May Join Forces With Police to Thwart Protests http://www.truthdig.com/eartotheground/item/facebook_may_join_forces_with_police_to_thwart_protests_20131026/ Posted on Oct 26, 2013 Independent journalist Kenneth Lipp attended a law enforcement conference in Philadelphia on Monday in which he discovered that soon authorities may have control over what?s posted on social media sites. This includes allowing people to plan demonstrations using sites such as Facebook. Both Twitter and Facebook have proven to be indispensable tools for organization during movements such as the Arab Spring. But now it seems police officers want to find ways to obstruct protests, and they will likely do so with Facebook?s help. RT reports: A high-ranking official from the Chicago Police Department told attendees at a law enforcement conference on Monday that his agency has been working with a security chief at Facebook to block certain users from the site ?if it is determined they have posted what is deemed criminal content,? reports Kenneth Lipp? Lipp reported throughout the week from the International Association of Chiefs of Police conference, and now says that a speaker during one of the presentations suggested that a relationship exists between law enforcement and social media that that could be considered a form of censorship. According to Lipp, the unnamed CPD officer said specifically that his agency was working with Facebook to block users? by their individual account, IP address or device, such as a cell phone or computer?. ?Increasingly in discussion in workshops held by and for top police executives from throughout the world (mostly US, Canada and the United Kingdom, with others like Nigeria among a total of 13,000 representatives of the law enforcement community in town for the event), and widely available from vendors, were technologies and department policies that allow agencies to block content, users and even devices ? for example, ?Geofencing? software that allows departments to block service to a specified device when the device leaves an established virtual geographic perimeter,? Lipp wrote. ?The capability is a basic function of advanced mobile technologies like smartphones, ?OnStar? type features that link drivers through GIS to central assistance centers, and automated infrastructure and other hardware including unmanned aerial systems that must ?sense and respond.?? ...Bloggers at the website PrivacySOS.org acknowledged that former federal prosecutor-turned-Facebook security chief Joe Sullivan was scheduled to speak during the conference at a panel entitled ?Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media,? and suggested that agencies could be partnering with tech companies to keep users of certain services for communicating and planning protests and other types of demonstrations. A 2011 Bloomberg report revealed that Creativity Software, a UK based company with international clients, had sold geofencing programs to law enforcement in Iran which was then used to track political dissidents. US Senator Mark Kirk (R-Illinois) told Bloomberg that those companies should be condemned for being complicit in human rights abuses. And while this week?s convention in Philadelphia was for law enforcement agencies around the globe, it wouldn?t be too surprising to see American companies adopt similar systems. Lipp also pointed to an alarming statistic regarding the relationship between social media and crime assessment: ?95.9 percent of law enforcement agencies use social media, 86.1 percent for investigative purposes.? At this rate, with the NSA snooping through all our personal correspondence, and the police and social media in cahoots to eliminate the right to assemble, all that will be left of the First Amendment is a memento from the pre-Internet era. ?Posted by Natasha Hakimi --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 15:26:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 16:26:45 -0400 Subject: [Infowarrior] - DHS seizes notes from a reporter who wrote critical stories Message-ID: (c/o ferg) Homeland Security agent seizes notes from a reporter who wrote critical stories http://www.theverge.com/2013/10/26/5031806/homeland-security-agent-seizes-washington-times-reporters-notes --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 15:28:07 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 16:28:07 -0400 Subject: [Infowarrior] - Feds Wait Until Late Friday To Release Details Of Criminal Case That Used NSA Surveillance, Which They'd Kept Secret Message-ID: Feds Wait Until Late Friday To Release Details Of Criminal Case That Used NSA Surveillance, Which They'd Kept Secret from the friday-night:-where-news-goes-to-die dept http://www.techdirt.com/articles/20131027/23532825028/feds-wait-until-late-friday-to-release-details-criminal-case-that-used-nsa-surveillance-which-theyd-kept-secret.shtml Back in July, the NY Times made it pretty clear that United States Solicitor General Donald Verrilli almost certainly lied to the Supreme Court, concerning how evidence obtained via NSA surveillance techniques would end up in court. As you may recall, the lawsuit in question involved the ACLU, with the government arguing that the ACLU had no standing. The Supreme Court asked a basic question about whether or not anyone could possibly have standing then to challenge the law -- and Verrilli insisted (and the justices relied on) the claim that if the feds used data collected under these questionable surveillance statutes, that the defense team would be told about this, and they could challenge the constitutionality of the collection. Except... no defendant had ever been told any such thing. And then someone noticed that Senator Dianne Feinstein, in defending the NSA surveillance, had insisted that it was key in a bunch of cases -- meaning one of them was lying. This, apparently, got Verrilli quite upset at the various national security lawyers who had looked over his defense and who apparently chose not to tell him that what he was saying about the government telling defendants stuff wasn't, in fact, true. As was reported a few weeks ago, Verrilli then led a fierce debate within the administration, and said that a policy change was necessary. And, to kick it off, they were searching for a single case in which they would reveal such info was used. Of course, this allowed the feds to cherry pick their case... and the date and time to release the "news." So, of course they chose Friday night, which is when the government always tries to release bad news. So we're taking that news and discussing it the following Monday, because this is big and it deserves serious attention. Late Friday, the government admitted that it had used information gleaned via programs under the FISA Amendments Act in the criminal case against Jamshid Muhtorov, who was charged in January 2012 with "providing material support to the Islamic Jihad Union, a designated terrorist organization based in Uzbekistan." Much of the original complaint against Muhtorov involves discussions about intercepted calls and emails, though it's unclear how many (if any) of those were done under the FAA or other law enforcement authorities. The new notice in the case doesn't reveal very much at all, other than that the government intends to "offer into evidence or otherwise use or disclose in proceedings... information obtained or derived from acquisition of foreign intelligence information conducted pursuant to the" FAA. Basically, this case now is very likely to become the key case in testing the constitutionality of at least some aspects of the FISA Amendments Act surveillance efforts (which include the "upstream" tapping of the internet backbone via telcos, though it's not clear if that was used in this particular case). In other words, this case just got a lot more interesting -- though it's clear that the feds tried very carefully to pick a case where the facts work strongly in their favor. I would imagine, however, that various public interest and civil liberties groups are gearing up to see how they might help out in the case. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 16:58:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 17:58:12 -0400 Subject: [Infowarrior] - Fwd: [IP] Feinstein Statement on Intelligence Collection of Foreign Leaders - Press Releases - News Room - United States Senator Dianne Feinstein References: <526ED8D9.5000508@gmail.com> Message-ID: <9DECC969-A8CD-43CF-8241-3288197A7445@infowarrior.org> So is DiFi pretty much saying the SSCI hasn't got *anything* coming close to a decent clue about what the IC is doing? That said, any bets that Rep Mike "Tone Def" Rogers will say the exact opposite on behalf of the HPSCI, thumping his chest about the awesomeness of things as-is? Moreover, any (sucker) bets that DiFi's proposed 'review' will lead to any meaningful changes or improvements to Hill oversight of the IC? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. Begin forwarded message: > From: "DAVID J. FARBER" > > http://www.feinstein.senate.gov/public/index.cfm/press-releases?ContentRecord_id=61f9511e-5d1a-4bb8-92ff-a7eaa5becac0 > > Oct 28 2013 > Feinstein Statement on Intelligence Collection of Foreign Leaders > > Washington?Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) today issued the following statement on reports the National Security Agency has conducted surveillance on leaders of foreign countries: > > ?It is abundantly clear that a total review of all intelligence programs is necessary so that members of the Senate Intelligence Committee are fully informed as to what is actually being carried out by the intelligence community. > > ?Unlike NSA?s collection of phone records under a court order, it is clear to me that certain surveillance activities have been in effect for more than a decade and that the Senate Intelligence Committee was not satisfactorily informed. Therefore our oversight needs to be strengthened and increased. > > ?With respect to NSA collection of intelligence on leaders of U.S. allies?including France, Spain, Mexico and Germany?let me state unequivocally: I am totally opposed. > > ?Unless the United States is engaged in hostilities against a country or there is an emergency need for this type of surveillance, I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers. The president should be required to approve any collection of this sort. > > ?It is my understanding that President Obama was not aware Chancellor Merkel?s communications were being collected since 2002. That is a big problem. > > ?The White House has informed me that collection on our allies will not continue, which I support. But as far as I?m concerned, Congress needs to know exactly what our intelligence community is doing. To that end, the committee will initiate a major review into all intelligence collection programs.? > > > > > > > ------------------------------------------- > Archives: https://www.listbox.com/member/archive/247/=now > RSS Feed: https://www.listbox.com/member/archive/rss/247/126368-8d285087 > Modify Your Subscription: https://www.listbox.com/member/?member_id=126368&id_secret=126368-9a5928d4 > Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=126368&id_secret=126368-35e8bbe6&post_id=20131028173640:0422A73A-4019-11E3-90B7-99A4F68405D8 > Powered by Listbox: http://www.listbox.com > From rforno at infowarrior.org Mon Oct 28 17:06:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 18:06:48 -0400 Subject: [Infowarrior] - U.K. may punish publication of NSA leaks Message-ID: <7B16E0A2-2BE7-4ED7-8884-DC0B671CB3CA@infowarrior.org> U.K. may punish publication of NSA leaks By DYLAN BYERS | 10/28/13 1:11 PM EDT http://www.politico.com/blogs/media/2013/10/uk-may-punish-publication-of-nsa-leaks-176086.html Via Reuters, British Prime Minister David Cameron said on Monday his government was likely to act to stop newspapers publishing what he called damaging leaks from former U.S. intelligence operative Edward Snowden unless they began to behave more responsibly. "If they (newspapers) don't demonstrate some social responsibility it will be very difficult for government to stand back and not to act," Cameron told parliament, saying Britain's Guardian newspaper had "gone on" to print damaging material after initially agreeing to destroy other sensitive data. Glenn Greenwald, the journalist responsible for the bulk of stories about the NSA leaks, called the move "repressive." "In repressive Britain, it's political officials who dictate what can and cannot be published," he wrote on Twitter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 20:14:55 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Oct 2013 21:14:55 -0400 Subject: [Infowarrior] - 'We're Really Screwed Now': NSA's Best Friend Just Shivved The Spies Message-ID: 'We're Really Screwed Now': NSA's Best Friend Just Shivved The Spies http://thecable.foreignpolicy.com/posts/2013/10/28/were_really_screwed_now_nsas_best_friend_just_shivved_the_spies One of the National Security Agency's biggest defenders in Congress is suddenly at odds with the agency and calling for a top-to-bottom review of U.S. spy programs. And her long-time friends and allies are completely mystified by the switch. "We're really screwed now," one NSA official told The Cable. "You know things are bad when the few friends you've got disappear without a trace in the dead of night and leave no forwarding address." In a pointed statement issued today, Senate Intelligence Committee chairman Dianne Feinstein said she was "totally opposed" to gathering intelligence on foreign leaders and said it was "a big problem" if President Obama didn't know the NSA was monitoring the phone calls of German Chancellor Angela Merkel. She said the United States should only be spying on foreign leaders with hostile countries, or in an emergency, and even then the president should personally approve the surveillance. It was not clear what precipitated Feinstein's condemnation of the NSA. It marks a significant reversal for a lawmaker who not only defended agency surveillance programs -- but is about to introduce a bill expected to protect some of its most controversial activities. Perhaps most significant is her announcement that the intelligence committee "will initiate a review into all intelligence collection programs." Feinstein did not say the review would be limited only to the NSA. If the review also touched on other intelligence agencies under the committee's jurisdiction, it could be one of the most far-reaching reviews in recent memory, encompassing secret programs of the CIA, the Defense Intelligence Agency, agencies that run imagery and spy satellites, as well as components of the FBI. A former intelligence agency liaison to Congress said Feinstein's sudden outrage over spying on foreign leaders raised questions about how well informed she was about NSA programs and whether she'd been fully briefed by her staff. "The first question I'd ask is, what have you been doing for oversight? Second, if you've been reviewing this all along what has changed your mind?" The former official said the intelligence committees receive lengthy and detailed descriptions every year about all NSA programs, including surveillance. "They're not small books. They're about the size of those old family photo albums that were several inches thick. They're hundreds of pages long." A senior congressional aide said, "It's an absolute joke to think she hasn't been reading the signals intelligence intercepts as Chairman of Senate Intelligence for years." The former official added that the "bottom line question is where was the Senate Intelligence Committee when it came to their oversight of these programs? And what were they being told by the NSA, because if they didn't know about this surveillance, that would imply they were being lied to." A spokesperson for Feinstein did not respond to a request for more details in time for publication. And a spokesperson for Sen. Saxby Chambliss, the intelligence committee's vice chairman, said the senator had no comment at this time. In a tacit acknowledgement of how supportive Feinstein has been of the administration's surveillance practices, the White House issued a lengthy statement about her Monday statement. "We consult regularly with Chairman Feinstein as a part of our ongoing engagement with the Congress on national security matters," said National Security Council spokesperson Caitlin Hayden. "We appreciate her continued leadership on these issues as Chairman of the Senate Intelligence Committee. I'm not going to go into the details of those private discussions, nor am I going to comment on assertions made in the Senator's statement today about U.S. foreign intelligence activities." The statement went on to note the administration's current review of surveillance practices worldwide. The surprise change of tone comes during a crucial week on Capitol Hill as lawmakers on opposing sides of the surveillance debate look to introduce rival bills related to the NSA. Striking first blood, opponents of expansive NSA surveillance are expected to introduce the "USA Freedom Act" on Tuesday, which would limit the bulk data collection of records under Section 215 of the Patriot Act, install an "office of the special advocate" to appeal FISA court decisions, and give subpoena powers on privacy matters to the Privacy and Civil LIberties Oversight Board. Sponsored by Reps. Jim Sensenbrenner (R-WI) and John Conyers (D-MI), the bill is backed by a strong bipartisan bench of some 60 lawmakers, including Reps. Darrell Issa (R-CA), Mike Quigley (D-IL), and Justin Amash (R-MI) and Sheila Jackson (D-TX). A draft of the bill was provided to The Cable by a congressional aide and can be viewed in full here. Unlike many House bills, Freedom Act has some bipartisan support in the Senate in the form of Vermont Democrat Patrick Leahy, who will be introducing a similar bill at the same time. On the opposing side is Feinstein, who is looking to codify the NSA's controversial phone records program in her bill set for markup this week. According topublished reports, the bill would give the agency the authority to vacuum metadata of all U.S. phone calls but not their content, meaning duration, numbers, and time of phone calls are fair game. A spokesperson for Feinstein said that the senator plans to move forward with the bill even in light of today's rhetorical about-face. While the Feinstein bill could gain support in the Senate, a Congressional aide familiar with the politics in the House say it's likely dead on arrival in the lower chamber. If it went down, however, pro-surveillance lawmakers would still likely put up a fight. "The fact is, the NSA has done more to save German lives than the German army since World War II," Rep. Peter King (R-NY) said on CNN. Still, others often in favor of government surveillance have carved out surprising positions. Republican hawk John McCain, for instance, is now calling for a special select committee to investigate U.S. spying. "We have always eavesdropped on people around the world. But the advance of technology has given us enormous capabilities, and I think you might make an argument that some of this capability has been very offensive both to us and to our allies," McCain said. Over at the Pentagon, Defense Secretary Chuck Hagel Monday refused to comment on the NSA's surveillance of world leaders, dismissing questions about what he may or may not have known about intelligence collection. "We have great respect for our partners, our allies, who cooperate with us and we cooperate with them to try to keep the world safe," said Hagel, standing beside New Zealand Minister of Defense Jonathan Coleman during a Pentagon press briefing. "Intelligence is a key part of that. And I think this issue will continue to be explored, as -- as it is now, but that's all I have to say." Coleman responded to the same question: "New Zealand's not worried at all about this," he said. "We don't believe it would be occurring, and look, quite frankly there'd be nothing that anyone could hear in our private conversations that we wouldn't be prep[ared to share publicly." Coleman then cited a political cartoon in a newspaper in Wellington. It showed an analyst listening to the communiques from New Zealand with a big stream of "ZZZs" next to it. "I don't think New Zealand's got anything to worry about, and we have high trust in our relationships with the U.S." With additional reporting by Matthew Aid and Gordon Lubold --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 28 23:34:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Oct 2013 00:34:49 -0400 Subject: [Infowarrior] - NYT Eds: The White House on Spying Message-ID: <4AC43BE4-456A-4C49-8E45-8CC2FADA1FA8@infowarrior.org> Editorial The White House on Spying By THE EDITORIAL BOARD Published: October 28, 2013 http://www.nytimes.com/2013/10/29/opinion/the-white-house-on-spying.html?hp&rref=opinion&_r=0 The White House response on Monday to the expanding disclosures of American spying on foreign leaders, their governments and millions of their citizens was a pathetic mix of unsatisfying assurances about reviews under way, platitudes about the need for security in an insecure age, and the odd defense that the president didn?t know that American spies had tapped the German chancellor?s cellphone for 10 years. Is it really better for us to think that things have gone so far with the post-9/11 idea that any spying that can be done should be done and that nobody thought to inform President Obama about tapping the phone of one of the most important American allies? The White House spokesman, Jay Carney, kept repeating that Mr. Obama ordered a review of surveillance policy a few months ago, but he would not confirm whether that includes the tapping of the cellphone of Chancellor Angela Merkel of Germany, or the collection of data on tens of millions of calls in France, Spain and elsewhere. It?s unlikely that Mr. Obama would have ordered any review if Edward Snowden?s leaks had not revealed the vacuum-cleaner approach to electronic spying. Mr. Carney left no expectation that the internal reviews will produce any significant public accounting ? only that the White House might have ?a little more detail? when they are completed. Fortunately, members of Congress have been more aggressive in responding to two broad disclosures. One, that both the Obama and George W. Bush administrations misinterpreted the Patriot Act to permit the collection of metadata on phone calls, emails and text messages of all Americans, whether they were international or domestic. And, second, that the 2008 amendments to the Foreign Intelligence Surveillance Act were being stretched to excuse the routine collection of data from 60 million telephone calls in Spain and 70 million in France over two 30-day periods. Legislation scheduled to be introduced on Tuesday by Patrick Leahy, Democrat of Vermont, the chairman of the Senate Judiciary Committee, and Representative Jim Sensenbrenner, Republican of Wisconsin, would end the bulk collection of Americans? communications data. The administration has said that such data collection is permitted by Section 215 of the Patriot Act, although Mr. Sensenbrenner, who wrote that section, has said it is not. The bill, the U.S.A. Freedom Act, would require that the ?tangible things? sought through data collection are ?relevant and material to an authorized investigation into international terrorism or clandestine intelligence activities.? They would also have to pertain to a foreign power or its agent, activities of a foreign agent already under investigation or someone in touch with an agent. Currently, the government conducts metadata collection by periodically vaguely informing a federal court in secret that it is working on security-related issues. The bill would require a court order in order to search for Americans? communications in data collected overseas, which falls under the Foreign Intelligence Surveillance Act, and it would restrict ?reverse targeting? ? targeting a foreigner with the goal of getting information about an American. The bill would not address spying on foreigners, including such abuses as in the Merkel affair. Those activities are governed by a presidential order that is secret and certain to remain so. We are not reassured by the often-heard explanation that everyone spies on everyone else all the time. We are not advocating a return to 1929 when Secretary of State Henry Stimson banned the decryption of diplomatic cables because ?gentlemen do not read each other?s mail.? But there has long been an understanding that international spying was done in pursuit of a concrete threat to national security. That Chancellor Merkel?s cellphone conversations could fall under that umbrella is an outgrowth of the post-9/11 decision by President Bush and Vice President Dick Cheney that everyone is the enemy, and that anyone?s rights may be degraded in the name of national security. That led to Abu Ghraib, torture at the secret C.I.A. prisons, warrantless wiretapping of American citizens, grave harm to international relations, and the dragnet approach to surveillance revealed by the Snowden leaks. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 29 07:45:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Oct 2013 08:45:52 -0400 Subject: [Infowarrior] - Understanding the Threats in Cyberspace Message-ID: October 28, 2013 Understanding the Threats in Cyberspace https://www.schneier.com/blog/archives/2013/10/understanding_t_2.html The primary difficulty of cyber security isn't technology -- it's policy. The Internet mirrors real-world society, which makes security policy online as complicated as it is in the real world. Protecting critical infrastructure against cyber-attack is just one of cyberspace's many security challenges, so it's important to understand them all before any one of them can be solved. The list of bad actors in cyberspace is long, and spans a wide range of motives and capabilities. At the extreme end there's cyberwar: destructive actions by governments during a war. When government policymakers like David Omand think of cyber-attacks, that's what comes to mind. Cyberwar is conducted by capable and well-funded groups and involves military operations against both military and civilian targets. Along much the same lines are non-nation state actors who conduct terrorist operations. Although less capable and well-funded, they are often talked about in the same breath as true cyberwar. Much more common are the domestic and international criminals who run the gamut from lone individuals to organized crime. They can be very capable and well-funded and will continue to inflict significant economic damage. Threats from peacetime governments have been seen increasingly in the news. The US worries about Chinese espionage against Western targets, and we're also seeing US surveillance of pretty much everyone in the world, including Americans inside the US. The National Security Agency (NSA) is probably the most capable and well-funded espionage organization in the world, and we're still learning about the full extent of its sometimes illegal operations. Hacktivists are a different threat. Their actions range from Internet-age acts of civil disobedience to the inflicting of actual damage. This is hard to generalize about because the individuals and groups in this category vary so much in skill, funding and motivation. Hackers falling under the "anonymous" aegis -- it really isn't correct to call them a group -- come under this category, as does WikiLeaks. Most of these attackers are outside the organization, although whistleblowing -- the civil disobedience of the information age -- generally involves insiders like Edward Snowden. This list of potential network attackers isn't exhaustive. Depending on who you are and what your organization does, you might be also concerned with espionage cyber-attacks by the media, rival corporations or even the corporations we entrust with our data. The issue here, and why it affects policy, is that protecting against these various threats can lead to contradictory requirements. In the US, the NSA's post-9/11 mission to protect the country from terrorists has transformed it into a domestic surveillance organization. The NSA's need to protect its own information systems from outside attack opened it up to attacks from within. Do the corporate security products we buy to protect ourselves against cybercrime contain backdoors that allow for government spying? European countries may condemn the US for spying on its own citizens, but do they do the same thing? All these questions are especially difficult because military and security organizations along with corporations tend to hype particular threats. For example, cyberwar and cyberterrorism are greatly overblown as threats -- because they result in massive government programs with huge budgets and power -- while cybercrime is largely downplayed. We need greater transparency, oversight and accountability on both the government and corporate sides before we can move forward. With the secrecy that surrounds cyber-attack and cyberdefense it's hard to be optimistic. This essay previously appeared in Europe's World. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 29 07:47:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Oct 2013 08:47:36 -0400 Subject: [Infowarrior] - Five Reactions To Dianne Feinstein Finally Finding Something About The NSA To Get Angry About Message-ID: Five Reactions To Dianne Feinstein Finally Finding Something About The NSA To Get Angry About from the friends-in-high-places dept http://www.techdirt.com/articles/20131028/15370525042/feinstein-never-upset-about-spying-american-public-is-furious-about-nsa-spying-foreign-leaders.shtml Dianne Feinstein, the NSA's biggest defender in the Senate (which is ridiculous since she's also in charge of "oversight") has finally had enough. It's not because she finally understands how crazy it is that the NSA is spying on every American, including all of her constituents in California. It's not because she finally realized that the NSA specifically avoided letting her know about their widespread abuses. No, it's because she just found out that the NSA also spies on important people, like political leaders around the globe. It seems that has finally ticked off Feinstein, who has released a scathing statement about the latest revelations: ?Unlike NSA?s collection of phone records under a court order, it is clear to me that certain surveillance activities have been in effect for more than a decade and that the Senate Intelligence Committee was not satisfactorily informed. Therefore our oversight needs to be strengthened and increased. ?With respect to NSA collection of intelligence on leaders of U.S. allies?including France, Spain, Mexico and Germany?let me state unequivocally: I am totally opposed. ?Unless the United States is engaged in hostilities against a country or there is an emergency need for this type of surveillance, I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers. The president should be required to approve any collection of this sort. There are so many different possible reactions to this. Let's go to list form to go through a few: ? Most people seem a hell of a lot less concerned about spying on political leaders than the public. After all, you kind of expect espionage to target foreign leaders. It seems incredibly elitist for Feinstein to show concern about spying on political leaders, and not the public. It shows how she views the public as opposed to people on her level of political power. One of them doesn't matter. The other gets privacy. ? For all the bluster and anger from Feinstein about this, the Senate Intelligence Committee's mandate is only about intelligence activities that touch on US persons, so it's not even clear that she has any power over their activities strictly in foreign countries targeting foreign individuals. Why she seems to have expected the NSA to let her know about that when the NSA itself has been pretty explicit that avoids telling Congress about anything it can reasonably avoid telling them. ? Feinstein has referred to Ed Snowden's leak as "an act of treason." Now that they've revealed something that she believes is improper and deserving of much greater scrutiny, is she willing to revisit that statement? ? Given that Feinstein has been angrily banging the drum for months about how her oversight of the intelligence community shows that everything's great, and there's no risk of rogue activity -- yet now she's finally admitting that perhaps the oversight isn't particularly comprehensive, is she willing to admit that her earlier statements are reasonably considered hogwash and discredited? She even says in her statement: "Congress needs to know exactly what our intelligence community is doing. To that end, the committee will initiate a major review into all intelligence collection programs." And yet she's been claiming that oversight has been more than enough for years? ? The cynical viewpoint: Feinstein knows the USA Freedom Act is coming out Tuesday, and that it has tremendous political momentum. Sooner or later she was going to have to admit that NSA surveillance was going to be curbed. Did she just happen to choose this latest bit of news for a bit of political theater to join the "time to fix the NSA" crowd? There are plenty of other things that could be added to the list, but the whole situation seems fairly ridiculous considering about whom we're talking. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 30 07:32:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Oct 2013 08:32:40 -0400 Subject: [Infowarrior] - Pricewaterhouse to Buy Booz Consulting Firm Message-ID: October 30, 2013, 8:00 am http://dealbook.nytimes.com/2013/10/30/pricewaterhousecoopers-to-buy-booz-consulting-firm/ Pricewaterhouse to Buy Booz Consulting Firm By MICHAEL J. DE LA MERCED and FLOYD NORRIS PricewaterhouseCoopers said on Wednesday that it had agreed to buy the consulting firm Booz & Company, bolstering its advisory business. Financial terms of the transaction were not disclosed, though Booz & Company is expected to be PricewaterhouseCoopers?s biggest acquisition in several years. Still, the union of the two firms is likely to bring scrutiny from regulatory agencies around the world as it again raises the issue of an accounting firm?s buildup of consulting businesses that could pose conflicts of interest. PricewaterhouseCoopers and Booz & Company have taken steps to quell any concerns, according to people briefed on the matter. The two companies are expected to review client matters, with Booz partners expected to drop consulting assignments that conflict with existing auditing clients. Booz & Company partners are expected to vote on the deal in December, with an update on the merger to come by the end of the year. The people briefed on the matter added that they expected PricewaterhouseCoopers to retain the vast majority of Booz?s partners. Both companies are expected to position the deal as a merger of two global players, with each operating on multiple continents. But PricewaterhouseCoopers reported more than $32 billion in revenue during its 2013 fiscal year, while analysts estimate Booz & Company?s revenue at about $1 billion. By purchasing the smaller firm, PricewaterhouseCoopers will hope to strengthen one of its faster-growing operations. While the firm?s assurance arm, including its core auditing business, has reported relatively flat revenue over the last three years, its advisory arm has grown about 23 percent during the same period. PricewaterhouseCoopers has been rebuilding its consulting arm over the last decade after having sold a previous version of the business to IBM for $3.5 billion in 2002. Its assurance business now produces less than half of the firm?s business, with tax and consulting work each providing slightly more than a quarter of the revenue. ?One of the real strengths of PwC is the scope and quality of our services, giving us the ability to work with a wide range of stakeholders to build trust and solve important problems,? Dennis M. Nally, the chairman of PricewaterhouseCoopers International, said in a statement. ?Today?s proposed merger would only add to that strength.? At the same time, PricewaterhouseCoopers expects to use elements of the consulting business ? its strengths in cybersecurity and data analysis, for example ? to bolster its auditing operations as well. The move comes amid what many in the consulting industry expect to be a growing wave of consolidation. Booz & Company had received several expressions of interest from potential buyers over the last year, according to a person briefed on the approaches. But the firm ultimately concluded that PricewaterhouseCoopers provided the right cultural and strategic fit. ?Our goal is to help clients identify and build the differentiating capabilities they need to win,? Cesare R. Mainardi, Booz & Company?s chief executive, said in a statement. ?This potential combination would not only deliver on this innovative value proposition but would also help reinvent management consulting for the next century.? The deal will unite two of the oldest names in their respective businesses. PricewaterhouseCoopers traces its roots back to two London accounting firms founded in the middle of the 19th century, while Booz & Company was founded in 1914 as the progenitor of the management consulting industry. The latter eventually grew into Booz Allen Hamilton, the government consulting giant that once employed Edward J. Snowden, a former government contractor who leaked classified data about national surveillance initiatives. Its corporate consulting arm was spun off as Booz & Company in 2008 after Booz Allen sold itself to the Carlyle Group, and the two no longer have any connection. Still, both Booz & Company and Booz Allen Hamilton have increasingly stepped into each other?s businesses over the last two years after a noncompete agreement expired. PricewaterhouseCoopers and Booz & Company declined to give details on how the deal would be structured. But they indicated that various PricewaterhouseCoopers partnerships around the world would have stakes in Booz. Accounting firms use similar names around the world but are legally separate partnerships in each country, an arrangement that helps them deal with varying national laws regarding firm ownership ? and that they cite to avoid liability for the rest of the firms if one of the partnerships is sued because of a failed audit. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 30 11:44:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Oct 2013 12:44:50 -0400 Subject: [Infowarrior] - NSA infiltrates links to Yahoo, Google data centers worldwide Message-ID: <3D9F8BF3-6F5F-43D3-B6FF-B0922F0BCB29@infowarrior.org> http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_print.html NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say By Barton Gellman and Ashkan Soltani, The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials. By tapping those links, the agency has positioned itself to collect at will from among hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot. According to a top secret accounting dated Jan. 9, 2013, NSA?s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency?s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records ? ranging from ?metadata,? which would indicate who sent or received e-mails and when, to content such as text, audio and video. The NSA?s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency?s British counterpart, GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants. The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process. The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies. White House officials and the Office of the Director of National Intelligence, which oversees the NSA, declined to confirm, deny or explain why the agency infiltrates Google and Yahoo networks overseas. In a statement, Google said it was ?troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.? ?We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,? the company said. At Yahoo, a spokeswoman said: ?We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.? Under PRISM, the NSA already gathers huge volumes of online communications records by legally compelling U.S. technology companies, including Yahoo and Google, to turn over any data matching court-approved search terms. That program, which was first disclosed by The Washington Post and the Guardian newspaper, is authorized under Section 702 of the Foreign Intelligence Surveillance Act and overseen by the Foreign Intelligence Surveillance Court. Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to ?full take,? ?bulk access? and ?high volume? operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner. Outside U.S. territory, statutory restrictions on surveillance seldom apply and the Foreign Intelligence Surveillance Court has no jurisdiction. Senate Intelligence Committee Chairwoman Dianne Feinstein has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies. John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said it was obvious why the agency would prefer to avoid restrictions where it can. ?Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,? he said. ?It?s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.? The operation to infiltrate data links exploits a fundamental weakness in systems architecture. To guard against data loss and system slowdowns, Google and Yahoo maintain fortress-like data centers across four continents and connect them with thousands of miles of fiber-optic cable. These globe-spanning networks, representing billions of dollars of investment, are known as ?clouds? because data moves seamlessly around them. In order for the data centers to operate effectively, they synchronize high volumes of information about account holders. Yahoo?s internal network, for example, sometimes transmits entire e-mail archives ? years of messages and attachments ? from one data center to another. Tapping the Google and Yahoo clouds allows the NSA to intercept communications in real time and to take ?a retrospective look at target activity,? according to one internal NSA document. In order to obtain free access to data center traffic, the NSA had to circumvent gold standard security measures. Google ?goes to great lengths to protect the data and intellectual property in these centers,? according to one of the company?s blog posts, with tightly audited access controls, heat sensitive cameras, round-the-clock guards and biometric verification of identities. Google and Yahoo also pay for premium data links, designed to be faster, more reliable and more secure. In recent years, each of them is said to have bought or leased thousands of miles of fiber optic cables for their own exclusive use. They had reason to think, insiders said, that their private, internal networks were safe from prying eyes. In an NSA presentation slide on ?Google Cloud Exploitation,? however, a sketch shows where the ?Public Internet? meets the internal ?Google Cloud? where their data resides. In hand-printed letters, the drawing notes that encryption is ?added and removed here!? The artist adds a smiley face, a cheeky celebration of victory over Google security. Two engineers with close ties to Google exploded in profanity when they saw the drawing. ?I hope you publish this,? one of them said. For the MUSCULAR project, the GCHQ directs all intake into a ?buffer? that can hold three to five days of traffic before recycling storage space. From the buffer, custom-built NSA tools unpack and decode the special data formats that the two companies use inside their clouds. Then the data is sent through a series of filters to ?select? information the NSA wants and ?defeat? what it does not. PowerPoint slides about the Google cloud, for example, show that the NSA tries to filter out all data from the company?s ?Web crawler,? which indexes Internet pages. According to the briefing documents, prepared by participants in the MUSCULAR project, collection from inside Yahoo and Google has produced important intelligence leads against hostile foreign governments that are specified in the documents. Last month, long before The Post approached Google to discuss the penetration of its cloud, vice president for security engineering Eric Grosse announced that the company is racing to encrypt the links between its data centers. ?It?s an arms race,? he said then. ?We see these government agencies as among the most skilled players in this game.? Yahoo has not announced plans to encrypt its data center links. Because digital communications and cloud storage do not usually adhere to national boundaries, MUSCULAR and a previously disclosed NSA operation to collect Internet address books have amassed content and metadata on a previously unknown scale from U.S. citizens and residents. Those operations have gone undebated in public or on the floor of Congress because their existence was classified. The Google and Yahoo operations call attention to an asymmetry in U.S. surveillance law: While Congress has lifted some restrictions on NSA domestic surveillance on the grounds that purely foreign communications sometimes pass over U.S. switches and cables, it has not added restrictions overseas, where American communications or data stores now cross over foreign switches. ?Thirty five years ago, different countries had their own telecommunications infrastructure, so the division between foreign and domestic collection was clear,? Sen. Ron Wyden, a member of the intelligence committee, said in an interview. ?Today there?s a global communications infrastructure, so there?s a greater risk of collecting on Americans when the NSA collects overseas.? It is not clear how much data from Americans is collected, and how much of that is retained. One weekly report on MUSCULAR says the British operators of the site allow the NSA to contribute 100,000 ?selectors,? or search terms. That is more than twice the number in use in the PRISM program, but even 100,000 cannot easily account for the millions of records that are said to be sent back to Fort Meade each day. In 2011, when the Foreign Intelligence Surveillance Court learned that the NSA was using similar methods to collect and analyze data streams ? on a much smaller scale ? from cables on U.S. territory, Judge John D. Bates ruled that the program was illegal under the Foreign Intelligence Surveillance Act and inconsistent with the requirements of the Fourth Amendment. Soltani is an independent security researcher and consultant. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 30 11:51:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Oct 2013 12:51:38 -0400 Subject: [Infowarrior] - OT: Captain James Kirk commands Navy's 'Star Trek' destroyer Message-ID: <28BE4071-0E1C-4BD4-89EB-D3F04DA53C2E@infowarrior.org> http://www.public.navy.mil/surfor/ddg1000/Pages/bio1.aspx#.UnE4oSR7vKj PCU Zumwalt CAPT James A. Kirk Captain Kirk is a native of Bethesda, Maryland and raised in Hershey, Pennsylvania. He was commissioned at the U.S. Naval Academy in 1990 and has served in a variety of afloat and ashore billets as a Surface Warfare Officer. He has served afloat on destroyers, cruisers, frigates and staffs including USS Fife (DD 991), USS The Sullivans (DDG 68), USS Hue City (CG 66), USS John S. McCain (DDG 56), and as a Gas Turbine Inspector on the staff of Commander, Pacific Fleet. His most recent sea duty includes command of USS De Wert (FFG 45) and Operations Officer for Carrier Strike Group Seven, Ronald Reagan Strike Group. Ashore, Captain Kirk has served as Executive Assistant to the Navy?s Chief of Legislative Affairs and as an Action Officer on the Joint Staff. He has attended both the U.S. Naval War College and U. S. Army War College graduating with Masters Degrees in National Security Studies. He is currently serving as the Executive Assistant to the Director of Surface Warfare and is the prospective commanding officer of USS Zumwalt (DDG 1000). --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 30 11:57:18 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Oct 2013 12:57:18 -0400 Subject: [Infowarrior] - The Lunacy of Rep Mike Rogers, con't. Message-ID: <10E5D3F2-9CCC-4A26-8D48-920CCAB1B7D5@infowarrior.org> Mike Rogers: You Can't Have Your Privacy Violated If You Don't Know About It http://www.techdirt.com/articles/20131029/18020225059/mike-rogers-you-cant-have-your-privacy-violated-if-you-dont-know-about-it.shtml From rforno at infowarrior.org Wed Oct 30 20:58:01 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Oct 2013 21:58:01 -0400 Subject: [Infowarrior] - NSA said to intentionally cite 9/11 to justify spying program Message-ID: <95A64CAD-A473-4CBC-8258-679F73280828@infowarrior.org> NSA said to intentionally cite 9/11 to justify spying program Newly released government documents spell out how officials should answer questions about the NSA's mass surveillance program; examples include "defend the nation" and prevent "another 9/11." by Dara Kerr October 30, 2013 6:12 PM PDT http://news.cnet.com/8301-1009_3-57610140-83/nsa-said-to-intentionally-cite-9-11-to-justify-spying-program/ National Security Agency officials often reference the 9/11 terrorist attacks when justifying the agency's mass surveillance program that was leaked to the public last June; and, not surprisingly, this type of language appears to be intentional. Under the Freedom of Information Act, Al Jazeera America was able to get its hands on insider NSA documents (PDF) that outline talking points for how officials should respond to spying allegations. These documents are peppered with statements that appear to invoke the September 11, 2001, attacks on the World Trade Center and Pentagon. Here are a few of the suggested responses listed in the documents: ? I much prefer to be here today explaining these programs, than explaining another 9/11 event that we were not able to prevent. ? NSA and its partners must make sure we connect the dots so that the nation is never attacked again like it was on 9/11. ? First responsibility is to defend the nation. ? Post-9/11 we made several changes and added a number of capabilities to enable us to connect the dots. ? NSA is committed to protecting the privacy and civil liberties of the American people. Apparently, the suggestions in these documents have gotten some play with officials, like NSA Director Keith B. Alexander and Director of US National Intelligence James Clapper. During a House Intelligence Committee hearing on Tuesday about the surveillance program, "September 11" or "9/11" were mentioned 14 times, according to the Washington Post. At one point during the hearing, Alexander even referenced how many people were killed in the attack. "How did we end up here? 9/11 -- 2,996 people were killed in 9/11." Similarly, Rep Charles Ruppersberger (D-Md.) also drew from the talking points documents during the hearing, according to the Washington Post. "These dots should have and likely could have been connected to prevent 9/11," Ruppersberger said, "and are necessary to prevent the next attack. " The NSA is one of the biggest surveillance and eavesdropping agencies in the U.S. and was whistleblower Edward Snowden's workplace before he decided to leak some of the agency's top-secret documents to the press in June. That document leak opened the public's eyes to the government's collection of data on US residents through both cellular records and metadata from Internet companies. Since Snowden's original leak, thousands more documents have surfaced. The NSA and the Obama administration have maintained that the surveillance program was carried out to protect Americans and track down foreign terrorists and pinpoint terrorist threats. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 31 07:48:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Oct 2013 08:48:34 -0400 Subject: [Infowarrior] - IETF sets out to PRISM-proof the Net Message-ID: <21CBE6EB-EFB2-4325-B794-EC6814DC5DDF@infowarrior.org> In response to NSA revelations, the internet?s engineers set out to PRISM-proof the net Published on : 26 October 2013 - 12:25pm | By Julie Bluss? (CC) http://www.rnw.nl/english/article/response-nsa-revelations-internet%E2%80%99s-engineers-set-out-prism-proof-net Greatly disturbed by the recent revelations of mass internet surveillance, the Internet Engineering Task Force (IETF) have announced plans to ramp up online security. You may never have heard of them, but the IETF are the creators and engineers of the internet?s architecture. Is there a technical solution to the problem of mass surveillance? For the IETF, Edward Snowden?s revelations were ?a wake-up call,? said Jari Arkko, the task force?s chair. Arkko spoke at this week?s UN-initiated Internet Governance Forum in Bali, Indonesia. Surprised by the scale and tactics of surveillance, Arkko stated the engineers are ?looking at technical changes that will raise the bar for monitoring.? ?Perhaps the notion that internet is by default insecure needs to change,? he said. The IETF?s will is there, and Arkko believes significant technical fixes ?just might be possible.? Technical, not political The engineers of the IETF keep a low profile, but they have been crucial to creating and setting the standards on which the internet was built, ever since its birth in 1969. They have developed email, instant messaging, and many protocols that hide behind acronyms that sound familiar yet mysterious to most Internet users, like HTTP and TCP/IP. As the internet evolved from an academic project into a global network, the role governments and companies played in how it functions grew dramatically. But the IETF maintained its well-respected role, thanks in part to its fervently apolitical stance and focus on technical issues. That focus remains in the current plans to make the internet more resistant to mass surveillance, Arkko emphasised in an interview with RNW: ?This is a technical, not a political decision.? In his speech, Arkko chose his words carefully as he addressed an audience comprising representatives from governments that perpetrate the same mass-surveillance he hopes to curtail. ?I do not think we should react to specific cases,? Arkko stated during the forum?s opening sessions. ?But our commerce, business and personal communications are all depending on the internet technology being secure and trusted.? More, new and better security Ideas about how the internet might be secured against mass surveillance are currently discussed over the IETF?s publicly accessible mailing lists, to which anyone can subscribe and contribute. While nothing is set in stone yet, Arkko sketched out a few of the IETF?s ideas in his public address. Firstly, the IETF wants to eventually apply encryption to all web traffic. ?Today, security only gets switched on for certain services like banking,? Arkko explained, referring to IETF-developed standards like SSL ? the little lock that appears in the upper left corner of your browser to secure online purchases. ?If we work hard, we can make [the entire internet] secure by default.? To this end, the IETF might make encryption mandatory for HTTP 2.0, a new version of the basic web protocol. Secondly, the IETF plans to remove weak algorithms and strengthen existing algorithms behind encryption. This means that the US National Security Agency and other surveillors will find it harder to crack current forms of encryption. In other words: the IETF proposes putting locks in more places and making existing locks harder to pick. If the protocols are applied, intercepting the traffic between any two points on the internet? the sender and receiver of an email, the visitor and owner of a website, the buyer and seller of a product?will be close to impossible. Starting November 3, the IETF will hold a week of meetings in Vancouver, Canada to concretise the online security plans in person. Raising the bar for surveillance The IETF is confident that their plans will make a difference, but what do other experts on the internet?s technical infrastructure think? Axl Pavlik, managing director of the Europe?s Internet Registry (RIPE NCC), is guardedly optimistic. ?It wouldn?t stop the problem, but it would make the effort [of surveillance] more expensive.? Pavlik likens the plans to a successful countermove in an indefinite arms race between internet users and snoopers. ?You and I have limited resources, and the surveillor has limited resources ?maybe more than we have ? but if millions of users of the internet raise the bar a little bit, the requirements to surveil every little bit of internet traffic would be much higher,? he explained to RNW. The IETF?s plans also benefit people who are already encrypting their online activities themselves, argued Marco Hogewoning, technical adviser to RIPE NCC. According to him, these people currently stick out like a sore thumb to the very surveillors they hope to evade. ?If you see an armoured car now on the street, you know there must be something valuable inside,? Hogewoning explained. ?If everybody drives around in an armoured car, I can go around and put a lot of effort into breaking into each and every car, and hope I get lucky and find something valuable inside, but it might be empty. If everybody encrypts everything, all you can see is armoured cars.? Take it or leave it Yet while the IETF can propose standards and protocols, it has no power to enforce their adoption. The onus to adopt the standards lies with the software developers who make browsers and web servers, as well as website owners, and everyday internet users who need to heed browser updates. ?It?s a great initiative,? said Gillo Cutrupi, a digital security trainer at Tactical Tech. ?But it if it?s not adopted, it?s just a piece of paper.? A standard like HTTPS, for instance, can already be applied by every website to improve security. Cutrupi explains that many websites unfortunately still make use of unsafe options. Such options might be popular because they are easier to use. Some websites don?t care for security, and ignore the standard; Yahoo Mail will only make HTTPS encryption the default setting starting January 2014. Yet Arkko, the IETF chair, doesn?t see universal adoption as a big hurdle. ?I have no worry about that,? he said. ?Our standards are very widely applied.? He stressed that in addition to increased security, newer standards offer multiple advantages. ?HTTP 2.0 has many other improvements.? In one example, he pointed out that ?for the users, websites would load faster.? These improvements would no doubt serve as an incentive for websites to implement the new protocol. The end point of trust Yet one major caveat remains. While the IETF might be able to secure the pipes through which users? data travel, users must also be able to trust the parties where their data is stored: software, hardware and services such as Cisco, Gmail and Facebook. These parties can hand over user data directly to government agencies. Arkko stressed the limitations of what the internet?s engineers can do. ?We are trying to do as much as we can,? he explained, ?which will help situations where there?s someone in the network monitoring you. It will not help situations where someone has direct access to your email provider.? Axl Pavlik identifies the problem of trust at another level altogether ?In the end, it?s down to public policy, governments, secret services. And maybe the secret court orders to release a key [which] we will never know about. That shatters the trust of the internet as we know it. That?s the very bad situation that we need to get out of.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 31 09:34:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Oct 2013 10:34:27 -0400 Subject: [Infowarrior] - NSA Bombshell Shocks Former Spooks: "Why in The World Would We Burn Google?" Message-ID: <57BDAC2A-0ACB-431B-9AB5-ED87FF5572F9@infowarrior.org> NSA Bombshell Shocks Former Spooks: "Why in The World Would We Burn Google?" http://thecable.foreignpolicy.com/posts/2013/10/30/nsa_bombshell_shocks_former_spooks_why_in_the_world_would_we_burn_google Former intelligence officials and technology industry executives reacted with anger and anxiety over the latest revelations that the National Security Agency is reportedly infiltrating some of the world's biggest technology companies and making off with the private communications of millions of their customers. And if the reports are accurate, it could be very bad news for U.S. technology companies, who have been complaining for months that their government's secretive intelligence operations are threatening their business and driving customers towards their foreign competitors. "I think they're in an almost impossible situation," Rep. Adam Schiff, a senior member of the Intelligence Committee, told The Cable. Speaking of Silicon Valley firms who are obligated to cooperate with the NSA, Schiff said recent leak revelations threatened to negatively impact their bottom lines. "It's definitely going to hurt their business and I think we ought to do everything we can to mitigate that damage. I'm very sympathetic to what they have to confront." The Washington Post reported today that the agency "has secretly broken into the main communications links that connect Yahoo and Google data centers around the world." According to documents provided by former NSA contractor Edward Snowden, the agency is intercepting emails, documents, and other electronic communications as they move between the companies' privately controlled facilities and the public Internet, giving the NSA access to data in nearly real-time. The latest revelations are likely to inflame an already tense relationship between the Obama administration and American technology companies, many of whose customers live outside the United States and are not protected by laws that prohibit the NSA from spying on Americans en masse. "Why in the world would we burn a relationship with Google by breaking into a data center?" one former intelligence officer asked. According to an August report by the Information Technology and Innovation Foundation, the NSA scandal could cost cloud companies with U.S.-based servers between $21.5 billion and $35 billion over the next three years as customers flock to European firms that may have more legal protection from U.S. spies. "The most enduring setback on national security from all of this could well be the impact on U.S. companies," observed a former U.S. official intimately involved with intelligence matters. "We've created a Huawei problem for these companies," this official said, referring to the Chinese telecommunications firm that many U.S. lawmakers and intelligence officials believe is a proxy spy for the Chinese government. The NSA has also reportedly worked to undermine encryption standards that are used around the world to protect private information and secure commercial transactions. Technology experts were outraged to learn that a government agency they thought they could trust was secretly working to make it easier to spy on people. The former intelligence officer wondered aloud why the agency would engage in intelligence gathering that, if exposed, would make companies seem unable to protect their customers' data from prying government eyes. "My personal concern is that an American company like Cisco that's doing business with governments overseas could face real problems in that line of business." Schiff, a California Democrat, stressed that he could not confirm or deny the substance of the Post allegations, but he did say the claims raise valid concerns if proven to be true . "If there are allegations that either because of the way these technologies now operate and get routed through the United States that there were court requirements that were circumvented that's something that the committee absolutely ought to investigate," he said. Representatives for Google and Yahoo told the Post that the surveillance was conducted without their knowledge. But communications experts with years of experience implementing government surveillance orders found that hard to believe. They described to The Cable a number of ways the NSA could have intercepted the company's data, all of which seemed likely to alert Google and Yahoo that their information was being collected, or at least to raise suspicions. The NSA document published by the Post appears to show the agency focusing on a kind of junction where a Google data center connects to the public Internet. Labeled "GFE," which the diagram says stands for Google front end server, this is the point where encryption is removed from data before it travels to Google's cloud. If the NSA could intercept communications at that vulnerable point, then the agency could read them in their encrypted form. To capture or siphon off data at the point labeled GFE, the NSA could implant surveillance equipment, said two of the experts. This could be a fairly small piece of hardware, but it might be difficult to install without the consent of the people running the data center. One of the experts likened it to the secret room that the NSA is believed to have installed at an AT&T facility in San Francisco, where data was split from the company's network and given to the NSA. That GFE point would be the likely place to install such a facility. Curiously, both experts noted, in the world of official surveillance, GFE stands for something else: "government furnished equipment." One of the experts said that if NSA wanted to avoid installing devices at the companies' data centers, it would have to intercept the information on a fiber optic line as it moved from the data center to the public Internet. To do that and still capture the data while it was unencrypted, the interception point would have to be physically located no more than a few hundred yards from the data center, the expert said. In that case people working in the data center itself would likely see some physical structure nearby. There are still other options for the NSA to capture the data from a distance, experts said, such as tunneling into the GFE from another computer. But whatever the method, the agency would have to have some way to directly tap into that GFE, whether by hacking it, installing equipment with the companies consent, or using a previously installed back door or hole in the system that was unknown to its manufacturer. The NSA has reportedly struck deals with technology companies to install hidden access points in their equipment that can be used for surveillance. And the agency is believed to be the biggest purchaser of so-called "zero day" vulnerabilities, which are flaws in a piece of hardware or software discovered by a hacker but never revealed publicly. One of the communications experts said it was possible NSA had bought such zero days and used them to get exclusive access to the GFEs without any companies every knowing it. Experts had already predicted that the agency's global eavesdropping would give foreign customers a reason to stop using popular services like Google and Yahoo in favor of companies that don't store their data in the United States or aren't subject to U.S. laws. The government of Brazil is considering whether to force U.S. companies to locate any data on its citizens within the countries borders. An NSA spokesman rejected the Post's report and said the agency is following laws that protect Americans' privacy. "NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation," NSA spokesperson Vanee Vines in a statement. She called reports in the Post that the agency uses an executive order, instead of surveillance law, to get around limitations imposed on it in the United States "not true." "NSA is a foreign intelligence agency. And we're focused on discovering and developing intelligence about valid foreign intelligence targets only," Vines said. In a statement to The Cable, Dutch Ruppersberger (D-MD), the ranking member of the House Intelligence Committee, defended the NSA's practices. "NSA is a foreign intelligence agency," he said. "It does not have the resources, capacity, or interest in collecting data on Americans. The claim that NSA collects large volumes of data on US persons is incorrect. NSA respects the privacy of US persons by using Attorney-General approved processes to minimize the likelihood of their information in NSA's collection." Technology company executives have criticized the Obama administration for trying to assuage public anxiety about surveillance by emphasizing that the NSA only spies on foreigners. Many of those companies' customers live outside the United States, and some of them have been outraged by reports of the NSA hoovering up personal data on the Internet. Mark Zuckerberg, the CEO of Facebook, said the administration "blew it" in its attempts to counter the narrative that the NSA isn't engaged in unbridled spying. The vast majority of Facebook's users reside outside the United States. Technology company representatives in Washington have quietly lobbied administration officials to change their talking points, and to stop emphasizing what the companies see as a double standard in how the United States spies on people's communications, according to sources familiar with those discussions. "Whatever reports may be out there, we continue to call on Congress and the administration to take action to increase transparency in surveillance and restore the public trust," Yael Weinman, the vice president for global privacy policy and the general counsel for the Information Industry Technology Council, a lobbying and trade group, told The Cable. "Continued inaction on constructive measures and reforms threatens innovation and global commerce." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 31 09:39:48 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Oct 2013 10:39:48 -0400 Subject: [Infowarrior] - FAA Oks air passengers using gadgets on planes Message-ID: <51E7B5A0-48CC-4583-B9F9-B432E30DDD7B@infowarrior.org> FAA Oks air passengers using gadgets on planes Thursday - 10/31/2013, 10:35am ET JOAN LOWY Associated Press http://wtop.com/289/3494978/FAA-Oks-air-passengers-using-gadgets-on-planes WASHINGTON (AP) -- Government safety rules are changing to let airline passengers use most electronic devices from gate-to-gate. The change will let passengers read, work, play games, watch movies and listen to music -- but not make cellphone calls. The Federal Aviation Administration says airlines can allow passengers to use the devices during takeoffs and landings on planes that meet certain criteria for protecting aircraft systems from electronic interference. Most new airliners are expected to meet the criteria, but changes won't happen immediately. Timing will depend upon the airline. Connections to the Internet to surf, exchange emails, text or download data will still be prohibited below 10,000 feet. Heavier devices like laptops will have to be stowed. Passengers will be told to switch their smartphones, tablets and other devices to airplane mode. Cellphone calls will still be prohibited. A travel industry group welcomed the changes, calling them common-sense accommodations for a traveling public now bristling with technology. "We're pleased the FAA recognizes that an enjoyable passenger experience is not incompatible with safety and security," said Roger Dow, CEO of the U.S. Travel Association. Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 31 09:47:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Oct 2013 10:47:43 -0400 Subject: [Infowarrior] - =?windows-1252?q?Meet_=93badBIOS=2C=94_the_myster?= =?windows-1252?q?ious_Mac_and_PC_malware_that_jumps_airgaps?= Message-ID: Meet ?badBIOS,? the mysterious Mac and PC malware that jumps airgaps http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 31 18:21:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Oct 2013 19:21:59 -0400 Subject: [Infowarrior] - Greenwald: On NSA claims about misreporting of two slides Message-ID: <42305587-2BFF-4B27-8276-A3DB53D959E2@infowarrior.org> On NSA claims about misreporting of two slides http://ggsidedocs.blogspot.com/2013/10/on-nsa-claims-about-misreporting-of-two.html NSA Director Gen. Keith Alexander asserted yesterday that two "Boundless Informant" slides we published - one in Le Monde and the other in El Mundo - were misunderstood and misinterpreted. The NSA then dispatched various officials to the Wall Street Journal and the Washington Post to make the same claim, and were (needless to say) given anonymity by those papers to spout off without accountability. Several US journalists (also needless to say) instantly treated the NSA's claims as gospel even though they (a) are accompanied by no evidence, (b) come in the middle of a major scandal for the agency at home and abroad and (c) are from officials with a history of lying to Congress and the media. That is the deeply authoritarian and government-subservient strain of American political and media culture personified: if a US national security official says something, then it shall mindlessly be deemed tantamount to truth, with no evidence required and without regard to how much those officials have misled in the past. EFF's Trevor Timm last night summarized this bizarre mentality as follows: "Oh, NSA says a story about them is wrong? Well, that settles that! Thankfully, they never lie, obfuscate, mislead, misdirect, or misinform!" Over the last five months, Laura Poitras and I have published dozens and dozens of articles reporting on NSA documents around the world: with newspapers and a team of editors and other reporters in the US, UK, Germany, Brazil, India, France and Spain. Not a single one of those articles bears even a trivial correction, let alone a substantive one, because we have been meticulous in the reporting, worked on every article with teams of highly experienced editors and reporters, and, most importantly, have published the evidence in the form of NSA documents that prove the reporting true. It's certainly possible that, like all journalists, we'll make a mistake at some point. And if and when that does happen, we'll do what good journalists do: do further reporting and, if necessary, correct any inaccuracy. But no evidence of any kind (as opposed to unverified NSA accusations) has been presented that this was the case here, and ample evidence strongly suggests it was not: < - > Again, it's certainly possible, given the number of reports and the complexity of these matters, that reporters working on these stories will at some point make a mistake. All reporters do. But this thing called "evidence" should be required before blindly believing the claims and accusations of NSA officials. If that lesson hasn't been learned yet, when will it be? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.