From rforno at infowarrior.org Thu Jan 2 07:42:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 08:42:54 -0500 Subject: [Infowarrior] - Edward Snowden, Whistle-Blower - NYTimes.com Message-ID: <384D3E8E-417D-4C08-A5E6-58810A9EDA1D@infowarrior.org> Edward Snowden, Whistle-Blower - NYTimes.com http://www.nytimes.com/2014/01/02/opinion/edward-snowden-whistle-blower.html The revelations have already prompted two federal judges to accuse the N.S.A. of violating the Constitution (although a third, unfortunately, found the dragnet surveillance to be legal). A panel appointed by President Obama issued a powerful indictment of the agency?s invasions of privacy and called for a major overhaul of its operations. All of this is entirely because of information provided to journalists by Edward Snowden, the former N.S.A. contractor who stole a trove of highly classified documents after he became disillusioned with the agency?s voraciousness. Mr. Snowden is now living in Russia, on the run from American charges of espionage and theft, and he faces the prospect of spending the rest of his life looking over his shoulder. Considering the enormous value of the information he has revealed, and the abuses he has exposed, Mr. Snowden deserves better than a life of permanent exile, fear and flight. He may have committed a crime to do so, but he has done his country a great service. It is time for the United States to offer Mr. Snowden a plea bargain or some form of clemency that would allow him to return home, face at least substantially reduced punishment in light of his role as a whistle-blower, and have the hope of a life advocating for greater privacy and far stronger oversight of the runaway intelligence community. Discuss Do you think that the Obama Administration should offer Edward Snowden some form of clemency? Please tell us in the comments below. ? Mr. Snowden is currently charged in a criminal complaint with two violations of the Espionage Act involving unauthorized communication of classified information, and a charge of theft of government property. Those three charges carry prison sentences of 10 years each, and when the case is presented to a grand jury for indictment, the government is virtually certain to add more charges, probably adding up to a life sentence that Mr. Snowden is understandably trying to avoid. The president said in August that Mr. Snowden should come home to face those charges in court and suggested that if Mr. Snowden had wanted to avoid criminal charges he could have simply told his superiors about the abuses, acting, in other words, as a whistle-blower. ?If the concern was that somehow this was the only way to get this information out to the public, I signed an executive order well before Mr. Snowden leaked this information that provided whistle-blower protection to the intelligence community for the first time,? Mr. Obama said at a news conference. ?So there were other avenues available for somebody whose conscience was stirred and thought that they needed to question government actions.? In fact, that executive order did not apply to contractors, only to intelligence employees, rendering its protections useless to Mr. Snowden. More important, Mr. Snowden told The Washington Post earlier this month that he did report his misgivings to two superiors at the agency, showing them the volume of data collected by the N.S.A., and that they took no action. (The N.S.A. says there is no evidence of this.) That?s almost certainly because the agency and its leaders don?t consider these collection programs to be an abuse and would never have acted on Mr. Snowden?s concerns. In retrospect, Mr. Snowden was clearly justified in believing that the only way to blow the whistle on this kind of intelligence-gathering was to expose it to the public and let the resulting furor do the work his superiors would not. Beyond the mass collection of phone and Internet data, consider just a few of the violations he revealed or the legal actions he provoked: ? The N.S.A. broke federal privacy laws, or exceeded its authority, thousands of times per year, according to the agency?s own internal auditor. ? The agency broke into the communications links of major data centers around the world, allowing it to spy on hundreds of millions of user accounts and infuriating the Internet companies that own the centers. Many of those companies are now scrambling to install systems that the N.S.A. cannot yet penetrate. ? The N.S.A. systematically undermined the basic encryption systems of the Internet, making it impossible to know if sensitive banking or medical data is truly private, damaging businesses that depended on this trust. ? His leaks revealed that James Clapper Jr., the director of national intelligence, lied to Congress when testifying in March that the N.S.A. was not collecting data on millions of Americans. (There has been no discussion of punishment for that lie.) ? The Foreign Intelligence Surveillance Court rebuked the N.S.A. for repeatedly providing misleading information about its surveillance practices, according to a ruling made public because of the Snowden documents. One of the practices violated the Constitution, according to the chief judge of the court. ? A federal district judge ruled earlier this month that the phone-records-collection program probably violates the Fourth Amendment of the Constitution. He called the program ?almost Orwellian? and said there was no evidence that it stopped any imminent act of terror. The shrill brigade of his critics say Mr. Snowden has done profound damage to intelligence operations of the United States, but none has presented the slightest proof that his disclosures really hurt the nation?s security. Many of the mass-collection programs Mr. Snowden exposed would work just as well if they were reduced in scope and brought under strict outside oversight, as the presidential panel recommended. When someone reveals that government officials have routinely and deliberately broken the law, that person should not face life in prison at the hands of the same government. That?s why Rick Ledgett, who leads the N.S.A.?s task force on the Snowden leaks, recently told CBS News that he would consider amnesty if Mr. Snowden would stop any additional leaks. And it?s why President Obama should tell his aides to begin finding a way to end Mr. Snowden?s vilification and give him an incentive to return home. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 07:45:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 08:45:10 -0500 Subject: [Infowarrior] - Unencrypted Windows crash reports give 'significant advantage' to hackers, spies Message-ID: <66A3C777-585E-4FD2-B95B-14A864B27EC4@infowarrior.org> Unencrypted Windows crash reports give 'significant advantage' to hackers, spies Microsoft transmits a wealth of information from Windows PCs to its servers in the clear, claims security researcher Gregg Keizer http://www.computerworld.com/s/article/9245092/Unencrypted_Windows_crash_reports_give_significant_advantage_to_hackers_spies December 31, 2013 (Computerworld) Windows' error- and crash-reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said today. Not coincidentally, over the weekend the popular German newsmagazine Der Spiegel reported that the U.S. National Security Agency (NSA) collects Windows crash reports from its global wiretaps to sniff out details of targeted PCs, including the installed software and operating systems, down to the version numbers and whether the programs or OSes have been patched; application and operating system crashes that signal vulnerabilities that could be exploited with malware; and even the devices and peripherals that have been plugged into the computers. "This information would definitely give an attacker a significant advantage. It would give them a blueprint of the [targeted] network," said Alex Watson, director of threat research at Websense, which on Sunday published preliminary findings of its Windows error-reporting investigation. Watson will present Websense's discovery in more detail at the RSA Conference in San Francisco on Feb. 24. Sniffing crash reports using low-volume "man-in-the-middle" methods -- the classic is a rogue Wi-Fi hotspot in a public place -- wouldn't deliver enough information to be valuable, said Watson, but a wiretap at the ISP level, the kind the NSA is alleged to have in place around the world, would. "At the [intelligence] agency level, where they can spend the time to collect information on billions of PCs, this is an incredible tool," said Watson. And it's not difficult to obtain the information. Microsoft does not encrypt the initial crash reports, said Watson, which include both those that prompt the user before they're sent as well as others that do not. Instead, they're transmitted to Microsoft's servers "in the clear," or over standard HTTP connections. If a hacker or intelligence agency can insert themselves into the traffic stream, they can pluck out the crash reports for analysis without worrying about having to crack encryption. And the reports from what Microsoft calls "Windows Error Reporting" (ERS), but which is also known as "Dr. Watson," contain a wealth of information on the specific PC. When a device is plugged into a Windows PC's USB port, for example -- say an iPhone to sync it with iTunes -- an automatic report is sent to Microsoft that contains the device identifier and manufacturer, the Windows version, the maker and model of the PC, the version of the system's BIOS and a unique machine identifier. By comparing the data with publicly-available databases of device and PC IDs, Websense was able to establish that an iPhone 5 had been plugged into a Sony Vaio notebook, and even nail the latter's machine ID. If hackers are looking for systems running outdated, and thus, vulnerable versions of Windows -- XP SP2, for example -- the in-the-clear reports will show which ones have not been updated. Windows Error Reporting is installed and activated by default on all PCs running Windows XP, Vista, Windows 7, Windows 8 and Windows 8.1, Watson said, confirming that the Websense techniques of deciphering the reports worked on all those editions. Watson characterized the chore of turning the cryptic reports into easily-understandable terms as "trivial" for accomplished attackers. More thorough crash reports, including ones that Microsoft silently triggers from its end of the telemetry chain, contain personal information and so are encrypted and transmitted via HTTPS. "If Microsoft is curious about the report or wants to know more, they can ask your computer to send a mini core dump," explained Watson. "Personal identifiable information in that core dump is encrypted." Microsoft uses the error and crash reports to spot problems in its software as well as that crafted by other developers. Widespread reports typically lead to reliability fixes deployed in non-security updates. The Redmond, Wash. company also monitors the crash reports for evidence of as-yet-unknown malware: Unexplained and suddenly-increasing crashes may be a sign that a new exploit is in circulation, Watson said. Microsoft often boasts of the value of the telemetry to its designers, developers and security engineers, and with good reason: An estimated 80% of the world's billion-plus Windows PCs regularly send crash and error reports to the company. But the unencrypted information fed to Microsoft by the initial and lowest-level reports -- which Watson labeled "Stage 1" reports -- comprise a dangerous leak, Watson contended. "We've substantiated that this is a major risk to organizations," said Watson. Error reporting can be disabled manually on a machine-by-machine basis, or in large sets by IT administrators using Group Policy settings. Websense recommended that businesses and other organizations redirect the report traffic on their network to an internal server, where it can be encrypted before being forwarded to Microsoft. But to turn it off entirely would be to throw away a solid diagnostic tool, Watson argued. ERS can provide insights not only to hackers and spying eavesdroppers, but also the IT departments. "[ERS] does the legwork, and can let [IT] see where vulnerabilities might exist, or whether rogue software or malware is on the network," Watson said. "It can also show the uptake on BYOD [bring your own device] policies," he added, referring to the automatic USB device reports. Microsoft should encrypt all ERS data that's sent from customer PCs to its servers, Watson asserted. A Microsoft spokesperson asked to comment on the Websense and Der Spiegel reports said, "Microsoft does not provide any government with direct or unfettered access to our customer's data. We would have significant concerns if the allegations about government actions are true." The spokesperson added that, "Secure Socket Layer connections are regularly established to communicate details contained in Windows error reports," which is only partially true, as Stage 1 reports are not encrypted, a fact that Microsoft's own documentation makes clear. "The software 'parameters' information, which includes such information as the application name and version, module name and version, and exception code, is not encrypted," Microsoft acknowledged in a document about ERS. Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed Keizer RSS. His email address is gkeizer at computerworld.com. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 07:52:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 08:52:32 -0500 Subject: [Infowarrior] - Living in a Post-Snowden World Message-ID: So What Do We Do Now? Living in a Post-Snowden World Posted on January 1, 2014 http://gurstein.wordpress.com/2014/01/01/so-what-do-we-do-now-living-in-a-post-snowden-world/ As the avalanche of Snowden revelations resumes after it?s brief organizational regrouping and holiday hiatus a few learnings and even more direct and pertinent questions are starting to emerge. Evgeny Morozov in an otherwise interesting piece in the Financial Times is surely incorrect in his bald statement that ?Snowden now faces a growing wave of surveillance fatigue among the public?. The emotion isn?t ?surveillance fatigue? but rather shell shock at the revelations as they keep coming, in wave after uncomfortable wave. The first reaction of course was shock (and awe), the second was a feeling of anger and rising resistance; but as the revelations have kept coming, each one more disturbing than the last; but now shifting from pointing to quantity of surveillance (everything, everyone, everywhere, forever), to quality (from metadata to communications content to networking to instantaneous full-spectrum profiling). The emotion is now?what on earth can we do?this is impossible, democracy or even any form of popular sovereignty is at immediate risk, but what on earth can we do? The techies who started off shocked and appalled and over-all angry (at feeling personally and professionally betrayed) and vowing (or at least those whose organizational or corporate affiliations didn?t leave them irretrievably compromised) vowed to fight back and there were heated discussions in various tech forums of various technical strategies for turning the surveillance tide. But the revelations have just kept on coming and the tech community like everyone else recognizes the scope and depth and ultimately overwhelming power of an agency with access to the full might and resources of the richest, most powerful country on earth led by a President who himself seems to be either in thrall of the surveillance machine or indentured to it for reasons we may never know. They, now equally stand blinded by the headlights of a headlong careening tank, are recognizing with appalled self-incriminations what a horror they have allowed and contributed to being born. Quite clearly technical solutions won?t work (or at least won?t scale) if the dominant power doesn?t want them to work, and anyway who would trust that anti-surveillance solutions were working after all we know of how the corporate sector and the tech community has been (willingly or or no) brought in as semi-aware co-conspirators. And by now, it appears reasonably evident (based on the overall indifference to doing anything much by the political masterclass in DC and elsewhere) up and down the decision tree and including its FiveEyes handmaidens, that the decisions have been made not only that resistance measures won?t be allowed to work but that they will be actively resisted and ?attacked? with all the forces and resources that have already gone into building the existing machine. Even the corporate sector (US) has become extremely uneasy at the damage that has and is being done to their reputation for trustworthiness and reliability and with that damage would appear to be escalating costs and penalties. Even the cyber-libertarian pro-US chorus has gone silent ? recognizing as they had no choice but to do, the most fundamental of contradictions between freedom and surveillance. Some of course, are opting for the? ?but your guys are worse? argument (but without having any idea of whether there is any ?your? as in ?your guys? anywhere to speak of). Is anybody anywhere (except in Fox News fantasies) coming to the support of Russia or China or Saudi Arabia as an alternative in all of this. And of course, the cyber crowd has spent the last 20 years systematically denigrating and tossing rocks into the spokes of any regulatory or governance vehicle that might, however remotely, be able to mount a framework that could tame the surveillance juggernaut?So, at the end of the day who is there to call when there is an existential threat to the very foundation of Western values and democratic processes. Ghost Busters? Even they seem too busy warding off other threats from ?real? aliens to the existential well-being of the Western world. The international community might, just might be able to do something, if they were to gang up on the US (as seemed possible, if only briefly, following President Rousseff?s speech to the UN General Assembly). But as ?saner heads? and diplomats are coming into the game that seems to be fading into the dusty hallways of the UN, likely never to be heard from again. There is still some hope from President Rousseff?s meeting in Brazil in April but the apparent lacklustre interest from other of the world?s leaders ? they themselves presumably being compromised up the yin yang and in their hearts having as little interest in retaining even the possibility of a functioning democracy as those Stasi folks in the NSA and surrounds; alongside the ceding of a co-management role in the conference to ICANN, itself a potentially compromised player in the global Internet governance (if not directly surveillance) game; leaves the responsibility of making an effective case on behalf of global democracy to Civil Society and the Technical Community both of which themselves have yet to have fully (or in most instances even partially) redeemed themselves let alone publicly turned their back on their full-throated (and deeply misguided) alliance with the US and its allies in the ?Internet Freedom? crusade at the 2012 Internet Governance Forum and the World Conference on International Telecommunications (WCIT); this ?crusade? in retrospect seemingly at least circumstantially to have been a tactic to ensure that all possible policy-based opposition to Internet mass surveillance was made either unlikely or ineffective. Let?s be clear. We are talking about the future of the world as we have come to believe it might be?democratic, with freedom of expression and of thought, with an openness to popularly initiated and supported change, with increasing accountability and transparency of the governors to the governed, where governmental as other action is responsive to the rule of law and all the other things that the various Western government sponsored training programs in democracy go on about at such considerable length. Whether or not our world will become a version of Orwell?s 1984 (some already think we are over that edge). Whether we will live in a world where one country and its 5 allies have access to all worthwhile information which allows them to control any possibility of dissent (even before it happens), control the inputs into and outputs from elections or any form of political campaign, control financial markets and bank accounts, control the behaviour of individuals and ultimately groups and that?s for starters?those are things we can interpolate based on what we know, not as would surely be more realistic, interpolating from what else we can foresee?these guys as we all know, have access to effectively unlimited financial resources and the brainpower that goes with it. Most certainly this is not Lenin?s question ?What is to be done? which was rhetorical (he already knew very well what had to be done and had the will to find (seize) and apply the resources to do it). No, our question is much more problematic?we don?t know what to do, and we clearly don?t have the will or the resources to do it even if we knew what the solution was. Over it all of course, there is the reality that the possibility of concerted action is foreclosed on by the rather surprising political identification with and ultimately support for the surveillance apparatus by the centre?left and right?both evidently gaining too many benefits from the status quo to even contemplate rocking the boat even in the service of the democracy to which they so loudly and regularly pledge allegiance. It appears that it is only at the fringes on the right and on the left (and of course, among those who have an inkling of the reality and significance of what is going on?most notably the technical community) that there is any real alarm and desire to do something ? anything that might work. But even here, the right is too deeply enthralled by the logic of their position to even contemplate alternatives (governmental based) that might work. And the left is too weakened after vicious assaults over the last decade to launch any worthwhile opposition. So what are we to do? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 09:24:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 10:24:55 -0500 Subject: [Infowarrior] - How A Surveillance State Can Affect What You Read in Professional Publications Message-ID: <95BA5857-6815-4502-8EFE-934CBB45E6E2@infowarrior.org> The Intimidation Factor: How A Surveillance State Can Affect What You Read in Professional Publications Hal Berghel University of Nevada, Las Vegas As the world watches the continuing fallout from Edward Snowden?s leaks, it?s useful to reflect on the implications these leaks have on professional publications. This column is a first-hand account. http://www.berghel.net/col-edit/out-of-band/nov-13/oob_11-13.php --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 13:36:05 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 14:36:05 -0500 Subject: [Infowarrior] - Facebook Sued For Scanning 'Private' Messages Message-ID: <357F375D-5CE4-4253-9864-707ABF466A74@infowarrior.org> Facebook Sued For Scanning 'Private' Messages by Wendy Davis, Yesterday, 5:24 PM http://www.mediapost.com/publications/article/216446/facebook-sued-for-scanning-private-messages.html Two Facebook users have sued the social network for allegedly scanning the ?private? messages that users send to each other on the platform. ?Contrary to its representations, 'private' Facebook messages are systematically intercepted by the company in an effort to learn the contents of the users? communications,? Matthew Campbell and Michael Hurley allege in their complaint, filed on Monday in U.S. District Court for the Northern District of California. ?This practice is not done to facilitate the transmission of users? communications via Facebook, but because it enables Facebook to mine user data and profit from those data by sharing them with third parties -- namely, advertisers, marketers, and other data aggregators.? The lawsuit centers on allegations that Facebook scans users' messages to each other, in order to determine whether people are sending their friends links to other sites. Campbell an Arkansas resident, and Hurley, of Oregon, say that Facebook then ?follows the enclosed link, and searches for information to profile the message-sender?s web activity.? Some of the allegations in the lawsuit first emerged in 2012, when a security researcher reported that Facebook interprets links within users' messages to each other as ?Likes? -- and then includes them in the total number of ?Likes? that appear on the publishers' pages. At the time, Facebook told The Wall Street Journal that no private information is exposed, but confirmed that the Like-counter "reflects the number of times people have clicked those buttons and also the number of times people have shared that page's link on Facebook." Campbell and Hurley allege that the company doesn't adequately inform users that it intends to scan their messages. ?Facebook misleads users into believing that they have a secure, private mechanism for communication -- Facebook?s private messaging function -- when, in fact, Facebook intercepts and scans the content and treats portions of that content no differently than a public 'Like' or post, broadcast openly across the Internet,? they allege. They say Facebook violates the federal wiretap law as well as California privacy laws. Campbell and Hurley are seeking class action status. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 14:16:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 15:16:54 -0500 Subject: [Infowarrior] - Falkvinge: Five Privacy Predictions For 2014 Message-ID: <7E5EFB92-9E76-45DF-90F5-51A2A6201FEA@infowarrior.org> Five Privacy Predictions For 2014 by Rick Falkvinge Rick is the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. He has a tech entrepreneur background and loves whisky. Read more of his articles on his website. https://www.privateinternetaccess.com/blog/2014/01/five-privacy-predictions-for-2014/ On a new year?s day, it?s traditional to make some predictions that can be shown true or false in a year. With almost a decade of global-level geopolitical game in my back, let?s see what we can make of the current trends. Often, it?s just as interesting to see what won?t change as what probably will change. So here are my five predictions for privacy in 2014: Snowden will continue to shock those who understand what he?s saying, oldmedia will continue to not care, the average person hasn?t understood what?s going on and will continue to not understand, politicians will continue to pretend nothing happened, and laws enabling the mass surveillance won?t change or will go the wrong way, unless politicians lose their jobs over it. 1. Snowden will continue to shock those who understand the implications of his revelations. When Appelbaum held a presentation at Chaos Communications Congress just before the turn of the year and outlined a number of NSA methodologies, including their ability to hijack a Windows XP computer from several miles away, and a 100-percent infection rate of any iPhone they wanted, these are capabilities we hadn?t known about and haven?t protected against. With the latter observation, any Apple iDevice is out the window if you?re privacy-conscious; it?s not your phone, it?s the NSA?s. With the former, the importance of securing home networks against remotely injected packets ? not to mention detecting when it happens anyway ? becomes really important. How many of us know how to do that? How many of us are security-conscious to that level? We had better start learning. 2. Oldmedia will continue to not care. Glenn Greenwald was painfully spot on when he accused oldmedia (TV, radio, newspapers) of being essentially in bed with today?s mass surveillance machines, having absconded and gone AWOL from their role as administration watchdogs. The UK?s royal baby got a ton of more coverage than the fact that the UK administration had been abolishing every shred and semblance of civil right in the United Kingdom, and likewise in the United States. Politicians and senior officials lie to protect their interests ? this should not be any kind of surprise to anyone who has studied more than five minutes of political history ? but oldmedia has stopped questioning their word, taking it for truth. ?Oh, you?re sure you?re not violating anybody, despite these documents? Alright then, thanks for your time.? 3. The average person hasn?t understood what?s going on. When I was explaining the imminent FRA Law to people in the streets of Stockholm, Sweden, they shook their head at me and accused me of lying to their faces ? despite the fact that I was reading text directly from the proposed bill. They didn?t want to accept that Sweden was about to introduce warrantless general wiretapping in bulk; it just couldn?t happen in their country. This was one of the more frustrating moments in my time as an activist; it wasn?t that people were?t aware of what was happening to their country, it was they were actively choosing to refuse to believe it. This has pretty much continued: if you were to say to an average person in the street that the governments of the US, UK, and their national government was listening to all ? all ? their phone calls, they would quite likely not believe you. 4. Politicians will continue to pretend nothing happened. As late as today, the minister of foreign affairs in Sweden, Carl Bildt, published an op-ed exclaiming what a fine moral example Sweden is to the rest of the world with privacy, net liberty, and civil liberties. This is despite the fact that the mentioned Swedish FRA law is one of the worst on the planet. It?s blatant propaganda and outright lies, and the politicians (like Carl Bildt) are getting away with it, so far (see prediction #2). The propaganda is so far away from reality that it qualifies for ?What?s the weather like on your planet??-type comments. It?s up to all of us to call out the lies, and to translate this kind of national propaganda into English so that more people can call the cards. 5. Laws enabling mass surveillance won?t go away unless somebody loses their office over it. The first problem on any politician?s mind is how to get elected. The second problem on any politician?s mind is how to get re-elected. Whatever problem comes third is so far behind the first two that it?s not really considered in the day-to-day routine. This means that nobody should expect career politicians to care about this in the slightest, unless ? and this is an important caveat ? those politicians risk losing their jobs over the mass surveillance. Unless that happens, it will continue as if nothing had happened. Let?s take that again, because it is important: unless somebody risks losing their office, policy will not change. That?s why it?s so critical to threaten politicians? jobs over the really important questions, because this works in reverse too: the instant a politician risks losing their office over a policy, it tends to change on a dime. In conclusion, things are bad, and we need to stay vigilant. There is a European Parliament election coming up in a few months, and I want to encourage anybody in Europe to not only vote for good candidates on these issues in the world?s largest economy, but also to make it clear that you do so, if you choose to go that route. That remains the one road open to change. Privacy remains your own responsibility. About Rick Falkvinge Rick is the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. He has a tech entrepreneur background and loves whisky. Read more of his articles on his website. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 15:41:44 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Jan 2014 16:41:44 -0500 Subject: [Infowarrior] - FireEye Acquires Mandiant Message-ID: <52C5DD18.2020903@infowarrior.org> January 2, 2014 FireEye Computer Security Firm Acquires Mandiant By NICOLE PERLROTH and DAVID E. SANGER http://www.nytimes.com/2014/01/03/technology/fireeye-computer-security-firm-acquires-mandiant.html SAN FRANCISCO ? In a deal that may have broad repercussions for companies and governments fending off sophisticated hackers and state-sponsored digital attacks, FireEye, a provider of security software, has acquired Mandiant, a company known for emergency responses to computer network breaches. The deal, in both cash and stock, is worth more than $1 billion, based on the current value of shares in FireEye. The acquisition, which closed Monday but was not publicly announced until after the markets closed on Thursday, was the biggest security deal of 2013. It merges two darlings in the $67 billion global computer security market that together could form a formidable competitor to antivirus giants like Symantec and Intel?s McAfee. David G. DeWalt, FireEye?s chairman and chief executive, ran McAfee before it was sold to Intel in 2010. Mr. DeWalt was rumored to be a contender for the top job at Intel, but surprised company insiders when he left to join FireEye in 2012. Mandiant is best known for sending in emergency teams to root out attackers who have implanted software into corporate computer systems. Much of its work focused on attacks from China, and last year it made headlines with a detailed study of a hacking group known as ?Comment Crew? that provided the strongest evidence yet that the hackers were closely linked to a unit of China?s People?s Liberation Army, outside of Shanghai. The combination of the two companies ? one that detects attacks in a novel way, another that responds to attacks ? comes as corporate America has become wary of relying on the federal government to monitor the Internet and warn of incoming attacks. That wariness has increased since the revelations of Edward J. Snowden, the former National Security Agency contractor who removed thousands of documents before he took temporary refuge in Moscow. The documents have made it evident to companies that the United States monitors allies as well as adversaries, including friendly governments, international organizations and the networks of some Internet companies. Some of them could turn to companies like FireEye and Mandiant for protection, an interesting twist since many of Mandiant?s employees come out of the American intelligence world. ?After the Snowden events, in the current political climate, no one can say to the government, ?Please, come on in and monitor our networks,'?? said Kevin Mandia, the founder of Mandiant who is becoming chief operating officer of the combined company. Mandiant is privately held, and the big winners in the acquisition will clearly be Mr. Mandia, the company?s founder, and the company?s venture backers. Mandiant has raised $70 million from Kleiner Perkins Caufield & Byers, the venture capital firm, and One Equity, an investment arm of JPMorgan Chase. FireEye?s success so far has depended on a technology for detecting attacks that works quite differently from most antivirus products. Most antivirus products, both inexpensive versions for individuals and more sophisticated filtering systems for companies, monitor the web and identify malicious software that has already begun to hit victims around the world. But by the time the attack has been identified and blocked, the malicious software has already had a chance to do damage ? siphoning a company?s trade secrets, erasing data or emptying a customer?s bank account. FireEye?s software isolates incoming traffic in virtual containers and looks for suspicious activity in a sort of virtual petri dish before deciding whether to let the traffic through. ?The antivirus products are not working right now,? Mr. DeWalt said. ?Companies are spending tens of billions of dollars of their money on a model that doesn?t work. It?s going to take people and products working together.? Mandiant was frequently called in after FireEye found malware. In those cases, it used its own threat detection technology to determine where the attack was coming from and to design countermeasures. In an interview, Mr. Mandia and Mr. DeWalt said the combined company would be able to notify its customers as soon as it detected abnormal behavior, execute a temporary fix and then dispatch a Mandiant team to take further steps. It will also give Mandiant more reach: FireEye works with more than a thousand customers, including 40 state military operations, around the globe. Mandiant had $100 million in revenue in 2012, up more than 76 percent from the previous year, helping hundreds of companies in the Fortune 500. Mandiant responded to attacks by Chinese hackers at The New York Times and The Wall Street Journal last year. About 95 percent of its business is domestic and it was just beginning to develop an international presence. In April 2012, the companies began teaming up on various product initiatives. Last February, the two organizations began integrating FireEye?s software with Mandiant?s threat detection products after seeing that many of their customers were already deploying their products and services together. Then, a few months ago, the two chief executives started talking about a deal. On Monday, the boards of both companies agreed to the terms of the deal, in which FireEye will pay Mandiant shareholders $106.5 million in cash and 21.5 million shares and options. Under the deal terms, Mandiant will become an operating subsidiary of FireEye, and Mr. Mandia will oversee FireEye?s services, cloud and endpoint security operations. Mr. Mandia said that before initiating acquisition talks, he had considered taking Mandiant public. He said he began to warm to the idea of an acquisition in the last few months, when he saw that FireEye?s detection products would be a ?natural fit? for Mandiant?s expertise in responding to breaches. The market has already shown an enthusiasm for FireEye?s products. Since the company made its debut on the Nasdaq last September, the company?s stock price has more than doubled, a big gain for FireEye?s founder, Ashar Aziz, a former Sun Microsystems engineer who started the company in 2004, and venture capital backers like Norwest, Sequoia Capital and In-Q-Tel, the venture arm of the Central Intelligence Agency. FireEye now has a $5 billion market capitalization, though it has yet to turn a profit. On Thursday, when the company announces the Mandiant acquisition, it will also announce that it has exceeded its fourth-quarter revenue guidance to analysts. The company had anticipated revenue of $52 million to $54 million. Nicole Perlroth reported from San Francisco and. David E. Sanger from Weston, Vt. -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 15:45:19 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Jan 2014 16:45:19 -0500 Subject: [Infowarrior] - NSA seeks to build quantum computer that could crack most types of encryption Message-ID: <52C5DDEF.1020200@infowarrior.org> NSA seeks to build quantum computer that could crack most types of encryption By Steven Rich and Barton Gellman http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_print.html In room-size metal boxes, secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world. According to documents provided by former NSA contractor Edward Snowden, the effort to build ?a cryptologically useful quantum computer? ? a machine exponentially faster than classical computers ? is part of a $79.7 million research program titled, ?Penetrating Hard Targets.? Much of the work is hosted under classified contracts at a laboratory in College Park. The development of a quantum computer has long been a goal of many in the scientific community, with revolutionary implications for fields like medicine as well as for the NSA?s code-breaking mission. With such technology, all forms of public key encryption would be broken, including those used on many secure Web sites as well as the type used to protect state secrets. Physicists and computer scientists have long speculated whether the NSA?s efforts are more advanced than those of the best civilian labs. Although the full extent of the agency?s research remains unknown, the documents provided by Snowden suggest that the NSA is no closer to success than others in the scientific community. ?It seems improbable that the NSA could be that far ahead of the open world without anybody knowing it,? said Scott Aaronson, an associate professor of electrical engineering and computer science at MIT. The NSA appears to regard itself as running neck and neck with quantum computing labs sponsored by the European Union and the Swiss government, with steady progress but little prospect of an immediate breakthrough. ?The geographic scope has narrowed from a global effort to a discrete focus on the European Union and Switzerland,? one NSA document states. Seth Lloyd, professor of quantum mechanical engineering at MIT, said the NSA?s focus is not misplaced. ?The E.U. and Switzerland have made significant advances over the last decade and have caught up to the U.S. in quantum computing technology,? he said. The NSA declined to comment for this story. The documents, however, indicate that the agency carries out some of its research in large, shielded rooms known as Faraday cages, which are designed to prevent electromagnetic energy from coming in or out. Those, according to one brief description, are required ?to keep delicate quantum computing experiments running.? The basic principle underlying quantum computing is known as ?quantum superposition,? the idea that an object simultaneously exists in all states. A classical computer uses binary bits, which are either zeroes or ones. A quantum computer uses quantum bits, or qubits, which are simultaneously zero and one. This seeming impossibility is part of the mystery that lies at the heart of quantum theory, which even theoretical physicists say no one completely understands. ?If you think you understand quantum mechanics, you don?t understand quantum mechanics,? said the late Nobel laureate Richard Feynman, who is widely regarded as the pioneer in quantum computing. Here?s how it works, in theory: While a classical computer, however fast, must do one calculation at a time, a quantum computer can sometimes home in on the correct answer much more efficiently, without running those calculations. Quantum computing is so difficult to attain because of the fragile nature of such computers. In theory, the building blocks of such a computer might include individual atoms, photons or electrons. To maintain the quantum nature of the computer, these particles would need to be carefully isolated from their external environments. ?Quantum computers are extremely delicate, so if you don?t protect them from their environment, then the computation will be useless,? said Daniel Lidar, a professor of electrical engineering and the director of the Center for Quantum Information Science and Technology at the University of Southern California. A working quantum computer would open the door to easily breaking the strongest encryption tools in use today, including a standard known as RSA, named for the initials of its creators. RSA scrambles communications, making them unreadable to anyone but the intended recipient, without requiring the use of a shared password. It is commonly used in Web browsers to secure financial transactions and in encrypted e-mails. RSA is used because of the difficulty of factoring the product of two large prime numbers. Breaking the encryption involves finding those two numbers. This cannot be done in a reasonable amount of time on a classical computer. In 2009, computer scientists using classical methods were able to discover the primes within a 768-bit number, but it took almost two years and hundreds of computers to factor it. The scientists estimated that it would take 1,000 times longer to break a 1,024-bit encryption key, which is commonly used for online transactions. A large-scale quantum computer, however, could theoretically break a 1,024-bit encryption much faster. Some leading Internet companies are moving to 2,048-bit keys, but even those are thought to be vulnerable to rapid decryption with a quantum computer. Quantum computers have many applications for today?s scientific community, including the creation of artificial intelligence. But the NSA fears the implications for national security. ?The application of quantum technologies to encryption algorithms threatens to dramatically impact the US government?s ability to both protect its communications and eavesdrop on the communications of foreign governments,? according to an internal document provided by Snowden. Experts are not sure how feasible a quantum computer is in the near future. A decade ago, some experts said that developing a large quantum computer was likely 10 to 100 years in the future. Five years ago, Lloyd said the goal was at least 10 years away. Last year, Jeff Forshaw, a professor at the University of Manchester, told Britain?s Guardian newspaper, ?It is probably too soon to speculate on when the first full-scale quantum computer will be built but recent progress indicates that there is every reason to be optimistic.? ?I don?t think we?re likely to have the type of quantum computer the NSA wants within at least five years, in the absence of a significant breakthrough maybe much longer,? Lloyd told the Post in a recent interview. However, some companies claim to already be producing small quantum computers. A Canadian company, D-Wave Systems , says it has been making quantum computers since 2009. In 2012, it sold a $10 million version to Google, NASA and the Universities Space Research Association, according to news reports. That quantum computer, however, would never be useful for breaking public key encryption like RSA. ?Even if everything they?re claiming is correct, that computer, by its design, cannot run Shor?s algorithm,? said Matthew Green, a research professor at the Johns Hopkins Information Security Institute, referring to the algorithm that could be used to break encryption like RSA. Experts believe that one of the largest hurdles to breaking encryption with a quantum computer is building a computer with enough qubits, which is difficult given the very fragile state of quantum computers. By the end of September, the NSA expected to be able to have some basic building blocks, which it described in a document as ?dynamical decoupling and complete quantum control on two semiconductor qubits.? ?That?s a great step, but it?s a pretty small step on the road to building a large-scale quantum computer,? Lloyd said. A quantum computer capable of breaking cryptography would need hundreds or thousands more qubits than that. The budget for the National Intelligence Program, commonly referred to as the ?black budget,? details the ?Penetrating Hard Targets? project and noted that this step ?will enable initial scaling towards large systems in related and follow-on efforts.? Another project, called the ?Owning the Net,? is using quantum research to support the creation of new quantum-based attacks on encryptions like RSA, documents show. ?The irony of quantum computing is that if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now,? Lidar said. ? The Washington Post Company -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 15:51:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Jan 2014 16:51:55 -0500 Subject: [Infowarrior] - ACLU appeals Pauley ruling on NSA call-tracking Message-ID: <52C5DF7B.4080404@infowarrior.org> ACLU Appeals Dismissal of Lawsuit Challenging NSA Call-Tracking Program Share January 2, 2014 https://www.aclu.org/national-security/aclu-appeals-dismissal-lawsuit-challenging-nsa-call-tracking-program FOR IMMEDIATE RELEASE CONTACT: 212-549-2666, media at aclu.org NEW YORK ? The American Civil Liberties Union and the New York Civil Liberties Union today filed a notice of appeal in their federal lawsuit challenging the constitutionality of the NSA?s mass call-tracking program. Last Friday, the district court dismissed the case, ACLU v. Clapper, ruling that the program was constitutional and did not exceed the authority provided in the Patriot Act. "We believe that the NSA?s call-tracking program violates both statutory law and the Constitution, and we look forward to making our case in the appeals court," said ACLU Deputy Legal Director Jameel Jaffer, one of the two ACLU attorneys who argued the case in November. "The government has a legitimate interest in tracking the associations of suspected terrorists, but tracking those associations does not require the government to subject every citizen to permanent surveillance. Further, as the president?s own review panel recently observed, there?s no evidence that this dragnet program was essential to preventing any terrorist attack. We categorically reject the notion that the threat of terrorism requires citizens of democratic countries to surrender the freedoms that make democracies worth defending." The ACLU anticipates that the Second Circuit Court of Appeals will set an expedited briefing schedule and that it will hear oral argument in the spring. Last week?s ruling by U.S. District Judge William H. Pauley III conflicted with the December 16 decision in a similar lawsuit in Washington, Klayman v. Obama, in which U.S. District Judge Richard J. Leon found the NSA program to be likely unconstitutional. The Justice Department has 60 days to file an appeal. A federal court in San Francisco is currently considering a third case, First Unitarian Church of Los Angeles v. NSA, filed by the Electronic Frontier Foundation. The ACLU is a customer of Verizon Business Network Services, which, as revealed in The Guardian, received a secret order from the Foreign Intelligence Surveillance Court compelling the company to turn over "on an ongoing daily basis" phone call details such as whom calls are placed to and from, and when those calls are made. The lawsuit argues that the government?s blanket seizure of the ACLU?s phone records compromises the organization?s ability to carry out its work and to engage in legitimate communications with clients, journalists, advocacy partners, whistleblowers, and others. Today?s appeal is available at: aclu.org/national-security/aclu-v-clapper-notice-appeal -- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 2 17:14:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jan 2014 18:14:16 -0500 Subject: [Infowarrior] - NSA Server vulnerable to SMTP Spoofing Message-ID: (c/o RD) NSA Server vulnerable to SMTP Spoofing, can be used for Social Engineering http://www.ehackingnews.com/2013/12/nsa-server-vulnerable-to-smtp-spoofing.html Reported by Sabari Selvan on Tuesday, December 31, 2013 < - > An Indian hacker known as "Godzilla" has identified a vulnerability in the NSA website that allows an attacker to send fake emails from NSA's SMTP server. NSA's SMTP server allows anyone to use the service without verifying the IP address and password. The most interesting part is that it allows you to use any email address(for eg: admin at nsa.gov). This vulnerability can be exploited by an attacker for launching a Spear phishing attack. An attacker can send email to anyone inside the organization(for eg to: admin2 at nsa.gov). As it is using the NSA SMTP server, it is need not to worry about firewalls. In a screenshot provided to EHN, the hacker used the email id of the NSA Director "Gen Keith B Alexander"(KeithAlexander at nsa.gov) to send email to another email id. "sending a mail with a link attach to it. That can be a bot link. Everyone will receive the mail with .nsa.gov domain as the mail is shooted from the same network." The hacker said. "The mail will be send with the name of Director as no one will dare to skip the mail and have to read it. After opening the mail the attacking vector will get active. After this the ball will be in the attackers court." "SMTP is a dangerous protocol and if you dont know how to secure it, its better you shut it down." "Stupid NSA you are lucky its 31st December and we are not in a mood to shoot are malwares in your server." Hacker said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 13:23:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 14:23:53 -0500 Subject: [Infowarrior] - More researchers boycott RSA Message-ID: <3EFEF3EC-A892-475F-ACC7-FF1EE328AB43@infowarrior.org> More researchers join RSA conference boycott to protest $10 million NSA deal With seven weeks to go, at least 8 speakers cancel their RSA Conference plans. by Dan Goodin - Jan 7 2014, 6:46pm EST By Tuesday afternoon, there were eight previously scheduled RSA participants who had publicly cancelled their engagements. They included Adam Langley and Chris Palmer, both on various security teams at Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; EFF special counsel Marcia Hoffman; Mozilla Global Privacy and Public Policy Leader Alex Fowler; Josh Thomas, who is listed as "chief breaking officer" at Atredis Partners; and Jeffrey Carr, CEO of security consultancy Taia Global. They joined F-Secure Chief Research Officer Mikko Hypponen, who announced his plans to withdraw two weeks ago. "I've become convinced that a public stance serves more than self-aggrandizement, so I've pulled out of the Cryptographers Panel at RSA 2014," Langley wrote on Twitter Tuesday. "(I had already decided not to do it, but I pondered for a while whether I should say anything in public)," he wrote in a follow-up tweet. Meanwhile, members of the Open Web Application Security Project are voting on whether to pull their previously planned developer training from the conference. It has been three weeks since Reuters reported that RSA received $10 million to make the NSA-influenced Dual EC_DRBG the default algorithm for generating random numbers in the widely used BSAFE application. The revelation has generated howls of protest since Dual EC_DRBG is known to contain weaknesses and, according to The New York Times, may also have an NSA-engineered backdoor that makes wide-spread surveillance easier. RSA allowed BSAFE to use the algorithm for almost a decade and only removed it only after Ars asked if there were plans to do so. In the three weeks since the $10 million deal was disclosed, the stock price of RSA parent company EMC has risen 2.8 percent, vastly outperforming both the Nasdaq and S&P indexes. The revelations may not be tarnishing the way Wall Street views the company, but they're beginning to have an effect on the prestige of its highly visible conference. http://arstechnica.com/security/2014/01/more-researchers-join-rsa-conference-boycott-to-protest-10-million-nsa-deal/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 13:23:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 14:23:58 -0500 Subject: [Infowarrior] - Not Cool: MPAA Joins The W3C Message-ID: <378E3809-9A82-44F4-9D86-8CA18091BEDE@infowarrior.org> Not Cool: MPAA Joins The W3C from the that's-not-going-to-end-well dept http://www.techdirt.com/articles/20140107/11263425789/not-cool-mpaa-joins-w3c.shtml The W3C has been at the forefront of open standards and an open internet for many years, obviously. So it's somewhat distressing to see it announced this morning that the MPAA has now joined the group. After all, it was not that long ago that the MPAA flat out tried to break the open internet by imposing rules, via SOPA, that would have effectively harmed security protocols and basic DNS concepts. All because it refuses to update its business model at the pace of technology. The MPAA has never been about supporting open standards or an open and free internet. The W3C states that its "principles" are "web for all, web for everything" and that its vision is "web of consumers and authors, data and services, trust." The MPAA has basically been opposed to... well.... all of that. It has tried to take a consumer web of authors and turn it into a broadcast medium for major producers. It's tried to destroy trust, and put in place locks and keys. In short, the MPAA has no place at all in the W3C. If there had been any indication that this was a shift in the MPAA's thinking, that actually would be interesting. If the MPAA had shown even the slightest indication that it was finally willing to embrace real internet principles and standards, and move Hollywood into the 21st century, that would be a good thing, and they should participate. But that's not what this is about, at all. Instead, I fear that this is because of the stupid fight, which the W3C supports, to put DRM in HTML5. Tim Berners-Lee, who created the web and heads the W3C, has (for reasons that still don't make any sense) supported this dangerous proposal. Despite detailed explanations for why this is a bad idea, he has continued to defend the idea, which appears to go against nearly everything he's said in the past. Having the MPAA join the W3C is not encouraging at all. Berners-Lee's support of DRM in HTML5 seems to be based on the short-sighted (and simply wrong) idea that the web needs the legacy entertainment industry more than the legacy entertainment industry needs the web. Building truly open standards that the world adopts will get the MPAA and others to come along eventually, because they'll realize they need to go where the people are, even if it isn't crippled with restrictions and locks. Bringing the MPAA into the process only continues to perpetuate this idea that we should be building a broadcast platform for the entertainment industry to push a message at consumers, rather than building a platform for creators of all kinds to communicate and share. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 13:24:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 14:24:07 -0500 Subject: [Infowarrior] - FBI Drops Law Enforcement as 'Primary' Mission Message-ID: <2F30F2CD-49E8-4D74-A99F-CB2524865ECD@infowarrior.org> FBI Drops Law Enforcement as 'Primary' Mission ? BY John Hudson ? JANUARY 5, 2014 - 09:49 PM http://thecable.foreignpolicy.com/posts/2014/01/05/fbi_drops_law_enforcement_as_primary_mission The FBI's creeping advance into the world of counterterrorism is nothing new. But quietly and without notice, the agency has finally decided to make it official in one of its organizational fact sheets. Instead of declaring "law enforcement" as its "primary function," as it has for years, the FBI fact sheet now lists "national security" as its chief mission. The changes largely reflect the FBI reforms put in place after September 11, 2001, which some have criticized for de-prioritizing law enforcement activities. Regardless, with the 9/11 attacks more than a decade in the past, the timing of the edits is baffling some FBI-watchers. "What happened in the last year that changed?" asked Kel McClanahan, a Washington-based national security lawyer. McClanahan noticed the change last month while reviewing a Freedom of Information Act (FOIA) request from the agency. The FBI fact sheet accompanies every FOIA response and highlights a variety of facts about the agency. After noticing the change, McClanahan reviewed his records and saw that the revised fact sheets began going out this summer. "I think they're trying to rebrand," he said. "So many good things happen to your agency when you tie it to national security." Although a spokesman with the agency declined to weigh in on the timing of the change, he said the agency is just keeping up with the times. "When our mission changed after 9/11, our fact sheet changed to reflect that," FBI spokesman Paul Bresson told Foreign Policy. He noted that the FBI's website has long-emphasized the agency's national security focus. "We rank our top 10 priorities and CT [counterterrorism] is first, counterintel is second, cyber is third," he said. "So it is certainly accurate to say our primary function is national security." On numerous occasions, former FBI Director Robert Mueller also emphasized the FBI's national security focus in speeches and statements. FBI historian and Marquette University professor Athan Theoharis agreed that the changes reflect what's really happening at the agency, but said the timing isn't clear. "I can't explain why FBI officials decided to change the fact sheet... unless in the current political climate that change benefits the FBI politically and undercuts criticisms," he said. He mentioned the negative attention surrounding the FBI's failure in April to foil the bomb plot at the Boston Marathon by Dzhokhar and Tamerlan Tsarnaev. Whatever the reason, the agency's increased focus on national security over the last decade has not occurred without consequence. Between 2001 and 2009, the FBI doubled the amount of agents dedicated to counterterrorism, according to a 2010 Inspector's General report. That period coincided with a steady decline in the overall number of criminal cases investigated nationally and a steep decline in the number of white-collar crime investigations. "Violent crime, property crime and white-collar crime: All those things had reductions in the number of people available to investigate them," former FBI agent Brad Garrett told Foreign Policy. "Are there cases they missed? Probably." Last month, Robert Holley, the special agent in charge in Chicago, said the agency's focus on terrorism and other crimes continued to affect the level of resources available to combat the violent crime plaguing the city. "If I put more resources on violent crime, I'd have to take away from other things," he told The Chicago Tribune. According to a 2007 Seattle Post-Intelligencer investigation, the Justice Department did not replace 2,400 agents assigned to focus on counterterrorism in the years following 9/11. The reductions in white-collar crime investigations became obvious. Back in 2000, the FBI sent prosecutors 10,000 cases. That fell to a paltry 3,500 cases by 2005. "Had the FBI continued investigating financial crimes at the same rate as it had before the terror attacks, about 2,000 more white-collar criminals would be behind bars," the report concluded. As a result, the agency fielded criticism for failing to crack down on financial crimes ahead of the Great Recession and losing sight of real-estate fraud ahead of the 2008 subprime mortgage crisis. In many ways, the agency had no choice but to de-emphasize white-collar crime. Following the 9/11 attacks, the FBI picked up scores of new responsibilities related to terrorism and counterintelligence while maintaining a finite amount of resources. What's not in question is that government agencies tend to benefit in numerous ways when considered critical to national security as opposed to law enforcement. "If you tie yourself to national security, you get funding and you get exemptions on disclosure cases," said McClanahan. "You get all the wonderful arguments about how if you don't get your way, buildings will blow up and the country will be less safe.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 13:24:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 14:24:13 -0500 Subject: [Infowarrior] - What It's Like When The FBI Asks You To Backdoor Your Software Message-ID: What It's Like When The FBI Asks You To Backdoor Your Software ? Jan 08, 2014 12:55 PM EST By Max Eddy http://securitywatch.pcmag.com/security/319544-what-it-s-like-when-the-fbi-asks-you-to-backdoor-your-software At a recent RSA Security Conference, Nico Sell was on stage announcing that her company?Wickr?was making drastic changes to ensure its users' security. She said that the company would switch from RSA encryption to elliptic curve encryption, and that the service wouldn't have a backdoor for anyone. As she left the stage, before she'd even had a chance to take her microphone off, a man approached her and introduced himself as an agent with the Federal Bureau of Investigation. He then proceeded to "casually" ask if she'd be willing to install a backdoor into Wickr that would allow the FBI to retrieve information. A Common Practice This encounter, and the agent's casual demeanor, is apparently business as usual as intelligence and law enforcement agencies seek to gain greater access into protected communication systems. Since her encounter with the agent at RSA, Sell says it's a story she's heard again and again. "It sounds like that's how they do it now," she told SecurityWatch. "Always casual, testing, because most people would say yes." The FBI's goal is to see into encrypted, secure systems like Wickr and others. Under the Communications Assistance for Law Enforcement Act (CALEA) legislation, law enforcement can tap any phone in the US but they can't read encrypted communications. We've also seen how law enforcement have followed the lead of the NSA, and gathered data en-masse from cellphone towers. With the NSA reportedly installing backdoors onto hardware sitting in UPS facilities and allegedly working to undermine cryptographic standards, it's not surprising that the FBI would be operating along similar lines. The Difference It was clear that the FBI agent didn't know who he was dealing with, because Sell did not back down. Instead, she lectured him on topics ranging from the First and Fourth Amendments to the Constitution, to George Washington's creation of a Post Office in the US. "My ancestor was a drummer boy under Washington," Sell explained. "Washington thought it was very important to have freedom of information and private correspondence without government surveillance." Her lecture concluded, she proceeded to grill the agent. "I asked if he had official paperwork for me, if this was an official request, who his boss was," said Sell. "He backed down very quickly." Though she didn't budge for the agent, Sell makes it clear that surveillance and security is a complicated issue. "Ten years ago, I'd have said yes," said Sell. "Because if law enforcement asks you to catch bad guys, who wouldn't want to help?" The difference now, she explained, was her experiences at BlackHat. Among those, Sell pointed to a BlackHat event where Thomas Cross demonstrated how to break into lawful intercept machines?or wiretaps. "It was very clear that a backdoor for the good guys is always a backdoor for the bad guys." How To Be A Good Guy "I'm not against helping law enforcement, but the most important thing to me is protecting my friends and family the best way I know how," said Sell. She suggested that the NSA and other agencies go back to a model where individuals are targeted, instead of monitoring all communications and sorting it out later. "There are plenty of ways to track people without trampling human rights," she said. As an example of how to do security right, Sell unsurprisingly pointed to Wickr. She said that her company does not hold the encryption keys to decrypt users' messages, or see their identities. That way, should Wickr be compelled to hand over data from a court order, investigators will only find junk. And in addition to employing who Sell calls the "best crypto people," Sell said that individual messages are bound to their intended device. "Even in 20 years or 100 years, if the NSA miraculously breaks these [encryption] equations, they still wouldn't be able to read these messages." It's clear that for Sell, this is about more than good security. "I'm doing the right thing here, and it's the right thing for them, too," she said. "I'm not afraid of them." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 13:24:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 14:24:18 -0500 Subject: [Infowarrior] - Matt Blaze: NSA revelations: the 'middle ground' everyone should be talking about Message-ID: <2FA6BF5C-46A5-4046-8277-6869DE838C30@infowarrior.org> NSA revelations: the 'middle ground' everyone should be talking about The NSA's Tailored Access Operations show there's a way to be safe and get good intelligence without mass surveillance ? Matt Blaze ? theguardian.com, Monday 6 January 2014 12.17 EST http://www.theguardian.com/commentisfree/2014/jan/06/nsa-tailored-access-operations-privacy As if there wasn't already enough NSA mass surveillance to worry about, last week we got a peek at the agency's arsenal of tools for exploiting the hardware and software of its targets. They're best described as a veritable SpyMall catalog of sophisticated concealed gadgets and surreptitious software "implants", each sneakier than the last in its ability to compromise and extract private data from the computers and phones on which they're installed. If you still thought there was anywhere in the electronic world to hide after you're in their sights, this should be enough to disabuse you of that notion once and for all. This lies atop six months of news of the myriad ways our metadata and, in some cases, our content, is being routinely collected and analyzed, cloud services and communications providers being compromised, and security standards that should be protecting us being sabotaged. The sane reaction seems to lie somewhere between paranoia and despair. So we have to take small comforts where we can find them. And, paradoxically as it may seem, at least two of the most egregious revelations might actually hold out a glimmer of hope for privacy going forward. First, we now have evidence, albeit indirect, that the NSA might not have the cryptologic superpowers that some feared they might. In particular, they have had to resort to outright sabotage of a range of security standards and systems that give them trouble. This suggests that a more robust (and un-sabotaged) infrastructure ? secured by proper cryptography and without hidden backdoors or so-called "lawful intercept" interfaces ? can make mass surveillance genuinely difficult. (And not just more difficult for the NSA. More difficult for other, perhaps less benevolent, nations' intelligence services as well.) So perhaps we stand a chance after all, at least if we're not being individually targeted. Which brings us to the second encouraging bit of news, which is that if you are being individually targeted, you really don't stand a chance. The NSA's tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn't if you're a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more "wiretap friendly". The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering. Don't get me wrong, as a security specialist, the NSA's Tailored Access Operations (TAO) scare the daylights of me. I would never want these capabilities used against me or any other innocent person. But these tools, as frightening and abusable as they are, represent far less of a threat to our privacy and security than almost anything else we've learned recently about what the NSA has been doing. TAO is retail rather than wholesale. That is, as well as TAO works (and it appears to work quite well indeed), they can't deploy it against all of us ? or even most of us. They must be installed on each individual target's own equipment, sometimes remotely but sometimes through "supply chain interdiction" or "black bag jobs". By their nature, targeted exploits must be used selectively. Of course, "selectively" at the scale of NSA might still be quite large, but it is still a tiny fraction of what they collect through mass collection. For over a decade now, the NSA has been drowning in a sea of irrelevant data collected almost entirely about innocent people who would never be selected as targets or comprise part of any useful analysis. The implicit assumption has been that spying on everyone is the price we pay to be able to spy on the real bad guys. But the success of TAO demonstrates a viable alternative. And if the NSA has any legitimate role in intelligence gathering, targeted operations like TAO have the significant advantage that they leave the rest of us ? and the systems we rely on ? alone. Which is not to say that TAO is a silver bullet against abuse. First, of course, spying on, say, political opponents is as much a temptation with TAO as it is with the NSA's bulk collection programs. There's no technological solution to this; it requires meaningful oversight, of a kind that's been sorely lacking from US policymakers. And while we're at it, we should ask whether NSA really needs the 85,000 "implants" it reportedly already has. A more subtle issue is the ecosystem of software security. When NSA exploits flaws, it enters into a fundamental conflict between its mission to gather intelligence and its mission to protect citizens from hostile entities seeking to take advantage the very same problems. Even though software flaws exist whether NSA exploits them or not, the agency should ultimately be in the business of reporting and helping to fix any vulnerabilities it finds. This is a point made strongly by the recent NSA review panel report. It's possible to reconcile reporting and exploiting, but again, it requires vigilant, meaningful oversight and clear rules. The intelligence community no doubt regards targeted collection methods like TAO as a method of last resort, to be used only when mass surveillance fails. We urgently need to reverse this. Yes, we can expect resistance from the NSA and its "five eyes" partners at any suggestion that they scale back mass collection in favor of targeted methods. It means doing things differently, not to mention that carefully focused targeting is likely more expensive than drinking from the fire hose to which they've become accustomed. But if TAO is a bit more expensive, it also demonstrates that we have a real choice here. We can safely curtail mass collection, shore up needlessly "wiretap friendly" infrastructure and generally protect ourselves against mass surveillance, all without shutting down legitimate intelligence gathering. In a free society, this should be an easy choice to make. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 13:26:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 14:26:40 -0500 Subject: [Infowarrior] - VA Appeals Court: Anonymous criticiam isn't protected Message-ID: YELP critics must be identified, court rules in online landscape altering decision Decision could reshape rules for online consumer reviews of products, businesses http://www.washingtontimes.com/news/2014/jan/8/court-rules-yelp-website-must-identify-seven-negat/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 16:19:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 17:19:13 -0500 Subject: [Infowarrior] - Wassenaar amended ... prohibiting what? Message-ID: <350747FF-AB75-4535-A507-A54FF629F61D@infowarrior.org> (c/o DG for finding this gem) Begin forwarded message: > I suggest you immediately familiarize yourself with last month's > changes to the Wassenaar Agreement, perhaps starting here: > > http://oti.newamerica.net/blogposts/2013/international_agreement_reached_control > ling_export_of_mass_and_intrusive_surveillance > > Precis: Two new classes of export prohibited software: > > Intrusion software > > "Software" specially designed or modified to avoid detection > by 'monitoring tools', or to defeat 'protective countermeasures', > of a computer or network capable device, and performing any of > the following: > > a. The extraction of data or information, from a computer or > network capable device, or the modification of system or user > data; or > > b. The modification of the standard execution path of a program > or process in order to allow the execution of externally provided > instructions. > > IP network surveillance systems > > 5. A. 1. j. IP network communications surveillance systems or > equipment, and specially designed components therefor, having > all of the following: > > 1. Performing all of the following on a carrier class IP network > (e.g., national grade IP backbone): > > a. Analysis at the application layer (e.g., Layer 7 of Open > Systems Interconnection (OSI) model (ISO/IEC 7498-1)); > > b. Extraction of selected metadata and application content > (e.g., voice, video, messages, attachments); and > > c. Indexing of extracted data; and > > 2. Being specially designed to carry out all of the following: > > a. Execution of searches on the basis of 'hard selectors'; and > > b. Mapping of the relational network of an individual or of a > group of people. > > All the same arguments that applied to exportation bans for crypto > software apply here, especially that of pointlessness. Note that > at least part of the privacy community is applauding, which I find > truly inexplicable. From rforno at infowarrior.org Thu Jan 9 17:55:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 18:55:03 -0500 Subject: [Infowarrior] - Google+ Changes will irk many, I bet.... Message-ID: <480E86BE-27CE-427B-B05D-41D23BDA0F19@infowarrior.org> Larry Page's Second Big Mistake As CEO: Opening Your Gmail Box to Google+ Followers http://www.forbes.com/sites/roberthof/2014/01/09/larry-pages-second-big-mistake-opening-your-gmail-box-to-google-followers/ ? includes how-to-disable this new ?feature? for Google Plus users?. FAQ: How The New Gmail ?Send To Anyone On Google+? Feature Works http://marketingland.com/gmail-messages-google-plus-70094 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 9 18:23:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jan 2014 19:23:56 -0500 Subject: [Infowarrior] - HPSCI Releases Fact-Free Fearmongering About Impact Of Snowden Revelations Message-ID: <9E6EBC01-634E-4C07-969B-716A09B6DE22@infowarrior.org> House Intel Committee Releases Fact-Free Fearmongering About Impact Of Snowden Revelations from the the-smearing-of-ed-snowden,-brought-to-you-by-mike-rogers dept House Intelligence Committee chairman Rep. Mike Rogers and his Democractic counterpart Rep. Dutch Ruppersberger published a press release today touting a classified Defense Department report alleging that Edward Snowden?s leaks?and by proxy, stories published by news organizations?threaten national security and "are likely to have lethal consequences for our troops in the field." Before going any further, let?s remember what the Washington Post reported last month about Director of National Intelligence (DNI) James Clapper: < - > http://www.techdirt.com/articles/20140109/12525025825/house-intel-committee-releases-fact-free-fearmongering-about-impact-snowden-revelations.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 10 15:43:06 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jan 2014 16:43:06 -0500 Subject: [Infowarrior] - SCOTUS agrees to hear Aereo case Message-ID: <70008AC8-F4FE-426B-8D45-ECB7541E5D31@infowarrior.org> Supreme Court agrees to hear Aereo case The US Supreme Court granted a writ of certiori -- jargon for "OK, we'll hear this one" -- in the case pitting the networks' against the streamer of over-the-air broadcasts. http://news.cnet.com/8301-1023_3-57616881-93/supreme-court-agrees-to-hear-aereo-case/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 10 15:43:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jan 2014 16:43:42 -0500 Subject: [Infowarrior] - Obama to unveil NSA reforms on Jan. 17 Message-ID: <785F9F68-79D4-4F95-A1BC-B9FD08877E11@infowarrior.org> (I?m wondering if this will be meaningful ?reforms? or RINOs ? Reforms In Name Only. I suspect the latter, but we?ll see next week. ?rick) January 10, 2014, 01:43 pm Obama to unveil NSA reforms on Jan. 17 By Justin Sink http://thehill.com/blogs/hillicon-valley/technology/195104-obama-to-unveil-nsa-reforms-on-jan-17 President Obama will unveil his proposed reforms to the nation's surveillance programs in a speech next Friday, Jan. 17, the White House announced. "He will be remaking remarks to discuss the outcomes of the work that has been done in the review process," White House press secretary Jay Carney said. The administration provided no details about a venue for the speech, where the president is expected to announce sweeping changes to the work of the National Security Agency (NSA). Obama has spent recent weeks reviewing a series of 46 recommendations made by a White House review panel, which has called for additional transparency and privacy protections to be added to the controversial NSA surveillance programs. According to early reports, the president is expected to call for a halt to the government collection of telephone metadata and ask phone companies or a third party to retain control of that information. Under that practice, the government would need to seek additional legal approval to review American's phone histories. The president will also reportedly call for additional oversight of the National Intelligence Priorities Framework, a document used to rank intelligence goals and used while making the decision on whether to surveil foreign heads of state. That practice ? revealed in documents obtained by former intelligence contractor Edward Snowden ? has led to diplomatic headaches for the White House in recent months. Foreign leaders, including German Chancellor Angela Merkel ? expressed outrage when newspapers reported that American intelligence had listened in on her mobile phone. In recent days, the president and other top White House officials have met with lawmakers, members of the intelligence community, privacy advocates and tech companies ahead of the expected announcement. On Friday, Sens. Mark Udall (D-Colo.), Ron Wyden (D-Ore.) and Martin Heinrich (D-N.M.) called on Obama to halt the collection of phone records and reform the Foreign Intelligence Surveillance Court tasked with approving top-secret surveillance in a letter to the president. Wyden and Udall were among a group of lawmakers who met with Obama on Thursday. "We believe you have the authority to make many of these changes now, and we urge you to do so with reasonable haste to protect both our national security and the personal rights and liberties of U.S. citizens,? they wrote. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jan 11 09:39:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Jan 2014 10:39:46 -0500 Subject: [Infowarrior] - Members Of Congress Ask Eric Holder To Try Again In His Explanation Of The Prosecution Of Aaron Swartz Message-ID: <3FFBE8F2-42C1-489B-AD82-87429A5C2CB9@infowarrior.org> Members Of Congress Ask Eric Holder To Try Again In His Explanation Of The Prosecution Of Aaron Swartz from the this-time,-with-some-reality-involved dept Tomorrow is the anniversary of the unfortunate passing of Aaron Swartz. Senators John Cornyn and Al Franken, along with Rep. Darryl Issa, have now sent Attorney General Eric Holder yet another request for an explanation concerning the investigation and prosecution of Swartz. This follows on a similar request from last year, but these elected officials note both that the DOJ's response was inadequate, and that it was also contradicted by the eventual report on the prosecution that came out of MIT?.. < - > http://www.techdirt.com/articles/20140110/14303725839/members-congress-ask-eric-holder-to-try-again-his-explanation-prosecution-aaron-swartz.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 06:43:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 07:43:10 -0500 Subject: [Infowarrior] - IBM creates $1 billion unit for Watson supercomputer Message-ID: <57F125A8-D081-43C0-AFF6-911FA6722FA2@infowarrior.org> IBM creates $1 billion unit for Watson supercomputer By Bree Fowler Posted: 01/09/2014 06:43:12 AM PST | Updated: 3 days ago http://www.mercurynews.com/business-headlines/ci_24876380/ibm-creates-1-billion-unit-watson-supercomputer NEW YORK -- One of the most famous "Jeopardy!" champs of all time is moving to Manhattan. No, it's not Ken Jennings. IBM announced Thursday that it's investing more than $1 billion to give its Watson cloud computing system its own business division and a new home in New York City. The Armonk, N.Y.-based computing company said the new business unit will be dedicated to the development and commercialization of the project that first gained fame by defeating a pair of "Jeopardy!" champions, including 74-time winner Jennings, in 2011. In the years since Watson's TV appearance, IBM has been developing the computing system for more practical purposes and changed it to a cloud-based service. While still in the development phase, Watson's massive analytical capabilities are currently being used in industries ranging from health care to banking. FILE - In this file photo of Jan. 13, 2011, "Jeopardy!" champions Ken Jennings, left, and Brad Rutter, right, look on as the IBM computer called "Watson" beats them to the buzzer to answer a question during a practice round of the "Jeopardy!" quiz show in Yorktown Heights, N.Y. IBM announced Thursday, Jan. 9, 2014 that it's investing over $1 billion to give its Watson cloud computing system its own business division and a new home in the heart of New York City (AP Photo/Seth Wenig, File) ( Seth Wenig ) IBM CEO Ginni Rometty said what makes Watson unique is that it isn't programmed like most computers. Instead of relying only on the information that's put into it, Watson learns by "reading" vast amounts of information and combining it with the results of previous work to find answers to problems -- which she says makes it ideal for the reams of data now involved in many industries. IBM is building a new headquarters for the business on the edge of New York City's East Village near New York University and other technology companies. In addition to its marketing and engineering capabilities, the new headquarters also will provide a place for IBM to collaborate with clients and startup companies that are building apps for Watson. IBM will invest about $100 million in various startup companies working on Watson projects. Rometty said at an event announcing the move Thursday in New York that it's those collaborations with startups and clients that will help find new uses for the Watson technology. Eventually the business, which started out as a team of 27 people, will employ about 2,000, with several hundred set to move into the new headquarters. One of the first fields to use Watson was health care. Dr. Jose Baselga, physician-in-chief of Memorial Sloan-Kettering Cancer Center, attended Thursday's event. He said Watson has helped his doctors deal with the skyrocketing amount of information involved in the treatment of cancer. Meanwhile, others see the potential for using Watson in industries such as retail and travel. Terry Jones, a founder of the travel websites Travelocity.com and Kayak.com, also attended the event. He said that while Internet search engines have become the method of choice for booking travel, they can't yet provide the expert advice about particular destinations and travel activities that an old-fashioned travel agent can. He said Watson's ability to understand language allows it to search travel blogs, books and newspapers to help answer users' questions. Michael Rhodin, a long-time IBM executive named to lead the new business, said the New York City headquarters is meant to be a departure from the project's current research facility's sleepier surroundings about 40 miles north of the city in Yorktown Heights, N.Y. The angular glass building also will stand out from the rest of its neighborhood, which is home to some of the oldest buildings in the city. Rhodin said the move will help it attract young talent that expects Silicon Valley style. "The millennial generation gets this, they understand what this is," Rhodin said. "This is a departure. It's a statement on our part." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 06:43:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 07:43:34 -0500 Subject: [Infowarrior] - Could data collection have stopped 9/11? White House thinks so Message-ID: <57A7818E-0B82-441A-8FC2-C2533B6704F9@infowarrior.org> Could data collection have stopped 9/11? White House thinks so By Christi Parsons and Ken Dilanian January 13, 2014, 3:00 a.m. http://www.latimes.com/nation/la-na-obama-nsa-20140113,0,2416490.story#axzz2qHWaHekZ WASHINGTON ? Many of President Obama's closest advisors have embraced a controversial assessment of one of the National Security Agency's major data collection programs ? the belief that the Sept. 11, 2001, terrorist attacks could have been prevented had government then possessed the sort of vast trove of Americans' telephone records it holds now. Critics of the NSA program, and some scholars of America's deadliest terrorist attack, strenuously dispute the view that the collection of phone data would necessarily have made a difference or that the possibility justifies the program now. The presidential task force that reviewed surveillance operations concluded last month that the program "was not essential" to preventing terrorist attacks. But as the president finalizes plans for a speech on Friday announcing his proposals to change intelligence operations and oversight, the widespread agreement at the most senior levels of the White House about the program's value appears to be driving policy. As a result, the administration seems likely to modify, but not stop, the gathering of billions of phone call logs. In recent White House meetings, Obama has accepted the "9/11" justification, aides say, expressing the belief that domestic phone records might have helped authorities identify some of the skyjackers who later crashed passenger jets in New York, the Washington area and Pennsylvania, killing nearly 3,000 people. He believes the main problem with the program is one of perception: Many Americans don't trust the NSA, one of the most secretive of spy agencies, to respect civil liberties. In Friday's speech, the president is expected to propose steps that he hopes will make Americans more comfortable with the program, but not greatly reduce its scope as a counter-terrorism tool. One such change would be to shift the assembling and archiving of telephone "metadata" from NSA servers in Ft. Meade, Md., back to the telephone companies, or to a private third party. But aides say he is unlikely to end the program altogether. Under the current program, the government collects and stores metadata ? numbers dialed and call times ? involving virtually all telephone calls in or through the United States. The program does not collect the contents of conversations. "This capability was put in place after 9/11 for a good reason," said a senior administration official who asked not to be identified discussing sensitive deliberations. "The question we have to examine is whether the perception of privacy intrusion outweighs the operational value. It's possible we could get that same information ? in other ways, but it's slower." Shifting the NSA archive to private control would be "tricky," said Sen. Richard J. Durbin (D-Ill.), a member of the Judiciary Committee. If the NSA can access the data too easily, Durbin said, "there's an assumption that it's partly created or controlled by government, and that doesn't change people's skepticism." Privacy and civil liberties activists say the government has overstated the utility of amassing billions of phone call logs. They argue that it is too far-reaching and too intrusive, and that other effective counter-terrorism tools exist. The "big question ? [is] whether our government is going to spy on Americans," said Michelle Richardson, legislative counsel for the ACLU. Over the last half-year, government officials have had to abandon several of their claims about the effectiveness of the metadata collection program. When former NSA contractor Edward Snowden began disclosing classified documents to the news media, intelligence officials initially said the ability to secretly trace a suspect's network of calling partners had helped prevent scores of terrorist attacks. Pressed for details by members of Congress and others, officials steadily backed away from those assertions. In the end, they cited only one U.S. case in which they still say the NSA archive played a crucial role: A San Diego cab driver and three others were convicted in November of sending about $8,500 to the Shabab, the extremist group in Somalia that has launched deadly attacks across East Africa, in part because of clues collected from the phone logs. Whether U.S. authorities would have used similar data to identify any of the 19 hijackers before Sept. 11, and whether that would have stopped others in the plot, is impossible to know. The presidential commission that investigated the 2001 attack blamed more fundamental problems, including the CIA's failure to inform the FBI that several suspected Al Qaeda members had entered the United States and were living in San Diego. The strongest argument for how the program might have helped, one cited in White House discussions, involves Khalid al Mihdhar, a Saudi who helped fly an American Airlines jet into the Pentagon. After arriving in San Diego in January 2000, Mihdhar made several phone calls to an Al Qaeda safe house in Yemen. U.S. intelligence was monitoring calls made to the safe house, then-FBI Director Robert S. Mueller III told Congress last summer, but didn't realize the caller was in America. If the telephone archive had existed at the time, Mueller said, the NSA could have linked the numbers in Yemen and San Diego, identified Mihdhar and "derailed" the plot. Gen. Keith Alexander, the head of the NSA, made a similar argument. According to the Sept. 11 Commission, however, the NSA already had learned Mihdhar's name in 1999 in a call that linked him to Al Qaeda, but did not pass his name or that of his friend Nawaf al Hazmi, another future hijacker, to the FBI. In December that year, the CIA broke into Mihdhar's hotel room in Dubai, United Arab Emirates, and photographed his passport, which had a U.S. visa. The CIA didn't warn the State Department to revoke the visas, didn't ask immigration authorities to bar Mihdhar or Hazmi at the border and didn't inform the FBI that suspected terrorists were in California. If the FBI had been warned, agents already had ample legal authority to review Mihdhar's telephone records or get a warrant to tap his phones, read his emails and track his movements. The FBI missed other opportunities to thwart the 2001 plot that it probably would pursue today. In summer 2001, agents had arrested Zacarias Moussaoui, another Al Qaeda member, who aroused suspicion at a flight school in Minnesota. But they failed to obtain a search warrant for his computer. And FBI managers ignored a warning by a field agent in Phoenix that Osama bin Laden might be sending pilots to train at U.S. flight schools. Today, as part of the initiatives implemented since 2001, federal watch lists bar suspected terrorists from boarding U.S.-bound aircraft or entering the country, and U.S. law enforcement and intelligence agencies share more information and work far more closely in counter-terrorism cases. James R. Thompson, a former governor of Illinois who served on the Sept. 11 Commission, said the value of the bulk data collection was "a given" for counter-terrorism efforts even if it might not have prevented the 2001 attacks. He also said the concerns about abuse were overblown. "We don't have any examples of how the average American citizen's privacy is being harmed by the collection of this data," he said. NSA officials say they authorize analysts to access the database only a few hundred times a year, and only to determine whether suspected terrorists or spies overseas are in contact with people in the United States. In 2012, NSA analysts looked into calls involving 288 telephone numbers, John Inglis, the NSA's top civilian official, said in a recent interview with NPR. Examining the numbers that were in contact with those initial 288 as well as those in contact with that second tier meant the agency looked at about 6,000 phone numbers in total that year, he said. To date, Snowden's disclosures have produced no evidence to suggest the NSA or other agencies have sought to search details about the personal lives or activities of Americans other than terrorism suspects. christi.parsons at latimes.com ken.dilanian at latimes.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 06:43:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 07:43:40 -0500 Subject: [Infowarrior] - Schneier: How the NSA Threatens National Security Message-ID: <52B5EB67-4CE6-4A5B-91EB-8DC8D016D6C3@infowarrior.org> (I would say it is not just any one agency but also Congress, whose technical, practical, conceptual, and rational ignorance allows such things to occur on THEIR watch, and often with THEIR approval anyway. --rick) January 13, 2014 How the NSA Threatens National Security https://www.schneier.com/blog/archives/2014/01/how_the_nsa_thr.html Secret NSA eavesdropping is still in the news. Details about once secret programs continue to leak. The Director of National Intelligence has recently declassified additional information, and the President's Review Group has just released its report and recommendations. With all this going on, it's easy to become inured to the breadth and depth of the NSA's activities. But through the disclosures, we've learned an enormous amount about the agency's capabilities, how it is failing to protect us, and what we need to do to regain security in the Information Age. First and foremost, the surveillance state is robust. It is robust politically, legally, and technically. I can name three different NSA programs to collect Gmail user data. These programs are based on three different technical eavesdropping capabilities. They rely on three different legal authorities. They involve collaborations with three different companies. And this is just Gmail. The same is true for cell phone call records, Internet chats, cell-phone location data. Second, the NSA continues to lie about its capabilities. It hides behind tortured interpretations of words like "collect," "incidentally," "target," and "directed." It cloaks programs in multiple code names to obscure their full extent and capabilities. Officials testify that a particular surveillance activity is not done under one particular program or authority, conveniently omitting that it is done under some other program or authority. Third, US government surveillance is not just about the NSA. The Snowden documents have given us extraordinary details about the NSA's activities, but we now know that the CIA, NRO, FBI, DEA, and local police all engage in ubiquitous surveillance using the same sorts of eavesdropping tools, and that they regularly share information with each other. The NSA's collect-everything mentality is largely a hold-over from the Cold War, when a voyeuristic interest in the Soviet Union was the norm. Still, it is unclear how effective targeted surveillance against "enemy" countries really is. Even when we learn actual secrets, as we did regarding Syria's use of chemical weapons earlier this year, we often can't do anything with the information. Ubiquitous surveillance should have died with the fall of Communism, but it got a new -- and even more dangerous -- life with the intelligence community's post-9/11 "never again" terrorism mission. This quixotic goal of preventing something from happening forces us to try to know everything that does happen. This pushes the NSA to eavesdrop on online gaming worlds and on every cell phone in the world. But it's a fool's errand; there are simply too many ways to communicate. We have no evidence that any of this surveillance makes us safer. NSA Director General Keith Alexander responded to these stories in June by claiming that he disrupted 54 terrorist plots. In October, he revised that number downward to 13, and then to "one or two." At this point, the only "plot" prevented was that of a San Diego man sending $8,500 to support a Somali militant group. We have been repeatedly told that these surveillance programs would have been able to stop 9/11, yet the NSA didn't detect the Boston bombings -- even though one of the two terrorists was on the watch list and the other had a sloppy social media trail. Bulk collection of data and metadata is an ineffective counterterrorism tool. Not only is ubiquitous surveillance ineffective, it is extraordinarily costly. I don't mean just the budgets, which will continue to skyrocket. Or the diplomatic costs, as country after country learns of our surveillance programs against their citizens. I'm also talking about the cost to our society. It breaks so much of what our society has built. It breaks our political systems, as Congress is unable to provide any meaningful oversight and citizens are kept in the dark about what government does. It breaks our legal systems, as laws are ignored or reinterpreted, and people are unable to challenge government actions in court. It breaks our commercial systems, as US computer products and services are no longer trusted worldwide. It breaks our technical systems, as the very protocols of the Internet become untrusted. And it breaks our social systems; the loss of privacy, freedom, and liberty is much more damaging to our society than the occasional act of random violence. And finally, these systems are susceptible to abuse. This is not just a hypothetical problem. Recent history illustrates many episodes where this information was, or would have been, abused: Hoover and his FBI spying, McCarthy, Martin Luther King Jr. and the civil rights movement, anti-war Vietnam protesters, and -- more recently -- the Occupy movement. Outside the US, there are even more extreme examples. Building the surveillance state makes it too easy for people and organizations to slip over the line into abuse. It's not just domestic abuse we have to worry about; it's the rest of the world, too. The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn't between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it's between a digital world that is vulnerable to all attackers, and one that is secure for all users. Fixing this problem is going to be hard. We are long past the point where simple legal interventions can help. The bill in Congress to limit NSA surveillance won't actually do much to limit NSA surveillance. Maybe the NSA will figure out an interpretation of the law that will allow it to do what it wants anyway. Maybe it'll do it another way, using another justification. Maybe the FBI will do it and give it a copy. And when asked, it'll lie about it. NSA-level surveillance is like the Maginot Line was in the years before World War II: ineffective and wasteful. We need to openly disclose what surveillance we have been doing, and the known insecurities that make it possible. We need to work toward security, even if other countries like China continue to use the Internet as a giant surveillance platform. We need to build a coalition of free-world nations dedicated to a secure global Internet, and we need to continually push back against bad actors -- both state and non-state -- that work against that goal. Securing the Internet requires both laws and technology. It requires Internet technology that secures data wherever it is and however it travels. It requires broad laws that put security ahead of both domestic and international surveillance. It requires additional technology to enforce those laws, and a worldwide enforcement regime to deal with bad actors. It's not easy, and has all the problems that other international issues have: nuclear, chemical, and biological weapon non-proliferation; small arms trafficking; human trafficking; money laundering; intellectual property. Global information security and anti-surveillance needs to join those difficult global problems, so we can start making progress. The President's Review Group recommendations are largely positive, but they don't go nearly far enough. We need to recognize that security is more important than surveillance, and work towards that goal. This essay previously appeared on TheAtlantic.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 09:26:26 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 10:26:26 -0500 Subject: [Infowarrior] - An NSA-Proof Twitter, Built With Code From Bitcoin and BitTorrent Message-ID: <64FC595B-06D7-4B45-97B8-EE3A25970F55@infowarrior.org> Out in the Open: An NSA-Proof Twitter, Built With Code From Bitcoin and BitTorrent ? By Klint Finley ? 01.13.14 ? 6:30 AM http://www.wired.com/wiredenterprise/2014/01/twister/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 15:13:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 16:13:49 -0500 Subject: [Infowarrior] - =?windows-1252?q?NSA_Data_Has_=91No_Discernible_I?= =?windows-1252?q?mpact=92_on_Terrorism=3A_Report?= Message-ID: <56E85F64-2F33-4FD8-B887-0FC92A2414B2@infowarrior.org> NSA Data Has ?No Discernible Impact? on Terrorism: Report By Chris Strohm - Jan 13, 2014 http://www.bloomberg.com/news/print/2014-01-13/nsa-data-has-no-discernible-impact-on-terrorism-report.html A public policy group says a review of U.S. terrorist arrests shows the government?s collection of bulk phone records does little to prevent terrorism, adding fuel to a debate over whether the spy program should be ended. The nonprofit New America Foundation, based in Washington, analyzed cases involving 225 people recruited by al-Qaeda or other terrorist groups and charged in the U.S. since the Sept. 11, 2001, attacks. The majority of cases started with traditional techniques, such as use of ?informants, tips from local communities, and targeted intelligence operations,? according to a report today from the group, which has been critical of the NSA spy programs. ?Our investigation found that bulk collection of American phone metadata has had no discernible impact on preventing acts of terrorism and only the most marginal of impacts on preventing terrorist-related activity, such as fundraising for a terrorist group,? Peter Bergen, director of the foundation?s national security program, said in a statement. The National Security Agency?s collection and use of bulk phone records, such as numbers dialed and call durations, is one of several surveillance programs exposed by former government contractor Edward Snowden. The disclosures have prompted calls both domestically and overseas for the U.S. to discontinue or alter the programs. Obama Decisions President Barack Obama plans on Jan. 17 to announce his decisions on whether to alter spy programs, which could include requiring Verizon Communications Inc. (VZ), AT&T Inc. (T) and other phone companies to retain phone records for the government. New America Foundation receives funding from both public and private sources, including the Bill and Melinda Gates Foundation and the U.S. Department of State, according to the group?s website. The foundation researches and analyzes a range of topics, including the inner workings of al-Qaeda, global economics and the U.S. education system. The Open Technology Institute, its technology arm, is in a coalition of privacy groups opposed to NSA?s data collection programs. NSA Director Keith Alexander and Director of National Intelligence James Clapper had defended the use of bulk records as being essential to disrupting dozens of domestic and international terrorist plots when it was first exposed in June by Snowden. They since have backed off those claims. Foiled Plots Alexander told the Senate Judiciary Committee Oct. 2 that the program has helped stop only one or two terrorist plots inside the U.S. since it was begun in 2006. Clapper offered a new rationale for the program during the hearing, saying it can be used to provide ?peace of mind? that there aren?t terrorist plots in the works. A White House advisory panel appointed by Obama concluded in a Dec. 18 report the phone records program ?was not essential to preventing attacks? and information needed to disrupt terrorist plots ?could readily have been obtained in a timely manner using conventional? court orders. The five members of the Review Group on Intelligence and Communications Technology are scheduled to testify tomorrow before the Senate Judiciary Committee. The review group recommended putting limits on the NSA, including prohibiting the agency from collecting and storing billions of phone records. Instead, the data should be held by Verizon, AT&T and other carriers or a third party and only accessed by the NSA with a court warrant, the panel said. Senator Patrick Leahy, a Vermont Democrat and chairman of the Judiciary Committee, has introduced legislation in line with the group?s recommendation. ?Move Quickly? Senator Dianne Feinstein, a California Democrat and chairman of the Senate intelligence committee, has vowed to kill legislation that would end the program. Carriers may have to spend $60 million a year to retain the phone records and face burdensome litigation, Feinstein said in a Jan. 9 interview. ?This is to prevent an attack,? Feinstein said of the bulk phone records program. ?You?ve got to move quickly when you have someone that is a known foreign terrorist calling into this country.? Requiring the phone companies keep the records ?presents a huge civil situation,? she said. ?Would every detective or every attorney want to get the records?? NSA spokeswoman Vanee Vines didn?t immediately respond to a request for comment. Kevin Bankston, policy director for the New American Foundation?s Open Technology Institute, has been part of a coalition of privacy advocates calling for the end of the collection of bulk phone records. The foundation describes its work as ?responsible to the changing conditions and problems of our 21st Century information-age economy,? according to the website. The foundation?s board chairman is Google Inc. Chairman Eric Schmidt, an Obama supporter. To contact the reporter on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 15:50:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 16:50:55 -0500 Subject: [Infowarrior] - SCOTUS Lets Stand Ruling Bolstering Gadget Privacy at U.S. Border Message-ID: <699B594C-2923-452B-882F-B7D96CE3145F@infowarrior.org> Supreme Court Lets Stand Ruling Bolstering Gadget Privacy at U.S. Border ? By David Kravets ? 01.13.14 ? 11:23 AM http://www.wired.com/threatlevel/2014/01/scotus-border-gadget-searches/ A convicted sex offender?s loss at the Supreme Court today was indirectly a boost to the privacy rights of travelers crossing the border to the United States. Without issuing a ruling, the justices let stand an appeals court?s decision that U.S. border agents may indeed undertake a search of a traveler?s gadgets content on a whim, just like they could with a suitcase or a vehicle. That is known as the ?border search exception? of United States law, where travelers can be searched without a warrant as they enter the country. The Obama administration has aggressively used this power to search travelers? laptops, sometimes copying the hard drive before returning the computer. However, in a rare win for digital privacy, the 9th U.S. Circuit Court of Appeals? ruling last year concluded that a deeper forensic analysis by border officials using software to decrypt password-protected files or to locate deleted files now requires ?reasonable suspicion? of criminal activity ? an outcome the justices refused to tinker with today. That means, in essence, the authorities must have some facts, rather than a hunch, that illegal activity is afoot to perform a forensic analysis on electronics seized along the border of the western United States. ?The nature of the contents of electronic devices differs from that of luggage as well. Laptop computers, iPads and the like are simultaneously offices and personal diaries. They contain the most intimate details of our lives: financial records, confidential business documents, medical records and private emails,? the San Francisco-based appeals court ruled (.pdf) last year. The 9th Circuit?s rulings cover Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington state. It?s a victory of sorts for the public at large. But for California convicted sex offender Howard Cotterman, the decision upholds a forensic search on his gear that, authorities said, led to the discovery of hundreds of child porn images that can now be admitted in court as evidence. In 2007, he was traveling from Mexico to Arizona. His laptops and cameras were seized and examined by agents 170 miles away in Tucson. He challenged the examination, and lost on appeal. The appeals court found enough ?reasonable suspicion? based on the facts that Cotterman was on a ?lookout? list ? because he was a convicted sex offender and frequently traveled to Mexico, a known destination for sex tourism. What?s more, adding to reasonable suspicion, under what the court labeled as the ?totality of the circumstances,? was the fact that some of the files on one of the laptops were password protected. Cotterman?s lawyers urged the Supreme Court to reverse the decision, and uphold a district court judge?s ruling that the authorities did not have the power to whisk away the gadgets for inspection at all. (.pdf) Surprisingly the government did not take issue with the appellate court?s conclusion that reasonable suspicion was required for a deeper inspection of gadgets, which have become virtual extensions of ourselves, housing everything from email to instant-message chats to our papers and effects. The government argued that reasonable suspicion of criminal activity was present. The government told the justices that Cotterman ?was suspected of sex tourism? (.pdf) and ?petitioner was suspected of being involved in child pornography as part of Operation Angel Watchdog, which targeted registered sex offenders who frequently traveled internationally. David Kravets is a WIRED senior staff writer and founder of the fake news site TheYellowDailyNews.com. He's a dad of two boys and has been a reporter since the manual typewriter days. His PGP fingerprint is 066F 245D 22A0 7511 B36B CB4F 0F53 B742 5919 4A18. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 13 16:48:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jan 2014 17:48:53 -0500 Subject: [Infowarrior] - New cyber-attack model helps predict timing of the next Stuxnet Message-ID: New cyber-attack model helps predict timing of the next Stuxnet It accounts for the properties of vulnerability and the political situation. by Akshat Rathi - Jan 13 2014, 4:53pm EST http://arstechnica.com/science/2014/01/new-cyber-attack-model-helps-predict-timing-of-the-next-stuxnet/ Of the many tricks used by the world?s greatest military strategists, one usually works well?taking the enemy by surprise. It is an approach that goes back to the horse that brought down Troy. But surprise can only be achieved if you get the timing right. Timing which, researchers at the University of Michigan argue, can be calculated using a mathematical model?at least in the case of cyber-wars. James Clapper, the director of US National Security, said cybersecurity is ?first among threats facing America today,? and that?s true for other world powers as well. In many ways, it is even more threatening than conventional weapons, since attacks can take place in the absence of open conflict. And attacks are waged not just to cause damage to the enemy, but often to steal secrets. Timing is key for these attacks, as the name of a common vulnerability?the zero-day attack?makes apparent. A zero-day attack refers to exploiting a vulnerability in a computer system on the same day that the vulnerability is recognized (aka when there are zero days to prepare for or defend against the attack). That is why cyber-attacks are usually carried out before an opponent has the time to fix its vulnerabilities. As Robert Axelrod and Rumen Iliev at the University of Michigan write in a paper just published in PNAS, ?The question of timing is analogous to the question of when to use a double agent to mislead the enemy, where it may be worth waiting for an important event but waiting too long may mean the double agent has been discovered.? Equations are as good as weapons Axelrod and Iliev decided the best way to answer the question of timing would be through the use of a simple mathematical model. They built the model using four variables: ? Cyber-weapons exploit a specific vulnerability. ? Stealth of the weapon measures the chance that an enemy may find out the use of the weapon and take necessary steps to stop its reuse. ? Persistence of the weapon measures the chance that a weapon can still be used in the future, if not used now. Or, put another way, the chance that the enemy finds out their own vulnerability and fixes it, which renders the weapon useless. ? Threshold defines the time when the stakes are high enough to risk the use of a weapon. Beyond the threshold you will gain more than you will lose. Using their model, it is possible to calculate the optimum time of a cyber-attack: When the persistence of a weapon increases, the optimal threshold increases?that is, the longer a vulnerability exists, the longer one can wait before using it. When the stealth of a weapon increases, the optimal threshold decreases?the longer a weapon can avoid detection, the better it is to use it quickly. Based on the stakes of the outcome, a weapon must be used soon (if stakes are constant) or later (if the stakes are uneven). In other words, when the gain from an attack is fixed and ramifications are low, it is best to attack as quickly as possible. When the gain is high or low and ramifications are high, it is best to be patient before attacking. How to plan the next Stuxnet Axelrod and Iliev?s model deserves merit, according to Allan Woodward, a cybersecurity expert at the University of Surrey, because it fits past examples well. Their model perfectly predicts timing of both the Stuxnet attack and Iran?s counter to it. Stuxnet was a worm aimed at interfering with Iran?s attempts to enrich uranium to build nuclear weapons. So, from an American perspective, the stakes were very high. The worm itself remained hidden for nearly 17 months, which means its stealth was high and persistence was low. According to the model, US and Israel should have attacked as soon as Stuxnet was ready. And indeed that is what seems to have happened. Iran may have responded to this attack by targeting the workstations of Aramco, an oil company in Saudi Arabia that supplied oil to the US. Although the US called this the ?most destructive cyber-assault the private sector has seen to date," it achieved little. However, for Iran, the result mattered less than the speed of the response. In a high stakes case, the model predicts immediate use of a cyber-weapon, which is what happened in this case, too. Although the model has been developed for cyber-attacks, it can be equally effective in modeling cyber-defense. Also, the model need not be limited to cyber-weapons; small changes in the variables can be made so that the model can be used to consider other military actions or economic sanctions. Just like the atomic bomb Eerke Boiten, a computer scientist at the University of Kent, said: ?These models are a good start, but they are far too simplistic. The Stuxnet worm, for example, attacked four vulnerabilities in Iran?s nuclear enrichment facility. Had even one been fixed, the attack would have failed. The model doesn?t take that into account.? In their book Cyber War: The Next Threat to National Security and What to Do About It, Richard Clarke and Robert Knake write: It took a decade and a half after nuclear weapons were first used before a complex strategy for employing them, and better yet, for not using them, was articulated and implemented. That transition period is what current cyber-weapons are going through. In that light, the simplicity of Axelrod and Iliev?s model may be more a strength than a weakness for now. PNAS, 2014. DOI: 10.1073/pnas.1322638111 (About DOIs). This article was originally published at The Conversation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 07:43:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 08:43:33 -0500 Subject: [Infowarrior] - Google + Nest = potential privacy concerns Message-ID: When Google closes the Nest deal, privacy issues for the internet of things will hit the big time By Stacey Higginbotham 14 hours ago http://gigaom.com/2014/01/13/when-google-closes-the-nest-deal-privacy-issues-for-the-internet-of-things-will-hit-the-big-time/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 10:14:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 11:14:55 -0500 Subject: [Infowarrior] - Appeals court strikes down net neutrality Message-ID: <73F55A23-39A9-4D15-B206-FF18E02A7307@infowarrior.org> (c/o JH) January 14, 2014, 10:23 am Court strikes down net neutrality By Kate Tummarello http://thehill.com/blogs/hillicon-valley/technology/195360-court-strikes-down-net-neutrality-rules A federal appeals court on Tuesday struck down the Obama administration?s net-neutrality rules. The D.C. Circuit Court of Appeals ruled that the Federal Communications Commission overstepped its authority by prohibiting Internet providers from treating traffic differently based on where its coming from. By classifying Internet access as an ?information service? as opposed to a ?telecommunications service? ? which is the classification used for traditional telephone companies ? the FCC cannot impose its ?anti-discrimination? and ?anti-blocking? rules on Internet providers, the court said. ?Given that the Commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers, the Communications Act expressly prohibits the Commission from nonetheless regulating them as such.? The decision is blow to President Obama, who made net neutrality a campaign pledge in 2008, and erases one of the central accomplishments of former FCC Chairman Julius Genachowski. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 14:48:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 15:48:12 -0500 Subject: [Infowarrior] - RIAA's Boss Thinks He Knows Better Than Google How To Build A Search Engine Message-ID: <8308064A-9529-4C76-AAF6-95F953911DDA@infowarrior.org> RIAA's Boss Thinks He Knows Better Than Google How To Build A Search Engine http://www.techdirt.com/articles/20140113/10303125849/riaas-boss-thinks-he-knows-better-than-google-how-to-build-search-engine.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 15:09:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 16:09:45 -0500 Subject: [Infowarrior] - Why Does Anyone Still Believe the NSA? Message-ID: Why Does Anyone Still Believe the NSA? http://www.ritholtz.com/blog/2014/01/why-does-anyone-still-believe-the-nsa/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 15:18:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 16:18:36 -0500 Subject: [Infowarrior] - =?windows-1252?q?_NSA_phone_data_collection_=27no?= =?windows-1252?q?t_essential=27=2C_judiciary_chair_says_=96_live?= Message-ID: <60F207AD-60E3-4CF7-B7ED-99C31B517B1A@infowarrior.org> (DiFi again showing she isn't paying attention to the witnesses' testimony and reminding us that she's a clueless surveillance apologist. --rick) http://www.theguardian.com/world/2014/jan/14/nsa-review-panel-reforms-congress-live RECESS .... Here's a summary of where things stand: ? The five members of the president's review group on intelligence and communications technologies appeared before congress to discuss their 46 recommendations for intelligence reform unveiled last month. ? Up for discussion were potential reforms including the relocation or dispersal of the government's phone records database; requiring court orders for database queries and/or national security letters; introducing a public advocate on the Fisa court; and making the process by which the government obtains information through national security letters or Fisa court orders more transparent. ? A mini-debate broke out as to whether the most widely discussed NSA surveillance program, the bulk collection of phone records, had been essential to preventing any terror attacks. Chairman Patrick Leahy said no. Senator Dianne Feinstein said yes. "The word 'essential' I think is a word that is often debated," Feinstein said. ? Former CIA acting director Michael Morell equated phone metadata with phone call content, in terms of how sensitive and information-rich it is. "There is not in my mind a sharp distinction between metadata and content," Morell said. ? Former counter-terror czar Richard Clarke explained that while it was not possible to replay history, the failure to prevent 9/11 is best put down to the failure of intelligence agencies to communicate, as opposed to the lack of a bulk phone records collection program. Clarke also dismissed the need for warrantless surveillance in a hypothetical scenario in which 9/11 was stopped. ? Morell said that just because bulk phone records collection may not have stopped a terror plot, that did not mean the program was not valuable. "The program only has to be successful once to be invaluable," he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 19:44:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 20:44:32 -0500 Subject: [Infowarrior] - Spy court judge slams proposed privacy advocate Message-ID: <51288DA5-6A81-4E6C-8E2F-C8C11A5DC210@infowarrior.org> Spy court judge slams proposed privacy advocate Jan 14, 7:29 PM (ET) By STEPHEN BRAUN and KIMBERLY DOZIER http://apnews.myway.com/article/20140115/DABATCVO3.html WASHINGTON (AP) - The U.S. judiciary told Congress on Tuesday it opposes the idea of having an independent privacy advocate on the secret Foreign Intelligence Surveillance Court, while members of Congress lauded the idea at a Capitol Hill hearing. Speaking for the entire U.S. judiciary, U.S. District Judge John D. Bates sent a letter to the Senate Intelligence Committee saying that appointing an independent advocate to the secret surveillance court is unnecessary and possibly counterproductive, and he slammed other key reforms as adding too heavy a caseload to the secret court's work. In FISA court hearings, judges only hear from the government seeking a spy warrant. Bates said opening the proceeding to an advocate for privacy in general - who would never meet the suspect or be able to defend the charges against him - wouldn't create the kind of back and forth seen in open criminal or civil court proceedings. "Given the nature of FISA proceedings, the participation of an advocate would neither create a truly adversarial process nor constructively assist the courts in assessing the facts," he wrote. Members of the presidential task force that recommended such an advocate defended the proposal before the Senate Judiciary Committee, as did Chairman Patrick Leahy, D-Vt., during a hearing on the NSA's surveillance programs Tuesday. Cass Sunstein, a member of the Review Group on Intelligence and Communications Technologies, said the secret court should not be making decisions on law or policy without an opposition voice. "We don't think that's consistent with our legal traditions," Sunstein said. He also said that a public advocate would only be needed for a small number of cases because most FISA proceedings do not involve "issues of law or policy." Those competing points of view are playing out as President Barack Obama decides what changes he'll back and unveil in a speech Friday to satisfy privacy, legal and civil liberties concerns over the NSA's surveillance practices. Bates, the former FISA chief judge, also rejected the panel's recommendation that the government seek court approval every time it wants to obtain information in cases of national security, known as a national security letter. Roughly 20,000 such letters are issued every year. Bates said it would create too much work for the court, even if staff were added to handle the caseload. Bates was speaking for the judiciary in his current role as the administrative judge of the United States courts. In his letter, Bates said a public advocate would not be able to provide an independent factual investigation because of the court's "operational security reasons." But he did not detail any constitutional impediments. Rep. Adam Schiff, an advocate for FISA reform, said Tuesday that reformers aren't pushing for an independent advocate in all cases. "It would only be for the request to bless broad programs or for novel constitutional issues," the California Democrat said in an interview Tuesday. Schiff, a senior member of the House intelligence committee, added that requiring the court to sign off on National Security Letters would create more work, but that's no excuse to skip the reforms. Task force members also defended their proposal to shift the government's massive inventory of Americans' phone records from the NSA to telephone companies. When Sen. Charles Grassley, R-Iowa, raised concerns about whether phone companies could safely hold phone metadata, Geoffrey Stone, a University of Chicago law professor, acknowledged that could be a concern. But Stone said the panel concluded there was a much greater threat posed by possible government abuse of the phone data in the future. Keeping the records with the NSA, Stone said, "leaves sitting out there a huge amount of personal information about Americans that could be abused in awful ways." The task force members reiterated their report's conclusions that the bulk phone collection had not proved critical to past terrorism cases. Former CIA Acting Director Michael Morell said the NSA's sweeps of foreign computer users' Internet data has proven "much more valuable" in counterterrorism cases than the agency's collection of domestic phone records from Americans. The phone companies don't want the job of storing the records, however. Executives and their lawyers have complained about the plan in confidential meetings with administration officials and key congressional intelligence and other committees, according to interviews by The Associated Press. Two phone executives familiar with the discussions said the cellular industry told the government that it prefers the NSA keep control over the surveillance program and would only accept changes if they were legally required. The executives spoke on condition of anonymity because they were not authorized to disclose the private discussions. But there have been public complaints, too. "Our members would oppose the imposition of data retention obligations that would require them to maintain customer data for longer than necessary," said Jot Carpenter, vice president of government affairs for CTIA-The Wireless Association, the trade group for the cellular phone industry. Liability is a key concern for phone companies, which could be sued if hackers or others were able to gain unauthorized access to the records. Under the Patriot Act, which governs the NSA's phone collection program, the phone companies are free of legal responsibility for disclosing customer records to the government in counterterrorism investigations. Industry lawyers say similar protections could be broadened to cover phone companies holding customer data for the NSA, but it's unclear whether Congress would pass them. A former top NSA lawyer and Bush administration national security official who has represented phone firms, Stewart Baker, said Congress only grudgingly granted legal protections to the phone companies in the immediate years after the 9/11 attacks. "The phone companies were seared by their experience in Congress and can't be enthusiastic about a return engagement," Baker said. Even with broader legal protections, the companies would expect to cope with a surge in demands for business records from local prosecutors, private lawyers, insurance firms and others. Companies already retain some customer records, but the duration of their storage and the kinds of records they keep vary. While T-Mobile keeps records for seven to 10 years, according to a recent Senate Commerce Committee study, other major firms - including Verizon, US Cellular and Sprint - keep them less than two years. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 14 20:21:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jan 2014 21:21:12 -0500 Subject: [Infowarrior] - Scholar Wins Court Battle to Purge Name From U.S. No-Fly List Message-ID: Scholar Wins Court Battle to Purge Name From U.S. No-Fly List ? By David Kravets ? 01.14.14 ? 6:51 PM http://www.wired.com/threatlevel/2014/01/no-fly-ruling/ A former Stanford University student who sued the government over her placement on a U.S. government no-fly list is not a threat to national security and was the victim of a bureaucratic ?mistake,? a federal judge ruled today. The decision (.pdf) makes Rahinah Ibrahim, 48, the first person to successfully challenge placement on a government watch list. Ibrahim?s saga began in 2005 when she was a visiting doctoral student in architecture and design from Malaysia. On her way to Kona, Hawaii to present a paper on affordable housing, Ibrahim was told she was on a watch list, detained, handcuffed and questioned for two hours at San Francisco International Airport. The month before, the FBI had visited the woman at her Stanford apartment, inquiring whether she had any connections to the Malaysian terror group Jemaah Islamiyah, according to the woman?s videotaped deposition played in open court. U.S. District Judge William Alsup ordered the government to either purge her name from the list, or certify that it has already been removed. Federal watch lists contain some 875,000 names. (The judge is set to unseal a larger judicial order that discloses whether the woman is indeed currently on a watch list. However, he gave the government until April 15 to ask a federal appeals court to bar its publication.) Ibrahim was not seeking monetary damages. She wanted to clear her name, her attorney, Elizabeth Marie Pipkin said in court last month. Pipkin and a team of lawyers handled the case pro bono, spending $300,000 in court costs and racking up $3.8 million in legal fees covering some 11,000 hours of work, she said. ?Why in the United States of America does it cost that much to clear a woman?s name?? she asked in a telephone interview. The woman, who is now a professor in Malaysia, eventually was allowed to leave the United States but has been denied a return visit, even to her own civil trial. The trial last month was shrouded in extraordinary secrecy, with closed court hearings and non-public classified exhibits. Judge Alsup today issued his full judgement under seal, but made public an abbreviated version that we?re allowed to know about. David Kravets is a WIRED senior staff writer and founder of the fake news site TheYellowDailyNews.com. He's a dad of two boys and has been a reporter since the manual typewriter days. His PGP fingerprint is 066F 245D 22A0 7511 B36B CB4F 0F53 B742 5919 4A18. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 15 07:15:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jan 2014 08:15:55 -0500 Subject: [Infowarrior] - CBP drone program larger than first reported Message-ID: https://www.eff.org/deeplinks/2014/01/newly-discovered-drone-records-show-customs-border-protection-flew-its-predator January 14, 2014 | By Jennifer Lynch Customs & Border Protection Loaned Predator Drones to Other Agencies 700 Times in Three Years According to ?Newly Discovered? Records Customs & Border Protection recently ?discovered? additional daily flight logs that show the agency has flown its drones on behalf of local, state and federal law enforcement agencies on 200 more occasions more than previously released records indicated. Last July we reported, based on daily flight log records CBP made available to us in response to our Freedom of Information Act lawsuit, that CBP logged an eight-fold increase in the drone surveillance it conducts for other agencies. These agencies included a diverse group of local, state, and federal law enforcement?ranging from the FBI, ICE, the US Marshals, and the Coast Guard to the Minnesota Bureau of Criminal Investigation, the North Dakota Bureau of Criminal Investigation, the North Dakota Army National Guard, and the Texas Department of Public Safety. < - > Sen. Dianne Feinstein was concerned enough about drone surveillance to amend last term?s Senate Immigration Bill to restrict CBP?s flights in California to within three miles of the border. We should be similarly concerned about CBP?s flights throughout the country?especially when CBP still refuses to reveal exactly which state and local agencies it?s working with. We?ll be arguing just that point in the hearing on our Cross Motion for Summary Judgment in the case this coming Wednesday. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 15 07:18:30 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jan 2014 08:18:30 -0500 Subject: [Infowarrior] - Congress to intelligence community: Show me the money Message-ID: Congress to intelligence community: Show me the money Posted By Alexis Levinson On 7:06 PM 01/14/2014 http://dailycaller.com/2014/01/14/congress-to-intelligence-community-show-me-the-money/?print=1 WASHINGTON ? A bipartisan group of members of congress is asking the White House to declassify the so-called black budget, the budget that funds intelligence operations and make public the amount of money spent on by each agency involved. There are 16 agencies that are involved in intelligence for the U.S., and the budget for doing so cannot be found anywhere in the 1,500-page appropriations bill that congress will vote on this week. Rather, their budgets are considered classified, kept secret from Americans and even from most members of congress. But several lawmakers want to change that. The goal, said Vermont Democratic Rep. Peter Welch, a sponsor of the bill, is ?to try to get back to the right balance between security and privacy? and to restore ?accountability? to the process. ?The biggest threat to the implementation of a vital national program is the combination of unlimited money with nonexistent oversight, and that?s essentially the situation that congress has allowed to develop in the critical work of intelligence gathering,? he said at a press conference Tuesday. Welch told The Daily Caller after the press conference that the legislation was not directly related to the treasure trove of classified documents released last year by Edward Snowden, one of which was the black budget for a number of the agencies indicating that the United States spends about $52 billion a year on intelligence. However, Welch said Snowden?s releases ?really raised the question as to whether we?re way out of balance in the security versus privacy balance.? ?The revelation that there?s this huge metadata program where everybody?s phone logs and everybody?s emails are in custody of the NSA is very disturbing,? Welch said. ?That wasn?t the intent of the Patriot Act, and it?s given an indication that there?s a lack of oversight when it comes to intelligence gathering activities.? Whereas Snowden released all the information about the budgets, with breakdowns for how the funds would be allocated, lawmakers only want the top line sum to be put out there. ?Their sources and methods should be private,? said Wyoming Republican Rep. Cynthia Lummis, a co-sponsor of the legislation. ?We are not asking them to delve into their sources and methods, and we are not asking them to delve deeper into their budget priorities, other than to give us the topline.? ?We believe those topline numbers are appropriate for the American people to know; we believe those topline numbers are appropriate for members of congress to know,? she said. The top lines would give people ?a better understanding of where American taxpayer dollars are being spent,? said New York Democratic Rep. David Price, another sponsor of the legislation. It would also give people a comparison from year to year, illustrated which agencies were becoming more or less dominant, said Lummis. The bill was originally recommended by the 9/11 Commission, which was set up to, among other functions, look at ways to prevent future attacks like the one on the Twin Towers. Former House Intelligence Committee Chairman and Vice Chair of the 9/11 Commission Lee Hamilton endorsed the bill. The lawmakers sponsoring the legislation span the length of the ideologically spectrum. In addition to Welch, Lummis, and Price, Democratic Rep. Luis Gutierrez of Illinois, and Republican Reps. James Sensenbrenner, Jim Jordan, and Justin Amash have signed on as sponsors. The sixteen agencies that would have to reveal their spending habits are: Air Force Intelligence, Army Intelligence, CIA, Coast Guard Intelligence, Defense Intelligence Agency, Department of Energy, Department of Homeland Security, Department of State, Treasury Department, Drug Enforcement Administration, FBI, Marine Corps Intelligence, National Geospatial-Intelligence Agency, National Reconnaissance Office, National Security Agency, and Navy Intelligence. Lawmakers acknowledged potential criticism that revealing the budget would give enemies of the U.S. sensitive information, but said they believed revealing the top line would not do any harm. ?I don?t think [protection of the U.S.] will be compromised,? Price said. ?In fact, it might be enhanced by confirming, rather than simply leaving to speculation, the substantial sums that we invest in our intelligence capabilities.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 15 07:24:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jan 2014 08:24:21 -0500 Subject: [Infowarrior] - =?windows-1252?q?NASDAQ_won=92t_operate_price-quo?= =?windows-1252?q?te_technology?= Message-ID: <3F80CD52-876F-4C62-9C1B-F41179F87E26@infowarrior.org> Nasdaq won?t operate price-quote technology By Dina ElBoghdady http://www.washingtonpost.com/business/economy/nasdaq-wont-operate-price-quote-technology/2014/01/14/839522c8-7d76-11e3-93c1-0e888170b723_print.html Nasdaq will no longer operate the technology that distributes price quotes of all Nasdaq-listed stocks to the public, after failing to gain support for a revamp of the glitchy software, which has disrupted markets and attracted scrutiny from regulators. The price feeds to the public will not be interrupted, but the decision helps Nasdaq distance itself from any future trading mishaps tied to the software, which is collectively owned by a committee made up primarily of various exchanges. Nasdaq has been trying to overhaul the technology since it malfunctioned five months ago and forced the exchange to halt trading for more than three hours. The high-profile meltdown clobbered the company?s reputation and caught the attention of the Securities and Exchange Commission, which has proposed that the ?nation?s exchanges abide by certain minimum technology-testing standards. Feeling the heat, Nasdaq repeatedly asked the committee to swiftly approve 10 major upgrades for the technology. It detailed its recommendations in a Nov. 11 letter to the committee?s chairman, Tom Knorring, an executive at the Chicago Board Options Exchange. In a Nov. 25 follow-up letter, reviewed by The Washington Post, Nasdaq informed the committee that it was ending its contract. The letter essentially serves as a two-year notice, a person familiar with the matter said. In the meantime, the committee will have to search for another company to run the system. The letter suggests that Nasdaq felt cornered. Without the upgrades, it is ?impossible? for Nasdaq to represent to the SEC or the public that the technology is ?as resilient and robust as it can possibly be,? wrote Brian Hyndman, a senior vice president at Nasdaq OMX. Knorring could not be reached for comment. Nasdaq declined to comment, as did the SEC. The agency?s chairman, Mary Jo White, directed the heads of the exchanges to address market vulnerabilities after Nasdaq?s meltdown Aug. 22. Since then, other trading debacles tied to the software have erupted. The technology at issue came about in response to the trading landscape that was dominated by the New York Stock Exchange, which, decades ago, was often accused of withholding price information from smaller competitors, according to market experts. To level the playing field, a law was adopted that effectively forced the exchanges to pool their trading data and display the best prices for individual stocks. A company?s stock trades on many exchanges, and the idea was to aggregate all the bids and offers and provide an authoritative best price in one consolidated feed for all investors to see. The aggregation is done by two securities information processors, or SIPs ? the one administered by Nasdaq and another by the New York Stock Exchange. The technology has been a source of controversy for years, and many experts on market structure say it is an antiquated system struggling to keep up in a market dominated by high-speed traders. They say that even when the technology is functioning properly, it is slow by today?s standards and inadvertently creates trading advantages for the market?s most sophisticated players. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 15 07:40:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jan 2014 08:40:53 -0500 Subject: [Infowarrior] - NYT: WH to Place Some Restraints on Surveillance Message-ID: (If true, this is nothing more than a cosmetic 'fix' that does little to change things. As expected, I might add. Because, you know, ZMGTERRORISTS. --rick) Obama to Place Some Restraints on Surveillance By PETER BAKER and CHARLIE SAVAGEJAN. 14, 2014 http://www.nytimes.com/2014/01/15/us/politics/judge-warns-proposed-safeguards-could-hamper-surveillance-court.html WASHINGTON ? President Obama will issue new guidelines on Friday to curtail government surveillance, but will not embrace the most far-reaching proposals of his own advisers and will ask Congress to help decide some of the toughest issues, according to people briefed on his thinking. Mr. Obama plans to increase limits on access to bulk telephone data, call for privacy safeguards for foreigners and propose the creation of a public advocate to represent privacy concerns at a secret intelligence court. But he will not endorse leaving bulk data in the custody of telecommunications firms, nor will he require court permission for all so-called national security letters seeking business records. The emerging approach, described by current and former government officials who insisted on anonymity in advance of Mr. Obama?s widely anticipated speech, suggested a president trying to straddle a difficult line in hopes of placating foreign leaders and advocates of civil liberties without a backlash from national security agencies. The result seems to be a speech that leaves in place many current programs, but embraces the spirit of reform and keeps the door open to changes later. The decision to provide additional privacy protections for non-American citizens or residents, for instance, largely codifies existing practices but will be followed by a 180-day study by the director of national intelligence about whether to go further. Likewise, instead of taking the storage of bulk data out of government hands, as recommended by a review panel he appointed, Mr. Obama will leave it in place for now and ask lawmakers to weigh in. The blend of decisions, to be outlined in a speech at the Justice Department and in a presidential guidelines memorandum, will be Mr. Obama?s highest-profile response to the disclosures about the National Security Agency made in recent months by Edward J. Snowden, a former N.S.A. contractor who has fled to Russia. But as intelligence officials have sorted through Mr. Obama?s evolving position, they have been divided about how significant his adjustments will be. Some officials complained that the changes will add layers of cumbersome procedure that will hinder the hunt for potential terrorists, while others expressed relief that Mr. Obama is not going further and confidence that they could still work within the new guidelines without sacrificing much. ?Is it cosmetic or is there a real thumb on the scale in a different direction?? asked one former government official who worked on intelligence issues. ?That?s the question.? The White House said the president?s review is incomplete and would not comment further Tuesday. The developments came as the nation?s judiciary waded into the highly charged debate. In a letter made public on Tuesday, a judge designated by Chief Justice John G. Roberts Jr. to express the views of the judicial branch warned that some changes under consideration would have a negative ?operational impact? on a secret foreign intelligence court. Judge John D. Bates, a former chief judge of the Foreign Intelligence Surveillance Court, urged Mr. Obama and Congress not to alter the way the court is appointed or to create an independent public advocate to argue against the Justice Department in secret proceedings. Any such advocate, he wrote, should instead be appointed only when the court decided one was needed. Judge Bates objected to the workload of requiring that courts approve all national security letters, which are administrative subpoenas allowing the F.B.I. to obtain records about communications and financial transactions without court approval. And he raised concerns about greater public disclosure of court rulings, arguing that unclassified summaries would be ?likely to promote confusion and misunderstanding.? The judge?s letter, versions of which he sent to the leaders of several congressional committees, was released as all five members of Mr. Obama?s surveillance review group testified Tuesday before the Senate Judiciary Committee, seeking support for their recommendations. Illustrating the cross-pressures on the president, the advisers argued for the appointment of the independent version of a public advocate, a recommendation the president is expected to follow, though it is not clear how he will structure the position. ?We admire Judge Bates and respect his views,? said Cass R. Sunstein, of Harvard Law School and a former Obama White House official who served on the review panel. ?We respectfully disagree with that one, on the ground that the judge sometimes is not in the ideal position to know whether a particular view needs representation and that in our tradition, standardly, the judge doesn?t decide whether one or another view gets a lawyer.? The judge?s objection to the proposal on national security letters dovetailed with that of the F.B.I. director, James B. Comey, who argued it would be inefficient to have to go to a judge each time records were sought. Mr. Obama has decided not to require court approval in every case, but might still require it in some circumstances, according to one administration official. Mr. Obama will cut back on the number of people whose phone records can be examined by the N.S.A. through its bulk data program. Currently the agency can scrutinize call records of people as far as three steps, or ?hops,? removed from a suspect. Mr. Obama?s review panel proposed limiting searches to people just two steps removed. He is also likely to cut down the number of years such data can be retained; currently it is deleted after five years. But the president will not, at least for now, back the panel?s suggestion that telecommunications firms keep such data and that the government be allowed to tap into those databases only when necessary. Intelligence officials complained it would be inefficient to have to go to multiple companies, so some officials proposed creating an independent consortium to store the data instead. Mr. Obama has decided against keeping the data at the private providers because they do not want that responsibility, officials said, and no independent consortium currently exists. As a result, he will ask Congress to work with him to determine the best way to store the data. He also appears likely to reject the idea of separating code breakers and code makers. Some critics of the N.S.A. were disturbed that the agency?s encryption team charged with bolstering online security systems against hackers was working with the team that tries to penetrate computer systems used by terrorists. The letter by Judge Bates was accompanied by 15 pages of often specific comments about possible surveillance reforms. It is highly unusual for judges to weigh in on public policy debates involving the other two branches of government, but Judge Bates, the director of the Administrative Office of the United States Court, said that Chief Justice Roberts had designated him to ?act as a liaison? and that he had consulted other judges. The judge emphasized that his comments were meant to address smooth operation of the court and were ?not intended as expressions of support or opposition to particular introduced bills.? Still, his comments went beyond workload issues. He objected to a proposal by Mr. Obama?s review group to take away Chief Justice Roberts?s sole power to appoint the 11 judges of the surveillance court and have them picked instead by the chief judges of the appeals courts. Ten of the 11 current judges were appointed by Republican presidents, and critics have called for more diversity. ?The chief justice is uniquely positioned to select qualified judges,? Judge Bates argued. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 15 08:05:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jan 2014 09:05:10 -0500 Subject: [Infowarrior] - Silent Circle unveiling secure mobile phone Message-ID: <0830CC06-96E8-4F87-81D6-6EE50DEBD4EE@infowarrior.org> New Blackphone aims to quash surveillance threat Developed by security experts including those from Silent Circle, the Android-powered Blackphone is designed make snooping far more difficult. by Charlie Osborne January 15, 2014 5:48 AM PST http://news.cnet.com/8301-1035_3-57617252-94/new-blackphone-aims-to-quash-surveillance-threat/ A new Android-powered smartphone soon to be launched will put privacy and control directly in the hands of its users. On Wednesday, Silent Circle and Geeksphone announced the formation of a new Switzerland-based joint venture and its first surveillance-thwarting product, the Blackphone. Powered by a security-oriented Android build named PrivatOS, Blackphone is touted as a carrier and vendor-independent smartphone that will allow consumers and businesses to make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising privacy on the device. The smartphone is the brainchild of security and technology specialists including Phil Zimmermann, creator of PGP; Javier Aguera, co-founder of Geeksphone; Jon Callas, co-founder of PGP Inc. and CTO of Silent Circle; Rodrigo Silva-Ramos, co-founder of Geeksphone; and Mike Janke, CEO of Silent Circle and former U.S. Navy SEAL. "I have spent my whole career working towards the launch of secure telephony products," said Zimmermann. "Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect." Blackphone will be unveiled at Mobile World Congress, in Barcelona, Spain, and preorders will be taken at the end of February. There are no current details available on the gadget's price. Geeksphone is a Madrid-based firm that develops and promotes open source mobile solution. Washington, D.C.-based Silent Circle is a global encrypted communications service well-known for providing secure e-mail service Silent Mail, before the founders chose to shutter the service in light of US agency spying revelations. This story originally appeared at ZDNet under the headline "Blackphone: A smartphone designed to stop spying eyes." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 15 09:58:05 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jan 2014 10:58:05 -0500 Subject: [Infowarrior] - Lawmakers threaten TSA with private screeners Message-ID: <19886B84-54D0-40AD-BB5F-A26882AD85A4@infowarrior.org> Lawmakers threaten TSA with private screeners Bart Jansen, USA TODAY 6:21 p.m. EST January 14, 2014 http://www.usatoday.com/story/travel/news/2014/01/14/tsa-private-screeners-airports-mica-orlando-connolly/4473961/ WASHINGTON ? Members of a House panel threatened Tuesday to privatize more airport screening unless the Transportation Security Administration improves its treatment of travelers. Rep. John Mica, R-Fla., said he plans legislation "one way or the other" to privatize all federal screeners within two years. He would leave TSA in charge of gathering intelligence, setting standards and running audits. "If you come to Orlando airport or Sanford airport, what is going on is almost criminal to American citizens, the way they are treated," said Mica, head of the Oversight and Government Reform subcommittee on government operations, which held a hearing on private screeners. "This is the mess we've created." The criticism came the same day Congress began debating a spending bill that would cut $225 million from TSA and cap the number of screeners at 46,000. The top Democrat on the committee, Rep. Gerald Connolly of Virginia, said 48,000 workers are categorized as screeners. But Kelly Hoggan, TSA's assistant administrator for security operations, said some of those workers categorized as screeners are actually managers and supervisors, so it isn't immediately clear how the cap will affect checkpoints. Hoggan assured Connolly that the agency would perform its job with the funding provided. TSA performance remained a concern for lawmakers. Connolly said it was inexcusable for TSA screeners to bark 20 orders at him and other travelers during his last trip over the weekend ? back up, put your hands up, take your shoes off ? without saying please. He urged the agency to become more polite or risk legislation. "When we mistreat them by barking orders at them as if they are cattle, not people, we actually diminish spirit of cooperation," Connolly said. "I've had it, and I think a lot of the public has had it. There is no excuse for it." Screening jobs are tough because the staffers must be constantly alert for contraband while still providing customer service, Hoggan said. The Nov. 1 shooting death of TSA Officer Gerardo Hernandez at a checkpoint at Los Angeles International Airport illustrates the perils involved with the job. New hires receive 80 hours of training, followed by on-the-job training of 40 hours, plus more training for specific equipment, Hoggan said. In addition, the agency provides integrity and leadership training for supervisors, he said. "It's a difficult job," Hoggan said. "Customer service is part of the training." The hearing occurred two years after Congress approved legislation to speed up airport applications for private screening. TSA's Screening Partnership Program now has 14 airports with private contractors as 1,849 screeners, which federal officials oversee. The largest participating airportsare in San Francisco and Kansas City, but half are small with less than 10,000 passengers per year. Another six airports have been approved to participate, but are awaiting contract awards. Mica was upset that Orlando Sanford International Airport, which was approved to take part, is still waiting for contract approval after two years. "It's a slow roll," Mica said. TSA has streamlined the application process, with a goal to move within one year from application to contract award, Hoggan said. The agency held a meeting with 100 security contractors Jan. 10 to describe the private screening program, he said. "As noted at the outset, we strive to maximize security not only by keeping ahead of current threats identified by intelligence, but by maintaining security systems that focus our resources on areas where they will yield the optimal benefit," Hoggan said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 16 13:31:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jan 2014 14:31:36 -0500 Subject: [Infowarrior] - NSA collects millions of text messages daily in 'untargeted' global sweep Message-ID: <849DA1B4-A614-4C55-AFF9-D076452F89F0@infowarrior.org> NSA collects millions of text messages daily in 'untargeted' global sweep ? NSA extracts location, contacts and financial transactions ? 'Dishfire' program sweeps up 'pretty much everything it can' ? GCHQ using database to search metadata from UK numbers The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents. The untargeted collection and storage of SMS messages ? including their contacts ? is revealed in a joint investigation between the Guardian and the UK?s Channel 4 News based on material provided by NSA whistleblower Edward Snowden. The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of ?untargeted and unwarranted? communications belonging to people in the UK. The NSA program, codenamed Dishfire, collects ?pretty much everything it can?, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets. The NSA has made extensive use of its vast text message database to extract information on people?s travel plans, contact books, financial transactions and more ? including of individuals under no suspicion of illegal activity. An agency presentation from 2011 ? subtitled ?SMS Text Messages: A Goldmine to Exploit? ? reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as ?Prefer? conducted automated analysis on the untargeted communications. <- > http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 16 13:37:02 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jan 2014 14:37:02 -0500 Subject: [Infowarrior] - Stanford researchers: surveillance threatens U.S. business climate, democracy Message-ID: Stanford Report, January 16, 2014 Surveillance threatens U.S. business climate, democracy, say Stanford researchers Stanford scholars say blanket mass surveillance undermines the U.S. economy by creating the global perception of an unsafe American business climate. Meanwhile, the technology behind surveillance is evolving well ahead of the law. As a result, privacy and civil liberty concerns are mounting. By Clifton B. Parker http://news.stanford.edu/news/2014/january/business-spying-dangers-011614.html Mass surveillance by U.S. intelligence agencies is jeopardizing America's reputation as a safe place to do business, according to a Stanford scholar. "We are no longer seen as a safe business climate," said Aleecia M. McDonald, director of privacy at Stanford's Center for Internet and Society. "It is difficult to convey the intensity of international outrage over the U.S.'s conduct," as revealed by document leaker Edward Snowden. Snowden, a former National Security Agency (NSA) contractor, released voluminous documents describing a massive U.S. surveillance effort, both domestically and abroad. As McDonald points out, the NSA tapped into German Chancellor Angela Merkel's cell phone and news reports indicate that the agency eavesdropped on more than 35 international politicians, including heads of state and senior officials in the European Union. This has economic repercussions, she said. "U.S. companies are frustrated that the NSA is also collecting the user data they collect themselves," she said. "There is no longer a clear-cut distinction between government and corporate tracking within the U.S." McDonald, whose research focuses on Internet privacy, behavioral economics and online privacy, said that the NSA's actions have hurt American interests worldwide. In particular, the Snowden affair revealed that the "breadth and depth of surveillance is far more intense than imagined," McDonald said. The NSA every day is monitoring millions of phone calls, email messages, instant messages and address books. "This puts U.S. businesses in a difficult bind," said McDonald. Despite knowing their Internet browser cookies may be used for NSA tracking, companies are not planning to make changes to their lucrative advertising networks. "The difficulty businesses face is that massive data collection about their users is the underlying business model for most Internet companies," she said. McDonald recently joined hundreds of other higher education scholars from around the world to sign a petition calling for an end to the surveillance. "This has to stop. ? Without privacy, people cannot freely express their opinions or seek and receive information," the petition states. Surveillance law still evolving In the courts, the issue is uncharted territory ? no government has ever before had the technological power or the economic ability to eavesdrop on such a massive scale. Then the question arises: How is mass surveillance threatening the rule of law and democracy? Bruce M. Owen, director of Stanford's Public Policy Program and a senior fellow at the Stanford Institute for Economic Policy Research, says that the Founding Fathers like Thomas Jefferson believed that "we, the people" were the only legitimate source of political power. "Protecting liberty required constraints on potentially tyrannical central government," Owen said. Of course, government has legitimate functions, he noted, and as a result, a tradeoff exists between the ability of the government to protect the people from crime or foreign threats while maintaining individual liberty. However, technology often evolves well ahead of the justice system. "Current laws reflect this tradeoff, but may not take account of new technologies that make it easier for the government to invade the private domain," said Owen, whose research focuses on the economic analysis of law, especially in the areas of telecommunications and mass media. It will take new civil protections to simply maintain the degree of privacy that Americans have experienced in the past, he said. International treaties can help protect the fundamental rights of people against mass surveillance by governments. "To the extent that current technology permits U.S. citizens' liberty to be invaded by foreign governments, and vice versa, countervailing treaties are an appropriate remedy," he said. The U.S. government is not great at policing itself, he said. "We, the people, have to put some effort into preserving our liberties. One can see Snowden as a martyr in this cause. Of course, martyrs by definition must pay a price for their words or actions." As for Snowden's role in the release of NSA documents, Owen said, "Just because you can do something ? doesn't automatically make the doing of it right or just." Legal process: 'slow' Jonathan Mayer, a doctoral student in computer science and Cybersecurity Fellow at the Center for International Security and Cooperation, said that the law is still evolving in our highly digital world ? and right now, it does not go far enough in safeguarding privacy. "The NSA's mass surveillance programs are not unlimited. They are bound by legal rules. But our computer science research suggests that those legal rules fail to protect Americans' privacy," Mayer said in an email during a trip to Cambodia. Mayer noted that the NSA can legally compel an American company to divulge records about foreigners, with no individualized judicial review and little transparency. "The legal process is slower and more cumbersome than technical surveillance, to be sure, but still leaves much of the globe at risk," Mayer co-wrote in a 2013 article with Edward Felten of Princeton University. "As long as companies collect and retain tracking data, there will be a risk of disclosure through legal process, and users, especially those overseas, will be wary." As for the NSA's claim last year that it was only collecting nameless phone numbers on Americans in its mass surveillance efforts, Mayer and another colleague, Patrick Mutchler, conducted an experiment of their own last year. They randomly sampled 5,000 phone numbers from a data set known as MetaPhone and attempted to match those with entries in Yelp, Google Places and Facebook. They matched 1,356 (27 percent) of the numbers. "If a few academic researchers can get this far this quickly, it's difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers," Mayer wrote in a blog post. Chilling effect on speech, behavior Richard Forno, a junior affiliate scholar with the Center for Internet and Society, warns that mass surveillance can create conformity in social thought and interactions. "If a person believes they are constantly being watched, they will, over time, conform to what they think those watching them will deem as 'expected' norms of conduct and communication," he said. In a liberal Western society like the United States, that can lead to self-censorship of thought, word and behavior, he suggested. Such an effect is not conducive to democratic ideals. Even more unsettling to Forno is the fact that the NSA surveillance illustrates how "government actions are concealed by secret interpretations of otherwise public law," such as the Patriot Act ? legislation, he said, that was rushed through Congress without a solid understanding or vetting. Forno urged more independent-minded legislative and executive oversight of U.S. intelligence agencies: "We need critical and objectively informed overseers who do not simply take the carefully prepared statements and testimony of the intelligence community as absolute, unassailable facts when deliberating their conduct or need for certain activities." However, some in Congress are too concerned about appearing to be soft on security or lacking in patriotism, he said. And so, there is no true public accountability of the intelligence community when the hard questions cannot be asked because of all the secrets. "It's hard to watch the watcher," Forno said, "and foster meaningful transparency or accountability in a democratic system when the watchers themselves control what you see, along with how, when and where you can see it." Media Contact Aleecia M. McDonald, Center for Internet and Society: aleecia at stanford.edu Bruce M. Owen, Public Policy Program: (650) 724-2404, (508) 945-0504, bruceowen at stanford.edu Jonathan Mayer, Center for International Security and Cooperation: jmayer at stanford.edu Richard Forno, Center for Internet and Society: (410) 455-3788, rforno at infowarrior.org Clifton B. Parker, Stanford News Service: (650) 725-0224, cbparker at stanford.edu --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 17 10:12:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jan 2014 11:12:20 -0500 Subject: [Infowarrior] - WH SIGINT Activities Directive (PDF) Released Message-ID: <69B1D566-3FCC-4753-A214-0F56AC2F9A2A@infowarrior.org> PRESIDENTIAL POLICY DIRECTIVE/PPD 28 SUBJECT: Signals Intelligence Activities http://s3.documentcloud.org/documents/1006311/2014sigint-mem-ppd-rel.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 17 10:41:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jan 2014 11:41:42 -0500 Subject: [Infowarrior] - Text of POTUS SIGINT speech Message-ID: <5CE826D6-4F98-418A-95DE-315B6B12B1B1@infowarrior.org> (x-posted) Full text of President Obama?s Jan. 17 speech on NSA reforms President Obama delivered the following remarks on changes to National Security Agency programs Jan. 17 at the Justice Department in Washington. Remarks as prepared for delivery. http://www.washingtonpost.com/politics/full-text-of-president-obamas-jan-17-speech-on-nsa-reforms/2014/01/17/fa33590a-7f8c-11e3-9556-4a4bf7bcbd84_print.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 17 17:25:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jan 2014 18:25:49 -0500 Subject: [Infowarrior] - Greenwald on POTUS NSA 'reforms' Message-ID: Obama's NSA 'reforms' are little more than a PR attempt to mollify the public ? Glenn Greenwald ? theguardian.com, Friday 17 January 2014 14.23 EST http://www.theguardian.com/commentisfree/2014/jan/17/obama-nsa-reforms-bulk-surveillance-remains In response to political scandal and public outrage, official Washington repeatedly uses the same well-worn tactic. It is the one that has been hauled out over decades in response to many of America's most significant political scandals. Predictably, it is the same one that shaped President Obama's much-heralded Friday speech to announce his proposals for "reforming" the National Security Agency in the wake of seven months of intense worldwide controversy. The crux of this tactic is that US political leaders pretend to validate and even channel public anger by acknowledging that there are "serious questions that have been raised". They vow changes to fix the system and ensure these problems never happen again. And they then set out, with their actions, to do exactly the opposite: to make the system prettier and more politically palatable with empty, cosmetic "reforms" so as to placate public anger while leaving the system fundamentally unchanged, even more immune than before to serious challenge. This scam has been so frequently used that it is now easily recognizable. In the mid-1970s, the Senate uncovered surveillance abuses that had been ongoing for decades, generating widespread public fury. In response, the US Congress enacted a new law (Fisa) which featured two primary "safeguards": a requirement of judicial review for any domestic surveillance, and newly created committees to ensure legal compliance by the intelligence community. But the new court was designed to ensure that all of the government's requests were approved: it met in secret, only the government's lawyers could attend, it was staffed with the most pro-government judges, and it was even housed in the executive branch. As planned, the court over the next 30 years virtually never said no to the government. Identically, the most devoted and slavish loyalists of the National Security State were repeatedly installed as the committee's heads, currently in the form of NSA cheerleaders Democrat Dianne Feinstein in the Senate and Republican Mike Rogers in the House. As the New Yorker's Ryan Lizza put it in a December 2013 article on the joke of Congressional oversight, the committees "more often treat ? senior intelligence officials like matinee idols". As a result, the committees, ostensibly intended to serve an overseer function, have far more often acted as the NSA's in-house PR firm. The heralded mid-1970s reforms did more to make Americans believe there was reform than actually providing any, thus shielding it from real reforms. The same thing happened after the New York Times, in 2005, revealed that the NSA under Bush had been eavesdropping on Americans for years without the warrants required by criminal law. The US political class loudly claimed that they would resolve the problems that led to that scandal. Instead, they did the opposite: in 2008, a bipartisan Congress, with the support of then-Senator Barack Obama, enacted a new Fisa law that legalized the bulk of the once-illegal Bush program, including allowing warrantless eavesdropping on hundreds of millions of foreign nationals and large numbers of Americans as well. This was also the same tactic used in the wake of the 2008 financial crises. Politicians dutifully read from the script that blamed unregulated Wall Street excesses and angrily vowed to rein them in. They then enacted legislation that left the bankers almost entirely unscathed, and which made the "too-big-to-fail" problem that spawned the crises worse than ever. And now we have the spectacle of President Obama reciting paeans to the values of individual privacy and the pressing need for NSA safeguards. "Individual freedom is the wellspring of human progress," he gushed with an impressively straight face. "One thing I'm certain of, this debate will make us stronger," he pronounced, while still seeking to imprison for decades the whistleblower who enabled that debate. The bottom line, he said, is this: "I believe we need a new approach." But those pretty rhetorical flourishes were accompanied by a series of plainly cosmetic "reforms". By design, those proposals will do little more than maintain rigidly in place the very bulk surveillance systems that have sparked such controversy and anger. To be sure, there were several proposals from Obama that are positive steps. A public advocate in the Fisa court, a loosening of "gag orders" for national security letters, removing metadata control from the NSA, stricter standards for accessing metadata, and narrower authorizations for spying on friendly foreign leaders (but not, of course, their populations) can all have some marginal benefits. But even there, Obama's speech was so bereft of specifics ? what will the new standards be? who will now control Americans' metadata? ? that they are more like slogans than serious proposals. Ultimately, the radical essence of the NSA ? a system of suspicion-less spying aimed at hundreds of millions of people in the US and around the world ? will fully endure even if all of Obama's proposals are adopted. That's because Obama never hid the real purpose of this process. It is, he and his officials repeatedly acknowledged, "to restore public confidence" in the NSA. In other words, the goal isn't to truly reform the agency; it is deceive people into believing it has been so that they no longer fear it or are angry about it. As the ACLU's executive director Anthony Romero said after the speech: "The president should end ? not mend ? the government's collection and retention of all law-abiding Americans' data. When the government collects and stores every American's phone call data, it is engaging in a textbook example of an 'unreasonable search' that violates the constitution." That, in general, has long been Obama's primary role in our political system and his premiere, defining value to the permanent power factions that run Washington. He prettifies the ugly; he drapes the banner of change over systematic status quo perpetuation; he makes Americans feel better about policies they find repellent without the need to change any of them in meaningful ways. He's not an agent of change but the soothing branding packaging for it. As is always the case, those who want genuine changes should not look to politicians, and certainly not to Barack Obama, to wait for it to be gifted. Obama was forced to give this speech by rising public pressure, increasingly scared US tech giants, and surprisingly strong resistance from the international community to the out-of-control American surveillance state. Today's speech should be seen as the first step, not the last, on the road to restoring privacy. The causes that drove Obama to give this speech need to be, and will be, stoked and nurtured further until it becomes clear to official Washington that, this time around, cosmetic gestures are plainly inadequate. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 17 20:35:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jan 2014 21:35:00 -0500 Subject: [Infowarrior] - WH relies on narrow definition of 'spying' Message-ID: <9B62C2CF-68FC-42F4-9818-77F7AFCC6D0F@infowarrior.org> Obama?s restrictions on NSA surveillance rely on narrow definition of ?spying? By Barton Gellman, Updated: Friday, January 17, 8:55 PM http://www.washingtonpost.com/world/national-security/obamas-restrictions-on-nsa-surveillance-rely-on-narrow-definition-of-spying/2014/01/17/2478cc02-7fcb-11e3-93c1-0e888170b723_print.html President Obama said Friday, in his first major speech on electronic surveillance, that ?the United States is not spying on ordinary people who don?t threaten our national security.? Obama placed restrictions on access to domestic phone records collected by the National Security Agency, but the changes he announced will allow it to continue ? or expand ? the collection of personal data from billions of people around the world, Americans and foreign citizens alike. Obama squares that circle with an unusually narrow definition of ?spying.? It does not include the ingestion of tens of trillions of records about the telephone calls, e-mails, locations and relationships of people for whom there is no suspicion of relevance to any threat. In his speech, and an accompanying policy directive, Obama described principles for ?restricting the use of this information? ? but not for gathering less of it. Alongside the invocation of privacy and restraint, Obama gave his plainest endorsement yet of ?bulk collection,? a term he used more than once and authorized explicitly in Presidential Policy Directive 28. In a footnote, the directive defined the term to mean high-volume collection ?without the use of discriminants.? That is perhaps the central feature of ?the golden age of signals intelligence,? which the NSA celebrates in top-secret documents leaked by former contractor Edward Snowden. Obama for the first time put his own imprimatur on a collection philosophy that one of those documents summarized this way: ?Order one of everything from the menu.? As digital communications have multiplied, and NSA capabilities with them, the agency has shifted resources from surveillance of individual targets to the acquisition of communications on a planetary scale. That shift has fed the appetite of Big Data tools, which are designed to find unseen patterns and make connections that NSA analysts don?t know to look for. ?It?s noteworthy that the president addressed only the bulk collection of call records, but not any of the other bulk collection programs revealed by the media,? said Alexander Abdo, an attorney with the ACLU?s national security project. ?That is a glaring omission. The president needs to embrace structural reforms that will protect us from all forms of bulk collection and that will make future overreach less likely.? In principle, these tools have the potential to reveal unknown associates of known foreign targets, although the intelligence community has struggled to offer examples. But they rely, by definition and intent, on the construction of vast databases filled almost entirely with innocent communications. Obama?s view, like the NSA?s, is that there is no intrusion on privacy until someone calls up the files and reads them. Obama focused his speech on surveillance authorized by Congress and overseen by the Foreign Intelligence Surveillance Court. He spoke most concretely about the collection of domestic telephone logs from virtually every American under a provision of the Patriot Act called Section 215. But fresh assertions of transparency did not resolve other long-standing questions. White House and intelligence spokesmen declined to say whether the NSA has used that authority to collect any other kinds of data about millions of Americans or whether Obama was committed to disclose such collection if he permits it in the future. Obama avoided almost entirely any discussion of overseas intelligence collection that he authorized on his own, under Executive Order 12333, without legislative or judicial supervision. The Washington Post has disclosed in recent months, based in part on the Snowden documents, that the NSA is gathering hundreds of millions of e-mail address books, breaking into private networks that link the overseas data centers of Google and Yahoo, and building a database of trillions of location records transmitted by cellphones around the world. Those operations are sweeping in a large but unknown number of Americans, beginning with the tens of millions who travel and communicate overseas each year. For at least as many Americans, and likely more, the structure of global networks carries their purely domestic communications across foreign switches. Under the classified rules set forth by the president, the NSA is allowed to presume that any data collected overseas belongs to a foreigner. The ?minimization rules? that govern that collection, intended to protect the identities of U.S. citizens and residents, remain classified. The White House and NSA have declined requests to release them. The NSA term for those high-volume programs is ?full take? collection ? the interception of entire data flows from the fiber optic cables that carry telephone calls, e-mails, faxes and video chats around the world at the speed of light. Unless Obama says otherwise in the classified annex to his directive, those programs will carry on unabated. Obama?s approach is to ?take .?.?. privacy concerns into account? after the collection takes place. In his directive, he defined a set of broad principles for use of the data, without specifying implementing details. In his speech, the president said the NSA is already following those principles. ?The United States does not collect intelligence to suppress criticism or dissent, nor do we collect intelligence to disadvantage people on the basis of their ethnicity, race, gender, sexual orientation or religious beliefs,? he said. ?And we do not collect intelligence to provide a competitive advantage to U.S. companies or U.S. commercial sectors.? Some of what Obama promised in his speech he seemed to hedge in the directive. He said several times, for example, that the United States conducts surveillance only for legitimate foreign intelligence purposes. In a footnote to the directive, ?foreign intelligence? is defined to include not only the capabilities and intentions of governments and terrorists but the ?activities of .?.?. foreign persons.? In another significant footnote, Obama said the limits he ordered ?shall not apply to signals intelligence activities undertaken to test or develop signals intelligence capabilities.? Signals intelligence development, or ?sigdev? in NSA parlance, is the discovery of untapped communication flows and the invention of new surveillance methods to exploit them. For example, NSA Director Keith Alexander revealed last summer that his agency had collected location data from mobile phones in the United States. At least for now, while Congress debates its next steps, Obama said he will require that the NSA obtain court approval to search the trillions of domestic call records collected in secret since 2006. He suggested no such limit on a far more intrusive form of domestic surveillance: the NSA?s authority to search for and make use of the content of U.S. communications that are ?incidentally? collected in surveillance that is targeted on foreign nationals and stored in the agency?s databases. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 17 21:12:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jan 2014 22:12:52 -0500 Subject: [Infowarrior] - The Sunday talk shows this week.... Message-ID: <40F923BA-1D5B-433C-B8DC-62C16B21E0A7@infowarrior.org> (x-posted) ? are going to come down to the following points: 1) POTUS SIGINT ?reforms? are appropriate & more than enough, if needed at all. 2) Surveillance capabilities have prevented X numbers of attacks. 3) We are at war and/or need every ?tool? available to ?protect the homeland.? 4) We respect privacy; these capabilities will never be abused. 5) Snowden bad. 7) There?s too much sensational outcry from activists and journalists over all this surveillance stuff. 8) Don?t worry, Congress performs appropriate and informed oversight of all IC programs. 9) We?re the good guys in the world, remember. 10) Just trust us. The Rogers-Feinstein routine with David ?Softball? Gregory on MTP I?m sure will be positively nauseating. FWIW saying, Rogers is doing 3/5 of a full Ginsburg. < ? > Sunday talk show tip sheet By: Tal Kopan January 17, 2014 02:55 PM EST http://dyn.politico.com/printstory.cfm?uuid=55EF4800-BA61-499A-9FCD-98F7249DD515 ?Meet the Press? on NBC ? Sen. Dianne Feinstein (D-Calif.), chairwoman, Senate Intelligence Committee ? Rep. Mike Rogers (R-Mich.), chairman, House Intelligence Committee ? New Jersey state Assemblyman John Wisniewski (D) ? Former New York Mayor Rudy Giuliani (R) ? Former Defense Secretary Robert Gates ? Former House Speaker Newt Gingrich (R-Ga.) ? Former Rep. Harold Ford Jr. (D-Tenn.) ?Face the Nation? on CBS ? Rogers ? Sen. Mark Udall (D-Colo.) ? Former National Security Adviser Tom Donilon ? Former Acting CIA Director Michael Morell ?This Week? on ABC ? Russian President Vladimir Putin ? Rep. Mike McCaul (R-Texas), chairman, House Homeland Security Committee ?Fox News Sunday? on Fox ? Sen. Patrick Leahy (D-Vt.), chairman, Senate Judiciary Committee ? Retired Gen. Michael Hayden, former director, NSA and CIA ?State of the Union? on CNN ? Rogers ? Sen. Angus King (R-Maine) ?Political Capital? on Bloomberg TV ? Deputy National Security Adviser Ben Rhodes ?Newsmakers? on C-SPAN ? Richard Cordray, director, Consumer Financial Protection Bureau ?Al Punto? on Univision ? Rep. Mario Diaz-Balart (R-Fla.) ? 2014 POLITICO LLC --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jan 18 09:37:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jan 2014 10:37:20 -0500 Subject: [Infowarrior] - In Keeping Grip on Data Pipeline, Obama Does Little to Reassure Industry Message-ID: In Keeping Grip on Data Pipeline, Obama Does Little to Reassure Industry By DAVID E. SANGER and CLAIRE CAIN MILLERJAN. 17, 2014 http://www.nytimes.com/2014/01/18/technology/in-keeping-grip-on-data-pipeline-obama-does-little-to-reassure-industry.html?hp&_r=0 WASHINGTON ? Google, which briefly considered moving all of its computer servers out of the United States last year after learning how they had been penetrated by the National Security Agency, was looking for a public assurance from President Obama that the government would no longer secretly suck data from the company?s corner of the Internet cloud. Microsoft was listening to see if Mr. Obama would adopt a recommendation from his advisers that the government stop routinely stockpiling flaws in its Windows operating system, then using them to penetrate some foreign computer systems and, in rare cases, launch cyberattacks. Intel and computer security companies were eager to hear Mr. Obama embrace a commitment that the United States would never knowingly move to weaken encryption systems. They got none of that. Perhaps the most striking element of Mr. Obama?s speech on Friday was what it omitted: While he bolstered some protections for citizens who fear the N.S.A. is downloading their every dial, tweet and text message, he did nothing, at least yet, to loosen the agency?s grip on the world?s digital pipelines. White House officials said that Mr. Obama was committed to studying the complaints by American industry that the revelations were costing them billions of dollars in business overseas, by giving everyone from the Germans to the Brazilians to the Chinese an excuse to avoid American hardware and cloud services. ?The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,? said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, ?but that he said little about what to do about the agency?s practice of vacuuming up everything it can get its hands on.? Professor Cate, who also advises the Department of Homeland Security on cyber issues, noted that Mr. Obama ?took a report that had 46 recommendations, and touched on three or four of them.? In fact, he did more than that: Mr. Obama reminded the country that it was not only the government that was monitoring users of the web, it was also companies like Apple, Facebook, Twitter and Yahoo that had complained so loudly, as members of an industry group called Reform Government Surveillance. ?Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes,? the president said. ?That?s how those targeted ads pop up on your computer and your smartphone periodically.? Translation: Corporate America wants to be able to mine Americans? data, but fears business will be hurt when the government uses it for intelligence purposes. In fact, behind the speech lies a struggle Mr. Obama nodded at but never addressed head on. It pits corporations that view themselves as the core of America?s soft power around the world ? the country?s economic driver and the guardians of its innovative edge ? against an intelligence community 100,000 strong that regards its ability to peer into any corner of the digital world, and manipulate it if necessary, as crucial to the country?s security. In public, the coalition was polite if unenthusiastic about the president?s speech. His proposals, the companies said in a statement, ?represent positive progress on key issues,? even while ?crucial details remain to be addressed on these issues, and additional steps are needed on other important issues.? But in the online chat rooms that users and employees of those services inhabit each day, the president?s words were mocked. ?If they really cared about the security of US infrastructure, they?d divulge the vulnerabilities they found or bought from the black market that exploit the security of these systems, so those systems can be fixed, and no one else can exploit them with these exploits,? wrote a user called ?higherpurpose? on Hacker News. ?Instead they keep them for themselves so they can exploit them,? the user wrote. In an interview, a senior administration official acknowledged that the administration had weighed what the president could say in public about the delicate problems of encryption, or the N.S.A.?s use of ?zero day? flaws in software, the name for security holes that have never been seen before. It is a subject the intelligence agencies have refused to discuss in public, and Mr. Obama determined that it was both too secret, and too fluid, to discuss in the speech, officials said. In response to questions, the White House said the president had asked his special assistant for cybersecurity, Michael Daniel, and the president?s office of science and technology policy to study a recent advisory panel?s recommendation that the government get out of the business of corrupting the encryption systems created by American companies. It will not be an easy task. One of the recent disclosures, first reported by Reuters, indicated that the N.S.A. paid millions of dollars to RSA, a major encryption firm, to incorporate a deliberately weakened algorithm into some of its products, giving the government a ?back door? to read whatever it wanted. But when the advisory panel concluded that the United States should not ?in any way subvert, weaken or make vulnerable generally available commercial software,? the intelligence agencies protested. ?Some in the intelligence community saw that as a call for the N.S.A. to get out of cryptography, which is the reason they were created,? the senior official said. He added: ?We?ve said that we are very much supportive of U.S. industry and making sure that U.S. industry remains competitive, and able to produce really good products. And N.S.A. has been out there saying they have no interest in breaking encryption that guards global commerce.? But as Mr. Obama himself acknowledged, the United States has a credibility problem that will take years to address. The discovery that it had monitored the cellphone of Chancellor Angela Merkel of Germany, or that it has now found a way to tap into computers around the world that are completely disconnected from the Internet ? using covert radio waves ? only fuels the argument that American products cannot be trusted. That argument, heard these days from Berlin to Mexico City, may only be an excuse for protectionism. But it is an excuse that often works. ?When your products are considered to not only be flawed but intentionally flawed in the support of intelligence missions, don?t expect people to buy them,? said Dan Kaminsky, a security researcher and chief scientist at White Ops, an antifraud company whose clients include many of the nation?s biggest data users, Mr. Obama will have to address those issues at some point. Every time he meets Silicon Valley executives, many of whom enthusiastically campaigned for him, they remind him of their complaints. But at the Justice Department on Friday, he reminded them that the battle for cyberspace runs in all directions. ?We cannot unilaterally disarm our intelligence agencies,? he said at one point in the speech. ?There is a reason why BlackBerrys and iPhones are not allowed in the White House Situation Room. We know that the intelligence services of other countries ? including some who feign surprise over the Snowden disclosures ? are constantly probing our government and private sector networks, and accelerating programs to listen to our conversations, and intercept our emails and compromise our systems.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jan 18 09:43:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jan 2014 10:43:41 -0500 Subject: [Infowarrior] - The Techno-Militarization Of America Message-ID: <924D529E-048E-466A-AB4A-166CB1BB1608@infowarrior.org> Interesting yet depressing reading?. The Techno-Militarization Of America http://techcrunch.com/2014/01/18/the-techno-militarization-of-america/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jan 19 09:01:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Jan 2014 10:01:42 -0500 Subject: [Infowarrior] - In Reversal, FBI Now Emphasizes Role in Law Enforcement Message-ID: <124A15C9-4A78-4748-8057-2D8B336B669F@infowarrior.org> In Reversal, FBI Now Emphasizes Role in Law Enforcement BY JOHN HUDSON http://thecable.foreignpolicy.com/posts/2014/01/17/in_reversal_fbi_now_emphasizes_role_in_law_enforcement The Federal Bureau of Investigation has decided to revise a controversial fact sheet that declared its primary mission to be "national security," following criticism that the agency seemed to be moving away from its longstanding role as the nation's preeminent law enforcement agency. The change emphasizes that stopping terrorism and battling more conventional domestic criminal activity are both "primary functions" of the FBI. The lightning-fast revision should dispel any notion that large bureaucratic organizations can only operate at a snail's pace: The fact sheet was updated less than 48 hours after a report on it in Foreign Policy went viral last week. An FBI official confirmed that the change was a direct result of the article. "It's most accurate to say our primary functions are law enforcement and national security and that's probably what it should've said all along," FBI spokesman Paul Bresson told FP. "We've always been both." The changes come after FP reported Jan. 5 that that FBI fact sheets declared "the primary function of the FBI is national security." Two days later, on Jan. 7, the language changed to "the primary functions of the FBI are national security and law enforcement.? "That has to be some kind of a record," said Kel McClanahan, a Washington-based attorney who alerted FP to the original fact sheet revisions. "Doing this so quickly and so obviously cover your ass-y seems beneath them." For some critics of the U.S. national security state, the FBI's creeping advance into counterterrorism since the 9/11 attacks has come at the cost of investigating other illegal activities such as mortgage fraud, financial fraud, violent crime, and bank robberies. Those critics seized on last week's report as evidence of the FBI's further drift toward counterterrorism. "If the FBI's primary mission is ?national security,' what's the Department of Homeland Security's mission?" asked the Government Accountability Project's Jesselyn Radack. Others accused the agency of rebranding itself in order to extract more funding from Congress. "How many terror plots are there in this country? Not that many, but that's where the big bucks are," said Cenk Uygur, host of The Young Turks webcast. The article was also picked up by the Drudge Report and the massive link-sharing site Reddit. Bresson said critics were wrongly confusing a small change on a fact sheet with a substantive change in priorities. "You're talking about a fact sheet, not a change in policy," he said. "The FBI's mission today, and throughout the course of our history, has been law enforcement and national security.? This may not be the final word on the issue. The fact sheets accompany every response the agency gives to Freedom of Information Act requests. The latest change was discovered by FOIA expert Shawn Musgrave who has already filed a public records request for the internal memos related to the fact sheet revisions. We'll keep you posted. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jan 19 17:36:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Jan 2014 18:36:10 -0500 Subject: [Infowarrior] - 60 Words And A War Without End Message-ID: <07296636-BDC4-4884-AFFA-C3E9BADAB746@infowarrior.org> 60 Words And A War Without End: The Untold Story Of The Most Dangerous Sentence In U.S. History Written in the frenzied, emotional days after 9/11, the Authorization for the Use of Military Force was intended to give President Bush the ability to retaliate against whoever orchestrated the attacks. But more than 12 years later, this sentence remains the primary legal justification for nearly every covert operation around the world. Here?s how it came to be, and what it?s since come to mean?.. posted on January 16, 2014 at 11:52pm EST < - > http://www.buzzfeed.com/gregorydjohnsen/60-words-and-a-war-without-end-the-untold-story-of-the-most --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 20 07:27:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jan 2014 08:27:42 -0500 Subject: [Infowarrior] - Kim Dotcom launches Baboom w/his dance album Message-ID: <73430109-32E6-461C-B876-7D39A89E5411@infowarrior.org> Kim Dotcom Just Released His Own Electropop Album (Listen for Free!) http://gizmodo.com/kim-dotcom-just-released-his-own-electropop-album-list-1504949213 Last year, Kim Dotcom released a single dance track, and at the time he threatened to release an album. Now, as part of the launch of his new music streaming service, it's here. As part of the launch of Baboom, Dotcom's new music streaming site that looks like Rdio and MySpace mashed together, he's released a full album called Good Times. In fact, it's the only album on the site right now. A kind of dance/europop nightmare turned digital reality, it features contributions from Printz Board (one of Will.i.am's buddies), Mona Dotcom (Kim's wife) and some other random people you'll never have heard of. Perhaps not genuinely worth listening to, but worth it for a laugh. And, hey, it's free. The album is part of the publicity for Baboom, which will eventually let you stream and download music by (real) artists. Interestingly, the site seems to offer support for high-definition audio (well, FLAC and 320Kbps MP3 at any rate), as well as an ads-for-free-music scheme. The site will no doubt grow in the coming months. It's not Dotcom's first venture into the world of music. Last year he released a single, and before that he was involved with a star-studded MegaUpload song that was way, way catchier than it had any right to be. Maybe he'll stop soon? [Baboom via Engadget] --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 20 15:20:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jan 2014 16:20:22 -0500 Subject: [Infowarrior] - Obama and the NSA: Count the Code Words Message-ID: <2818F1B8-A36C-40AD-BA36-F57016AE03F4@infowarrior.org> (c/o JH) IMHO there are some ohter code words (or ?dog whistles?) that this article didn?t pick up, but it?s a good start anyway. Obama and the NSA: Count the Code Words http://blogs.defensenews.com/intercepts/2014/01/obama-and-the-nsa-count-the-code-words/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 20 15:41:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jan 2014 16:41:58 -0500 Subject: [Infowarrior] - Anti-RSA Brigade Set Up Rival TrustyCon Conference Message-ID: <6F7D18F2-716D-484F-AE01-05F9C462B462@infowarrior.org> Anti-RSA Brigade Set Up Rival TrustyCon Conference TrustyCon will take place just down the road from RSA Conference On January 20, 2014 by Tom Brewster http://www.techweekeurope.co.uk/news/trustycon-rsa-nsa-conference-136435 Security and privacy professionals have set up a trust-based conference to rival the RSA Conference, which they are boycotting over an alleged deal between the EMC-owned company and the US National Security Agency. TrustyCon will be held on 27 February at AMC Metreon in San Francisco, which is located just down the road from the Moscone Center where RSA Conference is taking place between 24 and 28 February. Renown security experts, such as F-Secure?s Mikko Hypponen and Google software security engineer Chris Palmer, will be talking at the event. Hypponen and a host of others had already announced plans to boycott RSA Conference over a Reuters report that suggested the NSA had paid RSA $10 million to include flawed code in one of their random number generators. Others, including Jeffrey Carr, founder of security firm Taia Global, and the head of cryptology at Cambridge University, have called for a total boycott of RSA technology because of what it allegedly did with its Dual Elliptic Curve Deterministic Random Bit Generation (Dual-EC-DRBG). iSEC Partners, a security consulting firm, the Electronic Frontier Foundation (EFF) and DEF CON have come together to set up TrustyCon, while Microsoft and CloudFlare will provide sponsorship. ?The disclosure of this deal has affected the trust individuals and companies place in the government and technology companies and has struck a chord among businesses and consumers,? the release on the new conference read. ?It raises concern regarding the ways the industry may profit from relationships with the government and whether international clients can trust their security providers. ?TrustyCon serves as a call-to-action to companies to design their technology and businesses to be secure and trustworthy.? RSA had not responded to a request for comment at the time of publication. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 20 19:20:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jan 2014 20:20:33 -0500 Subject: [Infowarrior] - =?windows-1252?q?NSA_provided_2-3_daily_=93tips?= =?windows-1252?q?=94_to_FBI_for_at_least_3_years?= Message-ID: <33B34770-CD7E-46D8-936F-1C85D0D6C8E5@infowarrior.org> (c/o PK) New documents: NSA provided 2-3 daily ?tips? to FBI for at least 3 years Secret 2007 court order mentions "approximately three telephone identifiers." by Cyrus Farivar - Jan 20 2014, 6:12pm EST According to newly-declassified court orders from the Foreign Intelligence Surveillance Court (FISC), the National Security Agency (NSA) was (and may still be) tipping off the FBI at least two to three times per day going back at least to 2006. Hours after President Barack Obama finished his speech last Friday on proposed intelligence and surveillance reforms, the Office of the Director of National Intelligence (ODNI) declassified a number of documents from the nation?s most secretive court. The new documents are heavily-redacted orders from FISC to the FBI. These items request that the court order an entity (likely a business) to provide ?tangible things? under Section 215 of the PATRIOT Act. The documents do not refer to who the target is, nor which company or organization they apply to. "The Court understands that NSA expects that it will continue to provide on average approximately three telephone identifiers per day to the FBI,? reads a footnote in a 2007 court order (PDF) authored by FISC Judge Frederick Scullin, Jr. A similar footnote from a November 2006 court order refers to ?two telephone numbers.? The ?three? figure was continued until documents from March 2009, when the specific language changed to simply ?information.? That month appears to have been a turning point between intelligence agencies and the FISC. < ? > Some experts speculated that this system of the NSA tipping off the FBI may be an unusual arrangement?analogous to the NSA?s giving information to the Drug Enforcement Agency to prosecute criminal cases. ?I am not sure it tells us anything new but rather adds more confirmation to a widely suspected and occasionally confirmed technique of law enforcement following intelligence leads and then reverse-engineering a paper trail to use in court," Fred Cate, a law professor at Indiana University, told Ars. ?Some people have even speculated that the multiplicity of overlapping NSA surveillance programs are intended to provide cover programs that provide a more legitimate basis for data found through other programs.? However, others pointed out that in the absence of further information as to how exactly the NSA?s information is sent to the FBI, and under what circumstances, it?s impossible to know precisely what?s going on. ?Furthermore, given how broadly it's possible to define the word ?tip,? we have no information on how useful those thousand tips were,? Brian Pascal, a research fellow at the University of California Hastings College of the Law, told Ars. ?Both intelligence and law enforcement organizations receive many, many tips, and a large part of their job is separating the signal from the noise. ?As far as parallel construction goes, the only thing I can say for certain is that if one records a sufficiently large number of dots, then it's possible to connect them to draw any number of pictures. This is not always the result of nefarious intentions?it can happen unintentionally too. Think about all the people who were improperly placed on watchlists due to conclusions reached by some opaque algorithm.? http://arstechnica.com/tech-policy/2014/01/new-documents-nsa-provided-2-3-daily-tips-to-fbi-for-at-least-3-years/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 09:17:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 10:17:52 -0500 Subject: [Infowarrior] - Wide media reaction to NSA speech Message-ID: 06:50 AM - January 21, 2014 Wide media reaction to NSA speech Reactions ranged from cautious optimism, to frustrated disappointment, to a what-did-you-expect kind of resigned acceptance By Lauren Kirchner Before it got overshadowed by David Remnick?s epic New Yorker profile of President Obama, the big news involving the White House was the President?s speech on NSA surveillance on Friday, in which he addressed criticisms about the scope of the program and proposed some ideas for reform. Reactions from journalists and experts ranged from cautious optimism, to frustrated disappointment, to a what-did-you-expect kind of resigned acceptance. Some news outlets, reporting on the speech from both sides of the reporting-versus-opinion wall, managed to hit all these notes at once. ProPublica, a formidable force for transparency on the surveillance beat for years, preempted the speech early Friday morning with a rundown, rampant with links. The ?Four Questionable Claims Obama Has Made on NSA Surveillance? that ProPublica?s Kara Brandeisky highlighted included misleading statements the President has made about truly fundamental truths?including exactly how the NSA?s surveillance works, how useful that surveilled information has been, and how Edward Snowden blew the whistle. This one is a must-read if you?ve missed it. Then, during the speech on Friday morning, The Guardian and The New York Times both ran very thorough live blogs online, containing summaries, analyses, and commentary. The Times version, written by Charlie Savage and David E. Sanger, was full of direct quotes and very straightforward. The Guardian?s, overseen by Spencer Ackerman, was much more colorful?setting the tone even before the speech began by linking out to Twitter pictures of protesters outside the Department of Justice and predictions from progressive blogger Marcy Wheeler. Later, the Times also guessed at what speech responses would be from tech giants Google, Microsoft, and others, without actually getting any (in short: they?re probably not happy). And Peter Baker dissected the ?crucial caveat? of the second half of President?s Obama?s vow to ?end? the bulk telephone data program ?as it currently exists.? The Washington Post hit the speech from several angles as well, including reporting from Scott Wilson, Ellen Nakashima and Greg Miller and a ?plain English? version by tech writer Brian Fung. The most helpful news analyses were those that broke down, piece by piece, the different aspects of the NSA?s surveillance program, the criticisms of each, and then the White House?s response to each?and in this, the Times and the Guardian continued to lead. With so many scoops and storylines having come out of Edward Snowden?s whistleblowing, it?s often difficult to keep up with all of them, and President Obama?s speech certainly didn?t address them all. So the Times?s clean and simple graphic was a useful tool to make sense of the mess, as was the Guardian?s ?six major areas of concern? post by James Ball. On the more opinionated side of the internet, Glenn Greenwald?whose response is now so much in demand that he sometimes appears to break the laws of physics?published an appropriately scathing column in his old home The Guardian Friday afternoon (it?s likely the best and fastest way for him to get his thoughts across at length until Pierre Omidyar?s forthcoming news outlet launches). His headline, and its purposeful use of scare quotes, says it all: ?Obama?s NSA ?reforms? are little more than a PR attempt to mollify the public.? He lambasts Obama and so many other DC leaders for responding to public criticism by making things ?prettier and more politically palatable? with ?reforms? that have no real effect other than calming dissent. Greenwald certainly wasn?t alone in his skepticism, though other writers? tones were slightly less acidic. Kevin Drum at Mother Jones called Obama?s plan ?Pretty Weak Tea.? John Cassidy at The New Yorker website zeroed in on Obama?s lack of specifics about the changes in NSA metadata collection and retention. If the government doesn?t store the data itself, as Obama announced, who will hold it, and how will accessing it work? So many details have yet to be worked out, and that working-out will require a lot of time and effort. ?The main takeaway from Obama?s speech?was that the White House is seeking to toss this hot potato to Congress,? wrote Cassidy. ?And since Congress is hopelessly divided, it is perfectly possible that nothing very meaningful will change.? Cassidy?s colleague Ryan Lizza, on the other hand, seemed to take Obama?s promises of metadata-collection reform at face value, interpreting the speech as ?a major policy change? and ?incredible victory? for critics of the program. Fred Kaplan at Slate thought everyone should have had lower expectations to begin with, because ?these reforms were always going to be about stiffening the oversight of key NSA programs?not greatly altering, much less scuttling, the programs themselves.? As for the ?mixed bag? of oversight that he gathered from Obama?s speech, Kaplan writes in the end that it?s ?much better than nothing.? Incidentally, those watching the speech waiting for hints about the fate of the man without whom none of this would have been discussed were likely disappointed by what they heard. ?Mr. Obama made only a brief, critical reference to Mr. Snowden, saying his actions had jeopardized the nation?s defense and framed a debate that has ?often shed more heat than light,?? wrote Mark Landler and Charlie Savage in the Times. Joe Coscarelli at New York magazine wrote that the speech ?slighted? Snowden. MoJo?s Drum argued, ?Obama?s attempt to suggest that he would have done all this stuff even without Snowden?s disclosures strikes me as laughable.? Meanwhile, the techies on Twitter kept the spotlight on the topic that Obama didn?t touch at all?the NSA?s work to undermine Internet encryption ..... < -- > http://www.cjr.org/behind_the_news/nsa_speech_media_crit.php?page=all --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 14:04:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 15:04:41 -0500 Subject: [Infowarrior] - US withholding Fisa court orders on NSA bulk collection of Americans' data Message-ID: <7961B0C5-8051-420F-B014-5B70CCBB007C@infowarrior.org> US withholding Fisa court orders on NSA bulk collection of Americans' data ? Spencer Ackerman in Washington ? theguardian.com, Tuesday 21 January 2014 13.16 EST http://www.theguardian.com/world/2014/jan/21/us-withholding-fisa-court-orders-nsa-bulk-collection The Justice Department is withholding documents related to the bulk collection of Americans? data from a transparency lawsuit launched by the American Civil Liberties Union. US attorney Preet Bharara of the southern district of New York informed the ACLU in a Friday letter that the government would not turn over ?certain other? records from a secret surveillance court, which are being ?withheld in full? from a Freedom of Information Act suit the civil liberties group filed to shed light on bulk surveillance activities performed under the Patriot Act. The decision to keep some of the records secret, in the thick of Edward Snowden?s revelations, has raised suspicions within the ACLU that the government continues to hide bulk surveillance activities from the public, despite US president Barack Obama?s Friday concession that controversial National Security Agency programs have ?never been subject to vigorous public debate?. The ACLU lawsuit, like others filed by civil liberties groups, has resulted in a trove of documents from the so-called Fisa court detailing the scope, authorizations and, in some cases, violations surrounding NSA surveillance ostensibly occurring under Section 215 of the Patriot Act. The director of national intelligence now posts the released documents to a Tumblr page, usually without revealing that the disclosures were spurred by lawsuits. The latest such disclosure happened Friday with the release of 24 documents, mostly detailing Fisa court reauthorizations of the bulk phone records collection first reported by the Guardian thanks to leaks from whistleblower Snowden. Among the information disclosed in the documents, which date back to 2006 ? the first year in which the program received authorization from the Fisa court at all ? is the footnoted stipulation that the court ?understands that NSA expects it will continue to provide, on average, approximately 3 telephone numbers per day to the FBI?. If true ? the footnote only appears in pre-2009 court reauthorizations ? the estimate suggests the NSA has given the FBI approximately 13,203 phone numbers based on the 12-year-old domestic bulk phone data program. In his letter, written on the day Obama gave a long-awaited speech on surveillance that pledged additional transparency, Bhahara said that Friday?s release will be the last disclosure under the terms of the ACLU?s lawsuit. ?As discussed by telephone this morning, the government in fact has processed all of the remaining FISC Orders responsive to the FOIA request in this case that relate to bulk collection, regardless of whether the order contains any additions and/or adjustments to the implementation procedures, minimization procedures, and/or reporting requirements set out in other FISC orders,? the US attorney wrote. ?The government cannot specify the total number of documents withheld in full from this final set of responsive documents because the number itself is classified." Alexander Abdo, an ACLU attorney, noted that the government?s bulk surveillance disclosures have yet to include, among other efforts, a reported CIA program to collect international money transfers in bulk, revealed in November by the Wall Street Journal and the New York Times. ?It appears that the government is concealing the existence of other bulk collection programs under the Patriot Act, such as the CIA?s reported collection of our financial records,? Abdo said. ?In other words, on the same day that President Obama recognized the need for a vigorous debate about bulk collection, the government appears to be hiding the ball. We can't have the public debate that President Obama wants without the facts that his agencies are hiding.? Abdo said that the scope of the ACLU?s disclosure lawsuit only concerned surveillance efforts under Section 215 of the Patriot Act and that surveillance authorizations containing individualized suspicion were already excluded. The NSA conducts other bulk data collection under the Foreign Intelligence Surveillance Act of 1978, an update to that law in 2008, and under a three-decade-old executive order known as 12333, all of which are outside the terms of the ACLU?s lawsuit. Bharara's office routed a request for comment back through the Justice Department, which has yet to respond. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 14:53:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 15:53:16 -0500 Subject: [Infowarrior] - =?windows-1252?q?Pew=3A_Obama=92s_NSA_Speech_Has_?= =?windows-1252?q?Little_Impact_on_Skeptical_Public?= Message-ID: Obama?s NSA Speech Has Little Impact on Skeptical Public Most Say U.S. Should Pursue Criminal Case Against Snowden http://www.people-press.org/2014/01/20/obamas-nsa-speech-has-little-impact-on-skeptical-public/ President Obama?s speech on Friday outlining changes to the National Security Agency?s collection of telephone and internet data did not register widely with the public. Half say they have heard nothing at all about his proposed changes to the NSA, and another 41% say they heard only a little bit. Even among those heard about Obama?s speech, few think the changes will improve privacy protections, or make it more difficult for the government to fight terrorism. The new national survey by the Pew Research Center and USA TODAY, conducted Jan. 15-19 among 1,504 adults, finds that overall approval of the program has declined since last summer, when the story first broke based on Edward Snowden?s leaked information. Today, 40% approve of the government?s collection of telephone and internet data as part of anti-terrorism efforts, while 53% disapprove. In July, more Americans approved (50%) than disapproved (44%) of the program. In addition, nearly half (48%) say there are not adequate limits on what telephone and internet data the government can collect; fewer (41%) say there are adequate limits on the government?s data collection. About four-in-ten Republicans (39%) and independents (38%) ? and about half of Democrats (48%) ? think there are adequate limits on the information that the government can collect. < - > The public is split on whether Edward Snowden?s leaks served the public interest, with 45% saying they did and 43% saying the leaks harmed public interest. But by 56% to 32%, most think that the government should pursue a criminal case against Snowden. These opinions are largely unchanged from last June, when Snowden first disclosed classified information to news organizations. There is a large age gap when it comes to views of the NSA revelations and the public interest. More adults ages 50 and older believe that the leaks harmed the public interest (49%) than served the public interest (37%). Among adults 18-29, sentiment is reversed, with 57% saying Snowden served the public interest and 35% saying he harmed it. There are no significant differences on this issue by party, as both Republicans and Democrats are divided. Those who attended college are more likely than those who didn?t to see the leaks as serving the public interest. About half of college graduates (49%) and those with some college experience (51%) say this, compared with 38% of those with no more than a high school degree. While most of the public wants the government to pursue a criminal case against Snowden, young people offer the least support for his prosecution. Those younger than 30 are divided, with 42% wanting a criminal case against Snowden and 42% saying the government should not pursue one. Support for prosecution is much higher among those 50 and older, who think the government should pursue a case by more than two-to-one. Both Democrats (62%-27%) and Republicans (54%-28%) think the government should pursue a criminal case. About half of independents (51%) want a criminal case against Snowden, while four-in-ten (39%) say the government should not pursue one. Fully 70% of those who approve of the government?s surveillance program favor Snowden?s prosecution. Those who disapprove of the program are divided: 45% say the government should pursue a criminal case against Snowden while 43% are opposed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 14:54:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 15:54:32 -0500 Subject: [Infowarrior] - German security agency warns of hacking attack on 16 million people Message-ID: <8AE777D4-351A-4819-9A4A-F236A2E3F158@infowarrior.org> (c/o JL) German security agency warns of hacking attack on 16 million people Passwords and usernames pilfered By Dave Neal Tue Jan 21 2014, 15:39 http://www.theinquirer.net/inquirer/news/2324215/german-security-agency-warns-of-hacking-attack-on-18-million-people THE GERMAN Federal Office for Information Security has warned that a hacking attack on computer networks might have stolen 16 million users' names and email addresses. According to a note on the organisation's website, the plundered details were discovered in an analysis of botnets. Included in its findings are usernames and email addresses for online stores and services. These details are now in the hands of the office and it said that it will reach out to affected parties and counsel them on what it means and what they should be doing about it. It asked that concerned citizens enter their email addresses into its website so that they can be checked against its database. Here it is probably wise to only do things like this directly on website and not to follow third-party links. If your username is recognised you have won a prize, and that prize heightened concern about your immediate digital future and finances. Notification has two stages and after putting in an email address users will be given a four digit PIN number that should be matched in an email from the security agency. Users are advised to only follow through when matching numbers are presented. 16 million is no small number but in Korea the talk is of a hacking incident that scored as many as 100 million credit card information packages. Reports suggest that that attack put even UN chief Ban Ki-moon's credit card details into the hands of criminals. Meanwhile, in the US, a successful hacking attack on the Target retail chain recently netted some 110 million victims. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 16:26:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 17:26:00 -0500 Subject: [Infowarrior] - Techdirt calls out Rogers on Snowden's Russia connection Message-ID: <061C9350-37BC-4E9D-BB4E-E4C7EF4D3E57@infowarrior.org> I agree w/Techdirt completely here, and made the same observation the other day. Rogers makes these claims, but then waffles, deflects, and sidesteps any further clarification. Looks like he prefers headline-baiting than anything else, because?he?s Mike Rogers. :/ Rep. Mike Rogers Keeps Insisting Snowden Is A Russian Spy, Even As NSA/FBI Officials Say No Such Evidence http://www.techdirt.com/articles/20140120/14462625932/rep-mike-rogers-keeps-insisting-snowden-is-russian-spy-even-as-nsafbi-officials-say-no-such-evidence.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 19:51:39 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 20:51:39 -0500 Subject: [Infowarrior] - MPAA & ICE Confirm They Interrogated A Guy For Wearing Google Glass During A Movie Message-ID: <647E578E-AD4A-4A06-937C-69A2491FDEC7@infowarrior.org> MPAA & ICE Confirm They Interrogated A Guy For Wearing Google Glass During A Movie from the insane dept http://www.techdirt.com/articles/20140121/15234325942/mpaa-ice-confirm-they-interrogated-guy-wearing-google-glass-during-movie.shtml We wrote earlier about the guy who told the story of being pulled out of a theater in the middle of a movie for wearing Google Glass (turned off), which he wears all the time, because he got prescription lenses installed on the device and uses it as his regular pair of glasses. As we noted, there were some oddities in the original story, including references to the FBI and "The Movie Association," neither of which made sense. Since then, as we noted in our updated post, AMC confirmed that a customer had been detained, and since then the MPAA as well as Homeland Security have weighed in, confirming the basic story. This is insane on multiple levels, which we'll get to in a moment. But first, the quotes. Here's AMC: Movie theft is something we take very seriously, and our theater managers contact the Motion Picture Association of America anytime it?s suspected that someone may be illegally recording content on screen. While we?re huge fans of technology and innovation, wearing a device that has the capability to record video is not appropriate at the movie theatre. At AMC Easton 30 last weekend, a guest was questioned for possible movie theft after he was identified wearing a recording device during a film. The presence of this recording device prompted an investigation by the MPAA, which was on site. The MPAA then contacted Homeland Security, which oversees movie theft. The investigation determined the guest was not recording content. Then the MPAA: Google Glass is an incredible innovation in the mobile sphere, and we have seen no proof that it is currently a significant threat that could result in content theft. The MPAA works closely with theaters all over the country to curb camcording and theater-originated piracy, and in this particular case, no such activity was discovered. Finally, Homeland Security's ICE division: On Jan. 18, special agents with ICE?s Homeland Security Investigations and local authorities briefly interviewed a man suspected of using an electronic recording device to record a film at an AMC theater in Columbus. The man, who voluntarily answered questions, confirmed to authorities that the suspected recording device was also a pair of prescription eye glasses in which the recording function had been inactive. No further action was taken. Okay, now onto the point. As we said in the initial post, this certainly fit with the MPAA's insane "guidelines" to theaters and their "zero tolerance" policies towards anyone possibly recording anything. However, the involvement of ICE is particularly insane. We've been particularly critical of ICE and the group's over-aggressive campaign to seize websites based entirely on Hollywood's say so. Even so, it seemed incredible that ICE would take direction from the MPAA on something as small as a guy in a movie theater, rushing to the theater to help with the interrogation of someone there, but we underestimated the willingness of ICE to say "how high" when the MPAA says "jump." Yes, we should know better by now, but we thought we'd actually give the MPAA and DHS the benefit of the doubt here. Our mistake. We find it difficult to believe that there aren't more important things for ICE to be doing than hassling a guy out attending a movie with his wife. Hollywood has gotten ICE into trouble in the past with its over-aggressive claims about websites. You'd think that ICE would have learned by now that the RIAA and MPAA are not exactly trustworthy when they insist someone is a "filthy pirate" who needs to be investigated. There is simply no reason for federal investigators to be involved at all, let alone called in to interrogate some guy wearing a new piece of technology that the MPAA has overreacted to. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jan 21 21:56:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jan 2014 22:56:12 -0500 Subject: [Infowarrior] - Snowden Denies Suggestions That He Was a Spy for Russia Message-ID: <497E76BB-78A8-4AD1-823C-B533FEB6E154@infowarrior.org> Snowden Denies Suggestions That He Was a Spy for Russia By CHARLIE SAVAGEJAN. 21, 2014 http://www.nytimes.com/2014/01/22/world/snowden-denies-suggestions-that-he-was-a-spy-for-russia.html WASHINGTON ? Edward J. Snowden on Tuesday adamantly denied as ?absurd? and ?smears? the suggestion by the leaders of the House and Senate Intelligence Committees that he might have been a Russian spy when he downloaded archives of classified National Security Agency documents and leaked them to journalists. In an interview with The New Yorker, Mr. Snowden declared that the accusation ? advanced in particular by Representative Mike Rogers, Republican of Michigan and chairman of the House Intelligence Committee ? was ?false,? saying he had ?clearly and unambiguously acted alone, with no assistance from anyone, much less a government.? In the latest jostling over how to frame the public debate that Mr. Snowden?s leaks created, Mr. Rogers said on the NBC News program ?Meet the Press? on Sunday that Mr. Snowden should be seen not as a whistle-blower but as ?a thief, who we believe had some help.? Officials at both the N.S.A. and the F.B.I. have said their investigations have turned up no evidence that Mr. Snowden was aided by others. But Mr. Rogers, asserting that Mr. Snowden had downloaded many files about military activities that do not involve issues of civil liberties, pointed to the Russian Federal Security Service, known as the F.S.B., the successor to the Soviet K.G.B. He offered no evidence. ?I believe there?s a reason he ended up in the hands, the loving arms, of an F.S.B. agent in Moscow,? he said, adding: ?I believe there?s questions to be answered there. I don?t think it was a gee-whiz luck event that he ended up in Moscow under the handling of the F.S.B.? Mr. Rogers made his remarks two days after President Obama embraced some calls to reform certain N.S.A. activities brought to light by Mr. Snowden. In particular, Mr. Obama said he would impose greater court oversight on the once-secret program in which the agency has been collecting records of every American?s phone calls, and that he intended to eventually get the N.S.A. out of the business of gathering such records in bulk. Mr. Snowden responded to Mr. Rogers?s remarks via an encrypted chat service from Russia, where he is a fugitive from criminal charges in the United States. On Sunday, the ?Meet the Press? host, David Gregory, also asked Mr. Rogers?s Senate counterpart, Senator Dianne Feinstein, Democrat of California, whether she agreed with his suspicions that Mr. Snowden had been helped by the Russians. She replied: ?He may well have.? Mr. Snowden criticized news organizations for treating such remarks as newsworthy. ?It?s not the smears that mystify me,? Mr. Snowden told The New Yorker, ?it?s that outlets report statements that the speakers themselves admit are sheer speculation.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 07:22:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 08:22:32 -0500 Subject: [Infowarrior] - Ukranian gov's influence ops via mobile Message-ID: <2D4140C7-CDF7-4D39-8E8F-BFD7C0DB9E88@infowarrior.org> Text messages warn Ukraine protesters they are 'participants in mass riot' Mobile phone-users near scene of violent clashes in Kiev receive texts in apparent attempt by authorities to quell protests http://www.theguardian.com/world/2014/jan/21/ukraine-unrest-text-messages-protesters-mass-riot "Dear subscriber, you are registered as a participant in a mass riot." This was the message received by mobile phone-users present near the scene of violent clashes in Kiev early on Tuesday morning, in what appeared to be a novel attempt by authorities to quell the protests that have swept through the city and turned violent on Sunday night. The language echoed the wording of tough new laws on public gatherings, the passing of which served as a spark for the radicalisation of the protest movement over the weekend. The laws went into effect on Tuesday, and provide for jail sentences of up to 15 years for participating in mass riots. Prosecutor general Viktor Pshonka issued a statement on Monday calling the disturbances in Kiev "crimes against the state". Ukraine's president, Viktor Yanukovych, said he had tried to listen to peaceful demands but would use "all legal methods provided for by the laws of Ukraine to guarantee public safety". Kiev city authorities say that 122 protesters were wounded in the clashes, which broke out on Sunday night and saw pitched battles between lines of riot police and angry protesters. But the organisers say 1,400 people needed medical attention, adding that most were too scared to report their injuries for fear of being accused of participating in mass riots. The police say 163 police officers have been injured in the clashes. < - > It was not immediately clear how the messages had been distributed. The interior ministry denied involvement, though said it was studying video footage to determine the most "active participants" in the riots and arrest them. Telephone provider MTS issued a statement saying it had not been responsible for sending out the messages. "Today we started receiving complaints from users in central Kiev who all received SMS messages from the number 111, containing identical text. We have nothing to do with the distribution." Another provider, Kyivstar, also said it was innocent of involvement. A statement said: "We strictly observe the confidentiality of our users, their telephone numbers and locations ? We know that there is equipment, so-called 'pirate base stations', which allow SMS distribution or calls to all mobile telephone numbers of all operators within a particular area. But, as an operator, we are unable to identify the activity of these stations." Members of the Ukrainian riot police are caught in a fire caused by gasoline bombs hurled by anti-government protesters. Photograph: Anadolu Agency/Getty Images On Independence Square, a representative of the impromptu medical service set up to help wounded protesters said he believed that their telephone lines were being monitored by authorities, and advised all of those injured to leave hospital if at all possible. From rforno at infowarrior.org Wed Jan 22 07:25:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 08:25:10 -0500 Subject: [Infowarrior] - Snowden to host live Q&A Message-ID: <321036E1-2AF7-466C-922B-78BCF825EABB@infowarrior.org> (Anyone else wondering if the streaming site will experience any .... 'technical difficulties?' --rick) Live Q&A with Edward Snowden: Thursday 23rd January, 8pm GMT, 3pm EST http://www.freesnowden.is/asksnowden/ Edward Snowden will be answering questions submitted by the public on his official support site, freesnowden.is, this Thursday 23 January at 8pm GMT, 3pm EST. The support site is run by The Courage Foundation and is the only endorsed Snowden Defence Fund. This is the first Snowden live chat since June 2013 and will last for an hour starting at 8pm GMT, 3pm EST. Questions can be submitted on twitter on the day of the event using the #AskSnowden hashtag. Edward Snowden?s responses will appear at http://www.freesnowden.is/asksnowden The live chat comes exactly a week after US President Barack Obama gave an address in response to the public concerns raised by Edward Snowden?s revelations about US surveillance practices. In the live chat, Edward Snowden is expected to give his first reaction to the President?s speech. Courage (formerly the Journalistic Source Protection Defence Fund) is a trust, audited by accountants Derek Rothera & Company in the UK, for the purpose of providing legal defence and campaign aid to journalistic sources. It is overseen by an unrenumerated committee of trustees. Edward Snowden is its first recipient. freesnowden.is was commissioned by the trustees of Courage to provide information on the threats Edward Snowden faces and what can be done to support him, and details all revelations made to date in a convenient central archive. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 07:25:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 08:25:37 -0500 Subject: [Infowarrior] - Hacker "Guccifer" was caught in Arad Message-ID: <5BF4BBD5-38C4-4E94-88B7-8D832520207D@infowarrior.org> Guccifer Arrested Guccifer Archive (~7GB): http://pastebin.com/ph02cfxw Google translation, tweaked by Cryptome. A sends: http://www.mediafax.ro/social/hackerul-guccifer-a-fost-prins-la-arad-11941988 Hacker "Guccifer" was caught in Arad Hacker "Guccifer" was caught Wednesday by prosecutors DIOCT, following a search in Arad. He is suspected of having broken into email accounts of public figures, including that of Director of SRI George Maior. Prosecutors Directorate for Investigating Organized Crime and Terrorism - Central Structure with judicial police officers from the Directorate for Combating Organized Crime, raided Wednesday Lazarus Lehel Marcel's house in Arad. "In this case there is reasonable suspicion that during 2013, based on a single criminal charge, the accused LML accessed repeatedly and against the law, in violation of security measures, e-mail accounts belonging to public figures in Romania, in order to take possession of confidential data in email, then changed authentication passwords, thereby restricting user access to computer data such as in email," DIOCT said in a press release. "Subsequently, the accused disclosed the content of the correspondence in public, and committed fraudulent damage in the online privacy and denigrating public image of the persons concerned," said DIOCT. The accused had been sentenced before for similar offenses, being able to relapse after a suspended sentence, according to a source. Specialist support was provided by the Romanian Intelligence Service and the Special Operations Division, with assistance by the United States. Marcel Lazarus Lehel, who used pseudonyms "Guccifer" and "Little Smoke" accessed email accounts and the Facebook of public persons, including SRI director George Maior, Colin Powell, Bush and Rockefeller family members and officials of the Obama administration. On February 8, 2012, hacker "Little Smoke" was sentenced to three years imprisonment with suspended sentence by the Court of Sector 3. Marcel Lazarus Lehel unlawfully accessed email accounts and those on the Facebook belonging to employees of a public trust and media persons and then made public the photos of their private discussions. On August 19, 2011, Marcel Lazarus Lehel, aged 40, was arrested for committing 25 offenses for accessing computer systems, 25 crimes without law amending and restricting access to data, 25 offenses of unauthorized transfer of data from a computer system and 15 offenses of violating secrecy. He was charged that between October 2010 - July 2011, he accessed without law, in violation of security measures, e-mail accounts and accounts of the Facebook belonging Dragos Mos,tenescu, Corina Caragea, Laura COSO, Roxana Iva(nescu , Rona Hartner, Iliviu Les,u Daniela Aciu, Irina Reisler Capitanu Violeta Babliuc Monica Barbu, Lenut,a Aciu, Sarah Radulescu, Denisa Barboni Dragusanu Cristian Pulhac, Ada Milea, Youth Organization APDL, according to investigators. As a mode of operation, Lazarus Lehel accessed user accounts through restricted systems for unauthorized copying of information, pictures and private correspondence stored in the accounts of invaded parties the DIOCT prosecutors have established. He subsequently disclosed to the public content of the correspondence via social networking, posting on personal accounts created specifically for this purpose - "Little Smoke" and "pipes Theven" information and intelligence, i.e., photos, emails and other private discussions held by the invaded parties' social accounts and chat applications. Among those affected by his actions "Guccifer" was actor Steve Martin and John Dean, former advisor to President Richard Nixon, actress Mariel Hemingway, three members of the House of Lords in the UK, Laura Manning Johnson, a former CIA analyst, George Roche, former Secretary of the Air Force, and President of MetLife (an insurance company). According to some people the affected accounts were broken into from IP addresses in Greece and Russia, wrote Thesmokinggun.com. Hacker "Guccifer" claimed, in February 2013, theft of e-mail accounts belonging to members of the Bush family, correspondence disclosing personal affairs. In August 2013, "Guccifer" posted on his Facebook page a link to an e-mail correspondence between former U.S. Secretary of State Colin Powell and PSD MEP Corina Cretu . "A traitor to the fatherland," the hacker wrote on Powell's Facebook page, attaching a link to a Google Drive emails received from Cretu Powell in 2010-2011, from his account on AOL. In these emails, Cretu calls Powell, a native of Bronx, New York, "the love of my life" and suggests that she is writing about an earlier romance, according to TheSmokingGun.com. Former U.S. Secretary of State had to provide clarification about his relationship with Corina Cretu, after these revelations. According to several publications, including The Daily Mail, Huffington Post, New York Daily News and U.S. television station Fox News, the former general answered questions from the website The Smoking Gun.com, saying that he did nothing wrong to his wife - to whom he has been married 50 years - with Cretu currently PSD MEP, after emails' very individual nature "were made public. Powell said he Cretu met about ten years ago, while he was Secretary of State for former President George W. Bush, and she was spokesperson for the Romanian President Ion Iliescu . He noted that he met with her "once or twice" in the last eight years. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 07:30:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 08:30:00 -0500 Subject: [Infowarrior] - Davos: Independent commission to investigate future of internet after NSA revelations Message-ID: <2F122C04-8C78-4A5E-A2D8-22548959A177@infowarrior.org> Independent commission to investigate future of internet after NSA revelations Two-year inquiry headed by Swedish foreign minister, set up by Chatham House and CIGI thinktanks, is announced at Davos ? Ewen MacAskill, defence correspondent ? theguardian.com, Wednesday 22 January 2014 08.00 EST http://www.theguardian.com/world/2014/jan/22/independent-commission-future-internet-nsa-revelations-davos The investigation will focus on state censorship of the internet and issues of privacy and surveillance raised by Edward Snowden. Photograph: Oliver Berg/DPA/Corbis A major independent commission headed by the Swedish foreign minister, Carl Bildt, was launched on Wednesday to investigate the future of the internet in the wake of the Edward Snowden revelations. The two-year inquiry, announced at the World Economic Forum at Davos, will be wide-ranging but focus primarily on state censorship of the internet as well as the issues of privacy and surveillance raised by the Snowden leaks about America's NSA and Britain's GCHQ spy agencies. The investigation, which will conducted by a 25-member panel of politicians, academics, former intelligence officials and others from around the world, is an acknowledgement of the concerns about freedom raised by the debate. Bildt, the former Swedish prime minister, said: "The rapid evolution of the net has been made possible by the open and flexible model by which it has evolved and been governed. But increasingly this is coming under attack. "And this is happening as issues of net freedom, net security and net surveillance are increasingly debated. Net freedom is as fundamental as freedom of information and freedom of speech in our societies." The Obama administration on Friday announced the initial findings of a White House-organised review of the NSA. There are also inquiries by the US Congress and by the European parliament, but this is the first major independent one. The inquiry has been set up by Britain's foreign affairs thinktank Chatham House and by the Center for International Governance and Innovation (CIGI), which is partly funded by the Canadian government. In a joint statement, Chatham House and the CIGI said the current internet regime was under threat. "This threat to a free, open and universal internet comes from two principal sources. First, a number of authoritarian states are waging a campaign to exert greater state control over critical internet resources." The statement does not name the countries but it is aimed mainly at China and Iran, both of whom are censoring the internet. The other big issue, according to Chatham House and the CIGI, is the revelations from Snowden. "Second, revelations about the nature and extent of online surveillance have led to a loss of trust." Robin Niblett, director of Chatham House, said: "The issue of internet governance is set to become one of the most pressing global policy issues of our time." The intention of the inquiry is to hold public consultations around the world. About half a dozen meetings are planned, at a cost of about ?150,000 each. Among those on the panel are: Joseph Nye, former dean of the Kennedy school of governance at Harvard; Sir David Omand, former head of GCHQ; Michael Chertoff, former secretary of the US homeland security department and co-author of the Patriot Act that expanded NSA surveillance powers; the MEP Marietje Schaake, who has been a leading advocate of internet freedom; Latha Reddy, former deputy national security adviser of India; and Patricia Lewis, research director in the international security department at Chatham House, who said: "Internet governance is too important to be left just to governments." Asked about the lack of debate in the UK so far compared with the US and elsewhere in Europe and around the world, Lewis said: "People in Britain are more concerned than we realise. They have clearly agreed at some level to exchange data for goods and services but they did not agree for that data to be given to the government and security services. "This is a debate we sorely need." Gordon Smith, who is to be deputy chair of the commission, said: "For many people, internet governance sounds technical and esoteric but the reality is that the issues are 'high politics' and of consequence to all users of the internet, present and future." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 07:39:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 08:39:36 -0500 Subject: [Infowarrior] - Reminder of the New Normal(tm) Message-ID: <1FF1DD8D-B2C8-4557-89B6-20A2D9465197@infowarrior.org> A long, but very useful (and depressing) reminder of the New Normal and how/why it remains. While I agree many of these concepts were around long before 9/11, that incident - and the ensuing 'changes' in the name of 'security' - is an excellent case study on how fear is used to cow a populace into remaining irrationally fearful and going along with pretty much anything their politicians propose to 'protect' them. (BTW, do not get turned off by the Nazi references and historical political philosophers cited.) ?If You Are Scared, [the Terrorists] Win. If You Refuse To Be Scared, They Lose? by Washingtons Blog - January 22nd, 2014, 1:30am http://www.ritholtz.com/blog/2014/01/if-you-are-scared-the-terrorists-win-if-you-refuse-to-be-scared-they-lose/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 11:04:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 12:04:29 -0500 Subject: [Infowarrior] - Verizon Transparency Report Message-ID: <0A5F1A94-1B90-4278-834E-EE7B34C51F34@infowarrior.org> Verizon Transparency Report http://transparency.verizon.com/us-data In 2013, Verizon received approximately 320,000 requests for customer information from federal, state or local law enforcement in the United States. We do not release customer information unless authorized by law, such as a valid law enforcement demand or an appropriate request in an emergency involving the danger of death or serious physical injury. The table below sets out the number of subpoenas, orders, and warrants we received from law enforcement in the United States last year. We also received emergency requests and National Security Letters. The vast majority of these various types of demands relate to our consumer customers; we receive relatively few demands regarding our enterprise customers. Overall, we saw an increase in the number of demands we received in 2013, as compared to 2012. < -- > "We also received between 1,000 and 2,000 National Security Letters in 2013. We are not permitted to disclose the exact number of National Security Letters that were issued to us, but the government will allow us to provide a broad range." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 11:18:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 12:18:17 -0500 Subject: [Infowarrior] - REAL ID is slowly changing state drivers' licenses Message-ID: <64AF2ED0-4580-4066-896C-A89FA7F43181@infowarrior.org> Real ID is slowly changing state drivers' licenses Daniel C. Vock, Pew/Stateline Staff Writer 10:59 a.m. EST January 22, 2014 http://www.usatoday.com/story/news/nation/2014/01/22/stateline-real-id/4772785/ Nearly a decade after Congress passed the Real ID Act to thwart terrorists from getting driver's licenses, the law will finally go into effect in April. But 13 states still are not ready. The U.S. Department of Homeland Security repeatedly put off enforcement of the law, as states complained about its costs and civil rights groups objected to it as an invasion of privacy. But in December, while DHS was temporarily headed by counterterrorism expert Rand Beers, the agency unveiled a gradual rollout for enforcing the law. Brian Zimmer, president of the Coalition for a Secure Driver's License, which supports Real ID, praised the agency for its "deliberate approach." The slow ramp-up will give the agency time to address practical problems and avoid technical or training snafus before the requirements affect the general public, he said. "Nobody has ever done this before? so enforcing this law is going to be a major challenge," said Zimmer, who helped draft the law's provisions on driver's licenses as a congressional committee staffer. But Chris Calabrese, a lawyer for the American Civil Liberties Union, said the new timetable will do little to convince holdout states to comply with the law. "Nothing has changed," he said. "It is impossible to imagine DHS keeping the citizens of any of those states off of airplanes?I don't see that most of these states are going to have a whole lot more incentive than they have ever had to do this, which is to say, none." Alaska, Arizona, Kentucky, Louisiana, Maine, Massachusetts, Minnesota, Montana, New Jersey, New Mexico, New York, Oklahoma and Washington state do not currently meet the law's standards, according to DHS. Another 15 states do not yet meet the requirements but have asked the federal government for more time to do so. They all have extensions through October and can renew those extensions. Soon after Real ID became law, 17 states passed laws restricting or banning its implementation within their borders, according to the National Conference of State Legislatures. Liberals and conservatives alike recoiled at the law in its early years. They objected to the law's costs, federal pre-emption of state practices and the potential threat to personal privacy. But two of those states?Georgia and Utah?now issue Real ID-compliant licenses. Seven more are among those granted extensions to comply with the law. The controversy over Real ID faded in most state capitols as DHS repeatedly delayed enforcement. Technically, the law does not impose new rules on states. But by requiring Real ID-compliant licenses to board commercial aircraft, the law could put a lot of public pressure on states to issue licenses that meet its standards. Slow rollout In the final report it issued in July 2004, the 9/11 Commission recommended that states improve driver's license security, because four of the 19 hijackers in the terrorist attacks used state-issued driver's licenses to board the planes they later crashed. The Real ID Act, which President George W. Bush signed into law in May 2005, requires states to verify that an applicant is in the country legally, using federal databases and original documents such as birth certificates and Social Security cards. It also imposes security measures for workers who handle driver's license information or who produce the physical documents. The federal government has delayed enforcement of Real ID four times since it was originally supposed to go into effect in May 2008. As those deadlines neared, the law's proponents raised the specter of residents in noncompliant states not being able to board flights with their state-issued identification. New Mexico Gov. Susana Martinez, a Republican, often cited that as a reason to bar unauthorized immigrants from getting driver's licenses there. The federal government's new open-ended schedule would put off that type of widespread enforcement until the waning days of the Obama administration?at the earliest. The consequences for residents living in holdout states will be minimal, at least at first. They will have to present alternate forms of identification (such as a passport) to get into Washington, D.C. headquarters of DHS, nuclear power plants and restricted federal facilities. But sometime after 2016, they will no longer be able to board commercial aircraft with only their driver's license. Gradual compliance The federal government relies on information from states to determine whether they comply with 43 requirements under Real ID. In a statement, the agency said states' progress so far shows that the law's requirements are achievable. Vermont first started issuing Real ID-compliant licenses at the beginning of this year. Michael Charter from the Vermont Department of Motor Vehicles said his agency gradually put in place more and more security measures over the years to comply. "It's been easier to accomplish than we initially thought it might be. There really hasn't been tremendous backlash from the public up to this point," he said. The state had to add facial-recognition technology to the computers that store photos from driver's licenses. The software alerts workers if a new photo matches one that is already in the database for a different person. DMV employees follow up on the potential matches to determine whether there is any fraud. The state also had to change how it screens and trains workers who handle driver's license data, Charter said. The agency lets police and prosecutors use the data, but only if they submit requests to the agency with documentation of ongoing investigations. DMV workers run the actual queries. The biggest change to the physical ID cards is for unauthorized immigrants. Vermont has always required driver's license holders to show they are in the country legally, but the legislature decided last year to grant driving privileges to undocumented immigrants. So Vermont lawmakers decided to issue two forms of cards: the typical driver's license and a separate driving privilege card for the immigrants. The second card states that the ID is not valid for federal identification or official purposes, so that the state would meet the requirements of Real ID. In fact, all nine states that passed laws allowing unauthorized immigrants to drive last year specified that cards for those immigrants must have marks to distinguish them from licenses for people in the country legally, according to the National Immigration Law Forum. Before last year, only three states allowed unauthorized immigrants to drive, and only one of them?Utah?included physical distinctions for the immigrants' licenses. New Mexico and Washington still do not. Remaining obstacles Many technical, legal and philosophical obstacles remain for states that have not complied with Real ID. For many, meeting the law's requirement that states secure the locations where driver's licenses are produced can be challenging. Many states, such as Tennessee, now issue licenses from a single, secure location. That means applicants get their licenses in the mail, rather than at a state office. The law's many security provisions have prompted states such as California and Texas to consolidate facilities where residents can get driver's licenses, said Zimmer, from the Coalition for a Secure Driver's License. A legal challenge doomed New Jersey's TRU-ID program in 2012. The ACLU sued to block the state's rollout of Real ID-compliant licenses, because, the group said, the state did not follow state law for getting public feedback before putting its new license rules into effect. New Jersey officials said they would include the public if they try to roll out similar changes in the future. Ohio officials decided last year to stop work on Real ID compliance, because of privacy concerns. They were especially concerned about storing digital copies of sensitive documents and about the use of facial recognition technology, according to The Columbus Dispatch. The state's facial recognition technology generated controversy last year, when it came to light that as many as 26,500 people could access the state's database of driver's license photos, far more than in other states. Stateline is a nonpartisan, nonprofit news service of the Pew Charitable Trusts that provides daily reporting and analysis on trends in state policy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 15:45:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 16:45:37 -0500 Subject: [Infowarrior] - Microsoft okays storage of foreign users' data overseas Message-ID: <302926D3-9808-47B1-A0AA-6D4BB0D289FB@infowarrior.org> In a bid to regain trust, Microsoft okays storage of foreign users' data overseas BY Joseph Volpe January 22nd, 2014 at 4:31PM ET http://www.engadget.com/2014/01/22/microsoft-okays-storage-of-foreign-user-data-overseas/ In the wake of recent NSA leaks, Microsoft's taking the tech road less traveled and committing to protecting foreign users' data by storing it overseas. The controversial move, as reported by the Financial Times, would place that data out of the NSA's legal reach by moving it off US soil and under the protection of local laws. It also pits Microsoft against a bevy of the US internet companies, like Google, which have staunchly opposed any such requirement for offshore data-hosting, citing concerns such as increased costs for that build-out. There's also the possibility that such policies, if adopted or enforced by countries like Brazil, would cut off foreign citizens from the use of American online services should those companies choose not to comply. For Microsoft's part, the company deems the decision a necessary one to reinstall faith in the quality and security of its services. Brad Smith, the company's general counsel, told the Financial Times that despite the inherent costs in moving hosted data offshore, Microsoft believes this to be the right course of action to restore the trust of foreign users. He went on to say, "People should have the ability ... to make an informed choice of where their data resides." Smith is even advocating for a joint US-EU agreement that would put an end to the abuse of tech companies' data for the purposes of foreign espionage. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 22 21:12:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jan 2014 22:12:50 -0500 Subject: [Infowarrior] - Security Vendors Self-Censor Target Breach Details Message-ID: As Target breach unfolds, information vanishes from Web Did security companies publish too much, too soon on the Target breach? ? Jeremy Kirk (IDG News Service) ? 22 January, 2014 05:33 http://www.computerworld.com.au/article/536478/target_breach_unfolds_information_vanishes_from_web/ At least three security companies have scrubbed information related to Target from the Web, highlighting the ongoing sensitivity around one of the largest-ever data breaches. How hackers broke into Target and installed malware on point-of-sale terminals that harvested up to 40 million payment card details is extremely sensitive. Now, details that give insight into the attack are being hastily removed or redacted, perhaps not to tip off hackers or jeopardize the investigation. On Dec. 18, a malicious software sample was submitted to ThreatExpert.com, a Symantec-owned service. But the public report the service generated vanished. The report was a technical description of how the Target malware functioned, including network drive maps, an IP address and a login and password for an internal company server. Last week, iSight Partners, a Dallas-based cybersecurity company that is working with the U.S. Secret Service, published a series of questions and answers on its website related to the attacks on point-of-sale devices at U.S retailers. That too vanished on Thursday. In another example, Intel-owned McAfee redacted on Tuesday a blog post from last week that contained technical detail similar to the ThreatExpert.com report. ThreatExpert.com is an automated service that analyzes submitted files to figure out how they behave. It has an archive of reports as a resource for the security community, which can be searched. Brian Krebs, a security writer, noted ThreatExpert.com's report on the Target malware was removed and that it also disappeared from Google's cache shortly after he published a post on Jan. 15. He preserved a PDF of it, however, when it was still available in Google's cache. When queried, a Symantec spokeswoman said "we took the initiative to remove it because we didn't want the information to compromise the ongoing investigation." Alex Holden, founder of Hold Security, said it was the right move for Symantec to pull the report, as attackers might have been able to use the information to compromise other point-of-sale devices at other retailers. "I was surprised that this information was posted on the Internet in the first place," Holden said. "Besides having a Target machine's name and its IP address, system structure and drive mapping, it discloses a very vital set of credentials setup specifically for exploitation of the device." Many other malware reports on ThreatExpert.com can be found through Google's search engine that display login credentials. Although the ThreatExpert.com report remains offline, McAfee published similar information last week. McAfee's revision removes the IP address, substituting instead the phrase "EPOS_IPaddr," or electronic point-of-sale IP address. Other specific data was replaced with and . The information published on iSight Partners' website did not contain the level of technical detail matching either ThreatExpert.com or McAfee. It wasn't clear what might have triggered its disappearance, but it did describe the malware as using a "a new kind of attack method" that made it harder to forensically detect. An iSight spokeswoman didn't directly address why the information was withdrawn. "As this evolves, we are working on the best way to get the most important information out to people," she wrote via email on Sunday. As many as six other U.S. companies are believed to be victims of point-of-sale related attacks, where malware intercepts unencrypted card details. So far, Target and high-end retailer Neiman Marcus have acknowledged the attacks. Send news tips and comments to jeremy_kirk at idg.com. Follow me on Twitter: @jeremy_kirk --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 23 06:40:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 07:40:47 -0500 Subject: [Infowarrior] - USG PCLOB: NSA phone surveillance illegal Message-ID: (c/o DF) Independent review board says NSA phone data program is illegal and should end By Ellen Nakashima, E-mail the writer http://www.washingtonpost.com/world/national-security/independent-review-board-says-nsa-phone-data-program-is-illegal-and-should-end/2014/01/22/4cebd470-83dd-11e3-bbe5-6a2a3141e3a9_story.html?wpisrc=emailtoafriend An independent executive branch board has concluded that the National Security Agency?s long-running program to collect billions of Americans? phone records is illegal and should end. In a strongly worded report to be issued Thursday, the Privacy and Civil Liberties Oversight Board (PCLOB) said that the statute upon which the program was based, Section 215 of the USA Patriot Act, ?does not provide an adequate basis to support this program.? The government?s massive surveillance programs were made public starting in June of 2013. They?ve been criticized as too far-reaching and defended by officials as necessary. Explore the revelations and the fallout. His leaks have fundamentally altered the U.S. government?s relationship with its citizens, the rest of the world. The board?s conclusion goes further than President Obama, who said in a speech Friday that he thought the NSA?s database of records should be moved out of government hands but did not call for an outright halt to the program. The board had shared its conclusions with Obama in the days leading up to his speech. The divided panel also concluded that the program raises serious threats to civil liberties, has shown limited value in countering terrorism and is not sustainable from a policy perspective. ?We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation,? said the report, a copy of which was obtained by The Washington Post. ?Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.? The report is bound to spur further debate in an already charged environment in which many lawmakers are divided about the program?s value and legality. Two federal judges have issued conflicting opinions on the program?s constitutionality. The 238-page report is arguably the most extensive analysis to date of the program?s statutory and constitutional underpinnings, as well as of its practical value. It rejects the reasoning of at least 15 federal surveillance court judges and the Justice Department in saying that the program cannot be grounded in Section 215. That statute requires that records sought by the government ? in this case phone numbers dialed, call times and durations, but not call content ? be relevant to an authorized investigation. But the board found that it is impossible that all the records collected ? billions daily ? could be relevant to a single investigation ?without redefining that word in a manner that is circular, unlimited in scope.? Moreover, instead of compelling phone companies to turn over records already in their possession, the program requires them to furnish newly generated call data on a daily basis. ?This is an approach lacking foundation in the statute,? the report said. ?At its core, the approach boils down to the proposition that essentially all telephone records are relevant to essentially all international terrorism investigations,? the report said. This approach, it said, ?at minimum, is in deep tension with the statutory requirement that items obtained through a Section 215 order be sought for ?an investigation,? not for the purpose of enhancing the government?s counterterrorism capabilities generally.? The board, which was established at the urging of the 9/11 commission, was not unanimous on the issue of ending bulk collection. Two members concluded that the program, if modified to include additional privacy protections, should continue. The two were Rachel L. Brand and Elisebeth Collins Cook, who served in the Justice Department in the George W. Bush administration. The three members who urged an end to the program are Chairman David Medine, a former Federal Trade Commission official in the Clinton administration; James X. Dempsey, a public policy expert with the privacy group, the Center for Democracy & Technology; and Patricia M. Wald, a retired federal appeals court judge named to the bench by President Jimmy Carter. The report concluded that the NSA collection raises ?constitutional concerns?? with regard to U.S. citizens? rights of speech, association and privacy. ?The connections revealed by the extensive database of telephone records gathered under the program will necessarily include relationships established among individuals and groups for political, religious, and other expressive purposes,?? it said. ?Compelled disclosure to the government of information revealing these associations can have a chilling effect on the exercise of First Amendment rights.? The board?s recommendation to end the program goes further than that of a presidentially appointed review panel, which last month urged that the NSA database be shifted out of government hands but that the government find some way to preserve the NSA?s capabilities. That report left open the possibility that a third party or the phone companies could be asked to hold the data. The PCLOB, by contrast, clearly opposed any legal mandate on the companies to hold data for longer than they do now. And it opposed having a third party hold the data. But both boards concluded that even without the current NSA program, the government would still be able to seek phone records directly from the companies through traditional court orders. The PCLOB said the government could use national security letters in counterterrorism probes. In its assessment of the program?s value, the board scrutinized 12 terrorism cases cited by the intelligence community that involved information obtained through the Section 215 program. Even in cases where the data related to contacts of a known terrorism suspect, in nearly all of them the benefits were minimal--?generally limited to corroborating information that was obtained independently by the FBI,? the report said. The board rejected the contention made by officials from Obama on down that the program was necessary to address a gap arising from a failure to detect an al Qaeda terrorist in the United States, Khalid al-Mihdhar, prior to the 2001 attacks. Mihdhar was in phone contact with a safehouse in Yemen, and though the NSA had intercepted the calls, it did not realize at the time that Mihdhar was calling from San Diego. ?The failure to identify Mihdhar?s presence in the United States stemmed primarily from a lack of information sharing among federal agencies, not of a lack of surveillance capabilities,? the report said, noting that in early 2000 the CIA knew Mihdhar had a visa enabling him to enter the United States but did not advise the FBI or watchlist him. ?...This was a failure to connect the dots, not a failure to connect enough dots.? Second, the report said, the government need not have collected the entire nation?s calling records to identify the San Diego number from which Mihdhar made his calls. It asserted that the government could have used existing legal authorities to request from U.S. phone companies the records of any calls made to or from the Yemen number. ?Doing so could have identified the San Diego number on the other end of the calls,? though, it noted, the speed of the carriers? responses likely would vary. The board also stated that the program played no role in disrupting the 2009 plot to bomb the New York City subway. That case is often cited in discussions of the program?s utility. ?The Board believes that the Section 215 program has contributed only minimal value in combating terrorism beyond what the government already achieves through these and other alternative means,? the report said. ?Cessation of the program would eliminate the privacy and civil liberties concerns associated with bulk collection without unduly hampering the government?s efforts, while ensuring that any governmental requests for telephone calling records are tailored to the needs of specific investigations.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 23 07:16:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 08:16:50 -0500 Subject: [Infowarrior] - FBI note on human internal IEDs Message-ID: <165208C3-DA2A-4E59-8074-7E1A3E9F2424@infowarrior.org> Is this life imitating art, or vice-versa? Recall the human-body IED used in 'The Dark Knight' ...... DHS-FBI Bulletin: Improvised Explosive Device Concealed in Human Remains http://publicintelligence.net/dhs-fbi-dead-body-bombs/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 23 10:38:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 11:38:22 -0500 Subject: [Infowarrior] - The U.S. Crackdown on Hackers Is Our New War on Drugs Message-ID: <6F782306-1309-47A9-9266-A77C839A0AAD@infowarrior.org> The U.S. Crackdown on Hackers Is Our New War on Drugs ? By Hanni Fakhoury ? 01.23.14 ? 9:30 AM http://www.wired.com/opinion/2014/01/using-computer-drug-war-decade-dangerous-excessive-punishment-consequences/ Before Edward Snowden showed up, 2013 was shaping up as the year of reckoning for the much criticized federal anti-hacking statute, the Computer Fraud and Abuse Act (?CFAA?). The suicide of Aaron Swartz in January 2013 brought the CFAA into mainstream consciousness, so Congress held hearings about the case, and legislative fixes were introduced to change the law. Finally, there seemed to be a newfound scrutiny of CFAA prosecutions and punishment for accessing computer data without or in excess of ?authorization? ? which affected everyone from Andrew ?Weev? Auernheimer (disclosure: I?m one of his lawyers on appeal) to Chelsea Manning to Jeremy Hammond. Not to mention less illustrious personalities and everyday users, such as people who delete cookiesfrom their browsers. But unfortunately, not much has changed; if anything, the growing recognition of the powerful capabilities of modern computing and networking has resulted in a ?cyber panic? in legislatures and prosecutor offices across the country. Instead of reexamination, we?ve seen aggressive charges and excessive punishment. This cyber panic isn?t just a CFAA problem. In the zeal to crack down on cyberbullying, legislatures have passed overbroad laws criminalizing speech clearly protected by the First Amendment. This comes after one effort to use the CFAA to criminalize cyberbullying ? built on the premise that violating a website?s terms of service was unauthorized access, or the equivalent of hacking ? was thrown out as unconstitutionally vague. The panic has even spread to how crime is investigated. To prevent digital contraband from coming into the United States, border officials can now searchelectronic devices without any suspicion of wrongdoing. To get to illicit files on a seized computer, the government can force you to decrypt your computer and threaten you with jail for noncompliance. To get information about one customer, the FBI can demand a service provider turn over the key that unlocks communications from all of the service?s customers. And let?s not even get started on what the NSA has been up to. The Problem of Excessive Punishment There?s no doubt that there are good intentions here: to catch bad guys, keep people safe, and preserve some order in a chaotic and changing world. But this ?cyber panic,? particularly with the excessive and aggressive use of the CFAA, comes with a real consequence: locking up people in prison for years. Take the case of Matthew Keys, a former social media editor at Reuters, charged with violating the CFAA in federal court in Sacramento. He allegedly turned over the username and password of a server belonging to the Tribune Company to members of Anonymous, who made changes to the article of a headline in a Los Angeles Times story online. Among other changes, the headline was changed from ?Pressure builds in House to pass tax-cut package? to ?Pressure builds in House to elect CHIPPY 1337.? It seems like a clear-cut case of vandalism, a prank that caused some damage but little other harm. Under California law, physical vandalism ? like spray painting graffiti on a building ? can be punished as either a misdemeanor or a felony, with probation available for both types of charges. If probation is granted, the longest sentence a defendant can serve as a condition of probation is one year in county jail. But look at the punishment awaiting Keys. He didn?t get charged with a misdemeanor; he got indicted on three felony charges, for which he faces a harsh prison sentence. No, he won?t get anything close to the 10-year maximum. But a cursory calculation of his potential sentence under the federal sentencing guidelines suggest he?s looking at a sentence between 21 and 27 months ? about three years of his life ? if he decides to go to trial and loses. Here are more details on how such sentencing works: ? Federal sentencing is based on two things: the seriousness of a crime and the person?s criminal history. The two factors are plotted on a table, with the y-axis a scale of 1 to 43 ?levels? that determines the seriousness of a crime, and the x-axis a scale of I to VI that measures criminal history. At sentencing, the judge must determine both scores, plot them on the table, and determine the sentencing range in months, which the court can follow or disregard at its own discretion. ? Someone like Keys, who has no criminal history, is in criminal history category I. The starting point for most CFAA crimes is level 6, which is low on the scale but can quickly increase. ? Assuming the allegations in Key?s search warrant are correct, the Tribune company spent $17,650.40 to fix the damage, resulting in an increase of 4 levels for causing more than $10,000 and less than $30,000 in damage. Because Keys is charged with causing damage to a computer, he receives another 4 level increase. And because he likely abused a position of trust, he receives another 2 level increase, for a total offense level of 16 ? which has a sentencing range between 21 and 27 months for a person in criminal history category I. (That places Keys in ?Zone C? of the Sentencing Table, which means the Guidelines don?t authorize a grant of probation, though the judge could impose probation if she wanted to.) As a country and a criminal justice system, we?ve been down this road of excessive punishment before: with drugs. Prosecutors and lawmakers need to take a step back and think long and hard about whether we?re going down the same road with their zeal towards computer crimes. For many years, there was a radical disparity in how federal law treated crack and powder cocaine. A person who possessed 5 grams of crack cocaine could be charged with a felony. But it took 500 grams of powder cocaine to get the same felony punishment. This 100-to-1 ratio was born in the 1980s, when Congress was concerned that crack ? predominantly used in urban areas by people of color ? was becoming an epidemic and a violent one at that. This extreme disparity only ensured that a disproportionate amount of people of color ended up in prison. Receiving little rehabilitation while incarcerated and struggling to find work or otherwise reintegrate into society once released, convicts would return to crime, get caught, and be sentenced as a recidivist. That meant a longer jail sentence and the continuation of a destructive cycle. But over the last few years, there has been significant progress towards narrowing this gap. In 2010, Congress passed ? and President Obama signed ? legislation that reduced the 100-to-1 ratio down to 18-to-1. Attorney General Eric Holder upped the ante this past summer, announcing a series of broader policy reforms that would work to reduce harsh drug sentences by giving prosecutors flexibility to avoid charging a defendant with crimes that carry mandatory minimum prison sentences. And at the end of last year, President Obama pardoned thirteen people and commuted the sentences of eight prisoners who were sentenced under the old ratio and were therefore serving long sentences for crack cocaine convictions. These reforms took over 20 years. But as technology marches faster than the slow pace of legal change, we don?t have that kind of time to apply the lessons learned from the failed ?war on drugs? experiment to the growing wave of computer crime prosecutions. And It Doesn?t Even Work The government?s mindset is that technology and the internet can wreak havoc. Disseminating the login credentials of a powerful media company to vandalize a few websites, for example, has the potential to cause more damage than spray-painting graffiti on a highway sign. That is undoubtedly true. But will aggressive, excessive punishment really deter others here? This country?s experience with the war on drugs suggests the answer is a resounding no. The problem is pronounced with much of the politically motivated online crime that has splashed the headlines. As a generation of people who grew up plugged in and online realized there is no way to voice their complaints within the mainstream political establishment, they decided to take their protests to the medium they know best. Harsh punishment is only going to reinforce and harden that generation?s pessimism towards the government. This is not to say that ?anything goes? online or that crimes should go unpunished. But we need to question whether locking people up for long periods of time ? without addressing the root concerns about concentrated political power, civil liberties abuses, and transparency ? will have the effect of deterrence or worse yet, a hardened cynicism that perpetuates the endless cycle of punishment. That?s true of even non-politically motivated cybercrime, or really, all crime ? whether it involves a computer or not. * * * There may be hope yet. Recently, 11 members of the ?PayPal 14,? a group of individuals affiliated with Anonymous who DDoS?d PayPal in 2010 to protest its refusal to process donations to Wikileaks, pleaded guilty to felony CFAA charges in federal court. But their sentences were put off for one year (rather than receiving tough prison sentences). If the defendants stay out of trouble during that time, the felony convictions will be dropped when they come back to court, and they?ll be sentenced to misdemeanors instead. Most of the defendants will avoid jail time, and will have to pay $5,600 to PayPal in restitution. But for most of these defendants, the experience of going through a federal criminal prosecution is going to be enough to deter them from doing something similar again. Not to mention the financial penalties and misdemeanor convictions. And for those who aren?t deterred? The punishment will appropriately increase the next time. There?s just no need to excessively punish all wrongdoers. We shouldn?t let the government?s fear of computers justify disproportionate punishment. The type of graduated punishment in the Paypal 14 case is routine in low-level, physical-world criminal cases brought in state courts throughout the country; it can work with computer crime too. It?s time for the government to learn from its failed 20th century experiment over-punishing drugs and start making sensible decisions about high-tech punishment in the 21st century. It can?t afford to be behind when it comes to tech, especially as the impacts of ?cyber-panic? on users ? beyond hackers ? are very real. From rforno at infowarrior.org Thu Jan 23 13:31:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 14:31:08 -0500 Subject: [Infowarrior] - USG PCLOB Report (PDF) on S.215 surveillance Message-ID: <2CF30ACB-39FB-4FE8-AA47-6A237A69FAA5@infowarrior.org> USG Privacy and Civil Liberties Oversight Board Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court JANUARY 23, 2014 http://cryptome.org/2014/01/pclob-14-0123.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 23 13:43:26 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 14:43:26 -0500 Subject: [Infowarrior] - ICE Takes To Twitter To Defend itself Message-ID: <528F201E-5B1F-47B8-80BE-04A261FEE8B9@infowarrior.org> ICE Takes To Twitter In Ridiculous Attempt To Defend Interrogating A Man In A Movie Theater For Wearing Google Glass from the theft? dept http://www.techdirt.com/articles/20140123/07494325966/ice-takes-to-twitter-ridiculous-attempt-to-defend-interrogating-man-movie-theater-wearing-google-glass.shtml Earlier this week there was a report about a guy being yanked out of his seat in a movie theater for wearing Google Glass during the movie. Glass was turned off, and the guy kept them on because he had prescription lenses installed and wears them as his regular glasses. Both the MPAA and federal agents were called to interrogate the guy for a few hours, asking him a bunch of ridiculous questions until late in the night, before someone finally realized he hadn't done anything. Both the MPAA and ICE confirmed the incident happened, and yesterday folks at ICE -- who have recently been transitioned into the new Homeland Security Investigations (HSI) organization -- decided to take to their bizarrely named twitter account, @wwwicegov, to further "defend" these actions, by talking up how they're in charge of dealing with "movie theft." Because, apparently, Homeland Security Investigations doesn't understand the law, and doesn't realize that (1) infringement is not, and has never been, "theft" and (2) a dude wearing a powered-off Google Glass is not doing anything wrong. Here are the tweets: < -- > As you can see, there's a lot of ridiculousness there -- just the fact that they repeatedly refer to it as "theft," as mentioned above. The problem is that ICE's role as "the lead agency to combat piracy" is a joke. As ICE, it was supposed to focus on stopping counterfeit physical products from crossing the border. But with the help of Joe Biden and Hollywood, that mandate has been twisted repeatedly, so that what started as a very narrow mandate is now being treated as this broad mandate from an organization that doesn't even understand the issues. For years now, the group has made sure to conflate the very, very different issues of counterfeits at the border with copyright infringement, as it tries to expand its own mandate. And now that's reached the absolutely insane point of yanking people out of their movie seats for doing nothing wrong, entirely on the say so of the MPAA -- a private group which has a long history of overreacting badly to new technologies. What comes out of this is that ICE/HSI now appears to be incredibly gullible, falling for basically every bullshit claim from the MPAA. Just imagine if ICE/HSI had been around and had this sort of broad stupid made-up power over "intellectual property theft" during the introduction of the VCR -- back when the MPAA was declaring it illegal? ICE would be out there raiding and shutting down electronics stores for selling the devices. All because the MPAA said so. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 23 16:02:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 17:02:34 -0500 Subject: [Infowarrior] - Secret Baltimore audit found city speed cameras had high error rates Message-ID: (c/o KM) www.baltimoresun.com/news/maryland/sun-investigates/bs-md-ci-speed-camera-audit-20140122,0,7535235.story baltimoresun.com Secret audit found city speed cameras had high error rates By Luke Broadwater and Scott Calvert, The Baltimore Sun 9:14 PM EST, January 22, 2014 Baltimore's speed cameras likely charged motorists for thousands more erroneous tickets than previously disclosed, according to data from a secret audit conducted for the city last year and obtained by The Baltimore Sun. Consultant URS Corp. evaluated the camera system as run by Xerox State and Local Solutions in 2012 and found an error rate of more than 10 percent ? 40 times higher than city officials have claimed. The city got those findings last April but never disclosed the high error rate, refusing calls by members of the City Council to release the audit. The city issued roughly 700,000 speed camera tickets at $40 each in fiscal year 2012. If 10 percent were wrong, 70,000 would have wrongly been charged $2.8 million. City Council members reacted with dismay and anger when told Wednesday of the audit's results, asking why the Rawlings-Blake administration didn't reveal the high error rate months ago and take steps to fully refund fines paid by motorists. "It's outrageous. No, it's beyond outrageous," said City Councilman Carl Stokes, who has been calling on the city to release the audit. "Who ever heard of a secret audit? We should have told the public immediately. We should have declared complete amnesty, that all of the tickets were null and void. If anybody paid, they should be paid back." The audit identified 13 cameras with double-digit error rates, including one at Loch Raven Boulevard that was giving out more erroneous tickets than accurate citations. A camera in the 1000 block of Caton Ave. had a 35 percent error rate, the audit found. A device at the 6500 block of Eastern Ave. had a 45 percent error rate. And a speed camera in the 5400 block of Loch Raven Blvd. had a 58 percent error rate. "That is extraordinary," said City Council member Robert Curran. "Anything more than a 2 percent error rate is unacceptable." Throughout 2012, city officials repeatedly claimed the error rate of their 83 cameras was "less than a quarter of one percent" in response to a Sun investigation that documented erroneous speed readings at seven cameras. City officials said Wednesday that they shut down the entire speed camera program last spring ? by then being run by a different company ? within a week of reviewing the audit's findings. They pointed out that they have voided or refunded tickets they believed were obviously erroneous. "Once it became clear that there were very high error rates, we didn't feel comfortable with the program, and we moved quickly to take it offline," said Kevin Harris, a spokesman for Mayor Stephanie Rawlings-Blake. "I think if you look at the actions we took, it's clear we did take it seriously, which is why we have voided and refunded all erroneous tickets and told the public immediately that the program would be discontinued until we could vouch for its accuracy." City Councilman Brandon Scott said the city's Department of Transportation should have alerted the public to the audit's findings immediately. "We're going to have to work harder to restore public trust," he said. A spokesman for Xerox, Carl Langsenkamp, said the company would have no comment on the audit. California-based URS Corp. did not respond to a request for comment. Xerox operated Baltimore's speed camera program from the fall of 2009 through 2012, when the city put the contract up for bid again. After The Sun's report on problems with the system was published in November, Xerox said it had detected a 5.2 percent error rate at five cameras and took them off line in the weeks before its contract ended. The city selected Brekford Corp. of Anne Arundel County to take over the system starting in January of last year. Brekford's brief tenure in 2013 was beset by problems; the city shut down their cameras in April and severed its contract with Brekford last month. The city hired URS last February, in part to review the accuracy of the system as operated by Xerox. The consulting firm looked at a sample of nearly 1,000 tickets from a random day in 2012 at 37 of the city's 83 speed cameras. The firm said it could vouch for the accuracy of about 64 percent of tickets. More than 10 percent were found to be in error, while another 26 percent were questionable. While 13 cameras had double-digit error rates, 12 had no errors, the audit found. The company said it welcomed Xerox's response to their findings. Despite calls from the City Council to release the audit, the administration does not plan to do so, Harris said. City Solicitor George Nilson, the administration's chief lawyer, has said releasing the audit would violate a settlement agreement with Xerox and "create obvious risks and potential exposure for the city." In the settlement, the city agreed to pay Xerox $2.3 million for invoices from late 2012. The city also agreed to keep confidential any documents "referring or relating to, or reflecting, each party's internal considerations, discussions, analyses, and/or evaluations of issues raised during the settlement discussions." The settlement was not approved by the Board of Estimates. Comptroller Joan Pratt has said the settlement should have come before the board for consideration. In late February, the spending board agreed to pay URS $278,000 for work that included an audit of Xerox tickets. Nilson said the audit was "a critical part of the settlement negotiations and figured prominently in the conclusion of those discussions." He said it was "unequivocally done in anticipation of possible litigation." Rawlings-Blake has said the city plans to pursue a smaller camera program this year. In Annapolis Wednesday, state Sen. Jim Brochin, a Baltimore County Democrat, introduced a bill he said is intended to reform speed camera systems in Maryland, including requiring ombudsmen to hear complaints about erroneous tickets. Brochin said he was concerned about the URS audit's findings, given that Xerox is the speed camera vendor for the state, Baltimore County, Howard County and elsewhere. "I would hope that Baltimore County would look at this, study it, and do their own audit," Brochin said. "The one thing that's clear is the technology has not been perfected. It's not fair for the person that's driving, going the speed limit and getting a bogus ticket." Last summer URS also monitored testing aimed at fixing and restarting the camera system under Brekford. Its findings ? which the city released to The Sun in response to a public records request ? showed persistent problems, including preventable errors. This month, the city expanded its contract with URS. The Board of Estimates agreed to pay $237,000 for "additional independent monitoring services" of the city's speed and red-light cameras. The company will monitor "engineering services, documents and preparing of standard operating procedures and business rules," according to board records. luke.broadwater at baltsun.com scott.calvert at baltsun.com Copyright ? 2014, The Baltimore Sun From rforno at infowarrior.org Thu Jan 23 17:32:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jan 2014 18:32:08 -0500 Subject: [Infowarrior] - Transcript: Today's Live Q&A with Edward Snowden Message-ID: Live Q&A with Edward Snowden: Thursday 23rd January, 8pm GMT, 3pm EST http://freesnowden.is/asksnowden.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 24 07:48:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jan 2014 08:48:38 -0500 Subject: [Infowarrior] - Kudos to Al-Jaz America (and yes, Glenn Beck) Message-ID: <0534CF37-5166-4277-97D6-E2A0F4AB281C@infowarrior.org> (On a side note, CNN really has become the Comedy Noise Network -- reportedly prepping a 'Bieber Special' for primetime soon. Puh-lease. --rick) Why You Won?t See Bieber?s Arrest on Al Jazeera America By Merrill Knox on January 23, 2014 2:50 PM At least one cable news network is staying away from today?s Justin Bieber drama: Al Jazeera America has not covered the pop star?s arrest aside from a brief mention in the 8amET hour. An Al Jazeera America source tells TVNewser: ?It didn?t hit the level of top news for us on a day when we have the Syrian talks, the Iranian President speaking at Davos, the West Virginia chemical spill continuing and other stories.? The network has correspondents on location for each story: Nick Schifrin is in Switzerland for the peace talks, Ali Velshi is in Davos and Jonathan Martin is in Charleston. AJAM is also reporting today on Edward Snowden?s online chat and the private security firm accused of defrauding the U.S. government by submitting 650,000 applications that were not fully vetted. Glenn Beck?s TheBlaze has also declared itself a Bieber-free zone. http://www.mediabistro.com/tvnewser/why-you-wont-see-biebers-arrest-on-al-jazeera-america_b211138 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 24 14:43:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jan 2014 15:43:17 -0500 Subject: [Infowarrior] - GMail outage Message-ID: <73BE436C-969A-42F8-A6A0-53F1B1274E54@infowarrior.org> Google's popular Gmail service dropped offline for a bit at midday Friday. by Seth Rosenblatt January 24, 2014 11:15 AM PST http://news.cnet.com/8301-1001_3-57617763-92/gmail-takes-a-friday-timeout/ Google's Gmail service, which provides e-mail for around 450 million people, went offline Friday morning around 11:04 a.m. PT. Service began to return for many Gmail users 25 minutes later, although some are still without full service. A Google spokesperson said that the company is looking into the outage. Google quickly updated its apps status dashboard to reflect that Gmail was down. Officially, the company flagged the outage as a "service disruption," and not an "service outage," although that's probably little consolation to people who weren't able to access their Gmail. Google has updated the dashboard to show service disruptions for Gmail, Calendar, Talk, Drive, Docs, Sheets, Slides, Drawings, Sites, Group, and Google+ Hangouts. Coincidentally, Google site reliability engineers were hosting a Reddit "Ask Me Anything" during Gmail's naptime. Twitter exploded with the expected snark of the masses, including competitor Yahoo, which also tweeted the news with a screenshot. Yahoo Mail itself suffered a multiday outage last month. Update at 12:25 p.m. to add that most Google services have been disrupted. Update at 11:40 a.m. to add context. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 24 14:47:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jan 2014 15:47:03 -0500 Subject: [Infowarrior] - MSNBC joining the latest cable 'news' fail Message-ID: Journalism! MSNBC Cuts Off Congresswoman Talking About NSA To Get To 'Breaking News' About Justin Bieber http://www.techdirt.com/articles/20140124/07221725975/journalism-msnbc-cuts-off-congresswoman-talking-about-nsa-to-get-to-breaking-news-about-justin-bieber.shtml If you haven't yet, you should watch this 25-second clip of MSNBC "reporter" Andrea Mitchell cutting off Congresswoman Jane Harman just as she was explaining why the government needs to end the Section 215 bulk phone records collection program that spies on all Americans... in order to rush to cover the "breaking news" of Justin Bieber's court appearance live. < - http://www.youtube.com/watch?v=GH68bSJXGE8 - > Yes, apparently, making sure they cover Bieber's bond hearing live is more important than discussing the US government surveilling every American illegally. Of course, an argument can be made that this is what the American public wants, though that's partly because the cable news programs have learned since the OJ era that nothing gets viewers like covering a high profile court case to an extreme level. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jan 26 18:42:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Jan 2014 19:42:20 -0500 Subject: [Infowarrior] - Google to Buy Artificial Intelligence Startup DeepMind for $400M Message-ID: Exclusive: Google to Buy Artificial Intelligence Startup DeepMind for $400M January 26, 2014, 4:25 PM PST By Liz Gannes http://recode.net/2014/01/26/exclusive-google-to-buy-artificial-intelligence-startup-deepmind-for-400m/ Google is shelling out $400 million to buy a secretive artificial intelligence company called DeepMind. After Re/code inquired about the deal, Google confirmed that it was happening but declined to specify the price. Based in London, DeepMind was founded by games prodigy and neuroscientist Demis Hassabis, Skype and Kazaa developer Jaan Tallin and researcher Shane Legg. This is in large part an artificial intelligence talent acquisition, and Google CEO Larry Page led the deal himself, sources said. According to online bios, Hassabis in particular is quite the brain, a child prodigy in chess who was later called ?probably the best games player in history? by the Mind Sports Olympiad. DeepMind has just a landing page for a website, on which says it builds learning algorithms for simulations, e-commerce and games. Profiles on LinkedIn indicate the company is about three years old. Sources said Founders Fund is a major investor in DeepMind, along with Horizons Ventures. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jan 26 18:42:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Jan 2014 19:42:48 -0500 Subject: [Infowarrior] - Interesting financial rumblings.... Message-ID: <3F4CE24C-8F74-49A8-8EDD-9093624763DF@infowarrior.org> ? just an FYI, for those who track such things from a markets/global economics perspective. ?rick China Halts Bank Cash Transfers http://www.forbes.com/sites/gordonchang/2014/01/26/china-halts-bank-cash-transfers-2/ Lloyds And TSB Hit By Card And ATM Problems http://news.sky.com/story/1201359/lloyds-and-tsb-hit-by-card-and-atm-problems (this story is the latest on something that ?broke? the other day?.) HSBC Apologizes After Cash Withdrawal Issue in Britain http://dealbook.nytimes.com/2014/01/26/hsbc-apologizes-after-cash-withdrawal-issue-in-britain/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 06:51:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 07:51:40 -0500 Subject: [Infowarrior] - Wired: FBI pretty much owns TorMail archives Message-ID: If You Used This Secure Webmail Site, the FBI Has Your Inbox ? By Kevin Poulsen ? 01.27.14 ? 6:30 AM http://www.wired.com/threatlevel/2014/01/tormail/ While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail. Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau?s data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: ?platplus at tormail.net.? Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau?s own copy of ?data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts,? according to the complaint (.pdf) sworn out by U.S. Postal Inspector Eric Malecki. The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There?s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail?s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying. ?We have no information to give you or to respond to any subpoenas or court orders,? read TorMail?s homepage. ?Do not bother contacting us for information on, or to view the contents of a TorMail user inbox, you will be ignored.? In another e-mail case, the FBI last year won a court order compelling secure e-mail provider Lavabit to turn over the master encryption keys for its website, which would have given agents the technical ability to spy on all of Lavabit?s 400,000 users ? though the government said it was interested only in one. (Rather than comply, Lavabit shut down and is appealing the surveillance order). TorMail was the webmail provider of choice for denizens of the so-called Darknet of anonymous and encrypted websites and services, making the FBI?s cache extraordinarily valuable. The affair also sheds a little more light on the already-strange story of the FBI?s broad attack on Freedom Hosting, once a key service provider for untraceable websites. Freedom Hosting specialized in providing turnkey ?Tor hidden service? sites ? special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by those seeking to evade surveillance or protect users? privacy to an extraordinary degree ? human rights groups and journalists as well as serious criminal elements. By some estimates, Freedom Hosting backstopped fully half of all hidden services at the time it was shut down last year ? TorMail among them. But it had a reputation for tolerating child pornography on its servers. In July, the FBI moved on the company and had the alleged operator, Eric Eoin Marques, arrested at his home in Ireland. The U.S. is now seeking his extradition for allegedly facilitating child porn on a massive scale; hearings are set to begin in Dublin this week. According to the new document, the FBI obtained the data belonging to Freedom Hosting?s customers through a Mutual Legal Assistance request to France ? where the company leased its servers ? between July 22, 2013 and August 2 of last year. That?s two days before all the sites hosted by Freedom Hosting , including TorMail, began serving an error message with hidden code embedded in the page, on August 4. Security researchers dissected the code and found it exploited a security hole in Firefox to de-anonymize users with slightly outdated versions of Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. Though the FBI hasn?t commented (and declined to speak for this story), the malware?s behavior was consistent with the FBI?s spyware deployments, now known as a ?Network Investigative Technique.? No mass deployment of the FBI?s malware had ever before been spotted in the wild. The attack through TorMail alarmed many in the Darknet, including the underground?s most notorious figure ? Dread Pirate Roberts, the operator of the Silk Road drug forum, who took the unusual step of posting a warning on the Silk Road homepage. An analysis he wrote on the associated forum now seems prescient. ?I know that MANY people, vendors included, used TorMail,? he wrote. ?You must think back through your TorMail usage and assume everything you wrote there and didn?t encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you.? Two months later the FBI arrested San Francisco man Ross William Ulbricht as the alleged Silk Road operator. The connection, if any, between the FBI obtaining Freedom Hosting?s data and apparently launching the malware campaign through TorMail and the other sites isn?t spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites. The French company also hasn?t been identified. But France?s largest hosting company, OVH, announced on July 29, in the middle of the FBI?s then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can?t comment on specific cases, and declined to say whether Freedom Hosting was a customer. ?Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders,? OVH spokesman Benjamin Bongoat told WIRED. ?This is all we can say as we usually don?t make any comments on hot topics.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 06:55:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 07:55:40 -0500 Subject: [Infowarrior] - Obama signs off on nomination of Rogers as NSA director Message-ID: <8C5F271B-3738-49B1-AAED-CFCB8CA5A9B9@infowarrior.org> (note: unless otherwise stayed, any critical comments made about "Mike Rogers" refers to the arrogant fearmongering chest-thumping Congresscritter from Michigan. If confirmed, I will refer to this potential NSA director as "VADM Rogers" or "DIRNSA". --rick) Obama signs off on nomination of Rogers as NSA director By Ellen Nakashima http://www.washingtonpost.com/world/national-security/obama-signs-off-on-nomination-of-rogers-as-nsa-director/2014/01/25/bc54378c-85f7-11e3-801f-e3ff2ca3fab6_print.html President Obama has signed off on the nomination of Vice Adm. Michael S. Rogers to lead the embattled National Security Agency and the Pentagon?s cyberwarfare organization, according to sources familiar with the decision. In an unusual move, Obama himself interviewed Rogers last week, in a reflection of the job?s high profile at a time when the NSA has drawn fire for the scope of its surveillance practices. White House spokeswoman Caitlin Hayden declined to comment, but people familiar with the matter said an announcement is expected soon. Rogers, a Navy cryptologist, had long been seen as the frontrunner to succeed Gen. Keith Alexander, who has been NSA director since 2005. Alexander, who will retire March 14, is the longest-serving NSA head. He is also the first commander of U.S. Cyber Command, which launched in 2009. Rogers, whose Navy career spans more than 30 years, is ?uniquely qualified? to take on the job, said Terry Roberts, a former Naval intelligence official who worked with Rogers when he served as a special assistant to the chairman of the Joint Chiefs of Staff (JCS) and JCS director of intelligence. She cited his background in intelligence and his experience heading Fleet Cyber Command, the Navy?s cyber unit that also works for U.S. Cyber Command. Rogers understands signals intelligence and cyberattack operations, as well as the intelligence needs for the military and civilian agencies, she said. He ?is the kind of leader who will embrace the challenge of defining the optimal balance for the NSA between security, privacy and freedom in the digital age,? Roberts said. The Senate Armed Services Committee is expected to question him on issues related to both cyber operations and the NSA. Rogers has regularly briefed top military and civilian leaders at the Pentagon. He has been involved in cyberdefense and offense policy issues as head of Fleet Cyber Command. But he has not had to defend the nation?s largest intelligence agency against charges of violating surveillance and privacy laws, and the Constitution. Last month, Obama decided not to split the leadership of the NSA and Cyber Command, which a number of administration officials advocated, including Director of National Intelligence James R. Clapper Jr. Obama also opted not to end the 62-year tradition at the NSA of having a uniformed officer as the director. Alexander, who supported Rogers as his successor, has long argued that Cyber Command and the NSA need to be under one leader and closely linked because the military cyber mission depends heavily on the NSA?s networks and capabilities. Some military cyber personnel say that Cyber Command will never fully mature as an organization unless the leadership roles are split. In a 2012 interview, Rogers told The Washington Post that he was comfortable with the current ?dual-hat? arrangement. ?I think it is a sound one,? he said. He said that fostering a ?culture of accountability and responsibility? was one of his goals as Fleet Cyber commander. ?We need to make sure that commanders understand cyber is a core facet of operations and warfare of the 21st century,? he said, adding that ?it is not a silver bullet. It is not going to replace other capabilities.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 07:14:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 08:14:04 -0500 Subject: [Infowarrior] - Google's Drummond calls for new NSA reforms Message-ID: <82D7FB31-ACA9-4A1C-976B-A33C69EA6DD7@infowarrior.org> 27 January 2014 Last updated at 07:01 ET Google's Drummond calls for new NSA reforms By Adam Blenford BBC News http://www.bbc.co.uk/news/technology-25910694?print=true Moves by US President Barack Obama to rein in spies at the National Security Agency do not go far enough, a senior figure at Google has told the BBC. David Drummond, the tech giant's chief legal officer, said the US needed to change its approach to intelligence to restore trust in the internet. His comments are some of the first by a senior tech figure since a speech by the US president earlier this month. They come as ex-NSA contractor Edward Snowden gave his first TV interview. Mr Snowden, who has been in exile in Russia since leaking the information that lifted the lid on the scale of US and UK intelligence programmes, told Germany's public broadcaster ARD that the NSA practised "industrial espionage". He said the agency would spy on big German companies that competed with US firms. Mr Snowden, 30, also said he believed that US officials wanted to kill him. Innovation concern Google's Mr Drummond described Mr Obama's high-profile speech on intelligence, delivered on 17 January at the Department of Justice in Washington, as a "positive step". But he said the president's proposals - which mainly focused on limiting the mass collection of phone call information, or metadata - were not enough. "Let me be clear about it, in general they fall short of where any of the speech and the proposal and the speech fell short of where we'd like to see this go," Mr Drummond said. "But I think it was a first step for the administration, it's not the final word on where this will go, hopefully, we intend to be very engaged in that debate." Almost eight months of leaks by Mr Snowden have focused attention on the large-scale collection of phone call, SMS and internet data by the NSA and by GCHQ in the UK. The leaks have worried tech companies such as Google, Facebook and Microsoft, who are concerned that public trust in their services has been undermined by the US government. "People really need to trust the internet and to trust internet companies and that really underpins a lot of the innovation," Mr Drummond said. "We've been concerned about the long-term user trust in the internet and what that means for acceptance for new innovations," he added. "If you build something great but people are worried or won't try it because they're afraid, then it's not going to work." Separately, the politician responsible for piloting a new European data protection law described Mr Snowden's leaks as a "wake-up call" to the world that had undermined trust between Europe and the US. But EU Justice Commissioner Viviane Reding told the BBC that after two years of negotiations with the US over European efforts to update legal safeguards for EU citizens and companies exchanging data with the US, politicians in Washington were now starting to hear her message. "I have been speaking with the Attorney General, Eric Holder, and we are working to see what regulations in the United States can be changed so there is reciprocity and we can finalise this much-needed regulation on both sides of the Atlantic for exchanging data," Ms Reding said. She said Mr Obama would meet European Commission head Jose Manuel Barroso on 26 March, adding that she expected concrete achievements by then. "Our American partners always told us that data protection was something dear to the heart of the Europeans but nobody cares in the United States. I think that recently people in the US also care - members of Congress, senators as well." Snowden: 'I sleep well' Mr Snowden's interview with German broadcaster ARD was his first on-camera interview since revealing himself last June as the source of the NSA leaks. Since being offered temporary asylum in Russia, Mr Snowden has given just one major interview, to the Washington Post shortly before Christmas. He has also answered email questions submitted to him by some journalists. Last week he answered questions on a website called Free Snowden. ARD said they had carried out a six-hour interview that was filmed in a Moscow hotel suite, airing 40 minutes of the footage. He suggested the NSA spied on companies of interest to US national interests, as well as its stated core mission of national security. "If there's information at Siemens that's beneficial to US national interests - even if it doesn't have anything to do with national security - then they'll take that information nevertheless," Mr Snowden said. He also discussed reports of threats to his life, describing them as "significant" but saying: "I sleep very well." "These people, and they are government officials, have said they would love to put a bullet in my head or poison me when I come out of the supermarket and then watch me die in the shower," he said, referring to anonymous quotes on US website BuzzFeed. "I'm still alive and don't lose sleep for what I did because it was the right thing to do." Mr Snowden's leaks caused outrage in Germany when it came to light that Chancellor Angela Merkel's phone had been bugged. After the news broke last year, Mrs Merkel accused the US of an unacceptable breach of trust. Last week President Obama indicated to Germany's ZDF TV that US bugging of Mrs Merkel's mobile phone had been a mistake and would not happen again. The US has charged Mr Snowden with theft of government property, unauthorised communication of national defence information and wilful communication of classified communications intelligence. Each of the charges carries a maximum 10-year prison sentence. Earlier this week he said he had "no chance" of a fair trial in the US and had no plans to return there. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 07:26:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 08:26:42 -0500 Subject: [Infowarrior] - =?windows-1252?q?The_Age_of_=91Infopolitics=92?= Message-ID: The Age of ?Infopolitics? By COLIN KOOPMAN http://opinionator.blogs.nytimes.com/2014/01/26/the-age-of-infopolitics/ We are in the midst of a flood of alarming revelations about information sweeps conducted by government agencies and private corporations concerning the activities and habits of ordinary Americans. After the initial alarm that accompanies every leak and news report, many of us retreat to the status quo, quieting ourselves with the thought that these new surveillance strategies are not all that sinister, especially if, as we like to say, we have nothing to hide. We do not like to think of ourselves as bits and bytes. But if we don?t, we leave it to others to do it for us. One reason for our complacency is that we lack the intellectual framework to grasp the new kinds of political injustices characteristic of today?s information society. Everyone understands what is wrong with a government?s depriving its citizens of freedom of assembly or liberty of conscience. Everyone (or most everyone) understands the injustice of government-sanctioned racial profiling or policies that produce economic inequality along color lines. But though nearly all of us have a vague sense that something is wrong with the new regimes of data surveillance, it is difficult for us to specify exactly what is happening and why it raises serious concern, let alone what we might do about it. Our confusion is a sign that we need a new way of thinking about our informational milieu. What we need is a concept of infopolitics that would help us understand the increasingly dense ties between politics and information. Infopolitics encompasses not only traditional state surveillance and data surveillance, but also ?data analytics? (the techniques that enable marketers at companies like Target to detect, for instance, if you are pregnant), digital rights movements (promoted by organizations like the Electronic Frontier Foundation), online-only crypto-currencies (like Bitcoin or Litecoin), algorithmic finance (like automated micro-trading) and digital property disputes (from peer-to-peer file sharing to property claims in the virtual world of Second Life). These are only the tip of an enormous iceberg that is drifting we know not where. Surveying this iceberg is crucial because atop it sits a new kind of person: the informational person. Politically and culturally, we are increasingly defined through an array of information architectures: highly designed environments of data, like our social media profiles, into which we often have to squeeze ourselves. The same is true of identity documents like your passport and individualizing dossiers like your college transcripts. Such architectures capture, code, sort, fasten and analyze a dizzying number of details about us. Our minds are represented by psychological evaluations, education records, credit scores. Our bodies are characterized via medical dossiers, fitness and nutrition tracking regimens, airport security apparatuses. We have become what the privacy theorist Daniel Solove calls ?digital persons.? As such we are subject to infopolitics (or what the philosopher Gr?goire Chamayou calls ?datapower,? the political theorist Davide Panagia ?datapolitik? and the pioneering thinker Donna Haraway ?informatics of domination?). Today?s informational person is the culmination of developments stretching back to the late 19th century. It was in those decades that a number of early technologies of informational identity were first assembled. Fingerprinting was implemented in colonial India, then imported to Britain, then exported worldwide. Anthropometry ? the measurement of persons to produce identifying records ? was developed in France in order to identify recidivists. The registration of births, which has since become profoundly important for initiating identification claims, became standardized in many countries, with Massachusetts pioneering the way in the United States before a census initiative in 1900 led to national standardization. In the same era, bureaucrats visiting rural districts complained that they could not identify individuals whose names changed from context to context, which led to initiatives to universalize standard names. Once fingerprints, biometrics, birth certificates and standardized names were operational, it became possible to implement an international passport system, a social security number and all other manner of paperwork that tells us who someone is. When all that paper ultimately went digital, the reams of data about us became radically more assessable and subject to manipulation, which has made us even more informational. We like to think of ourselves as somehow apart from all this information. We are real ? the information is merely about us. But what is it that is real? What would be left of you if someone took away all your numbers, cards, accounts, dossiers and other informational prostheses? Information is not just about you ? it alsoconstitutes who you are. We understandably do not want to see ourselves as bits and bytes. But unless we begin conceptualizing ourselves in this way, we leave it to others to do it for us. Many government agencies and giant corporations are all too eager to continue the work of producing detailed data profiles of all of us. These profiles may be produced for varying purposes (targeting terrorists is not the same work as targeting consumers), but they all involve informational pictures of who we are ? as well as who we can become. These agencies and corporations will continue producing new visions of you and me, and they will do so without our input if we remain stubbornly attached to antiquated conceptions of selfhood that keep us from admitting how informational we already are. We need a concept of infopolitics precisely because we have become infopersons. What should we do about our Internet and phone patterns? being fastidiously harvested and stored away in remote databanks where they await inspection by future algorithms developed at the National Security Agency, Facebook, credit reporting firms like Experian and other new institutions of information and control that will come into existence in future decades? What bits of the informational you will fall under scrutiny? The political you? The sexual you? What next-generation McCarthyisms await your informational self? And will those excesses of oversight be found in some Senate subcommittee against which we democratic citizens might hope to rise up in revolt ? or will they lurk among algorithmic automatons that silently seal our fates in digital filing systems? As soon as we learn to see ourselves and our politics as informational, we can begin to see the importance of surveillance reforms of the sort proposed by Senator Ron Wyden, Democrat of Oregon, as well as the wisdom implicit in the transgressions of ?hacktivists? whose ethics call for anonymity and untraceability. Despite their decidedly different political sensibilities, what links together the likes of Senator Wyden and the international hacker network known as Anonymous is that they respect the severity of what is at stake in our information. They understand that information is a site for the call of justice today, alongside more quintessential battlefields like liberty of thought and equality of opportunity. Willingness to see ourselves as informational persons subject to informational powers could help us bring into view what will be required to protect the many individual rights and social ties now inhering in all those bits and bytes. /// Colin Koopman is an assistant professor of philosophy at the University of Oregon, where he is also a resident scholar at the Wayne Morse Center for Law and Politics. He is the author of ?Genealogy as Critique? and ?Pragmatism as Transition,? and is at work on a book about infopolitics. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 09:20:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 10:20:52 -0500 Subject: [Infowarrior] - Prince Sues Fans For $22 Million For Posting Links To Concert Videos Message-ID: Presumably any remaining fans of his will pirate the heck out of his stuff in protest of his ongoing Internet idiocy. --rick Prince Sues Fans For $22 Million For Posting Links To Concert Videos http://www.hypebot.com/hypebot/2014/01/prince-sues-fans-for-22-million-.html Last week Prince continued his career long litigious streak with a new attack on some of his biggest fans. A lawsuit filed in San Francisco court seeks to punish fans who found linked to old concert videos of Prince concerts and posted them on Facebook and blogs. The suit names 22 fans - 20 as yet unidentified - and asks for $1 million each or $22 million in damages. The 21 page suit targets mostly Prince fan sites with names like Purple House, Purple Kiss and Funky Experience Four for sharing bootleg recordings. The lawsuit alleges that "constitute an interconnected network of bootleg distribution which is able to broadly disseminate unauthorised copies of Prince's musical compositions and live performances". On the unofficial Prince forum prince.org, fans reacted negatively: Another lawsuit once again....????? is this a joke, what a black day in Prince history. Proven once again: Prince is an a*sehole. Another reason for me to quit the Prince world, his new music sucks anyway. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 17:09:35 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 18:09:35 -0500 Subject: [Infowarrior] - Spy Agencies Probe Angry Birds and Other Apps for Personal Data Message-ID: Spy Agencies Probe Angry Birds and Other Apps for Personal Data by Jeff Larson, ProPublica, and James Glanz and Andrew W. Lehren, The New York Times, Jan. 27, 2014, 12:30 p.m. This story was co-produced with The New York Times and The Guardian. When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player?s location, age, sex and other personal information, according to secret British intelligence documents. In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up. According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users? smartphone identification codes to where they have been that day. The N.S.A. and Britain?s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services. The eavesdroppers? pursuit of mobile networks has been outlined in earlier reports, but the secret documents, shared by The New York Times, The Guardian and ProPublica, offer far more details of their ambitions for smartphones and the apps that run on them. The efforts were part of an initiative called ?the mobile surge,? according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan. One N.S.A. analyst?s enthusiasm was evident in the breathless title ? ?Golden Nugget!? ? given to one slide for a top-secret 2010 talk describing iPhones and Android phones as rich resources, one document notes. The scale and the specifics of the data haul are not clear. The documents show that the N.S.A. and the British agency routinely obtain information from certain apps, particularly some of those introduced earliest to cellphones. With some newer apps, including Angry Birds, the agencies have a similar capability, the documents show, but they do not make explicit whether the spies have put that into practice. Some personal data, developed in profiles by advertising companies, could be particularly sensitive: A secret 2012 British intelligence document says that spies can scrub smartphone apps that contain details like a user?s ?political alignment? and sexual orientation. < ? > http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 17:09:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 18:09:52 -0500 Subject: [Infowarrior] - DOJ to allow tech firsm greater disclosures of gov requests Message-ID: <8FF132EE-D509-48DB-9FDF-D49BC5311BBE@infowarrior.org> U.S. to allow companies to disclose more details on government requests for data By Craig Timberg and Adam Goldman http://www.washingtonpost.com/business/technology/us-to-allow-companies-to-disclose-more-details-on-government-requests-for-data/2014/01/27/3cc96226-8796-11e3-a5bd-844629433ba3_story.html The Justice Department has agreed to relax its long-standing gag order on certain types of sensitive data requests made to companies, allowing them for the first time to publicize ? in broad terms ? how often they must furnish customer information to the government, U.S. officials announced Monday. The agreement, struck in response to legal challenges from Google, Microsoft and other technology companies, comes as part of President Obama?s effort to ease the secrecy around government intelligence-gathering in the aftermath of revelations by former National Security Agency contractor Edward Snowden. The new policy will allow companies to report on national security letters ? a form of administrative subpoena ? as well as on requests from the Foreign Intelligence Surveillance Court (FISC). However, they will be permitted to disclose the volume of requests only in wide numerical ranges. The number of national security letters, a frequent tool of the FBI, could be listed as between one and 999, for example. Companies will also be able to disclose, in similarly broad ranges, how many customer accounts are targeted. Such information can be reported, under the new rules, once every six months. The same rules will apply to requests from the FISC. Companies will also have the option of lumping the two categories of data requests together in a single total. If they do so, the numeric range can be in smaller bands, such as between ?zero and 249,? according to the Justice Department. U.S. officials have said that more-precise reporting might tip targets off to investigations. Although the agreement does not provide full transparency, it addresses some of the concerns raised by several technology companies over the summer during negotiations with Justice Department officials. Those talks at one point collapsed, resulting in a series of filings with the FISC, beginning in June, that formally requested a loosening of the restrictions on the grounds that they violated the First Amendment. Several technology companies long have publicized certain types of government data requests ? typically from regular courts and police ? in ?transparency reports,? but they were prohibited from offering a public accounting of national security letters and requests from the FISC. On Monday, Apple disclosed that it had received fewer than 249 national security letters, affecting fewer than 249 accounts, in the first six months of 2013. ?We applaud the Administration for taking this important step toward greater transparency, and we thank the Justice Department for considering Apple?s point of view as it reached this decision,? the company said in a statement. The new policy was detailed in a letter from Deputy Attorney General James Cole to the five companies that filed legal requests to the FISC seeking more transparency about data requests. U.S. officials also made a filing to that court. ?While this aggregate data was properly classified until today, the office of the Director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification,? the Justice Department said in a statement. The companies that waged the legal fight for more disclosure issued a joint statement Monday saying: ?We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive. We?re pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we?ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.? Several of the companies also have urged broader changes to surveillance practices, especially those by the NSA. A coalition of companies in December sent a letter to Obama and Congress demanding more-sweeping changes intended to confine data collection to formal channels and to improve transparency over such processes. ?This is a victory for transparency and a critical step toward reining in excessive government surveillance,? said Alex Abdo, staff attorney with the American Civil Liberties Union. ?Companies must be allowed to report basic information about what they?re giving the government so that Americans can decide for themselves whether the NSA?s spying has gone too far.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 17:15:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 18:15:18 -0500 Subject: [Infowarrior] - US looks at ways to prevent spying on its spying Message-ID: <5E7F13F7-ACF9-452C-A8C3-7BD8F1C8E73C@infowarrior.org> US looks at ways to prevent spying on its spying By STEPHEN BRAUN 51 minutes ago http://news.yahoo.com/us-looks-ways-prevent-spying-spying-201245107--finance.html As the Obama administration considers shifting the collection of those records from the National Security Agency to requiring that they be stored at phone companies or elsewhere, it's quietly funding research to prevent phone company employees or eavesdroppers from seeing whom the U.S. is spying on, The Associated Press has learned. The Office of the Director of National Intelligence has paid at least five research teams across the country to develop a system for high-volume, encrypted searches of electronic records kept outside the government's possession. The project is among several ideas that would allow the government to discontinue storing Americans' phone records, but still search them as needed. Under the research, U.S. data mining would be shielded by secret coding that could conceal identifying details from outsiders and even the owners of the targeted databases, according to public documents obtained by The Associated Press and AP interviews with researchers, corporate executives and government officials. The administration has provided only vague descriptions about changes it is considering to the NSA's daily collection and storage of Americans' phone records, which are presently kept in NSA databanks. To resolve legal, privacy and civil liberties concerns, President Barack Obama this month ordered the attorney general and senior intelligence officials to recommend changes by March 28 that would allow the U.S. to identify suspected terrorists' phone calls without the government holding the phone records itself. One federal review panel urged Obama to order phone companies or an unspecified third party to store the records; another panel said collecting the phone records was illegal and ineffective and urged Obama to abandon the program entirely. Internal documents describing the Security and Privacy Assurance Research project do not cite the NSA or its phone surveillance program. But if the project were to prove successful, its encrypted search technology could pave the way for the government to shift storage of the records from NSA computers to either phone companies or a third-party organization. A DNI spokesman, Michael Birmingham, confirmed that the research was relevant to the NSA's phone records program. He cited "interest throughout the intelligence community" but cautioned that it may be some time before the technology is used. The intelligence director's office is by law exempt from disclosing detailed budget figures, so it's unclear how much money the government has spent on the SPAR project, which is overseen by the DNI's Intelligence Advanced Research Projects Activity office. Birmingham said the research is aimed for use in a "situation where a large sensitive data set is held by one party which another seeks to query, preserving privacy and enforcing access policies." A Columbia University computer sciences expert who heads one of the DNI-funded teams, Steven M. Bellovin, estimates the government could start conducting encrypted searches within the next year or two. "If the NSA wanted to deploy something like this it would take one to two years to get the hardware and software in place to start collecting data this way either from phone companies or whatever other entity they decide on," said Bellovin, who is also a former chief technologist for the Federal Trade Commission. The NSA's surveillance program collects millions of Americans' daily calling records into a central agency database. When the agency wants to review telephone traffic associated with a suspected terrorist ? the agency made 300 such queries in 2012 ? it then searches that data bank and retrieves matching calling records and stores them separately for further analysis. Using a "three-hop" method that allows the NSA to pull in records from three widening tiers of phone contacts, the agency could collect the phone records of up to 2.5 million Americans during each single query. Obama this month imposed a limit of "two hops," or scrutinizing phone calls that are two steps removed from a number associated with a terrorist organization, instead of the current three. An encrypted search system would permit the NSA to shift storage of phone records to either phone providers or a third party, and conduct secure searches remotely through their databases. The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure its analysts were not leaking information or abusing anyone's privacy during their data searches. And the technique could also be used by the NSA to securely search out and retrieve Internet metadata, such as emails and other electronic records. On Monday, the Justice Department and leading Internet companies agreed to a compromise that would allow the firms to reveal how often they are ordered to turn over information about their customers in national security investigations. The government deal with Google Inc., Microsoft Corp., Yahoo Inc., Facebook Inc.,, and LinkedIn Corp. would provide public information in general terms. Other tech companies are also expected to participate. Some computer science experts are less sanguine about the prospects for encrypted search techniques. Searches could bog down because of the encryption computations needed, said Daniel Weitzner, principal research scientist at MIT's Computer Science and Artificial Intelligence Laboratory and former deputy U.S. chief technology officer for the Obama administration. "There's no silver bullet that guarantees the intelligence community will only have access to the records they're supposed to have access to," Weitzner said. "We also need oversight of the actual use of the data." Intelligence officials worry that phone records stored outside the government could take longer to search and could be vulnerable to hackers or other security threats. The former NSA deputy director, John Inglis, told Congress last year that privacy ? both for the agency and for Americans' whose records were collected ? is a prime consideration in the agency's preference to store the phone data itself. The encrypted search techniques could make it more difficult for hackers to access the phone records and could prevent phone companies from knowing which records the government was searching. "It would remove one of the big objections to having the phone companies hold the data," Bellovin said. Similar research is underway by researchers at University of California at Irvine; a group from the University of Wisconsin-Madison and the University of Texas at Austin; another group from MIT, Yale and Rensselaer Polytechnic Institute; and a fourth from Stealth Software Technologies, a Los Angeles-based technology company. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jan 27 17:17:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jan 2014 18:17:17 -0500 Subject: [Infowarrior] - Snowden docs reveal British spies snooped on YouTube and Facebook Message-ID: <60942568-2B3A-40A4-87B3-B274038D66AC@infowarrior.org> Snowden docs reveal British spies snooped on YouTube and Facebook http://investigations.nbcnews.com/_news/2014/01/27/22469304-snowden-docs-reveal-british-spies-snooped-on-youtube-and-facebook?lite Documents taken from the NSA by Edward Snowden and obtained by NBC News detail how British cyber spies demonstrated a pilot program to their U.S. partners in which they were able to monitor YouTube in real time. Click on the image to read the documents in pdf form. By Richard Esposito, Matthew Cole and Mark Schone, with Glenn Greenwald, Special Contributor The British government can tap into the cables carrying the world?s web traffic at will and spy on what people are doing on some of the world?s most popular social media sites, including YouTube, all without the knowledge or consent of the companies. Documents taken from the National Security Agency by Edward Snowden and obtained by NBC News detail how British cyber spies demonstrated a pilot program to their U.S. partners in 2012 in which they were able to monitor YouTube in real time and collect addresses from the billions of videos watched daily, as well as some user information, for analysis. At the time the documents were printed, they were also able to spy on Facebook and Twitter. Called ?Psychology A New Kind of SIGDEV" (Signals Development), the presentation includes a section that spells out ?Broad real-time monitoring of online activity? of YouTube videos, URLs ?liked? on Facebook, and Blogspot/Blogger visits. The monitoring program is called ?Squeaky Dolphin.? Experts told NBC News the documents show the British had to have been either physically able to tap the cables carrying the world?s web traffic or able to use a third party to gain physical access to the massive stream of data, and would be able to extract some key data about specific users as well. Representatives of Facebook and Google, which owns YouTube, said they hadn?t given the British government permission to access data and were unaware the collection had occurred. A source close to Google who asked not to be identified when discussing company policy said the company was ?shocked? to learn the U.K. could have been ?grabbing? its data. In connection with this report, NBC is publishing documents that Edward Snowden took from the NSA before fleeing the U.S., which can be viewed by clicking here. The documents are being published with minimal redactions. One of the people who helped prepare the demonstration was an official from the British signals intelligence agency General Communications Headquarters (GCHQ) who worked for a division of the agency called GTE, or Global Telecoms Exploitation. GTE has already been shown in other documents released by Snowden to be tapping fiber optic cables around the world. In 2013, the Guardian reported that Snowden documents showed GCHQ was able to tap fiber optic cables and store huge amounts of data for 30 days, and that the government was placing intercept probes on transatlantic cables when they landed on British territory. Germany?s Sueddeutsche Zeitung reported that another Snowden document indicated major telecom firms, including BT, Verizon and Vodafone, were cooperating. The British cyber spies sometimes share their intercepted raw data and their analyses with their American counterparts. In October, the Washington Post revealed that a Snowden document dated Jan. 9, 2013, described a joint NSA/GCHQ program called MUSCULAR, in which the U.S. and British agencies shared intercepted data from fiber optic cables and copied ?entire data flows? from Yahoo and Google. According to a source knowledgeable about the agency?s operations, the NSA does analysis of social media similar to that in the GCHQ demonstration. National security experts say that both the U.S. and British operations are within the scope of their respective national laws. When the Washington Post reported on the MUSCULAR program, the NSA said in a statement that it is ?focused on discovering and developing intelligence about valid foreign intelligence targets only? and that it uses ?Attorney General-approved processes to protect the privacy of U.S. persons.? But privacy experts and former government officials say the lack of disclosure by the intelligence agencies inspires public fear that rights of privacy, free speech and dissent have been infringed. ?Governments have no business knowing which YouTube videos everyone in the world is watching,? said Chris Soghoian, chief technologist for the ACLU. ?It?s one thing to spy on a particular person who has done something to warrant a government investigation but governments have no business monitoring the Facebook likes or YouTube views of hundreds of millions of people.? It might also have a chilling effect on companies like Google. Jason Healey, former White House cyber czar under George W. Bush, says U.S. and British intelligence encroachment on the internet is a threat to everyone, including social media companies. ?We want our security services to be out there and keeping us safe," said Healey, "but we can also look for balance, we can look for limits, especially if we?re putting at risk this most transformative technology since Gutenberg.? According to the documents obtained by NBC News, intelligence officers from GCHQ gave a demonstration in August 2012 that spelled out to their U.S. colleagues how the agency?s ?Squeaky Dolphin? program could collect, analyze and utilize YouTube, Facebook and Blogger data in specific situations in real time. The demonstration showed that by using tools including a version of commercially available analytic software called Splunk, GCHQ could extract information from the torrent of electronic data that moves across fiber optic cable and display it graphically on a computer dashboard. The presentation showed that analysts could determine which videos were popular among residents of specific cities, but did not provide information on individual social media users. The presenters gave an example of their real-time monitoring capability, showing the Americans how they pulled trend information from YouTube, Facebook and blog posts on Feb. 13, 2012, in advance of an anti-government protest in Bahrain the following day. More than a year prior to the demonstration, in a 2012 annual report, members of Parliament had complained that the U.K.?s intelligence agencies had missed the warning signs of the uprisings that became the Arab Spring of 2011, and had expressed the wish to improve ?global? intelligence collection. During the presentation, according to a note on the documents, the presenters noted for their audience that ?Squeaky Dolphin? was not intended for spying on specific people and their internet behavior. The note reads, ?Not interested in individuals just broad trends!? But cyber-security experts told NBC News that once the information has been collected, intelligence agencies have the ability to extract some user information as well. In 2010, according to other Snowden documents obtained by NBC News, GCHQ exploited unencrypted data from Twitter to identify specific users around the world and target them with propaganda. The experts also said that the only way that GCHQ would be able to do real-time analysis of trends would be to tap the cables directly and store the data or use a third party, like a private company, to extract and collect the raw data. As much as 11 percent of global internet bandwidth travels through U.K. internet exchanges, according to Bill Woodcock, president of PCH, a non-profit internet organization that tracks and measures and documents fiber infrastructure around the world. In the case of the YouTube video information, the surveillance of the unencrypted material was done not only without the knowledge of the public but without the knowledge or permission of Google, the U.S. company that owns the video sharing service. "We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links,? said a Google spokesperson. ?We do not provide any government, including the UK government, with access to our systems. These allegations underscore the urgent need for reform of government surveillance practices." A source close to Google added that Google was ?shocked? because the company had pushed back against British legislation that would have required Google to store its metadata and other information for U.K. government use. The legislation, introduced by Home Secretary Theresa May in 2012, was publicly repudiated by Deputy Prime Minister Nick Clegg in 2013 and has never become law. May hopes to reintroduce a modified version this spring. ?It?s extremely surprising,? said the source, ?that while they were pushing for the data via the law, they might have simultaneously been using their capability to grab it anyway.? Encryption would prevent simple collection of the data by an outside entity like the government. Google has not yet encrypted YouTube or Blogger. Facebook and Twitter have now fully encrypted all their data. Facebook confirmed to NBC News that while its ?like? data was unencrypted, the company never gave it to the U.K. government and was unaware that GCHQ might have been siphoning the data. The company assumes the data was taken somewhere outside its networks and data centers. ?Network security is an important part of the way we protect user information,? said Facebook spokesman Jay Nancarrow, ?which is why we finished moving our site traffic to HTTPS by default last year, implemented Perfect Forward Secrecy, and continue to strengthen all aspects of our network.? GCHQ would not confirm or deny the existence of the Squeaky Dolphin program or anything else connected with this report. The agency declined to answer questions about the scope of its data collection or how it accessed the datastream. In a statement, a GCHQ spokesperson emphasized that that the agency operated within the law. ?All of GCHQ's work is carried out in accordance with a strict legal and policy framework,? said the statement, ?which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.? A spokesperson for the NSA said in a statement that the U.S. agency is not interested in ?the communications of people who are not valid foreign intelligence targets.? ?Any implication that NSA's foreign intelligence collection is focused on the social media communications of everyday Americans is not true,? said the statement. ?We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes ? regardless of the technical means used by the targets. Because some data of U.S. persons may at times be incidentally collected in NSA?s lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process concerning the use, handling, retention, and dissemination of data.? The spokesperson also said that working with foreign intelligence services ?strengthens the national security of both nations,? but that NSA can?t ?use those relationships to circumvent U.S. legal restrictions.? Both U.S. and British officials assert that while their passive collection of electronic communications might have great breadth, the actual use of the data collected is very targeted, and is dictated by specific missions. Sources familiar with GCHQ operations state firmly that this is the case in each of the agency?s operations. Journalist Glenn Greenwald was formerly a columnist at Salon and the Guardian. In late 2012 he was contacted by NSA contractor Edward Snowden, who later provided him with thousands of sensitive documents, and he was the first to report on Snowden?s documents in June 2013 while on the staff of the Guardian. Greenwald has since reported on the documents with multiple media outlets around the world, and has won several journalism awards for his NSA reporting both in the U.S. and abroad. He is now helping launch, and will write for, a new, non-profit media outlet known as First Look Media that will ?encourage, support and empower ? independent, adversarial journalists.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 29 07:34:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jan 2014 08:34:57 -0500 Subject: [Infowarrior] - NSA hires a privacy officer Message-ID: The NSA has a new, first time ever, privacy officer ? By Al Kamen ? January 28 at 4:05 pm http://www.washingtonpost.com/blogs/in-the-loop/wp/2014/01/28/the-nsa-has-a-new-first-time-ever-privacy-officer/ The National Security Agency, which has come under a bit of criticism of late for violating the privacy rights of just about everyone on the planet, has named its first- ever person to the newly created job of primary adviser to the NSA?s director for civil liberties and privacy protection. ?This new position is focused on the future,? the agency?s September job announcement said, and is ?designed to directly enhance decision making and to ensure that [civil liberties and privacy] protections continue to be baked into NSA?s future operations, technologies, tradecraft, and policies.? ?Civil libertarians are skeptical,? former Department of Homeland Security official Paul Rosenzweig said in a post Tuesday reporting the appointment on his Lawfareblog, ?and I think it is fair to say that the job will be quite a difficult one for the selectee ? Rebecca ?Becky? Richards who is leaving the DHS privacy office to start her new job at NSA next month.? Can?t imagine why they are skeptical. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 29 07:35:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jan 2014 08:35:34 -0500 Subject: [Infowarrior] - UK Commission Says GCHQ Surveillance Is Illegal Too Message-ID: Legal Analysis Requested By Members Of Parliament Says GCHQ Surveillance Is Illegal Too from the well,-look-at-that... dept We've seen a few times now how legal analysis suggests that the NSA's surveillance activities are clearly illegal. However, over in the UK, the government has appeared to be even more protective of the surveillance by GCHQ, and even more insistent that the activities have been legal. While there's a thriving debate going on in the US, many UK officials seem to have pushed back on even the possibility of a similar debate -- and there has been little suggestion of reform. While it's still unclear how much reform there will be of the NSA, the UK government hasn't indicated even an openness to the idea. But now, similar to the recent PCLOB report in the US, a legal analysis of the GCHQ, written at the request of a bunch of Members of Parliament, has argued that much of what GCHQ is doing is illegal under UK law ... < -- > http://www.techdirt.com/articles/20140128/17554826031/legal-analysis-requested-members-parliament-says-gchq-surveillance-is-illegal-too.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 29 07:44:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jan 2014 08:44:42 -0500 Subject: [Infowarrior] - Fifty States of Fear Message-ID: <41837C96-C05A-4F60-9D27-95D6B9851359@infowarrior.org> Fifty States of Fear By PETER LUDLOW http://opinionator.blogs.nytimes.com/2014/01/19/fifty-states-of-fear/ The British philosopher Bertrand Russell, writing as World War II was drawing to a close in Europe, observed that ?neither a man nor a crowd nor a nation can be trusted to act humanely or to think sanely under the influence of a great fear.? Russell?s point was that irrational fear can propel us into counterproductive activities, ranging from unjust wars and the inhumane treatment of others to more mundane cases like our failure to seize opportunities to improve our everyday lives. It is hard to dispute Russell?s claim. We all know that fear can impair our judgment. We have passed up opportunities in our personal lives and we have also seen groups and nations do great harm and unravel because of their irrational fears. The 20th century was littered with wars and ethnic cleansings that were propelled in large measure by fear of a neighboring state or political or ethnic group. Given this obvious truth, one might suppose that modern democratic states, with the lessons of history at hand, would seek to minimize fear ? or at least minimize its effect on deliberative decision-making in both foreign and domestic policy. But today the opposite is frequently true. Even democracies founded in the principles of liberty and the common good often take the path of more authoritarian states. They don?t work to minimize fear, but use it to exert control over the populace and serve the government?s principal aim: consolidating power. Philosophers have long noted the utility of fear to the state. Machiavelli notoriously argued that a good leader should induce fear in the populace in order to control the rabble. Hobbes in ?The Leviathan? argued that fear effectively motivates the creation of a social contract in which citizens cede their freedoms to the sovereign. The people understandably want to be safe from harm. The ruler imposes security and order in exchange for the surrender of certain public freedoms. As Hobbes saw it, there was no other way: Humans, left without a strong sovereign leader controlling their actions, would degenerate into mob rule. It is the fear of this state of nature ? not of the sovereign per se, but of a world without the order the sovereign can impose ? that leads us to form the social contract and surrender at least part of our freedom. Most philosophers have since rejected this Hobbesian picture of human nature and the need for a sovereign. We have learned that democratic states can flourish without an absolute ruler. The United States of America was the original proof of concept of this idea: Free, self-governing people can flourish without a sovereign acting above the law. Even though the United States has revoked freedoms during wartime (and for some groups in peacetime), for most of its history the people have not been under the yoke of an all-powerful sovereign. However, since 9/11 leaders of both political parties in the United States have sought to consolidate power by leaning not just on the danger of a terrorist attack, but on the fact that the possible perpetrators are frightening individuals who are not like us. As President George W. Bush put it before a joint session of Congress in 2001: ?They hate our freedoms: our freedom of religion, our freedom of speech, our freedom to vote and assemble and disagree with each other.? Last year President Obama brought the enemy closer to home, arguing in a speech at the National Defense University that ?we face a real threat from radicalized individuals here in the United States? ? radicalized individuals who were ?deranged or alienated individuals ? often U.S. citizens or legal residents.? The Bush fear-peddling is usually considered the more extreme, but is it? The Obama formulation puts the ?radicalized individuals? in our midst. They could be American citizens or legal residents. And the subtext is that if we want to catch them we need to start looking within. The other is among us. The pretext for the surveillance state is thus established. And let there be no mistake about the consolidation of power in the form of the new surveillance state. Recent revelations by Edward Snowden have shown an unprecedented program of surveillance both worldwide and on the American population. Even Erik Prince, the founder of the private military contractor Blackwater Worldwide thinks the security state has gone too far: America is way too quick to trade freedom for the illusion of security. Whether it?s allowing the N.S.A. to go way too far in what it intercepts of our personal data, to our government monitoring of everything domestically and spending way more than we should. I don?t know if I want to live in a country where lone wolf and random terror attacks are impossible ?cause that country would look more like North Korea than America. The widespread outrage over the new surveillance state has been great enough that President Obama announced on Friday that he would scale back some of its programs, but he remained strident in his overall support for aggressive surveillance. The interesting thing about the security measures that are taken today is that they provide, as Prince puts it, the ?illusion of security?; another way to put it is that they provide ?security theater.? Or perhaps it is actually a theater of fear. During the George W. Bush administration we were treated to the color-coded terror threat meter. It was presented as a way to keep us secure, but constantly wavering between orange and red, it was arguably a device to remind us to be fearful. Similarly for the elaborate Transportation Security Administration screenings at airports. Security experts are clear that these procedures are not making us safe, and that they are simply theater. The only question is whether the theater is supposed to make us feel safer or whether it is actually intended to remind us that we are somehow in danger. The security expert Bruce Schneier suggests it is the latter: By sowing mistrust, by stripping us of our privacy ? and in many cases our dignity ? by taking away our rights, by subjecting us to arbitrary and irrational rules, and by constantly reminding us that this is the only thing between us and death by the hands of terrorists, the T.S.A. and its ilk are sowing fear. And by doing so, they are playing directly into the terrorists? hands. The goal of terrorism is not to crash planes, or even to kill people; the goal of terrorism is to cause terror. ? But terrorists can only do so much. They cannot take away our freedoms. They cannot reduce our liberties. They cannot, by themselves, cause that much terror. It?s our reaction to terrorism that determines whether or not their actions are ultimately successful. That we allow governments to do these things to us ? to effectively do the terrorists? job for them ? is the greatest harm of all. As the Norwegian philosopher Lars Svendsen notes in his book ?A Philosophy of Fear,? Hobbes already anticipated the need for the sovereign to manipulate our fears. The state, Svendsen writes, ?has to convince the people that certain things should be feared rather than others, since the people will not, just like that, fear what is appropriate from the point of view of the state. Hobbes points out that this can necessitate a certain amount of staging by the state, which magnifies certain phenomena and diminishes others.? One way in which our fears can be manipulated by the government is to lead us to fear the lesser danger. Schneier provides a simple example of this: 9/11 caused people to irrationally fear air travel and led them to the much more dangerous route of traveling in automobiles. Another such example of this misdirection of fear took place in the case of the Boston Marathon bombings on April 15, in which the Boston Police Department effectively imposed martial law and seized control of people?s homes and used them as command posts in their effort to apprehend the perpetrators. The bombings were terrible (three people died and more than 260 were injured), but just two days later another terrible thing happened: a giantexplosion in a fertilizer plant in Texas killed at least 14 people and injured more than 160. For a moment we held our collective breath. Could it have been terrorists? When we learned that it was probably an accident caused by the ignition of stored ammonium nitrate, a collective sigh of relief was heard, and then not another word about the event. But why? And what if the explosion in that factory was part of a larger problem of industrial safety? In fact, according to a report by the United States Congressional Research Service, thousands of industrial facilities across the country risk similar harm to nearby populations. Meanwhile, 300,000 residents of West Virginia were without safe drinking water last week after 7,500 gallons of 4-methylcyclohexane methanol leaked into the Elk River from an industrial storage tank at a plant owned by a company called Freedom Industries. Few, if any, of the Sunday TV talk shows discussed the matter, but imagine the fear that would have been pedaled on those shows if terrorists had poisoned the water of those 300,000 Americans. Of course the danger is the same whether the cause is terrorism or corporate indifference and malfeasance. Dangers are not limited to large scale events. In 2012, according to the Bureau of Labor Statistics, 4,383 workers were killed on the job, and it has been at this level or higher since 9/11. In other words, we suffer a 9/11 every year in terms of workplace fatalities. But the problem is not limited to workplace deaths. The A.F.L.-C.I.O. estimates another 50,000 die every year from occupational diseases. And none of this accounts for the thousands of workers who are permanently disabled each year. In total, 54,000 Americans die every year due to work-related illnesses and accidents. This is the equivalent of 148 deaths each day; in terms of fatalities it is roughly a Boston Marathon bombing every half hour of every day. But while we spend more than 7 billion dollars a year on the T.S.A.?s national security theater in which over 58,000 T.S.A. employees make sure we are not carrying too much toothpaste or shampoo onto airplanes, the budget for the Occupational Safety and Health Administration is under $600 million per year. It seems that our threat assessments are flawed. We are conditioned to fear persons in caves in Pakistan but not the destruction of our water supply by frackers, massive industrial accidents, climate change or the work-related deaths of 54,000 American workers every year. Fear of outside threats has led us to ignore the more real dangers from within. Fear has also driven us to wage a ?war on terror? that, as the political writer Jeremy Scahill has shown in his book ?Dirty Wars,? creates still more enemies. As Scahill describes the results, the United States Special Forces kill lists of seven targets gave rise to kill lists of hundreds, which in turn gave rise to kill lists of thousands today. Does it not occur to the United States that the drone strikes and assassinations are creating more terrorists than they are neutralizing? Perhaps it has, but the calculation has been made that it does not matter. The newly minted enemies can be used to gin up more fear, more restrictions on our freedoms, and so the cycle goes. One might argue that the United States has become a government of fear, by fear, and ultimately, for fear. Obama?s drone wars also arise from Hobbesian assumptions about society ? that the sovereign, enlisted to impose order, is above the law. The sovereign is free to do whatever is in his power to impose order. If the United States must be in charge of providing order in the world, then its sovereign is above the law. Here lie the roots of so-called American exceptionalism. Svendsen describes the dynamic thus: ?The social contract is absolutely binding on all citizens, but the sovereign himself is not subject to the contract that he undertakes to guarantee. Similarly, the U.S. is conceived as being the guarantor of a civilized world, as the country that can maintain moral order, but that stands outside this order.? Fear is driving the United States to believe it is above the law. Fear is even used to prevent us from questioning the decisions supposedly being made for our safety. The foundation of this approach in our government can be traced back to burning rubble of the World Trade Center, exemplified by this statement by John Ashcroft, then the attorney general of the United States, in December 2001: ?To those who scare peace-loving people with phantoms of lost liberty, my message is this. Your tactics only aid terrorists, for they erode our national unity and diminish our resolve. They give ammunition to America?s enemies, and pause to America?s friends.? As Svendsen points out, Ashcroft?s reasoning is straight out of the playbook of the German legal philosopher Carl Schmitt, who was notorious for defending Hitler?s extrajudicial killings of his political enemies. Schmitt too felt that national unity was critical and that liberty should be subjugated to safety. Svendsen writes: A political act consists in maintaining one?s own existence and destroying those that threaten it, and there is little room for overcoming conflicts via discussion. Such political action is the sole right of the state, and in order to maintain itself the state must also eliminate all enemies within, that is, all those who do not fit into a homogeneous unity. Every genuine political theory, according to Schmitt, must assume that man is evil, that man is a dangerous being. It is here, in the fear of what humans can do to each other, that the state finds the justification of its own existence ? the ability of the state to protect one is the argument for submitting to it. Fear is a primal human state. From childhood on, we fear the monsters of our imaginations, lurking in dark closets, under beds, in deserted alleyways, but we also now fear monsters in the deserts of Yemen and the mountains of Pakistan. But perhaps it is possible to pause and subdue our fears by carefully observing reality ? just as we might advise for trying to calm and comfort a fear-stricken child. We might find that, in reality, the more immediate danger to our democratic society comes from those who lurk in the halls of power in Washington and other national capitols and manipulate our fears to their own ends. What are these ends? They are typically the protection of moneyed interests. In 1990, the Secretary of State James Baker tried to make the case for the first Gulf War on economic grounds. ?The economic lifeline of the industrial world,? he said, ?runs from the gulf and we cannot permit a dictator such as this to sit astride that economic lifeline.? That rationale, although honest, did not resonate with the American people ? it hardly seemed to justify war. The George W. Bush administration abandoned the economic justification and turned to fear as a motivator. We were told that Saddam Hussein had weapons of mass destruction. If we did not act against him, the national security adviser Condoleezza Rice argued, the next thing we would see might be a ?mushroom cloud.? This playbook of fear has not been limited to motivating military actions. Environmentalists, once ridiculed as ?tree-huggers? are now often characterized as ?environmental terrorists? ? as individuals we should fear and neutralize. The hacktivist Jeremy Hammond, who exposed the nefarious dealings of the private intelligence corporation Stratfor and its clients, was characterized as someone seeking to cause ?mayhem? by Federal District Judge Loretta Preska when she sentenced him to 10 years in prison. In each case, the images of mushroom clouds, environmental terrorists and agents of mayhem were used to justify actions that would otherwise seem excessive ? all in the service of protecting corporate interests. Whatever their motivation, by using fear to induce the rollback of individual rights, politicians, judges and lawmakers are working against the hard-won democratic principles and ideals that we and other democracies have defended for almost 250 years. They are manipulating our fears to undo centuries of democratic reform. And it doesn?t matter if the empowered leader is called a king or a prime minister or a president; the end result is that fear has been used to place us back under the yoke of Hobbes?s sovereign and Machiavelli?s prince. Yet ultimately we are not powerless. We can resist the impulse to be afraid. We may not at the moment have answers to the very real dangers that we face in this world, but we can begin to identify those dangers and seek solutions once we overcome our fear. Or as Bertrand Russell rather more elegantly put it, as World War II was drawing to a close, ?to conquer fear is the beginning of wisdom.? Peter Ludlow, a professor of philosophy at Northwestern University, writes frequently on digital culture, hacktivism and the surveillance state. This post has been revised to reflect the following correction: Correction: January 20, 2014 An earlier version of this article misstated the estimated budget of the Occupational Safety and Health Administration. It is less than $600 million, not less than $600,000. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 29 16:28:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jan 2014 17:28:40 -0500 Subject: [Infowarrior] - That Was Fast: Prince Has Already Filed To Dismiss Ridiculous Lawsuit Against 22 Fans Message-ID: That Was Fast: Prince Has Already Filed To Dismiss Ridiculous Lawsuit Against 22 Fans from the prince-world dept http://www.techdirt.com/articles/20140129/11120826034/that-was-fast-prince-has-already-filed-to-dismiss-ridiculous-lawsuit-against-22-fans.shtml Just a couple days ago, we wrote about the ridiculously laughable lawsuit that Prince had filed against 22 fans for merely linking to bootlegs. Beyond the stupidity of suing fans, suing over linking and suing over bootlegs, we pointed out a variety of legal problems with the lawsuit, including the fact that Prince's lawyer seemed confused about how copyright damages actually work, the nature of direct vs. indirect copyright infringement and a few other issues. So, perhaps it shouldn't be that surprising that it took just a few days for Prince's lawyers to file to dismiss the lawsuit. They're doing so without prejudice, which is standard, but does mean they could try to sue again at a later date, should Prince wake up at 3am in January in Minnesota and decide that, rather than needing a camel, he wants to sue some of his biggest fans all over again. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jan 29 17:49:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jan 2014 18:49:27 -0500 Subject: [Infowarrior] - Greenwald: WH treating journos reporting Snowden docs as 'accomplicies' Message-ID: http://utdocuments.blogspot.com.br/2014/01/does-obama-administration-view.html Does Obama administration view journalists as Snowden's "accomplices"? It seems so. James Clapper, the Director of National Intelligence, appeared today before the Senate Intelligence Committee, his first appearance since outright lying to that Committee last March about NSA bulk collection. In his prepared opening remarks, Clapper said this: "Snowden claims that he's won and that his mission is accomplished. If that is so, I call on him and his accomplices to facilitate the return of the remaining stolen documents that have not yet been exposed to prevent even more damage to U.S. security." Who, in the view of the Obama administration, are Snowden's "accomplices" The FBI and other official investigators have been very clear with the media that there is no evidence whatsoever that Snowden had any help in copying and removing documents from the NSA. Here, Clapper is referring to "accomplices" as those who can "facilitate the return of the remaining" documents. As Snowden has said, the only ones to whom he has given those documents are the journalists with whom he has worked. As has been publicly reported, the journalists who are in possession of thousands of Snowden documents include myself, Laura Poitras, Barton Gellman/The Washington Post, The New York Times, the Guardian, and ProPublica. Is it now the official view of the Obama administration that these journalists and media outlets are "accomplices" in what they regard as Snowden's crimes? If so, that is a rather stunning and extremist statement. Is there any other possible interpretation of Clapper's remarks? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 07:12:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 08:12:31 -0500 Subject: [Infowarrior] - DissidentX: New twist on steganography Message-ID: <8649EDD5-7859-4AA3-AD3B-6CE0C5835A87@infowarrior.org> BitTorrent Creator's New Software DissidentX Hides Secrets In Plain Sight Andy Greenberg, Forbes Staff http://www.forbes.com/sites/andygreenberg/2014/01/15/bittorrent-creators-new-tool-dissidentx-hides-secrets-in-plain-sight/ Encryption tools help people keep secrets. Bram Cohen has a more subtle ambition: he wants to help people keep secret the act of keeping secrets. For the last year Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a new piece of software he calls DissidentX. The program, which he released over the summer in a barebones prototypeand is now working to develop with the help of a group of researchers at Stanford, goes beyond encryption to offer users what cryptographers call ?steganography,? the ability to conceal a message inside another message. Instead of merely enciphering users? communications in a scramble of nonsensical characters, DissidentX can camouflage their secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment. ?What you really want is to be as unsuspicious as possible,? says Cohen, who spoke with me about DissidentX at the Real World Crypto conference in New York Tuesday. ?We don?t want an interloper to be able to tell that this communication is happening at all.? Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file?s lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the ?cover text? don?t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a ?hash??a transformation that coverts it into a unique string of characters?it produces an encrypted version of the sender?s message, ready to be decrypted with the recipient?s key. ?There?s no particular place in the cover text where the bits of the encoded message are hidden. It?s distributed holistically across the entire thing,? says Cohen. ?It?s taking the entirety of the cover text and mashing it all together as a complete unit to create a hash carefully constructed so that it has the properties you want,??namely, that the results serve as an encrypted secret message. That hashing technique means that the recipient of a message doesn?t even need to know what sorts of tweaks were made to the cover text to find the encoded secrets. It also means DissidentX?s alterations to the cover text can also include subtracting elements from a file, such as deleting paragraphs from a block of text?a method that?s far harder for a snoop to detect than older tricks like adding commas or spaces. ?Right now, most steganography techniques are detectable,? says Cohen. ?I hope this will change the balance of power somewhat, and make it so these things really aren?t detectable in practice.? Cohen?s sleights of hand go a step further, too. He?s designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings. That last trick, pioneered by Julian Assange and a couple of friends in a 1997 program called Rubberhose, is meant as a last line of defense for a user who may be imprisoned and forced to cough up a decryption key to trick his or her captors into thinking the message is fully decoded, while still protecting certain secrets. (The scheme?s name came from cryptographers? half-joking term Rubberhose Cryptanalysis, the threat of beating a decryption key out of someone with a length of rubber tubing.) ?The idea of this is that even if you get rubber-hosed, you can say ?here?s my key,? and they only get a message that?s not the real message,? Cohen says. Even with Cohen?s clever hashing trick, the cover text for a secret message must be much larger than that message itself. Cohen suggests a file five hundred times as large as the secret message to encode communications without raising suspicions. But he and a group of Stanford cryptographers are working to improve DissidentX with an algorithm known as Lenstra?Lenstra?Lov?sz to minimize the proportion of the cover text that must be changed. Cohen says he began thinking about steganography after scandal erupted around the now-defunct anonymity tool Haystack in 2010. That software, intended to help dissidents in countries like Iran evade surveillance, was found to be deeply insecure and the project was shuttered by its creator Austin Heap. ?Haystack was claiming to be using steganography, and it got me thinking about stego,? he says. ?I ended up coming up with some neat intuitions about how to do this.? As DissidentX evolves, Cohen says he imagines human rights groups like the Tor anonymity project might hide messages to political dissidents in web pages, which could be detected with a browser plug-in that checks every page for hidden messages. Thanks to his hashing trick, those secrets should be visible in their encrypted form?not to mention readable?to a DissidentX user with the right decryption key. ?Hopefully this kind of approach will become how modern stego is done,? he says. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 07:13:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 08:13:40 -0500 Subject: [Infowarrior] - =?windows-1252?q?=93Honey_Encryption=94_Will_Bamb?= =?windows-1252?q?oozle_Attackers_with_Fake_Secrets?= Message-ID: <2A9CE16E-2567-481B-A734-32E01A14F0C5@infowarrior.org> (Without being a mathematician, I like what I hear so far.... --rick) ?Honey Encryption? Will Bamboozle Attackers with Fake Secrets A new approach to encryption beats attackers by presenting them with fake data. ? By Tom Simonite on January 29, 2014 Encrypted data often leaks online and criminals have proved capable of decrypting it. http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/ Ari Juels, an independent researcher who was previously chief scientist at computer security company RSA, thinks something important is missing from the cryptography protecting our sensitive data: trickery. ?Decoys and deception are really underexploited tools in fundamental computer security,? Juels says. Together with Thomas Ristenpart of the University of Wisconsin, he has developed a new encryption system with a devious streak. It gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data. The new approach could be valuable given how frequently large encrypted stashes of sensitive data fall into the hands of criminals. Some 150 million usernames and passwords were taken from Adobe servers in October 2013, for example. After capturing encrypted data, criminals often use software to repeatedly guess the password or cryptographic key used to protect it. The design of conventional cryptographic systems makes it easy to know when such a guess is correct or not: the wrong key produces a garbled mess, not a recognizable piece of raw data. Juels and Ristenpart?s approach, known as Honey Encryption, makes it harder for an attacker to know if they have guessed a password or encryption key correctly or not. When the wrong key is used to decrypt something protected by their system, the Honey Encryption software generates a piece of fake data resembling the true data. If an attacker used software to make 10,000 attempts to decrypt a credit card number, for example, they would get back 10,000 different fake credit card numbers. ?Each decryption is going to look plausible,? says Juels. ?The attacker has no way to distinguish a priori which is correct.? Juels previously worked with Ron Rivest, the ?R? in RSA, to develop a system called Honey Words to protect password databases by also stuffing them with false passwords. Juels and Ristenpart will present a paper on Honey Encryption at the Eurocrypt cryptography conference later this year. Juels is also working on building a system based on it to protect the data stored by password manager services such as LastPass and Dashlane. These services store all of a person?s different passwords in an encrypted form, protected by a single master password, so that software can automatically enter them into websites. Password managers are a tasty target for criminals, says Juels. He believes that many people use an insecure master password to protect their collection. ?The way they?re constructed discourages the use of a strong password because you?re constantly having to type it in?also on a mobile device in many cases.? Juels predicts that if criminals got hold of a large collection of encrypted password vaults they could probably unlock many of them without too much trouble by guessing at the master passwords. But if those vaults were protected with Honey Encryption, each incorrect attempt to decrypt a vault would yield a fake one instead. Hristo Bojinov, CEO and founder of mobile software company Anfacto, who has previously worked on the problem of protecting password vaults as a security researcher, says Honey Encryption could help reduce their vulnerability. But he notes that not every type of data will be easy to protect this way since it?s not always possible to know the encrypted data in enough detail to produce believable fakes. ?Not all authentication or encryption systems yield themselves to being ?honeyed.?? Juels agrees, but is convinced that by now enough password dumps have leaked online to make it possible to create fakes that accurately mimic collections of real passwords. He is currently working on creating the fake password vault generator needed for Honey Encryption to be used to protect password managers. This generator will draw on data from a small collection of leaked password manager vaults, several large collections of leaked passwords, and a model of real-world password use built into a powerful password cracker. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 07:15:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 08:15:03 -0500 Subject: [Infowarrior] - AT&T plan to shut off Public Switched Telephone Network moves ahead at FCC Message-ID: <791F6D3F-9893-479B-84CB-82433BEB77C9@infowarrior.org> AT&T plan to shut off Public Switched Telephone Network moves ahead at FCC http://arstechnica.com/tech-policy/2014/01/att-plan-to-shut-off-public-switched-telephone-network-moves-ahead-at-fcc/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 07:20:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 08:20:10 -0500 Subject: [Infowarrior] - EU has secret plan for police to 'remote stop' cars Message-ID: <0AB6EAF9-AC32-43F8-8144-94838E403CE4@infowarrior.org> (I'm waiting for the first time someone hacks the system - or some crazed insider - and shuts down thousands of cars on a whim. Yes, I'd feel safer. --rick) EU has secret plan for police to 'remote stop' cars The EU is developing a secret plan to give the police the power to control cars by switching the engine off remotely 9:50PM GMT 29 Jan 2014 http://www.telegraph.co.uk/news/worldnews/europe/eu/10605328/EU-has-secret-plan-for-police-to-remote-stop-cars.html The European Union is secretly developing a "remote stopping" device to be fitted to all cars that would allow the police to disable vehicles at the flick of a switch from a control room. Confidential documents from a committee of senior EU police officers, who hold their meetings in secret, have set out a plan entitled "remote stopping vehicles" as part of wider law enforcement surveillance and tracking measures. "The project will work on a technological solution that can be a 'build in standard' for all cars that enter the European market," said a restricted document. The devices, which could be in all new cars by the end of the decade, would be activated by a police officer working from a computer screen in a central headquarters. Once enabled the engine of a car used by a fugitive or other suspect would stop, the supply of fuel would be cut and the ignition switched off. The technology, scheduled for a six-year development timetable, is aimed at bringing dangerous high-speed car chases to an end and to make redundant current stopping techniques such as spiking a vehicle's tyres. The proposal was outlined as part of the "key objectives" for the "European Network of Law Enforcement Technologies", or Enlets, a secretive off-shoot of a European "working party" aimed at enhancing police cooperation across the EU. Statewatch, a watchdog monitoring police powers, state surveillance and civil liberties in the EU, have leaked the documents amid concerns the technology poses a serious threat to civil liberties "We all know about the problems surrounding police stop and searches, so why will be these cars stopped in the first place," said Tony Bunyan, director of Statewatch. "We also need to know if there is any evidence that this is a widespread problem. Let's have some evidence that this is a problem, and then let's have some guidelines on how this would be used." The remote stopping and other surveillance plans have been signed off by the EU's Standing Committee on Operational Cooperation on Internal Security, known as Cosi, meaning that the project has the support of senior British Home Office civil servants and police officers. Cosi, which also meets in secret, was set up by the Lisbon EU Treaty in 2010 to develop and implement what has emerged as a European internal security policy without the oversight of MPs in the House of Commons. Douglas Carswell, the Conservative MP for Clacton, attacked the plan for threatening civil liberties and for bypassing the parliament. "The price we pay for surrendering our democratic sovereignty is that we are governed by an unaccountable secretive clique," he said. Nigel Farage, the leader of Ukip, described the measure as "incredible" and a "draconian imposition". "It is appalling they are even thinking of it," he said. "People must protest against this attack on their liberty and vote against an EU big Brother state during the Euro election in May." In 2012, Enlets received a ?484,000 grant from the European Commission for its declared mission to "support front line policing and the fight against serious and organised crime by gathering user requirements, scanning and raising awareness of new technology and best practices, benchmarking and giving advice". The six-year work programme for Enlets also includes improving automatic number plate recognition technology and intelligence sharing. Although the technology for police to stop a vehicle by remote control has still to be developed, Enlets argues the merits of developing such a system. "Cars on the run can be dangerous for citizens," said a document. "Criminal offenders will take risks to escape after a crime. In most cases the police are unable to chase the criminal due to a lack of efficient means to stop the vehicle safely." The introduction of stopping devices has raised questions of road safety. David Davis, the Conservative MP for Haltemprice and Howden, warned that the technology could pose a danger to all road users. "I would be fascinated to know what the state's liability will be if they put these devices in all vehicles and one went off by accident whilst a car was doing 70mph on a motorway with a truck behind it resulting in loss of life," he said. "It is time legislators stopped believing technology is a form of magic and realised that is fallible, and those failures do real harm." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 07:32:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 08:32:17 -0500 Subject: [Infowarrior] - Swire: Why tech companies and the NSA diverge on Snowden Message-ID: Why tech companies and the NSA diverge on Snowden By Peter Swire Peter Swire is a professor of law and ethics at the Georgia Institute of Technology?s Scheller College of Business. He was a member of President Obama?s Review Group on Intelligence and Communications Technologies and was the chief counselor for privacy in the Office of Management and Budget from 1999 to 2001. http://www.washingtonpost.com/opinions/why-tech-companies-and-the-nsa-are-split-about-snowden/2014/01/29/e322c746-83ab-11e3-9dd4-e7278db80d86_print.html Is Edward Snowden a whistleblower or a traitor? There is a vast cultural divide between Silicon Valley and Washington on this issue, and the reasons reveal much about the broader debates about what to do in the wake of the leaks. In terms of my own perspective, I have written about privacy and the Internet for two decades, working closely with both civil liberties groups and Internet companies. On the government side, I first worked with intelligence agencies in the late 1990s when I chaired White House task forces on encryption and Internet wiretap laws. As a member of President Obama?s Review Group on Intelligence and Communications Technologies, I spoke with numerous people in the intelligence community. Not one said that Snowden was a whistleblower. The level of anger was palpable. Part of the anger arises from the daily routine of working with classified materials. Merely carrying a cellphone into a secure facility by mistake amounts to a security violation. Thousands of security officers enforce the rules, and people can and do get fired when they are not scrupulous with classified materials. Intelligence officers see Snowden as a serial destroyer of classified secrets. He plotted for months to violate the law on a massive scale. He has tipped off foreign adversaries about numerous programs that will require countless hours of work to revise; many will not regain their previous effectiveness. Even though Snowden rejected all the existing options for a whistleblower ? including congressional committees or avenues within the National Security Agency (NSA) ? the view from Silicon Valley and privacy groups is much different. Last fall, I asked the leader of a Silicon Valley company about the whistleblower-vs.-traitor debate. He said that more than 90 percent of his employees would call Snowden a whistleblower. Part of that reaction is based on the view that this robust national debate would not be happening had Snowden not leaked what he did. The Silicon Valley concern about the NSA arises to some extent from a philosophy of anti-secrecy libertarianism. A well-known slogan there is that ?information wants to be free.? The technology community?s anger mounted when the media reported that the NSA had undermined at least one international encryption standard. The ability to export strong encryption was a hot-button issue in the 1990s, when the NSA argued that use of such encryption would enable terrorists and enemies to communicate immune from surveillance. A coalition of techies, privacy groups and Internet companies in 1999 persuaded the federal government to permit the export of strong encryption. Last year?s media reports awoke dormant fears among techies that the NSA was creating a fundamentally insecure Internet. The anger increased when the media reported that the NSA had tapped into the communications lines used by providers of the online ?cloud.? In response, Microsoft counsel Brad Smith wrote that ?government snooping potentially now constitutes an ?advanced persistent threat.? ?? That is a term of art previously used primarily to describe cyberattacks by China. The major tech companies then bought full-page newspaper ads to express their serious concerns. The gap between anger at Snowden and anger at the NSA shows the tension between the government and much of the tech world. But which side is correct? After wrestling with the issue, I think that Snowden could have been a conscientious objector ? but he has thus far failed the test. A central element of nonviolent dissent is to move society?s conscience by taking personal responsibility. Mohandas Gandhi and Martin Luther King Jr. went to jail for their beliefs, but Snowden ran away. Going to jail is, of course, a lot to ask of a person. But Snowden knowingly set himself above the law, claiming a higher morality. Full clemency, without any jail time, would create a bad precedent in holding others in the intelligence community accountable, should they break security rules. Snowden?s fate aside, the culture clash holds lessons about how to blend the government and tech perspectives. The president has issued a directive that foreign policy, economic and privacy considerations must henceforth be included in sensitive decisions about intelligence collection. As shown by a new agreement between the Justice Department and technology companies, there will be greater transparency about government access to communications. Fundamentally, the traitor-or-whistleblower debate comes down to different views of what values should be paramount in governing the Internet we all use. The Internet is where surveillance happens to keep our nation safe. It is also where we engage in e-commerce and express ourselves in infinite ways. The goal is to create one communications structure that safeguards diverse, important values. Read more on this topic: Daniel Ellsberg: Snowden was right to run Michael Morell: Correcting the record on the NSA review Ruth Marcus: Edward Snowden, the insufferable whistleblower Richard Cohen: Make a deal with Snowden Robert J. Samuelson: The hidden consequences of Snowden?s NSA revelations ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 07:38:15 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 08:38:15 -0500 Subject: [Infowarrior] - Lenovo to buy Google's Motorola in China's largest tech deal Message-ID: <74247464-2CBA-4867-A221-C0518A3E1ABE@infowarrior.org> (Guess Moto phones are no longer allowed to be brought into DOD facilities, then? --rick) Lenovo to buy Google's Motorola in China's largest tech deal By Nadia Damouni, Nicola Leske and Gerry Shih NEW YORK/SAN FRANCISCO Wed Jan 29, 2014 6:15pm EST http://www.reuters.com/article/2014/01/29/us-google-lenovo-idUSBREA0S1YN20140129 (Reuters) - Lenovo Group said on Wednesday it agreed to buy Google Inc's Motorola handset division for $2.91 billion, in what is China's largest-ever tech deal as Lenovo buys its way into a heavily competitive U.S. handset market dominated by Apple Inc. It is Lenovo's second major deal on U.S. soil in a week as the Chinese electronics company angles to get a foothold in major global computing markets. Lenovo last week said it would buy IBM's low-end server business for $2.3 billion. The deal ends Google's short-lived foray into making consumer mobile devices and marks a pullback from its largest-ever acquisition. Google paid $12.5 billion for Motorola in 2012. Under this deal the search giant will keep the majority of Motorola's mobile patents, considered its prize assets. Shares in Google climbed 2.2 percent to about $1,131 in after-hours trading. Reuters reported the deal earlier on Wednesday, citing sources familiar with the deal. The purchase will give Lenovo a beach-head to compete against Apple and Samsung Electronics as well as increasingly aggressive Chinese smartphone makers in the highly lucrative U.S. arena. In 2005, Lenovo muscled its way into what was then the world's largest PC market by buying IBM's personal computer division. It has powered its way up the rankings of the global smartphone industry primarily through sales on its home turf but has considered a U.S. foray of late. "Using Motorola, just as Lenovo used the IBM ThinkPad brand, to gain quick credibility and access to desirable markets and build critical mass makes a lot of sense," said Forrester Research analyst Frank Gillett. "But Motorola has not been shooting the lights out with designs or sales volumes in smartphones. So the value is simply in brand recognition to achieve market recognition faster - and to expand the design and marketing team with talent experienced at U.S. and Western markets." The deal is subject to approval by both U.S. and Chinese authorities. Chinese companies faced the most scrutiny over their U.S. acquisitions in 2012, according to a report issued in December by the Committee on Foreign Investment in the United States. Analysts say political issues could cloud the deal, especially with Lenovo trying to seal the IBM deal at the same time. In the deal for the Motorola handset business, Lenovo will pay $660 million in cash, $750 million in Lenovo ordinary shares, and another $1.5 billion in the form of a three-year promissory note, Lenovo and Google said in a joint statement. RISE OF THE CHINESE In two years, China's three biggest handset makers - Huawei, ZTE Corp and Lenovo - have vaulted into the top ranks of global smartphone charts, helped in part by their huge domestic market and spurring talk of a new force in the smartphone wars. Huawei declined to comment on the deal on Wednesday. In the United States, the Chinese companies continue to grapple with low brand awareness, perceptions of inferior quality and even security concerns. In the third quarter of last year, ZTE and Huawei accounted for 5.7 percent and 3 percent of all phones sold in the United States, respectively, trailing Apple's 36.2 percent and Samsung's 32.5 percent, according to research house IDC. Lenovo had negligible market share. Globally, however, Lenovo ranked fifth in 2013 with a 4.5 percent market share, according to IDC. That's up from 3.3 percent in 2012 and virtually nil a couple years before that. On the Google front, the Internet company has struggled to turn around loss-making Motorola. Now it's willing to step back from the hardware arena and throw its weight behind handset makers that propagate its Android software, Kantar analyst Carolina Milanesi said. "It all points to Google thinking in the short run that they're better off betting on Samsung and keeping them close," Milanesi said. "And of course now they're enabling a second strong runner (Lenovo) in the Android ecosystem." Analysts had seen Google's Motorola acquisition as primarily a way to secure the company's trove of patents amid the technology sector's increasing legal battles. Many industry observers were surprised that Google did not immediately sell the hardware division after the deal closed, choosing instead to operate Motorola a separate company. It did sell Motorola's cable television set-top box business to Arris Group Inc for $2.35 billion at the end of 2012. Lenovo is being advised by Credit Suisse Group while Lazard Ltd advised Google on the transaction, the people said. (Writing by Edwin Chan; Editing by Soyoung Kim, Chizu Nomiyama and Leslie Adler) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jan 30 21:23:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jan 2014 22:23:13 -0500 Subject: [Infowarrior] - CSEC used airport Wi-Fi to track Canadian travellers: Message-ID: <9A20B592-7E9E-45AF-A9EF-7CBA36B1079E@infowarrior.org> CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents Electronic snooping was part of a trial run for U.S. NSA and other foreign services By Greg Weston, Glenn Greenwald, Ryan Gallager, CBC News Posted: Jan 30, 2014 8:59 PM ET http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881 A top secret document retrieved by U.S. whistleblower Edward Snowden and obtained by CBC News shows that Canada's electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal. After reviewing the document, one of Canada's foremost authorities on cyber-security says the clandestine operation by the Communications Security Establishment Canada ( CSEC) was almost certainly illegal. Ronald Deibert told CBC News: "I can't see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC's mandates." The spy agency is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant. As CSEC chief John Forster recently stated: "I can tell you that we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada. "In fact, it's prohibited by law. Protecting the privacy of Canadians is our most important principle." But security experts who have been apprised of the document point out the airline passengers in a Canadian airport were clearly in Canada. CSEC said in a written statement to CBC News that it is "mandated to collect foreign signals intelligence to protect Canada and Canadians. And in order to fulfill that key foreign intelligence role for the country, CSEC is legally authorized to collect and analyze metadata." Metadata reveals a trove of information including, for example, the location and telephone numbers of all calls a person makes and receives ? but not the content of the call, which would legally be considered a private communication and cannot be intercepted without a warrant. "No Canadian communications were (or are) targeted, collected or used," the agency says. In the case of the airport tracking operation, the metadata apparently identified travelers' wireless devices, but not the content of calls made or emails sent from them. Black Code Diebert is author of the book Black Code: Inside the Battle for Cyberspace, which is about internet surveillance, and he heads the world-renowned Citizen Lab cyber research program at the University of Toronto's Munk School of Global Affairs. He says that whatever CSEC calls it, the tracking of those passengers was nothing less than an "indiscriminate collection and analysis of Canadians' communications data," and he could not imagine any circumstances that would have convinced a judge to authorize it. The latest Snowden document indicates the spy service was provided with information captured from unsuspecting travellers' wireless devices by the airport's free Wi-Fi system over a two-week period. Experts say that probably included many Canadians whose smartphone and laptop signals were intercepted without their knowledge as they passed through the terminal. The document shows the federal intelligence agency was then able to track the travellers for a week or more as they ? and their wireless devices ? showed up in other Wi-Fi "hot spots" in cities across Canada and even at U.S. airports. That included people visiting other airports, hotels, coffee shops and restaurants, libraries, ground transportation hubs, and any number of places among the literally thousands with public wireless internet access. The document shows CSEC had so much data it could even track the travellers back in time through the days leading up to their arrival at the airport, these experts say. While the documents make no mention of specific individuals, Deibert and other cyber experts say it would be simple for the spy agency to have put names to all the Canadians swept up in the operation. All Canadians with a smartphone, tablet or laptop are "essentially carrying around digital dog tags as we go about our daily lives," Deibert says. Anyone able to access the data that those devices leave behind on wireless hotspots, he says, can obtain "extraordinarily precise information about our movements and social relationships." Trial run for NSA The document indicates the passenger tracking operation was a trial run of a powerful new software program CSEC was developing with help from its U.S. counterpart, the National Security Agency. In the document, CSEC called the new technologies "game-changing," and said they could be used for tracking "any target that makes occasional forays into other cities/regions." Sources tell CBC News the technologies tested on Canadians in 2012 have since become fully operational. CSEC claims "no Canadian or foreign travellers' movements were 'tracked,'" although it does not explain why it put the word "tracked" in quotation marks. Deibert says metadata is "way more powerful that the content of communications. You can tell a lot more about people, their habits, their relationships, their friendships, even their political preferences, based on that type of metadata." The document does not say exactly how the Canadian spy service managed to get its hands on two weeks' of travellers' wireless data from the airport Wi-Fi system, although there are indications it was provided voluntarily by a "special source." The country's two largest airports ? Toronto and Vancouver ? both say they have never supplied CSEC or other Canadian intelligence agency with information on passengers' Wi-Fi use. Alana Lawrence, a spokesperson for the Vancouver Airport Authority, says it operates the free Wi-Fi there, but does "not in any way store any personal data associated with it," and has never received a request from any Canadian intelligence agency for it. A U.S.-based company, Boingo, is the largest independent supplier of Wi-Fi services at other Canadian airports, including Pearson International in Toronto. Spokesperson Katie O'Neill tells CBC News: "To the best of our knowledge, [Boingo] has not provided any information about any of our users to the Canadian government, law enforcement or intelligence agencies." It is also unclear from the document how CSEC managed to penetrate so many wireless systems to see who was using them ? specifically, to know every time someone targeted at the airport showed up on one of those other Wi-Fi networks elsewhere. Deibert and other experts say the federal intelligence agency must have gained direct access to at least some of the country's main telephone and internet pipelines, allowing the mass-surveillance of Canadian emails and phone calls. 'Blown away' Ontario's privacy commissioner Ann Cavoukian says she is "blown away" by the revelations. "It is really unbelievable that CSEC would engage in that kind of surveillance of Canadians. Of us. "I mean that could have been me at the airport walking around? This resembles the activities of a totalitarian state, not a free and open society." Experts say the document makes clear CSEC intended to share both the technologies and future information generated by it with Canada's official spying partners ? the U.S., Britain, New Zealand and Australia, the so-called Five Eyes intelligence network. Indeed, the spy agency boasts in its leaked document that, in an apparently separate pilot project, it obtained access to two communications systems with more than 300,000 users, and was then able to "sweep" an entire mid-sized Canadian city to pinpoint a specific imaginary target in a fictional kidnapping. The document dated May 2012 is a 27-page power-point presentation by CSEC describing its airport tracking operation. While the document was in the trove of secret NSA files retrieved by Snowden, it bears CSEC's logo and clearly originated with the Canadian spy service. Wesley Wark, a renowned authority on international security and intelligence, agrees with Deibert. "I cannot see any way in which it fits CSEC's legal mandate." Wark says the document suggests CSEC was "trying to push the technological boundaries" in part to impress its other international counterparts in the Five-Eyes intelligence network. "This document is kind of suffused with the language of technological gee-whiz." Wark says if CSEC's use of "very powerful and intrusive technological tools" puts it outside its mandate and even the law, "then you are in a situation for democracy where you simply don't want to be." Like Wark and other experts interviewed for this story, Deibert says there's no question Canada needs CSEC to be gathering foreign intelligence, "but they must do it within a framework of proper checks and balances so their formidable powers can never be abused. And that's the missing ingredient right now in Canada." The only official oversight of CSEC's spying operations is a retired judge appointed by the prime minister, and reporting to the minister of defence who is also responsible for the intelligence agency. "Here we clearly have an agency of the state collecting in an indiscriminate and bulk fashion all of Canadian communications and the oversight mechanism is flimsy at best," Deibert says. "Those to me are circumstances ripe for potential abuse." CSEC spends over $400 million a year, and employs about 2,000 people, almost half of whom are involved in intercepting phone conversations, and hacking into computer systems supposedly in other countries. It has long been Canada's most secretive spy agency, responding to almost all questions about its operations with reassurances it is doing nothing wrong. Privacy watchdog Cavoukian says there has to be "greater openness and transparency because without that there can be no accountability. "This trust-me model that the government is advancing and CSEC is advancing ? 'Oh just trust us, we're doing the right thing, don't worry' ? yes, worry! We have very good reason to worry." In the U.S., Snowden exposed massive metadata collection by the National Security Agency, which is said to have scooped up private phone and internet records of more than 100 million Americans. A U.S. judge recently called the NSA's metadata collection an Orwellian surveillance program that is likely unconstitutional. The public furor over NSA snooping prompted a White House review of the American spy agency's operations, and President Barack Obama recently vowed to clamp down on the collection and use of metadata. Cavoukian says Canadians deserve nothing less. "Look at the U.S. ? they've been talking about these matters involving national security for months now very publicly because the public deserves answers. "And that's what I would tell our government, our minister of national defence and our prime minister: We demand some answers to this." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 31 07:10:02 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jan 2014 08:10:02 -0500 Subject: [Infowarrior] - The News Literacy Project is bringing its curriculum online Message-ID: 06:50 AM - January 31, 2014 News literacy teaches about the internet; now those lessons will actually be available there The News Literacy Project is bringing its curriculum online By Ben Adler http://www.cjr.org/news_literacy/news_literacy_expansion_online.php In the fall of 2011, the start of its third academic year of existence, the News Literacy Project created a ?digital unit.? It was the first of its kind; NLP and the other major news literacy program, the Center for News Literacy at Stony Brook University, were created to teach high schoolers students and college students, respectively, how to navigate the dizzying, often suspect streams of information available online. But they only delivered these lessons the old-fashioned, labor-intensive, analog way: in person. If you lived in Kentucky, you were out of luck. As a leader in the field, NLP plans to change that, although its current program?which is acting as a template for a planned national, open-access, Web-available course the group plans to launch by the end of the year?is kept on flash drives, offered for free to participating school districts. Once rolled out, the national course will be downloadable from NLP?s website. Alan Miller, a former Los Angeles Times reporter, runs NLP in Bethesda, MD. He says that the organization has been working over the last few years to refine its digital unit. ?There are two principal ways that we are moving to scale online,? says Miller. ?The bigger mover is the digital unit? We distilled the essence of what we?ve learned and done in the classroom.? Last fall, NLP?s digital unit was deployed by 35 teachers for 2,739 students in 28 schools in New York, Chicago, and Washington, DC. The students participated in five themed lessons, including the First Amendment and the ?challenges and opportunities? of digital media. Students sit at laptops and watch lectures, usually delivered by journalists from local news outlets. Bullet points appear alongside the journalist?s face on the screen, sort like a PowerPoint presentation. Illustrative examples are ripped from the headlines, such as the coverage of the Trayvon Martin case. Lessons end with tangible rules to follow, such as ?stay skeptical of isolated quotes until you see the full context.? Some lectures are used in all cities, but NLP has substituted more local figures for each city, so that students in Chicago, for example, will mostly hear from Chicago-based journalists. The irony of having these lessons, on sophisticated digital citizenship, delivered in person or by mail is not lost on NLP staffers. But they found that schools often have limited bandwidth and having 25 students streaming video at once would overload the servers. Of course, teachers are free to show the videos to the whole class at once. But Miller argues that the one-on-one nature of students watching on their own computers is better when possible, so they can progress through the curriculum at their own pace. Although educators say that meeting the journalist in person is always the ideal, the one-to-one nature of the NLP digital unit is a good substitute, and a necessary one given the practical constraints of trying to reach every student in a major urban school district. ?There?s nothing like somebody walking into your classroom,? says Marty Moe, head of social studies for the Chicago public schools. ?Reality-wise, we?ve got 600 schools, so you couldn?t realistically do that for everyone. NLP is also developing a premium digital unit that schools, or an outside supporter such as a foundation, will have to pay for. That will come with an e-conference where students can interact directly with a journalist. Students participating on a computer or tablet will be able to type questions and send them to the lecturer who they are watching live from a studio. The journalist can even throw out questions and gather the typed responses. It will be just like having the journalist in the classroom. But she can be in another city, or communicating with students in several different cities at once. ?It?s a really exciting explosion of kids and teachers we?re reaching,? says Miller. ?It ramps us up exponentially.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 31 07:10:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jan 2014 08:10:07 -0500 Subject: [Infowarrior] - Patent trolls seek to intimidate EFF supporters, EFF fights back Message-ID: Podcasting patent trolls seek to intimidate EFF supporters, EFF fights back Cory Doctorow at 10:00 pm Thu, Jan 30, 2014 Personal Audio is a patent troll that claims to own the process of sending audio around because they bought a patent from a guy who read Scientific American articles onto cassette tapes and sent them through the mail (seriously!). The Electronic Frontier Foundation is seeking to invalidate this patent -- which Personal Audio is using to shake down all kinds of indie podcasters for protection money -- using a new, cheaper, streamlined process. Personal Audio is fighting dirty. They've filed an expensive lawsuit outside of the patent proceeding, and subpoenaed the names and personal details of everyone who donated to the campaign against their patent, purely to raise the price of adjudicating their patent and to intimidate podcasters who gave to the litigation fund rather than paying off Personal Audio. EFF is fighting back. At stake is the process that is supposed to fix one tiny corner of the patent quagmire -- if Personal Audio's tactic succeeds, it will kill Congress's patent-fix dead. The Juelsgaard Intellectual Property and Innovation Clinic at Stanford Law School has offered free counsel to anyone who's worried about the subpoena. < - > http://boingboing.net/2014/01/30/podcasting-patent-trolls-seek.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 31 07:10:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jan 2014 08:10:09 -0500 Subject: [Infowarrior] - Reporting in the post-Snowden era Message-ID: <4F826D8C-684E-4BCB-8F96-F78D9A846F13@infowarrior.org> 07:05 AM - January 31, 2014 Reporting in the post-Snowden era A panel at Columbia discussed challenges and triumphs By Lauren Kirchner http://www.cjr.org/behind_the_news/snowden_abramson_bell_columbia.php?page=all In an auditorium so large that Columbia?s Journalism School typically only uses it for its graduation ceremonies, hundreds attended the panel discussion ?Journalism After Snowden? on Thursday evening. The topic was as vast as it is timely?encompassing the rising tensions between media organizations and their governments, the practical process of protecting sensitive information (digitally) and oneself (legally), and the delicate dance between privacy and power. Emily Bell, director of the Tow Center at the journalism school, moderated the panel, and she started it off by asking Guardian US Editor in Chief Janine Gibson to give a behind-the-scenes account of the very beginning of the Summer of Snowden. Gibson described how Glenn Greenwald called her in New York shortly after making contact with his then-nameless source, saying something like ?I think I have the biggest intelligence leak in a generation, if not ever.? Gibson was skeptical, but listening; however, she also knew that Greenwald was calling her from Rio over a Skype line. She knew from her previous work on the paper?s WikiLeaks coverage that Skype was relatively untrustworthy technology, and she all but hung up on him. But Greenwald soon flew to New York to meet with her and a few trusted staff members. There, he showed them the tiny sample of stuff he had gotten from his source?starting with the PRISM PowerPoint slides?on a new, air-gapped laptop hastily bought from Best Buy for the occasion. ?You very quickly realize that this is an incredibly huge, sensitive, difficult story?or it?s the Hitler Diaries, it?s a great big hoax,? said Gibson. Then came the story of the now-familiar trip to Hong Kong, and their meeting with an oddly young contractor and his Rubik?s Cube, and the cache of documents of a size that no one has yet been able to quantify. Verifying that Snowden?s account was legit was one challenge?reporting the story out was an entirely different one. They started with the Foreign Intelligence Surveillance Court order for Verizon metadata. ?We were trying to edit, write, report, understand, and verify a document that no one has ever seen,? said Gibson. ?You can?t Google ?secret FISA Court order? to see if it looks like one that?s in front of you.? The audience laughed at this. ?No, that?s not funny, that?s a genuine problem,? she countered, drily. The conversation shifted to the Guardian?s collaboration with The New York Times as the documents from Snowden kept coming over the following months. Jill Abramson?s first response to Bell?s question about the Times getting involved was an honest memory of her disappointment that her paper hadn?t been first with the scoop. ?We did not break the story?the Guardian and The Washington Post did?and that caused me, you know, severe indigestion,? said Abramson. But both Gibson and Abramson agreed that the partnership between the two papers during this process was invaluable. Tech-savvy reporters and editors at the Guardian educated their peers at the Times about best digital-security practices for communicating, searching, viewing, and storing the classified documents. Then, the Times was able to protect the files when the British government aggressively pursued (and forced editors to destroy) the Guardian?s hard drives in the UK. The Guardian?s outside counsel, David Schulz, was on the panel as well. He had previously worked with the Times during their WikiLeaks coverage. When asked about the legal challenges to news organizations dealing with such sensitive material, he started with the word ?conundrum.? A news organization possessing and then publishing classified documents is ?still a legal gray area,? said Schulz. Later in the evening, Barton Gellman, who leads NSA coverage at The Washington Post, spoke to this same issue. Speaking from the audience, Gellman asked the panelists to try to parse the Director of National Intelligence?s statement this week that Edward Snowden ?and his accomplices? should return the documents he stole in order to protect US security from being further compromised. Are we to understand that James Clapper was referring to the press with that term, ?accomplices,? Gellman asked, or was this just a rhetorical flourish of his agency?s frustration? Either way, he said, it is getting harder to report on national security issues. ?Almost everything you want to write about, if you are writing about diplomacy or intelligence or defense, is classified; everything but the press release and the news conference is classified,? Gellman said. ?That?s just the way the US government works. There may be more classified information now than there is open-source information on the planet.? In a larger sense, though, what information is or is not classified, and what legal protections reporters may or may not have, are beside the point?as these NSA stories have revealed. Schulz responded to Gellman?s concerns with this frightening truth: ?The technology that we have today, you don?t need to subpoena a reporter anymore. There?s an ability to find out who gave out any information,? said Schulz. ?And we should all be very concerned about that, because we all need whistleblowers?. If we don?t have a mechanism that allows for whistleblowers, our whole society is going to suffer.? That was a persistent and important theme that the panel kept returning to?that, besides journalists? legal protections, equivalent protections should be extended to the people who risk their livelihoods, and lives, to bring this information to light in the first place. Gibson said Snowden had ?an eerie prescience,? and described his sense of urgency in getting as many NSA stories published before the government, and his critics, tried to make the story about him and his traitorous intentions. Bell agreed: ?Where oversight has failed, a whistleblower and journalism has succeeded,? she said. ?And yet the system is still wanting to punish, if you like, the one thing which has led to transparency and clarity.? ?But that should be completely unsurprising,? Abramson jumped in, citing the fact that the current administration has investigated seven ?criminal leaks,? more than twice the number of such investigations, based on a law passed in 1917, pursued before President Obama took office. That such legal battles were still being fought by James Rosen, of Fox News, and James Risen, of the Times, were mentioned several times throughout the evening. Gibson also highlighted the new and alarming ways in which the Snowden story has caused certain threats from the establishment to escalate. ?Instead of the position that journalists find themselves in where they?re being threatened with prosecution over identifying their sources, we are now being put in the position of something even more chilling?of being ?co-conspirators,?? said Gibson. The accusation is now ??You?re part of a conspiracy, possibly involving the KGB, or maybe China. Because the ordinary way of chilling journalism won?t work in this case. And I think this should be profoundly worrying, because that?s not going to stop. That is a ?Journalism After Snowden? problem.? At one point, Bell asked the panel, ?I think we can all agree that Edward Snowden has done us a favor. Do we have general agreement on that?? ?I have no comment on that,? answered Cass Sunstein, the fourth panelist, who participated in the President?s outside review group that recently released a report proposing changes to the NSA surveillance program. ?We have a 300-page report, and the word ?Snowden? doesn?t appear.? Later, Sunstein also said that he did not think that the members of the review group would refer to Snowden as ?a whistleblower? at all. (So what is he, then?) After a substantial question-and-answer period from the audience, Bell ended the night by asking the panelists for their magic-wand wish for what journalism would ideally look like in this post-Snowden age. Sunstein named internet freedom, and Schultz imagined an internationally agreed-upon standard for individual privacy rights. The two editors had more profession-specific requests. ?More great stories,? said Abramson. ?No prosecution for journalists,? said Gibson. This was met by spontaneous applause. The video of Thursday?s event is up online in full, here. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 31 07:44:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jan 2014 08:44:46 -0500 Subject: [Infowarrior] - Rogers to replace Alexander as DIRNSA Message-ID: For those not keeping score.... DIRNSA or DIRNSA Rogers = Navy VADM Michael Rogers (subject of this article) ... then there's .... TOMR (The Obstinate Mike Rogers) = Congresscritter and Fear-Mongerer Mike Rogers, R-MI, current chair of the HPSCI and security-state apologist. Vice-admiral Michael Rogers to take command of embattled NSA ? Spencer Ackerman in Washington ? theguardian.com, Thursday 30 January 2014 18.15 EST http://www.theguardian.com/world/2014/jan/30/nsa-michael-rogers-to-comman-keith-alexander The embattled National Security Agency is about to get new leaders to deal with the ongoing fallout from whistleblower Edward Snowden?s surveillance disclosures. Vice-admiral Michael Rogers, the commander of the US navy?s tenth fleet and its Fleet Cyber Command, will take over from NSA Director Keith Alexander, who reluctantly became a global figure in the wake of the Snowden revelations. Richard Ledgett, the head of the agency?s investigation into Snowden ? who publicly floated the prospect of an amnesty for the former contractor ? will become the NSA?s new deputy director and top civilian leader. The appointments, both long anticipated, were announced by the Pentagon on Thursday. Rogers is a longtime cryptologist in the Navy, whose informal turn it was to nominate a director for the NSA. Alexander is an Army general; and his predecessor, Michael Hayden, hailed from the Air Force. Rogers has a resume studded with experience in cryptography and electronic eavesdropping that are central to the NSA?s charter. Tenth Fleet, inert since World War II, was reactivated as the Navy?s cybersecurity command and based at Fort Meade, the base of operations for the military?s infant Cyber Command ? which Rogers will also head, pending Senate approval ? and the NSA. Rogers also served for two years on the military?s Joint Staff as intelligence director, a prestigious Pentagon post. But his low-profile commissions have not provided him with a platform to articulate his views on the propriety and appropriate scope of the bulk surveillance of a large swath of world communications, the subject of Snowden?s disclosures that have been published in the Guardian, the Washington Post and other news outlets worldwide. Nor will the Senate have a chance to scrutinize them, at least formally. The NSA directorship is not a position confirmed by the Senate. Rogers? appointment to head US Cyber Command, which is co-located with the NSA and largely reliant on its personnel and expertise to protect US military networks, will require Senate approval, making Rogers? forthcoming Senate Armed Services Committee hearing a proxy venue to learn his views on surveillance. Rogers did not have much in the way of competition for the NSA job. There were whispers in Washington that the director of the Defense Intelligence Agency, Army Lieutenant General Mike Flynn, was also a candidate for the job, but even those who advocated for Flynn, a veteran of the powerful Joint Special Operations Command, did not expect him to get the NSA job. In a statement Thursday, Defense Secretary Chuck Hagel said he recommended Rogers for the post to President Barack Obama, citing Rogers? ?extraordinary and unique qualifications.? ?I am also confident that Admiral Rogers has the wisdom to help balance the demands of security, privacy, and liberty in our digital age,? Hagel said. Alexander bequeaths an agency that continues what many intelligence watchers consider the biggest shock in its history: the disclosure of documents detailing its secret collection of the records of every phone call made in the United States; vast swaths of email and Internet communications of foreigners; communications in transit across the global communications infrastructure; and the undermining of cryptographic standards. At a hearing of intelligence leaders on Wednesday, Director of National Intelligence James Clapper acknowledged that the NSA has taken large blow to its morale. Observers note that one of the new leadership?s major functions will be to repair the NSA?s trust with the American public and skeptical members of Congress, who have drafted legislation to end the NSA?s ability to collect US phone records in bulk. ?Rogers has never had to make the public case that the country's intelligence apparatus is not abusing its legal authorities,? wrote Shane Harris in a recent Foreign Policy profile. Like prior NSA directors, Rogers is likely to be a frequent fixture on Capitol Hill, both for classified briefings and in the coming congressional fight over the future scope of the NSA?s authorities. An early test is likely to be the transition of the phone metadata caches out of NSA, which is backed by Obama and opposed by telephone companies who fear an expanded data storage mandate. During Wednesday?s hearing, two committee chairs, Jay Rockefeller of the commerce committee and Dianne Feinstein of the intelligence committee, indicated their opposition to the plan. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jan 31 15:43:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jan 2014 16:43:29 -0500 Subject: [Infowarrior] - Obama gives Clapper a "tsk tsk" for his Hill testimony Message-ID: <4821F7E8-CB8B-4BC2-9701-720259EEBA6F@infowarrior.org> Obama Says Intelligence Director Who Fibbed To Congress ?Should Have Been More Careful? Posted 1 hour ago by Gregory Ferenstein (@ferenstein) http://techcrunch.com/2014/01/31/obama-says-intelligence-director-who-fibbed-to-congress-should-have-been-more-careful/ President Obama diplomatically defended embattled Director of National Intelligence James Clapper, who is accused of lying to Congress about the existence of the National Security Agency?s spying program. ?I think that Jim Clapper himself would acknowledge, and has acknowledged, that he should have been more careful about how he responded,? the president told CNN?s Jake Tapper. ?His concern was that he had a classified program that he couldn?t talk about and he was in an open hearing in which he was asked, he was prompted to disclose a program, and so he felt that he was caught between a rock and a hard place.? Clapper flat-out denied to Senator Ron Wyden, during congressional testimony, that the NSA collected ?any type of data at all on millions or hundreds of millions of Americans.? Clapper later apologized, but that hasn?t stopped critics like Senator Rand Paul from calling for Clapper?s resignation and potential prosecution. ?I find really that Clapper lying to Congress is probably more injurious to our intelligence capabilities than anything Snowden did, because Clapper has damaged the credibility of the entire intelligence apparatus, and I?m not sure what to believe anymore when they come to Congress,? Paul told CNN. Support for prosecuting Clapper is mixed, which means that in the current Congressional environment any sanctions would be difficult to pass. It certainly doesn?t send a good message to future intelligence officials, though, that they can essentially say whatever they want in public and don?t have to suffer anything harsher than a slap on the wrist. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.