From rforno at infowarrior.org Thu May 1 10:51:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 May 2014 11:51:47 -0400 Subject: [Infowarrior] - Cops Must Swear Silence to Access Vehicle Tracking System Message-ID: <5EEF804D-2408-47BA-BAB3-AD8CCB1B9166@infowarrior.org> Cops Must Swear Silence to Access Vehicle Tracking System ? By Kim Zetter ? 05.01.14 | ? 6:30 am | It?s no secret that police departments around the country are deploying automated license plate readers to build massive databases to identify the location of vehicles. But one company behind this Orwellian tracking system is determined to stay out of the news. How determined? Vigilant Solutions, founded in 2009, claims to have the nation?s largest repository of license-plate images with nearly 2 billion records stored in its National Vehicle Location Service (NVLS). Despite the enormous implications of the database for the public, any law enforcement agency that signs up for the service is sworn to a vow of silence by the company?s terms of service. Vigilant is clear about the reason for the secrecy: it?s to prevent customers from ?cooperating? with media and calling attention to its database. That database is used by law enforcement and others to track stolen cars or vehicles used in crimes, as well as to locate illegal immigrants, kidnapping victims and others ? though the vast majority of license plates stored belong to ordinary drivers who aren?t suspected of a crime. The agreement law enforcement signs, which was uncovered by the EFF, reads in part: "You shall not create, publish, distribute, or permit any written, electronically transmitted or other form of publicity material that makes reference to LEARN or this Agreement without first submitting the material to LEARN-NVLS and receiving written consent from LEARN-NVLS. This prohibition is specifically intended to prohibit users from cooperating with any media outlet to bring attention to LEARN or LEARN-NVLS. Breach this provision may result in LEARN-NVLS immediately termination of this Agreement upon notice to you [sic]." LEARN stands for Law Enforcement Archival and Reporting Network and is Vigilant?s online portal where license plate data and images are aggregated and analyzed for law enforcement to access. ?LEARN provides agencies with an easy way to manage users and vehicle hotlists, query historical license plate reader (LPR) data and used [sic] advanced analytics for enhanced investigations,? the company?s web site says. < -- > http://www.wired.com/2014/05/license-plate-tracking/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 1 11:01:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 May 2014 12:01:49 -0400 Subject: [Infowarrior] - NYSE to pay $4.5 mln to settle SEC charges Message-ID: <122D9EF1-4EBD-4DF2-B0B1-10745BC24AB1@infowarrior.org> But no, no, no, the "markets" are most certainly not "rigged", right? For starters, being allowed to act w/impunity and then settle w/o admitting guilt once caught sure sounds like a form of officially-endorsed rigging to me. --rick http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370541706507#.U2Jub8eep8O SEC Charges NYSE, NYSE ARCA, and NYSE MKT for Repeated Failures to Operate in Accordance With Exchange Rules FOR IMMEDIATE RELEASE 2014-87 Washington D.C., May 1, 2014 ? The Securities and Exchange Commission today announced an enforcement action against the New York Stock Exchange and two affiliated exchanges for their failure to comply with the responsibilities of self-regulatory organizations (SROs) to conduct their business operations in accordance with Commission-approved exchange rules and the federal securities laws. Also charged was the NYSE exchanges? affiliated routing broker Archipelago Securities. < - > The violations detailed in the SEC?s order occurred during periods of time from 2008 to 2012. The SEC?s order finds that the NYSE exchanges violated Section 19(b) and 19(g) of the Securities Exchange Act of 1934 through misconduct that included the following: ? NYSE, NYSE Arca, and NYSE MKT (formerly NYSE Amex) used an error account maintained at Archipelago Securities to assume and trade out of securities positions without a rule in effect that permitted such trading and in a manner inconsistent with their rules for the routing broker, which limited Archipelago Securities? activity primarily to outbound and inbound routing of orders on behalf of those exchanges. ? NYSE provided co-location services to customers on disparate contractual terms without an exchange rule in effect that permitted and governed the provision of such services on a fair and equitable basis. ? NYSE operated a block trading facility (New York Block Exchange) that for a period of time did not function in accordance with the rules submitted by NYSE and approved by the SEC. ? NYSE distributed an automated feed of closing order imbalance information to its floor brokers at an earlier time than was specified in NYSE?s rules. ? NYSE Arca failed to execute Mid-Point Passive Liquidity Orders (MPLOs) in locked markets (where the bid and ask prices are the same) contrary to its exchange rule in effect at the time. In addition, the SEC?s order finds that NYSE Arca accepted MPLOs in sub-penny amounts for National Market System stocks trading at over $1.00 per share, in violation of Rule 612(a) of Regulation NMS. < - > http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370541706507#.U2Jub8eep8O --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 1 11:30:15 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 May 2014 12:30:15 -0400 Subject: [Infowarrior] - SCOTUS Allows Indefinite Detention Message-ID: Supreme Court Refuses to Uphold the Constitution: Allows Indefinite Detention http://www.ritholtz.com/blog/2014/05/supreme-court-refuses-to-uphold-the-constitution-allows-indefinite-detention/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 2 07:19:15 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 May 2014 08:19:15 -0400 Subject: [Infowarrior] - Serious security flaw in OAuth and OpenID discovered Message-ID: Serious security flaw in OAuth and OpenID discovered Malicious attackers can use the 'Covert Redirect' vulnerability in the OAuth 2.0 and OpenID open-source login systems to steal your personal info as well as redirect you to unsafe sites. ? by Aloysius Low and Seth Rosenblatt ? May 2, 2014 4:00 AM PDT http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/#ftag=CAD590a51e Following in the steps of the OpenSSL vulnerability Heartbleed, another major flaw has been found in popular open-source security software. This time, the holes have been found in the login tools OAuth and OpenID, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others. Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore, discovered that the serious vulnerability "Covert Redirect" flaw can masquerade as a login popup based on an affected site's domain. Covert Redirect is based on a well-known exploit parameter. For example, someone clicking on a malicious phishing link will get a popup window in Facebook, asking them to authorize the app. Instead of using a fake domain name that's similar to trick users, the Covert Redirect flaw uses the real site address for authentication. If a user chooses to authorize the login, personal data (depending on what is being asked for) will be released to the attacker instead of to the legitimate website. This can range from email addresses, birth dates, contact lists and possibly even control of the account. Regardless of whether the victim chooses to authorize the app, they will then get redirected to a website of the attacker's choice, which could potentially further compromise the victim. Wang says he has already contacted Facebook and has reported the flaw, but was told that the company "understood the risks associated with OAuth 2.0," and that "short of forcing every single application on the platform to use a whitelist," fixing this bug was "something that can't be accomplished in the short term." Facebook isn't the only site affected. Wang says he has reported this to Google, LinkedIn and Microsoft, who gave him various responses on how they would handle the matter. Google (which uses OpenID) told him that the problem was being tracked, while LinkedIn said that the company would publish a blog on the matter soon. Microsoft, on the other hand, said that an investigation had been done and that the vulnerability existed on a the domain of a third-party and not on its own sites. "Patching this vulnerability is easier said than done. If all the third-party applications strictly adhere to using a whitelist, then there would be no room for attacks," said Wang. "However, in the real world, a large number of third-party applications do not do this due to various reasons. This makes the systems based on OAuth 2.0 or OpenID highly vulnerable." Jeremiah Grossman, founder and interim CEO at WhiteHat Security, a website security firm, agreed with Wang's findings after looking at the data. "While I can't be 100 percent certain, I could have sworn I've seen a report of a very similar if not identical vulnerability in OAuth. It would appear this issue is essentially a known WONTFIX," Grossman said. "This is to say, it's not easy to fix, and any effective remedies would negatively impact the user experience. Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws." Further corroborating Wang's findings is Chris Wysopal, CTO at programming code verification firm Veracode. Wsyopal told CNET that it looks to be a "very real issue" and that OAuth 2.0 looks vulnerable to phishing and redirect attacks. "Given the trust users put in Facebook and other major OAuth providers I think it will be easy for attackers to trick people into giving some access to their personal information stored on those service," he said. Users who wish to avoid any potential loss of data should be careful about clicking links that immediately ask you to log in to Facebook or Google. Closing the tab immediately should prevent any redirection attacks. While this issue isn't as severe as Heartbleed, it's relatively easy to do so unless the flaw gets patched, which according to Wang, is quite difficult to implement due to third-party sites having "little incentive" to fix the problem. Cost is a factor, as well as the view that the host company (such as Facebook) bears the responsibility for making the attacks appear more credible. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 2 07:25:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 May 2014 08:25:55 -0400 Subject: [Infowarrior] - Meet the Fed's cybersecurity team Message-ID: <910CBB38-EEC2-4C2C-93BE-D2F092047A59@infowarrior.org> Exclusive: Meet the Secret Fed Cyber Security Unit Keeping Trillions of Dollars Safe from Hackers By Shane Harris http://foreign-policy6.blogspot.com/2014/04/exclusive-meet-secret-fed-cyber.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 2 09:04:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 May 2014 10:04:07 -0400 Subject: [Infowarrior] - When the White House hates your tweet Message-ID: When the White House hates your tweet By Olivier Knox, Yahoo News May 1, 2014 6:34 AM Yahoo News http://news.yahoo.com/when-the-white-house-hates-your-tweet-211857928.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 2 10:49:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 May 2014 11:49:29 -0400 Subject: [Infowarrior] - WH seeks legal immunity for firms that hand over customer data Message-ID: <7333F8ED-D0A4-4F4C-A83B-2D156B9E0476@infowarrior.org> White House seeks legal immunity for firms that hand over customer data Obama administration asks legislators drafting NSA reforms to protect telecoms firms complying with court orders ? Spencer Ackerman in New York ? theguardian.com, Friday 2 May 2014 08.05 EDT http://www.theguardian.com/world/2014/may/02/white-house-legal-immunity-telecoms-firms-bill The White House has asked legislators crafting competing reforms of the National Security Agency to provide legal immunity for telecommunications firms that provide the government with customer data, the Guardian has learned. In a statement of principles privately delivered to lawmakers some weeks ago to guide surveillance reforms, the White House said it wanted legislation protecting ?any person who complies in good faith with an order to produce records? from legal liability for complying with court orders for phone records to the government once the NSA no longer collects the data in bulk. The brief request, contained in a four-page document, echoes a highly controversial provision of the 2008 Fisa Amendments Act, which provided retroactive immunity to the telecommunications companies that allowed the NSA to access calls and call data between Americans and foreigners, voiding lawsuits against them. Barack Obama?s vote for that bill as a senator and presidential candidate disappointed many supporters. A congressional aide said the telecommunications companies were expected to ?fight hard? for the provision to survive in any surveillance bill. Those firms, including Verizon and AT&T, have typically kept far more silent in public about NSA surveillance and their role in it than internet giants, like Yahoo and Google, which have pushed for reforms. Unlike in 2008, the firms are not facing a spate of lawsuits, although Verizon was named as a defendant in Larry Klayman?s suit against the Obama administration challenging the constitutionality of bulk phone metadata collection. A senior administration official noted that the provision is typical for surveillance law, to protect companies who comply with Fisa court orders for customer data. ?This would refer to any new orders issued by the court under the new regime we are proposing. This is similar to the way the rest of Fisa already operates, and Fisa already contains virtually identical language for its other provisions, including Section 215,? the official said, referring to the portion of the Patriot Act cited as justification for bulk phone data collection. The telecommunications immunity is already contained within a bill authored by the House intelligence committee leadership, key legislative allies of the NSA. But another aspect of the White House document points to an obstacle that congressional sources said is holding up the House intelligence bill ? something its opponents consider an opportunity. That bill, sponsored by Republican chairman Mike Rogers of Michigan and ranking Democrat Dutch Ruppersberger of Maryland, would permit the government to access phone records without specific prior approval by a judge. Ruppersberger said while unveiling the bill in late March that they were ?very, very close? to a deal with the White House, though the principles document favors prior court orders. ?Absent an emergency situation, the government would obtain the records only pursuant to individual orders from the Foreign intelligence surveillance court approving the use of specific numbers for such queries, if a judge agrees based on national security concerns,? it reads. Several congressional aides said that the discrepancy between the White House and the intelligence committee on the issue had stalled the momentum of a bill backed by the House leadership over a rival effort in the judiciary committee ? also stalled ? that would go far further in reining in bulk data collection. Ruppersberger said he was in a ?constructive dialogue? with stakeholders on his surveillance bill, and expressed confidence in its prospects. ?The chairman and I continue to engage in a constructive dialogue with the administration, members of our respective caucuses in the House and Senate, privacy groups, and technology and telecommunication companies. The issue of increasing transparency while maintaining an important capability to protect our country is extremely important and we will continue to work together in the best way forward,? Ruppersberger said in a statement to the Guardian. Rogers and Ruppersberger?s legislative rival is a bill sponsored in the House by Republican Jim Sensenbrenner of Wisconsin, a member of the judiciary committee. Known as the USA Freedom Act, it has been bottled up in the committee since its introduction six months ago, owing to the uncertain support of chairman Bob Goodlatte, a Virginia Republican. The White House surveillance principles document poses its own complications for Ruppersberger?s bill. While that bill requires prior judicial approval for government acquisition of phone records, the White House principles are agnostic about the bulk collection of any other data, which the USA Freedom Act would prevent for Americans. Jockeying is said to have intensified recently within the judiciary committee to reach a breakthrough on the USA Freedom Act, fueled in part by institutional incentives created by the introduction of Rogers and Ruppersberger?s bill. The House intelligence committee leaders attempted unsuccessfully to circumvent the judiciary committee through a parliamentary procedure. But since the bill would amend a major surveillance law, it received a secondary referral to the judiciary committee, a hotbed of hostility to it. Opponents are using the circumvention attempt to galvanize Goodlatte into finalizing a modified version of the USA Freedom Act, possibly under a new name. Privacy activists have been pressuring Goodlatte in Virginia to pass the bill. Goodlatte ?doesn?t love everything in USA Freedom, but he?s not the type to get rolled on his jurisdiction,? a congressional staffer explained. The upcoming legislative calendar also adds a potential element of uncertainty to congressional surveillance maneuvers. Representative Justin Amash, a Michigan Republican and USA Freedom Act supporter, is warning that he may attach an amendment to defund domestic bulk collection to critical legislation, to include the annual defense authorization bill, known as the NDAA. An earlier version of that amendment, last summer, came surprisingly close to passing, giving the Obama administration a near-death experience on surveillance. NSA supporters are also rumored to be considering adding their own amendments to the NDAA in order to check privacy advocates. The House leadership wants the NDAA to go for a floor vote the week of May 19. But both civil libertarians and NSA defenders are concerned that amending unrelated bills could introduce rancor and volatility to an already arduous process of surveillance reform. ?If leadership on both sides decide that they want to push through pseudo-reforms through the NDAA or through another piece of legislation, than we?re certainly prepared to offer an amendment like we offered before to any piece of legislation that requires it,? Amash told the Guardian. ?We have to keep all options on the table, and my goal is to protect the American people and do it as soon as possible. We can?t keep waiting. At the same time, I?m willing to sit down and talk with leadership and others, and if I feel that they are moving in the right direction, then certainly, we?re happy to work with them on more comprehensive legislation, like the USA Freedom Act.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 2 15:11:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 May 2014 16:11:36 -0400 Subject: [Infowarrior] - Snooping reports' pileup problem Message-ID: <057B6DE8-7A32-4E47-A389-D84F1EEFA9D4@infowarrior.org> Snooping reports' pileup problem By: Josh Gerstein May 2, 2014 05:08 AM EDT http://dyn.politico.com/printstory.cfm?uuid=35E6316C-8A8E-4B52-81FA-9E01A541F954 Could surveillance reform succumb to death by a thousand blue-ribbon panels? That?s what some are fearing as bookshelves in congressional offices, lobbying suites and newsrooms across Washington begin to sag with the accumulation of snooping-related reports and recommendations unveiled since Edward Snowden?s stunning disclosures last June about widespread National Security Agency gathering of U.S. telephone data. The White House added two more studies to the growing stack Thursday: assessments of the risks and dangers inherent in collection and mining of so-called ?big data? by both government and the private sector. One writeup came from Obama advisers and Cabinet officials like counselor John Podesta, Commerce Secretary Penny Pritzker and Energy Secretary Ernest Moniz. Another came from a 20-member council of outside experts on technology issues. The teeming pile of reports stands in contrast to the few tangible signs of legislative progress on many of the issues the various boards have focused on. That disconnect is fueling concerns in some quarters that there?s plenty of diagnosing going on and, so far, little in the way of treatment. ?Reports will not be enough,? warned Chris Calabrese of the American Civil Liberties Union. ?I don?t think people are going to accept reports when we?re talking about what are obvious violations of people?s privacy?The administration needs to take concrete action to reform America?s privacy laws.? Some in the technology industry expressed fears that the two reports the White House issued Friday amounted to a kind of rope-a-dope designed to divert public attention from objectionable NSA surveillance by raising concerns about the practices of private businesses. ?Although I welcome the government?s review of this important policy area, it would be a grave error if it is used to attempt to distract attention away from the need for major reform of government surveillance practices that nobody gets to opt out of,? said Ed Black of the Consumer & Communications Industry Association. ?In the runup to the report, the administration continually intertwined the commercial privacy debate with the government surveillance debate,? he said. ?Frankly, channeling public outrage over NSA overreach into the debate around commercial privacy regulation is irresponsible.? ?This is only the beginning of a longer discussion,? said Alex Fowler of browser-maker Mozilla. ?In the meantime, we strongly urge the Obama administration to stay focused on surveillance reform to help restore trust on the Internet.? The White House said there was no intent on its part to drain momentum from the drive to pass legislation limiting NSA surveillance. ?The questions are how do you protect privacy across this range of sectors and how one protects privacy in the context of intelligence collection is an extremely important topic,? Podesta told reporters Thursday. ?Obviously, we?ve come forward with major reforms of the so-called 215 program, the collection program of telephony data which is essentially about intelligence gathering?It was our task really to look at these other sectors. ?It?s in no way hypocritical for us to come forward as we?re continuing to try to provide basic rights and strong ability to control and audit the way our intelligence authorities are being executed,? Podesta added. Still, many have doubts about how aggressively President Barack Obama is pushing for NSA reforms. Senate Intelligence Committee Chairwoman Dianne Feinstein has said repeatedly in recent weeks that she?s still waiting for the White House to provide legislative language to overhaul the way the government would access the telephone data now gathered by the spy agency. In any event, there?s little doubt that the just-completed Podesta review was born out of an effort to calm the storm over NSA surveillance. Obama announced the review last spring in the same speech where he addressed the complaints over the spy agency?s practices and endorsed the idea of transitioning from the NSA?s storage of data on U.S. calls to a new system that would likely leave that data with telephone companies. ?The challenges to our privacy do not come from government alone. Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that?s how those targeted ads pop up on your computer and your smartphone periodically. But all of us understand that the standards for government surveillance must be higher,? the president said. And just days after the first Snowden leaks last June, Obama made clear that he was intent on pulling a discussion of private-sector data-mining into the NSA-focused frenzy ?This is not going to be restricted to government entities,? the president told Charlie Rose back then. The new Podesta report could also help dampen another headache for the White House: complaints from Europe that the U.S. isn?t serious about implementing privacy protections. The ?big data? study was released one day before a scheduled White House visit by German Chancellor Angela Merkel, whose complaint about reported NSA surveillance of her mobile phone became an early flashpoint in the controversy. Merkel has already won an extraordinary public promise from Obama that the U.S. will not intercept her communications in the future. And nothing the Podesta review looked at addressed the question of spying on foreign leaders. But Merkel and other leaders are eager for signs that the U.S. is moving closer to the European approach of broad regulation of handling of private data by businesses. The new report moves in that direction, while stopping short of laying out specific legislation or a strategy to get it enacted by Congress. Even with Merkel, the mere passage of time ? and the piling of review upon review ? has helped calm frayed nerves. Last October, the surveillance issue was so urgent that it prompted Merkel to call Obama directly with her phone-tapping complaints. Now both leaders seem preoccupied with Russia?s threatening moves in Ukraine and how to shield Germany?s economy if one its key sources of energy is interrupted by Russian retaliation for Western sanctions. The official reports released to date take somewhat different approaches to the surveillance debate, focusing on specific aspects of the issue. The administration?s new ?Big Data: Seizing Opportunities, Preserving Values? report now joins the President?s Council of Advisers on Science and Technology?s compendium ?Big Data: a Technological Perspective,? the White House-appointed Review Group on Signals Intelligence and Communications Technology?s ?Liberty and Security in a Changing World,? and the Privacy and Civil Liberties Oversight Board?s snazzily-titled ?Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court.? The new Podesta report did not dig deeply into NSA snooping practices, as the earlier panels did. But there is still significant overlap. The ?big data? review concludes that current government treatment of so-called metadata may give short shrift to privacy concerns about data that ?as a matter of routine can be reassembled to reveal intimate personal details.? Even the ?90-day? study the president ordered Podesta to undertake on big-data issues encountered changes in staffing during the 104 days it was in the works. Obama economic adviser Gene Sperling was billed as a part of the review at its outset. His long-extended tenure at the White House finally ended in February when he was replaced by new economic adviser Jeff Zients, who signed Thursday?s report. For those who still haven?t had their fill of blue-ribbon studies triggered by the Snowden disclosures, there?s still more on tap. The Podesta review notes that a fifth panel, Obama?s Presidential Intelligence Advisory Board, has also been tasked with delving into how the intelligence community distinguishes between metadata and other information. That standing committee once had 14 members, but the lineup was slashed to four by the White House just months before the first Snowden leaks emerged. Its report to Obama is due in a little more than two weeks. Darren Samuelsohn contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 3 08:37:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 May 2014 09:37:53 -0400 Subject: [Infowarrior] - In Surveillance Debate, White House Turns Its Focus to Silicon Valley Message-ID: <8EA9DBE2-B2FD-44E5-A3EC-307FA3DCD233@infowarrior.org> In Surveillance Debate, White House Turns Its Focus to Silicon Valley By DAVID E. SANGERMAY 2, 2014 http://www.nytimes.com/2014/05/03/us/politics/white-house-shifts-surveillance-debate-to-private-sector.html WASHINGTON ? Nearly a year after the first disclosures about the National Security Agency?s surveillance practices at home and abroad, the agency is emerging with mandates to make only modest changes: some new limits on what kind of data about Americans it can hold, and White House oversight of which foreign leaders? cellphones it can tap and when it can conduct cyberoperations against adversaries. The big question now is whether Silicon Valley will get off as easily. It was the subject of a new White House report about how technology and the crunching of big data about the lives of Americans ? from which websites they visit to where they drive their newly networked cars ? are enlarging the problem. At their core, the questions about the N.S.A. are strikingly similar to those about how Google, Yahoo, Facebook and thousands of application makers crunch their numbers. The difference is over the question of how far the government will go to restrain the growth of its own post-Sept. 11 abilities, and whether it will decide the time has come to intrude on what private industry collects, in the name of protecting privacy or preventing new forms of discrimination. President Obama alluded to that at the White House on Friday, when he was forced to take up the issue at a news conference with one of the N.S.A.?s most prominent targets: Chancellor Angela Merkel of Germany, who said she was still not satisfied with America?s responses to the revelations that her phone ? and her country ? were under blanket surveillance for a dozen years. ?The United States historically has been concerned about privacy,? Mr. Obama said, trying to seize some high ground in the debate. His string of assurances along that line rang a bit hollow last year, as the administration reacted to each disclosure by Edward J. Snowden, the former N.S.A. contractor, with assurances that the programs were among the most closely monitored in the intelligence world, and that they were necessary to protect the country. But by January, Mr. Obama had arrived in a different place. After approving, for five years, a government program to collect telephone metadata ? the information about telephone numbers dialed and the duration of calls ? he acceded to recommendations to leave that information in the hands of telecommunications companies. Quietly, the White House ended the wiretapping of dozens of foreign leaders. Now, by expanding the debate to what America?s digital titans collect, Mr. Obama gains a few political advantages. He is hoping to reinvigorate legislative proposals that went nowhere in his first term. And now that the revelations about the N.S.A. have tapered off, at least for a while, his aides seem to sense that Americans are at least as concerned about the information they entrust to Google and Yahoo. In Silicon Valley, there is a suspicion that the report issued on Thursday by John D. Podesta, a presidential adviser, is an effort to change the subject from government surveillance. Mr. Podesta insists it is about expanding the discussion about how information is used. ?It?s a good time to revisit both public and private data collection and handling,? said Jonathan Zittrain, a founder of the Berkman Center for Internet and Society at Harvard. He noted that the last time the government looked at how private companies collected data online, ?it regulated lightly,? asking companies to disclose their privacy policies and little else. Since then, he noted, ?the scope of what both private companies and public authorities can collect from us has increased enormously.? The question is whether restrictions placed on the N.S.A. ? and public resistance ? will spill over to regulation of the private sector, and conversely whether new norms of what companies can collect will begin to affect the intelligence world. At the N.S.A., there is grumbling about the continuing disclosures of material stolen by Mr. Snowden, but comparatively little complaint on the new limits Mr. Obama has proposed. In some cases, the N.S.A. gained some access to data even as it lost some autonomy. For example, its program to collect metadata missed a large percentage of cellphone calls. Under Mr. Obama?s plan, if it becomes law, the N.S.A. would have to leave that data in private hands, but when the N.S.A. does get it, under court order, the agency should have access to a lot more than it does today. ?It?s a pretty good trade,? said one senior intelligence official who has been working on the issue. ?All told, if you are an N.S.A. analyst, you will probably get more of what you wanted to see, even it?s more cumbersome.? In other cases, the N.S.A. is clearly giving up authority. Decisions about whether to exploit flaws in software to allow for surveillance or cyberattacks will be made at the National Security Council, not at the agency?s headquarters in Fort Meade, Md. That list of leaders being wiretapped now gets high-level scrutiny. But more oversight does not necessarily mean operations will end. While Mr. Obama has a lot of latitude in intelligence collection, the area pushed in the Podesta report will run headlong into considerable resistance in the country?s most innovative companies. Most turned out statements on Thursday embracing the idea of enhancing individual privacy; Microsoft said that it supported the effort and ?will keep working with lawmakers to make these tougher privacy protections a reality.? The argument will be over what constitutes ?effective use.? The report discussed a range of potential abuses: algorithms so effective that they could be used to create subtle, hard-to-detect biases in decisions about who can get a loan or whom to hire for a job. It even took a shot at metadata, the N.S.A.?s favorite tool, noting that it can reveal a lot about personal habits. That is information that most Americans say they do not want intelligence agencies to have. But whether they are willing, as the price for joining an interconnected world, to put it in the hands of private firms, and whether the government should intervene to set the rules is not clear. A version of this news analysis appears in print on May 3, 2014, --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 4 08:21:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 May 2014 09:21:07 -0400 Subject: [Infowarrior] - Technology law will soon be reshaped by people who don't use email Message-ID: Technology law will soon be reshaped by people who don't use email The US supreme court doesn't understand the internet. Laugh all you want, but when NSA, Pandora and privacy cases hit the docket, the lack of tech savvy on the bench gets scary ? Trevor Timm ? theguardian.com, Saturday 3 May 2014 07.30 EDT http://www.theguardian.com/commentisfree/2014/may/03/technology-law-us-supreme-court-internet-nsa There's been much discussion ? and derision ? of the US supreme court's recent forays into cellphones and the internet, but as more and more of these cases bubble up to the high chamber, including surveillance reform, we won't be laughing for long: the future of technology and privacy law will undoubtedly be written over the next few years by nine individuals who haven't "really 'gotten to' email" and find Facebook and Twitter "a challenge" . A pair of cases that went before the court this week raise the issue of whether police can search someone's cellphone after an arrest but without a warrant. The court's decisions will inevitably affect millions. As the New York Times editorial board explained on the eve of the arguments, "There are 12 million arrests in America each year, most for misdemeanors that can be as minor as jaywalking." Over 90% of Americans have cellphones, and as the American Civil Liberties Union argued in a briefing to the court, our mobile devices "are in effect, our new homes". Most people under 40 probably would agree police should never have the right to rummage through our entire lives without a particular purpose based on probable cause.Yet during arguments, Justice Roberts insinuated that police might reasonably suspect a person who carries two cellphones of being a drug dealer. Is he unaware that a large portion of the DC political class with which he associates ? including many of his law clerks ? carries both a personal and business phone, daily? The chief justice of the Supreme Court of the United States may have proved this week that he can throw out tech lingo like "Facebook" and even "Fitbit", but he is trapped in the closet from reality. This is not the first time justices have opened themselves up to mockery for their uninitiated take on tech issues. Just last week, in the copyright case against Aereo, the justices' verbal reach seemed to exceed their grasp, as they inadvertently invented phrases like "Netflick" and "iDrop", among others. Before that, many ripped Justice Roberts for seemingly not knowing the difference between a pager and email. And then there was the time when a group of them tried to comprehend text messages, or when the justices and counsel before them agreed that "any computer group of people" could write most software "sitting around the coffee shop ... over the weekend." (Hey, at least Ginsburg reads Slate.) The supremes tend to do better on tech cases when they avoid engaging directly in the actual technical substance of technology. They received praise for ruling, 9-0, two years ago that police need a warrant to place a GPS tracker on someone's car. Even then, though, Justice Alito ridiculed Justice Scalia's controlling opinion for determining such a modern issue "based on 18th-century tort law". When it comes to the future of tech policy in the US, this week's cellphone arguments are just the tip of the iceberg. Right now the FBI is engaged in all varieties of warrantless surveillance, using a variety of devices. Most critically, the agency thinks it can get our mobile location information, which reveals the most intimate details of our lives, without a warrant. The sharp split in lower courts will only get more pronounced over the next year. Other cases percolating through the justice system address the question of whether police can compel you to hand over the password to your devices. Given that the right to not self-incriminate is spelled out in the Fifth Amendment, and that it parallels between login credentials and other information stored in your head, compelled decryption may seem antithetical to the Constitution. But in cases involving encrypted hard drives, the government has argued otherwise. That's not all: internet radio services, out-of-control software patents, and whether online posts should be judged the same as traditionally protected speech ? all of these may all bubble up to the high court soon. And remember, just months before Edward Snowden became a household name, the ACLU was in front of the supreme court arguing the Fisa Amendments Act, one of the primary laws at the center of the NSA scandal, was unconstitutional. The court cowardly dismissed the case 5-4 on "standing" grounds, and never ruled on the merits. One of the first things Snowden reportedly said after his disclosures when the ACLU became his legal counsel was: "Do you have standing now?" Do they ever. Thanks to Snowden's revelations, a second flurry of lawsuits ? 25, by The Verge's count ? have cropped up all over the country. Even NSA advocates, who for years tried to prevent courts from ruling on the subject, are suddenly suggesting the supreme court should weigh in, hoping it's their only way out. Tellingly, the NSA's legal house of cards is pinned on a horribly outdated case from the 1970s that ruled the government could get the phone records for one suspect under active investigation, for a short period of time. The government has morphed that to mean they can collect all sorts of metadata, on everyone, forever. The good news is, if the justices can avoid fixating on technical details ? the very kind they don't seem to understand ? the Roberts Court may still come to the right decision. After chiding the justices in Aereo, Vox's Tim Lee argued it's actually a good thing the justices are not technically savvy, because it allows them to see the bigger picture, citing that they have "done a remarkably good job of crafting a sensible body of patent and copyright laws in the past few decades". (They also delivered an encouraging decision on patent trolls just this week.) There's evidence, in recent privacy opinions, that at least some of the justices understand how technology is used, even if they don't use it themselves. As Justice Sotomayor wrote in her concurring opinion in the GPS case: It may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties?This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. Encouragingly, Justice Kagan made similar comments this week. But as Electronic Frontier Foundation's Parker Higgins convincingly argues, it's not the justices' lack of personal experience with technology that's the problem; it's their tendency to not understand how people use it. Returning to Justice Roberts's concerns about villains with two phones: if he is in fact unaware of how common that behavior is ? he certainly didn't watch Breaking Bad ? then that suggests a major gap in his understanding of society. This lack of basic understanding is alarming, because the supreme court is really the only branch of power poised to confront one of the great challenges of our time: catching up our laws to the pace of innovation, defending our privacy against the sprint of surveillance. The NSA is "training more cyberwarriors" as fast as it can, but our elected representatives move at a snail's pace when it comes to the internet. The US Congress has proven itself unable to pass even the most uncontroversial proposals, let alone comprehensive NSA reforms: the legislative branch can't even get its act together long enough to pass an update our primary email privacy law, which was written in 1986 ? before the World Wide Web had been invented. So the future of our privacy, of our technology ? these problems land at the feet of a handful of tech-unsavvy judges. Future nominees to the bench should be quizzed on their knowledge of technology at confirmation hearings. And while many have made the argument that the secret Fisa court should employ a technologist to explain technical issues to the less technical judges, the same can be said of the supreme court. It's time to get the net already. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 4 08:37:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 May 2014 09:37:45 -0400 Subject: [Infowarrior] - Regarding government reports Message-ID: Unrequired reading http://www.washingtonpost.com/sf/national/2014/05/03/unrequired-reading/ Every year, as required by law, the U.S. government prepares an official report to Congress on Dog and Cat Fur Protection. The task requires at least 15 employees in at least six different federal offices. First, workers have to gather data about the enforcement of a law banning imports of fur coats, furry toys or other items made from the pelts of pets. How many shipments were checked? How many illegal furs were found? The data are written into a report, passed up the chain of command and sent to Capitol Hill. And then nothing happens. Although it was Congress that demanded this report in a 2000 law, the legislators who pushed for it are gone. The debate over imported pet fur has waned. Congress lost interest. Of the seven committees that still get copies of the report, none reported finding it useful. Still, the law lives on, requiring a bureaucratic ritual that has become a complete waste of time. ?I said: ?Look, let?s just not send it. Let?s just not send it this year and see if anybody asks for it,??? said Michael Mullen, a former official at Customs and Border Protection, which handles the report. Mullen said his bosses always said no. ?Is that thing still being sent in?? Mullen said, laughing. ?Oh, God." This is a story about how Congress built a black hole. < ? > http://www.washingtonpost.com/sf/national/2014/05/03/unrequired-reading/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 4 18:13:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 May 2014 19:13:34 -0400 Subject: [Infowarrior] - Europe's Cybersecurity Policy Settings Under Attack Message-ID: <1C8FBC20-22EC-4729-BF97-AF1D2F7C00CC@infowarrior.org> Europe's Cybersecurity Policy Settings Under Attack By AFP on May 04, 2014 http://www.securityweek.com/europes-cybersecurity-policy-settings-under-attack BRUSSELS - Even as Europe powered up its most ambitious ever cybersecurity exercise this month, doubts were being raised over whether the continent's patchwork of online police was right for the job. The exercise, called Cyber Europe 2014, is the largest and most complex ever enacted, involving 200 organizations and 400 cybersecurity professionals from both the European Union and beyond. Yet some critics argued that herding together normally secretive national security agencies and demanding that they spend the rest of 2014 sharing information amounted to wishful thinking. Others questioned whether the law enforcement agencies taking part in the drill should be involved in safeguarding online security, in the wake of American whistleblower Edward Snowden's revelations of online spying by western governments. "The main concern is national governments' reluctance to cooperate," said Professor Bart Preneel, an information security expert from the Catholic University of Leuven, in Belgium. "You can carry out all of the exercises you want, but cybersecurity really comes down to your ability to monitor, and for that, national agencies need to speak to each other all the time," Preneel said. The Crete-based office coordinating the EU's cybersecurity, the European Union Agency for Network and Information Security (ENISA), calls itself a "body of expertise" and cannot force national agencies to share information. As with most aspects of policing and national security, the EU's 28 members have traditionally been reluctant to hand over powers to a central organization, even when -- as in the case of online attacks -- national borders are almost irrelevant. 'Citizens and economy at risk' Cyberattacks occur when the computer information systems of individuals, organizations or infrastructure are targeted, whether by criminals, terrorists or even states with an interest in disrupting computer networks. The EU estimates that over recent years there has been an increase in the frequency and magnitude of cybercrime and that the attacks go beyond national borders, while the smaller-scale spreading of software viruses is also an increasingly complex problem. The EU's vulnerability has been highlighted over recent years by a number of high-profile cyberattacks, including one against Finland's foreign ministry in 2013 and a network disruption of the European Parliament and the European Commission in 2011. And with Europe's supply of gas from Russia focusing attention on energy security, the highly computerized "smart" energy grids which transport and manage energy in the EU are also seen as vulnerable. Yet the view from Brussels is that the member states' reluctance to work together on cybersecurity amounts to "recklessness", with one EU source saying national governments were "happy to put their citizens and economy at risk rather than coordinate across the EU." ENISA was established in 2001 when it became clear that cybersecurity in the EU would require a level of coordination. Unlike other EU agencies, ENISA does not have regulatory powers and relies on the goodwill of the national agencies it works with. The agency is undaunted by its task, arguing that the simulations it stages every two years, taking in up to 29 European countries, are both effective and necessary in preparing a response to cyber-attacks. This week's simulation created what ENISA described as "very realistic" incidents in which key infrastructure and national interests came under attack, "mimicking unrest and political crisis" and "disrupting services for millions of citizens across Europe." Responsibility with industry However, Amelia Andersdotter, a Swedish member of the European Parliament with the libertarian Pirate Party, is dismissive of both the exercise and the European online security model. Andersdotter, along with a number of European experts, is calling for reforms to move responsibility for cybersecurity away from law enforcement agencies toward civilian bodies. Their argument is that a civilian agency would be better placed to coordinate a response with industry, which Andersdotter argues has not done enough to safeguard cybersecurity. At present, she told AFP, industry actors in software or infrastructure simply report cybercrime to authorities without being required to compensate or inform consumers. A civilian authority would end what Andersdotter calls the "conspiracy of database manufacturers and law enforcement agencies" by placing greater responsibility with industry. What most experts agree on is that European companies and consumers are vulnerable to cybersecurity threats, and that can have an impact on people's willingness to use online services. James Wootton, from British online security firm IRM, said the ENISA exercises are a step in the right direction, but are not enough. "The problem is nation states wanting to fight cybercrime individually, even when cybercrime does not attack at that level," Wootton says, arguing that national law enforcement agencies often lack the required resources. "So it is good to look at this at the European level, but what power does ENISA have? What can they force countries to do?" Eurostat figures show that, by January 2012, only 26 percent of EU enterprises had a formally defined information technology security plan in place. One industry insider said the view in Brussels is that EU cybersecurity was "like teenage sex: everyone says they are doing it but not that many actually are." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 06:16:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 07:16:23 -0400 Subject: [Infowarrior] - The State Will Always Transcend Its Limits Message-ID: <443981E2-ED37-4DE8-A48D-8980C7313434@infowarrior.org> The State Will Always Transcend Its Limits http://www.acting-man.com/?p=30248 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 08:54:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 09:54:04 -0400 Subject: [Infowarrior] - John Kerry Claims US Is On The 'Right Side Of History' When It Comes To Online Freedom And Transparency Message-ID: John Kerry Claims US Is On The 'Right Side Of History' When It Comes To Online Freedom And Transparency from the might-still-making-right,-despite-technological-developments dept Once you've ceded the high ground, it's very difficult to reclaim it. At this time last year, the Secretary of State could have gotten away with the following remarks, but just barely. The NSA documents had not yet been revealed, but the US government had been giving up chunks of free speech high ground for quite some time. Now, with the NSA's programs exposed, along with this administration's quest to punish whistleblowers and maintain the opacity left behind by the Bush administration, there's no approaching the high ground. But that didn't stop John Kerry -- in his remarks to the Freedom Online Coalition Conference -- from planting a flag halfway up and declaring it the summit. (h/t to Dan Froomkin of the Intercept) < big snip > http://www.techdirt.com/articles/20140502/11381727100/john-kerry-cant-find-high-ground-during-remarks-about-online-freedom-settles-claiming-government-is-right-side-history.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 16:43:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 17:43:00 -0400 Subject: [Infowarrior] - DOD: Bitcoin A Terrorist Threat? Message-ID: Bitcoin A Terrorist Threat? Counterterrorism Program Names Virtual Currencies As Area Of Interest By Ryan W. Neal on May 03 2014 10:04 AM http://www.ibtimes.com/bitcoin-terrorist-threat-counterterrorism-program-names-virtual-currencies-area-interest-1579699 After attracting attention from law enforcement, financial regulators and old-school Wall Street investors, bitcoin is now on the U.S. military?s radar as a possible terrorist threat. Friday was the deadline for submissions to a counterterrorism program seeking vendors to help the military understand state-of-the-art technologies that may pose threats to national security, and ?bitcoin? and ?virtual currencies? are listed among them. The program is being conducted by the Combating Terrorism Technical Support Office, a division of the Department of Defense that identifies and develops counterterrorism abilities and investigates irregular warfare and evolving threats. An unclassified memo from January unearthed by Bitcoin Magazine detailed solicitations for CTTSO projects. The memo states that one of the mission requirements is for ?innovative...solutions to develop and/or enhance new concepts and constructs for understanding the role of virtual currencies? in financing threats against the United States. The memo said the blurring of national lines is facilitating the transfer of virtual currencies: ?The introduction of virtual currency will likely shape threat finance by increasing the opaqueness, transactional velocity, and overall efficiencies of terrorist attacks,? it stated. At the heart of the concern is the anonymity built into the bitcoin architecture. While every bitcoin transaction is public, the parties involved are kept anonymous. With bitcoins, illegal operations can be made with the speed and ease of the Internet and with the secrecy of cash. Several recent high-profile cases have put bitcoin under greater scrutiny. In October, the FBI closed down the Silk Road, a digital black market that allowed users to buy drugs, guns and even professional assassins. Silk Road accepted only bitcoin for payments, and the man arrested for running Silk Road was charged with narcotics trafficking and money laundering, among other charges. Charlie Shrem, chairman of the Bitcoin Foundation and the head of BitInstant, a defunct bitcoin exchange, was arrested in January on charges of money laundering with bitcoins. In February, Mt. Gox, one of the largest bitcoin exchanges, filed for bankruptcy protection after hundreds of millions of dollars? worth of bitcoins were stolen. No criminal charges have been filed yet, but many former Mt. Gox customers suspect that it was a scam. A Treasury Department investigation said in March that it found no evidence of ?widespread? use of virtual currencies like bitcoin to finance terrorism. Still, it?s clear that nefarious individuals have recognized the potential to use bitcoin for harm. The anonymity seems to be what concerns the CTTSO the most. The agency also called for research on ?anonymizing software? and ?Dark Web,? and views anonymous networks like TOR as a way to traffic drugs, weapons, humans and even nuclear technologies undetected. The CTTSO?s mission against irregular warfare and evolving threats also has a requirement for ?methods and means to systematically discern and display ?precursors of instability? in the Dark Web.? The Navy was one of the original developers of the Dark Web, as onion routing, which creates anonymous messaging by using several routers to give Internet data multiple layers of encryption, was developed in the United States Naval Research Laboratory to protect government communications. Also on the CTTSO?s list of terrorism research topics were Android, Motorola, social media and virtual reality. Google and Facebook may want to take note. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 16:43:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 17:43:14 -0400 Subject: [Infowarrior] - The White House Wants to Issue You an Online ID Message-ID: <7F63F9F5-FAC9-4FBC-A349-3B1F2794B593@infowarrior.org> The White House Wants to Issue You an Online ID Written by Meghan Neal meghan.neal at vice.com http://motherboard.vice.com/read/the-white-house-wants-to-issue-you-an-online-id A few years back, the White House had a brilliant idea: Why not create a single, secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services. The New York Times described it at the time as a "driver's license for the internet." Sound convenient? It is. Sound scary? It is. Next month, a pilot program of the "National Strategy for Trusted Identities in Cyberspace" will begin in government agencies in two US states, to test out whether the pros of a federally verified cyber ID outweigh the cons. The goal is to put to bed once and for all our current ineffective and tedious system of using passwords for online authentication, which itself was a cure for the even more ineffective and tedious process of walking into a brick-and-mortar building and presenting a human being with two forms of paper identification. The rub is that online identity verification is heaps more convenient for citizens and cost-effective for government agencies, but it's also fraught with insecurities; federal and state governments lose billions of dollars a year to fraud, and that trickles down to taxpayers. Meanwhile, the technology for more secure next-gen authentication exists, developed by various tech firms in the public sector, but security groups have had a hell of a time implementing any of them on a broad scale. Enter the government, which proposed the national ID strategy to help standardize the process using a plan called the "identity ecosystem." The vision is to use a system that works similarly to how we conduct the most sensitive forms of online transactions, like applying for a mortgage. It will utilize two-step authentication, say, some combination of an encrypted chip in your phone, a biometric ID, and question about the name of your first cat. But instead of going through a different combination of steps for each agency website, the same process and ID token would work across all government services: from food stamps and welfare to registering for a fishing license. The original proposal was quick to point out that this isn't a federally mandated national ID. But if successful, it could pave the way for an interoperable authentication protocol that works for any website, from your Facebook account to your health insurance company. There's no doubt secure online identification is a problem overdue for a solution, but creating a system that would work like an all-access token for the internet is a scary can of worms to open. To start, there's the privacy issue. Unsurprisingly, the Electronic Frontier Foundation immediately pointed out the red flags, arguing that the right to anonymous speech in the digital realm is protected under the First Amendment. It called the program "radical," "concerning," and pointed out that the plan "makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online." And the keepers of the identity credentials wouldn't be the government itself, but a third party organization. When the program was introduced in 2011, banks, technology companies or cellphone service providers were suggested for the role, so theoretically Google or Verizon could have access to a comprehensive profile of who you are that's shared with every site you visit, as mandated by the government. Post-NSA revelations, we have a good sense for the dystopian Big Brother society the EFF is worried about. As the organization told the Times, at the least "we would need new privacy laws or regulations to prohibit identity verifiers from selling user data or sharing it with law enforcement officials without a warrant." Then there's the problem of putting all your security eggs in one vulnerable basket. If a hacker gets their hands on your cyber ID, they have the keys to everything. For now, this is all just speculation. The program is just entering a test phase with select state government agencies only (there are currently plans to expand the trial out to 10 more organizations.) But it's not far-fetched to think we're moving toward a standardized way to prove our identity in cyberspace the same way we do offline. The White House argues cutting down on inefficiencies and fraud would bolster the information economy. In an era where we have cars that drive themselves and flying robots delivering beer, you have to wonder how much longer people are going to put up with standing in line at the DMV for four hours to hand a teller (with a taxpayer-paid salary) a copy of your birth certificate and piece of mail to prove you are you. If an analysis of the pilot programs in Michigan and Pennsylvania find the centralized ID saves time and money and spares us the DMV line, privacy advocates are going to have a hell of a fight ahead of them. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 16:44:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 17:44:31 -0400 Subject: [Infowarrior] - Congress votes to remain ignorant on tech Message-ID: (who needs objective internal analysis from technologists when you?ve got subjective external ?analysis? from lobbyists? ?rick) Congress is clueless on technology ? and just voted to keep it that way Updated by Timothy B. Lee on May 2, 2014, 2:20 p.m. ET http://www.vox.com/2014/5/2/5674934/congress-votes-to-stay-clueless-about-technology-issues A lot of members of Congress were caught off guard in 2012 when the internet exploded in opposition to the Stop Online Piracy Act. Lobbyists for the motion picture and recording industries had assured them that the proposal, which involved creating a government-sponsored blacklist and forcing ISPs to block sites on it, wouldn't be too disruptive to the internet ecosystem. But the people who actually run the internet were barely consulted. At a December 2011 hearing, members of Congress admitted that they were not "nerds" and didn't have the technical expertise to evaluate its provisions. But that didn't stop them from pushing the legislation forward, until it was finally killed by a massive online protest the following months. It would be nice if Congress had some technical experts on staff to analyze proposed legislation and advise members about its technical implications. And in fact, Congress did have an agency like that, called the Office of Technology Assessment, until Newt Gingrich zeroed out its funding in 1995. Rep. Rush Holt (D-NJ), one of the few members of Congress with scientific training, wants to change that. Yesterday he introduced an amendment that would have allocated funds to re-start the agency. But it was defeated in a 164-248 vote. It's a puzzling move given how often people comment on Congress's shortage of technical expertise ? and it speaks to the way Congress view technical expertise as a luxury rather than a necessity. When they zeroed out the OTA's funding in 1995, Holt says, the new Republican majority "actually said Congress shouldn't have any special perks. As if having a congressional agency that provides advice is a perk." The problem, Holt continues, isn't that Congress doesn't have access to technical advice. To the contrary, there's an endless parade of people wanting to advise Congress on technical issues. But much of the advice comes from lobbyists and other paid advocates who might not have the public's best interests at heart. A staff of in-house technical experts could help members of Congress distinguish good advice from advice that is merely self-serving. Holt's amendment would have allocated $2.5 million to re-start OTA. That's not enough money to get the agency back to the approximately 100 staffers it had two decades ago. But Holt is confident that once his colleagues see the benefits of an in-house technical staff, they will support further increases. And Holt emphasizes that $2.5 million is a tiny amount of money compared to the amounts good technical advice can save taxpayers. For example, Holt notes that one OTA report recommending an overhaul of the Social Security Administration's computer system led to hundreds of millions of dollars in savings. He said OTA was also instrumental in convincing Congress to cut back the wasteful synfuels program in the 1980s, a move that saved taxpayers billions of dollars. "There's this old saying that if you think this is expensive, you ought to try ignorance," Holt says. Yesterday Congress voted to prolong its own ignorance for another year. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 17:40:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 18:40:32 -0400 Subject: [Infowarrior] - The Feds Accidentally Mailed Their $350K Drone to Some College Kid Message-ID: <4220215B-F98A-4EDE-BCCF-6FB0A34F2927@infowarrior.org> The Feds Accidentally Mailed Their $350K Drone to Some College Kid Written by Jason Koebler jasontpkoebler at gmail.com May 5, 2014 // 05:25 PM EST A Redditor got more than he bargained for in the mail today: He was accidentally mailed parts to a $350,000 environment and wildlife monitoring drone owned by the National Ocean and Atmospheric Administration. David Miller, a spokesperson for NOAA, told me he?s not sure how the wings and control panel to a NOAA Puma drone, which the agency uses to measure ocean debris, conduct seabird surveys, and monitor ocean habitats, ended up in the hands of the Redditor, but believes that UPS somehow erred and delivered it to the college student. < - > http://motherboard.vice.com/read/the-feds-accidentally-mailed-their-350k-drone-to-some-college-kid --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 5 21:31:35 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2014 22:31:35 -0400 Subject: [Infowarrior] - Merkel Chooses Unity over NSA Truth Message-ID: <85E3B2D7-0EC4-4347-A97C-21A6DCAC4B7E@infowarrior.org> 05/05/2014 05:19 PM Trans-Atlantic Supplicant Merkel Chooses Unity over NSA Truth By SPIEGEL Staff There was a time when Angela Merkel was committed to investigating the extent of NSA spying in Germany. Now, though, the chancellor has made an about face. Trans-Atlantic unity is her new priority, and the investigation has been left to languish. < - > http://www.spiegel.de/international/germany/chancellor-merkel-sacrifices-nsa-investigation-for-unity-on-ukraine-a-967596-druck.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 6 05:54:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2014 06:54:14 -0400 Subject: [Infowarrior] - =?windows-1252?q?MISSION_CREEP=3A_Homeland_Securi?= =?windows-1252?q?ty_a_=91runaway_train=92?= Message-ID: <6EC534CE-5B79-4260-8C43-FEAADA1A6641@infowarrior.org> (c/o MM) MISSION CREEP: Homeland Security a ?runaway train? By Michael Coleman / Journal Washington Bureau PUBLISHED: Sunday, April 27, 2014 at 12:05 am http://www.abqjournal.com/390438/news/homeland-security-a-runaway-train.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 6 06:47:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2014 07:47:52 -0400 Subject: [Infowarrior] - OT: State employee pension funds, beware Message-ID: <1BC8BA1F-A81F-4BA9-8368-FEECE49ACFCB@infowarrior.org> LEAKED: Docs obtained by Pando show how a Wall Street giant is guaranteed huge fees from taxpayers on risky pension investments By David Sirota On May 5, 2014 http://pando.com/2014/05/05/leaked-docs-obtained-by-pando-show-how-a-wall-street-giant-is-guaranteed-huge-fees-from-taxpayers-on-risky-pension-investments/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 6 11:37:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2014 12:37:27 -0400 Subject: [Infowarrior] - Exclusive: Emails reveal close Google relationship with NSA Message-ID: <36B07169-C7F3-463F-8F62-339336081615@infowarrior.org> Exclusive: Emails reveal close Google relationship with NSA http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 6 19:17:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2014 20:17:27 -0400 Subject: [Infowarrior] - International Day Against DRM: Whatever Happened to the W3C? Message-ID: <486CACE6-250E-4AEA-B05F-59172EED7906@infowarrior.org> May 6, 2014 | By Danny O'Brien International Day Against DRM: Whatever Happened to the W3C? https://www.eff.org/deeplinks/2014/05/international-day-against-drm-whatever-happened-w3c One of the bitterest struggles against DRM is still taking place on the Web's own home turf ? at the World Wide Web Consortium, the Web's own standards organization. Last year, the consortium accepted as in scope the development of Encrypted Media Extensions, an addition to the HTML5 standard intended to support DRM within browsers. EME envisages a future where restricted content could be served within Web pages, apparently as a fully-fledged element of the Web ecosystem, but locked away from user control or fair use, and controlled by tools that can override user preferences. It's been over a year since the EME standard began its move through the committees of the W3C. The good news is that standards move slowly, and EME is no exception. Internal work on the EME proposal continues, but it's been going no faster (or slower) than any other Internet standard, and still remains in draft. The bad news is the W3C itself continues to resist any implication that systems like EME, which exist to support DRM, aren't in the best interests of the Web, or, for that matter, the W3C. The W3C rejected our suggestion that overruling end-user control (as DRM must) was a dangerous new policy step that should have been thoroughly and publicly debated before accepting work on EME. We predicted that, having crossed the DRM rubicon, the W3C was due to face a barrage of new actors, keen to import their own means to impose control over users into the W3C's framework. It's the way of DRM: once you concede that anyone other than the owner has the right to take control of digital devices, everyone wants a go. What happened next? Well, here's our W3C timeline since our post in October. In December, the MPAA joined the W3C. Enough said. In January, Mark Watson of Netflix explained to the W3C that its DRM requirements for an acceptable EME content decryption module were confidential. The W3C's CEO asked, politely, if those requirements could be made public. No go. In February, W3C member and cable TV provider Cox Communications objected to language in a Web Application security proposal that stated that Web apps should not interfere with the operation of bookmarklets and plug-ins. In other words, Cox wanted to ensure that third-party applications should be able to override end-user preferences. After the pro-user language was deleted at Cox's request, a compromise was eventually reached: browsers may allow users to bypass policy enforcement. In March, the ATSC (Advanced Television Systems Committee), under whose auspices the content industry attempted to bake DRM into over-the-air broadcast TV (until an anti-DRM alliance, including the EFF, beat them in the courts), approached the W3C to work together to "focus our considerations for alignment on ... six areas" including "content protection/DRM." In April, the Interactive Advertising Bureau, an organization whose General Counsel calls ad-blocking software a "fundamental threat," and whose President described Mozilla as "implacably opposed to advertising" and "the primary purveyors of the Adblock-Plus browser add-on," joined the W3C as a full member. Organizations like the W3C rely on consensus. But if you don't establish your own vision and leadership for what should be created through consensus, you'll either end up captured by those who have the time and the money to get what they want, or be caught in a permanent crossfire of groups with very different ideas of the end-goal. In this time of conflict over the effect of DRM on the Web, we continue to urge the W3C to look to its own priority of constituencies. In a world where business interests continue to use DRM, back by laws such as the DMCA and secret contracts, to seize control of our devices (from phones to coffeemakers), the W3C could still be a standards organization that, like the Web, puts the user first. Without that explicit principle, it will continue to be buffeted toward what its best-resourced members want. For an increasing number of its participants, that will be a short term craving for the simple solutions of DRM, with the long term result of a closed and locked-down Web environment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 7 06:35:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2014 07:35:29 -0400 Subject: [Infowarrior] - OT: Buck McKeon's A-10 Sell-Out Message-ID: <7FF458CA-5211-4AAD-B27D-57E13DFA24F8@infowarrior.org> Buck McKeon's A-10 Sell-Out by Winslow T. Wheeler http://www.arizonadailyindependent.com/2014/05/06/buck-mckeons-a-10-sell-out/ Supporters of the A-10 "Warthog" close air support aircraft in Washington and US combat Soldiers and Marines who have seen, and are seeing, combat in Afghanistan were stunned Monday to read about a decision of the Chairman of the House Armed Services Committee, Congressman Buck McKeon (R-CA). He is joining with the Air Force and wants to retire all of these extraordinarily effective combat aircraft, sending them all to the boneyard at Davis-Monthan Air Force base, starting as soon as next year. Ever since Chief of Staff of the Air Force (CSAF) Mark Welsh decided to get rid of all of 300-plus A-10s in the active and reserve Air Force and the Air National Guard, the media and congressional hearings have been stuffed with information from combat veterans, pilots and defense specialists about how spectacularly the A-10 has been performing in Afghanistan and all other recent US wars in Libya, Iraq and Kosovo--going as far back as Operation Desert Storm in 1991. McKeon's A-10 sell-out comes in the form of a ruse. His draft legislation, to be moved Wednesday (May 7) at the mark-up of the House Armed Services Committee of its FY 2015 National Defense Authorization Act (NDAA), creates a distinction without a difference with CSAF Welsh's retirement plan. McKeon's own description of his handiwork says he "would limit funds . to retire A-10 aircraft unless each such retired aircraft is maintained in type-1000 storage [which]. means storage of a retired aircraft in a near-flyaway condition that allows for the aircraft to be recalled into use by the Regular or Reserve Components of the Department of the Air Force." Falling for the ruse either foolishly or knowingly, some media describe the language as "something of a compromise" or emphasize the "near fly-away" condition of the A-10 fleet after it is sent to the boneyard at Davis-Monthan. However, a simple check of what "type-1000 storage" means reveals that the aircraft will be made un-flyable and sealed in two layers of latex, which can be removed and the aircraft made operable only after considerable effort. However, the storage condition of the aircraft is not the real reason they will be unavailable. With the entire fleet to be sealed in latex, there will be no A-10s flying to maintain a cadre of qualified pilots and maintainers. That cadre is to be disbursed throughout the Air Force or retired. Without ongoing training and combat operations, their skills will erode to the point of evaporation. It is not just the extraordinary characteristics of the A-10 itself that make it such a lethal system; it is the hard earned skill levels-very unique for the close air support mission-of the pilots, maintenance personnel and ground controllers. The Aerospace Maintenance and Regeneration Group at Davis-Monthan may be able to prepare the A-10s for flight operations in a few weeks, but there will be no one to fly and maintain them, nor the cadre of ground combat operators who best know how to use the unique A-10. Those skill levels will take months, rather years, to restore to the level that they are at today. Some have immediately seen through McKeon's ruse; note the comments of Senators Ayotte, McCain, Graham and Chambliss in a press release of Tuesday May 6; note their acknowledgement that "Units will be stood-down, training will no longer occur, and crews will be re-assigned." McKeon's decision to entertain such a phony compromise comes as a surprise. While McKeon has won himself a reputation with objective observers for primarily being a play-thing of the defense manufacturers due to his being so much on the take for their political contributions (as shown by his file at OpenSecrets.org), such politicians are usually also willing to show how stoutly they "support the troops" by funding weapons in use-and effective-in combat. McKeon would seem to have evolved to a different calling: he is retiring at the end of the current Congress; he continues to litter his nest with campaign contributions; he apparently is "over" supporting the troops with weapons that work. There is no shortage of money for keeping the A-10. That is clear in the draft NDAA that McKeon is recommending to the House Armed Services Committee. McKeon compiled a list of 28 programs that he added money for in the bill. It all costs an extra $5.8 billion, and the $400-$600 million needed to preserve the entire A-10 fleet in 2015 would only have ranked fifth or sixth in size of the programs he added-including $796 million for refueling a nuclear-powered aircraft carrier and $800 million for an amphibious warfare ship, both of which the Navy did not select to fund. To pay for his $5.8 billion in add-ons, McKeon found a commensurate amount of offsets to keep the overall bill at the level required by the Budget Control Act of 2011 and subsequent congressional budget deals. McKeon did not even tap the huge amount requested to fund the F-35 Joint Strike Fighter ($8.3 billion), and he even set up another huge slush fund-not yet tapped-in the form of $6.2 billion for procurement and $64.7 billion for operation and maintenance in a $79.4 billion fund-as yet neither specified nor even formally requested by the Obama administration-for operations ostensibly for the war in Afghanistan. Known as the Overseas Contingency Operations account, this $79.4 billion fund is just a placeholder amount based on the funding requested for 2014; it is still pending a decision in the Pentagon on what will actually be needed for the significantly reduced American presence in Afghanistan in 2015. Nonetheless, McKeon wants to keep it at the inflated $79.4 billion level-with no telling what other programs he will shower with the excess funds. In short, one thing Buck McKeon was not short of in his decision to sell out the A-10 was money The final irony-to put it politely-comes with Buck McKeon's assertions about the war in Afghanistan, itself. In his fact sheet on his version of the NDAA, he exhorts the Obama administration to keep a robust number of troops in the conflict there, saying the "mission cannot be carried out with fewer than 10,000 U.S. troops." With his A-10 sell-out effected, those troops will not have the lethality against the enemy they can only have with the A-10. Buck McKeon is not just selling out the A-10; he is selling out those American forces in Afghanistan-and possibly elsewhere-in the future that will not have the A-10 to support them. __________________ Winslow T. Wheeler Director Straus Military Reform Project Project On Government Oversight 301 791-2397 (home office) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 7 15:59:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2014 16:59:50 -0400 Subject: [Infowarrior] - 'Compromise' Has Been Reached On NSA Reform Bills Message-ID: <511323F8-9720-4F2D-A976-83F3C5CA30D2@infowarrior.org> 'Compromise' Has Been Reached On NSA Reform Bills http://www.techdirt.com/articles/20140507/10260027151/looks-like-compromise-has-been-reached-nsa-reform-bills.shtml ?...if Rogers is willing to add USA Freedom to his committee's schedule, it means that the "deal" is one that favors the NSA and not the public.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 7 16:03:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2014 17:03:34 -0400 Subject: [Infowarrior] - Aspen's controversial DRM'ing of physical books Message-ID: <18A94EB5-03CE-4FDF-AF57-8A8FD9B42822@infowarrior.org> Aspen Casebook Connect Textbooks Must Be Returned At End Of Class, Cannot Be Resold http://joshblackman.com/blog/2014/05/05/aspen-casebook-connect-textbooks-must-be-returned-at-end-of-class-cannot-be-resold/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 7 16:11:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2014 17:11:04 -0400 Subject: [Infowarrior] - DHS: A wasteful, growing, fear-mongering beast Message-ID: DHS: A wasteful, growing, fear-mongering beast http://www.washingtonpost.com/news/the-watch/wp/2014/05/07/dhs-a-wasteful-growing-fear-mongering-beast/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 8 06:43:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2014 07:43:16 -0400 Subject: [Infowarrior] - Lamer Smith And The Republican War On Empirical Science Message-ID: <25AF1B8D-9CB9-4C5B-903A-4F2970B211BE@infowarrior.org> Lamer Smith And The Republican War On Empirical Science http://crooksandliars.com/2014/05/lamar-smith-and-republican-war-empirical --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 8 06:52:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2014 07:52:56 -0400 Subject: [Infowarrior] - Keith Alexander Unplugged Message-ID: <9E561AC4-5946-4CDD-B6E2-8888B0A2BC2C@infowarrior.org> Keith Alexander Unplugged https://firstlook.org/theintercept/2014/05/08/keith-alexander-unplugged-bushobama-matters/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 8 13:42:35 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2014 14:42:35 -0400 Subject: [Infowarrior] - McAfee accused of McSlurping OSVDB Message-ID: <396F2749-1492-4E73-AB37-433C11CB106C@infowarrior.org> McAfee accused of McSlurping Open Source Vulnerability Database Lawyers say security giant should have paid before it unleashed slurping scripts By Darren Pauli, 8 May 2014 http://www.theregister.co.uk/2014/05/08/whats_copyright_mcafee_mcslurps_vuln_database/ Intel security subsidiary McAfee may be in hot water after it allegedly scraped thousands of records from the Open Source Vulnerability Database instead of paying for them. The surreptitious slurp was said to be conducted using fast scripts after McAfee formally inquired about purchasing a license to the data. Those scripts, OSVDB said in a blog post, deliberately subverted security controls design to protect the database by rapidly changing the user agent. A fed-up OSVDB staffer took to the website's blog to out McAfee and Spanish infosec firm S21Sec which also hoovered up vulnerability data after being told such access was a paid service. McAfee told The Register it was investigating the matter. The OSVDB's Brian Martin said in an email to The Reg that McAfee, S21Sec and others alleged to have pilfered the databases ignored the paid license. "There is debate on if a database can be copyrighted. Instead of saying they are infringing that, we are saying they are wilfully ignoring our posted license," Martin said. "In the case of S21, they were sent an email explicitly saying that to use our data for the stated purpose required a license. In the case of McAfee, they were in negotiation with our commercial partner to subscribe to our commercial vulnerability feed, and then backed out saying they didn't think we could provide the data we claimed." "In each case, the companies were aware of the license requirements. In each case, they waited some months later to systematically scrape our data". OSVDB aggregates and formated public vulnerability records for free individual consumption but requests that those seeking more comprehensive access pay for the right. The outfit's site includes a copyright statement. The site's copyright could be breached by individuals merely downloading the information in contravention to the site's policies, and did not require the data to be subsquently disseminated. This contradicted heated debate online where pundits including respected infosec bod Robert Graham of Errata Security argued the OSVDB data was simply public, adding it was not unethical to scrape it. Graham pointed out that the staffers behind the scraping could have done so for personal use or to test a project, but this argument was dubbed a 'popular misconception' by University of Technology Sydney Professor of Law Michael Fraser. "The issue is not about public information, the issue is whether copyright applies," Fraser said. "There is no copyright in 'fact', but if it amounts to original copyright work, then the expression of that work is copyright and you can't reproduce it without permission." "They [McAfee and S21Sec] would breach it by communicating - downloading - the information." That OSVD employed people to add value to the database means the data slurp looked likely to have breached copyright, said University of Melbourne law school professor Andrew Christie. "The manual processing suggests to me that under US and Australian copyright law it would be protected," Christie said, emphasising that his analysis is preliminary. "Whether it's copying from a website or breaking into a safe, it doesn't matter." ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 8 17:51:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2014 18:51:20 -0400 Subject: [Infowarrior] - ODNI Requires Pre-Publication Review of All Public Information Message-ID: ODNI Requires Pre-Publication Review of All Public Information Categories: Intelligence, Secrecy http://blogs.fas.org/secrecy/2014/05/odni-prepub/ All employees of the Office of the Director of National Intelligence are required to obtain authorization before disclosing any intelligence-related information to the public. ?All ODNI personnel are required to submit all official and non-official information intended for public release for review,? says ODNI Instruction 80.04 on ?Pre-publication Review of Information to be Publicly Released.? The Instruction was newly updated on April 8. Like the new Intelligence Community policy on Media Contacts (Intelligence Directive Bars Unauthorized Contacts with News Media, Secrecy News, April 21), the ODNI pre-publication review policy does not distinguish between classified and unclassified information. ?The goal of pre-publication review is to prevent the unauthorized disclosure of information,? the Instruction says, whether the information is classified or not. It applies broadly to any information generated by ODNI ?that discusses operations, business practices, or information related to the ODNI, the IC, or national security.? The Instruction is binding on current and former ODNI employees, as well as contractors. Since it pertains to ?information? and not just documents, the Instruction also requires employees to gain approval prior to participation in ?open discussion venues such as forums, panels, round tables, and question and answer sessions.? ?Pre-publication review must be conducted before any uncleared personnel can receive the information,? the Instruction states. In order to support a request for pre-publication review, requesters are advised to provide unclassified sources for their proposed disclosures. ?ODNI personnel must not use sourcing that comes from known leaks, or unauthorized disclosures of sensitive information.? Official disclosures by ODNI employees must be reviewed by the ODNI Public Affairs Office to ensure that they are ?consistent with the official ODNI position or message.? (Unofficial disclosures, such as privately-authored books, op-eds or blogs are exempt from this consistency requirement.) The pre-publication review requirement is not optional. ?Failure to comply with this Instruction may result in the imposition of civil and administrative penalties, and may result in the loss of security clearances and accesses.? The newly updated Instruction will no doubt inhibit informal contacts between ODNI employees and members of the general public, as it is intended to do. Whether that is a wise policy, and whether such indiscriminate barriers to the public serve the real interests of ODNI and the U.S. intelligence community, are separate questions. * * * Update: ODNI recently published a heavily redacted version of Intelligence Community Directive 304 on ?Human Intelligence? (ODNI Seeks to Obscure CIA Role in Human Intelligence, Secrecy News, April 28). Those redactions were a mistake, an ODNI official said yesterday. The full, unredacted text of the Directive was posted this week on the ODNI website. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 9 06:39:35 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 May 2014 07:39:35 -0400 Subject: [Infowarrior] - DOJ Seeks to Loosen Rules on Hacking Computers Message-ID: <5ED1185B-3C88-4C1B-88C2-12D624DFC164@infowarrior.org> Federal Agents Seek to Loosen Rules on Hacking Computers By Chris Strohm May 9, 2014 12:00 AM ET http://www.bloomberg.com/news/2014-05-09/federal-agents-seek-to-loosen-rules-on-hacking-computers.html The proposal arrives at a precipitous time for a government still managing backlash to electronic-spying practices by the National Security Agency that were exposed last year by former contractor Edward Snowden. The top U.S. law-enforcement agency wants to give investigators greater leeway to secretly access suspected criminals? computers in bunches, not simply one at a time. The Justice Department says the proposal, set to be made public today, is an attempt to keep up with technology that lets people hide identities online. Privacy advocates contend the more aggressive hacking powers may violate rights of the innocent. The proposal arrives at a precipitous time for a government still managing backlash to electronic-spying practices by the National Security Agency that were exposed last year by former contractor Edward Snowden. ?I don?t think many Americans would be comfortable with the government sending code onto their computers without their knowledge or consent,? Nathan Freed Wessler, a lawyer with the American Civil Liberties Union, said in a telephone interview. ?The power they?re seeking is certainly a broad one.? A committee of judges that sets national policy governing criminal investigations will have to sort it out, taking rules written for searching property and modernizing them for the Internet age. ?We have real concerns about allowing the police too much ability to search with too little oversight,? said Hanni Fakhoury, a lawyer at the San Francisco-based Electronic Frontier Foundation, a privacy group. The DOJ proposal would ?dramatically expand the reach of federal prosecutors and investigators.? Traditional Rules The proposed rule, obtained by Bloomberg News, would lift the geographical restriction on warrants for computer investigations, permit agents to remotely access computers when locations have been ?concealed through technological means,? and allow a single warrant for searches of certain computers located in five or more judicial districts. ?This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority,? a Justice Department spokesman, Peter Carr, said in an e-mailed statement. ?The proposal makes explicit that it does not change the traditional rules governing probable cause and notice.? The proposal is scheduled to be published today for consideration by the Judicial Conference Committee on Rules of Practice and Procedure, commonly called the standing committee. It has a long way to go before getting approval. If the standing committee agrees to take up the matter, the proposal would be opened for public comment in August for six months. It could be amended before the comment period begins and would eventually need to be reviewed by Congress for changes. 30-Day Secrecy The Justice Department includes the Federal Bureau of Investigation, Drug Enforcement Administration and the Bureau of Alcohol, Tobacco, Firearms and Explosives. The department said the new power is needed to find child pornographers and other criminals taking advantage of technological advancements to shield their identities. Such technology includes proxy servers that mask the true Internet addresses of a criminal?s computer, or the use of hundreds or thousands of compromised computers known as a botnet. Federal agents now can obtain warrants allowing them to send malicious software over the Internet to computers suspected of being used in crimes. The government can keep these so-called remote access operations secret from their target for as many as 30 days -- longer if an extension is approved by a judge. Privacy Concerns The law limits those remote searches to the district where the judge who issued the warrant is located, when the actual locations of computers used in crimes may not be known. Botnet computers could be spread across many or all of the nation?s 94 judicial districts. Going after them requires judges in each different district to issue warrants, a time consuming process that creates delays and wastes investigative resources, according to the Justice Department. The department must describe the computer it wants to target with as much detail as possible. For example, an investigator may be covertly communicating with a suspected child molester and know an IP address, and then obtain a warrant to use malware to find the actual location. In the case of botnets, malware might be used to try to free the compromised computers from a criminal?s control. Obtaining a single warrant to use malware to search potentially thousands of computers in unknown locations would violate constitutional requirements that court-authorized searches be narrow and particular, Fakhoury of the Electronic Frontier Foundation said. Cloud Storage He said he questions whether investigators could use the new rule to bypass legal requirements in accessing data stored online, such as within Google Inc.?s Drive cloud service or Microsoft Corp.?s Outlook e-mail accounts. A Google spokeswoman, Niki Christoff, and a Microsoft spokeswoman, Kathy Roeder, said their companies declined to comment. The Justice Department?s effort appears to be in response to an April 2013 court ruling denying a search warrant for a remote-access operation, said Wessler, with the ACLU. In that case, U.S. Magistrate Judge Stephen Smith of the Southern District of Texas picked apart the government?s request to secretly install software on an unknown computer in an unknown location that could extract stored electronic records and even activate the computer?s built-in camera. Smith said the computer could be located in a public place or used by family members or friends not involved in illegal activity, and that the request didn?t satisfy constitutional requirements. Only Option Wessler said the government should be required to exhaust other options for finding and accessing computers suspected of being used in crimes, such as serving individual warrants on Internet service providers. While federal investigators make efforts to use other tactics, ?the use of remote searches is often the only mechanism available to law enforcement to identify and apprehend? criminals, said Carr, the Justice Department spokesman. To contact the reporter on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net To contact the editors responsible for this story: Romaine Bostick at rbostick at bloomberg.net; Bernard Kohn at bkohn2 at bloomberg.net Bernard Kohn --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 9 13:33:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 May 2014 14:33:40 -0400 Subject: [Infowarrior] - Keith Alexander: cybersecurity consultant Message-ID: <05F62421-CB71-4C4E-9CDF-4CDDEDB1B573@infowarrior.org> Ex-NSA chief Keith Alexander seeks post-Snowden second act http://www.politico.com/story/2014/05/keith-alexander-nsa-edward-snowden-106515.html#ixzz31Afthaeh --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 10 10:03:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2014 11:03:08 -0400 Subject: [Infowarrior] - 'CSI: Cyber' coming to TV Message-ID: Apparently CBS has greenlighted another CSI spin-off called "CSI: Cyber? ?. I eagerly await the hideous stereotypes and insane geekish magic that we all know represents the reality of cyber investigations and capabilities. /sarcasm ?rick < - > http://www.deadline.com/2014/05/csi-cyber-spinoff-picked-up-to-series/ "Written-executive produced by the CSI team of Carol Mendelsohn, Anthony Zuiker and Ann Donahue, CSI: Cyber stars Patricia Arquette as Avery Ryan, Special Agent in Charge at the Cyber Crime Division of the FBI in Quantico, VA, who is tasked with solving major crimes that start in the mind, live online, and play out into the real world. The planted spinoff aired recently as an episode of CSI to a great response. It is a departure from the forensic DNA of the CSI franchise and is darker as it focuses on cyber crime. Another CSI veteran, former CSI: NY showrunner Pam Veasey, is expected to run the new series. Mendelsohn will continue to be in charge of the mothership series as she has been since the beginning. The pickup marks Arquette?s return to primetime at the network where she last starred in Medium." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 10 10:05:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2014 11:05:42 -0400 Subject: [Infowarrior] - OSVDB: The Scraping Problem and Ethics Message-ID: <5C18463E-FBD1-4691-B123-A3F8871D2A1E@infowarrior.org> The Scraping Problem and Ethics http://blog.osvdb.org/2014/05/07/the-scraping-problem-and-ethics/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 10 21:06:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2014 22:06:55 -0400 Subject: [Infowarrior] - =?windows-1252?q?=91We_Kill_People_Based_on_Metad?= =?windows-1252?q?ata=92?= Message-ID: <43E3F34C-9169-4FE7-839B-D9E885BD62A5@infowarrior.org> ?We Kill People Based on Metadata? David Cole http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-people-based-metadata/ Supporters of the National Security Agency inevitably defend its sweeping collection of phone and Internet records on the ground that it is only collecting so-called ?metadata??who you call, when you call, how long you talk. Since this does not include the actual content of the communications, the threat to privacy is said to be negligible. That argument is profoundly misleading. Of course knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a person?s most intimate associations and interests, and it?s actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, ?metadata absolutely tells you everything about somebody?s life. If you have enough metadata, you don?t really need content.? When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Baker?s comment ?absolutely correct,? and raised him one, asserting, ?We kill people based on metadata.? It is precisely this power to collect our metadata that has prompted one of Congress?s most bipartisan initiatives in recent years. On May 7, the House Judiciary Committee voted 32-0 to adopt an amended form of the USA Freedom Act, a bill to rein in NSA spying on Americans, initially proposed by Democratic Senator Patrick Leahy and Republican Congressman James Sensenbrenner. On May 8, the House Intelligence Committee, which has until now opposed any real reform of the NSA, also unanimously approved the same bill. And the Obama administration has welcomed the development. For some, no doubt, the very fact that this bill has attracted such broad bipartisan approval will be grounds for suspicion. After all, this is the same Congress that repeatedly reauthorized the 2001 USA Patriot Act, a law that was also proposed by Sensenbrenner and on which the bulk collection of metadata was said to rest?even if many members of Congress were not aware of how the NSA was using (or abusing) it. And this is the same administration that retained the NSA?s data collection program, inherited from its predecessor, as long as it was a secret, and only called for reform when the American people learned from the disclosures of NSA contractor Edward Snowden that the government was routinely collecting phone and Internet records on all of us. So, one might well ask, if Congress and the White House, Republicans and Democrats, liberals and conservatives, all now agree on reform, how meaningful can the reform be? This is a reasonable question. This compromise bill addresses only one part of the NSA?s surveillance activities, and does not do nearly enough to address the many other privacy-invasive practices that we now know the NSA has undertaken. But it?s nonetheless an important first step, and would introduce several crucial reforms affecting all Americans. First, and most importantly, it would significantly limit the collection of phone metadata and other ?business records.? Until now, the NSA and the Foreign Intelligence Surveillance Court have aggressively interpreted a USA Patriot Act provision that authorized collection of business records ?relevant? to a counterterrorism investigation. The NSA convinced the court that because it might be useful in the future to search through anyone?s calling history to see if that person had been in contact with a suspected terrorist, the agency should be able to collect everyone?s records and store them for five years. The NSA has said it only searched its vast database of our calling records when it had reasonable suspicion that a phone number was connected to terrorism. But it did not have to demonstrate the basis for this suspicion to a judge. Moreover, it was authorized to collect data on all callers one, two, or three steps removed from the suspect number?an authority that can quickly generate more than one million phone numbers of innocent Americans from a single suspect source number. The fact that you may have called someone (say, your aunt) who in turn called someone (say, the Pizza Hut delivery guy) who was in turn once called by a suspected terrorist says nothing about whether you?ve engaged in wrongdoing. But it will land you in the NSA?s database of suspected terrorist contacts. Under the USA Freedom Act, the NSA would be prohibited from collecting phone and Internet data en masse. Instead, such records would remain with the telephone and Internet companies, and the NSA would only be authorized to approach those companies on an individual, case-by-case basis, and only when it could first satisfy the Foreign Intelligence Surveillance Court that there is reasonable suspicion that a particular person, entity, or account is linked to an international terrorist or a representative of a foreign government or political organization. This is much closer to the specific kind of suspicion that the Fourth Amendment generally requires for intrusions on privacy. At that point, the court could order phone companies to produce phone calling records of all numbers that communicated with the suspect number (the first ?hop?), as well as all numbers with which those numbers in turn communicated (the second ?hop?). Further restrictions are necessary. Through these authorized searches the NSA would still be able to collect large amounts of metadata on persons whose only ?sin? was that they called or were called by someone who called or was called by a suspected terrorist or foreign agent. At a minimum, ?back-end? limits on how the NSA searches its storehouse of phone numbers are still needed. But the bill would at least end the practice of collecting everyone?s calling records. Second, the new House bill imposes similar limits on other USA Patriot Act provisions that were susceptible to being used, or had been used, to authorize collection of data in bulk. These include a provision empowering the government to obtain information by ?national security letters,? a kind of administrative subpoena issued without judicial oversight, and ?pen registers,? which intercept Internet and phone trafficking data. All of these powers would now be limited by the same requirement that the government seek case-by-case warrants based on suspicion about a particular person or group. The point is to end bulk collection of data across the board, and return the agency to the more targeted searches and inquiries that US laws have historically deemed reasonable. Third, the bill would establish a panel of legal experts, appointed by the presiding judges of the Foreign Intelligence Surveillance Court, who would participate in proceedings before the court when it addresses ?a novel or significant interpretation of law,? and in any other proceedings at the court?s discretion. They would appear as amicus curiae, or ?friends of the court,? but their purpose would be to add an independent assessment of the legal issues involved, ensuring that the court is not hearing only from the government. Such a panel would increase the likelihood that difficult legal issues get a full and fair consideration, and would likely shore up the public legitimacy of the secret court, which as of now is dismissed by many, rightly or wrongly, as a ?rubber stamp.? Finally, the bill contains a number of measures designed to increase transparency and oversight. It would require the attorney general to request the declassification of opinions of the FISA court, permit private Internet and telephone companies to report semiannually on the volume of records they were required to produce, and require the Inspectors General of the Justice Department and the Intelligence Community to report on the numbers of records requested and the effectiveness of the program. Had Verizon been permitted to report, for example, that it was being compelled to turn over hundreds of millions of phone records on its customers to the NSA, and had the Inspector General informed us that the program had stopped not a single terrorist act, it is likely that bulk collection would have been cut short long ago. Even with all these reforms, however, the USA Freedom Act only skims the surface. It does not address, for example, the NSA?s guerilla-like tactics of inserting vulnerabilities into computer software and drivers, to be exploited later to surreptitiously intercept private communications. It also focuses exclusively on reining in the NSA?s direct spying on Americans. As Snowden?s disclosures have shown, the NSA collects far more private information on foreigners?including the content as well as the metadata of e-mails, online chats, social media, and phone calls?than on US citizens. The FISA Amendments Act of 2008 permits the NSA to intercept the content of communications when it can demonstrate nothing more than reason to believe that its targets are foreign nationals living abroad, and that the information might relate to ?foreign intelligence.? ?Foreign intelligence? is in turn defined to include any information that might inform our foreign affairs, which is no restriction at all. Under this authority, the NSA established the PRISM program, which collects both content and metadata from e-mail, Internet, and phone communications by millions of users worldwide. It is probably under this authority that, according to The Washington Post, the NSA is recording ?every single? phone call from a particular, unnamed country. Documents leaked by Snowden demonstrate that the NSA also collects, again by the millions and billions, foreign nationals? e-mail contact lists, cell phone location data, and texts. This is the very definition of dragnet surveillance. Congress is far less motivated to do anything about the NSA?s abuse of the rights of foreign nationals. They are ?them,? not ?us.? They don?t vote. But they have human rights, too; the right to privacy, recognized in the International Covenant on Civil and Political Rights, which the US has signed and ratified, does not limit protections to Americans. Snowden?s revelations have justifiably led to protests from many of our closest allies; they don?t want their privacy invaded by the NSA any more than we do, and they have more to complain about than we do, as they have suffered far greater intrusions. In the Internet era, it is increasingly common that everyone?s communications cross national boundaries. That makes all of us vulnerable, for when the government collects data in bulk from people it believes are foreign nationals, it is almost certain to sweep up lots of communications in which Americans are involved. The initial version of the USA Freedom Act accordingly sought to limit the NSA?s ability to conduct so-called ?back door? searches of content collected from foreigners for communications with Americans citizens. But that provision was stripped in committee, leaving the back door wide open. Defense hawks will argue that even these reforms go too far, and that we may be risking our security by tying the NSA?s hands. But as the Privacy and Civil Liberties Oversight Board found, there is little evidence that the metadata program has made us safer. Moreover, if we want to preserve the liberties that define us as a democratic society, we have to learn to live with risk. It is the insistence on preemptively eliminating all terrorist threats?an unattainable goal?that led the NSA to collect so much information so expansively in the first place. The fact that the USA Freedom Act has achieved such wide-ranging support may be less an indication of its compromises than of a fundamental shift in American views. In July 2013, following the Snowden revelations, the Pew Research Center reported that for the first time since it started asking the question in 2004, more Americans expressed concern that counter-terrorism measures were infringing their civil liberties than worried that the government was not doing enough to keep them safe. Congress is responsive to such shifts in popular opinion. The question now is whether that new attitude can be translated into more systemic reform, or whether enactment of this bill will placate enough people that the demand for further reform fizzles. If the Senate can pass or even strengthen the USA Freedom Act, as Senator Leahy has said he intends to do, it will be a significant achievement for civil liberties. But the biggest mistake any of us could make would be to conclude that this bill solves the problem. May 10, 2014, 10:12 a.m. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 11 08:33:24 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 May 2014 09:33:24 -0400 Subject: [Infowarrior] - Greenwald: the explosive day we revealed Edward Snowden's identity to the world Message-ID: <40D58DF8-43EE-46F2-89F4-1C4AB6EBC23B@infowarrior.org> (Yes, his book is enroute to me for summer reading. ?rick) Glenn Greenwald: the explosive day we revealed Edward Snowden's identity to the world In the hours after his name became known, the entire world was searching for the NSA whistleblower, and it became vital that his whereabouts in Hong Kong remained secret. In an extract from a new book, No Place to Hide, Glenn Greenwald recalls the dramatic events surrounding the moment Snowden revealed himself in June 2013 < - > http://www.theguardian.com/world/2014/may/11/glenn-greenwald-nsa-whistleblower-edward-snowden-book --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 11 08:41:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 May 2014 09:41:07 -0400 Subject: [Infowarrior] - U.S. May Withhold Phone Tracking Data in Criminal Cases Message-ID: <438DF2A9-15CD-4F02-89F5-4B4CFCB198D3@infowarrior.org> U.S. May Withhold Phone Tracking Data in Criminal Cases By Sophia Pearson - May 10, 2014 http://www.bloomberg.com/news/print/2014-05-09/u-s-can-keep-phone-data-from-aclu-in-cases-without-conviction.html The U.S. Justice Department?s use of cell-phone tracking in prosecutions that don?t end in a conviction need not be disclosed to a civil rights group attacking the practice, an appeals court ruled in a privacy-rights case. The American Civil Liberties Union sued under the Freedom of Information Act for records that included case names and docket numbers of prosecutions in which the government obtained tracking data without a warrant. The group argued that it was in the public interest to learn the role that warrantless tracking played in the cases. ?The government, having brought the full force of its prosecutorial power to bear against individuals it ultimately failed to prove actually committed crimes, has a special responsibility -- a responsibility it is fulfilling here -- to protect such individuals from further public scrutiny,? the U.S. Court of Appeals in Washington said in a 2-1 ruling. Disclosure would ?constitute an unwarranted invasion of personal privacy,? the court said. The ruling comes as U.S. officials defend the National Security Agency?s secret surveillance program. Documents leaked by former security contractor Edward Snowden have led to revelations that the NSA stored phone records in vast databases. The ACLU and other groups argue that such data collection violates privacy, while government officials say the data helps combat terrorism. Global Satellites In February, the Justice Department asked a federal court for permission to preserve indefinitely phone records collected by the NSA, beyond the five years now permitted by the Foreign Intelligence Surveillance Court, which reviews government requests to engage in certain electronic surveillance. Yesterday?s case concerned physical tracking through a cellphone?s GPS, which can determine a person?s precise location by receiving signals from global positioning satellites, the ACLU said in court papers. The ACLU initially sought the information from the U.S. Drug Enforcement Administration and the Executive Office for U.S. Attorneys. The ACLU then sued the Justice Department. In response, the U.S. identified 229 prosecutions since September 2001 in which a judge granted its request for cell-phone location data without ruling on probable cause. The Justice Department refused to provide the list to the ACLU, saying the information was exempt from disclosure. ?Tracking Devices? A trial judge ordered the release of information in cases leading to a conviction, a ruling the same appeals court upheld in 2011. Left unanswered was whether the data must be disclosed in 15 prosecutions that ended in acquittals, dismissals or sealing orders. The ACLU didn?t raise challenges over nine sealed cases. ?We want to find out how the government is using cellphones as tracking devices,? ACLU Legal Director Arthur Spitzer said in a telephone interview. ?The government was doing this without getting a warrant.? Spitzer said he disagreed with the court?s reasoning. ?We don?t understand what genuine private interest the court thinks it?s protecting here,? he said. In dissent, Circuit Judge Janice Rogers Brown said that technological advances make true privacy virtually impossible. ?The court says unconvicted persons are ?entitled to move on with their lives without having the public reminded of their alleged but never proven transgressions,?? Brown wrote. ?Alas, Google, unlike God, neither forgets nor forgives.? The case is ACLU v. U.S. Department of Justice, 13-5064, U.S. Court of Appeals for the District of Columbia Circuit (Washington). To contact the reporter on this story: Sophia Pearson in federal court in Philadelphia at spearson3 at bloomberg.net To contact the editors responsible for this story: Michael Hytha at mhytha at bloomberg.net Fred Strasser, David Glovin --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 12 11:57:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 May 2014 12:57:00 -0400 Subject: [Infowarrior] - Nye: Safeguarding Cyberspace Message-ID: <96EB6BF3-012B-4776-BA4A-FF8C396D5B6B@infowarrior.org> Joseph S. Nye, a former US assistant secretary of defense and chairman of the US National Intelligence Council, is University Professor at Harvard University. He is the author, most recently, of Presidential Leadership and the Creation of the American Era. read more MAY 9, 2014 0 Safeguarding Cyberspace http://www.project-syndicate.org/commentary/joseph-s--nye-contrasts-multilateral-and--multi-stakeholder--approaches-to-governing-cyberspace CAMBRIDGE ? Brazil recently hosted NETmundial, the first global conference on Internet governance, attended by 800 representatives of governments, corporations, civil-society organizations, and technologists. Based on the notion of ?multi-stakeholderism,? the meeting produced a 12-page ?outcomes? document. Nonetheless, at the end of the conference, there was still no consensus on global cyber governance. Many governments continued to advocate traditional United Nations voting procedures for making global decisions, and defend their right to control domestic cyber activities. In a sense, this is not surprising. After all, though the Internet is a complex, fast-evolving, and all-encompassing global resource, it has not been around for very long. While the World Wide Web was conceived in 1989, it was only in the last 15 years that the number of Web sites burgeoned, and Internet technology began to transform global supply chains. Since 1992, the number of Internet users has exploded from one million to nearly three billion. Just like that, the Internet became a substrate of economic, social, and political life. In its early days, the Internet was often characterized as the ultimate egalitarian conduit of free-flowing information ? a harbinger of the end of government controls. But the reality is that governments and geographical jurisdictions have always played a central role in regulating the Internet ? or at least have tried. Ultimately, however, the Internet poses a major governance challenge, exemplified in ongoing efforts to understand the implications of ubiquitous mobility and the collection and storage of ?big data.? The governance challenge stems from the fact that cyberspace is a combination of virtual properties, which defy geographical boundaries, and physical infrastructure, which fall under sovereign jurisdictions. Control of the physical layer can have both territorial and extraterritorial effects on the virtual layers. At the same time, attacks can be launched from the low-cost virtual realm against the physical domain, where resources are scarce and expensive. The Internet began as a small village of known users, where an authentication layer of code was unnecessary and the development of norms was simple. But then it grew, and everything changed. Though cyberspace offered the advantages of access to information and easy communication to a growing number of people, it became a breeding ground for crime, hacker attacks, and threats to governments. Efforts to limit the risks incurred in this volatile environment have focused on creating private networks and ?walled gardens? (closed platforms) ? cyber equivalents to the seventeenth-century enclosures that were used to solve that era?s ?tragedy of the commons.? But this raises the risk of fragmentation, which, if allowed to go far enough, could curtail the Internet?s economic benefits. Given that security is a traditional function of the state, some observers believe that growing insecurity will lead to a greater role for governments in cyberspace. Indeed, accounts of cyber war may be exaggerated, but cyber espionage is rampant, and more than 30 governments are reputed to have developed offensive capabilities and doctrines for the use of cyber weapons. Ever since the Stuxnet virus was used to disrupt Iran?s nuclear program in 2009-2010, governments have taken the threat posed by cyber weapons very seriously. Governments also want to protect their societies from what comes through the Internet. For example, China?s government has not only created a ?Great Firewall? of software filters; it also requires that companies take responsibility for censoring their public content. And, if China is attacked, it has the capacity to reduce its Internet connections. But China?s government ? and others that practice Internet censorship ? still want to reap the economic benefits of connectivity. That tension leads to imperfect compromises. A similar tension exists in the effort to create international Internet-governance norms. While authoritarian countries like China and Russia seek ?information security,? including the kind of overt censorship that would be prohibited in countries like the United States, Western democracies pursue ?cyber security.? This divergence was starkly apparent in 2012, at a conference convened in Dubai by the UN?s International Telecommunications Union (ITU). Though the meeting was ostensibly about updating telephony regulations, the underlying issue was the ITU?s role in Internet governance. Authoritarian regimes and many developing countries believe that their approach to sovereignty, security, and development would benefit from the multilateral processes that the ITU employs. But democratic governments fear that these processes are too cumbersome, and would undercut the flexibility of the ?multi-stakeholder? approach, which stresses the involvement of the private and non-profit sectors, as well as governments. The vote in Dubai was 89 to 55 against the ?democratic? governments. This outcome raised concerns about a crisis in Internet governance ? concerns that the recent conference in Brazil alleviated, but only slightly. Stayed tuned. There are many more conferences scheduled on cyber governance ? and a lot more work to be done. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 13 06:35:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 May 2014 07:35:18 -0400 Subject: [Infowarrior] - Cops To Kids: You're Never Too Young To Be Handcuffed Message-ID: Cops To Kids: You're Never Too Young To Be Handcuffed http://www.techdirt.com/articles/20140508/12023027170/cops-to-kids-youre-never-too-young-to-be-handcuffed.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 13 07:45:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 May 2014 08:45:25 -0400 Subject: [Infowarrior] - What the Most Secure Email in the Universe Would Look Like Message-ID: What the Most Secure Email in the Universe Would Look Like Patrick Tucker May 12, 2014 Say you wanted to send an email more secure than any message that had ever been transmitted in human history, a message with absolutely no chance of being intercepted. How would you do it? You may have encrypted your message according to the highest standards, but encryption doesn?t guarantee secrecy. The fact that you sent it is still detectable. An intercepting party in possession of just a few clues such as your identity, the receiver?s identify, the time of the message, surrounding incidents and the like can infer a great deal about the content of the message in the same way that the NSA can use your metadata to make inferences about your personality. You need to conceal not just what?s in the message but its very existence. The answer? Make your message literally impossible to detect. A team of researchers from the University of Massachusetts at Amherst and Raytheon BBN Technologies led by Boulat A. Bash have created a method for doing just that, cloaking electronic communications so that the communication can?t be seen. They explain it in a paper titled Covert Optical Communication?. < - > http://www.defenseone.com/technology/2014/05/what-most-secure-email-universe-would-look/84247/ Paper @ http://arxiv.org/pdf/1404.7347v1.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 06:22:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 07:22:47 -0400 Subject: [Infowarrior] - GoT: WordStar Lives! Message-ID: (As for me I miss the mid-80s Apple II version of ?AppleWorks? ? still one of the best word processors and office suites I ever used. ?rick) George R. R. Martin writes with a DOS word processor The "Game of Thrones" author confesses on a chat show that he writes his bestselling books using WordStar 4.0 on a DOS machine. So don't distract him! < - > http://www.cnet.com/news/george-r-r-martin-writes-with-a-dos-word-processor/#ftag=CAD590a51e --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 06:24:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 07:24:18 -0400 Subject: [Infowarrior] - Tough NZ comms interception, network security law kicks in Message-ID: Tough NZ comms interception, network security law kicks in http://www.itnews.com.au/News/385149,tough-nz-comms-interception-network-security-law-kicks-in.aspx --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 06:31:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 07:31:57 -0400 Subject: [Infowarrior] - FRONTLINE: United States of Secrets Message-ID: <48CF5CA2-FC86-4234-9A14-DD8755160089@infowarrior.org> Aired last night, here?s the episode website. Apparently Part 1 of 2. http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 06:33:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 07:33:04 -0400 Subject: [Infowarrior] - =?windows-1252?q?NSA_Docs_Detail_Efforts_To_Colle?= =?windows-1252?q?ct_Data_From_Microsoft=92s_Skype=2C_SkyDrive=2C_And_Outl?= =?windows-1252?q?ook=2Ecom?= Message-ID: NSA Docs Detail Efforts To Collect Data From Microsoft?s Skype, SkyDrive, And Outlook.com http://techcrunch.com/2014/05/13/nsa-docs-detail-efforts-to-collect-data-from-microsofts-skype-skydrive-and-outlook-com/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 06:36:26 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 07:36:26 -0400 Subject: [Infowarrior] - USA FREEDOM: How Many Hops? Message-ID: <25B9D549-1B5F-471C-AED2-427F7B46C8BC@infowarrior.org> USA FREEDOM: How Many Hops? http://justsecurity.org/2014/05/13/usa-freedom-hops/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 12:39:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 13:39:48 -0400 Subject: [Infowarrior] - Firefox adding DRM Message-ID: <1CDC63F5-7594-406F-9540-1573CE956CFC@infowarrior.org> Firefox?s adoption of closed-source DRM breaks my heart I understand the pressure to support commercial video ? but the browser makers can do more to defend free and open software ? Cory Doctorow ? theguardian.com, Wednesday 14 May 2014 13.00 EDT Future versions of the open-source Firefox browser will include closed-source digital rights management (DRM) from Adobe, the Mozilla project?s chief technology officer, Andreas Gal, announced on Wednesday. The purpose is to support commercial video streams. But this is a radical, disheartening development in the history of the organisation, long held out as a beacon for the open, free spirit of the web as a tool for liberation. As Gal?s blogpost makes clear, this move was done without much enthusiasm, out of a fear that Firefox (Mozilla?s flagship product and by far the most popular free/open browser in the world) was being sidelined by Apple, Google and Microsoft?s inclusion of proprietary technology to support Netflix and other DRM-encumbered videos in their browsers. In my long-running discussions with Mozilla?s most senior management over this issue, they?ve been clear in their belief that their userbase ? and relevance to the internet ? will dwindle unless they add support for viewing Hollywood movies in their browser. Not just Hollywood; the BBC has been one of the major ?rights holder? voices calling for the addition of DRM to the web. < - > http://www.theguardian.com/technology/2014/may/14/firefox-closed-source-drm-video-browser-cory-doctorow From rforno at infowarrior.org Wed May 14 17:31:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 18:31:32 -0400 Subject: [Infowarrior] - Pentagon has a Zombie Defense Plan Message-ID: <3EA4CF0D-981E-49B2-9C4C-59BA594186E9@infowarrior.org> Pentagon has a Zombie Defense Plan http://www.foreignpolicy.com/articles/2014/05/13/exclusive_the_pentagon_has_a_plan_to_stop_the_zombie_apocalypse The U.S. military has always been the one place in government with a plan, forever in preparation mode and ready to yank a blueprint off the shelf for almost any contingency. Need a response for a Russian nuclear missile launch? Check. Have to rescue a U.S. ambassador kidnapped by drug lords? Yup, check, got that covered. How about a detailed strategy for surviving a zombie apocalypse? As it turns out, check. Incredibly, the Defense Department has a response if zombies attacked and the armed forces had to eradicate flesh-eating walkers in order to "preserve the sanctity of human life" among all the "non-zombie humans." Buried on the military's secret computer network is an unclassified document, obtained by Foreign Policy, called "CONOP 8888." It's a zombie survival plan, a how-to guide for military planners trying to isolate the threat from a menu of the undead -- from chicken zombies to vegetarian zombies and even "evil magic zombies" -- and destroy them. "This plan fulfills fictional contingency planning guidance tasking for U.S. Strategic Command to develop a comprehensive [plan] to undertake military operations to preserve 'non-zombie' humans from the threats posed by a zombie horde," CONOP 8888's plan summary reads. "Because zombies pose a threat to all non-zombie human life, [Strategic Command] will be prepared to preserve the sanctity of human life and conduct operations in support of any human population -- including traditional adversaries." CONOP 8888, otherwise known as "Counter-Zombie Dominance" and dated April 30, 2011, is no laughing matter, and yet of course it is. As its authors note in the document's "disclaimer section," "this plan was not actually designed as a joke." Military planners assigned to the U.S. Strategic Command in Omaha, Nebraska during 2009 and 2010 looked for a creative way to devise a planning document to protect citizens in the event of an attack of any kind. The officers used zombies as their muse. "Planners ... realized that training examples for plans must accommodate the political fallout that occurs if the general public mistakenly believes that a fictional training scenario is actually a real plan," the authors wrote, adding: "Rather than risk such an outcome by teaching our augmentees using the fictional 'Tunisia' or 'Nigeria' scenarios used at [Joint Combined Warfighting School], we elected to use a completely-impossible scenario that could never be mistaken for a real plan." < ? > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 14 19:51:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 May 2014 20:51:32 -0400 Subject: [Infowarrior] - Comcast Wants To Put Data Caps On All Customers Within 5 Years Message-ID: <67B6E5A3-9731-4FD8-8013-17DF7B2858DF@infowarrior.org> Comcast Wants To Put Data Caps On All Customers Within 5 Years Posted 1 hour ago by Greg Kumparak (@grg) http://techcrunch.com/2014/05/14/comcast-wants-to-put-data-caps-on-all-customers-within-5-years If you?re a Comcast customer living in one of the many states where they?ve imposed no real limits on bandwidth usage for the last few years? enjoy it while it lasts. During an investor call today (link via Ars), Comcast executive VP David Cohen said that he predicts bandwidth caps (or, as ISPs prefer to put it, ?usage-based billing?) to be rolled out network-wide within the next 5 years or so. The reason they haven?t done so already? They?re still working out exactly where they can cap things before they start getting phone calls ? that is, before people start calling up to cancel. Meanwhile, making things more complicated tends to scare people away, so they don?t want to just offer up multiple plans/tiers ? so before they make any changes, they need to find that plan that works for almost everyone. ?I would also predict that the vast majority of our customers would never be caught in the buying the additional buckets of usage, that we will always want to say the basic level of usage at a sufficiently high level that the vast majority of our customers are not implicated by the usage-based billing plan.? So, the good news: Comcast wants to find a data cap level that consistently works for ?the vast majority?. The bad news: if you?re reading this, you?re probably something of an avid tech blog reader. The sort that? tends to use a little more bandwidth, from day to day. In other words, you may well already be outside ?the vast majority?. For reference: if Comcast starts their bandwidth caps at 300 gigabytes (as they have in the select ?trial? regions where caps are already in place), my house would pass that cap nearly every month. That?s almost entirely just because of our moderate-to-heavy use of Netflix/Hulu ? I?m not hostin? leet warez over here or anything. And thats just with two of us, neither making any particular effort to watch things in HD. Once 4K streaming comes into the mix in a few years and Netflix/Amazon/et al. get more stuff worth watching, those caps are gonna burn up quick. Comcast is already ?trialing? data caps in select parts of Alabama, Georgia, Tenessee, and other states. If you go over the 300 GB cap in one of these regions, your next 50GB costs you an extra $10. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 15 06:17:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2014 07:17:09 -0400 Subject: [Infowarrior] - Kansas muzzles academic tweets Message-ID: <062B6DE3-486C-4C82-B570-6AE356A9615B@infowarrior.org> In Kansas, Professors Must Now Watch What They Tweet by May 14, 2014 7:12 PM ET http://www.npr.org/2014/05/14/312524014/in-kansas-professors-must-now-watch-what-they-tweet The Kansas Board of Regents gave final approval Wednesday to a strict new policy on what employees may say on social media. Critics say the policy violates both the First Amendment and academic freedom, but school officials say providing faculty with more specific guidelines will actually bolster academic freedom on campus. The controversial policy was triggered by an equally controversial tweet posted last September by David Guth, an associate journalism professor. Reacting to a lone gunman who killed 12 people at the Washington Navy Yard in Washington, D.C., he wrote: "The blood is on the hands of the #NRA. Next time, let it be YOUR sons and daughters." Guth was placed on administrative leave after an outcry from the public and state lawmakers. Rep. Travis Couture-Lovelady, a member of the Kansas House of Representatives and the National Rifle Association, says he was outraged by the tweet. He supports the board of regents' new policy to place parameters on professors. "Look, you have freedom of speech, but you can't go this far," he says. "I think having a clear understanding between faculty and the board of regents on what's acceptable and what's not is better for everyone involved." The new policy says that faculty and staff of the state's six universities, 19 community colleges and six technical colleges may not say anything on social media that would incite violence, disclose confidential student information or release protected data. But it also says staffers are barred from saying anything "contrary to the best interests of the university." Critics say the broad nature of the guidelines would offer administrators enormous latitude in firing people ? even those with tenure. Will Creeley, director of legal and public advocacy at the Foundation for Individual Rights in Education, says it's one of the most restrictive social media policies in the country. "We have a First Amendment to protect controversial statements like professor Guth's," Creeley says. "We don't have it to protect pictures of kittens posted on Facebook. If you punish a student or professor for a clearly protected speech, you send a message to everyone else on campus that you better watch what you say." Kansas University science professor Burdett Loomis says the regents are scared of Kansas lawmakers. "All of this has to be taken into account in the context of a very, very conservative Kansas Legislature that has very little sympathy, I think, for higher education," Loomis says. The board of regents is appointed by the state's Republican governor, Sam Brownback. Last December, when the board of regents first announced that a new policy was in the works, Loomis posted this reaction on Facebook: "Unbelievably broad and vague set of policies. Perfect example of using a nuclear weapon to destroy a gnat of a pseudo problem." The board of regents chairman, Fred Logan, has dismissed the controversy over the policy as "ludicrous." He defended the new policy and said it would shore up academic freedom by creating more specific guidelines. "In many respects, the work that has been done has really focused on lifting up academic freedom as a core principle for the Kansas Board of Regents," Logan says. "Now, that may sound funny, but if you look in our policy manual, there's really not much in there about that." As for Guth, the professor who triggered the policy, he spent this semester on sabbatical in far western Kansas. But he's still talking; on his blog, he writes, "How can a guy talk to students about social media if he doesn't participate in the online discussion?" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 15 06:29:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2014 07:29:54 -0400 Subject: [Infowarrior] - USTR's whacky wish list Message-ID: <69164DC8-D149-4254-A8F0-5CC43DFF1F6F@infowarrior.org> US trade rep demands end to other nations' healthcare, privacy rules, food labelling... http://boingboing.net/2014/05/14/us-trade-rep-demands-end-to-ot.html "Public Citizen analyzes the new Obama 2014 National Trade Estimate Report, in which the US Trade Rep demands that: Japan abolish its privacy rules and its requirement that food be labelled with its ingredients; Canada abolish its rules limited pharmaceutical patents; Malaysia get rid of its tariffs on pork and booze; Mexico nuke its junk food taxes, and more. It's great reading, and leaves little room for doubt about the neoliberal future, in which anything that's bad for corporate profits -- even if it's good for society or reflects national values -- is killed in the name of free trade." < -- > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 15 11:24:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2014 12:24:32 -0400 Subject: [Infowarrior] - FCC approves Internet 'fast lane' Message-ID: (If FCC Commissioner Jessica Rosenworcel *really* felt it needed more time for study, WTF did she vote yes? Ten bucks says Comcast has a post-FCC job ready for her after she leaves the FCC. --rick) FCC approves plan to allow for paid priority on Internet ? By Cecilia Kang ? May 15 at 11:16 am http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/15/fcc-approves-plan-to-allow-for-paid-priority-on-internet/?Post+generic=%3Ftid%3Dsm_twitter_washingtonpost The Federal Communications Commission on Thursday voted in favor of advancing a proposal that could dramatically reshape the way consumers experience the Internet, opening the possibility of Internet service providers charging Web sites for higher-quality delivery of their content to American consumers. The plan, approved in a three-to-two vote along party lines, could unleash a new economy on the Web where an Internet service provider such as Verizon would charge a Web site such as Netflix for the guarantee of flawless video streaming. Smaller companies that can't afford to pay for faster delivery would likely face additional obstacles against bigger rivals. And consumers could see a trickle-down effect of higher prices as Web sites try to pass along new costs of doing business with Internet service providers. The proposal is not a final rule, but the three-to-two vote on Thursday is a significant step forward on a controversial idea that has invited fierce opposition from consumer advocates, Silicon Valley heavyweights, and Democratic lawmakers. Even one of the Democratic commissioners who voted yes on Thursday expressed some misgivings about how the proposal had been handled. "I would have done this differently. I would have taken the time to consider the future," said Democratic Commissioner Jessica Rosenworcel, who said the proposal can't allow for clear fast lanes for the most privileged companies. She said she supported a proposal allowing the agency to consider questions on how it could prevent certain Web sites from being blocked, in addition to figuring out the overall oversight of broadband Internet providers. "I believe the process that got us to rulemaking today was flawed," she said. "I would have preferred a delay." Wheeler's proposal is part of a larger "net neutrality" plan that forbids Internet service providers from outright blocking Web sites. And he promised a series of measures to ensure the new paid prioritization practices are done fairly and don't harm consumers. The agency said it had developed a "multifaceted dispute resolution process" on enforcement. But consumer advocates doubt the FCC can effectively enforce anti-competitive practices or ensure consumers aren't stuck with fewer choices or poorer service. They note that the FCC will only investigate complaints brought to them, and many small companies and consumers don't have resources to alert the agency. One proposal that consumer groups applauded was on the open question of whether the government should redefine broadband Internet as a public utility, like phone service, which would come with much more oversight from the FCC. "Agencies almost always change their rules from the initial proposal -- that is why we have a whole notice and comment period, so that the agency can hear from the public and be educated into making the right decision (or at least the least bad decision)," said Harold Feld, a vice president at Public Knowledge, a media and technology policy public interest group. "Do not freak about the tentative conclusion and proposed rules." The next phase will be four months of public comments, after which the commissioners will vote again on redrafted rules that are meant to take into account public opinion. But the enactment of final rules faces significant challenges. The proposal has sparked a massive fight between two of the most powerful industries in the country ? on one side, Silicon Valley, and on the other, companies such as Verizon and AT&T that built the pipes delivering Web content to consumers? homes. The telecom companies argue that without being able to charge tech firms for higher-speed connections, they will be unable to invest in faster connections for consumers. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 15 11:28:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2014 12:28:29 -0400 Subject: [Infowarrior] - DOJ: No 4A protection when talking to foreigners Message-ID: DOJ Says Americans Have No 4th Amendment Protections At All When They Communicate With Foreigners We've already questioned if it's really true that the 4th Amendment doesn't apply to foreigners (the Amendment refers to "people" not "citizens"). But in some new filings by the DOJ, the US government appears to take its "no 4th Amendment protections for foreigners" to absurd new levels. It says, quite clearly, that because foreigners have no 4th Amendment protections it means that any Americans lose their 4th Amendment protections when communicating with foreigners. They're using a very twisted understanding of the (already troubling) third party doctrine to do this. As you may recall, after lying to the Supreme Court, the Justice Department said that it would start informing defendants if warrantless collection of information under Section 702 of the FISA Amendments Act (FAA) was used in the investigation against them. < -- > http://www.techdirt.com/articles/20140514/17240227239/doj-says-americans-have-no-4th-amendment-protections-all-when-they-communicate-with-foreigners.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 15 14:42:06 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2014 15:42:06 -0400 Subject: [Infowarrior] - AT&T, Comcast, and Snapchat are laggards on privacy policies Message-ID: <35D10FD1-E6F5-4B68-9E60-04E9006B5181@infowarrior.org> AT&T, Comcast, and Snapchat are laggards on privacy policies https://www.eff.org/who-has-your-back-government-data-requests-2014 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 16 06:54:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 May 2014 07:54:31 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_Half-Century_Anniversary_of_?= =?windows-1252?q?=93Dr=2E_Strangelove=94?= Message-ID: <2B45635C-A06E-45D6-8F36-A21697E8F4A0@infowarrior.org> The Half-Century Anniversary of ?Dr. Strangelove? Posted by David Denby http://www.newyorker.com/online/blogs/culture/2014/05/kubrick-dr-strangelove-half-century-anniversary.html Almost Everything in ?Dr. Strangelove? Was True Posted by Eric Schlosser http://www.newyorker.com/online/blogs/newsdesk/2014/01/strangelove-for-real.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 16 07:07:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 May 2014 08:07:09 -0400 Subject: [Infowarrior] - =?windows-1252?q?Publisher_Targets_University_Res?= =?windows-1252?q?earchers_for_=93Pirating=94_Their_Own_Articles?= Message-ID: <528B37FD-D23B-4144-9AC5-B241DCD94AF5@infowarrior.org> Publisher Targets University Researchers for ?Pirating? Their Own Articles ? By Ernesto ? on May 16, 2014 http://torrentfreak.com/publishers-targets-university-researchers-pirating-articles-140516/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 16 07:09:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 May 2014 08:09:49 -0400 Subject: [Infowarrior] - DHS plays e-mail accountability games Message-ID: <17C97394-A73A-4915-B49F-539F1E460B00@infowarrior.org> If DHS Boss Has A Staffer Write Her Emails... Does It Count As Her Email Under A FOIA Request? from the if-an-email-falls-in-a-forest... dept In 2012, we pointed out how ridiculous it was that then Homeland Security boss Janet Napolitano, who self-described herself as a Luddite, admitted that she didn't use email at all. This seemed troubling, given that DHS was ostensibly in charge of cybersecurity, and you'd hope that the boss would understand the basics of email. Of course, she later admitted to the real reason why she didn't use email: it created a paper-trail that would make her too accountable. In the wake of the recent (and absolutely ridiculous) story about DHS inspector general Charles Edwards and his litany of misdeeds, Shawn Musgrave, over at Muckrock, decided to file some FOIA requests for any emails between Edwards and Napolitano. In response, DHS gave a "no responsive records" answer, noting that (as many had reported), Napolitano didn't use email. However, as Musgrave points out, that's not actually true. There are multiple examples of emails "sent" by Napolitano that have been previously released -- it's just that it's clear they were actually sent via a DHS staffer, rather than Napolitano herself. This is known because of another FOIA request from Musgrave, concerning any emails about Napolitano's resignation from DHS, which turned up (ta da!) an email sent by a (redacted) staffer on behalf of Napolitano: < -- > http://www.techdirt.com/articles/20140514/07164727232/if-dhs-boss-has-staffer-write-her-emails-does-it-count-as-her-email-under-foia-request.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 16 12:03:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 May 2014 13:03:34 -0400 Subject: [Infowarrior] - Judge accuses DOJ of 'judge shopping' for email warrants Message-ID: Government Goes 'Judge Shopping' For Email Warrant Rubber Stamp, Gets Request Shot Down By Second Judge In A Row http://www.techdirt.com/articles/20140512/09130627206/government-goes-judge-shopping-email-warrant-rubber-stamp-gets-request-shot-down-second-judge-row.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 17 09:42:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2014 10:42:31 -0400 Subject: [Infowarrior] - Obama's NSA spying reforms fail to satisfy cyber experts Message-ID: <729F3186-ACCD-4209-A6BF-75A6C1FB5B91@infowarrior.org> Obama's NSA spying reforms fail to satisfy cyber experts By Joseph Menn WASHINGTON Fri May 16, 2014 2:44pm EDT http://www.reuters.com/article/2014/05/16/us-cyber-summit-reforms-idUSBREA4F0MX20140516 (Reuters) - Obama administration actions to change some of the National Security Agency's surveillance practices after the leaks of classified documents by contractor Edward Snowden are falling short of what many private cyber experts want. Top government experts told the Reuters Cybersecurity Summit this week they would be more transparent about spying activity. Non-government guests, however, said the administration was not doing enough to advance Internet security. For instance, last December a White House review commission called for a drastic reduction in the NSA's practice of keeping secret the software vulnerabilities it learns about and then exploiting them for spying purposes. White House cybersecurity advisor Michael Daniel said at the conference that he would chair the interagency group charged with weighing each newly discovered software flaw and deciding whether to keep it secret or warn the software maker about it. "The policy has been in place for a number of years, but it was not as active as we decided that it should be," Daniel said. Now, he said, "there is a process, there is rigor in that process, and the bias is very heavily tilted toward disclosure." Commission member Peter Swire told the summit he was pleased by the formal process for debating vulnerability use, but others said there were too many loopholes. In an April 28 White House blog post, Daniel wrote that the factors the interagency group would consider included the likelihood that the vulnerability would be discovered by others and how pressing was the need for intelligence. "That is the loophole that swallows the entire policy, because there's always going to be an important national security or law enforcement purpose," Chris Soghoian, a technology policy analyst with the American Civil Liberties Union said at the summit. Some security experts active in the market for trading software flaws said they had seen no sign that U.S. purchases were declining. "There's been no change in the market at all as far as we can see," said Adriel Desautels, chief executive of Netragard Inc, which buys and sells programs taking advantage of undisclosed flaws. The White House has also declined to spin off the NSA's defense mission from its more dominant intelligence-gathering mission, as the commission recommended. New NSA Director Michael Rogers told the summit that the agency could keep doing both offense and defense and that "a good, strong Internet is in the best interest of the nation." CRYPTOGRAPHY STANDARDS The review commission implicitly acknowledged that the NSA had developed the capability to penetrate some widely used cryptography, and it urged the NSA to commit to not undermining encryption standards. The White House has issued no policy statement in response. Daniel said officials "do not have any intention of engineering vulnerabilities into algorithms that undergird electronic commerce." Critics say such statements leave plenty of wiggle room. Among other things, they do no not preclude using backroom deals. For instance, the Snowden documents published by journalists say Microsoft Corp (MSFT.O) had worked with the NSA to allow the agency to obtain access to some user emails before they were encrypted. "The way most crypto gets broken is through implementation," Swire said. "How you set up crypto is very important." According to Snowden documents, the NSA has hacked into Google (GOOG.O) and impersonated Facebook (FB.O) overseas, where it faces far fewer restrictions on what it can collect. The NSA has said nothing about changing such tactics. For that reason, many U.S. technology companies are unhappy. They are spending more to boost defenses against intrusions and contesting more requests from the NSA for user data. Although the companies have not committed to a major campaign for new legislation, they have been supporting independent standards groups like the Internet Engineering Task Force as they move toward encrypting more Web traffic. (Reporting by Joseph Menn; Editing by Tiffany Wu and Grant McCool) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 18 15:55:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 May 2014 16:55:45 -0400 Subject: [Infowarrior] - Obama's NSA spying reforms fail to satisfy cyber experts Message-ID: <52B12B16-965A-4B33-9913-70ED740E7010@infowarrior.org> Obama's NSA spying reforms fail to satisfy cyber experts By Joseph Menn WASHINGTON Fri May 16, 2014 2:44pm EDT http://www.reuters.com/article/2014/05/16/us-cyber-summit-reforms-idUSBREA4F0MX20140516 (Reuters) - Obama administration actions to change some of the National Security Agency's surveillance practices after the leaks of classified documents by contractor Edward Snowden are falling short of what many private cyber experts want. Top government experts told the Reuters Cybersecurity Summit this week they would be more transparent about spying activity. Non-government guests, however, said the administration was not doing enough to advance Internet security. For instance, last December a White House review commission called for a drastic reduction in the NSA's practice of keeping secret the software vulnerabilities it learns about and then exploiting them for spying purposes. White House cybersecurity advisor Michael Daniel said at the conference that he would chair the interagency group charged with weighing each newly discovered software flaw and deciding whether to keep it secret or warn the software maker about it. "The policy has been in place for a number of years, but it was not as active as we decided that it should be," Daniel said. Now, he said, "there is a process, there is rigor in that process, and the bias is very heavily tilted toward disclosure." Commission member Peter Swire told the summit he was pleased by the formal process for debating vulnerability use, but others said there were too many loopholes. In an April 28 White House blog post, Daniel wrote that the factors the interagency group would consider included the likelihood that the vulnerability would be discovered by others and how pressing was the need for intelligence. "That is the loophole that swallows the entire policy, because there's always going to be an important national security or law enforcement purpose," Chris Soghoian, a technology policy analyst with the American Civil Liberties Union said at the summit. Some security experts active in the market for trading software flaws said they had seen no sign that U.S. purchases were declining. "There's been no change in the market at all as far as we can see," said Adriel Desautels, chief executive of Netragard Inc, which buys and sells programs taking advantage of undisclosed flaws. The White House has also declined to spin off the NSA's defense mission from its more dominant intelligence-gathering mission, as the commission recommended. New NSA Director Michael Rogers told the summit that the agency could keep doing both offense and defense and that "a good, strong Internet is in the best interest of the nation." CRYPTOGRAPHY STANDARDS The review commission implicitly acknowledged that the NSA had developed the capability to penetrate some widely used cryptography, and it urged the NSA to commit to not undermining encryption standards. The White House has issued no policy statement in response. Daniel said officials "do not have any intention of engineering vulnerabilities into algorithms that undergird electronic commerce." Critics say such statements leave plenty of wiggle room. Among other things, they do no not preclude using backroom deals. For instance, the Snowden documents published by journalists say Microsoft Corp (MSFT.O) had worked with the NSA to allow the agency to obtain access to some user emails before they were encrypted. "The way most crypto gets broken is through implementation," Swire said. "How you set up crypto is very important." According to Snowden documents, the NSA has hacked into Google (GOOG.O) and impersonated Facebook (FB.O) overseas, where it faces far fewer restrictions on what it can collect. The NSA has said nothing about changing such tactics. For that reason, many U.S. technology companies are unhappy. They are spending more to boost defenses against intrusions and contesting more requests from the NSA for user data. Although the companies have not committed to a major campaign for new legislation, they have been supporting independent standards groups like the Internet Engineering Task Force as they move toward encrypting more Web traffic. (Reporting by Joseph Menn; Editing by Tiffany Wu and Grant McCool) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 18 15:55:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 May 2014 16:55:51 -0400 Subject: [Infowarrior] - Cisco CEO Complains to Obama About NSA Allegations Message-ID: <8A0BE5DF-FB98-45D8-A1FB-6D1DD43A7C71@infowarrior.org> In Letter to Obama, Cisco CEO Complains About NSA Allegations May 18, 2014, 12:03 PM PDT By Arik Hesseldahl Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency. In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create ?new standards of conduct? regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times. The letter follows new revelations, including photos, published in a book based on documents leaked by former NSA contractor Edward Snowden alleging that the NSA intercepted equipment from Cisco and other manufacturers and loaded them with surveillance software. The photos, which have not been independently verified, appear to show NSA technicians working with Cisco equipment. Cisco is not said to have cooperated in the NSA?s efforts. Addressing the allegations of NSA interference with the delivery of his company?s products, Chambers wrote: ?We ship our products globally from inside as well as outside the United States, and if these allegations are true, these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally.? ?We simply cannot operate this way; our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security,? Chambers wrote. ?We understand the real and significant threats that exist in this world, but we must also respect the industry?s relationship of trust with our customers.? Failure to restore and repair that trust, Chambers said, could threaten the evolution of the Internet itself and lead to its fragmentation. < - > http://recode.net/2014/05/18/in-letter-to-obama-cisco-ceo-complains-about-nsa-allegations/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 18 16:31:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 May 2014 17:31:29 -0400 Subject: [Infowarrior] - AT&T, DirecTV announce $48 billion merger Message-ID: AT&T, DirecTV announce $48 billion merger By Cecilia Kang AT&T and DirecTV on Sunday announced an approximately $48 billion merger that would create a new telecom and television behemoth to rival cable firms ? while raising fresh concerns over competition and options for consumers. AT&T would gain DirecTV?s 20 million U.S. subscribers, a company with strong cash flows and an ability to fatten its bundle of offerings. The combined firm would be able to offer phone, high-speed Internet and paid television subscriptions to more customers ? packages only cable firms such as Comcast have been able to sell. It is the latest mega-merger to be announced this year in a dramatically shifting telecommunications industry. The titans of the industry have recently rushed to bulk up ? in overall size and in diversity of service offerings ? as their legacy phone and television businesses fray and consumers turn to the Internet for communications and entertainment. The deals, which must be approved by federal regulators, have prompted new concern that consumers could be left with fewer options and even higher prices after years of creeping increases in monthly bills. Last year, U.S. cable television prices increased 5.1 percent to an average $64, triple the rate of inflation, according to a government report. < - > http://www.washingtonpost.com/business/technology/atandt-directv-announce-50-billion-merger/2014/05/18/62ffc980-dec1-11e3-810f-764fe508b82d_story.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 19 06:19:19 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2014 07:19:19 -0400 Subject: [Infowarrior] - Irony: US Charges China with Cyber-Spying on American Firms Message-ID: Sorry, I just can?t help laughing at the hypocritical irony of this story. ?rick US Charges China with Cyber-Spying on American Firms 11 Mins Ago NBC News http://www.cnbc.com/id/101684269 The Justice Department has filed criminal charges against several Chinese government officials, accusing them of stealing American trade secrets through cyber espionage, according to U.S. officials familiar with the case. It's the first time the United States has brought cyber espionage charges against a state actor. Details of the charges are to be announced by Attorney General Eric Holder later on Monday. The charges will name several individuals who are Chinese government employees, according to a U.S. official. "They used military and intelligence facilities to commit cyber espionage against U.S. companies," the official said. The names of the targeted companies could not immediately be determined, but they were said to be in the energy and manufacturing sectors. The Obama administration has long considered China the most aggressive nation in obtaining industrial secrets through spying. "Chinese actors are the world's most active and persistent perpetrators of economic espionage," said the Office of the National Counterintelligence Executive, a U.S. government agency, in a 2011 report. A year ago, several U.S. newspapers, including The New York Times and The Wall Street Journal, said hackers traced to China attacked their newsroom computer systems. A spokesman for China's foreign ministry called any suggestion that the Chinese were involved in those intrusions "irresponsible," though U.S. security experts said China targeted news organizations in the U.S. and overseas to try to identify the sources of news leaks within the Chinese government. Those disclosures prompted a computer security expert and former Justice Department lawyer, Marc Zwillinger to say, "the only computers these days that are safe from Chinese government hackers are computers that are turned off, unplugged, and thrown in the back seat of your car." ?By NBC News --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 19 15:15:30 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2014 16:15:30 -0400 Subject: [Infowarrior] - Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas Message-ID: Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 19 20:51:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2014 21:51:48 -0400 Subject: [Infowarrior] - China Publishes Latest Data of US Cyber Attack Message-ID: <956CD44C-908F-4101-B9DF-5C468913A2D8@infowarrior.org> China Publishes Latest Data of US Cyber Attack 2014-05-20 01:27:43 Xinhua Web Editor: Fu Yu http://english.cri.cn/6909/2014/05/20/2941s827397.htm A spokesperson for China's State Internet Information Office on Monday published the latest data of U.S. cyber attack, saying that China is a solid defender of cyber security. The U.S. is the biggest attacker of China's cyber space, the spokesperson said, adding that the U.S. charges of hacking against five Chinese military officers on Monday are "groundless". Latest data from the National Computer Network Emergency Response Technical Team Coordination Center of China (NCNERTTCC) showed that from March 19 to May 18, a total of 2,077 Trojan horse networks or botnet servers in the U.S. directly controlled 1.18 million host computers in China. The NCNERTTCC found 135 host computers in the U.S. carrying 563 phishing pages targeting Chinese websites that led to 14,000 phishing operations. In the same period, the center found 2,016 IP addresses in the U.S. had implanted backdoors in 1,754 Chinese websites, involving 57,000 backdoor attacks. The U.S. attacks, infiltrates and taps Chinese networks belonging to governments, institutions, enterprises, universities and major communication backbone networks. Those activities target Chinese leaders, ordinary citizens and anyone with a mobile phone. In the meantime, the U.S. repeatedly accuses China of spying and hacking. China has repeatedly asked the U.S. to stop, but it never makes any statement on its wiretaps, nor does it desist, not to mention make apology to the Chinese people. After the Prism program leaked by Edward Snowden, the United States was accused by the whole world. However, it has never made retrospection, instead, it accuses others. The spokesperson said the Chinese government opposes any kinds of cyber crimes, and any groundless accusations against the country. If the United States goes its own way, China will take countermeasures, the spokesperson said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 19 20:52:26 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2014 21:52:26 -0400 Subject: [Infowarrior] - China Suspends Cyber Working Group Activities with US Message-ID: <50B11D97-9F7A-4662-8DDE-F6CC17BFE036@infowarrior.org> China Suspends Cyber Working Group Activities with US to Protest Cyber Theft Indictment 2014-05-20 01:49:18 Xinhua Web Editor: Fu Yu http://english.cri.cn/6909/2014/05/20/2941s827398.htm China on Monday decided to suspend activities of the China-U.S. Cyber Working Group as U.S. announced indictment against five Chinese military officers on allegation of cyber theft. "Given the lack of sincerity on the part of the U.S. to solve issues related to cyber security through dialogue and cooperation, China has decided to suspend activities of the China-U.S. Cyber Working Group," said Foreign Ministry spokesman Qin Gang regarding the U.S. Justice Department's announcement on Monday. The US side announced on Monday indictment against five Chinese military officers on allegation of cyber theft. This U.S. move, which is based on intentionally-fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation and mutual trust, Qin said. China lodged protest with the US side right after the announcement, urging the US side to immediately correct its mistakes and withdraw the "indictment", he said. The position of the Chinese government on cyber security is consistent and clear-cut. China is steadfast in upholding cyber security. The Chinese government, the Chinese military and their relevant personnel have "never engaged or participated" in cyber theft of trade secrets. The U.S. accusation against Chinese personnel is "purely ungrounded and with ulterior purpose," Qin said. Qin said it is a fact criticized by other countries and global media that the US government and relevant departments have long been involved in large-scale and organized cyber theft as well as wiretapping and surveillance activities against foreign political leaders, companies and individuals. China is a victim of severe U.S. cyber theft, wiretapping and surveillance activities. Large amounts of publicly disclosed information show that relevant U.S. institutions have been conducting cyber intrusion, wiretapping and surveillance activities against Chinese government departments, institutions, companies, universities and individuals, according to the spokesman. China has, on many occasions, made serious representations with the U.S. side, Qin said, "We once again strongly urge the U.S. side to make a clear explanation of what it has done and immediately stop such kind of activities." Qin warned that China would react further to the U.S. "indictment" as the situation evolves. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 20 05:59:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 May 2014 06:59:52 -0400 Subject: [Infowarrior] - China bans Windows 8 on government computers Message-ID: <9BE80380-DAC7-4FFE-810E-C2BC744C79A5@infowarrior.org> (Okay, not necessarily a *bad* action, in my view. ?rick) China bans use of Microsoft's Windows 8 on government computers BEIJING Tue May 20, 2014 5:25am EDT http://www.reuters.com/article/2014/05/20/us-microsoft-china-idUSBREA4J07Q20140520 (Reuters) - China has banned government use of Windows 8, Microsoft Corp's latest operating system (OS), in a blow to the U.S. technology company which has long been plagued by sales woes in the country. The Central Government Procurement Center issued the ban on installing Windows 8 on government computers as part of a notice on the use of energy-saving products, posted on its website last week. The official Xinhua news agency said the ban was to ensure computer security after Microsoft ended support for its Windows XP operating system, which was widely used in China. Neither the government nor Xinhua elaborated on how the ban supported the use of energy-saving products, or how it ensured security. China has long been a troublesome market for Microsoft. Former CEO Steve Ballmer reportedly told employees in 2011 that, because of piracy, Microsoft earned less revenue in China than in the Netherlands even though computer sales matched those of the U.S. Microsoft declined to comment. Last month, Microsoft ended support for the 13-year-old XP to encourage the adoption of newer, more secure versions of Windows. This has potentially left XP users vulnerable to viruses and hacking. "China's decision to ban Windows 8 from public procurement hampers Microsoft's push of the OS to replace XP, which makes up 50 percent of China's desktop market," said data firm Canalys. (Reporting by Paul Carsten and Beijing Newsroom; Editing by Christopher Cushing) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 20 17:44:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 May 2014 18:44:18 -0400 Subject: [Infowarrior] - Lavabit Founder speaks out Message-ID: Secrets, lies and Snowden's email: why I was forced to shut down Lavabit For the first time, the founder of an encrypted email startup that was supposed to insure privacy for all reveals how the FBI and the US legal system made sure we don't have the right to much privacy in the first place ? Ladar Levison ? theguardian.com, Tuesday 20 May 2014 07.30 EDT http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email My legal saga started last summer with a knock at the door, behind which stood two federal agents ready to to serve me with a court order requiring the installation of surveillance equipment on my company's network. My company, Lavabit, provided email services to 410,000 people ? including Edward Snowden, according to news reports ? and thrived by offering features specifically designed to protect the privacy and security of its customers. I had no choice but to consent to the installation of their device, which would hand the US government access to all of the messages ? to and from all of my customers ? as they travelled between their email accounts other providers on the Internet. But that wasn't enough. The federal agents then claimed that their court order required me to surrender my company's private encryption keys, and I balked. What they said they needed were customer passwords ? which were sent securely ? so that they could access the plain-text versions of messages from customers using my company's encrypted storage feature. (The government would later claim they only made this demand because of my "noncompliance".) Bothered by what the agents were saying, I informed them that I would first need to read the order they had just delivered ? and then consult with an attorney. The feds seemed surprised by my hesitation. What ensued was a flurry of legal proceedings that would last 38 days, ending not only my startup but also destroying, bit by bit, the very principle upon which I founded it ? that we all have a right to personal privacy. In the first two weeks, I was served legal papers a total of seven times and was in contact with the FBI every other day. (This was the period a prosecutor would later characterize as my "period of silence".) It took a week for me to identify an attorney who could adequately represent me, given the complex technological and legal issues involved ? and we were in contact for less than a day when agents served me with a summons ordering me to appear in a Virginia courtroom, over 1,000 miles from my home. Two days later, I was served the first subpoena for the encryption keys. With such short notice, my first attorney was unable to appear alongside me in court. Because the whole case was under seal, I couldn't even admit to anyone who wasn't an attorney that I needed a lawyer, let alone why. In the days before my appearance, I would spend hours repeating the facts of the case to a dozen attorneys, as I sought someone else that was qualified to represent me. I also discovered that as a third party in a federal criminal indictment, I had no right to counsel. After all, only my property was in jeopardy ? not my liberty. Finally, I was forced to choose between appearing alone or facing a bench warrant for my arrest. In Virginia, the government replaced its encryption key subpoena with a search warrant and a new court date. I retained a small, local law firm before I went back to my home state, which was then forced to assemble a legal strategy and file briefs in just a few short days. The court barred them from consulting outside experts about either the statutes or the technology involved in the case. The court didn't even deliver transcripts of my first appearance to my own lawyers for two months, and forced them to proceed without access to the information they needed. Then, a federal judge entered an order of contempt against me ? without even so much as a hearing. But the judge created a loophole: without a hearing, I was never given the opportunity to object, let alone make any any substantive defense, to the contempt change. Without any objection (because I wasn't allowed a hearing), the appellate court waived consideration of the substantive questions my case raised ? and upheld the contempt charge, on the grounds that I hadn't disputed it in court. Since the US supreme court traditionally declines to review decided on wholly procedural grounds, I will be permanently denied justice. In the meantime, I had a hard decision to make. I had not devoted 10 years of my life to building Lavabit, only to become complicit in a plan which I felt would have involved the wholesale violation of my customers' right to privacy. Thus with no alternative, the decision was obvious: I had to shut down my company. The largest technological question we raised in our appeal (which the courts refused to consider) was what constitutes a "search", i.e., whether law enforcement can demand the encryption keys of a business and use those keys to inspect the private communications of every customer, even when the court has only authorized them to access information belonging to specific targets. The problem here is technological: until any communication has been decrypted and the contents parsed, it is currently impossible for a surveillance device to determine which network connections belong to any given suspect. The government argued that, since the "inspection" of the data was to be carried out by a machine, they were exempt from the normal search-and-seizure protections of the Fourth Amendment. More importantly for my case, the prosecution also argued that my users had no expectation of privacy, even though the service I provided ? encryption ? is designed for users' privacy. If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did ? standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people's defense against an abuse of the state's power. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 21 15:26:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2014 16:26:31 -0400 Subject: [Infowarrior] - House Guts USA Freedom Act, Every Civil Liberties Organization Pulls Their Support Message-ID: <17EB6A7B-7B8C-4301-908C-9D0774197BF9@infowarrior.org> As Feared: House Guts USA Freedom Act, Every Civil Liberties Organization Pulls Their Support < - > http://www.techdirt.com/articles/20140520/17404727297/as-feared-house-guts-usa-freedom-act-every-civil-liberties-organization-pulls-their-support.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 21 16:10:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2014 17:10:58 -0400 Subject: [Infowarrior] - The NSA is Not Made of Magic Message-ID: <52A389A7-7F1A-4CAE-A409-C61D72B22830@infowarrior.org> The NSA is Not Made of Magic https://www.schneier.com/blog/archives/2014/05/the_nsa_is_not_.html I am regularly asked what is the most surprising thing about the Snowden NSA documents. It's this: the NSA is not made of magic. Its tools are no different from what we have in our world, it's just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is Metasploit with a budget. QUANTUM is AirPwn with a seriously privileged position on the backbone. The NSA breaks crypto not with super-secret cryptanalysis, but by using standard hacking tricks such as exploiting weak implementations and default keys. Its TAO implants are straightforward enhancements of attack tools developed by researchers, academics, and hackers; here's a computer the size of a grain of rice, if you want to make your own such tools. The NSA's collection and analysis tools are basically what you'd expect if you thought about it for a while. That, fundamentally, is surprising. If you gave a super-secret Internet exploitation organization $10 billion annually, you'd expect some magic. And my guess is that there is some, around the edges, that has not become public yet. But that we haven't seen any yet is cause for optimism. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 21 16:36:02 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2014 17:36:02 -0400 Subject: [Infowarrior] - The Limits of Armchair Warfare Message-ID: The Limits of Armchair Warfare By JACOB WOOD and KEN HARBAUGH MAY 20, 2014 http://www.nytimes.com/2014/05/21/opinion/the-limits-of-armchair-warfare.html BOTH of us have a deep appreciation for the work of drone pilots. Whether patrolling the Helmand Valley with a sniper team or relying on drone-driven intelligence to plan manned aerial missions, we often prayed that the drone operators supporting us were cool, calm and collected. But neither of us ever imagined that drones would do anything more than augment the manned systems that provide aerial reconnaissance and close air support for troops on the ground. We took for granted that humans on the front lines would always play the lead role. That is why a series of proposed measures over the last year and a half by the Pentagon have us concerned. It is increasingly clear that our military leadership has become so enamored of the technological mystique of drones that they have lost touch with the realities of the modern battlefield. Perhaps the most glaring example, especially for former snipers and pilots like us, is the Pentagon?s recent decision to scrap the A-10, a heavily armed close-air support plane officially nicknamed the Warthog but known to troops as the Flying Gun. This battlefield workhorse flies slow and low, giving pilots a close-up of what troops on the ground need. Those pilots are an aerial extension of the units below them, working in a closer relationship than a drone and its operator ever could. But the A-10 is not sleek and sexy, and it doesn?t feed the brass?s appetite for battlefield footage delivered to screens thousands of miles away, the way a swarm of drones can. True, the A-10 fleet is more expensive than a drone program, and in this era of budget consciousness, it?s reasonable to argue for cutting it as a cost-saving measure. The problem is, the decision also fits a disturbing pattern. In February 2013, the Pentagon announced plans to create a new award ? the Distinguished Warfare Medal ? for drone pilots and ?cyberwarriors,? which would rank above the Purple Heart and Bronze Star. In other words, a drone pilot flying a mission from an armchair in Nevada might be afforded greater recognition than a rifleman wounded in a combat zone. That is ridiculous. As much as we both came to appreciate the work of drone teams, we never once prayed that they be brave. Those on the front lines require real courage because they face real danger. But if a drone overhead gets hit, a monitor somewhere might go fuzzy, and its operator might curse his poor luck for losing an expensive piece of equipment. After a public outcry, and under criticism from Congress, the Pentagon relented, and the award was canceled. Still, these two episodes raise troubling questions about how policy makers view the longest wars in American history. Our most senior leaders in the Pentagon, civilian and military alike, increasingly understand warfare through the literal lens of a drone camera. And this tendency affects decisions much closer to the front lines than awards ceremonies. If the secretaries and flag officers responsible for the Distinguished Warfare Medal spent as much time (or any time) in a sniper hide or an A-10 cockpit as they did monitoring drone feeds, they would not consider elevating a ?Nintendo? medal above those awarded for true heroism and sacrifice. These leaders deserve some of the criticism, but they are not the only ones to blame. The American public, which has largely absolved itself of responsibility for sending nearly three million of its citizens to fight, neither knows nor cares to know the real price of war. The controversy surrounding the A-10 retirement and the Distinguished Warfare Medal should be a wake-up call, a reminder that after over 10 years of fighting, we still need to educate the broader American public about the true cost of the wars fought in its name. Lost in all the allure of high-tech gadgets is the fact that, on the ground and in the air, thousands of men and women continue to risk their lives to promote America?s security and interests. When Americans venture into harm?s way, the last thing we should want is a fair fight. We both owe a great deal to the drones and operators that cleared routes ahead of us or provided intelligence for a manned flight. But while we appreciate their role, we know that they can never provide the kind of truly connected battlefield support that a well-trained pilot can. And when we recognize them, we do so for their skill, not their courage. The moment we conflate proficiency and valor, we cheapen the meaning of bravery itself. Without a true appreciation of the cost of war, more sons and daughters will be sent to fight without the consideration such a decision deserves. As events in Eastern Europe force us to rethink military assumptions and post-Cold War diplomacy, we will soon face the reality that future conflicts cannot be won by joystick alone. War is ugly, and attempts to lessen its horrors will put yet more distance between the American public and the men and women fighting on its behalf. /// Jacob Wood, a former Marine Corps sniper team leader, and Ken Harbaugh, a former Navy pilot and mission commander, served in Afghanistan and now work for a disaster-relief organization. A version of this op-ed appears in print on May 21, 2014, on page A29 of the New York edition with the headline: The Limits of Armchair Warfare. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 21 19:50:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2014 20:50:56 -0400 Subject: [Infowarrior] - =?windows-1252?q?Facebook_App_Knows_What_You=92re?= =?windows-1252?q?_Hearing=2C_Watching?= Message-ID: <53506DAC-2E4B-4817-9430-04EE2E6D4957@infowarrior.org> Facebook App Knows What You?re Hearing, Watching ? Reed Albergotti http://blogs.wsj.com/digits/2014/05/21/facebook-app-knows-what-youre-hearing-and-watching/ Facebook?s mobile app just grew a keen sense of hearing. Starting Wednesday, the app has the ability to recognize music and television shows playing in the vicinity of users. The feature is designed to make it easier for users to share. When users begin to write a post, the Facebook app will offer to include information about music or shows playing in the background. ?We want to help people tell better stories,? said Aryeh Selekman, the product manager who led the development of the feature. ?I hope there are people who love the feature and post more.? If Facebook users share more about themselves, that can boost the value of ads targeted at some of its 1.28 billion users. The audio-recognition feature works similar to the app Shazam, which also can identify music and television programming using the built-in microphones in mobile phones. The feature took Selekman?s team about a year of engineering and logistics work. In order to recognize live television shows, Facebook inked deals to obtain audio from 160 television stations in the U.S. Using the microphone built into iPhone and Android phones, Facebook says the app can recognize a live show within 15 seconds. Facebook also said it reached deals with music-streaming sites, including Spotify and Rdio, to enable Facebook users to play previews of songs that others have shared using the audio-recognition feature. The feature is optional and can be switched on and off. If enough users opt in, the new Feature could give Facebook enough data to start compiling television ratings. Even if users decide not to share what they?re hearing or watching, Facebook will hold onto the data in anonymous form, keeping tabs on how many users watched particular shows. Users who begin a post after turning on the feature will notice a tiny audio equalizer with undulating blue bars, indicating the app has detected sound and is attempting to match it to a song or television show. Once the app finds a match, users will see the title of the song and a thumbnail, such as an album cover or a photo of a talk-show host. By tapping on the show or song, users can post it to their news feeds and let other users know what Facebook has already figured out ? what they?re seeing and hearing. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 22 07:41:06 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 May 2014 08:41:06 -0400 Subject: [Infowarrior] - DuckDuckGo redesigned Message-ID: <7926AFBF-BD05-4282-846F-991DB17E785B@infowarrior.org> Today DuckDuckGo is launching a reimagined and redesigned version that focuses on smarter answers and a more refined look. This new version adds often requested features like images, local search, auto-suggest and much more. http://www.osnews.com/story/27740/DuckDuckGo_gets_complete_redesign_new_features --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 22 12:24:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 May 2014 13:24:56 -0400 Subject: [Infowarrior] - USA FREEDOM bill sponsor votes no on watered-down bill Message-ID: <7F724628-CC44-4CE1-A8B0-D09A16FFE20C@infowarrior.org> https://www.facebook.com/repjustinamash/posts/715098591862883 Justin Amash Today, I will vote no on ?#?HR3361?, the ?#?USAFREEDOMAct?. I am an original cosponsor of the Freedom Act, and I was involved in its drafting. At its best, the Freedom Act would have reined in the government's unconstitutional domestic spying programs, ended the indiscriminate collection of Americans' private records, and made the secret FISA court function more like a real court?with real arguments and real adversaries. I was and am proud of the work our group, led by Rep. Jim Sensenbrenner, did to promote this legislation, as originally drafted. However, the revised bill that makes its way to the House floor this morning doesn't look much like the Freedom Act. This morning's bill maintains and codifies a large-scale, unconstitutional domestic spying program. It claims to end "bulk collection" of Americans' data only in a very technical sense: The bill prohibits the government from, for example, ordering a telephone company to turn over all its call records every day. But the bill was so weakened in behind-the-scenes negotiations over the last week that the government still can order?without probable cause?a telephone company to turn over all call records for "area code 616" or for "phone calls made east of the Mississippi." The bill green-lights the government's massive data collection activities that sweep up Americans' records in violation of the Fourth Amendment. The bill does include a few modest improvements to current law. The secret FISA court that approves government surveillance must publish its most significant opinions so that Americans can have some idea of what surveillance the government is doing. The bill authorizes (but does not require) the FISA court to appoint lawyers to argue for Americans' privacy rights, whereas the court now only hears from one side before ruling. But while the original version of the Freedom Act allowed Sec. 215 of the Patriot Act to expire in June 2015, this morning's bill extends the life of that controversial section for more than two years, through 2017. I thank Judiciary Committee Chairman Bob Goodlatte for pursuing surveillance reform. I respect Rep. Jim Sensenbrenner and Rep. John Conyers for their work on this issue. It's shameful that the president of the United States, the chairman of the House Permanent Select Committee on Intelligence, and the leaders of the country's surveillance agencies refuse to accept consensus reforms that will keep our country safe while upholding the Constitution. And it mocks our system of government that they worked to gut key provisions of the Freedom Act behind closed doors. The American people demand that the Constitution be respected, that our rights and liberties be secured, and that the government stay out of our private lives. Fortunately, there is a growing group of representatives on both sides of the aisle who get it. In the 10 months since I proposed the Amash Amendment to end mass surveillance, we've made big gains. We will succeed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 22 15:40:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 May 2014 16:40:34 -0400 Subject: [Infowarrior] - Microsoft Challenged NSL+Gag Order And Won Message-ID: Microsoft Challenged A National Security Letter That Included A Gag Order And Won Posted 1 hour ago by Alex Wilhelm (@alex) Microsoft challenged a National Security Letter from the FBI last year ? and won. The documents relating the case were recently unsealed, making the effort public. The gist is simple: Microsoft received a National Security Letter requesting ?basic subscriber information? regarding an ?enterprise? customer. That?s how Microsoft characterized the request. For simplicity, the FBI was after the metadata of a large Microsoft client. The letter banned Microsoft from disclosing to anyone that the data had been requested. Microsoft didn?t think that reasonable and filed a challenge. The FBI then retracted its request. The customer in question was an Office 365 user. The FBI wanted data involving ?several categories of information regarding a single user account associated with the e-mail domain which is [redacted] supported within the block of individual Office 365 accounts [snip] provided to [redacted] by Microsoft under the Contract.? On the heels of the passage of an NSA reform bill that likely fails at its stated task, and the failure of two amendments to a separate bill aimed at defunding certain government actions that weaken encryption and harm privacy, this is welcome news. What?s fun in this isn?t that a single National Security Letter was beaten back, but more how Microsoft argued its case. A few excerpts that are worth noting, regarding why Microsoft felt the Letter wasn?t a legal request: < - > http://techcrunch.com/2014/05/22/microsoft-challenged-a-national-security-letter-that-included-a-gag-order-and-won/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 23 05:44:44 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 May 2014 06:44:44 -0400 Subject: [Infowarrior] - Scotusblog loss of Senate press credentials fuels media uproar Message-ID: Scotusblog loss of Senate press credentials fuels media uproar http://www.theguardian.com/law/2014/may/22/scotusblog-loses-senate-press-credential --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 23 15:34:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 May 2014 16:34:07 -0400 Subject: [Infowarrior] - The Lies Mike Rogers Told Congress About The USA Freedom Act Message-ID: <70334927-B2D4-457D-BB6F-D26F4BEAABFB@infowarrior.org> The Lies Mike Rogers Told Congress About The USA Freedom Act http://www.techdirt.com/articles/20140522/17435027341/lies-mike-rogers-told-congress-about-usa-freedom-act.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 24 14:16:06 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2014 15:16:06 -0400 Subject: [Infowarrior] - Government gag orders violate free speech, tech giants contend Message-ID: Government gag orders violate free speech, tech giants contend Yahoo, Google, Microsoft, and Facebook want clearance to disclose what type of national security information requests they receive. by Steven Musil @stevenmusil http://www.cnet.com/news/government-gag-orders-violate-first-amendment-tech-companies-contend A group of prominent tech companies argues that US government gag orders that prohibit them from disclosing what type of national security information requests they receive are a violation of their First Amendment rights. In court documents (PDF) unsealed Friday, Google, Facebook, Microsoft, and Yahoo contend that the gag orders, called "national security letters," or NSLs, are a "prohibition on speech [that] violates the First Amendment." "The government has sought to participate in public debate over its use of the NSL statute," the companies wrote in a brief filed with the 9th US Circuit Court of Appeals in April. "It should not be permitted to gag those best suited to offer an informed viewpoint in that debate; the parties that have received NSLs." NSLs are secret requests to Web and telecommunications companies requesting the "name, address, length of service," and other account information about users that's relevant to a national security investigation. No court approval is required for the electronic data-gathering technique, and disclosing the existence of the FBI's secret requests is not permitted. The companies have sought legal permission for greater transparency about the government requests since last summer when reports based on documents leaked by former NSA contractor Edward Snowden alleged that they provided the NSA with "direct access" to their servers through a so-called PRISM program. The companies have denied that allegation and petitioned the government to allow them to publish, in detail, the types of national security requests they have received under the controversial Foreign Intelligence Surveillance Act. The companies say they do not want to disclose information related to a specific NSL that might jeopardize an investigation but rather "more detailed aggregate statistics about the volume, scope and type of NSLs that the government uses to demand information about their users." The US government has responded that the companies have no First Amendment right to disclose information gathered from participation in a secret government investigation, according to the filing. The companies argue that there is no precedent to suggest that disclosure of the government requests is within any traditionally unprotected category of free speech. "The government attempts to sidestep the serious First Amendment issues raised in this case by arguing that there is no First Amendment right to disclose information gained from participation in a secret government investigation," the companies said. "That is incorrect." CNET has contacted the US Justice Department for comment and will update this report when we learn more --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 24 14:16:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2014 15:16:00 -0400 Subject: [Infowarrior] - USG may deny visas for BH/DC attendees from China Message-ID: <114CD1A9-A6A7-4924-B919-28C020000C28@infowarrior.org> US considers denying visas to Chinese hackers to attend conferences ? Reuters in Denver US officials are considering using visa restrictions to prevent Chinese hackers from attending popular summer hacker conferences in Las Vegas, as part of a broad effort to curb Chinese cyber espionage, a senior administration official said on Saturday. The official said the US government could use such visa restrictions and other measures to keep Chinese nationals from attending the Def Con and Black Hat conferences in August, to help maintain pressure on China after the US this week charged five Chinese military officers with hacking into US nuclear, metal and solar companies to steal trade secrets. China has denied the charges, saying the US grand jury indictment was "made up" and would damage trust between the two nations. Organisers of the two conferences said they knew nothing about the efforts under consideration by Washington, but that they believed limiting participation from China was a bad idea. Jeff Moss, founder of both the Def Con and Black Hat conferences, posted his thoughts on Twitter late on Saturday morning: "First I have heard of it, boarding flight to DC now. I don't think it helps build positive community. More later." Chris Wysopal, a member of the Black Hat board that reviews presentations, said restricting access to that conference would have little impact because all talks are videotaped and sold. "It seems symbolic to me," said Wysopal, who is chief technology officer of the software security firm Veracode. Black Hat's website lists several speakers who may be Chinese nationals. An employee of the Chinese security software maker Qihoo 360 is due to present a technical talk on vulnerabilities in font scalers. Two researchers with the Chinese University of Hong Kong are scheduled to talk about a new approach for hacking social networks. < - > http://www.theguardian.com/technology/2014/may/24/us-visas-chinese-hackers-conferences --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun May 25 06:57:35 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 May 2014 07:57:35 -0400 Subject: [Infowarrior] - =?windows-1252?q?Final_Word_on_U=2ES=2E_Law_Isn?= =?windows-1252?q?=92t=3A_Supreme_Court_Keeps_Editing?= Message-ID: Final Word on U.S. Law Isn?t: Supreme Court Keeps Editing By ADAM LIPTAKMAY 24, 2014 WASHINGTON ? The Supreme Court has been quietly revising its decisions years after they were issued, altering the law of the land without public notice. The revisions include ?truly substantive changes in factual statements and legal reasoning,? said Richard J. Lazarus, a law professor at Harvard and the author of a new study examining the phenomenon. The court can act quickly, as when Justice Antonin Scalia last month corrected an embarrassing error in a dissent in a case involving the Environmental Protection Agency. But most changes are neither prompt nor publicized, and the court?s secretive editing process has led judges and law professors astray, causing them to rely on passages that were later scrubbed from the official record. The widening public access to online versions of the court?s decisions, some of which do not reflect the final wording, has made the longstanding problem more pronounced. Unannounced changes have not reversed decisions outright, but they have withdrawn conclusions on significant points of law. They have also retreated from descriptions of common ground with other justices, as Justice Sandra Day O?Connor did in a major gay rights case. The larger point, said Jeffrey L. Fisher, a law professor at Stanford, is that Supreme Court decisions are parsed by judges and scholars with exceptional care. ?In Supreme Court opinions, every word matters,? he said. ?When they?re changing the wording of opinions, they?re basically rewriting the law.? < - > http://www.nytimes.com/2014/05/25/us/final-word-on-us-law-isnt-supreme-court-keeps-editing.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 26 14:54:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 May 2014 15:54:03 -0400 Subject: [Infowarrior] - =?windows-1252?q?Huge_Wolfenstein_Download_Infuri?= =?windows-1252?q?ates_But_Doesn=92t_Deter_Pirates?= Message-ID: <55B5D550-CBC3-4A02-8DF7-1500801C87A1@infowarrior.org> Huge Wolfenstein Download Infuriates But Doesn?t Deter Pirates ? By Andy ? on May 26, 2014 When the PC version of Wolfenstein: The New Order dropped onto file-sharing sites last week, eager pirates had a surprise in store. Not only a great game but a staggeringly humongous 43.65 gb download. But while tempers frayed for some Wolfenstein still achieved the biggest game swarm of the week, and downloads in excess of 100,000. < - > Reports suggest that the massive file size is due to uncompressed graphics textures but it comes as no surprise that some believe that annoying downloaders was in the developers? minds. Bethesda had deliberately padded out the game with junk as a clever anti-piracy deterrent, some concluded. While extremely unlikely, for some the big download was simply too much. ?43GB, the hell? No thanks, guess I will buy this when the price drops to ?29.99,? said user u2konline. < - > http://torrentfreak.com/huge-wolfenstein-download-infuriates-but-doesnt-deter-pirates-140526/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 26 16:24:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 May 2014 17:24:12 -0400 Subject: [Infowarrior] - Greenwald's Finale: Naming Victims of Surveillance Message-ID: <626A7BCB-CE8B-414B-A83F-F2C4E89D0878@infowarrior.org> Greenwald's Finale: Naming Victims of Surveillance By Toby Harnden - May 26, 2014 The man who helped bring about the most significant leak in American intelligence history is to reveal names of US citizens targeted by their own government in what he promises will be the ?biggest? revelation from nearly 2m classified files. Glenn Greenwald, the journalist who received the trove of documents from Edward Snowden, a former National Security Agency (NSA) contractor, told The Sunday Times that Snowden?s legacy would be ?shaped in large part? by this ?finishing piece? still to come. His plan to publish names will further unnerve an American intelligence establishment already reeling from 11 months of revelations about US government surveillance activities. Greenwald, who is promoting his book No Place To Hide and is trailed by a documentary crew wherever he goes, was speaking in a boutique hotel near Harvard, where he was to appear with Noam Chomsky, the octogenarian leftist academic. ?One of the big questions when it comes to domestic spying is, ?Who have been the NSA?s specific targets??," he said. ?Are they political critics and dissidents and activists? Are they genuinely people we?d regard as terrorists? What are the metrics and calculations that go into choosing those targets and what is done with the surveillance that is conducted? Those are the kinds of questions that I want to still answer.? Greenwald said the names would be published via The Intercept, a website funded by Pierre Omidyar, the billionaire founder and chairman of eBay. Greenwald left The Guardian, which published most of the Snowden revelations, last autumn to work for Omidyar. ?As with a fireworks show, you want to save your best for last,? Greenwald told GQ magazine. ?The last one is the one where the sky is all covered in spectacular multicoloured hues.? < - > http://www.realclearpolitics.com/articles/2014/05/26/greenwalds_finale_naming_victims_of_surveillance_122747.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon May 26 16:32:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 May 2014 17:32:12 -0400 Subject: [Infowarrior] - Twitter to Release All Tweets to Scientists Message-ID: Twitter to Release All Tweets to Scientists: A Trove of Billions of Tweets Will Be a Research Boon and An Ethical Dilemma A trove of billions of tweets will be a research boon and an ethical dilemma Jun 1, 2014 |By Melinda Wenner Moyer http://www.scientificamerican.com/article/twitter-to-release-all-tweets-to-scientists-a-trove-of-billions-of-tweets-will-be-a-research-boon-and-an-ethical-dilemma/ Five hundred million tweets are broadcast worldwide every day on Twitter. With so many details about personal lives, the social media site is a data trove for scientists looking to find patterns in human behaviors, tease out risk factors for health conditions and track the spread of infectious diseases. By analyzing emotional cues found in the tweets of pregnant women, for instance, Microsoft researchers developed an algorithm that predicts those at risk for postpartum depression. And the U.S. Geological Survey uses Twitter to track the location of earthquakes as people tweet about tremors. Until now, most interested scientists have been working with a limited number of tweets. Although a majority of tweets are public, if scientists want to freely search the lot, they do it through Twitter's application programming interface, which currently scours only 1 percent of the archive. But that is about to change: in February the company announced that it will make all its tweets, dating back to 2006, freely available to researchers. Now that everything is up for grabs, the use of Twitter as a research tool is likely to skyrocket. With more data points to mine, scientists can ask more complex and specific questions. The announcement is exciting, but it also raises some thorny questions. Will Twitter retain any legal rights to scientific findings? Is the use of Twitter as a research tool ethical, given that its users do not intend to contribute to research? To address these concerns, Caitlin Rivers and Bryan Lewis, computational epidemiologists at Virginia Tech, published guidelines for the ethical use of Twitter data in February. Among other things, they suggest that scientists never reveal screen names and make research objectives publicly available. For example, although it is considered ethical to collect information from public spaces?and Twitter is a public space?it would be unethical to share identifying details about a single user without his or her consent. Rivers and Lewis argue that it is crucial for scientists to consider and protect users' privacy as Twitter-based research projects multiply. With great data comes great responsibility. This article was originally published with the title "Twitter Opens Its Cage.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue May 27 06:49:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 May 2014 07:49:16 -0400 Subject: [Infowarrior] - Privacy under attack: the NSA files revealed new threats to democracy Message-ID: (Long but well worth reading. ?rick) Privacy under attack: the NSA files revealed new threats to democracy Eben Moglen Tuesday 27 May 2014 06.00 EDT http://www.theguardian.com/technology/2014/may/27/-sp-privacy-under-attack-nsa-files-revealed-new-threats-democracy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 28 06:12:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 May 2014 07:12:03 -0400 Subject: [Infowarrior] - Mass piracy lawsuits stopped on appeal Message-ID: <3203B938-19C9-4937-984A-6F8C2485C38D@infowarrior.org> Comcast, Verizon and Co. Stop Mass Piracy Lawsuits on Appeal ? By Ernesto ? on May 28, 2014 http://torrentfreak.com/comcast-verizon-co-stop-mass-piracy-lawsuits-appeal-140528/?utm_source=dlvr.it&utm_medium=twitter Comcast, Verizon, AT&T, Time Warner and Cox have successfully appealed a district court decision ordering them to reveal the identities of 1,058 subscribers accused of pirating movies via BitTorrent. The verdict is a significant blow for the extortion-like mass-lawsuits many copyright trolls have filed in recent years. < - > All in all the ruling makes it clear that the copyright troll tactic of suing hundreds of individuals without showing that they are connected and living in the district they are being sued in, is a no go. While it doesn?t sent any strict rules on when a case is appropriate, and when not, it can be seen as a ?crushing blow? for copyright trolls. Most importantly is that the Internet providers, and the various groups that joined the case, have prevented worse. If the previous ruling would have held up copyright trolling would have been made much easier and more lucrative than it is today. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed May 28 06:58:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 May 2014 07:58:10 -0400 Subject: [Infowarrior] - Finns beat U.S. with low-tech take on school Message-ID: <37FB6180-1A73-477E-956E-94D9493332AF@infowarrior.org> Finns beat U.S. with low-tech take on school By: Caitlin Emma May 27, 2014 11:39 PM EDT http://dyn.politico.com/printstory.cfm?uuid=E0B931AF-253C-4C8E-99B7-51B13BA34E44 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu May 29 07:22:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 May 2014 08:22:27 -0400 Subject: [Infowarrior] - U.S. Cyber Command wants DISA to take greater role in DoD cyber defense Message-ID: <06F2F5DA-4512-44B4-A489-A4B09B080B6C@infowarrior.org> U.S. Cyber Command wants DISA to take greater role in DoD cyber defense Thursday - 5/29/2014, 3:46am EDT By Jared Serbu http://www.federalnewsradio.com/?nid=398&sid=3631220&pid=0&page=2 U.S. Cyber Command is in talks with the Defense Information Systems Agency to give DISA more day-to-day responsibilities for defending DoD networks from cyber threats. The precise division of labor between the two DoD organizations is a long way from being sorted out, but Adm. Michael Rogers, who took over as commander of U.S. Cyber Command two months ago, said his preferred approach would involve the creation of a Joint Force Headquarters at DISA. The organization would absorb a significant amount of DoD's workload with regard to defensive cyber operations and would play a supporting role to U.S. CYBERCOM. "As the new guy at U.S. Cyber Command, one of the things I've been asking is what we should be doing or not doing as a subunified command," he said. "We can't do everything, and one of the conclusions I've come to is that if CYBERCOM is going to be intimately focused on the tactical-level details of how we're going to defend the network every day, we're not going to get much else done. That's when I said, 'DISA can really help here.'" Rogers, addressing a Washington cybersecurity summit organized by AFCEA's Washington, D.C. chapter Wednesday, said he believes the cybersecurity construct would make sense given the greater responsibility for department-wide IT DISA has already signed up for under DoD's still-evolving Joint Information Environment. As JIE takes shape, DISA already has pivoted from its historical role of connecting military service-centric IT systems to one another, and instead, building and operating enterprise IT systems that each military service will share, such as core data centers, email and collaboration platforms and centrally- managed mobility services. "We've got to give DISA the ability to create a command and control node that can coordinate with others to defend the DoD Information Network (DoDIN), and as we bring JIE online and start to operate a truly integrated, global network that's not so oriented around the individual military services, DISA's role gets to be even bigger," he said. "The military services have had some role up until now in securing four different global backbones, and my attitude is that this is an important role for DISA, and the services need to optimize themselves so that they only operate the last tactical mile and plug into it." Exploring the idea of JIE The idea of a joint force headquarters got a brief mention in the updated strategic plan DISA released earlier this month, but the agency has been actively exploring the idea since at least last fall, when it published a sources sought notice that attempted to identify vendors who could help develop operational concepts for the headquarters. In it, officials said they wanted to create an implementation plan that would align a theoretical DISA task force with cyber activities at CYBERCOM and U.S. Strategic Command. Rogers said starting up the task force would require at least a slight realignment in the way DISA currently organizes itself and allocates its resources. "DISA is largely an acquisition and engineering organization," he said. "For DISA to do what it needs to do in order to help us operate and defend the networks, some portion of DISA needs to become an operational entity that's focused on how we maneuver and defend the network." Rogers said delegating some level of "tactical" cyber defense to DISA would let CYBERCOM focus on what he views as the appropriate niche for his organization: the "strategic" level of cyber warfare. To that end, DoD is attempting to build a cadre of 6,000 cyber operators between now and 2016, divided into three types of teams: ? One focused on defending U.S. civilian critical infrastructure; ? One devoted to defending Defense networks; ? One that will handle offensive cyber operations when CYBERCOM or combatant commanders around the world decide they need to use cyber weapons against adversaries. Taking ownership over standard-setting CYBERCOM is overseeing the construction of the teams and has dictated that personnel from each military service should be trained to a single set of standards so that Army, Navy, Air Force, Marine Corps and Coast Guard personnel can interoperate seamlessly, Rogers said. At the same time, he seemed to walk away from the responsibility for creating those standards and did not specify who would perform the standard-setting function if CYBERCOM would not. "I am the operational commander. I'm not the standards guy, I'm not the architecture guy," he said. Rogers did make clear that he believes the longer-term task of developing cyber warriors in a sustainable fashion is a job best left to the military services, and not one that should be subsumed into CYBERCOM. "My view is we need to use the methodologies we've been using for decades and that people understand," he said. "Our services know how to generate ready forces; they've been doing it for decades, and that's where the roles of the services are critical for us. That's their mission: to generate, man, train and equip a capability to deploy to an operational commander. Much of the time I'm going to be the operational commander, but I'm not the only one. So I've spent a lot of time figuring out how we're going to generate a trained, ready force." The development of those forces is well underway, said Lt. Gen. Edward Cardon, the commander of Army Cyber Command. His service has been tasked with contributing 2,000 cyber soldiers to the joint force and said the Army's will be halfway to that target by the end of this year. Competing for the same personnel Training those soldiers is one thing. Keeping them in the cyber positions, or in the Army, period, is another challenge altogether. "Everybody's competing for the same people. We need to grow more capacity, not poach people from each other," Cardon said. "That's also the challenge I've posed to our guard and reserve: If we're recruiting people who are already working in (computer emergency response teams) in other government agencies to come work for Army Cyber Command, we're just taking people from one government agency and putting them to work in another. That's not helpful." At the same time, Cardon has taken steps to make sure his own uniformed workforce can't be poached by other elements of his own service: If a soldier wants to move from Army Cyber Command to another job outside its immediate jurisdiction, the transfer can't happen without Cardon's personal approval. To build and sustain the workforce, the Army also needs to make formal revisions to its personnel system so that soldiers can spend an entire career in the cyber field, Cardon said. Without providing details, he said the Army will soon create a new branch dedicated to cyber. "What this will allow us to do is to create a separate career field that will manage the leader development and talent management for this entire group," he said. "We haven't created a new branch since the early 1980s, so we're going to be breaking a lot of china. But at the end of it, we're going to be able to much better manage the cyber workforce." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri May 30 07:17:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2014 08:17:50 -0400 Subject: [Infowarrior] - FHFA/CFPB creating massive federal database Message-ID: New federal database will track Americans' credit ratings, other financial information By Richard Pollock | May 30, 2014 | 6:00 am http://washingtonexaminer.com/new-federal-database-will-track-americans-credit-ratings-other-financial-information/article/2549064 As many as 227 million Americans may be compelled to disclose intimate details of their families and financial lives -- including their Social Security numbers -- in a new national database being assembled by two federal agencies. The Federal Housing Finance Agency and the Consumer Financial Protection Bureau posted an April 16 Federal Register notice of an expansion of their joint National Mortgage Database Program to include personally identifiable information that reveals actual users, a reversal of previously stated policy. FHFA will manage the database and share it with CFPB. A CFPB internal planning document for 2013-17 describes the bureau as monitoring 95 percent of all mortgage transactions. FHFA officials claim the database is essential to conducting a monthly mortgage survey required by the Housing and Economic Recovery Act of 2008 and to help it prepare an annual report for Congress. Critics, however, question the need for such a ?vast database? for simple reporting purposes. In a May 15 letter to FHFA Director Mel Watt and CFPB Director Richard Cordray, Rep. Jeb Hensarling, R-Texas, and Sen. Mike Crapo, R-Idaho, charged, "this expansion represents an unwarranted intrusion into the private lives of ordinary Americans." Crapo is the ranking Republican on the Senate Banking, Housing and Urban Affairs Committee. Hensarling is chairman of the House Financial Services Committee. Critics also warn the new database will be vulnerable to cyber attacks that could put private information about millions of consumers at risk. They also question the agency?s authority to collect such information. Earlier this year, Cordray tried to assuage concerned lawmakers during a Jan. 28 hearing of Hensarling's panel, saying repeatedly the database will only contain ?aggregate? information with no personal identifiers. But under the April register notice, the database expansion means it will include a host of data points, including a mortgage owner?s name, address, Social Security number, all credit card and other loan information and account balances. The database will also encompass a mortgage holder?s entire credit history, including delinquent payments, late payments, minimum payments, high account balances and credit scores, according to the notice. The two agencies will also assemble ?household demographic data,? including racial and ethnic data, gender, marital status, religion, education, employment history, military status, household composition, the number of wage earners and a family?s total wealth and assets. Only 12 public comments were submitted during the 30-day comment period following the notice's April 16 publication. The mortgage database is unprecedented and would collect personal mortgage information on every single-family residential first lien loan issued since 1998. Federal officials will continue updating the database into the indefinite future. The database held information on at least 10.1 million mortgage owners, according to a July 31, 2013, FHFA and CFPB presentation at an international conference on collateral risk. FHFA has two contracts with CoreLogic, which boasts that it has ?access to industry?s largest most comprehensive active and historical mortgage databases of over 227 million loans.? Cordray confirmed in his January testimony that CoreLogic had been retained for the national mortgage database. The credit giant Experian is also involved in the mortgage database project, according to an FHFA official who requested anonymity. Rep. Randy Neugebauer, R-Texas, who sits on the Hensarling panel and who has followed the mortgage database's development, said he was ?deeply concerned? about the expansion. ?When you look at the kinds of data that are going to be collected on individuals, just about anything about you is going to be in this database,? he told the Examiner in an interview. Critics of the database span the financial spectrum, including the U.S. Chamber of Commerce's Center for Capital Markets Competitiveness and the National Association of Federal Credit Unions. In a May 16 letter to FHFA, NAFCU's regulatory affairs counsel, Angela Meyster, said the database "harbors significant privacy concerns" and "NAFCU believes greater transparency should be provided by the FHFA and CFPB on what this information is being used for." Meyster told the Examiner that "it goes back to the breadth of information that they?re asking for without really speaking to what they will be used for." Meyster said she was unconvinced. "It seems they?re just adding information and they?re not really stating where it?s going or what it?s going to be used for. There?s no straightaway answer. They say they are trying to assemble as much information that they can." Neugebauer agreed. "Why are we collecting this amount of data on this many individuals?" he asked in the interview. The Chamber of Commerce said that while Congress did ask for regular reports, it never granted FHFA the authority to create the National Mortgage Database. ?Congress did not explicitly require (or even explicitly authorize) the FHFA to build anything resembling the NMD,? the Chamber told Watt in its May 16 letter. Cordray in his testimony told the House, "We?re making every effort to be very careful" but he could not promise there would never be a data breach. Neugebauer said the hacker threat is real. "If someone were to breach that system, they could very easily steal somebody?s identity." Meyster said she doubts the government can protect the data. ?We?re essentially concerned that these government systems don?t have the necessary precautions to make sure that individual consumers are identified through the database,? she said. Computerized theft of government and commercial data is a major concern for federal officials. Indictments were made public last week for five Chinese military members who allegedly hacked into the computer systems of six American corporations. A December report from the Government Accountability Office on breaches containing personally identifiable information from federal databases shows unlawful data breaches have doubled, from 15,140 reported incidents in 2009 to 22,156 in 2012. A May 1 White House report on cybersecurity of federal databases also recently warned, "if unchecked, big data could be a tool that substantially expands government power over citizens.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 31 08:28:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 May 2014 09:28:38 -0400 Subject: [Infowarrior] - Congressman bankrolled by ISPs tries to halt Internet regulation Message-ID: Congressman bankrolled by ISPs tries to halt Internet regulation AT&T, Comcast, Verizon, Time Warner Cable give to anti-FCC lawmaker. by Jon Brodkin - May 30 2014, 12:07pm EDT http://arstechnica.com/tech-policy/2014/05/congressman-bankrolled-by-isps-tries-to-halt-internet-regulation/ US Rep. Bob Latta (R-OH) on Wednesday filed legislation that would prevent the Federal Communications Commission from attempting to regulate broadband Internet service as a public utility. It probably won't surprise you that Internet service providers have enthusiastically given money to this congressman. As we reported in our May 16 story "Bankrolled by broadband donors, lawmakers lobby FCC on net neutrality," Latta received $51,000 from cable company interests in the two-year period ending December 2013. Latta was one of "28 House members who lobbied the Federal Communications Commission to drop net neutrality," with those lawmakers having "received more than twice the amount in campaign contributions from the broadband sector than the average for all House members," our story noted. A member of Congress since 2007, Latta received $32,500 from political action committees (PACs) representing AT&T and individuals who work for AT&T in his career, according to OpenSecrets' list of his top contributors. He received an additional $29,500 from the National Cable & Telecommunications Association and $21,000 from Time Warner Cable-linked interests. Verizon PACs and individuals gave him $16,000, the American Cable Association gave him $15,000, CenturyLink PACs gave him $11,400, and Comcast PACs gave him $11,000. Not content with lobbying the FCC, Latta this week by filing a bill (PDF) with the title, "To amend the Communications Act of 1934 to limit the authority of the Federal Communications Commission over providers of broadband Internet access service." Latta described his legislation as an attempt to "keep [the] Internet open and accessible." His facts are slightly off in a press release. The announcement says Latta's legislation would "ensure the Internet remains open and free from government interference by limiting the Federal Communications Commission?s (FCC) authority to regulate broadband under Title II of the Communications Act. The legislation comes after the FCC released a proposal to reclassify broadband Internet access under Title II as a telecommunications service rather than an information service." In fact, the FCC's proposal does not propose reclassifying broadband as a Title II service. (Title II or "common carrier" services, such as the traditional phone network, can be regulated as public utilities.) Network neutrality advocates have asked the FCC to reclassify broadband as Title II, saying it would let the commission outlaw Internet "fast lanes" in which Web services pay ISPs for priority access to consumers. The FCC has proposed using different authority (Section 706 of the Telecommunications Act) to regulate broadband while allowing such fast lanes, but it asked the public for comment on whether it should use Title II instead. FCC Chairman Tom Wheeler has so far not proposed reclassifying broadband, but he said he is open to doing so if the FCC's net neutrality proposal "turns out to be insufficient or if we observe anyone taking advantage of the rule." Latta appears to think that the FCC has decided to reclassify broadband as a common carrier service. ?In light of the FCC initiating yet another attempt to regulate the Internet, upending long-standing precedent and imposing monopoly-era telephone rules and obligations on the 21st Century broadband marketplace, Congress must take action to put an end to this misguided regulatory proposal,? Latta said in his announcement. "The Internet has remained open and continues to be a powerful engine fueling private enterprise, economic growth and innovation absent government interference and obstruction. My legislation will provide all participants in the Internet ecosystem the certainty they need to continue investing in broadband networks and services that have been fundamental for job creation, productivity, and consumer choice." Latta didn't get any co-sponsors for the bill, suggesting it's little more than a symbolic gesture. After being introduced Wednesday, the legislation was referred to the House Committee on Energy and Commerce. A Latta spokesperson told Ars, "We will be working with Committee on next steps.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 31 08:29:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 May 2014 09:29:53 -0400 Subject: [Infowarrior] - US cybercrime laws being used to target security researchers Message-ID: <87E09626-01CF-4498-B961-3373080C30F7@infowarrior.org> Again?.?rick US cybercrime laws being used to target security researchers Security researchers say they have been threatened with indictment for their work investigating internet vulnerabilities ? Tom Brewster ? theguardian.com, Thursday 29 May 2014 11.09 EDT http://www.theguardian.com/technology/2014/may/29/us-cybercrime-laws-security-researchers Some of the world?s best-known security researchers claim to have been threatened with indictment over their efforts to find vulnerabilities in internet infrastructure, amid fears American computer hacking laws are perversely making the web less safe to surf. Many in the security industry have expressed grave concerns around the application of the US Computer Fraud and Abuse Act (CFAA), complaining law enforcement and lawyers have wielded it aggressively at anyone looking for vulnerabilities in the internet, criminalising work that?s largely benign. They have also argued the law carries overly severe punishments, is too vague and does not consider context, only the action. HD Moore, creator of the ethical hacking tool Metasploit and chief research officer of security consultancy Rapid7, told the Guardian he had been warned by US law enforcement last year over a scanning project called Critical.IO, which he started in 2012. The initiative sought to find widespread vulnerabilities using automated computer programs to uncover the weaknesses across the entire internet. 'Law enforcement are killing careers' Jeremiah Grossman, CEO of cyber research firm Whitehat Security, believes that the aggressive application of the law will lead to researchers quitting before they?ve found serious problems on the internet, leading to a degradation of its overall security. ?Right now they are probably killing careers, because they're not accounting for intent,? said Grossman. ?The chilling effect is on the problems we don't know about yet. The canaries in the coalmine? They just killed them all. So now we're going to suffer the consequences.? The project that landed Moore in trouble, Critical.IO, uncovered some serious, widespread vulnerabilities, including one case where between 40 and 50 million network machines could have been compromised due to weaknesses in a network protocol, known as Universal Plug and Play (UPnP). Yet US law enforcement continued to pursue Moore, even though he was transparent with his role and the reasons for his scanning, he claimed, without naming the government body that was responsible. 'The law doesn't encourage experts with the skill to investigate threats' Moore said the actions by law enforcement were partly responsible for him taking a break from the industry, from which he has just returned. But his biggest fears surround the overall effect on internet security. ?You need people who can get into the detail with these systems, people who know how to manipulate the technology to their advantage as a criminal would,? he added. ?You need these people to help users understand the threats, and to work with vendors to help them fix them. At the moment, the law doesn?t encourage this. It doesn?t make any distinction between bona fide research and criminal activity. It doesn?t help consumers understand their risk.? Many other researchers are believed to have had similar issues. Zach Lanier, senior security researcher at Duo Security, said many of his team had ?run into possible CFAA issues before in the course of research over the last decade?. 'We warned of a vulnerability - but they claimed we were hacking their systems' Lanier said that after finding severe vulnerabilities in an unnamed ?embedded device marketed towards children? and reporting them to the manufacturer, he received calls from lawyers threatening him with action. "We had tried to work with them and sent them all the details," said Lanier. "When it finally got to the point that we were going to talk [publicly] about this... a lawyer called us. As is often the case with CFAA things when they go to court, the lawyers and even sometimes the technical people or business people don't understand what it is you actually did. There were claims that we were 'hacking into their systems'." The threat of a CFAA prosecution forced Lanier and his team to walk away from the research. "The looming threat of CFAA as ammunition for anyone to use willy-nilly was enough ? and had a chilling effect on our research," Lanier added. The people running organisations who wield CFAA aggressively when vulnerabilities are reported to them "probably don't really think about anything other than dollar signs", he said. Current attempts at CFAA reform appear to be foundering. Researchers had hoped the case of Andrew ?weev? Auernheimer would be useful in fighting for reform. Auernheimer was convicted under CFAA for his part in releasing information on an AT&T website flaw that was hacked to reveal data belonging to iPad consumers. But when Auernheimer succeeded in having his conviction overturned, it was because the judge agreed the case should not have been heard in New Jersey, rather than because of any underlying problem with the nature of the CFAA. Many are still hopeful Aaron?s Law, named after the late internet activist Aaron Swartz who killed himself in 2013, will pass. Swartz?s family blamed the attempts to prosecute Swartz under CFAA, after he downloaded documents from online resource Jstor from a server at the Massachusetts Institute of Technology without proper authorisation, were partly to blame for his death. He was potentially facing 50 years in prison for what many considered a minor act. Lawmakers want more severe penalties for hacking The US Congresswoman Zoe Lofgren had not offered any comment at the time of publication on claims that Aaron?s Law would not be passing through the House or the Senate. The digital rights lawyer Marcia Hoffman says Congress remains divided on the issue. After high-profile breaches, such as the hack of US retailing giant Target and alleged Chinese state-sponsored espionage of various American organisations, many want to see CFAA punishments made more severe. ?On one side of things there are members of Congress who say hacking is a big problem and what we ought to be doing is making penalties tougher. Then on the other side there are people saying the CFAA is not written in a way that is very clear, it's not entirely apparent what behaviour is legal under it and the last thing we should be doing is making penalties tougher.? According to Hoffman, the wording of the CFAA makes it difficult to understand what is illegal. In particular, an internet user who ?intentionally accesses a computer without authorisation or exceeds authorised access? is breaking the law, even though it doesn't actually explain what authorisation actually is, Hoffman added. ?Judges have been forced to figure out how one expresses authorisation.? There are also worries that if CFAA were to be weakened in favour of the security industry, criminal hackers would simply claim in their defence they were carrying out research. Moore said there should be better ways to ?define or prove what bona fide research is?. ?For example, is it the way you disclose the findings? Is it the type of information you access? This isn?t easy to solve, but it?s important and worth doing if we want to protect ourselves.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat May 31 21:17:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 May 2014 22:17:14 -0400 Subject: [Infowarrior] - N.S.A. Collecting Millions of Faces From Web Images Message-ID: N.S.A. Collecting Millions of Faces From Web Images By JAMES RISEN and LAURA POITRASMAY 31, 2014 http://www.nytimes.com/2014/06/01/us/nsa-collecting-millions-of-faces-from-web-images.html The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents. The spy agency?s reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. Agency officials believe that technological advances could revolutionize the way that the N.S.A. finds intelligence targets around the world, the documents show. The agency?s ambitions for this highly sensitive ability and the scale of its effort have not previously been disclosed. The agency intercepts ?millions of images per day? ? including about 55,000 ?facial recognition quality images? ? which translate into ?tremendous untapped potential,? according to 2011 documents obtained from the former agency contractor Edward J. Snowden. While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show. ?It?s not just the traditional communications we?re after: It?s taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information? that can help ?implement precision targeting,? noted a 2010 document. One N.S.A. PowerPoint presentation from 2011, for example, displays several photographs of an unidentified man ? sometimes bearded, other times clean-shaven ? in different settings, along with more than two dozen data points about him. These include whether he was on the Transportation Security Administration no-fly list, his passport and visa status, known associates or suspected terrorist ties, and comments made about him by informants to American intelligence agencies. It is not clear how many people around the world, and how many Americans, might have been caught up in the effort. Neither federal privacy laws nor the nation?s surveillance laws provide specific protections for facial images. Given the N.S.A.?s foreign intelligence mission, much of the imagery would involve people overseas whose data was scooped up through cable taps, Internet hubs and satellite transmissions. Because the agency considers images a form of communications content, the N.S.A. would be required to get court approval for imagery of Americans collected through its surveillance programs, just as it must to read their emails or eavesdrop on their phone conversations, according to an N.S.A. spokeswoman. Cross-border communications in which an American might be emailing or texting an image to someone targeted by the agency overseas could be excepted. Civil-liberties advocates and other critics are concerned that the power of the improving technology, used by government and industry, could erode privacy. ?Facial recognition can be very invasive,? said Alessandro Acquisti, a researcher on facial recognition technology at Carnegie Mellon University. ?There are still technical limitations on it, but the computational power keeps growing, and the databases keep growing, and the algorithms keep improving.? State and local law enforcement agencies are relying on a wide range of databases of facial imagery, including driver?s licenses and Facebook, to identify suspects. The F.B.I. is developing what it calls its ?next generation identification? project to combine its automated fingerprint identification system with facial imagery and other biometric data. The State Department has what several outside experts say could be the largest facial imagery database in the federal government, storing hundreds of millions of photographs of American passport holders and foreign visa applicants. And the Department of Homeland Security is funding pilot projects at police departments around the country to match suspects against faces in a crowd. The N.S.A., though, is unique in its ability to match images with huge troves of private communications. ?We would not be doing our job if we didn?t seek ways to continuously improve the precision of signals intelligence activities ? aiming to counteract the efforts of valid foreign intelligence targets to disguise themselves or conceal plans to harm the United States and its allies,? said Vanee M. Vines, the agency spokeswoman. She added that the N.S.A. did not have access to photographs in state databases of driver?s licenses or to passport photos of Americans, while declining to say whether the agency had access to the State Department database of photos of foreign visa applicants. She also declined to say whether the N.S.A. collected facial imagery of Americans from Facebook and other social media through means other than communications intercepts. ?The government and the private sector are both investing billions of dollars into face recognition? research and development, said Jennifer Lynch, a lawyer and expert on facial recognition and privacy at the Electronic Frontier Foundation in San Francisco. ?The government leads the way in developing huge face recognition databases, while the private sector leads in accurately identifying people under challenging conditions.? Ms. Lynch said a handful of recent court decisions could lead to new constitutional protections for the privacy of sensitive face recognition data. But she added that the law was still unclear and that Washington was operating largely in a legal vacuum. Laura Donohue, the director of the Center on National Security and the Law at Georgetown Law School, agreed. ?There are very few limits on this,? she said. Congress has largely ignored the issue. ?Unfortunately, our privacy laws provide no express protections for facial recognition data,? said Senator Al Franken, Democrat of Minnesota, in a letter in December to the head of the National Telecommunications and Information Administration, which is now studying possible standards for commercial, but not governmental, use. Facial recognition technology can still be a clumsy tool. It has difficulty matching low-resolution images, and photographs of people?s faces taken from the side or angles can be impossible to match against mug shots or other head-on photographs. Dalila B. Megherbi, an expert on facial recognition technology at the University of Massachusetts at Lowell, explained that ?when pictures come in different angles, different resolutions, that all affects the facial recognition algorithms in the software.? That can lead to errors, the documents show. A 2011 PowerPoint showed one example when Tundra Freeze, the N.S.A.?s main in-house facial recognition program, was asked to identify photos matching the image of a bearded young man with dark hair. The document says the program returned 42 results, and displays several that were obviously false hits, including one of a middle-age man. Similarly, another 2011 N.S.A. document reported that a facial recognition system was queried with a photograph of Osama bin Laden. Among the search results were photos of four other bearded men with only slight resemblances to Bin Laden. But the technology is powerful. One 2011 PowerPoint showed how the software matched a bald young man, shown posing with another man in front of a water park, with another photo where he has a full head of hair, wears different clothes and is at a different location. It is not clear how many images the agency has acquired. The N.S.A. does not collect facial imagery through its bulk metadata collection programs, including that involving Americans? domestic phone records, authorized under Section 215 of the Patriot Act, according to Ms. Vines. The N.S.A. has accelerated its use of facial recognition technology under the Obama administration, the documents show, intensifying its efforts after two intended attacks on Americans that jarred the White House. The first was the case of the so-called underwear bomber, in which Umar Farouk Abdulmutallab, a Nigerian, tried to trigger a bomb hidden in his underwear while flying to Detroit on Christmas in 2009. Just a few months later, in May 2010, Faisal Shahzad, a Pakistani-American, attempted a car bombing in Times Square. The agency?s use of facial recognition technology goes far beyond one program previously reported by The Guardian, which disclosed that the N.S.A. and its British counterpart, General Communications Headquarters, have jointly intercepted webcam images, including sexually explicit material, from Yahoo users. The N.S.A. achieved a technical breakthrough in 2010 when analysts first matched images collected separately in two databases ? one in a huge N.S.A. database code-named Pinwale, and another in the government?s main terrorist watch list database, known as Tide ? according to N.S.A. documents. That ability to cross-reference images has led to an explosion of analytical uses inside the agency. The agency has created teams of ?identity intelligence? analysts who work to combine the facial images with other records about individuals to develop comprehensive portraits of intelligence targets. The agency has developed sophisticated ways to integrate facial recognition programs with a wide range of other databases. It intercepts video teleconferences to obtain facial imagery, gathers airline passenger data and collects photographs from national identity card databases created by foreign countries, the documents show. They also note that the N.S.A. was attempting to gain access to such databases in Pakistan, Saudi Arabia and Iran. The documents suggest that the agency has considered getting access to iris scans through its phone and email surveillance programs. But asked whether the agency is now doing so, officials declined to comment. The documents also indicate that the N.S.A. collects iris scans of foreigners through other means. In addition, the agency was working with the C.I.A. and the State Department on a program called Pisces, collecting biometric data on border crossings from a wide range of countries. One of the N.S.A.?s broadest efforts to obtain facial images is a program called Wellspring, which strips out images from emails and other communications, and displays those that might contain passport images. In addition to in-house programs, the N.S.A. relies in part on commercially available facial recognition technology, including from PittPatt, a small company owned by Google, the documents show. The N.S.A. can now compare spy satellite photographs with intercepted personal photographs taken outdoors to determine the location. One document shows what appear to be vacation photographs of several men standing near a small waterfront dock in 2011. It matches their surroundings to a spy satellite image of the same dock taken about the same time, located at what the document describes as a militant training facility in Pakistan. A version of this article appears in print on June 1, 2014, on page A1 of the New York edition with the headline: N.S.A. COLLECTING MILLIONS OF FACES FROM WEB IMAGES. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.