From rforno at infowarrior.org Sun Nov 2 12:56:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Nov 2014 13:56:52 -0500 Subject: [Infowarrior] - first interdiction against a state advanced threat group References: <20141102182732.1DC862282E7@palinka.tinho.net> Message-ID: <9AD1D04D-883A-43F4-BFCA-C5F5362B9E24@infowarrior.org> Begin forwarded message: > From: dan > Subject: referral: first interdiction against a state advanced threat group > Date: November 2, 2014 at 1:27:32 PM EST > > http://www.novetta.com/files/9714/1446/8199/Executive_Summary-Final_1.pdf > > Axiom is responsible for directing highly sophisticated cyber espionage > operations against numerous Fortune 500 companies, journalists, > environmental groups, pro-democracy groups, software companies, academic > institutions, and government agencies worldwide for at least the last > six years. In our coordinated effort, we performed the first > ever-private sponsored interdiction against a sophisticated state > sponsored advanced threat group. Our efforts detected and cleaned 43,000 > separate installations of Axiom tools, including 180 of their top tier > implants. This report will expand upon the following key findings: > > * A coordinated effort across the private sector can have > quantifiable impact on state- sponsored threat actors. > > * The Axiom threat group is a well resourced, disciplined, > and sophisticated subgroup of a larger cyber espionage group that has > been directing operations unfettered for over six years. > > * Novetta has moderate to high confidence that the > organization-tasking Axiom is a part of Chinese Intelligence Apparatus. > This belief has been partially confirmed by a recent FBI flash released > to Infragard stating the actors are affiliated with the Chinese > government1. > > * Axiom actors have victimized pro-democracy > non-governmental organizations (NGO) and other groups and individuals > that would be perceived as a potential threat to the stability of the > Chinese state. > > * Axiom operators have been observed operating in > organizations that are of strategic economic interest, that influence > environmental and energy policy, and that develop cutting edge > information technology including integrated circuits, telecommunications > equipment manufacturers, and infrastructure providers. > > * Later stages of Axiom operations leverage command and > control infrastructure that has been compromised solely for the > targeting of individual or small clusters of related targeted > organizations. > > * Axiom uses a varied toolset ranging from generic malware > to very tailored, custom malware designed for long-term persistence that > at times can be measured in years. In descending order of observed > scarcity these families are: > > Zox family (ZoxPNG, ZoxRPC)/Gresim > Hikit > Derusbi > Fexel/Deputy Dog > Hydraq/9002/Naid/Roarur/Mdmbot > ZXShell/Sensode > PlugX/Sogu/Kaba/Korplug/DestroyRAT > Gh0st/Moudour/Mydoor > Poison Ivy/Darkmoon/Breut > From rforno at infowarrior.org Sun Nov 2 16:44:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Nov 2014 17:44:41 -0500 Subject: [Infowarrior] - Copyright Monopoly Enforcement Gets To Trump Human Rights, Yet Again Message-ID: <25C5ECDB-D0A4-4A7F-B893-28981140CAFB@infowarrior.org> Copyright Monopoly Enforcement Gets To Trump Human Rights, Yet Again ? By Rick Falkvinge ? on November 2, 2014 http://torrentfreak.com/copyright-monopoly-enforcement-gets-to-trump-human-rights-yet-again-141102/ Australia's administration has introduced a Data Retention bill, learning nothing from the court rulings that declare the practice to be in violation of fundamental rights. They plan to log everybody's correspondence and movements - with the idea of using that data to enforce the copyright monopoly. On December 14, 2005, the European Parliament approved legislation that was more Stasiesque than anything previously imagined. Citizens would have every piece of communications logged for a minimum for six months, including from where it was made, so that this could be used against the citizens if need be. Who people talked to, how, from where, and when. In effect, since your mobile phone communicated more or less all the time, every footstep you took through a European city was not only monitored, but recorded for the specific purpose of using it against you. The legislation ? the Data Retention Directive ? caused an outrage, and rightly so. But the gears of justice turn slowly. On April 8, 2014 ? almost ten years later ? the European Court of Justice ? the highest court in Europe ? ruled that the legislation violated a number of fundamental citizen rights, including the presumption of innocence, protection of personal data, and the right to privacy. It didn?t just declare the horrible law invalid from that point on ? the European Court of Justice ruled that the law had never even existed. It should come as no surprise that the copyright industry was one of the primary pushers for this legislation. In combination with the typical over-implementation of the IPRED directive, which would give the copyright industry police-like powers to demand logs from Internet Service Providers. They would use this power to find people who had violated their distribution monopolies in sharing knowledge and culture among each other. This two-pronged approach would allow the copyright industry to act as a private police force: force ISPs to save logs of all correspondence, and get the legal right to demand it (a right even the Police didn?t have for crimes at that petty level). The copyright industry has never cared for human rights. Every single debate you go to, they talk about ?balancing? fundamental rights against their right to profit. It is not just audacious, it is revolting. First, there is no right to profit for a commercial enterprise, and second, the reason we call the fundamental rights ?fundamental? in the first place is that nothing gets to be ?balanced? against them. These are rights on the same level as the right to life. Yes, they?re that fundamental. And the copyright industry cares that little. This week, about ten years late, Australia introduced Data Retention of the same model. Or at least that?s what most people think. The bill has been introduced, and yet it hasn?t, because nobody is allowed to read the details of what data is actually required to be retained in the bill yet. (Raise your hand if you?ve heard this kind of story before ? an administration playing hide-and-seek with legislative details.) And just as unsurprisingly, the first thing that pops up as purpose for this violatory legislation is copyright monopoly enforcement. Violating fundamental human rights wholesale for entire countries at a time, with the idea of enforcing an entertainment distribution monopoly for a cartoon industry. It?s so disproportionate it wouldn?t even be funny in a cartoon; it?s so out of touch with reality that we?ve even left the Onionesque. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 3 05:58:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Nov 2014 06:58:41 -0500 Subject: [Infowarrior] - OT: RIP Brittany Maynard, 29 Message-ID: <6793591F-4BA6-44B0-A014-672BFCADEA01@infowarrior.org> Dogma is incompatible with dignity, but so too (generally) are religion and politics in the western world. I hope this revitalizes the movement to get more such laws passed. And yes, I did contribute to the foundation last month. --- rick Brittany Maynard, as promised, ends her life at 29 By Lindsey Bever November 2 at 10:41 PM Brittany Maynard, the terminally-ill 29-year-old who spent her final days advocating for death-with-dignity laws, took lethal drugs prescribed by her physician on Saturday and died, a spokesman said, ?as she intended ? peacefully in her bedroom, in the arms of her loved ones.? Maynard, who was diagnosed earlier this year with a stage 4 malignant brain tumor, said last month she planned to die Nov. 1 in her home in Portland, Ore., with help from her doctor. And Saturday, she said farewell. < - > http://www.washingtonpost.com/news/morning-mix/wp/2014/11/02/brittany-maynard-as-promised-ends-her-life-at-29/?tid=hp_mm --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 3 06:02:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Nov 2014 07:02:23 -0500 Subject: [Infowarrior] - Oz gov: telco metadata might be available to civil courts Message-ID: Oz gov lets slip: telco metadata might be available to civil courts Quite by accident, truth leaks out By Richard Chirgwin, 2 Nov 2014 http://www.theregister.co.uk/2014/11/02/oz_gov_lets_slip_telco_metadata_might_be_available_to_civil_courts/ Comment A series of slips by the nation's top cop followed by communications minister Malcolm Turnbull has made Australia's data retention bill even more of a potential horror than it seemed when it was introduced last week. It started with the Australian Federal Police commissioner Andrew Colvin saying that stored telecommunications metadata could be used to go after people who infringe copyright online. That statement, made on October 30, was unequivocal ? he used the word ?absolutely?. It's always a bad idea for police to rashly tell the world what they really think. The first response came from Senator George Brandis, who said that the data retention bill is all about criminal, not civil matters. Turnbull similarly explained that outfits like the AFP and ASIO aren't interested in copyright infringement (not that Colvin's use-case can't happen, only that two specific agencies aren't going to try to use the data that way). That became the chorus-sheet, with Colvin toeing the ?not interested? line on ABC Radio. Perhaps feeling the heat, Turnbull then clarified the position further, telling ZDNet's Josh Taylor that if film studios want to use metadata to sue Torrenters, they won't be able to do their dirty work through the police, but would have to ask the courts to give them access to it. At which point, it looks like each successive explanation has made things just that little bit worse. It's not only that Turnbull's timing is shocking, since ISPs are right now resisting legal action trying to force them to reveal subscriber information through the courts to a copyright troll. It's that there's nothing in any of the statements ? Turnbull's, Colvin's, or Brandis' ? that confines any such court process to copyright. The data is there, and accessible through the courts. By whom, exactly? How much data could a court open up to a smart and well-funded litigant? How would the average individual, without access to Philip Street lawyers, resist having their data swept up by someone demanding access to their metadata? Today, the IP address assigned to you or I isn't available to be pettifogged by a lawyer because it doesn't exist. Will it be the same tomorrow? With injudicious statements, ill-conceived legislation, and its desire to metasplain its way out of trouble, the federal government has told the world: your metadata will be available to the civil courts. And lawyers are already gathering, telling the ABC's PM program that metadata could be demanded in family law cases and insurance cases. Instead of creating the government-control beloved of conservative states, the government has created a honeypot for the scummiest practitioners of the legal profession. Personally, I fear them more than I fear most hackers. Two senior cabinet ministers, Brandis and Turnbull, aggregate such outrageous incompetence that they couldn't predict this, and they're both lawyers. There's also the assertion that copyright infringements aren't of interest to the AFP, which is only half true. As the government's IP Australia Website explains here: The Copyright Act 1968 similarly provides for criminal sanctions. Under this Act it is an offence to: ? knowingly import, possess, sell, distribute or commercially deal with an infringing copy ? offer for sale infringing copies of computer programs ? transmit a computer program to enable it to be copied when received. If there were a criminal copyright infringement investigation in hand, rather than a merely civil complaint, a target's metadata would be in the mix. ?Absolutely?, as AFP commissioner Colvin honestly put it, before the backpeddaling began. What's depressing is that Australians probably won't take to the streets about this issue. It's unlikely they'll read even a handful of the stories about the data retention regime. And thus does a country sleepwalk into a Stasi-like regime. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 4 06:23:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2014 07:23:38 -0500 Subject: [Infowarrior] - 'Space Oddity' back online Message-ID: <16C13732-80FE-473E-9270-38D2C32FE77D@infowarrior.org> Chris Hadfield's Space Oddity Is Back on YouTube at Bowie's Say-So http://gizmodo.com/chris-hadfields-space-oddity-is-back-on-youtube-at-bowi-1654392200 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 4 06:59:11 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2014 07:59:11 -0500 Subject: [Infowarrior] - =?utf-8?q?GCHQ_Head=3A_U=2ES=2E_Tech_Companies_Of?= =?utf-8?q?fer_Terrorists_=E2=80=98Networks_of_Choice=E2=80=99?= Message-ID: <47CF5A4F-9160-4DB4-93C6-C124C17FDE74@infowarrior.org> British Intelligence Official Says U.S. Tech Companies Offer Terrorists ?Networks of Choice? By ALAN COWELL and MARK SCOTT NOV. 4, 2014 http://www.nytimes.com/2014/11/05/world/europe/GCHQ-director-tech-companies-militants.html LONDON ? One of Britain?s highest-ranking intelligence officials on Tuesday castigated the giant American companies that dominate the Internet for providing the ?command-and-control networks of choice for terrorists and criminals? and challenged the companies to find a better balance between privacy and security. Robert Hannigan, the newly appointed director of GCHQ, Britain?s electronic eavesdropping agency, also said that young foreign jihadis in Syria and Iraq had benefited from leaks by the former American intelligence contractor Edward J. Snowden. Mr. Hannigan?s harsh charges came in an opinion article published on Tuesday in The Financial Times, the British newspaper. GCHQ, which stands for Government Communications Headquarters, operates closely with the British domestic security service, MI5; the overseas intelligence service, MI6; and the National Security Agency in the United States. Mr. Hannigan?s comments, calling for ?a new deal between democratic governments and the technology companies in the area of protecting our citizens,? seemed to urge a reappraisal of the balance between civil liberties and national security. ?Privacy has never been an absolute right,? he said, ?and the debate about this should not become a reason for postponing urgent and difficult decisions.? He directed his remarks particularly at the Sunni militants of the Islamic State group, also known as ISIS or ISIL, who have spilled from Syria into broad sections of neighboring Iraq in an often-brutal campaign to create an Islamic caliphate. The group, he wrote, ?is the first terrorist group whose members have grown up on the Internet.? ?They are exploiting the power of the web to create a jihadi threat with near-global reach,? he continued. ?The challenge to governments and their intelligence agencies is huge ? and it can only be met with greater cooperation from technology companies.? This is not the first time that European government officials have asked some of the world?s largest technology companies, including Google and Facebook, to help in the fight against extremists. In October, European government officials met with senior executives from several companies like Microsoft and Twitter to discuss how terrorist groups were using social media networks to spread their messages across the Internet. After the meeting, the companies and policy makers agreed to organize future discussions about how to handle the potential online threat, though no concrete steps were announced. Technology companies, however, have previously been vocal that they comply with government demands to hand over information about their users only when they are mandated by court orders. This year, for example, Twitter said that it had received more than 2,000 requests for user account information from roughly 50 countries in the first six months of 2014, according to a company statement. The number of requests represented a 46 percent increase compared with the same period last year, and more than 60 percent of the requests came from the United States government. In the past, Al Qaeda and its affiliates, which have broken with the Islamic State, ?saw the Internet as a place to disseminate material anonymously or meet in ?dark spaces,'??? Mr. Hannigan wrote, while the Islamic State ?has embraced the web as a noisy channel in which to promote itself, intimidate people and radicalize new recruits.? Mr. Snowden, a former N.S.A. contractor, who fled to Moscow from Hong Kong in June 2013, has since been granted asylum in Russia. His name has become a byword for the disclosure of secret materials, including extensive revelations about cooperation between GCHQ and the N.S.A. In documents published in January, for instance, the two agencies were shown to be working together on how to collect and store data from dozens of smartphone applications. The article by Mr. Hannigan referred specifically to messaging and social media sites such as Twitter, Facebook and WhatsApp. ?There is no need for today?s would-be jihadis to seek out restricted websites with secret passwords: They can follow other young people posting their adventures in Syria as they would anywhere else,? he said. Mr. Hannigan called on the American companies that operate these social media sites to cooperate more fully with intelligence and surveillance agencies as the more tightly regulated telecommunications companies do. ?I understand why they have an uneasy relationship with governments,? he continued. ?They aspire to be neutral conduits of data and to sit outside or above politics. But increasingly, their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.? ?However much they may dislike it,? Mr. Hannigan continued, ?they have become the command-and-control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us. If they are to meet this challenge, it means coming up with better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now.? GCHQ is based in a huge building near Cheltenham, west of London. ?To those of us who have to tackle the depressing end of human behavior on the Internet,? Mr. Hannigan wrote, ?it can seem that some technology companies are in denial about its misuse. I suspect most ordinary users of the Internet are ahead of them: They have strong views on the ethics of companies, whether on taxation, child protection or privacy; they do not want the media platforms they use with their friends and families to facilitate murder or child abuse.? He continued, ?As we celebrate the 25th anniversary of the spectacular creation that is the World Wide Web, we need a new deal between democratic governments and the technology companies in the area of protecting our citizens. ?It should be a deal rooted in the democratic values we share. That means addressing some uncomfortable truths. Better to do it now than in the aftermath of greater violence.? Alan Cowell reported from London and Mark Scott from Dublin. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 4 20:04:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2014 21:04:07 -0500 Subject: [Infowarrior] - Virginia Police Have Been Secretively Stockpiling Private Phone Records Message-ID: <482758F5-E97E-45D6-AE06-1AD7C2B3116A@infowarrior.org> Virginia Police Have Been Secretively Stockpiling Private Phone Records ? By G.W. Schulz, Center for Investigative Reporting ? 10.20.14 | http://www.wired.com/2014/10/virginia-police-secretively-stockpiling-private-phone-records/ While revelations from Edward Snowden about the National Security Agency?s massive database of phone records have sparked a national debate about its constitutionality, another secretive database has gone largely unnoticed and without scrutiny. The database, which affects unknown numbers of people, contains phone records that at least five police agencies in southeast Virginia have been collecting since 2012 and sharing with one another with little oversight. Some of the data appears to have been obtained by police from telecoms using only a subpoena, rather than a court order or probable-cause warrant. Other information in the database comes from mobile phones seized from suspects during an arrest. The five cities participating in the program, known as the Hampton Roads Telephone Analysis Sharing Network, are Hampton, Newport News, Norfolk, Chesapeake and Suffolk, according to the memorandum of understanding that established the database. The effort is being led in part by the Peninsula Narcotics Enforcement Task Force, which is responsible for a ?telephone analysis room? in the city of Hampton, where the database is maintained. The unusual and secretive database contains telecom customer subscriber information; records about individual phone calls, such as the numbers dialed, the time the calls were made and their duration; as well as the contents of seized mobile devices. The information is collected and shared among police agencies to enhance analysis and law enforcement intelligence. The legality of the database is in question, however, and at least one law enforcement agency has declined to participate in the program due to legal concerns. ?My initial reaction is that it?s very disturbing and illegal under Virginia law,? said Rob Poggenklass, a staff attorney at the American Civil Liberties Union of Virginia, which was previously unaware of the database. The system was set up with virtually no public debate or concern expressed by elected officials, who approved resolutions authorizing the database. Hardly anyone outside of the five participating police agencies knows about the sharing network, though its creation was not kept secret. All over the U.S., local police agencies are collecting vast stockpiles of private information from people?some of it from people who have not been convicted of crimes but were merely stopped by police. As an example of the amount of data being collected, in the first-ever transparency reports released by major telecoms earlier this year, AT&T revealed that between January and June, it received nearly 80,000 criminal subpoenas for customer records from federal, state and local law enforcement agencies, while Verizon disclosed that it had received over 72,000 subpoenas from law enforcement during the same period. The Virginia system is yet another example of this creeping expansion of local law enforcement surveillance throughout the country. Minimal public information about the sharing network exists, but it first made an appearance on the agendas of local government meetings, where it met no resistance. Elected city council members in Newport News and Chesapeake, for instance, passed resolutions approving the telephone data-sharing agreement without objection. According to the memo establishing the information-sharing network, each participating city agrees to ?share telephone intelligence information derived from any source with the (task force) including: subpoenaed telephone call detail records, subpoenaed telephone subscriber information, and seized mobile devices.? Participating agencies can query the system by phone or email. If a city chooses to withdraw from the agreement, any records it supplied to the database remain, according to the memo. Details about the data collected from mobile phones and stored in the database are uncertain, but the data could be wide-ranging, since mobile users browse the Internet, exchange text messages and share contact lists, and technology available to police can extract much of this information from mobile devices, even if it?s hidden, deleted or password-protected. Police departments involved in the sharing network are tight-lipped about the database?s contents, refusing to say whether the contents of seized phones includes contact lists and text messages. Questions sent to each of the five cities contributing to the database were met with brief statements, when responses were provided at all. Sgt. Jason Price of the Hampton Police Division said his agency ?gathers, shares and retains information in accordance with local, state and federal law.? More specific answers ?could jeopardize on-going and future investigations,? he wrote in an email. It?s unclear whether the data that?s collected stays with the task force or is further shared with agencies beyond, perhaps with so-called intelligence fusion centers that exist in every state except Wyoming to facilitate information sharing and coordination among local and state police, the FBI, the Department of Homeland Security and other agencies. The ACLU?s Poggenklass said the database runs afoul of a privacy law in Virginia known as the Government Data Collection and Dissemination Practices Act, designed to curb the overcollection and misuse of digital personal information by state and local agencies. He points to an interpretation of that law issued last year by Virginia?s attorney general in reference to controversial automated license-plate readers that police departments nationwide have adopted enthusiastically in recent years. While law enforcers enjoy some exemptions from privacy laws during the course of an investigation, according to the opinion, those exemptions don?t apply when collected data ?is of unknown relevance and not intended for prompt evaluation and potential use.? In other words, there must be a clear law enforcement need. Without it, Poggenklass said, police should not be permitted to collect and retain records indefinitely in a database for future queries. Asked about the legal issues around the phone records database, Hampton City Attorney Vanessa Valldejuli said that due to recent court rulings, data in the system is gathered ?only via search warrant or court order consistent with law.? Court orders, as well as subpoenas, have a lower legal standard than warrants, which require investigators to articulate probable cause of a crime to an impartial judge. Valldejuli did not elaborate on which rulings she was referencing, what records those rulings affected or what steps were taken to minimize the impact on people not accused of a crime. She also wouldn?t say whether policies were different before and after the unspecified rulings. Not everyone in Virginia seems comfortable with the database. The Virginia State Police said through a spokeswoman that it opted not to join the phone record sharing network, even though it?s a member of the drug task force that helps oversee the database. It cited the state?s data practices act as the reason. The attorney general?s finding isn?t the only legal interpretation of relevance for the database. In a surprisingly tech-savvy ruling (.pdf) in June, the U.S. Supreme Court ruled unanimously that because mobile phones contain highly personal records of nearly every aspect of our lives, police must obtain a warrant before downloading the contents of a mobile phone when they arrest someone. Courts around the country are struggling to issue timely decisions telling police when and how they can use the rich amount of personal information now contained in smart phones. Federal appeals judges in Atlanta (.pdf) and New Orleans (.pdf), for instance, recently have issued contrasting opinions on whether police must meet the same standard to acquire historic cellphone records that would reveal a person?s movements. That creates continuing uncertainty for law enforcement investigators about what they can and cannot pursue short of a warrant. Additionally, the practice of obtaining cell tower dumps without a warrant, in which police seek records for every cellphone that has connected with a tower over a specific period of time, is problematic. A federal magistrate judge in New York this summer found that no warrant was necessary for tower dumps, but he did instruct police to determine how they could better handle the private information of innocent people. In the case of the Virginia database, it?s unclear whether content from seized cellphones?such as text messages? is included in the database or if it just contains so-called metadata describing the phone numbers called, the calls received and their date and duration. But even if only metadata is collected there is still a privacy concern, as the Snowden revelations over the last 18 months have made clear. Christopher Soghoian, principal technologist and senior policy analyst with the ACLU in Washington, said metadata is useful for assembling portraits of people?s lives over a period of time. ?Metadata is structured. That?s the whole point of metadata,? Soghoian said. ? ? Structured metadata enables really, really powerful analysis. If you have call records saying someone called a suicide hotline at 2 in the morning and was on the phone for an hour, you don?t need to know what they said. You know what they?re doing.? Since the Snowden leaks, the White House has responded with promises to curtail the indiscriminate gathering of bulk records and to require the Foreign Intelligence Surveillance Court to give specific approval for more narrowly targeted requests. Intelligence officials have at times argued that bulk records about individual communications didn?t threaten privacy when the actual contents of what was said weren?t included. But former NSA head Michael Hayden conceded during an April debate that metadata is revealing enough about one?s lifestyle and identity to target terrorism suspects abroad for attack. ?We kill people,? Hayden said at the debate, ?based on metadata.? This story was produced by The Center for Investigative Reporting, an independent, nonprofit newsroom based in the San Francisco Bay Area. For more, visit cironline.org. Schulz can be reached gwschulz at cironline.org. Follow him on Twitter: @GWSchulzCIR. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 5 15:00:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2014 16:00:09 -0500 Subject: [Infowarrior] - Verizon threatens protracted court battle if Title II is invoked Message-ID: <2D167CE2-AEA3-4729-8AAA-2DC913EC62D9@infowarrior.org> Verizon threatens protracted court battle if Title II is invoked updated 09:45 am EST, Wed November 5, 2014 http://www.electronista.com/articles/14/11/05/verizon.general.counsel.wants.18.year.old.pro.isp.law.to.dictate.policy/ Verizon general counsel wants 18-year-old pro-ISP law to dictate policy The ISP that started the entire net neutrality debate with a court win, Verizon, is threatening legal action, should the US Federal Communications Commission (FCC) implement Title II oversight of the telecommunications industry. Following claims that FCC Chairman Tom Wheeler is considering a hybrid approach to net neutrality and ISP regulation, Verizon is threatening counter-suits, claiming that doing so "fairly guarantees litigation" by multiple ISPs. In a Verizon general counsel blog post, Randal Milch sees two ways that the FCC net neutrality debate could play out. Milch claims that "either they 'over-regulate' the space by extending FCC authority beyond its statutory limits, or by creating regulations that have no basis in the record, thereby changing the way the Internet has operated for the past two decades; or they could impose less regulation than the Title II advocates would like." Title II regulation of broadband would apply regulation to ISPs similar to that of utilities, such as water and power. While the ISPs and some governmental supporters believe the FCC may not have this power, if implemented, US broadband access would be more tightly monitored for abuses, predatory pricing, and other anti-consumer measures. Additionally, the ISPs would be subject to independent ombudsmen deciding if the companies were taking advantage of their power over consumers. Milch believes that the FCC has "opened itself to credible challenges by all parties" with the reported hybrid approach. The general counsel believes that there is a solution that will prevent the new regulations from being mired in the courts again -- Section 706 of the Telecommunications Act of 1996. Section 706 spells out the FCC's authority in the space, and was originally intended to prevent a "digital divide" in the Internet, originally feared nearly 20 years ago. It spells out that the FCC "shall determine whether advanced telecommunications capability is being deployed to all Americans in a reasonable and timely fashion" and gives additional oversight to the agency, nowhere near what Title II regulation would provide. The Telecommunications Act of 1996 was a central pin in Verizon's victorious anti-net neutrality arguments earlier this year. Should the FCC rely on Section 706 for legislation, the ISPs would be able to determine what net neutrality is rather than a governmental agency, and Chairman Wheeler's "fast lanes" could still exist. The FCC would be hamstrung and not be able to effectively respond to abusive anti-consumer practices by ISPs such as throttling, and the status quo would be maintained. Milch feels that Section 706, with less oversight than Title II implies is the only way forward without costly, and lengthy litigation. If Title II is imposed, then Verizon and the other major ISPs have "no choice but to fight the sudden reversal of two decades of settled law." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 06:58:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 07:58:57 -0500 Subject: [Infowarrior] - Facebook killed the internet star: reflections on radical media Message-ID: <00FD128C-54AB-4E1B-969D-961523DA11D6@infowarrior.org> (c/o DG) Facebook killed the internet star: reflections on radical media < - > http://www.corporatewatch.org/news/2014/oct/28/facebook-killed-internet-star-reflections-radical-media We need a whole other way of using the internet -- Snowden put the matter out of doubt. I don't know exactly what that is -- possibly mass-scale VPNs (virtual private networks) - areas of the internet which are completely away from scrutiny, or other ways that a user can be on the internet in a cloaked or untraceable form. This already happens amongst the tech-savvy amongst us, but these tactics need to be widespread enough that whole political movements are using them. At the moment we've got the opposite to this -- most people sleepwalking their way into a surveillance state. I don't even know how something like Indymedia could re-emerge and be as strong as it was a decade ago, in this current climate, but sadly and ironically it's even less likely to happen than ever seeing as people are too seduced by the convenience of Facebook to go to the trouble of engaging in the further efforts required to get privacy. Maybe the Snowden revelations are sinking in, and will eventually cause a sea-change in web behaviour, but I can't see too many signs of it yet. < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 06:59:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 07:59:47 -0500 Subject: [Infowarrior] - What Bubble? Silicon Valley's Younger Set Opts for Optimism Message-ID: (c/o DG) [ department of those-who-don't-know-history-doomed-to-repeat-it but with the (unwritten below) note that when these companies go down they take not just money but data with them ] http://online.wsj.com/articles/what-bubble-silicon-valleys-younger-set-opts-for-optimism-1414969190 What Bubble? Silicon Valley's Younger Set Opts for Optimism by Christopher Mims, November 2, 2014 There's a generation gap in Silicon Valley, and it's over a great deal more than who is using Snapchat versus who is still sending emails. In tech, the psychological dividing line is whether you were in the game the last time it all came crashing down. "I remember the bubble bursting, but only just; I was 14," says Sam Altman, president of Y-Combinator. Mr. Altman may have yet to see his 30th birthday, but as the head of the most-influential incubator of startups in Silicon Valley, he is among the most well-connected people in tech. Everyone from Facebook co-founder Dustin Moskovitz to Yahoo Chief Executive Marissa Mayer guest-lectures in the course on startups Mr. Altman teaches at Stanford University. Companies that graduated from Y-Combinator include Airbnb and Dropbox. "People have been calling the next bubble [in tech] since 2008, and it's like they want it to crash," says Mr. Altman, referring to recent talk about how overheated are the valuations of early stage startups. I admit I've been among those folks, calling Uber Technologies' $18.2 billion valuation a "head scratcher," given the competition it faces now and in the future. Talking to Mr. Altman brings to mind another generation gap -- between those who lived through the Great Depression and their children. Major economic crises can scar even the most resilient among us. The question about what's currently going on in tech is whether it's different this time. I realize that is almost always a rhetorical question, but here's how Mr. Altman -- and to be fair, many others -- frame it: In the 2008-2009 stock marke t crash, many tech companies that had little or no revenue were vaporized. Plenty of those kinds of companies still exist. Some may even be in the list of 49 privately held companies currently valued at $1 billion or more. The good news is that since these companies remain private, public markets aren't directly exposed to them. Companies waiting to go public until they mature a bit is perhaps the one lesson that everyone learned from the last bubble. My own perspective is that of those 49 companies, there is no way to know how many could weather the kind of macroeconomic shock that is inevitable in our cyclical economy. Perhaps most of them learned from the last crash, or maybe none of them did, in which case a bunch of venture capitalists -- and more important, their investors, known as limited partners -- could take an epic bath. For the average investor, that would be fine if LPs were just a bunch of hedge funds and wealthy individuals, but public pension funds are the largest single source of money for venture-capital funds, representing 20% in 2014. And, of course, there always is the danger that high-profile failures of big startups, which some VCs have said are inevitable, would spook the wider markets. Mr. Altman says companies that come out of Y-Combinator are prepared for anything. "One of the things we urge Y-Combinator companies to do is to have profitability in grasp" he says. "If you need to get profitable before your A round of money, you ought to be able to do that." Whether or not companies that can make money when consumers are feeling confident can continue to make money when they are queasy about spending is a separate issue. And here's where Mr. Altman's optimism really comes in. He allows that "there is too much capital available right now, and there are too many startups. It's a little crazy right now." But he also says that "I believe in the future, and to be a good investor you have to believe in the future." Thus, the 10,000 applications that Y-Combinator received for its last class of startups, in the summer of 2014, represent for Mr. Altman not the cresting of a great wave of entrepreneurial hype, but the logical result of Y-Combinator's ability to concentrate power and influence in the valley through its alumni network, in which companies that graduate are made available to advise new recruits. Also fueling record interest in Y-Combinator and other startup incubators is the increasingly global nature of tech. Forty percent of this year's Y-Combinator applicant pool came from outside the U.S., says Mr. Altman. A recent report by London-based venture-capital firm Atomico found that the number of billion-dollar companies formed outside Silicon Valley is growing at a faster rate than the number formed within it. More than ever, entrepreneurs are coming to the valley to learn its ways, then returning to their respective countries and creating their own startup ecosystems, says Mr. Altman. All of this is good for tech. But is it good for those investing in tech, many of whom are propping up the valuations of big public companies whose taste for pricey acquisitions is fueling record acquisition prices? This is where I, as a card-carrying member of Generation X, must part ways with Mr. Altman. Economists say I'm a member of the first generation since the Depression to do worse than its parents. I graduated into the abysmal job market that followed the last tech bubble, and I survived the downturn that vaporized my own tiny startup in 2009. The nature of capitalist Darwinism is that markets crash and companies die. It's a necessary thinning of the herd, and it frees up resources for the fittest companies: engineers, office space, attention, everything that is scarce in our age of cheap capital. The process is good for tech, and it's good for some kinds of investors -- those with foresight or just luck. But does it mean there isn't a reckoning coming, even if it's different than the last one? Even someone who lacks the muscle memory for coping with economic free fall wouldn't say that. Of today's startups signing 10-year leases on lavish offices, piling on employee perks and generally spending like it's 1999, Mr. Altman says, "If you are dependent on raising money, you will die." -- christopher.mims at wsj.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 07:16:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 08:16:36 -0500 Subject: [Infowarrior] - British Spies Are Free to Target Lawyers and Journalists Message-ID: British Spies Are Free to Target Lawyers and Journalists By Ryan Gallagher @rj_gallagher Yesterday at 4:29 PM https://firstlook.org/theintercept/2014/11/06/uk-surveillance-of-lawyers-journalists-gchq/ British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents. On Thursday, a series of previously classified policies confirmed for the first time that the U.K.?s top surveillance agency Government Communications Headquarters (pictured above) has advised its employees: ?You may in principle target the communications of lawyers.? The U.K.?s other major security and intelligence agencies?MI5 and MI6?have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in ?sensitive professions? handling confidential information. The documents were made public as a result of a legal case brought against the British government by Libyan families who allege that they were subjected to extraordinary rendition and torture in a joint British-American operation that took place in 2004. After revelations about mass surveillance from National Security Agency whistleblower Edward Snowden last year, the families launched another case alleging that their communications with lawyers at human rights group Reprieve may have been spied on by the government, hindering their ability to receive a fair trial. In a statement on Thursday, Reprieve?s legal director Cori Crider said that the new disclosures raised ?troubling implications for the whole British justice system? and questioned how frequently the government had used its spy powers for unfair advantage in court. ?It?s now clear the intelligence agencies have been eavesdropping on lawyer-client conversations for years,? Crider said. ?Today?s question is not whether, but how much, they have rigged the game in their favor in the ongoing court case over torture.? Rachel Logan, a legal adviser at rights group Amnesty International, said that spying on lawyers affords the U.K. government an ?unfair advantage akin to playing poker in a hall of mirrors.? ?It could mean, amazingly, that the government uses information they have got from snooping on you, against you, in a case you have brought,? Logan said. ?This clearly violates an age-old principle of English law set down in the 16th century?that the correspondence between a person and their lawyer is confidential.? In the U.S., the NSA has also been caught spying on lawyers. Earlier this year, the agency was forced to reassure attorneys that it ?will continue to afford appropriate protection to privileged attorney-client communications acquired during its lawful foreign intelligence mission in accordance with privacy procedures required by Congress, approved by the Attorney General, and, as appropriate, reviewed by the Foreign Intelligence Surveillance Court.? In the U.K., the oversight of intelligence agencies is undoubtedly far more lax. According to the documents released Thursday, in at least one case legally privileged material that was covertly intercepted by a British agency may have been used to the government?s advantage in legal cases. One passage notes that security service MI5 identified an instance in which there was potential for ?tainting? a legal case after secretly intercepted privileged material apparently ended up in the hands of its lawyers. The policies state that the targeting of lawyers ?must give careful consideration to necessity and proportionality,? but the GCHQ policy document adds that each individual analyst working at the agency is ?responsible for the legality? of their targeting, suggesting that a large degree of personal judgement is involved in the process. Notably, there is no judicial oversight of eavesdropping conducted by GCHQ or other British security agencies; their surveillance operations are signed off by a senior politician in government, usually the Foreign or Home Secretary. The categories that allow the agencies to spy on lawyers or others working with ?confidential? material, such as journalists, are extremely broad. One policy document from GCHQ notes: If you wish the target the communications of a lawyer or other legal professional or other communications that are likely to result in the interception of confidential information you must: Have reasonable grounds to believe that they are participating in or planning activity that is against the interests of national security, the economic well-being of the UK or which in itself constitutes a serious crime. In practice, this could mean that any lawyer or an investigative journalist working on a case or story involving state secrets could be targeted on the basis that they are perceived to be working against the vaguely defined national security interests of the government. Any journalists or lawyers working on the Snowden leaks, for instance, are a prime example of potential targets under this rationale. The U.K. government has already accused anyone working to publish stories based on the Snowden documents of being engaged in terrorism?and could feasibly use this as justification to spy on their correspondence. GCHQ declined to comment for this post, referring a request from The Intercept to the government?s Home Office. A Home Office spokesperson said: ?We do not comment on ongoing legal proceedings.? Photo: Barry Batchelor/AP Email the author: ryan.gallagher at theintercept.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 07:21:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 08:21:45 -0500 Subject: [Infowarrior] - Why Hyping Cyber Threats is Counterproductive Message-ID: Robert Lee and Thomas Rid have a new paper: "OMG Cyber! Thirteen Reasons Why Hype Makes for Bad Policy." https://www.schneier.com/blog/archives/2014/11/why_hyping_cybe.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 07:23:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 08:23:46 -0500 Subject: [Infowarrior] - The Government is in Pursuit of a Less Secure Internet Message-ID: <8665EA50-028C-453B-88ED-9A5EF2BCC8AB@infowarrior.org> The Government is in Pursuit of a Less Secure Internet 11/04/2014 https://www.aclu.org/blog/national-security/government-pursuit-less-secure-internet By Nathan Freed Wessler, Staff Attorney, ACLU Speech, Privacy & Technology Project at 12:49pm A government proposal to change the rules for obtaining search warrants risks making all of us more vulnerable to cyber-attacks. The FBI wants to be able to infect computers with malware when it doesn't know where exactly they're located. The implications for computer security, and for constitutional limits on the government's search powers, are drastic. The Department of Justice is asking a judicial committee to amend Rule 41 of the Federal Rules of Criminal Procedure, which generally permits magistrate judges to issue search warrants to the government only for searches within their judicial district. The government wants to lift the geographical limitation to allow it to conduct electronic surveillance of devices whose locations are unknown. The Advisory Committee on Criminal Rules, which includes mainly judges, is holding a hearing tomorrow to consider the government's proposal. The ACLU will explain at the hearing why the proposed rule could be a game changer in degrading online security and how it could green light systemic constitutional violations. We know that the FBI ? and possibly other law enforcement agencies ? have been infecting the devices of criminal investigative targets since at least 2001. But if the proposed amendment is adopted, it will throw the doors wide open to an industry peddling tools to undermine computer security, and make the U.S. government an even bigger player in the surveillance software industry. That's cause for concern when you consider the government's own track record on data security. As we noted in a comment we submitted last week to the committee ahead of tomorrow's hearing, "Agencies struggle with the most basic security practices, such as using good passwords, updating anti-virus software, and encrypting internet traffic on their websites." Federal agencies reported a staggering 25,000 data breaches in 2013, and foreign governments and hackers have repeatedly penetrated federal systems ? the White House's network being the latest. Flaws in surveillance software used by the U.S. government could expose targets' devices not just to American law enforcement agents, but to foreign governments and malicious parties eager to exploit vulnerabilities to collect sensitive information. And the government's record when it comes to assessing the reliability of technology it has purchased doesn't exactly inspire confidence (think Healthcare.gov). Possibly even more disconcerting, however, is the market for vulnerabilities the amendment would encourage. In order to successfully infect the computers of targets, law enforcement agencies are increasingly seeking to purchase or so-called "zero-day" software exploits. Zero-day exploits take advantage of software vulnerabilities that are unknown to the software's manufacturer. Governments pay big bucks ? reportedly into the hundreds of thousands of dollars ? to acquire them, resulting in a largely unregulated market for these tools. Since the use of a given zero-day exploit depends on the continued existence of the vulnerability it's exploiting, governments withhold their existence from the manufacturer. That is, quite simply, frightening. Government officials often say that cyber-attacks are one of the biggest threats faced by this country. Given that assessment, shouldn't government be fixing, not exploiting, insecurities in widely used technologies? Indeed, a panel appointed by the president to review the NSA's surveillance programs wrote that "it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection." But by codifying law enforcement's ability to use malware to remotely access targets' computers, the proposed amendment to Rule 41 would be a major boost to the zero-day market, further commodifying vulnerabilities and incentivizing the government to stay mum when it discovers them. The constitutional concerns raised by the amendment are no less serious, and go beyond the kinds of procedural questions generally addressed by the committee. There are strong arguments that zero-day exploits are too intrusive, destructive, or dangerous to be reasonable under the Fourth Amendment, considering they endanger far more computers than those they target. For example, Stuxnet, the exploit launched by the United States and Israel apparently to target facilities in Iran, spread far beyond the targeted computer systems, infecting the networks of major U.S. companies. Similar questions arise for far less dramatic methods for infecting targets' computers. For example, we learned last week that in 2007 the FBI delivered spyware to a suspect by faking an Associated Press story and sending a link to the suspect's MySpace account. When the suspect clicked on the link, surveillance malware installed itself on his computer and initiated a search. What we don't know is whether the suspect unwittingly forwarded the link to other people or shared it via social media. If he did, the computers of numerous innocent people could easily have been secretly infected with malware and searched. In other investigations, the computers of law-abiding citizens could get easily swept up in an attack simply because they visited the same site as a target. That kind of dragnet search is unacceptable by the Constitution's standards. The committee demonstrated its thoughtful approach to these questions earlier this year, when the DOJ submitted an even broader proposal that would have allowed remote hacking of computers, as well as remote access to cloud-based services (like Gmail or Dropbox) during a search of a physical computer. The committee recognized the concerns raised by privacy advocates, and scaled back that proposal to ensure the government serve warrants on cloud service providers in order to access that information. When we testify tomorrow, we will urge the committee to reject the remaining parts of the government's proposal. The proposed amendment would expand the government's power to conduct searches of a particularly invasive nature. If such searches are to be allowed at all, they should be carefully regulated by Congress, which is better suited to weigh the constitutional and policy concerns that the proposal raises. We hope the committee recognizes that, and rejects the proposed amendment to Rule 41. The amendment, if passed, would have enormous implications for the security of each and every one of us. That's a decision our elected representatives ? and each of us ? should be weighing in on. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 07:26:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 08:26:33 -0500 Subject: [Infowarrior] - FBI admits agent impersonated AP reporter Message-ID: <40FB802B-31D2-4B46-A4B0-CD22C13E6384@infowarrior.org> FBI admits agent impersonated AP reporter to nab teen accused of bomb threats Xeni Jardin at 4:54 am Fri, Nov 7, 2014 http://boingboing.net/2014/11/07/fbi-admits-agent-impersonated.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 07:33:19 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 08:33:19 -0500 Subject: [Infowarrior] - all keystrokes in a Google doc can be played like a movie Message-ID: <9C770093-288B-45DF-A7DE-D6EDE9E6B18F@infowarrior.org> (c/o DG ... should be obvious to securitygeeks, but probably not-so-much to everyone else) [ what a lovely covert channel ] http://features.jsomers.net/how-i-reverse-engineered-google-docs/ If you've ever typed anything into a Google Doc, you can now play it back as if it were a movie -- like traveling through time to look over your own shoulder as you write. This is possible because every document written in Google Docs since about May 2010 has a revision history that tracks every change, by every user, with timestamps accurate to the microsecond; these histories are available to anyone with "Edit" permissions; and I have written a piece of software that can find, decode, and rebuild the history for any given document. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 7 12:09:28 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2014 13:09:28 -0500 Subject: [Infowarrior] - Islamic Extremists Use YouTube's Automated Copyright Dispute Process To Access Critics' Personal Data Message-ID: <18C39107-3125-45F4-AF98-1C9AAD4843EC@infowarrior.org> Islamic Extremists Use YouTube's Automated Copyright Dispute Process To Access Critics' Personal Data YouTube's infringement reporting system is -- like many others around the web -- fundamentally broken. Making bogus copyright claims is still an easy way to get channels shut down or to siphon ad revenue from existing videos. It can also be used as a censor -- a cheap and dirty way to shut up critics or remove compromising video. Apparently, Islamic extremists linked with Al-Qaeda have found another use for YouTube's mostly automated dispute process: low-effort doxxing. According to German news sites, a YouTube channel (Al Hayat TV) known for its criticism of Islam has had to send its listed contact person into hiding after bogus copyright claims filed by extremists led to the exposure of his personal information. On September 25th, someone using the name "First Crist, Copyright" filed bogus copyright complaints against Al Hayat TV. In order to prevent the channel from being shut down for multiple "strikes," Al Hayat TV was forced to file a counter notification. But in order to do so, the channel operators had to expose sensitive information. < - > https://www.techdirt.com/articles/20141106/12584829069/islamic-extremists-use-youtubes-automated-copyright-dispute-process-to-access-critics-personal-data.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 10 08:58:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Nov 2014 09:58:32 -0500 Subject: [Infowarrior] - WH Statement on Net Neutrality via Title 2 Message-ID: <3AB695B2-D075-4257-AADB-4F54AC51500D@infowarrior.org> President Obama supports neutrality rules via Title II reclassification http://www.whitehouse.gov/net-neutrality --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 10 09:48:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Nov 2014 10:48:33 -0500 Subject: [Infowarrior] - Cybersecurity codes being added to all federal job descriptions Message-ID: <73651D90-8934-4A03-BC72-F96985A950F2@infowarrior.org> Cybersecurity codes being added to all federal job descriptions Nov. 7, 2014 - 04:23PM | By AARON BOYD | Comments http://www.federaltimes.com/article/20141107/FEDIT03/311070012/Cybersecurity-codes-being-added-all-federal-job-descriptions By the end of 2015, the Office of Personnel Management plans to have every position within the federal government labeled with a descriptive code detailing the cybersecurity functions ? if any ? required of the employees performing that job function. Federal employees active in cybersecurity account for some 4 percent of the workforce but, until recently, there were no standard job descriptions for the work being done. Prior to OPM?s efforts, there were no clear definitions on cybersecurity workflow in federal agencies and no baseline for hiring managers on what related skills were needed across a variety of positions. ?We needed to collaborate and coordinate our stakeholder efforts to more accurately answer the question: so what is the DNA of the federal cybersecurity workforce?? OPM Human Capital Strategist Lucy Antone said. ?We knew it was not a single occupation but rather a work function of many federal occupations.? An inventory of the federal workforce showed that more than 100 occupation series include jobs that perform a significant amount of cybersecurity work, representing around 1.6 million employees, or 4 percent of the workforce. The OPM codes and framework ? centered on definitions culled from the National Initiative for Cybersecurity Education (NICE) and other stakeholders ? divide the cybersecurity functions into 31 specialty areas within seven work categories, as well as providing descriptive codes for program managers, supervisors and work functions where cybersecurity is not a significant part of daily operations. Antone offered the Interior Department as a potential example of how this system could be used to make better hiring decisions. ?One of the ones that came up was Park Ranger,? she said, noting that most people think a Park Ranger?s duties lie in the woods. However, there are rangers tasked with ensuring that the critical infrastructure around the nation?s parks and monuments are secure, including the related networks. ?So once you put some ideas behind it, you can see that the Department of Interior would need some people who are cybersecurity people,? she continued. ?Let?s say the Park Ranger code associated with this would be ?exploitation analysis? ... you would then code the position description for the cybersecurity data element ? this position has this type of cybersecurity in the job description.? When looking at applicants in the future, hiring managers at Interior would note the description code, match it to the detailed description within the framework and ensure that prospective candidates have the necessary skills to carry out the cybersecurity function. Starting in July, OPM required all federal agencies to label all positions within their departments using the new cybersecurity codes. Antone said OPM has set a goal to have every position within the federal government coded by the end of 2015. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 10 13:10:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Nov 2014 14:10:04 -0500 Subject: [Infowarrior] - FBI Is Offended That It Isn't Allowed To Control How The Press Portrays It Message-ID: <58085B27-D87A-4F58-8B0F-D1E29FB5E3C7@infowarrior.org> The FBI Is Offended That It Isn't Allowed To Control How The Press Portrays Its Deceptive Activities from the poor-james-comey dept https://www.techdirt.com/articles/20141109/07240929088/fbi-is-offended-that-it-isnt-allowed-to-control-how-press-portrays-its-deceptive-activities.shtml The last few weeks have revealed a bunch of deceptive practices by law enforcement -- mainly the FBI. First, there was the revelation that the FBI had impersonated an online news story to install malware in trying to track a high school bomb threat. Then, there was a story from a couple of weeks ago about the FBI turning off internet access at some luxury villas in Las Vegas, and then acting as repair technicians to get inside and search the place (while filming everything). That was a story we had hoped to cover, but hadn't yet gotten to it. However, after the NY Times editorial board slammed that operation, FBI Director James Comey wrote a reply defending the FBI's "use of deception." < - > And, so, apparently, not only does the FBI director think it's proper to use deceptive practices if "it works," he also thinks that the press should only report on the FBI's side of the story, furthering the deceptive practices with what's effectively propaganda. The use of deception by law enforcement is already questionable enough. Asking the press to be a willing participant in that deception is simply ridiculous. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 13 06:45:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2014 07:45:13 -0500 Subject: [Infowarrior] - All Financial Markets Are Rigged Message-ID: <514DAD1D-F582-41CA-8DF6-E417B2A5F65F@infowarrior.org> (just if you didn't know....) Markets Are Rigged http://www.ritholtz.com/blog/2014/11/currency-markets-are-rigged-3/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 13 15:35:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2014 16:35:40 -0500 Subject: [Infowarrior] - No, you can't seize country TLDs, US court rules Message-ID: No, you can't seize country TLDs, US court rules IDG News Service | November 13, 2014 http://www.itworld.com/article/2847638/no-you-cant-seize-country-tlds-us-court-rules.html In a landmark ruling that signals a win for the current system of Internet governance, a U.S. court has quashed an attempt to seize Iran's, Syria's and North Korea's domains as part of a lawsuit against those countries' governments. The plaintiffs in the case wanted to seize the country's ccTLDs (country code top-level domains) .ir, .sy and .kp after they successfully sued Iran, Syria and North Korea as state sponsors of terrorism. The domain seizure was part of a financial judgment against those governments. The claimants wanted to seize the domains from the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit US-based organization which oversees the Internet. The U.S. District Court for the District of Colombia however denied the plaintiffs' motions to seize the domains earlier this week, ICANN said. "This is very good news," said Peter van Roste, general manager of the Council of European National Top Level Domain Registries (CENTR). "It is very important, especially in these times, to show the world that domain names cannot simply be seized by U.S. law firms with all the possible consequences for the global use of the Internet," he said. ICANN had argued that ccTLD's can't be seized because they aren't property. Instead, they are more like postal codes that allow users to go to websites and send email to addresses under those domains, it said. However, the court didn't rule that domain names aren't property, said Van Roste, adding that the domain name sector would have welcomed such a verdict. Rather, the court found the ccTLDs have the nature of a contractual right, and ruled that rights arising under a contract cannot be seized as part of a judgment. Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers at idg.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 13 15:36:15 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2014 16:36:15 -0500 Subject: [Infowarrior] - Fwd: Why the Press Is Less Free Today - New Yorker References: Message-ID: Begin forwarded message: > From: Jonathan > > Interesting essay on the New Yorker site. > > Why the Press Is Less Free Today > By George Packer > http://www.newyorker.com/news/daily-comment/press-freedom-new-censorship -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Thu Nov 13 15:42:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2014 16:42:07 -0500 Subject: [Infowarrior] - My thoughts on yesterday's PCLOB privacy hearing Message-ID: <7B000122-DC81-4B5F-881B-B6456191B6B3@infowarrior.org> PCLOB: Defining Privacy Interests, 1/2 By Richard Forno on November 12, 2014 at 12:01 pm Today I am attending the Privacy and Civil Liberties Oversight Board hearing on "Defining Privacy" here in Washington, DC. Four sessions are planned for the day, as outlined on the PCLOB agenda, however due to a schedule conflict, I only anticipate being able to attend 2 or 3 of them, but will provide brief summaries of their salient points. Before moving into the day's events, I commend the PCLOB for assembling robust panels of technologists, lawyers, academics, and government representatives. Far too many of these DC events are staffed with political folks, lobbyists, or those simply there to regurgitate their own turf's dogmatic talking points. But the four panels of the day look to be a responsible balance of perspectives, organizations, and professional backgrounds that hopefully will provide meaningful content to the public discussion of this most timely and critical issue. < - > http://cyberlaw.stanford.edu/blog/2014/11/pclob-defining-privacy-interests-12 .. and part 2 ? http://cyberlaw.stanford.edu/blog/2014/11/pclob-defining-privacy-interests-22 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 13 15:46:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2014 16:46:37 -0500 Subject: [Infowarrior] - JSG on the IC Manipulating the Rules Message-ID: <166D4AD8-F6D6-4050-A029-CFEE66ED52D9@infowarrior.org> The Surveillance State?s Legalism Isn?t About Morals, It?s About Manipulating the Rules By Jennifer Granick Thursday, November 13, 2014 at 10:00 AM Margo Schlanger has written a great article forthcoming in the Harvard National Security Journal about intelligence legalism, an ethical framework she sees underlying NSA surveillance. Margo makes the case that NSA and the executive branch haven?t been asking what the right surveillance practices should be, but rather what surveillance practices are allowed to be. She takes the concept of legalism from political theorist Judith Shklar: ?the ethical attitude that holds moral conduct to be a matter of rule following, and moral relationships to consist of duties and rights determined by rules.? In the model of legalism that Margo sees the NSA following, any spying that is not legally prohibited is also right and good because ethics is synonymous with following the rules. Her critique of ?intelligence legalism? is that the rules are the bare minimum, and merely following the rules doesn?t take civil liberties concerns seriously enough. My question is whether legalism serves as a moral code for US Intelligence Community (IC) leadership, or only as a smokescreen. I believe the evidence shows that since 9/11,the IC, and specifically the NSA has not followed the rules. Rather, the agency has resorted to legalistic justifications in pursuit of other goals?namely whatever might be useful in countering terrorism. Before 9/11, the agency may have been focused on complying with FISA. But afterthat day, the NSA?s approach was that it ?could circumvent federal statutes and the Constitution so long as there was some visceral connection to looking for terrorists.? In other words, since 9/11, the moral center of gravity in the surveillance world has focused on doing whatever is necessary for hunting terrorists, not following the rules. Margo also argues that the NSA?s legalism equates to, for better or worse, the empowerment of lawyers. Sign-off by lawyers is, as Margo says, an important part of the process. Lawyer opinions gave telecommunications firms legal immunity for their cooperation with the government in conducting mass surveillance. Lawyers were used to compel compliance from underlings within the intelligence community. They?ve been used cynically for public relations purposes, trading on the public trust in the actions of government lawyers to cloud the public debate over legality. They?ve been used to marginalize the role of Congress in approving surveillance. The decisions of lawyers inside the surveillance community have allowed America?s spies to secretly expand their power as they develop classified capabilities and practices that the public and Congress haven?t yet become aware of, and have not even begun to regulate. But calling this ?empowerment? is misleading. We see lawyers who object to policies that may harm civil liberties bypassed in favor of handpicked counsel who give their bosses the answers they want. Lawyers are ratifying surveillance decisions policy makers have already made. That?s not empowerment, it?s subservience?.. < - > http://justsecurity.org/17393/ics-legalism-morals-manipulating-rules/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 13 17:21:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2014 18:21:51 -0500 Subject: [Infowarrior] - =?windows-1252?q?Americans=92_Cellphones_Targeted?= =?windows-1252?q?_in_Secret_U=2ES=2E_Spy_Program?= Message-ID: Americans? Cellphones Targeted in Secret U.S. Spy Program By DEVLIN BARRETT Updated Nov. 13, 2014 5:57 p.m. ET http://online.wsj.com/articles/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533 WASHINGTON?The Justice Department is scooping up data from thousands of cellphones through fake communications towers deployed on airplanes, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program. Planes are equipped with devices?some known as ?dirtboxes? to law-enforcement officials because of the initials of the Boeing Co. unit that produces them?which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information. The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location, these people said. < - > The program is the latest example of the extent to which the U.S. is training its surveillance lens inside the U.S. It is similar in approach to the National Security Agency?s program to collect millions of Americans phone records, in that it scoops up large volumes of data in order to find a single person or a handful of people. The U.S. government justified the phone-records collection by arguing it is a minimally invasive way of searching for terrorists. < - > Similar devices are used by U.S. military and intelligence officials operating in other countries, including in war zones, where they are sometimes used to locate terrorist suspects, according to people familiar with the work. In the U.S., these people said, the technology has been effective in catching suspected drug dealers and killers. They wouldn?t say which suspects were caught through this method. The scanning is done by the Technical Operations Group of the U.S. Marshals Service, which tracks fugitives, among other things. Sometimes it deploys the technology on targets requested by other parts of the Justice Department. Within the Marshals Service, some have questioned the legality of such operations and the internal safeguards, these people said. They say scooping up of large volumes of information, even for a short period, may not be properly understood by judges who approve requests for the government to locate a suspect?s phone. Some within the agency also question whether people scanning cellphone signals are doing enough to minimize intrusions into the phone system of other citizens, and if there are effective procedures in place to safeguard the handling of that data. It is unclear how closely the Justice Department oversees the program. ?What is done on U.S. soil is completely legal,? said one person familiar with the program. ?Whether it should be done is a separate question.? < - > Write to Devlin Barrett at devlin.barrett at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 14 06:34:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Nov 2014 07:34:49 -0500 Subject: [Infowarrior] - Why ISIS coverage sounds familiar Message-ID: (Colhoun is spot-on with this analysis, I think. Using the phrase 'solipsistic nationalism' is particularly disturbing if not also true. --rick) 06:50 AM - November 14, 2014 Why ISIS coverage sounds familiar The evolving narrative about a new terrorist threat is reminiscent of the Iraq War By Damaris Colhoun http://www.cjr.org/behind_the_news/why_isis_coverage_sounds_famil.php?page=all In the months since ISIS beheaded two American journalists and released the video tapes for all the world to see, there have been reports of shadowy new terrorist cells in Syria, lone wolf attacks in the West, and the progress of the US-led airstrikes. These reports belong to a larger narrative that is changing week to week, sometimes day to day, yet its pattern and tone are familiar. Driven by a national outcry over the gruesome beheadings, the news media has focused on threats at home and abroad, while invoking the comforting myth of America?s military prowess. Like the media coverage that led up to the invasion of Iraq in 2003, much of it is based on official, often anonymous sources, and a startling lack of evidence. ?We read the same things, we heard the same things about Al Qaeda,? said Yahya Kamalipour, who chairs the journalism department at North Carolina A&T State University, and the author of US Media and the Middle East: Image and Perception. ?[ISIS] is an outcome of that really fundamentalist group, that?s my point. The situation is not getting any better; it?s like a feedback loop.? Like the media coverage that led up to the invasion of Iraq in 2003, much of it is based on official, often anonymous sources, and a startling lack of evidence. Twelve years ago, the media coverage that led up to the war in Iraq marched in step with an administration that was eager to go to war. Today, ?Threats and Responses,? the 2002 article in which Michael Gordon and Judith Miller claimed that the purchase of aluminum tubes was evidence that Saddam Hussein had a cache of nuclear weapons, has become a touchstone example of the failure of the press. The wrong piece at the right time, it helped the administration justify war in a moment when the American public was reeling from 9/11. This summer, the videotaped beheadings of the American journalists inflicted their own kind of trauma, especially on the journalism community. The image of James Foley, kneeling in the desert, a knife against his neck, cannot be unseen. William Youmans, who teaches media and public affairs at George Washington University, worries that the outrage it sparked has given way to the same sort of solipsistic nationalism that transfixed the media in the buildup to the invasion of Iraq in 2003. He wonders what, if anything, has changed. ?There was a great deal of soul searching after the widely repeated, uncritical coverage leading up to the Iraq war,? Youmans said. ?But I don?t know if that soul searching resulted in any fundamental changes in the relationship between the media and the political elite.? The recent coverage suggests that this relationship is as close as ever. In the same week that Obama announced an open-ended bombing campaign against the Islamic State in Iraq and Syria, the AP reported that a new terrorist cell had emerged that posed an even ?more direct and imminent threat to the United States? than ISIS, in the form of the Khorasan group. With Obama administration officials publicly touting the group, the story flared through broadcasts and headlines on CBS and The New York Times, which quoted the director of national intelligence, James R. Clapper Jr., as saying that ?in terms of threat to the homeland, Khorasan may pose as much of a danger as the Islamic State??despite there being almost no public information about Khorasan, or any concrete evidence as to who might belong to it. Two days later the first bombs fell in Syria. Then in October the media glommed onto reports from law enforcement and terrorism officials that a series of violent episodes?including a slashing in Queens, a shooting in Ottawa, and a murder plot in Australia?may be evidence of ISIS?s capacity to catalyze terror attacks in the West. With congressional leaders calling for the military and police to be on guard, The Wall Street Journal described the attackers as ?growing in number? and ?hard to defend against.? CNN compared them to the shoe-bomber and other ?lone wolves,? all of them Muslim, who had been self-radicalized in the West. Fox News called the American people ?sitting ducks.? As was the case with the Khorasan group, the lone wolf threat was not based on evidence. Instead, it was based on messages that had appeared on Islamic State web forums urging ?lone wolves in America? to plant explosives and target police. Now that 1,500 additional US troops have been deployed to Iraq, a stunning development for an administration that had promised to drawdown the US presence there, it?s the coverage of the airstrikes themselves that is dominating the news. And with Khorasan largely debunked?by publications as diverse as Foreign Policy, the National Review, and The Intercept?and the threat of the lone wolf wiped from the headlines (Gawker had called it a ?fairy tale?), a number of experts are wondering who exactly is driving the story. According to Steve Livingston, a media scholar at George Washington University, media coverage since the Vietnam war has tended to privilege official sources, especially from the White House. ?News coverage of war and foreign policy is indexed to the limited range of elite opinions,? he says, ?at least in the short run.? Lee Artz, who teaches communications at Purdue University, and the author of Public Media and Public Interest and Cultural Hegemony in the United States, said he sees these findings reflected in the constantly shifting narrative about the Islamic State. ?The mainstream media in the US tends to accept uncritically whatever the US administration releases,? he says. ?ISIS has been around for years, but according to the US it didn?t pose any threat to Western civilization until this summer. And then when the bombing campaign begins against ISIS, suddenly this group Khorasan appears as a more immediate threat, a more dangerous threat, although there wasn?t any background to it.? Artz says the threats that drew us into the Persian Gulf war in 1991, and Iraq in 2003, were similar. ?In each case, intervention began with some threat that turned out to be convenient and useful to the US policy of intervention.? A fog of information contributes to the problem. ISIS?s campaign of violence has made it all but impossible for American journalists to report on the ground in Iraq and Syria. And even though there are plenty of voices that are critical of the recent ISIS narrative, those voices aren?t reaching the majority of Americans, who get their news through national cable TV, and whose awareness of news sources is split along partisan lines. Youmans believes there?s still a shortage of sound international reporters and people who know the region very well, and that increased collaboration between Arab and American journalists could help enrich the national conversation. A documentary released by Vice, in which reporter Medyan Dairieh embedded with the Islamic State for three weeks, is one recent example. The documentary sparked controversy for giving a voice to the jihadists, for its graphic, gruesome footage, and for possibly being illegal. But the reporter?s methods also captured the nuances of how the IS operates within the context of the region, in relation to other states, and its success in rooting out corruption in local markets?nuances that rarely surface in mainstream news outlets because they remain unknown, or do not fit the narrative. Youmans does not defend what the IS stands for, but says he is disturbed by the lack of nuance in much of the current reporting. ?When the media starts erasing the bad things that good people do, and the good things that bad people do, that?s how we know it?s an information war.? For now, without the benefit of hindsight, the recent coverage of ISIS and the airstrikes may only be notable for revealing just how little is actually known. Last week?s reports that the airstrikes were working have given way to doubt. Targets and alliances are shifting. Reports that US planes were passing through Syrian airspace and conspicuously not being shot at left many wondering whose side the US is on. This week, both The Washington Post and The New York Times ran pieces on the obstacles that are preventing the airstrikes from being more effective: Citing official and anonymous sources, the Post piece was framed around whether or not a key IS leader had been killed; the Times described the bad weather, a lack of intelligence, and an inability to locate targets, positing that ISIS had gone underground. The Times piece appeared alongside another one by Ben Hubbard, who wrote that ?the news media in general had perhaps given the impression that [ISIS] was stronger and more powerful than it actually is.? Given the story he wrote last week, it almost seemed like an apology. The reversals struck Artz as curious. ?They send out bombing raids but they can?t find anybody to bomb. And again, this is the front page of The New York Times. So where?s the existential threat?? Meanwhile, a toolkit for journalists covering the airstrikes appeared on journalistresource.org. Complete with lessons from previous conflicts, including new data-driven research on how the bombings of civilian areas during the Vietnam war ?systematically shifted control in favor of the Viet Cong insurgents,? the toolkit?s mission was clear: Let?s not repeat the mistakes of the past. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 14 06:42:19 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Nov 2014 07:42:19 -0500 Subject: [Infowarrior] - UK to stop its citizens seeing extremist material online Message-ID: <4578049A-43DE-4445-BF75-4C5364E01256@infowarrior.org> UK to stop its citizens seeing extremist material online David Meyer Nov. 14, 2014 - 3:01 AM PST The U.K.?s big internet service providers, including BT, Talk Talk, Virgin Media and Sky, have agreed to filter out terrorist and extremist material at the government?s behest, in order to stop people seeing things that may make them sympathetic towards terrorists. The move will also see providers host a public reporting button for terrorist material. This is likely to be similar to what is already done with websites that may host child pornography ? people can report content to the Internet Watch Foundation (IWF), an organization that maintains a blacklist, to which that site could then be added. In the case of extremist material, though, it appears that the reports would go through to the Counter Terrorism Internet Referral Unit (CTIRU), which is based in London?s Metropolitan Police and has already been very active in identifying extremist material and having it taken down. CTIRU told me in a statement: ?The unit works with UK based companies that are hosting such material. However the unit has also established good working relationships with companies overseas in order to make the internet a more hostile place for terrorists.? Government sources also told me that Facebook, Google, Yahoo and Twitter have agreed to ?raise their standards and improve their capacity to deal with this material.? Jim Killock, executive director for the Open Rights Group, said in a statement: ?We need transparency whenever content is blocked for political reasons. Companies have a duty to protect free speech, and should be extremely wary of taking responsibility for deciding whose views are acceptable. It is better left to the courts.? The decision comes a year after the British government said it would force ISPs to block ?extremist? websites. On Friday Prime Minister David Cameron, who is visiting Australia, told that country?s parliament: < -- > https://gigaom.com/2014/11/14/uk-to-stop-its-citizens-seeing-extremist-material-online/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 16 16:14:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Nov 2014 17:14:34 -0500 Subject: [Infowarrior] - State Dept shuts down email Message-ID: <276CE8BF-A374-4A45-842A-CDECFD8B3885@infowarrior.org> Nov 16, 3:40 PM EST State Dept computers hacked, email shut down By MATTHEW LEE AP Diplomatic Writer http://hosted.ap.org/dynamic/stories/U/US_STATE_DEPARTMENT_COMPUTERS WASHINGTON (AP) -- The State Department has taken the unprecedented step of shutting down its entire unclassified email system as technicians repair possible damage from a suspected hacker attack. A senior department official said Sunday that "activity of concern" was detected in the system around the same time as a previously reported incident that targeted the White House computer network. That incident was made public in late October, but there was no indication then that the State Department had been affected. Since then, a number of agencies, including the U.S. Postal Service and the National Weather Service, have reported attacks. The official said none of the State Department's classified systems were affected. However, the official said the department shut down its worldwide email late on Friday as part of a scheduled outage of some of its Internet-linked systems to make security improvements to its main unclassified computer network. The official was not authorized to speak about the matter by name and spoke on condition of anonymity. The official said the department expects that all of its systems will be operating as normal in the near future, but would not discuss who might be responsible for the breach. Earlier attacks have been blamed on Russian or Chinese attackers, although their origin has never been publicly confirmed. The State Department is expected to address the shutdown once the security improvements have been completed on Monday or Tuesday. ? 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Learn more about our Privacy Policy and Terms of Use. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 17 09:17:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Nov 2014 10:17:37 -0500 Subject: [Infowarrior] - =?windows-1252?q?Judges_impose_rare=2C_stricter_r?= =?windows-1252?q?equirement_for_=93stingray=94_use_by_police?= Message-ID: Judges impose rare, stricter requirement for ?stingray? use by police Washington judges: Locals cops must not collect data from innocent people. by Cyrus Farivar - Nov 17 2014, 9:30am EST Previously, as is the case nearly everywhere else in the country, law enforcement would go to a judge asking for a "pen register, trap and trace" order, which in the pre-cellphone era allowed law enforcement to obtain someone's calling metadata in near real-time. Now, that same data can be gathered directly by the cops themselves through the use of a stingray used against mobile phones. Stingrays, however, also can be used to intercept calls and text messages, and the stingray doesn't only work against one target phone but also against other phones that may happen to be nearby. The new, more stringent standard is unusual among American courts. < - > http://arstechnica.com/tech-policy/2014/11/judges-impose-rare-stricter-requirement-for-stingray-use-by-police/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 17 17:13:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Nov 2014 18:13:40 -0500 Subject: [Infowarrior] - The USA Freedom Act: What's to Come and What You Need to Know Message-ID: <3A82BA7C-322C-4021-834D-0E54D9FEB6E4@infowarrior.org> November 17, 2014 | By Mark Jaycox The USA Freedom Act: What's to Come and What You Need to Know https://www.eff.org/deeplinks/2014/11/usa-freedom-act-week-whats-come-and-what-you-need-know The USA Freedom Act, the leading contender for NSA reform, is set for a vote this week. The bill has some problems, but is a major step forward for surveillance reform. That's why we're asking you to call your Senator and urge them to support the USA Freedom Act. Here's a rundown of what's to come, what you need to know, and what may happen this week: What is the USA Freedom Act and How Did we Get Here? The USA Freedom Act is a bill that was first proposed last year by Senator Patrick Leahy and Representative Jim Sensenbrenner. The original version of the bill limited the NSA's call records collection program, introduced a special advocate into the secretive court overseeing the spying, mandated much needed transparency requirements, and included significant reform of Section 702 of the Foreign Intelligence Surveillance Amendments Act (FISAA), the law used to collect Americans? communications in bulk. It took several months, but the original version of the bill was finally taken up by the House of Representatives in May. Unfortunately, prior to a vote on the original bill in May, the House made significant, last-minute changes that watered down the bill?s privacy protections. Nevertheless, the House passed a new?weaker??USA Freedom Act? against the protests of privacy advocates. In response, Senator Leahy vowed to move a stronger bill forward that provided meaningful surveillance reform. What resulted is the current version of the USA Freedom Act, which was released in July of this year. The current version does many of the same things as the original bill except it doesn't offer significant reform of Section 702 of FISAA. The current version is the bill up for debate this week. Where We're Going The Senate will hold two major votes this week. On Tuesday night, it will vote whether or not to move forward to debate the USA Freedom Act. Senator Leahy needs 60 Senators to vote in favor of moving forward. After obtaining the 60 votes, the Senate will then begin to debate the bill and any amendments. After the debate, it will hold another vote on Wednesday or Thursday on the final bill text. There is a very real possibility that the Senate?just like the House?may try to weaken the bill. That's why when you call your Senator it's important to stress that Senators support the USA Freedom Act and oppose any amendments that would weaken the bill. What You Can Do Help us get to 60 votes by calling your Senator now. This is the most important step since the Senate must obtain 60 votes before it will begin to debate the USA Freedom Act. During the debate, we urge Senators to offer amendments that strengthen the bill. These amendments would: ? Ensure the illegal "backdoor" search of Americans' communications ends; ? Grant additional power to the "special advocate" in the secret FISA court; ? Shorten the FISA Amendments Act sunset to 2015; ? Enhance the Privacy and Civil Liberties Oversight Board powers; ? Provide Americans a clear path to assert legal standing to sue the government for privacy abuses; ? Ban the NSA from undermining commonly used encryption standards; and, ? Fix the National Security Letter statute. After the debate, a final vote on the final text will probably occur Wednesday or Thursday. Time to Pass NSA Surveillance Reform The first hurdle to overcome this week is the Tuesday vote. Once the Senate comes up with 60 votes, there may be a whirlwind of amendments altering the bill on Wednesday or Thursday. Stay tuned to our twitter account and home page for any analysis or statements on the amendments. A final vote on the bill will most likely occur Wednesday night or Thursday. And as we said last week when Senate Majority Leader Reid moved the USA Freedom Act forward: We urge the Senate to pass the bill without any amendments that will weaken it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 07:11:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 08:11:08 -0500 Subject: [Infowarrior] - good read: The NSA's Efforts to Ban Cryptographic Research in the 1970s Message-ID: <42A07BDB-ED27-4444-AB63-E5213B7F6E15@infowarrior.org> Keeping Secrets Four decades ago, university researchers figured out the key to computer privacy, sparking a battle with the National Security Agency that continues today. BY HENRY CORRIGAN-GIBBS https://medium.com/stanford-select/keeping-secrets-84a7697bf89f --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 09:26:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 10:26:13 -0500 Subject: [Infowarrior] - Russia's new information/media operation Message-ID: <1CE6A1FD-2D42-48F2-AD2E-03BC6271E836@infowarrior.org> Russia launches Sputnik to silence dissent, combat West?s ?information war? against Putin State-run media outlet to open newsrooms in more than 30 capitals, including Washington, D.C. By Marc Bennetts - Special to The Washington Times - - Sunday, November 16, 2014 MOSCOW ? The Kremlin this month unveiled its latest weapon to combat the West?s ?information war? on President Vladimir Putin with the launch of Sputnik ? a lavishly funded, international media outlet whose advent heralds a silencing of dissent and criticism in Russia. Named after the Soviet satellite that spooked Western powers when it became the first man-made object to leave the Earth?s atmosphere in 1957, state-run Sputnik plans to open newsrooms in more than 30 capitals, including Washington. Other offices will open in Beijing and Cairo, as well as in former Soviet republics. Headed by Dmitry Kiselyov, a virulently anti-Western TV anchor who says the role of Kremlin-run media is to ?love Russia,? Sputnik replaces the widely respected RIA Novosti state news agency, which was ?liquidated? late last year on the orders of Mr. Putin. It also incorporates the Voice of Russia radio station. Speaking to journalists last week, Mr. Kiselyov, 60, said Sputnik is aimed at an international audience ?tired of aggressive propaganda promoting a unipolar world and who want a different perspective.? Sputnik?s launch comes just weeks after Kremlin administration chief Sergei Ivanov said Russia and Mr. Putin were victims of an international smear campaign. ?There is an information war,? Mr. Ivanov told academics and journalists in late October. ?Facts are misrepresented, while white is called black and vice versa. There have been multiple statements, some of which have simply been lies.? < - > http://www.washingtontimes.com/news/2014/nov/16/sputnik-launched-by-russia-to-silence-dissent-comb/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 10:15:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 11:15:27 -0500 Subject: [Infowarrior] - Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools Message-ID: <1A4C2641-DC98-488A-AEAE-E1C069B42502@infowarrior.org> Let's Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools Written by Lucy Teitler November 17, 2014 // 11:15 AM EST http://motherboard.vice.com/read/michael-ossmann-and-the-nsa-playset --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 13:03:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 14:03:52 -0500 Subject: [Infowarrior] - New, Free CA to Dramatically Increase Encrypted Internet Traffic Message-ID: <8801BA3D-79F8-4E8D-8EBC-90E04566F22D@infowarrior.org> November 18, 2014 New, Free Certificate Authority to Dramatically Increase Encrypted Internet Traffic Non-Profit to Offer One-Click Process to Implement Secure Web Browsing https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic San Francisco - The Electronic Frontier Foundation (EFF) is helping to launch a new non-profit organization that aims to dramatically increase secure Internet browsing. Let's Encrypt is scheduled to offer free server certificates beginning in summer 2015. "This project should boost everyday data protection for almost everyone who uses the Internet," said EFF Technology Projects Director Peter Eckersley. "Right now when you use the Web, many of your communications?your user names, passwords, and browsing histories?are vulnerable to hackers and others. By making it easy, fast, and free for websites to install encryption for their users, we will all be safer online." Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol?in contrast to HTTP?encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection. The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation. Let's Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation. ISRG will work with Mozilla, Cisco Systems Inc., Akamai, EFF, and others to build the much-needed infrastructure for the project and the 2015 launch. "The Let's Encrypt certificate authority will dramatically increase the ability of websites around the world to implement HTTPS, increasing the security of hundreds of millions of Internet users every day," said Eckersley. For Let's Encrypt: https://letsencrypt.org For more on Let's Encrypt and how it will work: https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web Contacts: Peter Eckersley Technology Projects Director Electronic Frontier Foundation pde at eff.org Josh Aas Let's Encrypt press at letsencrypt.org --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 14:17:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 15:17:34 -0500 Subject: [Infowarrior] - The Ongoing Fear-Mongering of Michaels Hayden & Mukasey Message-ID: (Because, you know, zero-risk *is* acheivable, we're just not using any and all conceivable methods to get there. And of course, they must ratchet up the conflation of threats ... anything ..... to scare people into submission and not support *any* reform of controversial surveillance activities. I'm waiting for the Lovejoyian cries of "think of the children" later this afternoon before the vote. --rick) NSA Reform That Only ISIS Could Love The misnamed USA Freedom Act is exquisitely crafted to hobble the gathering of electronic intelligence. By MICHAEL V. HAYDEN And MICHAEL B. MUKASEY Nov. 17, 2014 7:00 p.m. ET For those charged with gathering the information our government needs to keep us safe, the news has been grim. Following the leaks by Edward Snowden beginning in June last year of highly classified intelligence gathering techniques, the former head of the National Counterterrorism Center, Matthew Olsen, disclosed in September that terrorists tracked by U.S. intelligence services have started encrypting their communications in ways that defeat detection, and that the government has lost track of several. Meanwhile, Islamic State terrorists continue to rampage across Syria and Iraq, even as the group, also known as ISIS, uses sophisticated Internet communications to swell its ranks with recruits bearing U.S., Canadian or European passports who can easily slip back into their native countries and wreak havoc. In that threat environment, one would think that the last thing on the ?to do? list of the 113th Congress would be to add to the grim news. Yet Senate Majority Leader Harry Reid has announced that he will bring to the floor the extravagantly misnamed USA Freedom Act, a major new bill exquisitely crafted to hobble the gathering of electronic intelligence. For starters, the bill ends the National Security Agency?s bulk collection of what is called telephone metadata. This includes the date, time, duration and telephone numbers for all calls, but not their content or the identity of the caller or called, and is information already held by telephone companies. The bill would substitute a cumbersome and untried process that would require the NSA, when it seeks to check on which telephone numbers have called or been called by a number reasonably associated with terrorist activity, to obtain a warrant from the Foreign Intelligence Surveillance Court, or FISA court, and then scurry to each of the nation?s telephone-service providers to comb through the information that remains in their hands rather than in the NSA?s. Nothing in the bill requires the telephone companies to preserve the metadata for any prescribed period. Current Federal Communications Commission regulations impose an 18-month retention requirement, but administrative regulations are subject to change. It isn?t hard to envision companies that wish to offer subscribers the attraction of rapid destruction of these records, or a complaisant bureaucracy that lets them do it. The bill?s imposition of the warrant requirement on the NSA would be more burdensome than what any assistant U.S. attorney must do to get metadata in a routine criminal case, which is simply to aver that the information is needed in connection with a criminal investigation?period. Proponents say this change is necessary to allay fears that the NSA could use telephone metadata to construct an electronic portrait of an American citizen?s communications, and determine whether that person has, say, consulted a psychiatrist, or called someone else?s spouse. However, only 22 people at the NSA are permitted access to metadata, and only upon a showing of relevance to a national-security investigation, and they are barred from any data-mining whatsoever even in connection with such an investigation. They are overseen by a Madisonian trifecta of the FISA court, the executive and committees of Congress. Those people and everyone else at the NSA live in constant dread of failing to detect a terrorist attack. Nonetheless, the sponsors of the USA Freedom Act prefer the counsel of hypothetical fears to the logic of concrete realities. This sensitivity to abstract concerns doesn?t stop at the water?s edge. Under the bill, if the FISA court directs any change, however technical, in the gathering of information from foreigners abroad, no information gathered before the change is implemented could be used before any official body in this country?agency, grand jury, court, whatever. Back in the bad old days, as during World War II and the Cold War, intelligence of all sorts directed at protecting national security was gathered by the executive without supervision by judges who, after all, know nothing about the subject and cannot be held to account for adverse outcomes. After the Watergate scandal and the resignation of President Nixon, the FISA court was established in 1978 to provide oversight for intelligence gathering, in addition to that already provided by the executive and by Congress. Now, there are those who complain that the FISA court accedes too often to requests for government access to information, and does not appear to resemble a true court in that there is no public advocate opposing the government position. But the nearly uniform success of the government before the FISA court is due both to the government?s careful restraint in presenting applications, and to pushback from the court itself?which results in the amendment of applications. Even when the government applies for wiretaps or search warrants in ordinary criminal cases there is no advocate opposing the application. Nonetheless, this new bill would establish a permanent advocate appointed by the court to oppose the government?s applications before the FISA court. This provision has elicited an extraordinary written objection from a former presiding judge of the FISA court. U.S. District Judge John D. Bates points out that the presence of such an advocate, who cannot conceivably be aware of all the facts, would simply add to the burdens of the court and could wind up sacrificing both national security and privacy. This bill redefines the FISA court, which was never meant to be an adversary tribunal and was imposed simply as an added safeguard in the 1970s, without regard to its history or its purpose. Worse, it is a three-headed constitutional monster: It is a violation of both the separation of powers principle and the Constitution?s appointments clause by having judges rather than the president appoint the public advocate, and then it has the advocate litigate against the Justice Department when both executive offices are supposed to be controlled by the president. The bill is not an unrelieved disaster. It rightly allows for the expansion of metadata gathering to include more calls made by cellphones. Not surprisingly, the bill has received the endorsement of President Obama ?s attorney general, Eric Holder , and his director of national intelligence, James Clapper, who in a Sept. 2 letter to the Senate Judiciary Committee said they were ?comfortable? with the bill?s provisions?even as they conceded that the bill may have ?additional impacts that we will be able to identify only after we start to implement the new law.? If that calls to mind the Affordable Care Act and the suggestion that we should wait and find out what is in the bill until after it passes, bear in mind that ?additional impacts? here may include holes in the ground where buildings used to stand and empty chairs where people used to sit. There is no immediate or emergency need for this piece of legislation. Current surveillance authorities do not expire at the end of this year, which is fortunate given the current threats we face at home and abroad. The USA Freedom Act should await the attention of the Congress that will actually oversee it. A change to national-security procedures is not something to be rushed through in a lame-duck session. ##### Mr. Hayden, a retired Air Force general, is a former director of the Central Intelligence Agency (2006-09) and the National Security Agency (1999-2005). Mr. Mukasey is a former attorney general of the United States (2007-09) and a former U.S. district judge (1988-2006). From rforno at infowarrior.org Tue Nov 18 14:52:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 15:52:21 -0500 Subject: [Infowarrior] - ISOC: 'Oh, Hell No' To ICANN's Plan For A 'UN Security Council For The Internet' Message-ID: <1654DD41-F13A-4198-BC29-EEE8BAE50D06@infowarrior.org> Internet Society Says 'Oh, Hell No' To ICANN's Plan For A 'UN Security Council For The Internet' from the run-that-by-me-again dept Earlier this month, ICANN, along with the World Economic Forum and a Brazilian government group called CGI.br, announced a NetMundial Initiative, which is being described as a sort of "UN Security Council for the internet." If NetMundial sounds familiar, that's because back in April there was a big meeting on internet governance in Brazil called NetMundial. While this has the same name, it seems to be basically unrelated to that, but rather, it appears to be these three groups setting themselves up in power positions over internet governance. While those behind it tossed in a bunch of buzzwords, about how it would be "open source," a "shared public resource" and would have a "bottom-up, transparent" process, there was a bit of a problem with all of that. You see, the three founding organizations also... installed themselves as permanent members who would control the council. < -- > https://www.techdirt.com/articles/20141117/17550129174/internet-society-says-oh-hell-no-to-icanns-plan-un-security-council-internet.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 19:01:39 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 20:01:39 -0500 Subject: [Infowarrior] - NSA Reform Dies In The Senate Message-ID: <2A6D0AD6-B12C-4D56-9561-77BE6577F21B@infowarrior.org> NSA Reform Dies In The Senate Posted 3 seconds ago by Alex Wilhelm (@alex) http://techcrunch.com/2014/11/18/nsa-reform-dies-in-the-senate/?utm_medium=twitter&utm_source=twitterfeed Well shit. A vote to proceed with the USA FREEDOM Act failed in the Senate after it did not collect the 60 votes that it needed. It failed 58 to 42. Before the vote, I noticed a slight change in the tone of people that I had on the phone: There was optimism that it could make it. It didn?t. You can stick a fork in NSA reform for this year, and this Congress. And, as I?ve said recently, given the current tone of GOP leadership in the Senate, it doesn?t appear that we?ll get much done in the next few years. I?m not alone in that pessimism. So up your encryption, everyone, the United States government doesn?t see fit to change. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 18 19:03:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2014 20:03:21 -0500 Subject: [Infowarrior] - In groundbreaking ruling, FAA empowered to enforce regulations against drones Message-ID: <621AC788-5F88-4CB6-98E5-E80675D0F529@infowarrior.org> In groundbreaking ruling, FAA empowered to enforce regulations against drones Published time: November 18, 2014 17:22 AFP Photo / Jean-Pierre Clatot http://rt.com/usa/206639-faa-regulations-drones-safety/ The Federal Aviation Administration does have the authority to apply its standing rules against alleged reckless or careless use of manned aircraft to unmanned aircraft, or drones, as well, the US aviation safety board has ruled. According to AP, the National Transportation Safety Board (NTSB) said Tuesday that current federal regulations defining aircraft as ?any device ? used for flight in the air? applies to "any aircraft, manned or unmanned, large or small." The NTSB voted unanimously in favor of the decision, sending the case - the first in which the Federal Aviation Administration (FAA) fined a drone operator - back to an administrative law judge to rule if the flight in question was ?careless or reckless.? The case involves Raphael Pirker, who was fined $10,000 by the FAA for flying his Ritewing Zephyr drone that he was using to shoot a video on the University of Virginia campus in 2011. Pirker appealed the fine, filing a motion to dismiss the case. The FAA said Pirker had recklessly flown the small, unmanned aircraft "directly towards an individual standing on a ... sidewalk, causing the individual to take immediate evasive maneuvers so as to avoid being struck." An administrative law judge with the NTSB ruled for Pirker in March, saying the FAA had yet to determine rules for drone flights and, thus, could not regulate their use. Judge Patrick Geraghty found that the FAA determined in both 1981 and 2007 that model aircraft was excluded from aircraft regulations. The FAA then appealed to the full NTSB board, leading to Tuesday?s ruling. "It's a huge win for the FAA, and signals it's not going to be the Wild West for drones, but a careful, orderly, safe introduction of unmanned aircraft systems into the national airspace system," said Kenneth Quinn, a former FAA general counsel, according to AP. The case has been watched closely for clues as to how the FAA can enforce regulations for commercial uses of unmanned aircraft. The FAA is currently compiling rules and protocol to integrate unmanned aircraft systems into American skies, yet technical issues and coordination with defense officials will likely mean the September 2015 deadline set by lawmakers will not be met. Nevertheless, the agency has allowed some commercial drones to fly in American skies. In June, the FAA granted the first commercial drone license to oil giant BP. In September, six Hollywood production companies were granted licenses to use drones while filming television shows and movies. Meanwhile, the FAA has largely told users such as photographers and videographers such as Pirker to cease their drone flights or face fines. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 19 17:11:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Nov 2014 18:11:54 -0500 Subject: [Infowarrior] - FISA Judge To Yahoo: If US Citizens Don't Know They're Being Surveilled, There's No Harm Message-ID: <0CD05E4D-2DDE-49EF-9D86-FA444B569BCC@infowarrior.org> FISA Judge To Yahoo: If US Citizens Don't Know They're Being Surveilled, There's No Harm https://www.techdirt.com/articles/20141119/10320429194/fisa-judge-to-yahoo-if-us-citizens-dont-know-theyre-being-surveilled-theres-no-harm.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 20 06:08:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2014 07:08:27 -0500 Subject: [Infowarrior] - AP Exclusive: Some in NSA warned of a backlash Message-ID: <56ED2279-FF2D-4B42-9FF5-BA7DB8AC0E92@infowarrior.org> AP Exclusive: Some in NSA warned of a backlash By KEN DILANIAN AP Intelligence Writer WASHINGTON (AP) -- Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say. The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history. The warnings proved prophetic last year after the calling records program was made public in the first and most significant leak by Edward Snowden, a former NSA systems administrator who cited the government's deception about the program as one of his chief motivations for turning over classified documents to journalists. Many Americans were shocked and dismayed to learn that an intelligence agency collects and stores all their landline calling records. In response, President Barack Obama is now trying to stop the NSA collection but preserve the agency's ability to search the records in the hands of the telephone companies - an arrangement similar to the one the administration quietly rejected in 2009. But his plan, drawing opposition from most Republicans, fell two votes short of advancing in the Senate on Tuesday. A now-retired NSA senior executive, who was a longtime code-breaker who rose to top management, had just learned in 2009 about the top secret program that was created shortly after the Sept. 11, 2001, attacks. He says he argued to then-NSA Director Keith Alexander that storing the calling records of nearly every American fundamentally changed the character of the agency, which is supposed to eavesdrop on foreigners, not Americans. Alexander politely disagreed, the former official told The Associated Press. > - > http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 20 06:24:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2014 07:24:42 -0500 Subject: [Infowarrior] - Regarding Mozilla's Google-Yahoo switch... Message-ID: Reading Mozilla's blog about the switch from GOOG-YHOO for default search, the last bullet point leaves open some interesting questions about the reason for the switch: "We will now focus on expanding our work with motivated partners to explore innovative new search interfaces, content experiences, and privacy enhancements across desktop and mobile." (https://blog.mozilla.org/blog/2014/11/19/promoting-choice-and-innovation-on-the-web/) ... one can interpret that to mean that GOOG was not interested in working with Mozilla anymore or reluctant to make changes to its capability (or practices) that were aligned with Mozilla's plans for the browser? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 20 06:52:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2014 07:52:57 -0500 Subject: [Infowarrior] - =?windows-1252?q?=93No_Fly=94_List_to_Offer_Incre?= =?windows-1252?q?ased_Transparency?= Message-ID: <2F504CD4-4DC0-4924-A82F-FB039D798E3C@infowarrior.org> ?No Fly? List to Offer Increased Transparency Posted on Nov.17, 2014 in Judicial, no fly list by Steven Aftergood http://www.fas.org/blogs/secrecy/2014/11/no-fly-transparency/ The ?no fly? list procedures that are used to prevent individuals who may present a security hazard from flying on commercial aircraft are being revised to make them more transparent and easier to challenge, government attorneys said Friday. They asked a court to suspend a lawsuit disputing the constitutionality of the ?no fly? procedures for two months until the revisions are complete. ?The Government? is currently reviewing and revising the administrative redress procedures for denials of boarding,? Justice Department attorneys said in a November 14 memorandum in support of a motion for a stay of proceedings in the lawsuit Gulet Mohamed v. Eric Holder. ?The Government is revising current redress procedures to increase transparency of the process for certain persons denied boarding on commercial aircraft,? the memorandum said. The government had previously sought dismissal of the entire Gulet Mohamed case on state secrets grounds. That move was rejected by the court. (Secrecy News, October 31.) The revised ?no fly? procedures are expected to be completed and available by January 16, 2015. Revisions to the ?no fly? procedures were initiated in response to another pending lawsuit, Ayman Latif v. Holder, in which the court directed the government to ?fashion new procedures that provide Plaintiffs with the requisite due process?.? In response, attorneys in the Latif case said, ?the Government will endeavor to increase transparency for certain individuals denied boarding who believe they are on the No Fly List and have submitted DHS TRIP [Traveler Redress Inquiry Program] inquiries, consistent with the protection of national security and national security information, as well as transportation security.? (Their remarks were presented in a status report appended to the new motion for a stay). With respect to the Gulet Mohamed case, the government said that ?Plaintiff?s procedural due process claim will be directly impacted?and potentially mooted?by the Government?s revision of its redress procedures, the exact procedures that Plaintiff alleges to be constitutionally inadequate.? ?For an individual who is on the No Fly List, the development of new procedures may affect the universe of information relied upon in support of the placement decision, or even the placement decision itself. In this way, the revised procedures could affect the nature of the legal claims to be resolved. Moreover, once the revised procedures are in place, Plaintiff?s claims may be moot or, at the least, in need of reformulation should he decide to continue litigating the case.? ?In these circumstances, a stay is appropriate because the revised redress procedures may affect the Government?s need to rely on information subject to the assertion of the state secrets privilege or the need to move again for dismissal,? the November 14 memorandum said. Attorneys for plaintiff Gulet Mohamed oppose the government motion for a stay, which will be considered by the court at a November 24 hearing. [Update 11/19/14: The court said it would consider the matter without a hearing.] Related issues were discussed by the Congressional Research Service in ?The No Fly List: Procedural Due Process and Hurdles to Litigation,? September 18, 2014. As of December 2013, there were 47,000 people on the no-fly list, including 800 Americans, the Washington Post reported (?More than 1 million people are listed in U.S. terrorism database? by Adam Goldman, August 5, 2014). --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 20 16:21:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2014 17:21:14 -0500 Subject: [Infowarrior] - Detekt software tool scans for surveillance spyware Message-ID: <9B80A19A-67BD-4CF0-80C1-5D2BE6481F09@infowarrior.org> What is Detekt and how does it work? Detekt is a free tool that scans your computer for traces of known surveillance spyware used by governments to target and monitor human rights defenders and journalists around the world. By alerting them to the fact that they are being spied on, they will have the opportunity to take precautions. It was developed by security researchers and has been used to assist in Citizen Lab's investigations into government use of spyware against human rights defenders, journalists and activists as well as by security trainers to educate on the nature of targeted surveillance. Amnesty International is partnering with Privacy International, Digitale Gesellschaft and the Electronic Frontier Foundation to release Detekt to the public for the first time. < - > http://www.amnesty.org/en/news/detekt-new-tool-against-government-surveillance-questions-and-answers-2014-11-20 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 21 07:27:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Nov 2014 08:27:23 -0500 Subject: [Infowarrior] - Baltimore Prosecutors Withdraw Evidence Rather Than Talk About Police Department's Stingray Usage Message-ID: <7FEBA9BD-9402-4F80-8CAD-5AE3375740E9@infowarrior.org> Baltimore Prosecutors Withdraw Evidence Rather Than Talk About Police Department's Stingray Usage Fri, Nov 21st 2014 4:04am < - > So? great for catching crooks but not all that great at keeping them caught. How embarrassing. That has to suck for Baltimore citizens, who have just discovered their local PD prizes non-disclosure agreements over putting bad guys away. < - > https://www.techdirt.com/articles/20141119/06283429186/baltimore-prosecutors-withdraw-evidence-rather-than-talk-about-police-departments-stingray-usage.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 21 07:29:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Nov 2014 08:29:22 -0500 Subject: [Infowarrior] - The Secret Life of Passwords Message-ID: <0314F90B-990D-44B1-ABD3-43FE696C102B@infowarrior.org> (via multiple sources) The Secret Life of Passwords http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html?smid=tw-share&_r=0 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 21 09:40:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Nov 2014 10:40:04 -0500 Subject: [Infowarrior] - 5 year old becomes Microsoft Certified Professional Message-ID: <39738AE4-D452-41D0-89DA-C682D99284E5@infowarrior.org> 5-Year-Old Becomes Youngest Person Ever Qualified to Install Microsoft Windows http://www.wired.com/2014/11/mcpkid/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 21 13:40:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Nov 2014 14:40:08 -0500 Subject: [Infowarrior] - Feds proposed the secret phone database used by local Virginia cops Message-ID: <1A7C84D7-C229-45EB-9903-CDE40FC6CEA9@infowarrior.org> Feds proposed the secret phone database used by local Virginia cops New docs: Prosecutors offered one-stop shop for seized phone data in Virginia. by Cyrus Farivar - Nov 21 2014, 8:00am EST A Virginia-based law enforcement data sharing ring, which allows signatory police agencies to share and analyze seized "telephone intelligence information," was first proposed by federal prosecutors, according to new documents obtained by Ars. Federal involvement suggests that there could be more such databases in other parts of the country. "It?s unsurprising to see the feds encouraging local law enforcement agencies to create these localized databases," Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation, told Ars. "In fact, there?s a whole division within the Department of Justice that focuses on educating and advancing local law enforcement interests, the National Institute of Justice. And so I would imagine there are others." As Ars reported last month, according to a memorandum of understanding (MOU) first published by the Center for Investigative Reporting, the police departments from Hampton, Newport News, Norfolk, Chesapeake, and Suffolk all participate in something called the "Hampton Roads Telephone Analysis Sharing Network," or HRTASN. The database compiles both content copied from phones and metadata gleaned from phone usage?some obtained under the authority of a warrant, some via a court order, and some via a mere subpoena. Some state legal experts have questioned whether such an umbrella database is legal under Virginia law. Rob Poggenklass, a staff attorney at the American Civil Liberties Union of Virginia, told Ars that he believes the database is in violation of Virginia's Government Data Collection and Dissemination Practices Act. A document that Ars recently obtained under a public records request from the City of Norfolk shows that an analyst from the United States Attorney?s Office in the Eastern District of Virginia was, in fact, the creator of HRTASN. That document, which appears to date from 2011, is called "A Proposal for Creation of the Hampton Roads Telephone Intercept Sharing Network." The 13-page presentation was authored by Paul Swartz, an investigative analyst. His LinkedIn profile indicates that, prior to joining the federal government, Swartz worked for over 20 years at the Newport News Police Department, retiring at the rank of sergeant. Swartz initially did not return Ars? requests for comment, but then referred Ars to Joshua Stueve, a US Attorney's Office spokesman, who also did not respond to requests for comment. < - > http://arstechnica.com/tech-policy/2014/11/feds-proposed-the-secret-phone-database-used-by-local-virginia-cops/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 22 13:29:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Nov 2014 14:29:55 -0500 Subject: [Infowarrior] - Yahoo Mail suffers major outage due to severed underwater cable Message-ID: <536BB56F-E044-4624-A47D-1A63A544E427@infowarrior.org> (C'mon, I thought NSA was better @ this stuff by now!! *g* --rick) Yahoo Mail suffers major outage due to severed underwater cable No word when it will be back up and running By Carly Page Sat Nov 22 2014, 10:31 http://www.theinquirer.net/inquirer/news/2383013/yahoo-mail-suffers-major-outage-due-to-severed-underwater-cable YAHOO MAIL is suffering a major outage after an underwater cable was cut during maintenance work. The severed underwater cable, which Yahoo is blaming on an unnamed third-party, has seen the firm's Mail service downed in the UK and US, leaving many users unable to access their accounts and others suffering from slow page loading times. Yahoo has confirmed the issue on its support pages, but hasn't yet said when the service likely will be back up and running. "We are aware that Yahoo Mail is slow or inaccessible for some of our users. The issues were a result of an underwater fibre cable cut, caused by a third party while fixing a separate cable. "The engineering team has rerouted email traffic to mitigate accessibility issues. A cable repair ship has been mobilised and will be at the site this weekend. "We apologise for the inconvenience as we certainly understand email is a critical service for our customers." The notice added: "Some Yahoo Mail users are experiencing delays in accessing and viewing their mail. We'll be posting updates regularly on this page to keep everyone informed of our progress. Thank you for your patience as we work to fully resolve this." While some users have been moaning about issues with the service for whay appears to be couple of days, reports of problems surged in the UK this morning, with the number of users reportin an issue rising from less than 20 to more than 1,300 in two hours, ITVreports. It seems even more than that have flocked to Twitter to bemoan the issue. One user complains: "If Yahoo was #RBS they'd be fined ?56m for locking us out of our accounts. How am I expected to run my business with #yahoomaildown?" Another adds: "Nobody panic, @yahoomail are confident they will have the problem fixed by Christmas." News of Yahoo's outage comes just days after it inked a deal with Mozilla to become the default search engine for Firefox users in the US, with the firm ditching Google after 10 years. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 23 15:45:15 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Nov 2014 16:45:15 -0500 Subject: [Infowarrior] - UK expands Internet surveillance powers Message-ID: New powers allow police to pinpoint computers used by terrorists and child abusers NEW powers will allow police to pinpoint the location of computers used by terrorists and child abusers. By: Caroline Wheeler and Jon Coates Published: Sun, November 23, 2014 http://www.express.co.uk/news/uk/538940/New-powers-police-pinpoint-computers-used-terrorists-child-abusers The Home Secretary will annouce measures to force ISPs to keep records for a year Home Secretary Theresa May will announce measures, to be included in the Counter-Terrorism and Security Bill, which will force Internet Service Providers (ISPs) to keep details for a year that can be used in criminal inquiries. Until now ISPs have not had to keep logs of which devices use specific Internet Protocol (IP) addresses, the codes that identify computers online. The new law will require ISPs to keep records of the use of IP addresses, making it easier for the police to match the addresses to individuals. The proposed measures would reduce the risk of terrorism by improving the ability of the police and other agencies to identify terror suspects who may be communicating with each other via the internet. It would also help to identify and prosecute organised criminals, cyber bullies and computer hackers. Mrs May said: ?The Bill provides the opportunity to resolve the very real problems that exist around IP resolution and is a step towards bridging the overall communications data capability gap.? However, Mrs May reiterated her support for the so-called Snoopers? Charter that would give law enforcement agencies the power to access and store details of an individual?s online activity to see which websites they have been accessing. ?It is a matter of national security and we must keep on making the case for the Communications Data Bill,? she insisted. The announcement of these new powers comes just weeks after a feud erupted between Deputy Prime Minister Nick Clegg and Mrs May, who accused the Lib Dems of putting children?s lives at risk by opposing the Bill. In a speech to the Conservative Party Conference last month in Birmingham, Mrs May said over a six month period the National Crime Agency estimated it dropped at least 20 cases due to missing communications data. She said 13 were ?threat-tolife cases in which a child was judged to be at risk of imminent harm?. Mrs May said: ?The solution to this crisis of national security was the Communications Data Bill. But two years ago, it was torpedoed by the Liberal Democrats.? In response Mr Clegg, who called the row a ?new low? for the Coalition, said the NCA had been forced to drop some of the cases because IP addresses were not properly matched to individual mobile devices. He called for the loophole to be shut and accused the Home Office of dragging its feet. Last night the Lib Dems welcomed the new powers, as they declared the Snoopers? Charter ?dead and buried?. A party spokesman said: ?This is exactly the kind of thing that we need, rather than proposing an unnecessary, unworkable and disproportionate Snoopers? Charter. ?There is absolutely no chance of that illiberal Bill coming back under the Coalition Government. It?s dead and buried.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 23 15:58:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Nov 2014 16:58:54 -0500 Subject: [Infowarrior] - Exaggeration Nation Message-ID: <661456B8-D4F5-4DF9-93D7-5E454FDC21B4@infowarrior.org> Exaggeration Nation The threat posed by the Islamic State to the United States is being overblown to a dangerous -- and untruthful -- degree. So why are we letting our government officials get away with it? ? BY Micah Zenko ? NOVEMBER 21, 2014 http://www.foreignpolicy.com/articles/2014/11/21/exaggeration_nation_isis_islamic_state_chuck_hagel --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 24 08:16:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Nov 2014 09:16:17 -0500 Subject: [Infowarrior] - NYT: Hagel Said to Be Stepping Down Message-ID: Hagel Said to Be Stepping Down as Defense Chief Under Pressure By HELENE COOPERNOV. 24, 2014 WASHINGTON ? Defense Secretary Chuck Hagel is stepping down under pressure, the first cabinet-level casualty of the collapse of President Obama?s Democratic majority in the Senate and a beleaguered national security team that has struggled to stay ahead of an onslaught of global crises. The president, who is expected to announce Mr. Hagel?s resignation in a Rose Garden appearance on Monday, made the decision to ask his defense secretary ? the sole Republican on his national security team ? to step down last Friday after a series of meetings over the past two weeks, senior administration officials said. The officials described Mr. Obama?s decision to remove Mr. Hagel, 68, as a recognition that the threat from the Islamic State would require a different kind of skills than those that Mr. Hagel was brought on to employ. A Republican with military experience who was skeptical about the Iraq war, Mr. Hagel came in to manage the Afghanistan combat withdrawal and the shrinking Pentagon budget in the era of budget sequestration. But now ?the next couple of years will demand a different kind of focus,? one administration official said, speaking on the condition of anonymity. He insisted that Mr. Hagel was not fired, saying that he initiated discussions about his future two weeks ago with the president, and that the two men mutually agreed that it was time for him to leave. But Mr. Hagel?s aides had maintained in recent weeks that he expected to serve the full four years as defense secretary. His removal appears to be an effort by the White House to show that it is sensitive to critics who have pointed to stumbles in the government?s early response to several national security issues, including the Ebola crisis and the threat posed by the Islamic State. Even before the announcement of Mr. Hagel?s removal, Obama officials were speculating on his possible replacement. At the top of the list are Michele Flournoy, the former under secretary of defense; Senator Jack Reed, Democrat of Rhode Island and a former officer with the Army?s 82nd Airborne; and Ashton Carter, a former deputy secretary of defense. < - > http://www.nytimes.com/2014/11/25/us/hagel-said-to-be-stepping-down-as-defense-chief-under-pressure.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 24 08:21:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Nov 2014 09:21:27 -0500 Subject: [Infowarrior] - Employee Fired After Posting Pictures Of DHS Vehicles Parked In Hotel Parking Lot Message-ID: <4111633A-4844-4125-80D3-CCD7DB44F2A2@infowarrior.org> Employee Fired After Posting Pictures Of DHS Vehicles Parked In Hotel Parking Lot https://www.techdirt.com/articles/20141119/06345729188/employee-fired-after-posting-pictures-dhs-vehicles-parked-hotel-parking-lot.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 25 05:41:03 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Nov 2014 06:41:03 -0500 Subject: [Infowarrior] - FCC orders T-Mobile to stop misleading throttled customers about speeds Message-ID: FCC orders T-Mobile to stop misleading throttled customers about speeds by Steve Dent | @stevetdent | 2 hrs ago http://www.engadget.com/2014/11/25/fcc-t-mobile-misleading-speed-tests/?ncid=rss_truncated Up to now, T-Mobile has been generously unblocking Ookla and other mobile test sites so you could see exactly how much speed you weren't getting when it throttled you. But the FCC has called a halt to that piece of duplicity, forcing the carrier to show true speeds to consumers. John Legere's outfit will now send you an SMS linking to speed tests that correctly calculate data rates when you hit your cap. It'll also be forced to provide a smartphone app or button linking to accurate tests, and clarify that others may provide full network rather than throttled speeds. T-Mobile started unblocking the sites back in July, justifying it by saying they were "designed to measure true network speed -- not show that a customer (has been throttled)." The FCC luckily recognized that for the nonsense that it is, though it didn't exactly use strong language to condemn it. (In a namby-pamby statement, FCC chair Tom Wheeler said "I'm grateful T-Mobile has worked with the FCC to ensure that its customers are better informed about the speeds they are experiencing.") T-Mobile recently added music streaming options that don't count against your data cap -- but including Ookla's speed test in that list of freebies doesn't exactly jibe with its straight-shooting image. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 26 09:48:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Nov 2014 10:48:08 -0500 Subject: [Infowarrior] - FBI Agents Pose as Repairmen to Bypass Warrant Process Message-ID: <4E2E28DF-CC18-46C2-AB35-C98F58AC36BE@infowarrior.org> FBI Agents Pose as Repairmen to Bypass Warrant Process https://www.schneier.com/blog/archives/2014/11/fbi_agents_pose.html This is a creepy story. The FBI wanted access to a hotel guest's room without a warrant. So agents broke his Internet connection, and then posed as Internet technicians to gain access to his hotel room without a warrant. < - > Basically, the agents snooped around the hotel room, and gathered evidence that they submitted to a magistrate to get a warrant. Of course, they never told the judge that they had engineered the whole outage and planted the fake technicians. More coverage of the case here. This feels like an important case to me. We constantly allow repair technicians into our homes to fix this or that technological thingy. If we can't be sure they are not government agents in disguise, then we've lost quite a lot of our freedom and liberty. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.