From rforno at infowarrior.org Wed Oct 1 21:16:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Oct 2014 22:16:40 -0400 Subject: [Infowarrior] - NSA claims of Snowden leaks aiding terrorists found unwarranted Message-ID: Well, duh! ?rick NSA claims of Snowden leaks aiding terrorists found unwarranted By Bill Lindner http://www.digitaljournal.com/technology/nsa-claims-of-snowden-leaks-aiding-terrorists-found-unwarranted/article/406259 An independent investigation on the effects of whistle blower Edward Snowden's leaks of NSA documents reveals that the claims -- often referred to as overblown by some critics --that Al Qaida and ISIS benefitted from those revelations are not true. A new independent investigation by Flashpoint Global Partners (FGP) reveals that despite the claims by the National Security Agency (NSA), documents leaked by whistle blower Edward Snowden did not damage America's National Security by alerting Al Qaida they were being spied on. There have been no real consequences and Al Qaida has not changed the way they communicate because of the leaks. Al Qaida changed the way they communicate long before the revelations by Snowden. Despite the independent findings, Director of National Intelligence James Clapper -- who came under fire for admittedly lying to the U.S. Congress -- is now claiming that Snowden's leaks also aided in the rise of the Islamic State of Iraq and Syria (ISIS) and assisted Russia's alleged occupation of Crimea. Contrary to Clapper's insinuations that Snowden aided Al Qaida and Washington's claims that Snowden damaged National Security there is little evidence supporting those claims as being factual. FGP's investigation suggests that none of those things are true and that Al Qaida has been well aware of encryption and how to use it because they knew they were already being spied on. Long before Snowden began leaking the information Al Qaida and other terrorist groups were already encrypting their communications. In fact, Al Qaida was using encryption long before 9/11. Snowden's leaks only confirmed what Al Qaida knew all along -- that their communications were targeted by the NSA. Snowden's leaks started going public June 05, 2013. FGP's analysis of the leaks challenge all the assertions made by the U.S. government, noting that there is no correlation between Snowden's leaks and the impact on the revelations about the NSA's spying. Other Islamic groups, including ISIS, have simply extended their existing encryption schemes to new devices and technologies including cell phones, chat software and texting. Regardless of the FGP's findings, corporations associated with the U.S. government are still attempting to frame Snowden as a traitor. The investigation by FGP focused on the significance of several online communications encryption tools released by Jihadi-affiliated groups once the leaks started by Snowden. FGP used proprietary software they developed to mine the dark web for open source information posted in top Jihadi social networking platforms looking for evidence that Snowden's revelations had a measurable impact on the logistical subterfuge technologies of terrorist organizations and found very little information indicating Snowden's leaks caused Al Qaida to develop more secure digital communications and/or encryption. According to the FGP?s analysts Juhadists didn?t care about Snowden?s revelations. They were more interested in discussing newly released encryption software that was tailored to their cause. The report from FGP goes on to list various secure communications packages Jihadists used, noting that a definitive answer to the relevance of Snowden?s leaks is only possible with access to ?classified information or other credible sources that reveal the inner workings of terrorist organizations.? Results of the study were also limited due to the lack of access to those responsible for providing Jihadi encryption software. Read more: http://www.digitaljournal.com/technology/nsa-claims-of-snowden-leaks-aiding-terrorists-found-unwarranted/article/406259#ixzz3EwxOLlNb --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 2 08:39:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Oct 2014 09:39:49 -0400 Subject: [Infowarrior] - Retired NSA Technical Director Explains Snowden Docs Message-ID: <06BA3EB0-E5A2-4B2A-A059-9B1315991911@infowarrior.org> Retired NSA Technical Director Explains Snowden Docs http://www.alexaobrien.com/secondsight/wb/binney.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 2 13:26:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Oct 2014 14:26:07 -0400 Subject: [Infowarrior] - Bamford: The NSA and Me Message-ID: <8CE4DE54-1C54-4BA0-8EA3-FC4C4E796850@infowarrior.org> The NSA and Me https://firstlook.org/theintercept/2014/10/02/the-nsa-and-me/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 3 06:47:08 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Oct 2014 07:47:08 -0400 Subject: [Infowarrior] - The Skills We've Lost to Technology (and How to Get Them Back) Message-ID: <1A313387-008D-4DB6-9560-E0E91AF171B1@infowarrior.org> (the comments are good reads, too) The Skills We've Lost to Technology (and How to Get Them Back) http://lifehacker.com/the-skills-weve-lost-to-technology-and-how-to-get-them-1641465499 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 3 13:55:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Oct 2014 14:55:36 -0400 Subject: [Infowarrior] - TRUE! Why no one wants to host the 2022 Olympics Message-ID: <35BA8C1A-A4D6-4531-92F4-099191A2DBA8@infowarrior.org> Why no one wants to host the 2022 Olympics By Dan Wetzel October 1, 2014 6:54 PM Yahoo Sports https://sports.yahoo.com/news/why-no-one-wants-to-host-the-2022-olympics-225450509.html The surest sign that the bid process for hosting the Olympics is broken is actually not the trail of bribe money or crony-rich government contracts at the feet of International Olympic Committee members. Sure, bribery might ? might, maybe, allegedly, perhaps ? be how a now abandoned Olympic Village got built in some muddy, bulldozed acreage south of Sochi, Russia, rather than in Salzburg, Austria, home to Mozart, the Sound of Music and postcard pictures. That's the cause, though, not the effect. The effect is the bidding for the 2022 Winter Games, which is now down to just two cities. The final vote comes next summer. There's Beijing, China, which doesn't actually sit within 120 miles of a usable ski mountain, and there's Almaty, Kazakhstan, which in its bid touted itself as "the world's largest landlocked nation." It's down to these two cities not because the IOC narrowed the field, but because every other city in the entire world said no. Seriously, every other city said no. That even includes cities that previously said yes and made it deep into the bidding process only to stare directly into the corrupt, humiliating voting system, not to mention eventual unnecessary construction costs, environmental effects, blown resources and white elephants built to opulent IOC code. They promptly high-tailed it the other way. Russia said it spent $51 billion hosting the 2014 Winter Olympics. What, no one else is interested in footing that bill? Certainly not Oslo, Norway, not even at the bargain rate of an estimated $5.4 billion in a nation of just five million people. It once wanted desperately to host the 2022 Winter Olympics and its bid was so perfect that it was considered the favorite to win. Then the country held a vote earlier this year and 55.9 percent of Norwegians opposed. Wednesday the Norwegian government effectively pulled the bid. Norwegians are known for the ability to cross country ski really fast and being so friendly they beg visitors to come experience their picturesque nation. Since this involved the IOC however, they decided against having visitors come experience their picturesque nation to watch them cross country ski really fast. They aren't alone. Previous finalist Krakow, Poland, saw 70 percent voter opposition and pulled its application. A majority felt the same way in Germany and Switzerland, killing bids in Munich and St. Moritz respectively. In Sweden the majority party rejected funding the proposed games in Stockholm. And that doesn't count all the places that didn't even bother to try, including the United States, which isn't sure when it will bid again after Chicago somehow, someway came in fourth in an effort to host the 2016 Summer Games. Rio de Janeiro won and still has practically nothing built, and IOC executives keep complaining nothing will be ready on time. Gee, what a shocker. Essentially the only places interested in hosting the 2022 games are countries where actual citizens aren't allowed a real say in things ? communist China and Kazakhstan, a presidential republic that coincidentally has only had one president since it split from the old USSR in 1989. Essentially the entire world has told the IOC it's a corrupt joke. "The vote is not a signal against the sport, but against the non-transparency and the greed for profit of the IOC," Ludwig Hartmann, a German politician said when his country said no. "I think all possible Olympic bids in Germany are now out of question. The IOC has to change first. It's not the venues that have to adapt to the IOC, but the other way around." Don't hold your breath on that. It's worth noting there is nothing wrong with finding new places to host the games. The world changes. New nations gain power and money. Not everything has to be in Western Europe. Rising countries will do anything for the exposure. China, for instance, is promising the construction of a super high-speed train to those far off mountains, even though Beijing is littered with abandoned venues from its 2008 Summer Games. Price doesn't matter. And Almaty actually has a decent, viable and potentially winning bid. It looks like a good place for the Games, at least once you get past the Borat jokes ? "Other Central Asian countries have inferior potassium." Still, these are now the only choices. If you think this is a crisis for the IOC, you don't know the IOC. Oh, sure, president Thomas Bach said reform is needed for the bid process but this is a guy who spent his time in Sochi clinking champagne glasses with Vladimir Putin in an effort to help soften Vlad's global image. It worked for a week or so and Putin sent troops into the Ukraine. (How's that working out for you, Thomas?) The IOC has billions of dollars laying around and billions more coming because to most people the Olympics is just a television show and the ratings are so high that the broadcast rights will never go down. The IOC doesn't pay the athletes. It doesn't share revenue with host countries. It doesn't pay for countries to send their athletes. It doesn't lay out any construction or capital costs. It doesn't pay taxes. It basically holds caviar rich meetings in five star hotels in the Alps before calling it a day. That and conduct weak investigations into corruption charges of the bidding process, of course. "No evidence uncovered" is on a win streak. It's a heck of a racket. Only FIFA does it better. The world has caught on, though, which is why the mere mention of the IOC is toxic to all but the most desperate and totalitarian of governments. The USOC is a non-governmental body, so unlike just about every other nation, it receives no direct public financing. It would love to host another Olympics, but the bid process is so unpredictable that wasting money and political capital on trying is risky. And then there would certainly be a public cost in the construction and hosting. You want a good host for the 2022 Winter Olympics? Salt Lake City, which held it in 2002 and has all the venues and infrastructure already in place. There'd be some updating at minimal cost and, bang, a great location. The IOC is too snooty for that, however. They don't like returning to the same city so soon so they'd prefer either Aspen, Colo., (complete with bullet train from Denver which has no practical use post Olympics) or Reno/Lake Tahoe. That would require billions building all the same stuff Salt Lake City already has in place. Anyone want to put that up for a vote? Then there is all the kissing up and glad-handing and who knows what else? Forget just the alleged direct payouts. How petty and ridiculous are these sporting aristocrats? Their actual listed demands are ridiculous, including their own airport entrance, traffic lane and prioritized stoplights. And just providing a five-star hotel suite isn't enough. "IOC members will be received with a smile on arrival at hotel," the IOC demands. Instead the world is giving them the middle finger. So China or Kazakhstan it is, the last two suckers on earth willing to step up to this carnival barker. One lucky nation will win. The other will host the 2022 Winter Olympics. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 3 17:57:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Oct 2014 18:57:14 -0400 Subject: [Infowarrior] - J.P. Morgan won't notify customers affected by breach Message-ID: <7A647B3B-DEFB-41CC-B288-17E431A6F0C5@infowarrior.org> J.P. Morgan won't notify customers affected by breach By Priya Anand Published: Oct 3, 2014 6:28 p.m. ET http://www.marketwatch.com/story/jp-morgan-wont-notify-customers-affected-by-breach-2014-10-03 J.P. Morgan Chase JPM, +2.48% won't notify those customers who have been affected by its summer security breach -- estimated to be two-thirds of U.S. households -- that their personal information was exposed, a spokesperson for the bank told MarketWatch. When asked why, the spokesperson said, "That's just what we're doing." The nation's largest bank said yesterday in a government filing that the breach affected 76 million U.S. households and 7 million small businesses, compromising names, addresses, phone numbers, email addresses and "internal JPMorgan Chase information relating to such users." The bank has posted a notice on its website and mobile app advising customers of an "important update about cyber security.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 4 12:33:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Oct 2014 13:33:34 -0400 Subject: [Infowarrior] - Americans Are Getting Apathetic About Huge Data Breaches Message-ID: I fear this may indeed be the case. Iraq Fatigue, Recall Fatigue, Breach Fatigue??? --rick Americans Are Getting Apathetic About Huge Data Breaches By Alison Griswold http://www.slate.com/blogs/future_tense/2014/10/03/jpmorgan_data_breach_whose_at_risk_in_the_huge_cyberattack.html The latest entry in America's catalog of staggeringly large data breaches is not a retailer but a bank. JPMorgan Chase says that the names and contact information of about 76 million households have been compromised following a two-month cyberattack this summer. To put that into context, the Wall Street Journal reports that the extent of the breach is "equivalent to two-thirds of American households" and also includes 7 million of JPMorgan's small-business customers. Lest JPMorgan Chase account holders begin to panic, the bank is assuring customers that hackers were not able to gain access to account numbers, user IDs, passwords, Social Security numbers, or even dates of birth. JPMorgan says its customers' money is safe and that it has not seen any "unusual fraud activity" since the attack. Customers are not being advised to change their passwords, and should any unauthorized transactions materialize, they won't be held liable. These massive attacks have become unsettlingly common. Just last month a hack was disclosed at Home Depot that at last count had compromised the credit cards of 56 million customers. That of course followed last year's huge attack on Target, which affected the credit and debit cards of 40 million people and the personal information of 70 million. Jason Oxman, chief executive at the Electronic Transactions Association, says that in 2013 fraudulent credit charges totaled $5.5 billion in the United States. "It's absolutely the case that financial institutions are looking for this kind of thing all the time," Oxman says. But whereas Target's breach had long-term negative effects on its reputation, much less has been made of the Home Depot lapse. As for JPMorgan? It's stock was trading up 2.4 percent on Friday afternoon. Much as we've become desensitized to hearing about auto recalls, Americans seem to also have begun tuning out news on data hacks. "Sadly, I think we're getting immune to it," says Rush Taggart, chief security officer at CardConnect. With the hacks growing bigger, more frequent, and more sophisticated, the country might want to reconsider its mindset. Future Tense is a partnership of Slate, New America, and Arizona State University. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 6 07:18:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Oct 2014 08:18:20 -0400 Subject: [Infowarrior] - iPhone Encryption and the Return of the Crypto Wars Message-ID: (I agree 110% with Bruce on this. --rick) iPhone Encryption and the Return of the Crypto Wars https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it. From now on, all the phone's data is protected. It can no longer be accessed by criminals, governments, or rogue employees. Access to it can no longer be demanded by totalitarian governments. A user's iPhone data is now more secure. To hear U.S. law enforcement respond, you'd think Apple's move heralded an unstoppable crime wave. See, the FBI had been using that vulnerability to get into peoples' iPhones. In the words of cyberlaw professor Orin Kerr, "How is the public interest served by a policy that only thwarts lawful search warrants?" Ah, but that's the thing: You can't build a "back door" that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You're either vulnerable to eavesdropping by any of them, or you're secure from eavesdropping from all of them. Back-door access built for the good guys is routinely used by the bad guys. In 2005, some unknown group surreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The same thing happened in Italy in 2006. In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with U.S. government surveillance requests. Back doors in our cell phone system are currently being exploited by the FBI and unknown others. This doesn't stop the FBI and Justice Department from pumping up the fear. Attorney General Eric Holder threatened us with kidnappers and sexual predators. The former head of the FBI's criminal investigative division went even further, conjuring up kidnappers who are also sexual predators. And, of course, terrorists. FBI Director James Comey claimed that Apple's move allows people to "place themselves beyond the law" and also invoked that now overworked "child kidnapper." John J. Escalante, chief of detectives for the Chicago police department now holds the title of most hysterical: "Apple will become the phone of choice for the pedophile." It's all bluster. Of the 3,576 major offenses for which warrants were granted for communications interception in 2013, exactly one involved kidnapping. And, more importantly, there's no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012?and the investigations proceeded in some other way. This is why the FBI's scare stories tend to wither after public scrutiny. A former FBI assistant director wrote about a kidnapped man who would never have been found without the ability of the FBI to decrypt an iPhone, only to retract the point hours later because it wasn't true. We've seen this game before. During the crypto wars of the 1990s, FBI Director Louis Freeh and others would repeatedly use the example of mobster John Gotti to illustrate why the ability to tap telephones was so vital. But the Gotti evidence was collected using a room bug, not a telephone tap. And those same scary criminal tropes were trotted out then, too. Back then we called them the Four Horsemen of the Infocalypse : pedophiles, kidnappers, drug dealers, and terrorists. Nothing has changed. Strong encryption has been around for years. Both Apple's FileVault and Microsoft's BitLocker encrypt the data on computer hard drives. PGP encrypts email. Off-the-Record encrypts chat sessions. HTTPS Everywhere encrypts your browsing. Android phones already come with encryption built-in. There are literally thousands of encryption products without back doors for sale, and some have been around for decades. Even if the U.S. bans the stuff, foreign companies will corner the market because many of us have legitimate needs for security. Law enforcement has been complaining about "going dark" for decades now. In the 1990s, they convinced Congress to pass a law requiring phone companies to ensure that phone calls would remain tappable even as they became digital. They tried and failed to ban strong encryption and mandate back doors for their use. The FBI tried and failed again to ban strong encryption in 2010. Now, in the post-Snowden era, they're about to try again. We need to fight this. Strong encryption protects us from a panoply of threats. It protects us from hackers and criminals. It protects our businesses from competitors and foreign spies. It protects people in totalitarian governments from arrest and detention. This isn't just me talking: The FBI also recommends you encrypt your data for security. As for law enforcement? The recent decades have given them an unprecedented ability to put us under surveillance and access our data. Our cell phones provide them with a detailed history of our movements. Our call records, email history, buddy lists, and Facebook pages tell them who we associate with. The hundreds of companies that track us on the Internet tell them what we're thinking about. Ubiquitous cameras capture our faces everywhere. And most of us back up our iPhone data on iCloud, which the FBI can still get a warrant for. It truly is the golden age of surveillance. After considering the issue, Orin Kerr rethought his position, looking at this in terms of a technological-legal trade-off. I think he's right. Given everything that has made it easier for governments and others to intrude on our private lives, we need both technological security and legal restrictions to restore the traditional balance between government access and our security/privacy. More companies should follow Apple's lead and make encryption the easy-to-use default. And let's wait for some actual evidence of harm before we acquiesce to police demands for reduced security. This essay previously appeared on CNN.com EDITED TO ADD (10/6): Two more essays worth reading. As is this on all the other ways Apple and the government have to get at your iPhone data. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 7 07:57:59 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Oct 2014 08:57:59 -0400 Subject: [Infowarrior] - =?windows-1252?q?How_Australia_just_became_a_=91n?= =?windows-1252?q?ational_security_state=92?= Message-ID: How Australia just became a ?national security state? By Terrence McCoy October 7 at 5:58 AM http://www.washingtonpost.com/news/morning-mix/wp/2014/10/07/how-australia-just-became-a-national-security-state/?tid=hp_mm Australian Prime Minister Tony Abbott had some ?regrettable? news. It was late last month, Australia had just thwarted an Islamic State plot to behead random Australians, and the prime minister?s tone was somber. ?Regrettably, for some time to come, Australians will have to endure more security than we?re used to, and more inconvenience than we would like,? he told the country?s parliament. ?Regrettably for some time to come, the delicate balance between freedom and security may have to shift.? Consider the balanced shifted. Since those remarks, Australia has endowed its nation?s intelligence agencies with their most significant expansion of powers in 35 years, legalized the surveillance of the entire Australian Internet with one warrant, threatened whistleblowers and journalists with 10-year prison terms if they publicize classified information, and is mulling a new law that makes it easier to detain Australians without charge and subject them to ?coercive questioning.? Taken together, these are sweeping changes in a nation generally considered one of the most liberal in the world ? and mark a profound consequence of the emergence of the Islamic State, which has lured scores of Australians to its cause and threatened the country several times in recent weeks. ?It was about these violent random acts,? the Australian quoted the federal police chief saying following one threat. ?It?s that random nature that had to prompt us to do something today. We could no longer be comfortable that we could protect the community.? Times of panic have long driven countries to mortgage civil liberties for a broader sense of security. The United States passed the Espionage Act shortly after entering World War I, then interned more than 100,000 Japanese Americans during World War II, then passed the Patriot Act following the Sept. 11, 2001, attacks ? and is now mired in a national debate on the National Security Agency?s sprawling surveillance. Even by those standards, however, critics warn Australia is heading into unsure territory. While the United States engaged in a sweeping surveillance program to thwart terrorists and imprisoned detainees without charge, the Constitution enabled challenges to the system, many of which have gone to the U.S. Supreme Court. But ?Australia does not have a written Bill of Rights in its Constitution, making its freedom-abridging laws even harder to challenge in court,? the Electronic Frontier Foundation, a nonprofit civil-liberties advocate, said in a statement. It called the just-passed measures a ?week in history when it became easier for the Australian government to surveil and manipulate the Internet at will.? The nuts and bolts of the recently-passed bill: It allows authorities to access data from computers with a warrant, but expands the definition of ?computer? to include ?one or more computer networks.? This, analysts warned, means that Australian law enforcement agencies can now monitor the entire Internet with one warrant ? because the Internet is really just one big computer network. ?The drafting of this is so vague that it really could be extended,? Jon Lawrence of Electronic Frontiers Australia, a nonprofit digital-rights advocate, told the Sydney Morning Herald. ?A network can essentially be anything from three computers on a Wi-Fi modem to potentially an entire corporate network or an entire Internet service provider network or at the extreme end, the whole Internet.? Then it granted criminal and civil immunity to law enforcement agents who may break the law in the course of the work as long as those prospective crimes don?t cause death, serious injury, sexual harm or significant property damage. The bill also made it an offense, punishable by 10 years in prison, for anyone ? whistleblower, journalist or otherwise ? to ?disclose information? relating ?to a special intelligence operation.? Australia?s press corps just about went apoplectic over that one. Calling it an ?unprecedented clause,? an alliance of Australian media companies released a joint statement, denouncing it. ?The insertion of [the] proposed section ? could potentially see journalists jailed for undertaking and discharging their legitimate role in a modern democratic society ? reporting in the public interest,? the statement said. ?Such an approach is untenable.? And now, Australian authorities will consider a proposed national security law that will significantly increase authorities? powers to detain people without charge. According to the Guardian, the law would hasten a complicated process so that ?people can essentially be held without contact with the outside world, may lose the right to silence and may be subject to coercive questioning.? Australian security agencies cheered the new strident law in a letter to Parliament: ?There are realistic and credible circumstances in which it may be necessary to conduct coercive questioning of a person for the purpose of gathering intelligence about a terrorism offense.? Not everyone is so enthused ? with that law, or the others. Given the rise of the Islamic State, some critics, even while bemoaning the passage of the draconian measures, have expressed resignation. ?When will it all end?? a Sydney Morning Herald opinion column asked. ?Will these national securities laws ever be repealed? Probably never. The ?war on terrorism? appears endless. ? The national security state is empowered, cashed-up and here to stay.? Terrence McCoy is a foreign affairs writer at the Washington Post. He served in the U.S. Peace Corps in Cambodia and studied international politics at Columbia University. Follow him on Twitter here. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 7 07:59:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Oct 2014 08:59:10 -0400 Subject: [Infowarrior] - Adobe is Spying on Users, Collecting Data on Their eBook Libraries Message-ID: <4AAF4A13-AE61-4787-87D4-8F6E682AC9B7@infowarrior.org> Adobe is Spying on Users, Collecting Data on Their eBook Libraries 6 October, 2014 http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/?utm_source=feedburner A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe?s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe?s Epub app, seemed to be sending an awful lot of data to Adobe?s servers. My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.) And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes. Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe?s server in clear text. I am not joking; Adobe is not only logging what users are doing, they?re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything, But wait, there?s more. Adobe isn?t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe?s servers. In. Plain. Text. And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk. And just to show that I am neither exaggerating nor on drugs, here is proof. ? ADE-4-datacollector ? data from adobe The first file proves that Adobe is tracking users in the app, while the second one shows that Adobe is indexing my ebook collection. The above two files were generated using data collected by an app called Wireshark. This nifty little app can be used to log all of the information that is sent or received by your computer over a network. Muussler and I both saw that data was being sent to 192.150.16.235, one of Adobe?s IP addresses. Wireshark logged all of the data sent to Adobe, and on request spat out the text files. This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects. On a technical level, this kind of mistake is not new. Numerous apps have been caught sending data in clear text, and others have been caught scraping data without permission (email address books, for example). What?s more, LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user?s private files to LG?s servers ? and like Adobe, that data was sent in clear text. I am sharing these details not to excuse or justify Adobe, but to show you that this was a massively boneheaded stupid mistake that Adobe would have seen coming had they had the brains of a goldfish. As for the legal aspects, I am still unsure of just how many privacy laws have been violated. Most states have privacy laws about library books, so if this app was installed in a library or used with a library ebook then those laws may have been violated. What?s more, Adobe may have also violated the data protection sections of FERPA, the Family Educational Rights and Privacy Act, and similar laws passed by states like California. (I?m going to have to let a lawyer answer that.) And then there are the European privacy laws, some of which make US laws look lax. Speaking of Europe, the Frankfurt Book Fair is coming up later this week. Adobe will be exhibiting at the trade show, and something tells me they will not be having a nice trip. (I for one hope that the senior management is detained for questioning.) In any case, I would highly recommend that users avoid running Adobe?s apps for the near future ? ever again, for that matter. Luckily for us there are alternatives. Rather than use Adobe DE 4, I would suggest using an app provided by Amazon, Google, Apple, or Kobo. Amazon uses the Kindle format, and each of the last three ebook platforms uses their own unique DRM and Epub (-ish) file format inside their apps. (While Google and Kobo will let you download an ebook which can be read in Adobe DE, that DRM is not used internally by either Kobo or Google.) None of those 4 platforms are susceptible to Adobe?s security hole. Of course, I can?t say for sure whether those platforms are more secure and private than Adobe?s, but I?m sure they will be made more secure in the next few weeks. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 8 06:17:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Oct 2014 07:17:47 -0400 Subject: [Infowarrior] - ISIS' "rules" for 'journalists' Message-ID: <75D445B8-92A3-4DC1-B359-256599BAD786@infowarrior.org> Al Jazeera is on the ISIS Blacklist By Brian Flood on October 7, 2014 6:51 PM http://www.mediabistro.com/tvnewser/al-jazeera-is-on-the-isis-blacklist_b241419 ISIS has issued new rules for journalists working in areas under their control, according to the site Syria Deeply. The 11 rules were established directly by ISIS for any journalists ?who wish to continue working in the governorate.? All of the rules are said to be non-negotiable. No. 4 stands out, as Al Jazeera is considered on the ?blacklist.? The rules issued by ISIS are as follows: 1. Correspondents must swear allegiance to the Caliph [Abu Bakr] al-Baghdadi ? they are subjects of the Islamic State and, as subjects, they are obliged to swear loyalty to their imam. 2. Their work will be under the exclusive supervision of the [ISIS] media offices. 3. Journalists can work directly with international news agencies (such as Reuters, AFP and AP), but they are to avoid all international and local satellite TV channels. They are forbidden to provide any exclusive material or have any contact (sound or image) with them in any capacity. 4. Journalists are forbidden to work in any way with the TV channels placed on the blacklist of channels that fight against Islamic countries (such as Al-Arabiya, Al Jazeera and Orient). Violators will be held accountable. 5. Journalists are allowed to cover events in the governorate with either written or still images without having to refer back to the [ISIS] media office. All published pieces and photos must carry the journalist?s and photographer?s names. 6. Journalists are not allowed to publish any reportage (print or broadcast) without referring to the [ISIS] media office first. 7. Journalists may have their own social media accounts and blogs to disseminate news and pictures. However, the ISIS media office must have the addresses and name handles of these accounts and pages. 8. Journalists must abide by the regulations when taking photos within [ISIS territory] and avoid filming locations or security events where taking pictures is prohibited. 9. ISIS media offices will follow up on the work of local journalists within [ISIS territory] and in the state media. Any violation of the rules in place will lead to suspending the journalist from his work, and he will be held accountable. 10. The rules are not final and are subject to change at any time depending on the circumstances and the degree of cooperation between journalists and their commitment to their brothers in the ISIS media offices. 11. Journalists are given a license to practice their work after submitting a license request at the [ISIS] media office. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 8 06:18:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Oct 2014 07:18:49 -0400 Subject: [Infowarrior] - Twitter sues USG over gag rules Message-ID: Twitter sues US government over user data request gag rules Social network says current government restrictions on transparency are preventing tech companies from being fully honest with the public. ? by Seth Rosenblatt ? October 7, 2014 6:07 PM PDT http://www.cnet.com/news/twitter-sues-us-government-over-user-data-request-gag-rules/ Twitter is suing the US government in federal court to loosen restrictions that prevent full disclosure of government demands for Twitter user data. The suit, filed by the San Francisco-based social networking company in the US District Court of Northern California, says that US government prohibitions on sharing the nature of some of its demands for Twitter user data violate the First Amendment's free speech clause (PDF). Twitter legal counsel Ben Lee said in a blog post that the firm believes that current government restrictions on transparency are preventing tech companies from being fully honest with the public. "It's our belief that we are entitled under the First Amendment to respond to our users' concerns and to the statements of US government officials by providing information about the scope of US government surveillance -- including what types of legal process have not been received," Lee said. "We should be free to do this in a meaningful way, rather than in broad, inexact ranges." Lee said that currently government restrictions "prohibit and even criminalize" the company from discussing the mere number of Foreign Intelligence Surveillance Act and National Security Letter court orders its received -- "even if that number is zero." FISA and NSL court orders for user data play a key role in the government's surveillance apparatus, as revealed in documents leaked by former NSA contractor Edward Snowden. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 9 15:08:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Oct 2014 16:08:17 -0400 Subject: [Infowarrior] - Devices being remotely wiped in police custody Message-ID: <181B9372-BD37-4FDB-84D2-29733C487B50@infowarrior.org> (c/o DG) 9 October 2014 Last updated at 08:30 ET Devices being remotely wiped in police custody By Jane Wakefield Technology reporter http://www.bbc.com/news/technology-29464889 All the data on some of the tablets and phones seized as evidence is being wiped out, remotely, while they are in police custody, the BBC has learned. Cambridgeshire, Derbyshire, Nottingham and Durham police all told BBC News handsets had been remotely "wiped". And Dorset police said this had happened to six of the seized devices it had in custody, within one year. The technology used was designed to allow owners to remove sensitive data from their phones if they are stolen. "If a device has a signal, in theory it is possible to wipe it remotely," said Ken Munro, a digital forensics expert with Pen Test Partners. Romance fraud A spokeswoman for Dorset police told the BBC: "There were six incidents, but we don't know how people wiped them. "We have cases where phones get seized, and they are not necessarily taken from an arrested person - but we don't know the details of these cases as there is not a reason to keep records of this," she added. A spokeswoman for Derbyshire police confirmed that the force had had one incident of a device being remotely wiped while in police custody. "We can't share many details about it, but the case concerned romance fraud, and a phone involved with the investigation was remotely wiped," she said. "It did not impact upon the investigation, and we went on to secure a conviction," she added. Meanwhile Cleveland police told the BBC that it too had had a case of a phone that had been wiped but it was not clear "whether it was wiped prior to coming into police hands". Asked whether the police felt that the issue had damaged their investigation, the spokeswoman said: "We don't know because we don't know what was on the phone." Other police forces affected by the issue include: ? Cambridgeshire - one incident between August 2013 and August 2014 ? Durham - one incident during the same period ? Nottingham - one incident Microwave help Mr Munro, who analyses hundreds of laptops, tablets, phones and other devices for corporate clients, said: "When we seize a device for digital forensics, we put it immediately into a radio-frequency shielded bag, which prevents any signals from getting through. "If we can't get to the scene within an hour, we tell the client to pop it in a microwave oven. "The microwave is reasonably effective as a shield against mobile or tablet signals - just don't turn it on." SecureDrives, which develops hard drives for the military, is releasing one next year that can be physically destroyed just by sending a text message. The hard drive -which will cost more than ?1,000 - is also immune to the radio-frequency blocking bags. "The hard drive is constantly looking for GSM [Global System for Mobile Communications] signals, if it is starved of them it it would destroy itself. It would see such a bag as a threat," said James Little, head of sales at SecureDrives. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 9 15:08:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Oct 2014 16:08:37 -0400 Subject: [Infowarrior] - UMBC partners in cybersecurity R&D center Message-ID: <1159D553-1782-4236-B6A2-94631F243627@infowarrior.org> (Disclosure: I was/am involved w/this effort.) http://umbc.edu/window/national_interest_2014.html UMBC partners in cybersecurity R&D center bridging government, industry, and higher education. UMBC will play an exciting role in strengthening our nation?s cybersecurity infrastructure through a new Federally Funded Research and Development Center (FFRDC) announced this week. The National Institute of Standards and Technology (NIST) awarded a contract to operate the center to the MITRE Corporation, which will partner with the University System of Maryland (USM) to carry out the center?s goals. UMBC and the University of Maryland, College Park are collaborators with MITRE and Anupam Joshi, director of the UMBC Center for Cybersecurity, will serve in a leadership role for UMBC. The government sponsors fewer than 50 FFRDCs across the country, and all are designed to tackle complex, long-term problems of significant national interest. According to NIST, this is the first center that is ?solely dedicated to enhancing the security of the nation?s information systems.? The contract to operate the FFRDC has a maximum amount of $5 billion over 25 years. ?Securing our cyber infrastructure requires government, industry, and higher education to work closely together, and this center makes that powerful collaboration possible,? says UMBC President Freeman Hrabowski. ?Further, it solidifies Maryland?s role as the hub of cybersecurity in our nation.? Maryland hosts a large number of federal agencies and companies on the cutting edge of cybersecurity, and the USM is nationally recognized for its research and education programs in the field. This vital combination means that the State of Maryland is uniquely positioned to successfully nurture this research and development center. U.S. Senator Barbara A. Mikulski congratulated the USM and MITRE on this opportunity, saying, ?This new center unites the knowledge of the government with the know-how of the private sector to develop cyber technology solutions needed to protect dot-com entities and make our cyber infrastructure more resilient.? UMBC?s Anupam Joshi says, ?While national security interests are usually central to the security conversation, this center will also work to meet the cybersecurity needs of individuals and businesses in a variety of sectors, such as healthcare and energy. Individuals and small and medium-size businesses constitute a major part of the nation?s cyberinfrastructure, but can lack the resources and technical expertise to respond effectively to cyber threats.? This new FFRDC will support the National Cybersecurity Center of Excellence (NCCoE), which NIST, the state of Maryland, and Montgomery County, Md., established in 2012 to help businesses secure their data and digital infrastructure by bringing together information security experts from industry, government, and academia. It will further the NCCoE?s goal to foster public-private collaborations to identify and solve today?s most pressing cybersecurity challenges. ?This new FFRDC supporting NIST?s NCCoE will be a major addition to Maryland?s existing strengths in cybersecurity,? says Karl Steiner, Vice President for Research at UMBC. ?I am delighted about this new strategic collaboration with our colleagues at College Park and at MITRE, and about the opportunities to further expand and apply our scientific capabilities in an area of such critical importance.? To learn more about this new collaboration, see the announcement from NIST and the joint announcement from MITRE and the USM. (10/9/2014) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 10 14:01:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Oct 2014 15:01:54 -0400 Subject: [Infowarrior] - =?windows-1252?q?Warner_Hid_References_to_=93Robo?= =?windows-1252?q?ts=94_And_Its_Deliberate_Abuse_of_Takedowns?= Message-ID: <2D5E4942-3316-4804-9B69-D7E797A555BB@infowarrior.org> In Hotfile Docs, Warner Hid References to ?Robots? And Its Deliberate Abuse of Takedowns https://www.eff.org/deeplinks/2014/10/hotfile-docs-warner-hid-references-robots-and-its-deliberate-abuse-takedowns After months of delay, Warner has finally released documents detailing its notice and takedown practices. The documents were filed under seal in the now-defunct Hotfile litigation until a federal court (prompted by a motion from EFF) ordered Warner to produce them for the public. These documents confirm the movie studio?s abuse of the DMCA takedown process. They describe Warner ?robots? sending thousands of infringement accusations to sites like the now-closed Hotfile without human review, based primarily on filenames and metadata rather than inspection of the files? contents. They also show that Warner knew its automated searches were too broad and that its system was taking down content in which Warner had no rights ? likely a violation of the DMCA. EFF has posted the documents on its Disney v. Hotfile case page, with the newly unsealed text highlighted in yellow. Although much of the record remains sealed for now, the newly released portions shed some light on Warner?s robo-takedowns and practices that may have crossed the line of legality. < - > Although Warner described its ?robots? as ?highly sophisticated? and able to ?effectively mimic the search a human would conduct, except faster,? it appears that the system didn?t look at the contents of files uploaded to Hotfile, but only ?titles and superficial attributes of files.? In fact, according to Hotfile?s briefs, ?Warner subjectively knew that its [robots] were consistently misidentifying small single files [under 200 megabytes] as Warner movies, but it continued to delete those files anyway.? The documents also reveal that Warner used its takedown system to limit access to software that it didn?t want the public to have. Hotfile accused Warner of using its system to take down copies of a free and open source download manager called JDownloader, which was not owned by Warner. Newly released testimony from a Warner executive suggests that, in the words of Judge Williams, ?Warner knew that its robots were systematically deleting copies of JDownloader . . . and refrained from correcting the error because Warner thought that eliminating JDownloader would serve its ?anti-piracy? purposes.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 14 09:53:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Oct 2014 10:53:10 -0400 Subject: [Infowarrior] - No 'boots on the ground' right? Message-ID: <29D94A1E-B798-48DE-9DB5-1733EE40DFCA@infowarrior.org> This is not something that's been widely reported in the US media, I don't think. 1st Infantry Division HQ deploying to Iraq http://www.army.mil/article/134543/1st_Infantry_Division_HQ_deploying_to_Iraq/ ... so if we're not having any "boots on the ground" (as if anyone believes that line, right?) does that mean they're heading over wearing sneakers? Riddle me this: at what points do "boots on the ground" become "boots on the ground?" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 16 06:59:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Oct 2014 07:59:20 -0400 Subject: [Infowarrior] - Non-sensational Ebola news Message-ID: <707F6E9B-FC2B-44D6-A8ED-8A7F58C55CA5@infowarrior.org> It's a sad commentary when the need for such sites is due to the utter idiocy and pandering to exploit a crisis found in the 24-hour 'news' shops. --rick http://lifehacker.com/ebola-deeply-provides-non-alarmist-news-on-the-curren-1646845971/all With all the Ebola buzz going around, it's hard to tell what's real and what's not. Ebola Deeply is a news site dedicated to honest, trustworthy news about the epidemic so you can keep informed about what's really going on. The media coverage of the current Ebola crisis has been hyping things up a lot lately. It's true that Ebola can be deadly, but there's no need to panic. Staying informed is your best bet, but it's important to make sure you're getting the right information. Ebola Deeply is a web site created by Lara Setrakian?the founder of the Syria Deeply news site?to separate authoritative coverage from misleading, sensationalist journalism. The articles are comprised by 25% of their own dedicated staff stationed in the US and Africa, and the rest of the content will come from other trusted sources. Remember, the best thing you can do is stay informed with the right information. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 16 17:01:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Oct 2014 18:01:57 -0400 Subject: [Infowarrior] - FBI Director Continues His Attack On Technology, Privacy And Encryption Message-ID: <7692FA12-A3F0-421D-88CD-14C5CE2EBB5C@infowarrior.org> FBI Director Continues His Attack On Technology, Privacy And Encryption from the not-how-it-works dept FBI Director James Comey has doubled down on his basic attack on technology and privacy with a speech at the Brookings Institution entitled "Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course." He admits that he wants "every tool" available to law enforcement, and he's worried about that darn tech industry for wishing to keep users' information private. He calls it a "public safety problem." Others may disagree. < - > https://www.techdirt.com/articles/20141016/11531128849/fbi-director-continues-his-attack-technology-privacy-encryption.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 16 17:15:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Oct 2014 18:15:09 -0400 Subject: [Infowarrior] - Leaked TPP Draft Reveals Tough Anti-Piracy Measures Message-ID: <21F95288-BA22-4DD0-BAD1-A2D1054FA950@infowarrior.org> Leaked TPP Draft Reveals Tough Anti-Piracy Measures ? By Ernesto ? on October 16, 2014 http://torrentfreak.com/leaked-tpp-draft-reveals-tough-anti-piracy-measures-141016/ Today Wikileaks released a new draft of the secretive Trans-Pacific Partnership (TPP) agreement. The intellectual property chapter covers a wide range of issues, from increased ISP liability, through extended copyright terms to criminalizing non-commercial piracy. The Trans-Pacific Partnership, an agreement aimed at strengthening economic ties between the United States, Canada, New Zealand, Japan and eight other countries in the region, has been largely shrouded in secrecy. Today whistleblower outfit Wikileaks sheds some light on the ongoing negotiations by leaking a new draft of the agreement?s controversial intellectual property chapter. The draft dates back to May 2014 and although it?s far from final, some significant progress has been made since the first leak during August last year. For example, the countries have now agreed that a new copyright term will be set in the agreement. No decision has been made on a final term but options currently on the table are life of the author plus 50, 70 or 100 years. The proposal to add criminal sanctions for non-commercial copyright infringement, which is currently not the case in many countries, also remains in play. The leak further reveals a new section on ISP liability. This includes a proposal to make it mandatory for ISPs to alert customers who stand accused of downloading copyrighted material, similar to the requirement under the U.S. DMCA. Alberto Cerda of Georgetown University Law Center points out that some of the proposals in the ISP liability section go above and beyond the DMCA. ?The most worrying proposal on the matter is that one that would extend the scope of the provisions from companies that provide Internet services to any person who provides online services,? Cerda told TorrentFreak. This means that anyone who passes on Internet traffic could be held liable for the copyright infringements of others. This could include the local coffeehouse that offers free wifi, or even someone?s own Internet connection if it?s shared with others. The leaked draft also adds a provision that would allow ISPs to spy on their own users to catch those who download infringing content. This is another concern, according to the law Professor. ?From a human rights viewpoint, that should be expressly limited to exceptional circumstances,? Cerda says. It?s clear that the ISP liability section mimicks the DMCA. In fact, throughout the TPP chapter the most draconian proposals often originate from the United States. Law Professor Michael Geist notes that Canada has been the leading opponent of many of the U.S. proposals, which often go against the country?s recently revamped copyright law. Geist warns that the TPP may eventually lead to tougher local laws as U.S. pressure continues. ?As the treaty negotiations continue, the pressure to cave to U.S. pressure will no doubt increase, raising serious concerns about whether the TPP will force the Canadian government to overhaul recently enacted legislation,? Geist writes. Compared to the previous draft that leaked last year there are also some positive developments to report. For example, Canada put forward a proposal that permits countries to allow exceptions to technological protection measures. This would makes it possible to classify DRM-circumvention as fair use, for example. A refreshing proposal, but one that?s unlikely to be approved by the U.S. If anything, the leaked TPP chapter shows once again that there is still a very long way to go before a final draft is ready. After more than three years of negotiating many of the proposals are still heavily debated and could go in multiple directions. That is, if an agreement is ever reached. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 17 06:50:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Oct 2014 07:50:32 -0400 Subject: [Infowarrior] - FBI chief demands an end to cellphone security Message-ID: <2A0BDCCC-302C-480C-BB98-267636A8A5FB@infowarrior.org> Resumed, the Crypto Wars, have. ---rick FBI chief demands an end to cellphone security Cory Doctorow at 3:16 pm Thu, Oct 16, 2014 http://boingboing.net/2014/10/16/fbi-chief-demands-an-end-to-ce.html If your phone is designed to be secure against thieves, voyeurs, and hackers, it'll also stop spies and cops. So the FBI has demanded that device makers redesign their products so that they -- and anyone who can impersonate them -- can break into them at will. Director James B. Comey doubled down on his earlier attack on cryptography in phones, giving a Brookings Institute talk where he called for "front doors" to let spies break into our computers: The American Civil Liberties Union responded forcefully to Mr. Comey?s comments about encryption. ?Federal law explicitly protects the right of companies to add encryption with no back doors,? Laura W. Murphy, director of the group?s Washington legislative office, said in a written statement. ?Whether the F.B.I. calls it a front door or a back door, any effort by the F.B.I. to weaken encryption leaves our highly personal information and our business information vulnerable to hacking by foreign governments and criminals.? Technology companies have argued that, even with encryption, there are still ways for law enforcement to legally circumvent encryption by intercepting data in the cloud, or by forcing criminal suspects to hand over the passwords to their devices. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 17 16:30:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Oct 2014 17:30:21 -0400 Subject: [Infowarrior] - Exclusive: NSA reviewing deal between official, ex-spy agency head Message-ID: <8185C989-B58B-48B0-AE7C-B549D1A73329@infowarrior.org> Exclusive: NSA reviewing deal between official, ex-spy agency head By Warren Strobel and Mark Hosenball WASHINGTON Fri Oct 17, 2014 2:47pm EDT http://www.reuters.com/article/2014/10/17/us-usa-intelligence-nsa-idUSKCN0I624Y20141017 (Reuters) - The U.S. National Security Agency has launched an internal review of a senior official?s part-time work for a private venture started by former NSA director Keith Alexander that raises questions over the blurring of lines between government and business. Under the arrangement, which was confirmed by Alexander and current intelligence officials, NSA's Chief Technical Officer, Patrick Dowd, is allowed to work up to 20 hours a week at IronNet Cybersecurity Inc, the private firm led by Alexander, a retired Army general and his former boss. The arrangement was approved by top NSA managers, current and former officials said. It does not appear to break any laws and it could not be determined whether Dowd has actually begun working for Alexander, who retired from the NSA in March. In a statement in response to inquiries by Reuters, NSA spokeswoman Vanee Vines said, "This matter is under internal review. While NSA does not comment on specific employees, NSA takes seriously ethics laws and regulations at all levels of the organization." Current and former U.S. intelligence officials, some of whom requested anonymity to discuss personnel matters, said they could not recall a previous instance in which a high-ranking U.S. intelligence official was allowed to concurrently work for a private-sector firm. They said it risked a conflict of interest between sensitive government work and private business, and could be seen as giving favoritism to Alexander's venture. IronNet Cybersecurity is developing a new approach to protect computer networks from hackers and is marketing it to financial institutions and other private-sector firms. Alexander, who was the eavesdropping and code-breaking agency's longest-serving director, confirmed the arrangement with Dowd in an interview with Reuters. He said he understood it had been approved by all the necessary government authorities, and that IronNet Cybersecurity, not the government, would pay for Dowd's time spent with the firm. Dowd, he said, wanted to join IronNet, and the deal was devised as a way to keep Dowd's technological expertise at least partly within the U.S. government, rather than losing him permanently to the private sector. "I wanted Pat to stay at NSA. He wanted to come on board," Alexander said. He acknowledged that the hybrid arrangement "is awkward," but added, "I just felt that his leaving the government was the wrong thing for NSA and our nation." Dowd did not respond to requests for comment. Alexander and Dowd have jointly filed patents based on technology they developed while at the NSA. Alexander said the cybersecurity techniques that IronNet is developing are not based on those patents. ?UNUSUAL? The NSA?s review comes at a sensitive time for the electronic spy agency, which last year went through the worst crisis in its 62-year history following revelations by former contractor Edward Snowden of widespread government electronic surveillance. The NSA, whose technological wizardry helped the U.S. government eavesdrop on Soviet leaders during the Cold War and is an important ingredient in the Obama administration's counter-terrorism efforts, is based in Fort Meade, Maryland, about 25 miles (15 km) from Washington D.C., where IronNet is headquartered. In an earlier statement to Reuters, spokeswoman Vines said that "under ethics rules, senior executive employees, among others, are required to obtain written permission through their supervisors if they wish to pursue outside employment with a prohibited source." Stewart Baker, a former NSA general counsel, said that he had never heard of an arrangement under which an NSA executive is allowed to work part time for a private company presumed to be involved in some of the same type of business as the NSA. "I agree this is unusual," Baker said, adding, "It?s complex, but probably manageable." Baker said that there is already a program in place which allows government executives to leave, spend some time in the private sector, and then return to government without giving up seniority or other rights. Such arrangements traditionally require a total break with government service. Paul Rothstein, a criminal law and ethics professor at Georgetown University law school, said the arrangement in which NSA is allowing Dowd to work part time for Alexander?s company "seems problematic." "If it isn?t structured very carefully, this runs the risk of conflict of interest and disclosure of national secrets," Rothstein said. "It is a situation that in the interests of good government should be avoided unless there?s some very strong reason to do it.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 20 06:21:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Oct 2014 07:21:23 -0400 Subject: [Infowarrior] - OSX Yosemite Phones Home Message-ID: This repository provides a corpus of network communications automatically sent to Apple by OS X Yosemite; we're using this dataset to explore how Yosemite shares user data with Apple. The provided data was collected using our Net Monitor toolkit; more information regarding usage and methodology is provided below. Examples The following occur with all privacy options enabled -- including disabling analytics (i.e., Diagnostics and Usage Data). < -- > https://github.com/fix-macosx/yosemite-phone-home --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 20 12:39:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Oct 2014 13:39:37 -0400 Subject: [Infowarrior] - NYT on "terrorism" rhetoric Message-ID: <6D2D8D3D-03CF-4069-9B6C-E8AF2ABA43B9@infowarrior.org> The Stone The Reign of ?Terror? By Tomis Kapitan October 19, 2014 8:00 pmOctober 19, 2014 8:00 pm http://opinionator.blogs.nytimes.com/2014/10/19/the-reign-of-terror/ The Stone is a forum for contemporary philosophers and other thinkers on issues both timely and timeless. When President Barack Obama spoke to the public in September about his decision to use American military force against the Islamic State in Iraq and Syria he used familiar language. ISIS (or ISIL as the White House and others refer to the group), the president said, ?is a terrorist organization, pure and simple. And it has no vision other than the slaughter of all who stand in its way.? The man picked to manage Obama?s strategy, General John R. Allen, wrote in the publication Defense One that ?the Islamic State is an entity beyond the pale of humanity and it must be eradicated.? The powerful rhetoric centered on the word ?terrorism? makes it difficult to speak intelligently about its real sources. It is undeniable that many of the tactics being used by ISIS ? executions of civilians and well publicized beheadings of hostages ? do violate accepted standards of conduct in conflict (detailed in an evolving legal and philosophical code known as just war theory.) And understandably, those moved by language of the sort used by the president and his staff are in no mood to consider softer tactics like negotiation with ISIS, nor to ponder the complex causes contributing to its rise. Obama?s stated policy of removing the ?cancer? threatening the established political order in the Middle East is already underway, and is facing little resistance. This is merely the latest example of a powerful rhetoric centered on the word ?terrorism? that has shaped ? and continues to shape ? popular conceptions about contemporary political conflicts, making it difficult to speak intelligently about their real sources. If individuals and groups are portrayed as irrational, barbaric, and beyond the pale of negotiation and compromise, as this rhetoric would have it, then asking why they resort to terrorism is viewed as pointless, needlessly accommodating, or, at best, mere pathological curiosity. Those normally inclined to ask ?Why?? are in danger of being labeled ?soft? on terrorism, while the more militant use the ?terrorist? label to blur the distinction between critical examination and appeasement. Part of the success of this rhetoric traces to the fact that there is no consensus about the meaning of ?terrorism.? While it is typically understood to mean politically motivated violence directed against civilians, the Federal Bureau of Investigation and the Department of Defense, for example, describe terrorism as the unlawful use of violence to achieve political goals by coercing governments or societies. The State Department cites a legal definition of ?terrorism? as ?premeditated, politically motivated violence perpetrated against noncombatant targets by sub-national groups or clandestine agents.? It adds: ?The term ?noncombatant? is interpreted to include, in addition to civilians, military personnel who at the time of the incident are unarmed or not on duty.? Thus, by means of linguistic gerrymander, members of uniformed government military forces acting under government authorization are incapable of committing acts of terrorism no matter how many civilians are ground up in the process. When violent political groups like ISIS are labeled as irrational and barbaric, asking why they resort to terrorism becomes pointless. Even when a definition is agreed upon, the rhetoric of ?terror? is applied both selectively and inconsistently. In the mainstream American media, the ?terrorist? label is usually reserved for those opposed to the policies of the U.S. and its allies. By contrast, some acts of violence that constitute terrorism under most definitions are not identified as such ? for instance, the massacre of over 2000 Palestinian civilians in the Beirut refugee camps in 1982 or the killings of more than 3000 civilians in Nicaragua by ?contra? rebels during the 1980s, or the genocide that took the lives of at least a half million Rwandans in 1994. At the opposite end of the spectrum, some actions that do not qualify as terrorism are labeled as such ? that would include attacks by Hamas, Hezbollah or ISIS, for instance, against uniformed soldiers on duty. Historically, the rhetoric of terror has been used by those in power not only to sway public opinion, but to direct attention away their own acts of terror. Yet, to the fair-minded, the attempt by governments to justify bombardment of residential districts, schools and hospitals in the name of fighting terrorism is outright hypocrisy. Government forces have long provided outstanding examples of politically-motivated violence against civilians, the very thing they allegedly oppose. Claims about not ?targeting? civilians ring hollow when it is quite obvious that high-tech explosives are aimed at buildings known to contain civilians. If what is insidious about terrorism is its callous disregard for civilian lives in pursuit of political goals, why is there not an uproar about state terrorism? Why do so many reserve their venom for people whose destructive capacity pales in comparison with those who command tanks, artillery and warplanes? It is easy to lose sight of inconsistencies in wartime hostilities. Instead, the emotional impact of language tends to triumph at the expense of accuracy and fairness. By effectively placing designated individuals or groups outside the norms of acceptable social and political behavior, the rhetoric of ?terror? has had these effects: 1) It erases any incentive the public might have to understand the nature and origins of their grievances so that the possible legitimacy of their demands will not be raised. 2) It deflects attention away from one?s own policies that might have contributed to their grievances. 3) It repudiates any calls for negotiation. 4) It obliterates the distinction between national liberation movements and fringe fanatics (for example, during the 1990s, the ?terrorist? label was applied to Nelson Mandela and Timothy McVeigh alike); 5) It paves the way for the use of force by making it easier for a government to exploit the fears of its citizens and ignore objections to the manner in which it responds to terrorist violence. This is not just a strategy of the United States government. For decades, Israeli leaders have used such language in their attempt to discredit Palestinian nationalism and deflect attention away from their own policies in the occupied territories. In the 1986 book ?Terrorism: How the West Can Win,? Benjamin Netanyahu, the book?s editor, who is now Israel?s prime minister, encouraged pre-emptive strikes ?to weaken and destroy the terrorist?s ability to consistently launch attacks,? even at the ?risk of civilian casualties.? Addressing the origins of terrorism, he surmised that ?the root cause of terrorism lies not in grievances but in a disposition toward unbridled violence? traceable to ?a worldview that asserts that certain ideological and religious goals justify, indeed demand, the shedding of all moral inhibitions.? Other contributors to the volume voiced similar sentiments in portraying the terrorist as a carrier of ?oppression and enslavement,? having ?no moral sense,? ?a perfect nihilist,? and whose elimination is the only rational means for the West to ?win.? More careful assessments were made by scholars like Robert Pape of the University of Chicago, who has stressed that foreign military interventions and nationalism are the primary causes of terrorist violence. In his book ?Dying to Win: The Strategic Logic of Suicide Terrorism,? Pape argued that desires for national self-determination and an end to military occupation were at the root of nearly every instance of suicide terrorism from 1980 to 2003, and that while religion was used a tool for recruiting and procuring aid from abroad, it was rarely the cause. While some took issue with Pape?s analysis, he at least employed a more dispassionate, analytical approach in attempting to understand this form of violence. Obviously, to point out the causes and objectives of particular terrorist actions is to imply nothing about their legitimacy ? that is an independent matter ? nor is it any endorsement of a particular method for dealing with the problem of terrorist violence. Yet, to ignore these causes and objectives is to undermine attempts to deal intelligently with terrorism, since it leaves untouched its motivating factors, and paves the way for blind reactions of the sort that are likely to exacerbate rather than resolve the problem. To put it bluntly, by stifling inquiry into causes, the rhetoric of ?terror? actually increases the likelihood of terrorism. First, it magnifies the effect of terrorist actions by heightening the fear among the target population. If we demonize the terrorists, if we portray them as evil, irrational beings devoid of a moral sense, we amplify the fear and alarm generated by terrorist incidents, even when this is one of the political objectives of the perpetrators. In addition, stricter security measures often appear on the home front, including enhanced surveillance and an increasing militarization of local police. Second, those who succumb to the rhetoric contribute to the cycle of revenge and retaliation by endorsing military actions that grievously harm the populations among whom terrorists live. The consequence is that civilians, those least protected, become the principle victims of ?retaliation? or ?counterterrorism.? Having been desensitized by language, the willingness to risk civilian casualties becomes increasingly widespread. For example, according to a CBS/New York Times poll of 1216 Americans published on September 16, 2001, nearly 60 percent of those polled supported the use of military force against terrorists even if ?many thousands of innocent civilians may be killed,? an echo of the view taken by Netanyahu in his book. Third, a violent response is likely to stiffen the resolve of those from whose ranks terrorists have emerged, leading them to regard their foes as people who cannot be reasoned with, as people who, because they avail themselves so readily of the rhetoric of ?terror,? know only the language of force. As long as groups perceive themselves to be victims of intolerable injustices and view their oppressors as unwilling to arrive at an acceptable compromise, they are likely to answer violence with more violence. Their reaction might be strategic, if directed against civilians to achieve a particular political objective, but, with the oppression unabated, it increasingly becomes the retaliatory violence of despair and revenge. In ?1984,? George Orwell described doublethink as ?the power of holding two contradictory beliefs in one?s mind simultaneously, and accepting both of them,? and portrayed it as a device for destroying the capacity for critical thinking, for controlling populations, and for perpetuating the political status quo. Something like doublethink is occurring as the rhetoric of terror continues to immerse us in a nightmare of skewed reason and perpetual warfare. In condemning terrorism, we think of it as something to be eliminated at all costs. Yet, in sanctioning the use of modern weaponry to achieve this end, regardless of its impact upon civilian populations, we are effectively advocating the very thing we condemn, and this is closer to doublethink than we should ever wish to be. Tomis Kapitan is a professor emeritus at Northern Illinois University. He is the author of papers in metaphysics, the philosophy of language and international ethics, and the co-author of ?The Israeli-Palestinian Conflict: Philosophical Essays on Self-Determination, Terrorism, and the One-State Solution.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 22 12:25:01 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Oct 2014 13:25:01 -0400 Subject: [Infowarrior] - Rep. Mike Rogers Now Claims Ed Snowden Should Be Charged With Murder, Because Someone Might Die Message-ID: <7A63CED5-CA73-4EEA-9AAB-6119B1B90275@infowarrior.org> TL;DR .... Rep Mike Rogers is an idiot. Rep. Mike Rogers Now Claims Ed Snowden Should Be Charged With Murder, Because Someone Might Die https://www.techdirt.com/articles/20141022/06282228905/rep-mike-rogers-now-claims-ed-snowden-should-be-charged-with-murder-because-someone-might-die.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 22 12:41:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Oct 2014 13:41:38 -0400 Subject: [Infowarrior] - =?windows-1252?q?=91Crypto_wars=92_return_to_Cong?= =?windows-1252?q?ress?= Message-ID: (And in related news, holycrap, I agree with something Darrel Issa says! --rick) ?Crypto wars? return to Congress By Julian Hattem - 10/20/14 06:31 AM EDT http://thehill.com/policy/cybersecurity/221147-crypto-wars-return-to-congress FBI Director James Comey has launched a new ?crypto war? by asking Congress to update a two-decade-old law to make sure officials can access information from people?s cellphones and other communication devices. The call is expected to trigger a major Capitol Hill fight about whether or not tech companies need to give the government access to their users' data. ?It's going to be a tough fight for sure,? Rep. James Sensenbrenner (R-Wis.), the Patriot Act?s original author, told The Hill in a statement. He argues Apple and other companies are taking the privacy of consumers into their own hands because Congress has failed to pass legislation in response to public anger over the National Security Agency?s surveillance programs. ?While Director Comey says the pendulum has swung too far toward privacy and away from law enforcement, he fails to acknowledge that Congress has yet to pass any significant privacy reforms,? he added. ?Because of this failure, businesses have taken matters into their own hands to protect their consumers and their bottom lines.? <="" span=""> ?If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walked free, child exploitation not discovered and prosecuted,? he said last week. Comey is asking that Congress update the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law that required telephone companies to make it possible for federal officials to wiretap their users' phone calls. Many new mobile applications and other modern devices aren?t included under the law, however, making it difficult if not impossible for police to get a suspect?s records ? even with a warrant. Forcing companies to put in a ?backdoor? to give officials access would also open them up to hackers in China and Russia, opponents claim, as well as violate Americans? constitutional rights to privacy. Comey claimed the FBI was not looking for a ?backdoor? into people?s devices. ?We want to use the front door with clarity and transparency,? he said. But for critics, that?s a distinction without a difference. ?The notion that it?s not a backdoor; it?s a front door ? that?s just wordplay,? said Bruce Schneier, a computer security expert and fellow at the Berkman Center for Internet & Society at Harvard University. ?It just makes no sense.? It is reminiscent, he said, of the mid-1990s debate over the ?Clipper Chip,? an electronic chip that federal officials wanted to insert in devices allowing them to access people?s communications. In the end, Congress did not require that companies use that chip in their technology. Similar arguments have emerged every few years, as technology has gotten better and government agents have feared being left behind. ?This is the third or fourth replay,? said Greg Nojeim, senior counsel at the Center for Democracy & Technology. ?So far Congress has done the right thing and stood aside when companies are given the latitude they need to make communications devices and services more secure.? Early indications are that it could be an uphill push for the FBI. ?I?d be surprised if more than a handful of members would support the idea of backdooring Americans? personal property,? Sen. Ron Wyden (D-Ore.), who would staunchly oppose the measure, said in a statement shared with The Hill. Rep. Darrell Issa (R-Calif.), the chairman of the House Oversight Committee, on Friday tweeted that the administration would be making a ?tough sell? by pushing an update to CALEA. ?To FBI Director Comey and the [administration] on criticisms of legitimate businesses using encryption: you reap what you sow,? he wrote. Rep. Zoe Lofgren (D-Calif.) predicted that any bill would have ?zero chance? of passing. Earlier this year, she and Rep. Thomas Massie (R-Ky.) introduced a measure to the defense spending bill banning the National Security Agency from using ?backdoor? searches to spy on Americans through a legal provision targeting foreigners. That measure overwhelmingly passed the House 293-123. While the NSA?s spying is different from the FBI?s requested updated to CALEA, the spirit is the same, she said. ?I think the public would not support it, certainly industry would not support it, civil liberties groups would not support it,? Lofgren told The Hill. ?I think [Comey is] a sincere guy, but there?s just no way this is going to happen.? Still, the FBI is unlikely to drop the pressure, especially if tech companies keep putting a focus on their privacy protections. ?This is a long-term discussion that has been coming and I expect to continue,? said Carl Szabo, a lobbyist for NetChoice, a trade group for online businesses including Google, eBay and Yahoo. As for the chances of a CALEA update, he is opposed but isn?t assuming the FBI will stand down. ?I never underestimate anything,? he said. ?I always think that there is a chance, even if it?s not as sweeping as installing a front door master key on every mobile device, it could be installing a small backdoor.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 22 17:34:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Oct 2014 18:34:20 -0400 Subject: [Infowarrior] - =?windows-1252?q?Canada=92s_CBC_News_Shows_What_T?= =?windows-1252?q?houghtful_Breaking_News_Coverage_Really_Looks_Like?= Message-ID: <78757CEC-810E-47B1-9786-96FB0A444B6D@infowarrior.org> Canada?s CBC News Shows What Thoughtful Breaking News Coverage Really Looks Like By Mark Joyella on October 22, 2014 1:55 PM https://www.mediabistro.com/tvnewser/canadas-cbc-news-shows-what-thoughtful-breaking-news-coverage-really-looks-like_b243081 For hours this afternoon, Canada?s CBC News covered the breaking news of at least three shooting incidents in Ottawa. Led by veteran anchor Peter Mansbridge, the rolling coverage was smart, careful, and absolutely un-American. As Andy Carvin noted, Mansbridge set a respectful, careful tone, calling out interview subjects who had unconfirmed or contradictory information. ?So much we could learn from his delivery today,? Carvin told me on Twitter. On screen, CBC News kept a ticker scrolling, a ?Breaking News? bug in the corner, a ?LIVE? bug at the top right, and three boxes showing video and live pictures. Mansbridge rarely appeared on camera, even as he took pains to ensure information was correct before reporting anything?particularly the news a soldier shot at Ottawa?s War Memorial had died of his injuries. As I watched via the network?s live stream in New York, I never heard a second of dramatic music, never saw a full-screen wipe with a catchy graphic like TERROR ON PARLIAMENT HILL, and never, ever heard Mansbridge or any of the CBC?s reporters dip even a toe into the waters of self-promotion. Compared that to the American cable news networks, where we?ve come to expect that every prime time newscast will begin with urgent music and BREAKING NEWS?complete with multiple on-screen reminders that this is BREAKING NEWS of great importance. CBC?s coverage was, well, very Canadian. And to the nervous system of an American observer of TV news, it was decidedly strange to experience. Mansbridge, in sharp contrast to the frenetic, breathless delivery we?ve come to expect from American news anchors in times of breaking news (including stories of far less significance than the attacks in Canada), was thoughtful, took his time, and seemed at times to pause, and to consider his words before speaking. Just. Imagine. That. Around 1:30 ET, three-and-a-half hours into his coverage, Mansbridge paused to update viewers. ?What do we know with certainty right now?? There was no place for exaggeration, rumor, or mistakes. It was like watching grown-up news. And suddenly, seeing it, I was struck by how often we don?t see it here in the U.S. It?s been a long time since American anchors like Frank Reynolds said ?let?s nail it down?let?s get it right.? Even if it means letting someone else report it first. CBC News was soundly beaten by various journalists on Twitter with word the War Memorial soldier had died, but when time came for Mansbridge to bring this sad fact into his coverage, he warned he had ?bad news? to report, and then very carefully explained how CBC came to believe this information was correct. It wasn?t loud and urgent. It was quiet and somber. And as such, it felt very, very important. It felt proper. On a very frightening and horrific day for Canada, Mansbridge and his CBC colleagues did their jobs with dignity and respect. Andy Carvin is right. We could learn from their example. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 23 08:48:24 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Oct 2014 09:48:24 -0400 Subject: [Infowarrior] - OT: Hobbit stars in ANZ safety video Message-ID: Fly, you fools! 'Hobbit' stars take off in epic airline safety video Elijah Wood, Sylvester McCoy and Peter Jackson are the fellowship of the wing in Air New Zealand's "Most Epic Safety Video Ever Made". http://www.cnet.com/news/fly-you-fools-hobbit-stars-take-off-in-epic-airline-safety-video/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 23 08:59:39 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Oct 2014 09:59:39 -0400 Subject: [Infowarrior] - Special report: America's perpetual state of emergency Message-ID: Special report: America's perpetual state of emergency Gregory Korte, USA TODAY 9:11 a.m. EDT October 23, 2014 < - > http://www.usatoday.com/story/news/politics/2014/10/22/president-obama-states-of-emergency/16851775/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 24 07:41:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Oct 2014 08:41:54 -0400 Subject: [Infowarrior] - Ten Insane Things We Believe On Wall Street Message-ID: <2ACEA8B4-B09B-40F0-A370-FD6B2E3EB81E@infowarrior.org> Ten Insane Things We Believe On Wall Street Posted October 23, 2014 by Joshua M Brown http://thereformedbroker.com/2014/10/23/ten-insane-things-we-believe-on-wall-street/ To outsiders, Wall Street is a manic, dangerous and ridiculous republic unto itself ? a sort of bizarro world where nothing adds up and common sense is virtually inapplicable. Consider the following insane things that we believe on Wall Street, that make no sense whatsoever in the real world: 1. Falling gas and home heating prices are a bad thing 2. Layoffs are great news, the more the better 3. Billionaires from Greenwich, CT can understand the customers of JC Penney, Olive Garden, K-Mart and Sears 4. A company is plagued by the fact that it holds over $100 billion in cash 5. Some companies have to earn a specific profit ? to the penny ? every quarter but others shouldn?t dare even think about profits 6. Wars, weather, fashion trends and elections can be reliably predicted 7. It?s reasonable for the value of a business to fluctuate by 5 to 10 percent within every eight hour period 8. It?s possible to guess the amount of people who will get or lose a job each month in a nation of 300 million 9. The person who leads a company is worth 400 times more than the average person who works there 10. A company selling 10 million cars a year is worth $50 billion, but another company selling 40,000 cars a year is worth $30 billion because its growing faster Away from Wall Street, no one believes in any of this stuff. It?s inconceivable. On Wall Street, these are core tenets of our collective philosophy. No wonder everyone else thinks we?re insane. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 27 09:41:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Oct 2014 10:41:12 -0400 Subject: [Infowarrior] - Everyone is a Suspect Message-ID: <5410D1D2-E2D0-492F-815F-926C98DC832A@infowarrior.org> Guidelines On Who Might Be Suspicious: Too Nervous? Too Calm? Blending In? Standing Out? It's All Suspcious from the everyone-is-a-suspect dept https://www.techdirt.com/articles/20141024/14222128933/guidelines-who-might-be-suspicious-too-nervous-too-calm-blending-standing-out-its-all-suspcious.shtml The ACLU FOIA'd up some guidelines for Amtrak staff concerning how they judge whether or not passengers are "suspicious" in terms of being "indicative of criminal activity" and the list seems fairly broad: ? Unusual nervousness of traveler ? Unusual calmness or straight ahead stare ? Looking around while making telephone call(s) ? Position among passengers disembarking (ahead of, or lagging behind passengers) ? Carrying little or no luggage ? Purchase of tickets in cash ? Purchase tickets immediately prior to boarding Radley Balko takes this list and then compares it to a list put together by James Bovard concerning what the courts have said is conduct that shows "reasonable suspicion" for law enforcement to dig deeper: ? Being the first person off a plane ? Being the last person off a plane ? Someone authorities believe has tried to blend in to the middle of exiting passengers ? Booking a nonstop flight ? Booking a flight with a layover ? Traveling alone ? Traveling with a companion ? People who appear nervous ? People who appear ?too calm? ? Merely flying to or from a city known to be a major thoroughfare in the drug pipeline The message is pretty clear: everyone is a suspect. And anything you might do to look not like a suspect is also suspicious. In fact, you're going to be pretty hard pressed not to look suspicious under these kinds of rules, which is kind of the point. Part of the problem is the myth out there that there's a legitimate ability to spot "suspicious" people. Sure, there are some extreme cases where people act strange before committing a criminal act, but the idea that you can scan a group of people and spot the people planning out some sort of criminal activity is a concept greatly exaggerated (often by Hollywood), but it inevitably leads to this situation where law enforcement can more or less pick and choose when they suddenly think you're "acting suspicious." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 27 09:51:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Oct 2014 10:51:45 -0400 Subject: [Infowarrior] - More 'abuses' of US anti-terrorism laws Message-ID: <5FE73501-16CE-4CBA-86FD-3700B7E8A253@infowarrior.org> October 26, 2014 | By Mark Jaycox Peekaboo, I See You: Government Authority Intended for Terrorism is Used for Other Purposes https://www.eff.org/deeplinks/2014/10/peekaboo-i-see-you-government-uses-authority-meant-terrorism-other-uses The Patriot Act continues to wreak its havoc on civil liberties. Section 213 was included in the Patriot Act over the protests of privacy advocates and granted law enforcement the power to conduct a search while delaying notice to the suspect of the search. Known as a ?sneak and peek? warrant, law enforcement was adamant Section 213 was needed to protect against terrorism. But the latest government report detailing the numbers of ?sneak and peek? warrants reveals that out of a total of over 11,000 sneak and peek requests, only 51 were used for terrorism. Yet again, terrorism concerns appear to be trampling our civil liberties. Throughout the Patriot Act debate the Department of Justice urged Congress to pass Section 213 because it needed the sneak and peak power to help investigate and prosecute terrorism crimes ?without tipping off terrorists.? In 2005, FBI Director Robert Mueller continued the same exact talking point, emphasizing sneak and peek warrants were ?an invaluable tool in the war on terror and our efforts to combat serious criminal conduct.? A closer look at the number of sneak and peek warrants issued (a reporting requirement imposed by Congress) shows this is simply not the case. The last publicly available report about sneak and peek warrants was released in 2010; however, the Administrative Office of the US Courts has finally released reports from 2011, 2012, and 2013. What do the reports reveal? Two things: 1) there has been an enormous increase in the use of sneak and peek warrants and 2) they are rarely used for terrorism cases. First, the numbers: Law enforcement made 47 sneak-and-peek searches nationwide from September 2001 to April 2003. The 2010 report reveals 3,970 total requests were processed. Within three years that number jumped to 11,129. That's an increase of over 7,000 requests. Exactly what privacy advocates argued in 2001 is happening: sneak and peak warrants are not just being used in exceptional circumstances?which was their original intent?but as an everyday investigative tool. Second, the uses: Out of the 3,970 total requests from October 1, 2009 to September 30, 2010, 3,034 were for narcotics cases and only 37 for terrorism cases (about .9%). Since then, the numbers get worse. The 2011 report reveals a total of 6,775 requests. 5,093 were used for drugs, while only 31 (or .5%) were used for terrorism cases. The 2012 report follows a similar pattern: Only .6%, or 58 requests, dealt with terrorism cases. The 2013 report confirms the incredibly low numbers. Out of 11,129 reports only 51, or .5%, of requests were used for terrorism. The majority of requests were overwhelmingly for narcotics cases, which tapped out at 9,401 requests. Section 213 may be less known than Section 215 of the Patriot Act (the clause the government is currently using to collect your phone records), but it's just as important. The Supreme Court ruled in Wilson v. Arkansas and Richards v. Wisconsin that the Fourth Amendment requires police to generally ?knock and announce? their entry into property as a means of notifying a homeowner of a search. The idea was to give the owner an opportunity to assert their Fourth Amendment rights. The court also explained that the rule could give way in situations where evidence was under threat of destruction or there were concerns for officer safety. Section 213 codified this practice into statute, taking delayed notice from a relatively rare occurrence into standard operating law enforcement procedure. The numbers vindicate privacy advocates who urged Congress to shelve Section 213 during the Patriot Act debates. Proponents of Section 213 claimed sneak and peek warrants were needed to protect against terrorism. But just like we've seen elsewhere, these claims are false. The government will continue to argue for more surveillance authorities?like the need to update the Communications Assistance to Law Enforcement Act?under the guise of terrorism. But before we engage in any updates, the public must be convinced such updates are needed and won't be used for non-terrorist purposes that chip away at our civil liberties. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 28 08:24:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Oct 2014 09:24:21 -0400 Subject: [Infowarrior] - Social media could become part of security clearance process Message-ID: Social media could become part of security clearance process Monday - 10/27/2014, 12:14pm EDT http://www.federalnewsradio.com/502/3730507/Social-media-part-of-clearance-check For the past six months, the Director of National Intelligence has been trying to determine whether the government should do Google searches on people who hold security clearances. Their question: Could publicly available information ? the type that pops up when you type a name into a search box ? tip off investigators that someone with access to sensitive government property may turn violent or become a spy? The answer becomes more critical as the government moves toward evaluating security clearance holders all the time, rather than checking up on them every few years. "We're trying to identify whether or not it's practical, viable and feasible to even use [social media] as part of the evaluation and adjudication process," said National Counterintelligence Executive Bill Evanina, whose office within DNI is responsible for setting security policies. National Counterintelligence Executive Bill Evanina In multiple pilot programs, investigators are monitoring volunteers' online behavior. They are looking at "any and all information that's literally available on the Internet without going through any password-protected information," he said. In addition to using Google searches, they are combing through government and commercial databases to look for details such as real estate or court records. They may also look at tweets and other public online communications. The volunteers are security clearance holders in good standing. DNI has been working with privacy and civil liberties advocates to adjudicate information that comes out of the pilots, Evanina said. Evanina said he has not been briefed on the results yet, but the pilots continue. He hopes to have enough data by the end of the year to make a decision. But a government source who spoke at an industry event earlier this month but did not get permission to use his name publicly, said one pilot included 5,000 volunteers. When investigators conducted a random sample of 300 people, they found that 28 percent of them ? fewer than 100 people ? had something in their social media files that would cause background investigators to take a second look. The red flag could be as simple as having foreign connections on a networking site like LinkedIn, the source said. The government does not use social media right now to evaluate the 5 million people who hold security clearances. Evanina acknowledged, it's missing out on what could be a powerful tool in the effort to continuously vet clearance holders. For example, Evanina said, social media could enable security officials to know immediately when a clearance holder has been arrested on a drunk driving charge. Today's system of periodic background checks means the same officials may have to wait years before learning that information. But for the government to incorporate social media into its background check procedures, it must be feasible, Evanina said. "Social media grows every day, exponentially. We're trying to find a way that's not only scalable but also functional," he said. "We're thinking about now and three years from now." Regardless of whether social media becomes part of the background check process, DNI is moving forward with a system of continuous evaluation, Evanina said. It has no plans to forgo current tools, including interviews, polygraphs and reference checks. "We've made significant and substantial progress over the past few months in this effort," he said. He expects DNI to launch the system early next year, starting with top-secret clearance holders. Eventually, the government will do continuous evaluation on all 5 million clearance holders, he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 30 20:24:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Oct 2014 21:24:37 -0400 Subject: [Infowarrior] - The 90s and Now: FBI and its Inability to Cope with Encryption Message-ID: <07CADD95-1BC9-473B-ACEC-982C27BA3D0B@infowarrior.org> October 29, 2014 | By Amul Kalia The 90s and Now: FBI and its Inability to Cope with Encryption Recently, FBI Director James B. Comey, along with several government officials, have issued many public statements regarding their inability to catch criminals due to Apple and Google offering default encryption to their consumers. We at EFF have been around long enough to see these nearly identical statements being made in the past, and have simultaneously witnessed law enforcement agencies not rendered obsolete. In fact, we?ve seen the exact opposite. The tools available to the law enforcement today are expansive and are much scarier, and require close scrutiny to ensure that civil liberties of millions of people are not jeopardized in the process of catching a few bad guys. But we certainly felt a bit of d?j? vu when we saw current FBI Director Comey?s statements, since they sound eerily like the sentiments expressed by then FBI Director Louis J. Freeh in front of the Senate Judiciary Committee in July 1997. Specifically: < - > https://www.eff.org/deeplinks/2014/10/90s-and-now-fbi-and-its-inability-cope-encryption --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 30 20:24:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Oct 2014 21:24:42 -0400 Subject: [Infowarrior] - Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide Message-ID: <9D71EF5C-9A7B-4794-A0E3-142F77146238@infowarrior.org> Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide By Cora Currier and Morgan Marquis-Boire Today at 8:39 AM When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn?t be able to unlock evidence on criminals? digital devices. What they didn?t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces ? easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We?re publishing in full, for the first time, manuals explaining the prominent commercial implant software ?Remote Control System,? manufactured by the Italian company Hacking Team. Despite FBI director James Comey?s dire warnings about the impact of widespread data scrambling ? ?criminals and terrorists would like nothing more,? he declared ? Hacking Team explicitly promises on its website that its software can ?defeat encryption.? < - > https://firstlook.org/theintercept/2014/10/30/hacking-team/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 30 20:24:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Oct 2014 21:24:50 -0400 Subject: [Infowarrior] - DOD says "serious security incidents" - not "leaks" Message-ID: <29FD2AA5-C756-4E3A-9999-E62A23B3CA22@infowarrior.org> What other terms can DOD whitewash to make sound less-damaging to the world? ?rick DoD Leaks Now Termed ?Serious Security Incidents? Posted on Oct.30, 2014 in Leaks by Steven Aftergood Unauthorized disclosures of classified information, leaks to the news media, acts of espionage, and certain other information security offenses are now to be collectively designated as ?serious security incidents,? according to a Department of Defense directive that was published this week. The new terminology was adopted in order to standardize procedures for preventing, identifying, investigating and reporting such violations when they occur. See ?Management of Serious Security Incidents Involving Classified Information,? DoD Directive 5210.50, October 27, 2014. The new directive replaces a previous directive from 2005, which had simply been titled ?Unauthorized Disclosure of Classified Information to the Public.? < - > http://fas.org/blogs/secrecy/2014/10/serious-security/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.