From rforno at infowarrior.org Thu Jan 1 18:05:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Jan 2015 19:05:17 -0500 Subject: [Infowarrior] - North Korea/Sony Story Shows How Eagerly U.S. Media Still Regurgitate Government Claims Message-ID: <1C3B1C90-56E9-4168-AEB1-7D3015132444@infowarrior.org> North Korea/Sony Story Shows How Eagerly U.S. Media Still Regurgitate Government Claims https://firstlook.org/theintercept/2015/01/01/north-koreasony-story-shows-eager-u-s-media-still-regurgitate-government-claims/ From rforno at infowarrior.org Fri Jan 2 15:09:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Jan 2015 16:09:44 -0500 Subject: [Infowarrior] - My thoughts: The Sony Hack: A Warning for Internet Policy Message-ID: <22E14EC3-1693-48F7-BD88-CA2FE6A44358@infowarrior.org> The Sony Hack: A Warning for Internet Policy By Richard Forno on January 2, 2015 at 9:46 am https://cyberlaw.stanford.edu/blog/2015/01/sony-hack-warning-internet-policy From rforno at infowarrior.org Mon Jan 5 06:26:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2015 07:26:51 -0500 Subject: [Infowarrior] - Apple has lost the functional high ground Message-ID: ( I agree to a point, but also think Apple is the "cleanest shirt in the drawer" when it comes to operating systems. --rick) Apple has lost the functional high ground January 4, 2015 Apple?s hardware today is amazing ? it has never been better. But the software quality has taken such a nosedive in the last few years that I?m deeply concerned for its future. I?m typing this on a computer whose existence I didn?t even think would be possible yet, but it runs an OS riddled with embarrassing bugs and fundamental regressions. Just a few years ago, we would have relentlessly made fun of Windows users for these same bugs on their inferior OS, but we can?t talk anymore. Apple has completely lost the functional high ground. ?It just works? was never completely true, but I don?t think the list of qualifiers and asterisks has ever been longer. We now need to treat Apple?s OS and application releases with the same extreme skepticism and trepidation that conservative Windows IT departments employ. <--> http://www.marco.org/2015/01/04/apple-lost-functional-high-ground From rforno at infowarrior.org Mon Jan 5 12:48:30 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2015 13:48:30 -0500 Subject: [Infowarrior] - Syfy Is Making A "Hackers" Reality TV Show Message-ID: (x-posted) Syfy Is Making A "Hackers" Reality TV Show http://io9.com/syfy-is-making-a-hackers-reality-tv-show-1677520509 Syfy is diving back into the reality TV biz, and this time it's with a hackers show, naturally called Hackers. Honestly, we'd be more into a Hackers movie remake than a show about actual "hackers" but okay, sure. Why not? In a press release, Syfy announced that they would be teaming up with Relativity Television (who brought us all Catfish the show) to work on the unscripted series, which will "take viewers deep inside the shadowy and dangerous world of high-tech hackers for the very first time." How will they do that? By telling stories "ripped from the headlines" about real life hackers and the people who "tracked them down." The new series also boasts an "experiential 'hacking' scene that exposes what actually happens when a computer network is broken into ? including what goes on inside the mind of the hacker." I don't now know what this means. Like a thought bubble? I could be into that. Either way, it's definitely timely, so let's see what happens. Also, we would like to suggest Jonny Lee Miller as a host. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 5 12:56:15 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2015 13:56:15 -0500 Subject: [Infowarrior] - Dish goes after cord-cutters with Sling TV, a $20 per month service Message-ID: This looks *very* promising...but the devil's in the details, obviously. Dish goes after cord-cutters with Sling TV, a $20 per month service http://www.engadget.com/2015/01/05/sling-tv-announced/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 5 17:24:04 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2015 18:24:04 -0500 Subject: [Infowarrior] - Gogo Inflight Wifi Service Goes Man-In-The-Middle, Issues Fake Google SSL Certificates Message-ID: <45610B8A-20D0-413E-87D0-EBFB56E4421F@infowarrior.org> Gogo Inflight Wifi Service Goes Man-In-The-Middle, Issues Fake Google SSL Certificates https://www.techdirt.com/articles/20150105/09344429597/gogo-inflight-wifi-service-goes-man-in-the-middle-issues-fake-google-ssl-certificates.shtml From rforno at infowarrior.org Tue Jan 6 07:21:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Jan 2015 08:21:26 -0500 Subject: [Infowarrior] - Rid & Buchanan: "Attributing Cyber Attacks" Message-ID: <6DD5A1FD-4A3A-47C4-A653-A42FD9D75FAC@infowarrior.org> Attributing Cyber Attacks Free access DOI: 10.1080/01402390.2014.977382 Thomas Rida & Ben Buchanana Published online: 23 Dec 2014 Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? ? This article argues that attribution is what states make of it. To show how, we introduce the Q Model: designed to explain, guide, and improve the making of attribution. Matching an offender to an offence is an exercise in minimising uncertainty on three levels: tactically, attribution is an art as well as a science; operationally, attribution is a nuanced process not a black-and-white problem; and strategically, attribution is a function of what is at stake politically. Successful attribution requires a range of skills on all levels, careful management, time, leadership, stress-testing, prudent communication, and recognising limitations and challenges. < - > http://www.tandfonline.com/doi/full/10.1080/01402390.2014.977382#tabModule -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 6 12:44:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Jan 2015 13:44:16 -0500 Subject: [Infowarrior] - FBI: Warrants not needed for stingray use Message-ID: <1FF2F2B2-151E-4288-9019-A4B7CACE37AD@infowarrior.org> FBI says search warrants not needed to use ?stingrays? in public places Feds' position on decoy cell-site towers continues anti-privacy theme. by David Kravets - Jan 5 2015, 2:25pm EST The Federal Bureau of Investigation is taking the position that court warrants are not required when deploying cell-site simulators in public places. Nicknamed "stingrays," the devices are decoy cell towers that capture locations and identities of mobile phone users and can intercept calls and texts. The FBI made its position known during private briefings with staff members of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Sen. Chuck Grassley (R-Iowa). In response, the two lawmakers wrote Attorney General Eric Holder and Homeland Security chief Jeh Johnson, maintaining they were "concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests" of Americans.... < -- > http://arstechnica.com/tech-policy/2015/01/fbi-says-search-warrants-not-needed-to-use-stringrays-in-public-places/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 7 14:19:09 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2015 15:19:09 -0500 Subject: [Infowarrior] - FBI Director addresses Sony hack Message-ID: <76361FF7-81E2-4076-BE68-4EF2CA08C08F@infowarrior.org> FBI Director: Sony?s ?Sloppy? North Korean Hackers Revealed Their IP Addresses ? By Andy Greenberg ? 01.07.15 | ? 1:51 pm | http://www.wired.com/2015/01/fbi-director-says-north-korean-hackers-sometimes-failed-use-proxies-sony-hack/ The Obama administration has been tightlipped about its controversial naming of the North Korean government as the definitive source of the hack that eviscerated Sony Pictures Entertainment late last year. But FBI director James Comey is standing by the bureau?s conclusion, and has offered up a few tiny breadcrumbs of the evidence that led to it. Those crumbs include the claim that Sony hackers sometimes failed to use the proxy servers that masked the origin of their attack, revealing IP addresses that the FBI says were used exclusively by North Korea. Speaking at a Fordham Law School cybersecurity conference Wednesday, Comey said that he has ?very high confidence? in the FBI?s attribution of the attack to North Korea. And he named several of the sources of his evidence, including a ?behavioral analysis unit? of FBI experts trained to psychologically analyze foes based on their writings and actions. He also said that the FBI compared the Sony attack with their own ?red team? simulations to determine how the attack could have occurred. And perhaps most importantly, Comey now says that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to North Koreans. ?In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy,? Comey said. ?Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using?were exclusively used by the North Koreans.? ?They shut it off very quickly once they saw the mistake,? he added. ?But not before we saw where it was coming from.? Comey?s brief and cryptic remarks?with no opportunity for followup questions from reporters?respond to skepticism and calls for more evidence from cybersecurity experts unsatisfied with the FBI?s vague statements tying the hack to North Korean government. In a previous public announcement the FBI had said only that it found ?similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,? as well as IP addresses that matched prior attacks it knows to have originated in North Korea. At that time, the FBI also said it had further evidence matching the tools used in the attack to a North Korean hacking attack that hit South Korean banks and media outlets. Following those elliptical statements, the cybersecurity community demanded more information be released to prove North Korea?s involvement. Some have even signed a petition on the White House website calling for more transparency in the investigation. Well-known security blogger and author Bruce Schneier has compared the FBI?s ?trust us? mentality to the claims of the Bush administration about Saddam Hussein?s nonexistent weapons of mass destruction in the run-up to the Iraq War. Without more information, security experts themselves have remained deeply divided in their conclusions about who hacked Sony. The Obama administration, meanwhile, isn?t waiting for wider acceptance of its claims. Last week it levied new sanctions against the North Korean government. In a speech earlier in the day at the Fordham event, director of national intelligence James Clapper said that ?we have to push back? against North Korea, adding that ?if they get global recognition with no consequence they?ll do it again and again.? In his statement Wednesday, Comey acknowledged the skepticism about the FBI?s attributions claims. But he responded that ?they don?t have the facts that I have. They don?t see what I see.? Comey said he?d like to share more about the analysis that led the FBI to Sony, but nearly all of it remains secret for security reasons. ?I want to show you, the American people, as much as I can about the why, but show the bad guys as little as possible about the how,? he said. ?This will happen again and we have to preserve our methods and our sources.? Comey also hinted that the intelligence community, seemingly including the NSA, agreed with the FBI?s analysis. ?There is not much in this life that I have high confidence about,? he said. ?I have very high confidence in this attribution, as does the entire intelligence community.? That pseudo-explanation will likely do little to quell the security community?s doubts. Even if the hackers appeared to fail to use proxies on some occasions, it could still be very difficult to be sure those ?real? IP addresses weren?t proxies themselves designed to serve as further misdirection. And a nagging loose thread remains that the Guardians of Peace hackers in their initial statements to Sony tried to extort money from the company before making any political demands. Sony?s Kim Jong-un assassination comedy ?The Interview,? the suppression of which is believed by many to be the North Korean government?s motive in the hack, wasn?t even mentioned by the hackers until long after the intrusion was underway. Comey didn?t address that plot hole in the North Korean explanation in his speech. Instead, he applauded the Obama administration?s public response to the hack, comparing it to the indictment of five Chinese military hackers in March of this year. And he said that naming and shaming would be increasingly common in response to future state-sponsored hacks. ?As often as possible we?re going to call out the conduct?We?re going to say ?here?s what happened and who did it,'? he said. ?I think it?s very important that we at the FBI said ?We know who hacked Sony. It was the North Koreans who hacked Sony.? And we called out that conduct and explained it.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 7 17:37:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2015 18:37:17 -0500 Subject: [Infowarrior] - Download the EFF Mobile App Message-ID: <8197ADEF-055C-49CB-990F-CA488DC344CB@infowarrior.org> January 7, 2015 | By rainey Reitman Download the EFF Mobile App Dear smartphone users: great news. We?re launching our first-ever EFF mobile app. This app will tell you when there are breaking issues related to digital rights that need your help. You'll get a quick notification and be able to one-click connect to the EFF action center to speak out and help us fight for freedom online. Right now, the app is an alert system designed to tell you when we have new campaigns. So most of the time it will connect you to the EFF action center. To make it simple to take action, you can also set up a login and password on the EFF action center. Note that you can download the EFF phone app regardless of your country or location. The app is very simple for now because we want to gauge the EFF community?s interest before we invest a lot of time into building out additional features. If there are things you?d really like to see in future versions of the app, please email your ideas to rainey at eff.org. < - > https://www.eff.org/deeplinks/2014/12/download-eff-mobile-app -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 7 17:37:49 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2015 18:37:49 -0500 Subject: [Infowarrior] - =?windows-1252?q?Apple=92s_Dev_Agreement_Means_No?= =?windows-1252?q?_EFF_Mobile_App_for_iOS?= Message-ID: <6777E551-10A0-4B91-9048-96EF6ECA871F@infowarrior.org> Sorry iPhone Users: Apple?s Dev Agreement Means No EFF Mobile App for iOS January 7, 2015 | By corynne mcsherry https://www.eff.org/deeplinks/2014/12/sorry-iphone-users-apples-dev-agreement-means-no-eff-mobile-app-iphone Sorry iPhone Users: Apple?s Dev Agreement Means No EFF Mobile App for iOS Today we launched a new app that will make it easier for people to take action on digital rights issues using their phone. The app allows folks to connect to our action center quickly and easily, using a variety of mobile devices. Sadly, though, we had to leave out Apple devices and the folks who use them. Why? Because we could not agree to the outrageous terms in Apple?s Developer Agreement and Apple?s DRM requirements. As we have been saying for years now, the Developer Agreement is bad for developers and users alike. Here are a few of the terms that we are worried about: Ban on Public Statements: Section 10.4 prohibits developers from making any "public statements" about the terms of the Agreement. This is particularly strange, since the Agreement itself is not "Apple Confidential Information" as defined in Section 10.1. So the terms are not confidential, but developers are contractually forbidden from speaking "publicly" about them. Ban on Reverse Engineering: Section 2.6 prohibits any reverse engineering (including the kinds of reverse engineering for interoperability that courts have recognized as a fair use under copyright law), as well as anything that would "enable others" to reverse engineer, the software development kit (SDK) or iPhone OS. App Store Only: Section 7.3 makes it clear that any applications developed using Apple's SDK may only be publicly distributed through the App Store, and that Apple can reject an app for any reason, even if it meets all the formal requirements disclosed by Apple. So if you use the SDK and your app is rejected by Apple, you're prohibited from distributing it through competing app stores like Cydia. No Tinkering with Any Apple Products: Section 3.2(e) is the "ban on jailbreaking" provision that appears to prohibit developers from tinkering with any Apple software or technology, not just the iPhone, or "enabling others to do so." Apple Owns Your Security: Section 6.1 explains that Apple has to approve any bug fixes or security releases. If Apple does not approve such updates very quickly, this requirement could put many people in jeopardy. Kill Your App Any Time: Section 8 makes it clear that Apple can "revoke the digital certificate of any of Your Applications at any time." Steve Jobs once confirmed that Apple can remotely disable apps, even after they have been installed by users. This contract provision would appear to allow that. We have some other concerns as well, but these top the list. Lots of developers hold their nose and sign the agreement despite these onerous conditions, and that?s understandable. The Apple App store is a huge market and hard to ignore if you want your business to succeed. And sometimes, developers have to weigh these onerous restrictions against not just their ability to survive financially, but also their ability to reach and protect users from snooping and censorship. We thought about those competing concerns too. We?re proud of the tool we?ve developed and we think it offers a great new way for people to speak up and take action. We want it to be available and used by as many people as possible, including iPhone users. We hate that we can?t make that possible right now. Contract restrictions aside, the final barrier was knowing that we?d be required to include a form of Digital Rights Management (DRM). DRM means that Apple is putting technical restrictions on what you can and can?t do with your app. When we create tools for EFF, we want them to be broadly available to others to use, adapt, and customize. That?s why we work to make our technical projects based on free software, and avoid DRM. So we are not releasing an iPhone app at this time. As we?ve been saying for years, ?Developers should demand better terms and customers who love their iPhones should back them.? At EFF, we walk our talk. We will not agree to contract terms that we couldn?t endorse for others, and we certainly will not wrap our app in DRM. We?ve asked Apple to revisit their terms and conditions; perhaps they will do so. You can join us by signing your name on a petition to Apple. Note: you can sign on any browser, including mobile browsers on an iPhone And if you have an Android device, download the EFF mobile app. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 8 16:05:54 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jan 2015 17:05:54 -0500 Subject: [Infowarrior] - PBS Exclusive: Edward Snowden on Cyber Warfare Message-ID: <49752AC7-C12F-46A3-A6DC-FF195E7A0C66@infowarrior.org> Exclusive: Edward Snowden on Cyber Warfare http://www.pbs.org/wgbh/nova/next/military/snowden-transcript/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 8 17:23:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jan 2015 18:23:51 -0500 Subject: [Infowarrior] - CISPA is back Message-ID: Here we go again?. House Dem revives major cyber bill By Cory Bennett - 01/08/15 03:15 PM EST http://thehill.com/policy/cybersecurity/228945-top-house-dem-to-reintroduce-major-cyber-bill A senior Democrat on the House Intelligence Committee on Friday will reintroduce a controversial bill that would help the public and private sectors share information about cybersecurity threats. ?The reason I?m putting bill in now is I want to keep the momentum going on what?s happening out there in the world,? Rep. Dutch Ruppersberger (D-Md.), told The Hill in an interview, referring to the recent Sony hack, which the FBI blamed on North Korea. The measure ? known as the Cyber Intelligence Sharing and Protection Act (CISPA) ? has been a top legislative priority for industry groups and intelligence officials, who argue the country cannot properly defend critical infrastructure without it. The House passed Ruppersberger?s bill last year, but it stalled in the Senate amid concerns from privacy advocates that it would enable more collection of Americans? private information. Ruppersberger lost his 2014 co-sponsor of the bill, former House Intelligence Committee Chairman Mike Rogers (R-Mich.), who retired from Congress. ?I?m putting the bill in by myself,? Ruppersberger said, acknowledging it would require work to find new bipartisan support. But by reintroducing the bill, ?hopefully that will create momentum,? he added. Ruppersberger wants to ride the wave of attention on Capitol Hill driven by the cyberattack on Sony, which caused the studio to almost cancel the release of a multimillion-dollar comedy, ?The Interview,? which depicts an American plot to assassinate North Korean leader Kim Jong Un. Sony ultimately released the film to a limited number of theaters and streamed it online. The studio?s initial decision to pull the film drew a wave of criticism from lawmakers. The government?s subsequent announcement that North Korea sponsored the attack caused more lawmakers than ever before to call for action on cybersecurity. ?We have to move forward,? Ruppersberger said. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 9 07:41:03 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jan 2015 08:41:03 -0500 Subject: [Infowarrior] - Evolving Microsoft's Advance Notification Service in 2015 Message-ID: <1E6BB8BC-9F97-4E31-8F0D-57BA1A672FD4@infowarrior.org> Evolving Microsoft's Advance Notification Service in 2015 Chris Betz 8 Jan 2015 8:00 AM http://blogs.technet.com/b/msrc/archive/2015/01/07/evolving-advance-notification-service-ans-in-2015.aspx Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context. We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page. ANS has always been optimized for large organizations. However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies. While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations. Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organize and prioritize deployment. Customers are also moving to cloud-based systems, which provide continuous updating. For Premier customers who would still like to receive this information, Microsoft will continue to provide ANS through their Technical Account Manager support representatives. ANS will also continue to be provided to current organizations that are part of our security programs such as the Microsoft Active Protections Program. For customers without a Premier support contract, we recommend taking advantage of myBulletins, which enables customers to tailor security bulletin information based on only those applications running in their environment. As our customers? needs change, so must our approach to security. We remain relentless in our commitment to protect customers and the ongoing delivery of secure computing experiences. Thank you, Chris Betz Senior Director, MSRC -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 9 08:01:00 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jan 2015 09:01:00 -0500 Subject: [Infowarrior] - EasyDNS Sued For Refusing To Take Down Website Without Court Order; Then Hit Again For Writing About The Lawsuit Message-ID: EasyDNS Sued For Refusing To Take Down Website Without Court Order; Then Hit Again For Writing About The Lawsuit "Once again, we're left amazed at how some people assume that anything they don't like online must be illegal, and everyone else must be responsible for it." https://www.techdirt.com/articles/20150107/17585829627/easydns-sued-refusing-to-take-down-website-without-court-order-then-hit-again-writing-about-lawsuit.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 9 09:45:08 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jan 2015 10:45:08 -0500 Subject: [Infowarrior] - Fearing the 'Cyber Pearl Harbor' again in DC Message-ID: <1E905040-15FF-4673-85AB-FDBFC3559722@infowarrior.org> (x-posted) Op-ed by the new chair of the House Homeland Security Committee....here we go again. -- rick Preventing a ?cyber Pearl Harbor? Michael McCaul, Texas Republican, is chairman of the House Committee on Homeland Security. http://www.washingtontimes.com/news/2015/jan/8/michael-mccaul-preventing-a-cyber-pearl-harbor/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 9 13:05:42 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jan 2015 14:05:42 -0500 Subject: [Infowarrior] - CISPA is back again. (Yes, again.) Message-ID: <2DFB877A-C6CE-44BE-A61D-FF020323E173@infowarrior.org> CISPA is back again. (Yes, again.) By Richard Forno on January 9, 2015 at 11:01 am Last evening we learned that Rep. Dutch Ruppersburger (D-MD) plans to again reintroduce the controversial Cyber Intelligence Sharing and Protection Act (CISPA) at the start of the 114th Congress. Although it's impractical to speculate on the contents of the latest proposal without seeing its legislative language, if CISPA '15 simply is a mirror-image resubmission of last year's version (as I suspect it is) my previous comments about its shortcomings and controversies still remain relevant .... < -- > https://cyberlaw.stanford.edu/blog/2015/01/cispa-back-again-yes-again -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 10 12:15:58 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Jan 2015 13:15:58 -0500 Subject: [Infowarrior] - Chilling Effects DMCA Archive Censors Itself Message-ID: Chilling Effects DMCA Archive Censors Itself ? By Ernesto ? on January 10, 2015 http://torrentfreak.com/chilling-effects-dmca-archive-censors-itself-150110 The much-praised Chilling Effects DMCA archive has taken an unprecedented step by censoring its own website. Facing criticism from copyright holders, the organization decided to wipe its presence from all popular search engines. A telling example of how pressure from rightsholders causes a chilling effect on free speech. On an average day Google now processes more than a million takedown requests from copyright holders, and that?s for its search engine alone. Thanks to Google?s transparency report the public is able to see where these notices come from and what content they?re targeting. In addition, Google partners with Chilling Effects to post redacted copies of all notices online. The Chilling Effects DMCA clearing house is one of the few tools that helps to keep copyright holders accountable. Founded by Harvard?s Berkman Center, it offers an invaluable database for researchers and the public in general. At TF we use the website on a weekly basis to spot inaccurate takedown notices and other wrongdoings. Since the native search engine doesn?t always return the best results, we mostly use Google to spot newsworthy notices on the site. This week, however, we were no longer able to do so. The Chilling Effects team decided to remove its entire domain from all search engines, including its homepage and other informational and educational resources. Ironically enough, complaints from copyright holders are at the base of this unprecedented display of self-censorship. Since Chilling Effects has partnered with Google to publish all takedown notices Google receives, its pages contain hundreds of millions of non-linked URLs to infringing material. Copyright holders are not happy with these pages. Previously, Copyright Alliance CEO Sandra Aistars described the activities of the Chilling Effects projects as ?repugnant.? As a result of the increased criticisms Chilling Effects has now decided to hide its content from search engines, making it harder to find. ?After much internal discussion the Chilling Effects project recently made the decision to remove the site?s notice pages from search engines,? Berkman Center project coordinator Adam Holland informs TF. ?Our recent relaunch of the site has brought it a lot more attention, and as a result, we?re currently thinking through ways to better balance making this information available for valuable study, research, and journalism, while still addressing the concerns of people whose information appears in the database.? The self censorship may sound strange coming from an organization that was founded to offer more transparency, but the Chilling Effects team believes that it strikes the right balance, for now. ?As a project, we?ve always worked to strike that balance, for example by removing personally identifying information. Removing notice pages from search engine results is the latest step in that balancing process,? Holland tells us. ?It may or may not prove to be permanent, but for now it?s the step that makes the most sense as we continue to think things through,? he adds. While we respect the decision it?s a real shame for researchers that the notices and other informational material are now hidden from search engines. The notices themselves remain online, but with just the site?s own search it?s harder to find cases of abuse. The copyright holders on the other hand will be happy. But they probably don?t care much about the chilling effect it has. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 10 12:33:24 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Jan 2015 13:33:24 -0500 Subject: [Infowarrior] - Baltimore PD Hides Stingray Usage Under Pen Register Order Message-ID: <80276189-92D6-45FB-AAFF-A5921986225E@infowarrior.org> Baltimore PD Hides Its Stingray Usage Under A Pen Register Order; Argues There's Really No Difference Between The Two https://www.techdirt.com/articles/20150103/14461029590/baltimore-pd-hides-its-stingray-usage-under-pen-register-order-argues-theres-really-no-difference-between-two.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 11 19:00:30 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Jan 2015 20:00:30 -0500 Subject: [Infowarrior] - NYPD mandates 'resumed' summons Message-ID: NYPD cops told no vacations until work slowdown ends http://nypost.com/2015/01/11/no-time-off-for-nypd-until-cops-get-back-to-work/ It?s a slowdown showdown. At precincts across the city, top brass are cracking the whip on summons activity and even barring many cops from taking vacation and sick days, The Post has learned. Throughout the city, precincts are being ordered to hand up to borough commanders ?activity sheets? indicating the number of arrests and summonses per shift, sources told The Post. ?Police officers around the city are now threatened with transfers, no vacation time and sick time unless they write summonses,? one union source said. ?This is the same practice that caused officers to be labeled racist and abusers of power.? In at least one precinct, the brass backlash ? which comes in the wake of Police Commissioner Bill Bratton ordering cops back on the job after The Post reported a 90 percent drop in ticket writing ? is downright ?draconian. ?Everyone here is under orders ? no time off? during the summons catch-up blitz, said one cop at the 105th Precinct in Queens. ?And the majority of [new] summonses written aren?t protecting the public in any way. ?But now they?re realizing how much revenue the city is losing and they?re enforcing their will upon us,? he said. Bratton?s back-to-work edict was still ringing in commanding officers? ears when the crackdown hit cops on the Thursday/Friday overnight shift at the 105th bordering Nassau County, the officer said. The lieutenant ordered sector cars from throughout the precinct to converge at Springfield Boulevard and Jamaica Avenue for a driver checkpoint, the officer said. No one was to return to the precinct or even take a meal break until two summonses were logged, the officer said. ?To have all the manpower utilized for the sole purpose of writing summonses is a very dangerous way to utilize manpower,? he said. ?This is not what we?re out here for.? Back at the station house, memos were posted (top) alerting cops that no new days off would be approved beyond already approved vacation days. And there were to be no sick days without a doctor?s note. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 11 19:09:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Jan 2015 20:09:51 -0500 Subject: [Infowarrior] - F.B.I. Is Assuming a Larger Surveillance Role, Report Shows Message-ID: F.B.I. Is Assuming a Larger Surveillance Role, Report Shows By CHARLIE SAVAGEJAN. 11, 2015 WASHINGTON ? Although the government?s warrantless surveillance program is associated with the National Security Agency, the Federal Bureau of Investigation has gradually become a significant player in administering it, a newly declassified report shows. In 2008, according to the report, the F.B.I. assumed the power to review email accounts the N.S.A. wanted to collect through the ?Prism? system, which collects emails of foreigners from providers like Yahoo and Google. The bureau?s top lawyer, Valerie E. Caproni, who is now a Federal District Court judge, developed procedures to make sure no such accounts belonged to Americans.Then, in October 2009, the F.B.I. started retaining copies of unprocessed communications gathered without a warrant to analyze for its own purposes. And in April 2012, the bureau began nominating new email accounts and phone numbers belonging to foreigners for collection, including through the N.S.A.?s ?upstream? system, which collects communications transiting network switches. That information is in a 231-page study by the Justice Department?s inspector general about the F.B.I.?s activities under the FISA Amendments Act of 2008, which authorized the surveillance program. The report was entirely classified when completed in September 2012. But the government has now made a semi-redacted version of the report public in response to a Freedom of Information Act lawsuit filed by The New York Times. The Times filed the lawsuit following a wave of declassifications about government surveillance activities in response to leaks by the former intelligence contractor Edward J. Snowden. But parts of the report remained heavily redacted. The report was delivered late Friday to The Times. In it, the inspector general, Michael E. Horowitz, concluded that the F.B.I. was doing a good job in making sure that the email accounts targeted for warrantless collection belonged to noncitizens abroad. < - > http://www.nytimes.com/2015/01/12/us/politics/beyond-nsa-fbi-is-assuming-a-larger-surveillance-role-report-shows.html -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 12 10:39:33 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jan 2015 11:39:33 -0500 Subject: [Infowarrior] - DiFi: Snowden bad, Petraeus, good. Message-ID: Dianne Feinstein, Strong Advocate of Leak Prosecutions, Demands Immunity For David Petraeus By Glenn Greenwald https://firstlook.org/theintercept/2015/01/12/dianne-feinstein-advocate-whistleblower-prosecutions-demands-immunity-david-petraeus/ < - > This latest example from Feinstein is one of the most vivid yet. She wanted Julian Assange ? who isn?t even a U.S. citizen and never served in the U.S. Government ? prosecuted for espionage for exposing war crimes, and demanded that Edward Snowden be charged with ?treason? for exposing illegal eavesdropping which shocked the world. But a four-star general who leaked classified information not for any noble purpose but to his mistress for personal reasons should be protected from any legal consequences. Long-standing mavens of DC political power literally believe that they and their class-comrades are too noble, important and elevated to be subjected to the rule of law to which they subject everyone else. They barely even disguise it any more. It?s the dynamic by which the Obama administration prosecuted leakers with unprecedented aggression who disclose information that embarrass them politically while ignoring or even sanctioning the leak of classified information that politically glorifies them. It is, of course, inconceivable that someone like Dianne Feinstein would urge the release of ordinary convicts from prison on the ground that their actions are ?in the past? or that they have ?suffered enough.? This generous mentality of mercy, forgiveness and understanding - like Obama?s decree that we Look Forward, Not Backward to justify immunity for American torturers - is reserved only for political officials, Generals, telecoms, banks and oligarchs who reside above and beyond the rule of law. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 12 10:53:50 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jan 2015 11:53:50 -0500 Subject: [Infowarrior] - 'Muslim Birmingham' Fox News claim Message-ID: <9DC0FB98-0361-4B1D-AA3E-55356FF276D1@infowarrior.org> 2 January 2015 Last updated at 11:47 ET Apology for 'Muslim Birmingham' Fox News claim An American terrorism commentator has apologised for describing Birmingham as a "Muslim-only city" where non-Muslims "don't go" during a Fox News interview. Steven Emerson told the channel that in London "Muslim religious police" beat "anyone who doesn't dress according to Muslim, religious Muslim attire". He later issued an apology for his "terrible error". His comments have come in for ridicule, with the hashtag #FoxNewsFacts trending on Twitter. Mr Emerson, who founded a group called The Investigative Project on Terrorism, was giving his perspective on the terror attacks in France to Fox presenter Jeanine Pirro. Birmingham City Council said Mr Emerson's "curious" comments had no foundation, and welcomed his apology, while Birmingham Edgbaston MP Gisela Stuart described the remarks as "stupid". 'Check your facts' On social media, Mr Emerson has been the butt of jokes, while he has been accused of "speaking nonsense" by people posting on his investigative website.... < -- > http://www.bbc.com/news/uk-england-30773297?print=true -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 12 16:16:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jan 2015 17:16:38 -0500 Subject: [Infowarrior] - UK's Cameron wants to ban 'secure' comms apps Message-ID: <175BA50A-FF07-42E9-A13A-146D1F4165CE@infowarrior.org> British Prime Minister Suggests Banning Some Online Messaging Apps By Mark Scott January 12, 2015 1:27 pm January 12, 2015 1:27 pm http://bits.blogs.nytimes.com/2015/01/12/british-prime-minister-suggests-banning-some-online-messaging-apps/ Prime Minister David Cameron said he would pursue banning encrypted messaging services if Britain?s intelligence services were not given access to the communications.Credit Paul Ellis/Agence France-Presse ? Getty Images LONDON ? Popular messaging services like Snapchat and WhatsApp are in the cross hairs in Britain. That was the message delivered on Monday by Prime Minister David Cameron, who said he would pursue banning encrypted messaging services if Britain?s intelligence services were not given access to the communications. The statement comes as many European politicians are demanding that Internet companies like Google and Facebook provide greater information about people?s online activities after several recent terrorist threats, including the attacks in Paris. Mr. Cameron, who has started to campaign ahead of a national election in Britain in May, said his government, if elected, would ban encrypted online communication tools that could potentially be used by terrorists if the country?s intelligence agencies were not given increased access. The reforms are part of new legislation that would force telecom operators and Internet services providers to store more data on people?s online activities, including social network messages. ?Are we going to allow a means of communications which it simply isn?t possible to read?? Mr. Cameron said at an event on Monday, in reference to services like WhatsApp, Snapchat and other encrypted online applications. ?My answer to that question is: ?No, we must not.? ? Mr. Cameron said his first duty was to protect the country against terrorist attacks. ?The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe,? he added. Any restriction on these online services, however, would not take effect until 2016, at the earliest, and it remained unclear how the British government could stop people from using these apps, which are used by hundreds of millions of people worldwide. Mr. Cameron?s comments are part of a growing debate in Europe and the United States over whether Internet companies and telecom providers must cooperate fully with intelligence agencies, who have seen an increased use of social media by groups like the Islamic State, also known as ISIS or ISIL. After the Paris attacks, European leaders, for example, called on Internet service providers to report potentially harmful online material aimed at inciting hatred or terror. ?We are concerned at the increasingly frequent use of the Internet to fuel hatred and violence and signal our determination to ensure that the Internet is not abused to this end,? European Union politicians said in a joint statement. Last year, European officials also met with some American tech giants, including Microsoft and Twitter, to discuss how companies could control what was published on their networks, though the companies have resisted greater oversight by intelligence services. Yet in a sign that tech companies are coming under increased scrutiny, British lawmakers blamed Facebook in November for failing to tell the country?s authorities about specific online threats made by two men, who later killed a soldier in London in 2013. Facebook declined to comment on the accusations, though said that it had taken measures to prevent terrorists from using the social network. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 12 18:21:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jan 2015 19:21:38 -0500 Subject: [Infowarrior] - James Risen, New York Times Reporter, Will Not Be Called to Testify in Leak Case Message-ID: James Risen, New York Times Reporter, Will Not Be Called to Testify in Leak Case By MATT APUZZOJAN. 12, 2015 WASHINGTON ? James Risen, a New York Times reporter, will not be called to testify at a leak trial, lawyers said Monday, ending a seven-year legal fight over whether he could be forced to identify his confidential sources. The Justice Department said in court filings that it would not call Mr. Risen to testify at the trial of Jeffrey Sterling, a former C.I.A. officer charged with providing him details about a botched operation in Iran. Mr. Sterling?s lawyers, who had also left open the possibility of calling Mr. Risen to testify, said on Monday that they had withdrawn their subpoena. < ? > http://www.nytimes.com/2015/01/13/us/times-reporter-james-risen-will-not-be-called-to-testify-in-leak-case-lawyers-say.html -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 12 20:56:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jan 2015 21:56:44 -0500 Subject: [Infowarrior] - One Student's Epic Tweets Call Out the Biggest Hypocrites Marching for Free Speech In Paris Message-ID: <030093C4-1D56-438E-B887-740C6FB1F40C@infowarrior.org> "In what can only be described as an epic series of 21 pointed tweets, London School for Economics Middle East Society co-president Daniel Wickham points out that many of the world leaders who marched Sunday through the streets of Paris are not the world's biggest advocates for press freedom." One Student's Epic Tweets Call Out the Biggest Hypocrites Marching for Free Speech In Paris http://mic.com/articles/108166/one-student-s-epic-tweets-call-out-the-biggest-hypocrites-marching-for-free-speech-in-paris -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 13 13:05:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jan 2015 14:05:59 -0500 Subject: [Infowarrior] - GOP chairman backs collection of phone data Message-ID: <6954D1CE-B208-4611-B8A3-B5A7628B6382@infowarrior.org> GOP chairman backs collection of phone data By Mario Trujillo - 01/13/15 10:53 AM EST http://thehill.com/policy/technology/229319-house-intel-chair-plans-work-to-reauthorize-phone-record-collection The new chairman of the House Intelligence Committee is pushing lawmakers to reauthorize the government collection of Americans? telephone records before the authority expires this summer. Rep. Devin Nunes (R-Calif.) also said there is no need to make reforms to the secretive Foreign Intelligence Surveillance Court, which has approved the data collection numerous times. ?We don?t want to further encumber intelligence and law enforcement communities who already have a difficult task in tracking those who wish to attack Americans at home and abroad,? he told Bloomberg News in a written statement in response to a series of questions. A key section of the Patriot Act is set to expire later this year. Advocates see the deadline as an opportunity to push reforms to the program that authorizes the National Security Agency's collection of Americans? telephone metadata ? the call times, numbers and durations, but not the content. Nunes said he plans to talk to lawmakers about the program and provide freshman lawmakers with top-secret briefings on the authorization. ?These are key terrorist tracking programs that should be reauthorized,? he said. Legislation that would have ended the government?s bulk collection of data and added a special privacy advocate to the FISA court failed in the Senate last year. The House approved a version of the bill, but civil liberties advocates and technology companies opposed it, arguing the reforms did not go far enough. Nunes said a lot of the opposition to the program stems from misunderstanding. But he disagreed that the government should have provided a public outline of the collection before details of it leaked from documents obtained by former NSA contractor Edward Snowden. Other intelligence programs should also be kept secret, he said, arguing the leaks have done damage to intelligence gathering. ?Spies can?t be effective spies if you tell everybody they?re spies," he said. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 13 13:34:40 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jan 2015 14:34:40 -0500 Subject: [Infowarrior] - Congressional Caucus on the Internet of Things Message-ID: Just what we need -- another group to pontificate about the tubes, and how best to muck them up. --rick Internet of Things: There?s now a US congressional committee for that There could be as many as 25 billion things connected to the Internet by 2020. by David Kravets - Jan 13 2015, 12:42pm EST http://arstechnica.com/tech-policy/2015/01/internet-of-things-theres-now-a-us-congressional-committee-for-that/ Lawmakers are often mocked for their lack of knowledge of technology issues and the tech behind them. Now House members are attempting to tackle the biggest tech clich? of them all: the Internet of Things. Rep. Darrell Issa (R-CA) and Rep. Susan DelBene (D-WA) announced Tuesday the Congressional Caucus on the Internet of Things. It will be a group of lawmakers studying?you guessed it?the Internet of Things in a bid to help educate members "on the development of innovative technology and public policy in the Internet of Things' space," according to an e-mail from Issa's office. Boiled down, the Internet of Things is more or less connecting everyday devices to the Internet, from cars to refrigerators. "Technology is revolutionizing the way consumers use cars, homes, workspaces, and everyday items. Emerging uses of Internet connectivity to these devices raise both opportunities and questions about regulatory policy, spectrum space, privacy, and more," Issa said. "It's critical that lawmakers remain educated about the fast paced evolution of the Internet of Things, and have informed policy discussions about the government?s role in access and use of these devices." Gartner estimates that there will be as many as 25 billion things connected to the Internet by 2020. Is the Congressional Caucus on the Internet of Things just another attempt by politicos to grab attention by invoking the latest Internet craze? Maybe history has the answer: last year, the Cloud Computing Caucus Advisory Group [PDF] was formed in the House. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 14 06:47:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 07:47:26 -0500 Subject: [Infowarrior] - Firefox becoming IE of the '90s...? Message-ID: <387FDD66-5D0B-45B6-AF1D-7006FFED31D1@infowarrior.org> (x-posted) Laat night's Firefox 35 update switched my preferred search engine from what I use to Yahoo, which is Firefox's 'preferred' partner having replaced Google in that role last year. While it's easy to change it back to my search engine, it never should've been changed in the first place. So it makes me wonder what other settings were 'tweaked' by Firefox during the update......or where exactly Mozilla is heading with its once totally-awesome browser as it tries to navigate the balance between 'free' and 'corporate supported'. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 14 09:12:33 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 10:12:33 -0500 Subject: [Infowarrior] - Obama's War on Hackers Message-ID: <087504CC-5D9A-416E-8C37-0A60C7F8497C@infowarrior.org> (c/o PR) Obama's War on Hackers http://blog.erratasec.com/2015/01/obams-war-on-hackers.html < - > "Obama proposes upgrading hacking to a ?racketeering? offense, means you can be guilty of being a hacker by simply acting like a hacker (without otherwise committing a specific crime). Hanging out in an IRC chat room giving advice to people now makes you a member of a ?criminal enterprise?, allowing the FBI to sweep in an confiscate all your assets without charging you with a crime. If you innocently clicked on the link above, and think you can defend yourself in court, prosecutors can still use the 20-year sentence of a racketeering charge in order to force you to plea bargain down to a 1-year sentence for hacking. (Civil libertarians hate the police-state nature of racketeering laws). Obama?s proposals come from a feeling in Washington D.C. that more needs to be done about hacking in response to massive data breaches of the last couple years. But they are blunt political solutions which reflect no technical understanding of the problem." < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 14 11:30:40 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 12:30:40 -0500 Subject: [Infowarrior] - DHS is a mess of cybersecurity incompetence Message-ID: <4AC6523D-73CA-4B19-8974-12C361B5144B@infowarrior.org> (Chalk this up in the "well, duh" category..... --rick) New report: DHS is a mess of cybersecurity incompetence Summary:A large, embarrassing, and alarming Federal oversight report finds major problems and grave shortcomings with Department of Homeland Security cybersecurity programs and practices which are "unlikely to protect us". By Violet Blue for Zero Day | January 14, 2015 The January 1 report reveals and concludes that DHS's cybersecurity practices and programs are so bad, the DHS fails at even the basics of computer security and is "unlikely" able to protect both citizens and government from attacks. The report's section on cybersecurity is all bad news -- especially for fans of Obama's planned legislative cyberattack protections. < - > http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 14 14:56:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 15:56:59 -0500 Subject: [Infowarrior] - IRS Unleashes Global FATCA Data Exchange, Offshore Transparency Everywhere Message-ID: 1/13/2015 @ 1:48AM 2,988 views IRS Unleashes Global FATCA Data Exchange, Offshore Transparency Everywhere Robert W. Wood Contributor http://www.forbes.com/sites/robertwood/2015/01/13/irs-unleashes-global-fatca-data-exchange-offshore-transparency-everywhere/ Some of the folks down at the IRS may have been ?confused? about how to apply the tax exempt organization rules, especially those rogue employees in Cincinnati. But the IRS isn?t confused at all about the power of FATCA, the Foreign Account Tax Compliance Act. It is America?s global tax reporting law. Never before has an American tax law attempted such an astounding reach. It got off to a slow start after passing into law in 2010. But it took effect in 2014, and has literally swept the globe. FATCA requires foreign banks to disclose the identity and details of Americans with foreign accounts over $50,000. Non-compliant institutions worldwide could be frozen out of U.S. markets, so everyone is complying. Now, the IRS has unleashed a new data exchange to implement the law. The IRS announced the opening of the International Data Exchange Service (IDES). Financial institutions and host country tax authorities will use IDES to securely send their information reports on financial accounts held by U.S. persons to the IRS. So far, over 145,000 financial institutions have registered through the IRS FATCA Registration System. The U.S. has more than 110 intergovernmental agreements (IGAs), either signed or agreed in substance. Financial institutions and host country tax authorities will use IDES to provide the IRS information reports on financial accounts held by U.S. persons. If you think this means you should get your accounts in order and make sure they are disclosed and properly reported, you?re right. The exchange underscores just how big FATCA has become. IRS Commissioner Koskinen called it a milestone in implementing FATCA. ?With it, comes the start of a secure system of automated, standardized information exchanges among government tax authorities. This will enhance our ability to detect hidden accounts and help ensure fairness in the tax system.? FATCA grew out of a controversial rule. America taxes its citizens and permanent residents on their worldwide income regardless of where they live. FATCA cuts off companies from access to critical U.S. financial markets if they fail to pass along American data. More than 100 nations?including all that matters?have agreed to the law. Countries must agree to the law or face dire repercussions. Even tax havens have joined up, as have Russia & China, even the Vatican. The IRS has a searchable list of financial institutions. See FFI List Search and Download Tool and a User Guide. Countries on board are collect at this FATCA Archive. Foreign financial institutions must withhold a 30% tax if the recipient isn?t providing information about U.S. account holders. That?s why everyone is complying. Foreign Financial Institutions (FFIs) must report account numbers, balances, names, addresses, and U.S. identification numbers. For U.S.-owned foreign entities, they must report the name, address, and U.S. TIN of each substantial U.S. owner. And in what is a kind of global witch hunt, American indicia will likely mean a letter. If you receive a FATCA letter, don?t delay considering what to do. The IDES User Guide with instructions for enrolling and using the IDES can be found here. The IRS has posted Frequently Asked Questions about FATCA and IDES, and will continue to update the FAQs as questions are received. In addition, the IRS has a comments link on its website to submit questions specifically on IDES, and another for other FATCA-related questions. The online address for IDES enrollment can be found here. Although there is an anti-FATCA movement, do not count on it to succeed. A safer bet is to count on virtually every institution in virtually every country around the globe to disclose?and soon. From rforno at infowarrior.org Wed Jan 14 18:19:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 19:19:14 -0500 Subject: [Infowarrior] - =?windows-1252?q?Zombie_Cookie=3A_The_Tracking_Co?= =?windows-1252?q?okie_That_You_Can=92t_Kill?= Message-ID: <39F66E1A-D1D7-4BDD-96BE-7F47779F83D7@infowarrior.org> Zombie Cookie: The Tracking Cookie That You Can?t Kill An online ad company called Turn is using tracking cookies that come back to life after Verizon users have deleted them. Turn?s services are used by everyone from Google to Facebook. by Julia Angwin and Mike Tigas ProPublica, Jan. 14, 2015, 3:08 p.m. < - > http://www.propublica.org/article/zombie-cookie-the-tracking-cookie-that-you-cant-kill -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 14 19:57:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 20:57:20 -0500 Subject: [Infowarrior] - Is the MPAA even pro-Hollywood any more? Message-ID: Is the MPAA even pro-Hollywood any more? The lobbying organization seems more concerned with giving itself a reason to exist than with solving the film industry?s problems Eli Dourado is a research fellow at the Mercatus Center at George Mason University and director of its Technology Policy Program. < - > https://medium.com/tech-liberation/is-the-mpaa-even-pro-hollywood-any-more-9fef31467c36 -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 14 21:38:42 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2015 22:38:42 -0500 Subject: [Infowarrior] - TIOB: A Discussion of U.S. v. Aaron Swartz and the Prosecution/Defense of Cyber-Crime Message-ID: The Internet?s Own Boy: A Discussion of U.S. v. Aaron Swartz and the Prosecution and Defense of Cyber-Crime 01/21/2015 http://www.kvn.com/events/events-items/the-internets-own-boy-a-discussion-of-us-v-aaron-swartz-and-the-prosecution-and-defense-of-cyber-crime This program will feature clips from the Oscar-shortlisted documentary The Internet?s Own Boy and a discussion of the prosecution of Aaron Swartz, who committed suicide in January 2013 while facing a federal indictment. Among the topics to be discussed: ? Is the federal Computer Fraud and Abuse Act too broad in the discretion it gives to prosecutors? ? Does the threat of CFAA prosecutions create a chilling effect on academic and political speech and inhibit disclosure of information in the public interest? ? How might the CFAA be reformed to address these concerns, while still protecting against genuinely harmful computer crimes? Speakers: ? Elliot Peters, Keker & Van Nest Partner who represented Aaron Swartz ? Brian Knappenberger, filmmaker and director of The Internet?s Own Boy: The Story of Aaron Swartz ? Jennifer Granick, Director of Civil Liberties for The Center For Internet and Society at Stanford Law School ? Charles Stevens, former U.S. Attorney for the Eastern District of California and currently a Partner at Gibson Dunn & Crutcher Moderator: Dan Purcell, Keker & Van Nest Partner who represented Aaron Swartz The reception will begin at 5:30 p.m. The program will be from 6:30-8:00 p.m. RSVP: Please email Barbara Abulafia to register. Organization: The American Bar Association White Collar Crime Committee Location: Keker & Van Nest - 633 Battery St., San Francisco http://www.kvn.com/events/events-items/the-internets-own-boy-a-discussion-of-us-v-aaron-swartz-and-the-prosecution-and-defense-of-cyber-crime -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 15 06:30:01 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2015 07:30:01 -0500 Subject: [Infowarrior] - =?windows-1252?q?U=2EK=2E=92s_Cameron_to_Lobby_Ob?= =?windows-1252?q?ama_on_Encryption?= Message-ID: <59EBEBFF-74CC-477E-9ACB-04697C197FD4@infowarrior.org> U.K.?s Cameron to Lobby Obama on Encryption Wants President to Criticize Tech Firms Offering Communications That Can?t Be Unscrambled Updated Jan. 14, 2015 8:50 p.m. ET http://www.wsj.com/articles/u-k-s-cameron-to-lobby-obama-to-criticize-tech-company-encryption-1421277542 British Prime Minister David Cameron plans to lobby President Barack Obama this week to more publicly criticize U.S. technology companies, such as Facebook Inc., that offer encrypted communications that can?t be unscrambled even with a court order, two people familiar with the matter said. The move would extend Mr. Cameron?s efforts to help intelligence and security officials access the information they say they need to help counter terror. One issue he and intelligence officials have highlighted in recent days is the growing use of encryption and the difficulty it poses for law enforcement. The U.S. Justice Department has also sought a way to access encrypted communications with a court order, but has been rebuffed by civil-liberties concerns. Mr. Cameron, a Conservative, could put pressure on Mr. Obama to pick a side in a fight between privacy advocates and law enforcement over secret messaging in the digital age. ?Are we going to allow a means of communications which it simply isn?t possible to read?? Mr. Cameron said in a speech Monday. ?No. We must not.? Mr. Cameron also plans to mention his push to require social-media companies to proactively monitor their users to spot budding national-security threats, the people familiar with the matter said. Tech executives say that would be a nonstarter in the U.S. Once a niche concern, encryption has been thrust into national debates after former National Security Agency contractor Edward Snowden leaked secrets on U.S. and British surveillance practices. In response, U.S. tech companies, including Google Inc., Apple Inc. and Facebook, started taking extra steps to make sure spies couldn?t read user data without court approval and their knowledge. This fall, Facebook?s WhatsApp messaging service announced it had started using a new type of encryption that even the company can?t unscramble. Apple drew rare public criticism from the Federal Bureau of Investigation last year when it announced the its new iPhone software would prevent police from viewing the information stored on a suspect?s phone unless they learn his password?even if they have a search warrant. FBI Director James Comey accused Apple of impeding law enforcement. But Apple hasn?t backed down, and the White House warned Mr. Comey of picking a fight with one of the most popular companies in the U.S., American officials have said. Apple and Facebook couldn?t immediately be reached for comment Wednesday. Mr. Cameron will try to push Mr. Obama ?in the direction of what the FBI has said about this,? a person familiar with the prime minister?s intentions said. A spokesman for Mr. Cameron declined to comment. A British official said Mr. Cameron is likely to discuss online activities of violent extremists with the president, but said the specifics of encryption weren?t a priority for the meeting. Through a spokeswoman, the White House declined to comment on a meeting that hasn?t taken place yet. Messrs. Cameron and Obama are scheduled to meet for a working dinner Thursday, as well as additional meetings and a news conference Friday. The meeting comes amid increased concerns about radicalization and terror recruitment in the U.S. and Europe following the recent terrorist attacks in Paris. Al Qaeda in the Arabian Peninsula has claimed credit for that attack, though Western intelligence officials haven?t substantiated the claims. The leaders are also expected to discuss the state of the economy, trade issues, and other topics including counterterrorism, Ebola, Russia and the war against Islamic State. ?Byron Tau contributed to this article. Write to Danny Yadron at danny.yadron at wsj.com and Devlin Barrett at devlin.barrett at wsj.com -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 15 07:18:56 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2015 08:18:56 -0500 Subject: [Infowarrior] - Marriott International Will Not Block Wi-Fi Devices Message-ID: <67C652CD-C326-48F7-9AB8-B2FC3D2B5404@infowarrior.org> http://news.marriott.com/2015/01/marriott-international-will-not-block-wi-fi-devices.html 01/14/2015 Marriott International Will Not Block Wi-Fi Devices January 14, 2015 - Marriott International listens to its customers, and we will not block guests from using their personal Wi-Fi devices at any of our managed hotels. Marriott remains committed to protecting the security of Wi-Fi access in meeting and conference areas at our hotels. We will continue to look to the FCC to clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 15 14:22:02 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2015 15:22:02 -0500 Subject: [Infowarrior] - NRC Report on Bulk Collection of SIGINT: Technical Options Message-ID: <88F688EB-BDCB-42E8-B6B3-EC05267D26DD@infowarrior.org> Hot off the press ... Via the Abstract: The Bulk Collection of Signals Intelligence: Technical Options study is a result of an activity called for in Presidential Policy Directive 28, issued by President Obama in January 2014, to evaluate U.S. signals intelligence practices. The directive instructed the Office of the Director of National Intelligence (ODNI) to produce a report within one year "assessing the feasibility of creating software that would allow the intelligence community more easily to conduct targeted information acquisition rather than bulk collection." ODNI asked the National Research Council (NRC) -- the operating arm of the National Academy of Sciences and National Academy of Engineering -- to conduct a study, which began in June 2014, to assist in preparing a response to the President. Over the ensuing months, a committee of experts appointed by the Research Council produced the report. .... should make for interesting weekend reading. Report @ http://www.nap.edu/catalog/19414/bulk-collection-of-signals-intelligence-technical-options -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 15 14:55:23 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2015 15:55:23 -0500 Subject: [Infowarrior] - Secret US cybersecurity report: encryption vital to protect private data Message-ID: <94E56D3B-B55F-4ED5-8BF8-5DB9D4E67AE6@infowarrior.org> Secret US cybersecurity report: encryption vital to protect private data http://www.theguardian.com/us-news/2015/jan/15/-sp-secret-us-cybersecurity-report-encryption-protect-data-cameron-paris-attacks -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 15 17:48:09 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2015 18:48:09 -0500 Subject: [Infowarrior] - US to Disclose New Changes to NSA Spying Message-ID: Obama Administration to Disclose New Changes to NSA Spying The intelligence community will disclose more information about changes to its bulk phone-record collection program by the end of the month. By Dustin Volz http://www.nationaljournal.com/tech/obama-administration-to-announce-updates-to-nsa-reform-20150115 -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 15 19:26:43 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2015 20:26:43 -0500 Subject: [Infowarrior] - OT: Why are we criminalizing childhood independence? Message-ID: <38B316E6-C380-4716-ACDC-AADF1155AB24@infowarrior.org> Why are we criminalizing childhood independence? http://www.washingtonpost.com/local/why-are-we-criminalizing-childhood-independence/2015/01/15/bf9da446-9ccb-11e4-a7ee-526210d665b4_story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 16 07:05:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jan 2015 08:05:53 -0500 Subject: [Infowarrior] - Latest FBI Claim of Disrupted Terror Plot Deserves Much Scrutiny and Skepticism Message-ID: <13BD0F64-B343-4995-BAA4-8CCD6FD5FC60@infowarrior.org> Latest FBI Claim of Disrupted Terror Plot Deserves Much Scrutiny and Skepticism By Glenn Greenwald and Andrew Fishman https://firstlook.org/theintercept/2015/01/16/latest-fbi-boast-disrupting-terror-u-s-plot-deserves-scrutiny-skepticism/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 16 08:04:07 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jan 2015 09:04:07 -0500 Subject: [Infowarrior] - OT: Thank the SNB for the Truth Message-ID: <98D22C70-14EC-44EB-8C51-8CF6C63C291E@infowarrior.org> This week's SNB action exposes perfectly why I've been saying the 'markets' have been in artificially-controlled la-la land since the 2008 Great Recession, as succinctly described/portrayed here: Thank the SNB for the Truth http://slopeofhope.com/2015/01/thank-the-snb-for-the-truth.html#more-42204 It's a sign of things to come, if/when/as 'market's return to some semblance of normalcy. Be ready. Of course, some brokerages are whining about having to cover *massive* client losses. Yet these firms allowed 50:1 or 100:1 leverage (which works both ways) and apparently assumed (key word) that the SNB would tell them ahead of time what it was going to do, which in this case it didn't. Therefore, it's kind of nice to see such firms 'victimized' by the same information blackout that the rest of the investing world has to live by for a change. No sympathy there! BTW, what's the international expression for "margin call"? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 16 08:19:07 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jan 2015 09:19:07 -0500 Subject: [Infowarrior] - Hire-a-Hacker Message-ID: <585214A4-7DDC-4023-8E3E-A0AB4106BE46@infowarrior.org> Need Some Espionage Done? Hackers Are for Hire Online By Matthew Goldstein January 15, 2015 9:09 pm January 15, 2015 9:09 pm A man in Sweden says he will pay up to $2,000 to anyone who can break into his landlord?s website. A woman in California says she will pay $500 for someone to hack into her boyfriend?s Facebook and Gmail accounts to see if he is cheating on her. The business of hacking is no longer just the domain of intelligence agencies, international criminal gangs, shadowy political operatives and disgruntled ?hacktivists? taking aim at big targets. Rather, it is an increasingly personal enterprise. At a time when huge stealth attacks on companies like Sony Pictures, JPMorgan Chase and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage. A new website, called Hacker?s List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company?s database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work. It is done anonymously, with the website?s operator collecting a fee on each completed assignment. The site offers to hold a customer?s payment in escrow until the task is completed. In just the last few days, offers to hire hackers at prices ranging from $100 to $5,000 have come in from around the globe on Hacker?s List, which opened for business in early November. For instance, a bidder who claimed to be living in Australia would be willing to pay up to $2,000 to get a list of clients from a competitor?s database, according to a recent post by the bidder. ?I want the client lists from a competitors database. I want to know who their customers are, and how much they are charging them,? the bidder wrote. Others posting job offers on the website were looking for hackers to scrub the Internet of embarrassing photos and stories, retrieve a lost password or change a school grade. The rather matter-of-fact nature of the job postings on Hacker?s List shows just how commonplace low-profile hacking has become and the challenge such activity presents for law enforcement at a time when federal and state authorities are concerned about data security. < - > http://dealbook.nytimes.com/2015/01/15/need-some-espionage-done-hackers-are-for-hire-online/ From rforno at infowarrior.org Sat Jan 17 15:32:41 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Jan 2015 16:32:41 -0500 Subject: [Infowarrior] - Obama's Computer Security Solution is a Mishmash of Old, Outdated Policy Solutions Message-ID: January 16, 2015 | By Mark Jaycox and Lee Tien https://www.eff.org/deeplinks/2015/01/obamas-computer-security-solution-mish-mash-old-outdated-policy-solutions Obama's Computer Security Solution is a Mishmash of Old, Outdated Policy Solutions The Obama Administration is on a roll with proposing legislation that endangers our privacy and security. Over the course of two days, President Obama proposed a cybersecurity bill that looks awfully similar to the now infamous CISPA (with respect to information sharing), a computer crime bill that is the opposite of our own proposed computer crime reform, and a data breach law weaker than the current status quo. All three of the bills are recycled ideas that have failed in Congress since their introduction in 2011. They should stay on the shelf. Zombie Bill Dead in 2013, Stumbles from the Grave in 2015 Every year for the past four years we've seen at least one cybersecurity "information sharing" bill introduced in Congress. Unfortunately, those bills were deeply flawed: they were redundant, offered new authorities that could be abused by companies to spy on users, and offered broad legal immunity for disclosing the information obtained with the government. Sometimes they even granted companies the ability to "hack back." They were a perfect storm threatening our online privacy. This time, it's not the House Intelligence Committee proposing the bill, but President Obama. And to the president?s credit, this bill doesn?t authorize or immunize any new monitoring or collection activity. But the administration's bill still draws largely from CISPA as it grants broad legal immunity for transmitting "cyber threat indicators"?which could include your communications?to the Department of Homeland Security (DHS) and private sector information sharing hubs called information sharing and analysis organizations. The president's press release is noticeably silent on why the current information sharing regimes aren't adequate. Companies can already share information through Information Sharing and Analysis Centers (ISACs), public reports, private communications, and the DHS's Enhanced Cybersecurity Services. The bill is also peculiar since President Obama previously issued a veto threat against CISPA due to privacy concerns. The proposal also mandates the Director of National Intelligence, Attorney General, and DHS to create privacy guidelines for collecting and sharing cyber threat indicators; however, we're skeptical the guidelines will provide any semblance of privacy, because even if they?re well crafted, there?s no way to know whether the guidelines are being followed or enforced. Also, these are the same offices that were supposed to create "privacy protections" (aka minimization procedures) in the surveillance context. The result? Guidelines that are littered with loopholes to keep the very information the agencies aren't supposed to have: innocent users' personal information. When The DOJ Says "Modernizing" They May Mean "We Can Charge a 10 Years Felony for Sharing Your HBO GO Password" The Obama Administration also proposed to "modernize" the Computer Fraud and Abuse Act (CFAA), the law notoriously used in the aggressive prosecution of the late Aaron Swartz. The Administration's proposal introduces ideas from May 2011 that?similar to information sharing bills?have been defeated year in and year out. It's shocking in light of the Aaron Swartz prosecution that the Administration is proposing to double, and in one case triple, the already draconian and redundant penalties under the CFAA. Under the Administration's proposal, the Department of Justice could get creative and threaten up to 10 years in prison if you know your friend will use one of your passwords you shared with them?even if you have no ?intent to defraud,? important limiting language the Administration wants removed from the statute. What might be worse is that the Administration expands one of the bill's central definitions?"exceeds authorized access"?to include any access that the person may know the computer owner hasn't authorized. This radically changes the CFAA and makes it even more dangerous. This is contrary to rulings in both the Ninth and Fourth Circuits, which recognized that terms of service should not be enforced criminally. Both provisions may chill the computer security research that is a central part of our best defense against computer crime. First, the password clause expands the provision from criminalizing sharing passwords to sharing other ?means of access,? while ?having reason to know? it might be misused. Second, the expansion of the definition may impact researchers who commonly scan public websites to detect potential vulnerabilities. These researchers should not have to face a felony charge if a prosecutor thinks they should have known the site prohibited scanning. It a cause for concern as recent history has shown that aggressive prosecutors are willing to stretch the CFAA language. Vulnerability research and disclosure will be chilled, even if the researcher would ultimately win the trial. The proposal is in direct contradiction to EFF's own proposal to reform the CFAA. Our reform ensures violations of contractual obligations like a website's terms of service are not the basis for criminal charges, clarifies key definitions in the CFAA, and makes the criminal penalties proportionate to the offense. The Administration's Data Breach Proposal President Obama also touched on data breaches. Consumers have a right to know when their data is exposed, whether through corporate misconduct, malicious hackers, or under other circumstances. But most states already have breach notification laws, so we think any legislation must be as strong as existing law and must preserve a state?s power to protect its own residents. President Obama's legislation fails on both accounts. The legislation proposed by President Obama would force companies handling 10,000 or more customers' information (during a 12-month period) to disclose data breaches within 30 days. Companies are allowed a few exceptions to the disclosure, but will be overseen by the Federal Trade Commission to ensure they comply. In an attempt to normalize across the land, the law would trump all state data breach laws?including stronger ones?and allow the government to stop any action brought by a state attorney general. Under California law, for example, businesses must provide notice of a breach ?in the most expedient time possible and without unreasonable delay,? unless law enforcement determines that notification will impede a criminal investigation. Companies must also notify the California Attorney General if over 500 users' unencrypted information is breached. The Administration?s proposed standard is weak. Ideally, it would have proposed a ?floor,? not a ?ceiling,? allowing states like California to be more privacy protective and not depriving state attorneys general from being able to take meaningful action. Recycled Ideas As we mentioned in our initial reaction to the Administration's proposal, many of these ideas are recycled relics that should remain in the past. Before tackling information sharing bills, companies need to address the low-hanging security fruit like making sure passwords aren't sent in unencrypted emails and employees don't download malware. We also need more participation in the already existing information sharing regimes. When it comes to the CFAA, the administration has moved in the opposite direction as advocates. Prosecutions like the Aaron Swartz and Andrew Auernheimer case provide evidence for clarifying unauthorized access (and not expanding it) and decreasing the already draconian penalties (and not increasing them). There is more work to be done to protect cyberspace and enhance computer security, but the Administration's proposals do not move us towards that goal, and could cause great harm, too. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 17 15:44:30 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Jan 2015 16:44:30 -0500 Subject: [Infowarrior] - The Digital Arms Race: NSA Preps America for Future Battle Message-ID: <3BAE613F-4934-47FA-AF4B-99A4EA586347@infowarrior.org> The Digital Arms Race: NSA Preps America for Future Battle January 17, 2015 ? 05:07 PM The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway. http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 17 15:50:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Jan 2015 16:50:37 -0500 Subject: [Infowarrior] - CCC Comment on Export Controls of so-called "Intrusion Software" in the EU Message-ID: <342FEE02-5202-4B98-AA24-A6AF978E5889@infowarrior.org> > The comment of CCC for the upcoming hearing in the European Parliament next week. The comment basically takes the arguments of the comment of Bratus, Capelis, Locasto and Shubina from October last year that Export Controls will cause more harm than actually help with protecting Human Rights as they supposed to do. http://www.europarl.europa.eu/meetdocs/2014_2019/documents/droi/dv/411_horchertexportcontrol_/411_horchertexportcontrol_en.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 20 13:14:15 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jan 2015 14:14:15 -0500 Subject: [Infowarrior] - Former Apple Exec on Apple Software Quality Message-ID: <77327362-3BDD-4132-A8FF-6B1DA9776E2A@infowarrior.org> Apple Software Quality Questions Jan 18, 2015 By Jean-Louis Gass?e http://www.mondaynote.com/2015/01/18/apple-software-quality-questions/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 20 16:55:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jan 2015 17:55:37 -0500 Subject: [Infowarrior] - HealthCare.gov Sends Personal Data to Dozens of Tracking Websites Message-ID: HealthCare.gov Sends Personal Data to Dozens of Tracking Websites https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 21 14:59:43 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jan 2015 15:59:43 -0500 Subject: [Infowarrior] - Fox loses U.S. copyright claims over Dish ad-skipper Message-ID: <55EC3B0A-CEE5-4536-AD22-04581AB55399@infowarrior.org> Fox loses U.S. copyright claims over Dish ad-skipper By Jonathan Stempel and Dan Levine Tue Jan 20, 2015 7:50pm EST http://www.reuters.com/article/2015/01/21/dish-network-twenty-first-ruling-idUSL1N0V002320150121 Jan 20 (Reuters) - A U.S. judge has rejected portions of Twenty-First Century Fox Inc's lawsuit seeking to stop Dish Network Corp from selling devices that let viewers skip over commercials when playing back shows. In a decision made public on Tuesday, U.S. District Judge Dolly Gee in Los Angeles rejected copyright claims that Fox had brought over the Hopper, Dish's digital recording device. Gee invoked last June's U.S. Supreme Court decision against the video streaming company Aereo Inc in concluding that Dish's "sling" technology, which lets programs be viewed on a wide range of mobile devices, did not constitute a "public performance" that infringed Fox copyrights. However, Gee allowed Fox to pursue some claims on whether Dish violated a contract governing distribution of Fox programming. In a statement on Tuesday, Fox spokesman Scott Grogin said the company welcomed Gee's contract rulings, and was disappointed by her copyright findings. "This case is not, and has never been, about consumer rights or new technology," Grogin said. "It's always been about protecting creative works from being exploited without permission." In a statement, Dish said it welcomed the ruling. "Consumers are the winners today, as the court sided with them on the key copyright issues in this case," the company said. The 63-page decision is dated January 12 and had been under seal. It may narrow the remaining litigation in a 3-year-old battle in which broadcasters accused Dish of using technology that infringed copyrights, and threatened advertising revenue by letting subscribers skip over commercials. CBS Corp and Walt Disney Co's ABC had settled similar litigation last year, as part of broader settlements allowing Dish to broadcast the networks' programs. Similar litigation against Dish by Comcast Corp's NBCUniversal had been put on hold pending developments in the Fox case. Fox had been scheduled to go to trial against Dish on Feb. 24, but the case has been put on hold until Oct. 1. Aereo, backed by billionaire Barry Diller, filed for bankruptcy in November after the Supreme Court effectively forbade its business model, involving the capture of programs on miniature antennas for retransmission to paying subscribers. The case is Fox Broadcasting Co et al v. Dish Network LLC et al, U.S. District Court, Central District of California, No. 12-04529. (Reporting by Jonathan Stempel in New York and Dan Levine in San Francisco; Editing by Richard Chang) -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 21 15:19:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jan 2015 16:19:14 -0500 Subject: [Infowarrior] - Illinois law mandates students' social media password turnover Message-ID: <607447C7-8AEC-47CB-974E-D58983DE4557@infowarrior.org> Illinois law mandates students' social media password turnover updated 11:46 am EST, Wed January 21, 2015 http://www.electronista.com/articles/15/01/21/orwellian.law.demands.passwords.if.school.officials.request.them/ Orwellian law demands passwords if school officials request them A law that came into effect on January 1 in Illinois is riling up parents of students in the state. Public Act 098-0801, ostensibly passed to cut down on school-age bullying, mandates that school authorities may demand a student or a parent to surrender social media account information, including passwords, if school officials believe that there has been a violation of school rules or procedures. The law applies even to accounts or postings not on school grounds, and made at any time or place. Furthermore, failure to comply will induce a criminal charge for the student, the parents, or both. A letter sent to parents in the state states that "If your child has an account on a social networking website, e.g., Facebook, Instagram, Twitter, ask.fm, etc., please be aware that State law requires school authorities to notify you that your child may be asked to provide his or her password for these accounts to school officials in certain circumstances." No subpoena or warrant is required for the demand, just the agreement of school officials. The agreement process isn't codified in the law, and is left up to school districts to decide what is considered "certain circumstances." Superintendant of the Triad district Leigh Lewis in Illinois told Motherboard that there could be criminal charges if parents fail to comply. Lewis said that "if they didn't turn over the password, we would call our district attorneys because they would be in violation of the law. That would only be in some cases -- we'd certainly look at the facts and see what we're dealing with before we make the decision." The Illinois law flies in the face of other states' laws, and may not even be constitutional. The act of handing over a password is against most services' terms of service. It is unclear what decision making process is required for passwords to be demanded, or what criteria law enforcement would be notified of a failure to comply with the password turn-over demand. Lewis says that the school is in "the business of protecting kids" and that the law assists in this goal. She added that she has absolutely no issue with the law, as "if there's a disruption to school, if there are threats or discrimination of any type that fall under bullying and harassment policies we have, we have to follow through and investigate," she said. From rforno at infowarrior.org Wed Jan 21 16:54:18 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jan 2015 17:54:18 -0500 Subject: [Infowarrior] - Boston Orders City Workers Not to Disparage Olympics Message-ID: Boston Orders City Workers Not to Disparage Olympics By KATHARINE Q. SEELYE JAN. 21, 2015 BOSTON ? As part of the bid to host the 2024 Summer Olympics, Mayor Martin J. Walsh has signed an agreement that prohibits employees of the city of Boston from making negative comments about the Games or the process. The agreement prohibits city workers from making written or verbal statements that ?reflect unfavorably upon, denigrate or disparage, or are detrimental to the reputation? of the International Olympic Committee, the United States Olympic Committee or the Olympic Games, according to documents obtained by The Boston Globe through a public records request. Boston city employees ?shall each promote? the city?s bid ?in a positive manner,? says the agreement, made between the Walsh administration and the U.S.O.C. After the agreement was made public, the mayor?s office issued a statement saying: ?Mayor Walsh is not looking to limit the free speech of his employees and, as residents of Boston, he fully supports them participating in the community process.? < - > http://www.nytimes.com/2015/01/22/sports/olympics/boston-releases-details-of-its-olympic-bid-presentation.html -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 22 07:05:36 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jan 2015 08:05:36 -0500 Subject: [Infowarrior] - Mega launches e2e a/v chat service Message-ID: <9CFD00FF-966A-4692-87FD-59E6E812A00F@infowarrior.org> Kim Dotcom launches end-to-end encrypted audio and video chat service http://thenextweb.com/apps/2015/01/22/kim-dotcom-launches-end-end-encrypted-audio-video-chat-service/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 22 16:07:52 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jan 2015 17:07:52 -0500 Subject: [Infowarrior] - Barrett Brown Sentenced To 63 Months In Jail For Daring To Do Journalism Message-ID: <20908A0B-025C-4B8B-A2C5-8DFC86DEC0D7@infowarrior.org> Barrett Brown Sentenced To 63 Months In Jail For Daring To Do Journalism On Hacked Info from the bad-and-dangerous-precedent dept We've written a few times about the ridiculous case against Barrett Brown, a journalist who took a deep interest in Anonymous and various hacking efforts. As we noted, a key part of the initial charges included the fact that Brown had organized an effort to comb through the documents that had been obtained from Stratfor via a hack. The key bit was that Brown had reposted a URL pointing to the documents to share via his "Project PM" -- a setup to crowdsource the analysis of the leaked documents. Some of those documents included credit card info, so he was charged with "trafficking" in that information. Brown didn't help his own cause early on with some immensely foolish actions, like threatening federal agents in a video posted to YouTube, but there were serious concerns about how the government had twisted what Brown had actually done in a way that could be used against all kinds of journalists. While the feds eventually dismissed the key "linking" claim (equating linking to trafficking), they still got Brown to agree to a plea deal on other charges. After many months, he was finally sentenced today to 63 months in prison, more than double the 30 months that his lawyers asked for (30 months being the time he's already served in prison). He also has to pay $890,000 in restitution. For linking to some files he didn't have anything to do with leaking. Before the sentencing, Brown made a statement to the judge that is well worth reading. He admits that the threatening videos were "idiotic" and apologizes for it, but delves more deeply into what's really at stake in his case. Here's just a tiny bit: < ? > https://www.techdirt.com/articles/20150122/12112129780/barrett-brown-sentenced-to-63-months-jail-daring-to-do-journalism-hacked-info.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 23 06:16:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2015 07:16:14 -0500 Subject: [Infowarrior] - Zoe Keating takes on YouTube licensing terms Message-ID: YouTube under fire from musician Zoe Keating over Music Key contract Google?s video service may have agreed music deals with indie labels, but DIY artist says she?s still being pressured to sign unfair terms http://www.theguardian.com/technology/2015/jan/23/zoe-keating-youtube-block-channel?CMP=share_btn_tw -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 23 07:06:48 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2015 08:06:48 -0500 Subject: [Infowarrior] - Obama abandons telephone data spying reform proposal: U.S. officials Message-ID: Obama abandons telephone data spying reform proposal: U.S. officials By Mark Hosenball and Warren Strobel WASHINGTON Thu Jan 22, 2015 4:41pm EST http://www.reuters.com/article/2015/01/22/us-usa-security-metadata-idUSKBN0KV2NC20150122 (Reuters) - President Barack Obama's administration has quietly abandoned a proposal it had been considering to put raw U.S. telephone call data collected by the National Security Agency under non-governmental control, several U.S. security officials said. Obama promised changes in the government's handling of such data in a speech a year ago after revelations by former NSA contractor Edward Snowden about the extent of the agency's electronic surveillance of Americans' communications. Under the proposal floated by a Presidential review panel, telephone call "metadata" generated inside the United States, which NSA began collecting in bulk after the Sept. 11, 2001 attacks, could instead be collected and retained by an unspecified private third party. The Obama administration has decided, however, that the option of having a private third party collect and retain the telephone metadata is unworkable for both legal and practical reasons. "I think that's accurate for right now," a senior U.S. security official said. Telephone "metadata" includes records of which telephone number calls which other number, when the calls were made and how long they lasted. Metadata does not include the content of the calls. An alternative proposal, which U.S. officials said the administration is still considering, would have telecommunications firms collect and retain such data. The senior U.S. security official said that among the concerns officials had when examining that option was putting security protocols at risk. The official also cited concerns about the extra costs of moving data from telecom companies to a third party, and in a format which the government agencies found easy to use. The official said there would be no significant cost to the government to require telecom providers to hold the data. The official said that no final decision had been made on the issue, but said the President's goal remained that the government would no longer hold the data. The law which NSA has cited to authorize its bulk collection of U.S. telephone metadata expires in June. Officials said Congress had made various proposals to change or substantially reform legal authorities for collection and retention of the metadata but had not approved any specific legislation. Shawn Turner, a White House spokesman, said the Office of Director of National Intelligence was expected to issue a report in early February that will chart progress on reforms Obama ordered a year ago in U.S. surveillance programs. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 23 07:09:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2015 08:09:53 -0500 Subject: [Infowarrior] - Seahawks lawyers going nuts on trademarking...everything Message-ID: Hey, 12s: Seahawks want to trademark you The Seahawks are trying to trademark the word ?boom,? the phrase ?Go Hawks? and the number ?12,? part of a quiet yet aggressive legal strategy to make money from the team?s growing brand. http://seattletimes.com/html/localnews/2025515421_seahawkstrademarksxml.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 23 07:29:42 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2015 08:29:42 -0500 Subject: [Infowarrior] - Scientists slow the speed of light Message-ID: 22 January 2015 Last updated at 20:28 ET Scientists slow the speed of light By Kenneth Macdonald BBC Scotland Science Correspondent A team of Scottish scientists has made light travel slower than the speed of light. They sent photons - individual particles of light - through a special mask. It changed the photons' shape - and slowed them to less than light speed. The photons remained travelling at the lower speed even when they returned to free space. The experiment is likely to alter how science looks at light. The collaborators - from Glasgow and Heriot-Watt universities - are members of the Scottish Universities Physics Alliance. They have published their results in the journal Science Express. The speed of light is regarded as an absolute. It is 186,282 miles per second in free space. Light propagates more slowly when passing through materials like water or glass but goes back to its higher velocity as soon as it returns to free space again. Or at least it did until now. Two and a half years ago, the experimenters set out to see if they could slow down light just a little - and keep it moving more slowly..... < -- > http://www.bbc.com/news/uk-scotland-glasgow-west-30944584 -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 12:52:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 13:52:20 -0500 Subject: [Infowarrior] - Google drops three OS X 0days on Apple Message-ID: Google drops three OS X 0days on Apple Disclosures provide enough detail for skilled hackers to write their own exploits. by Dan Goodin - Jan 22 2015, 7:38pm EST http://arstechnica.com/security/2015/01/google-drops-three-os-x-0days-on-apple/ Don't look now, but Google's Project Zero vulnerability research program may have dropped more zero-day vulnerabilities?this time on Apple's OS X platform. In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What's more, the first vulnerability, the one involving the "networkd 'effective_audit_token' XPC," may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn't make this explicit and Apple doesn't publicly discuss security matters with reporters. Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public. Assuming the vulnerabilities remain active in at least some versions of OS X, it wouldn't be the first time Project Zero has gone against a developer's wishes and made unfixed security bugs known to the whole world. The Google-backed program has already published three unpatched vulnerabilities in Windows. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 13:27:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 14:27:20 -0500 Subject: [Infowarrior] - Winklevoss twins plan regulated Bitcoin exchange Message-ID: <9A7EC4BD-D1EE-4105-ACF3-0BB29D5F133E@infowarrior.org> Winklevoss twins plan regulated Bitcoin exchange http://www.itworld.com/article/2874775/winklevoss-twins-plan-regulated-bitcoin-exchange.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 16:17:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 17:17:51 -0500 Subject: [Infowarrior] - =?windows-1252?q?The_Snoopers=92_Charter=3A_Shame?= =?windows-1252?q?ful_Opportunism?= Message-ID: <084E0EBF-9A37-48B7-81D3-F84D5D544945@infowarrior.org> The Snoopers? Charter: Shameful Opportunism https://paulbernal.wordpress.com/2015/01/23/the-snoopers-charter-shameful-opportunism/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 16:19:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 17:19:20 -0500 Subject: [Infowarrior] - Britons: You Have 72 Hours to Stop The Snooper's Charter Message-ID: https://www.eff.org/deeplinks/2015/01/britons-you-have-72-hours-stop-snoopers-charter January 23, 2015 | By Danny O'Brien Britons: You Have 72 Hours to Stop The Snooper's Charter Directly after the Charlie Hebdo massacre, we cautioned the public and politicians to be "wary of any attempt to rush through new surveillance and law enforcement powers." With depressing predictability, we've already seen that happen across the continent. Nowhere, however, has the attempt to bypass democratic debate been more blatant than in the United Kingdom, where a handful of unelected peers has taken the language of an old and discredited Internet surveillance proposal, and attempted to slam it, at outrageously short notice, into the wording of a near-complete counter-terrorism bill. The result is that, unless you take action to warn Britain's House of Lords in time for the debate on Monday, there is a good chance that Britain will pass the infamous Snooper's Charter into law with barely any oversight. On Thursday, Lords Blair, King, West, and Carlile delivered over eighteen pages of amendments to the Counter-Terrorism and Security Act, which is currently being debated in Britain's upper house, the House of Lords. While the House of Lords is unelected, the majority of its members are appointed by past and present British governments: the four peers have all been involved in police, military or intelligence oversight positions. Their amendments are the core of the previously proposed, and rejected, Communications Data Bill, which would require ISPs to harvest and store data taken from their subscribers' online traffic, and hand this over to the government without a warrant. The bill, called the Snooper's Charter since the UK's coalition government first proposed it in 2012, has been repeatedly criticized, and was currently sitting in parliamentary limbo after Nick Clegg, the leader of the coalition partners the Liberal Democrats, finally withdrew his party's support for its contents. The peers' new amendments include some hasty rephrasing to cover some of the most obvious flaws in previous versions of the bill (now only the police and intelligence services have free rein to access your private metadata, as opposed to dozens of government bureaucracies anticipated in the original bill). But Parliament had more worries than just who had access to the data. The previous draft was examined by a joint committee of Lords and Members of Parliament, who unanimously rejected it, saying its cost estimates were "fanciful and misleading," and its privacy protections were "insufficient." Even legal meaning of the new language is unclear, as the peers have declined to supply any explanatory notes to justify their new wording. But then, perhaps they did not expect to be called upon to explain to any degree of detail, given the tiny window of opportunity they have granted the rest of Parliament to examine the bill. The amendments announced on Thursday will be formally included into the bill on Monday, in a committee meeting that was not planned to include a vote. The Lords will then have two more minor opportunities to debate the content of the bill before it is passed onto the elected House of Commons in its entirety for what is expected to be a simple up/down vote. Britain's members of parliament are currently distracted as they prepare for nationwide elections in May, which means it is highly likely that a major anti-terrorism bill like this will collect enough votes to pass. Early indications from conversations with our colleagues at the UK's Open Rights Group indicate that there's growing discontent among parliamentarians about how these amendments are being used to bypass parliamentary oversight. However, that's just the peers that have been paying attention. Dozens more would potentially step in to block the bill if they even knew what was happening before Monday. That's where you come in. If you're a British citizen, you need to tell the members of the House of Lords that their right to analyze and discuss this legislation is being bypassed. We've set up an action alert for UK Internet users, so that you can send messages to the Twitter accounts of UK peers (you would be surprised how many British Lords use Twitter). You can also write to members of the House of Lords through the free service WriteToThem.com, but given the time frame, tweeting or phone calls are much better. Your actions in the next seventy-two hours may make all the difference. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 19:07:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 20:07:37 -0500 Subject: [Infowarrior] - DEA's secret phone spying database (via EFF) Message-ID: (via DanO) https://www.eff.org/deeplinks/2015/01/many-problems-deas-bulk-phone-records-collection-program JANUARY 23, 2015 | BY HANNI FAKHOURY The Many Problems with the DEA's Bulk Phone Records Collection Program Think mass surveillance is just the wheelhouse of agencies like the NSA? Think again. One of the biggest concerns to come from the revelations about the NSA?s bulk collection of the phone records of millions of innocent Americans was that law enforcement agencies might be doing the same thing. It turns out this concern was valid, as last week the government let slipfor the first time that the Drug Enforcement Agency (DEA) had also been collecting the phone records of Americans in bulk since the 1990s. From NSA to DEA The government didn?t disclose this information in a report or in response to a congressional inquiry. Instead, it was quietly mentioned in a declaration by a DEA agent, in a criminal case brought in D.C. federal court. The defendant, Shantia Hassanshahi, is under indictment for allegedly conspiring to export electronic parts to Iran. The facts are important, as they highlight the problem with bulk collection. An agent with the Department of Homeland Security (DHS) received an unsolicited email from a source who claimed that an Iranian emailed him seeking to procure electronic parts for a project in Iran. The email to the source contained the Iranian?s phone number and business address in Tehran. The DHS agent took that phone number and queried it in a law enforcement database, seeking to find US based phone numbers that had communicated with the Iranian. The results turned up one number that corresponded to a Google voice phone number. Via a subpoena to Google, the government was able to identify the number as Hassanshahi?s. After additional investigation, including a search of the TECS database, the government indicted Hassanshahi. Assuming the database was the NSA?s controversial phone records database, Hassanshahi?s lawyers moved to suppress the information learned from the search of the database. The government responded that it wasn?t the NSA database and refused to give the! court or the defendant any more information about the database?but asked the court to assume the information had been obtained unconstitutionally. That?s right?the government stated that the database it used was unconstitutional. Unsurprisingly, such an admission got a few raised eyebrows, including the judge overseeing the case, who noted that the government left him in a ?difficult, and frustrating, situation.? The judge ordered the government to submit an ex parte declaration ?summarizing the contours of the mysterious law enforcement database.? The government obliged by submitting a three page declaration from DEA Assistant Special Agent in Charge Robert Patterson. This declaration revealed, for the first time, the existence of a DEA phone records database that included phone numbers, the time, date and length of calls made from the US to designated specific countries. While we don?t have a comprehensive list of which countries were involved in the program, we know that Iran was on that list. Agents could query the database if they had reasonable articulable suspicion that a phone number was related to an ongoing criminal investigation. The government discontinued the program in September 2013 and apparently purged the records in the database. The existence of another database of phone records collected in bulk for domestic law enforcement purposes raises serious legal questions. Stretching Statutory Authority The government?s claimed authority for this bulk collection was 21 U.S.C. ? 876, which empowers the Attorney General to issue administrative subpoenas?not approved ahead of time by a grand jury or judge?which compel the production of records that are relevant and material to an investigation relating to drug crimes. But bulk collection of all call records based solely on the country a person called could never satisfy the statute, because most of the records are irrelevant to an active investigation. To be sure, the government may only have queried the database for records relevant to an active investigation, but the government was using ? 876 to collect all records in anticipation of some future investigation. In other words, unless every person in the US who has ever made a phone call to someone in Iran or some other country contained in the database is considered a criminal suspect, the vast majority of records are irrelevant to any investigation. Even more problematic, ? 876 doesn?t have even the minimal safeguards or limitations contained in Section 215 of the PATRIOT Act. Bulk collection under ? 215 at least requires the government to involve a court in the process; it requires the government comply with minimization procedures, and it only permits the government to query records for foreign intelligence purposes. While we have serious doubts about the effectiveness of these safeguards, they?re better than the total lack of safeguards in ? 876. Constitutional Problems As we?ve argued in our cases challenging bulk collection of phone records and Internetcommunications, this blanket collection violates the Fourth Amendment?s prohibition against unreasonable searches and seizures. And as we?ve repeatedly argued, people do have a reasonable and legitimate expectation of privacy in these communication records. When the US Supreme Court ruled in Smith v. Maryland 35 years ago that there was no expectation of privacy in phone records collected on a single phone number over three days, it certainly was not contemplating the bulk collection of communication records over an extended period of time that reveal all sorts of sensitive and intimate information about people. Keep in mind that the DEA engaged in bulk collection not for national security purposes, but instead for routine criminal investigation. The government has consistently argued that the national security character of ? 215 excuses the government from the Fourth Amendment?s warrant requirement. But the government cannot hide behind that argument here. While investigating and prosecuting drug trafficking is of course a legitimate law enforcement goal, Fourth Amendment protections are at their strongest when the government?s purpose is investigating crime, rather than some other non-criminal interest. Ultimately, the constitutional harm is that the government?s bloated (and incorrect) interpretation of Smith, allows it to collect anything held by a third party, regardless of what it is and why they want it. That?s an incredibly overbroad interpretation of the workings of the Fourth Amendment, and in an increasingly digital world, where financial and health records, communications with loved ones and intricate maps of where we?ve gone and are going are sitting in servers controlled by others, there is no limit to this collection power. Excessive Secrecy The government?s concession that the search of the database was unconstitutional was not a sincere acknowledgement of a screw-up but rather a concerted effort to keep the details of this database secret. Had the court not ordered the government to explain the specifics of the database, the existence and details of the program would likely have remained out of public sight. This secrecy isn?t surprising, and the fact the DEA?s program was discontinued in September 2013 is probably not accidental. That?s because on September 1, 2013, the New York Times reported for the first time the existence of a program known as ?Hemisphere.? which allows the DEA and local law enforcement to obtain call records from AT&T. As government presentations about the program repeatedly make clear, law enforcement agencies are given instructions on ?protecting the program,? and advised to ?never refer to Hemisphere in any official document.? Earlier in 2013, Reuters reported about the DEA and IRS?s secret use of investigative tips provided by the NSA and other law enforcement and intelligence agencies. Like ?Hemisphere,? agents are instructed to keep the true source of this information under wraps and to recreate the investigative trail through some other means. The government calls this practice ?parallel construction? but it?s really ?intelligence laundering,? designed to insulate surveillance programs from the scrutiny of defense attorneys and judges. Given the DEA?s well-documented tendency to be less than truthful when it comes to explaining where it really got investigative information, it?s likely the DEA laundered the results of their bulk phone records database too. That puts criminal defendants at a seriousdisadvantage in defending their cases and undermines the courts ability to act as an effective check on government surveillance. Illegal Spying, Whether by the NSA or DEA, is Illegal The DEA?s bulk collection program confirms our worst fears about the scope of unconstrained government surveillance?it?s not just about national security but disregarding constitutional standards to collect as much information as possible. But the Constitution doesn?t exist to make law enforcement?s job easy. It exists as a restraint on the government?s power. And at a time when the efficacy and legality of bulk surveillance for national security purposes is under serious scrutiny by all branches of the government, there should be no question that bulk surveillance for domestic law enforcement purposes should be off limits. While we?re glad the program has now been discontinued and the records purged, there are many more questions that need to be answered: ? What other countries are on the list? ? How many records were in the database? ? How many people had their phone information placed into the database? ? How often was the database queried? ? What other government or law enforcement agencies had access to the database? ? What other type of information is the DEA collecting in bulk? ? Who within the Department of Justice knew about the DEA?s bulk collection programs? ? Is there legal analysis that justifies bulk collection of these records? Perhaps the most pressing question is this: what other government databases exist that the public doesn?t know about? The public shouldn?t have to count on an after-the-fact accounting pressed by one federal judge exasperated by the government?s obfuscation to learn about the bulk collection of its calling records. But with the knowledge of this database now public, the DEA and other agencies should be aware that we?re watching too. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 19:07:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 20:07:59 -0500 Subject: [Infowarrior] - Scientists slow the speed of light Message-ID: <45D35032-C9B4-4A49-8000-84147D5A85D8@infowarrior.org> 22 January 2015 Last updated at 20:28 ET Scientists slow the speed of light By Kenneth Macdonald BBC Scotland Science Correspondent A team of Scottish scientists has made light travel slower than the speed of light. They sent photons - individual particles of light - through a special mask. It changed the photons' shape - and slowed them to less than light speed. The photons remained travelling at the lower speed even when they returned to free space. The experiment is likely to alter how science looks at light. The collaborators - from Glasgow and Heriot-Watt universities - are members of the Scottish Universities Physics Alliance. They have published their results in the journal Science Express. The speed of light is regarded as an absolute. It is 186,282 miles per second in free space. Light propagates more slowly when passing through materials like water or glass but goes back to its higher velocity as soon as it returns to free space again. Or at least it did until now. Two and a half years ago, the experimenters set out to see if they could slow down light just a little - and keep it moving more slowly..... < -- > http://www.bbc.com/news/uk-scotland-glasgow-west-30944584 -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 19:21:29 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 20:21:29 -0500 Subject: [Infowarrior] - OpenSSL version 1.0.2 released Message-ID: <4DC7A8B2-01F1-40C4-9E7A-448423F7C5A4@infowarrior.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.2 released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2 of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.2-notes.html OpenSSL 1.0.2 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html ): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.2.tar.gz Size: 5265809 MD5 checksum: 38373013fc85c790aabf8837969c5eba SHA1 checksum: 2f264f7f6bb973af444cd9fc6ee65c8588f610cc The checksums were calculated using the following commands: openssl md5 openssl-1.0.2.tar.gz openssl sha1 openssl-1.0.2.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUwSFvAAoJENnE0m0OYESRLI0H/2Lxz5oS7aVq5hCJ/8xMpiab 4umL84mE1WzbO+3HQAIcR24EQbdqiNfv0F7RGjRtq9Up6QS8yydNgdpvPZapj77d pVpQ85ICYZpOnO+72UahGIhEe7ZGO32386eBZuj2AHDN5pooEReAXWELBF4vYNcR 18fY/BFnxQgzUgSdhcA91nO2bUetA0epmzsQE8l2vxeXi6BABlJM5wUG2Zi8EZWF KISgD1QJLBfxEBG2fpTqwXf/ZsJL+a2JweKT0MrkV6cUVUGMf2CDJm27aZQxuojl dd7WCP0SfASFl0OVhcOhrijSKH9IvH6cKgyu7d4DFiDwayASJcMW0yTBglq9r+k= =b21y -----END PGP SIGNATURE----- _______________________________________________ openssl-announce mailing list -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 24 20:24:32 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2015 21:24:32 -0500 Subject: [Infowarrior] - =?windows-1252?q?AQAP_Develops_Its_Own_Version_of?= =?windows-1252?q?_Reddit=92s_AMA?= Message-ID: (scroll down in the article for the translations) The AQAP AMA https://firstlook.org/theintercept/2015/01/23/aqap-develops-version-reddits-ama-twitters-blue-checkmark-verification/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 25 12:49:57 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jan 2015 13:49:57 -0500 Subject: [Infowarrior] - 92 Percent of College Students Prefer Reading Print Books to E-Readers Message-ID: <4F61D1B3-899F-4DB3-B946-8D8AB51DC56F@infowarrior.org> (c/o EP) 92 Percent of College Students Prefer Reading Print Books to E-Readers By Alice Robb http://www.newrepublic.com/article/120765/naomi-barons-words-onscreen-fate-reading-digital-world -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 25 16:35:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jan 2015 17:35:46 -0500 Subject: [Infowarrior] - WikiLeaks demands answers after Google hands staff emails to US government Message-ID: <537A20B6-95FA-418F-B60B-5B6464851BBD@infowarrior.org> WikiLeaks demands answers after Google hands staff emails to US government ? Search giant gave FBI emails and digital data belonging to three staffers ? WikiLeaks told last month of warrants which were served in March 2012 Ed Pilkington and Dominic Rushe in New York Sunday 25 January 2015 17.06 EST Google took almost three years to disclose to the open information group WikiLeaks that it had handed over emails and other digital data belonging to three of its staffers to the US government, under a secret search warrant issued by a federal judge. WikiLeaks has written to Google?s executive chairman, Eric Schmidt, to protest that the search giant only revealed the warrants last month, having been served them in March 2012. In the letter, WikiLeaks says it is ?astonished and disturbed? that Google waited more than two and a half years to notify its subscribers, potentially depriving them of their ability to protect their rights to ?privacy, association and freedom from illegal searches?. The letter, written by WikiLeaks? New York-based lawyer, Michael Ratner of the Center For Constitutional Rights, asks Google to list all the materials it provided to the FBI. Ratner also asks whether the California-based company did anything to challenge the warrants and whether it has received any further data demands it has yet to divulge. Google revealed to WikiLeaks on Christmas Eve ? a traditionally quiet news period ? that it had responded to a Justice Department order to hand over a catch-all dragnet of digital data including all emails and IP addresses relating to the three staffers. The subjects of the warrants were the investigations editor of WikiLeaks, the British citizen Sarah Harrison; the spokesperson for the organisation, Kristinn Hrafnsson; and Joseph Farrell, one of its senior editors. When it notified the WikiLeaks employees last month, Google said it had been unable to say anything about the warrants earlier as a gag order had been imposed. Google said the non-disclosure orders had subsequently been lifted, though it did not specify when. < - > http://www.theguardian.com/technology/2015/jan/25/wikileaks-google-staff-emails-us-government -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 25 17:56:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jan 2015 18:56:46 -0500 Subject: [Infowarrior] - Maker of TurboTax apologizes, offers $25 Message-ID: <840E2ED8-F2EC-487C-86A2-6BA7AC233959@infowarrior.org> Maker of TurboTax apologizes, offers $25 By Ellen Jean Hirst CHICAGO TRIBUNE ? Sunday January 25, 2015 9:23 AM http://www.dispatch.com/content/stories/business/2015/01/25/maker-of-turbotax-apologizes-offers-25.html Intuit, the maker of TurboTax software, apologized after an onslaught of consumer complaints about the unexpected need to buy an upgrade this year for some types of filings. Intuit emailed several million TurboTax Deluxe customers on Friday who bought a CD or downloaded the product last year, a spokeswoman said. Those customers are eligible for a $25 rebate if they need to upgrade to TurboTax Premier or TurboTax Home & Business to file small-business, capital-gains or rental-property information. ?We have heard from many of you that you were surprised when you discovered the change,? general manager Sasan Goodarzi said in a letter to consumers. ?No one likes this kind of a surprise, so we are taking immediate action to make things right and help you through this transition year.? Customers can apply at www.turbotax.intuit.com/25back. Eligible customers should get a check within seven days, spokeswoman Julie Miller said. The price of the CD or download version of TurboTax Premier is $89.99 and the Home & Business version is $99.99. The Deluxe version for 2013 returns is listed at $59.99. ?We clearly messed up here and didn?t communicate as broadly or proactively to our customers around these changes,? Miller said. ?We caught them by surprise. They are absolutely rightfully unhappy about it. So we are both apologizing and offering the $25 back as a way to help with this unexpected financial impact.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 25 22:12:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jan 2015 23:12:59 -0500 Subject: [Infowarrior] - The Untold Story Of The Invention Of The Game Cartridge Message-ID: <61B943BA-3282-4E13-A699-609F907120F4@infowarrior.org> The Untold Story Of The Invention Of The Game Cartridge http://www.fastcompany.com/3040889/the-untold-story-of-the-invention-of-the-game-cartridge -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 26 09:15:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jan 2015 10:15:53 -0500 Subject: [Infowarrior] - TSA wants to read your Facebook/purchases for PreChek Message-ID: <486E75BF-919E-4A74-B107-60BD331FF853@infowarrior.org> (this is ripe for failure...) The TSA Wants To Read Your Facebook Posts And Check Out Your Purchases Before It Will Approve You For PreCheck https://www.techdirt.com/articles/20150123/09423229792/tsa-wants-to-read-your-facebook-posts-check-out-your-purchases-before-it-will-approve-you-precheck.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 26 13:14:11 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jan 2015 14:14:11 -0500 Subject: [Infowarrior] - Sheriffs Want Popular Police-Tracking App Disabled Message-ID: <1B62E9F2-6F6A-44EB-B74F-9F5C669B4F94@infowarrior.org> (c/o KM) Of course, the *main* reason is that cops don't want civilians to know where (gasp) speed traps are located is .... (brace for it) REVENUE. The recent cop assasinations, tragic as they were, now are being exploted to push this agenda. --rick Sheriffs Want Popular Police-Tracking App Disabled Sheriffs are campaigning to pressure Google Inc. to turn off a feature on its Waze traffic software that warns drivers when police are nearby. They say one of the technology industry's most popular mobile apps could put officers' lives in danger from would-be police killers who can find where their targets are parked. Waze, which Google purchased for $966 million in 2013, is a combination of GPS navigation and social networking. Fifty million users in 200 countries turn to the free service for real-time traffic guidance and warnings about nearby congestion, car accidents, speed traps or traffic cameras, construction zones, potholes, stalled vehicles or unsafe weather conditions. To Sergio Kopelev, a reserve deputy sheriff in Southern California, Waze is also a stalking app for law enforcement. There are no known connections between any attack on police and Waze, but law enforcers such as Kopelev are concerned it's only a matter of time. They are seeking support among other law enforcement trade groups to pressure Google to disable the police-reporting function. The emerging policy debate places Google again at the center of an ongoing global debate about public safety, consumer rights and privacy. Waze users mark police presence on maps without much distinction other than "visible'' or "hidden.'' Users see a police icon, but it's not immediately clear whether police are there for a speed trap, a sobriety check or a lunch break. The police generally are operating in public spaces. A Waze spokeswoman, Julie Mossler, said the company thinks deeply about safety and security. She said Waze works with the New York Police Department and others around the world by sharing information. Google declined to comment. < - > http://www.nbcwashington.com/news/local/Sheriffs-Want-Popular-Police-Tracking-App-Disabled-289755401.html -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 26 13:52:27 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jan 2015 14:52:27 -0500 Subject: [Infowarrior] - Comcast ghostwrote pro-merger letters that politicians sent to FCC Message-ID: Comcast ghostwrote pro-merger letters that politicians sent to FCC Pre-written letters made it easy for politicians to support Comcast/TWC merger. by Jon Brodkin - Jan 26 2015, 2:15pm EST http://arstechnica.com/business/2015/01/comcast-ghostwrote-pro-merger-letters-that-politicians-sent-to-fcc/ Comcast has been supported by many politicians in its bid to acquire Time Warner Cable, but the testimonials from elected officials aren't quite as organic as the cable company would have you believe. A report today by The Verge, based on documents obtained through public records requests, shows that in August three politicians sent letters to the Federal Communications Commission that were ghostwritten by Comcast. We reported several months ago that letters from politicians closely mimicked Comcast talking points and re-used Comcast's own statements without attribution, and the documents revealed today show just how Comcast was able to get politicians on board. "For instance, a letter sent to the FCC by a town councilman from the small community of Jupiter, Florida was in fact largely orchestrated by some of the biggest players in corporate telecom," The Verge wrote. "Not only do records show that a Comcast official sent the councilman the exact wording of the letter he would submit to the FCC, but also that finishing touches were put on the letter by a former FCC official named Rosemary Harold, who is now a partner at one of the nation?s foremost telecom law firms in Washington, DC. Comcast has enlisted Harold to help persuade her former agency to approve the proposed merger." An e-mail chain shows how that letter from Jupiter Councilor Todd Wodraska came to be, with Comcast providing a draft of the letter and filing instructions. "Comcast has been a major component in Jupiter?s business and technological development over the past several years," the letter to the FCC said. "I am writing today to voice my support for the Comcast and Time Warner Cable transaction because it has the potential to greatly benefit many communities like ours. I strive to preserve Jupiter?s unique coastal-style of living while providing top-notch innovation and commodities for our residents." The Verge also detailed how a letter from Oregon Secretary of State Kate Brown "was almost wholly written by a Comcast Government Affairs specialist." The other politician featured in the story was Mayor Jere Wood of Roswell, Georgia, whose letter to the FCC was written word for word by "a vice president of external affairs at Comcast." Brown has received $9,500 from Comcast in donations, according to the National Institute on Money in State Politics. When contacted by Ars, Comcast VP of Government Communications Sena Fitzmaurice provided the same statement previously sent to The Verge: ?We reached out to policy makers, community leaders, business groups, and others across the country to detail the public interest benefits of our transaction with Time Warner Cable. When such leaders indicate they?d like to support our transaction in public filings, we?ve provided them with information on the transaction. All filings are ultimately decided upon by the filers, not Comcast.? Fitzmaurice also noted that merger opponents have submitted comments to the FCC using text written by advocacy groups. "How many of the anti-deal comments are completely written by the opponents? Thousands," she wrote in an e-mail. Most people would hope politicians could write their own letters or at least submit letters written by their staffs rather than Comcast, though. Advocacy groups generally haven't made any secret of their signature gathering tactics, even issuing press releases boasting that as many as 400,000 people signed petitions urging regulators to reject the merger. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 26 15:38:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jan 2015 16:38:14 -0500 Subject: [Infowarrior] - UK House of Lords rejects Snooper's Charter amendments Message-ID: <1D460768-1F9D-42F9-B390-C360ACAFF202@infowarrior.org> https://www.eff.org/deeplinks/2015/01/britons-you-have-72-hours-stop-snoopers-charter < - > Update: You did it! After a forceful debate on Monday 26 January, in which many peers protested the introduction of these amendments, Lord Blair withdrew them from consideration. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 26 18:09:03 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jan 2015 19:09:03 -0500 Subject: [Infowarrior] - DOJ spies on millions of cars Message-ID: <49035DDB-3348-469E-B93F-7197EC3A194E@infowarrior.org> DEA Uses License-Plate Readers to Build Database for Federal, Local Authorities By Devlin Barrett Jan. 26, 2015 6:26 p.m. ET http://www.wsj.com/articles/u-s-spies-on-millions-of-cars-1422314779 -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 27 07:08:33 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jan 2015 08:08:33 -0500 Subject: [Infowarrior] - Mass surveillance is fundamental threat to human rights, says European report Message-ID: <492166FA-0677-41E1-B649-5881BA6B6F8E@infowarrior.org> Mass surveillance is fundamental threat to human rights, says European report http://www.theguardian.com/world/2015/jan/26/mass-surveillance-threat-human-rights-council-europe -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 27 10:51:08 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jan 2015 11:51:08 -0500 Subject: [Infowarrior] - =?windows-1252?q?EFF=92s_Game_Plan_for_Ending_Glo?= =?windows-1252?q?bal_Mass_Surveillance?= Message-ID: January 26, 2015 | By rainey Reitman EFF?s Game Plan for Ending Global Mass Surveillance https://www.eff.org/deeplinks/2015/01/effs-game-plan-ending-global-mass-surveillance -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 27 13:41:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jan 2015 14:41:14 -0500 Subject: [Infowarrior] - 'Article' Titled "Cuckoo for Cocoa Puffs?" Accepted By 17 Medical 'Journals' Message-ID: <95A76B48-18E6-4AAB-917B-87C8CE7D5554@infowarrior.org> Article Titled "Cuckoo for Cocoa Puffs?" Accepted By 17 Medical 'Journals' http://www.fastcompany.com/3041493/body-week/why-a-fake-article-cuckoo-for-cocoa-puffs-was-accepted-by-17-medical-journals -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 28 06:52:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2015 07:52:26 -0500 Subject: [Infowarrior] - FCC to Marriott: Never try to block Wi-Fi again Message-ID: (c/o JC) FCC to Marriott: Never try to block Wi-Fi again By David Goldma http://money.cnn.com/2015/01/27/technology/fcc-wifi-hotel/index.html Net neutrality explained, once & for all NEW YORK (CNNMoney) After Marriott blocked Wi-Fi hotspots in parts of its hotels, the FCC sent a stern warning: don't even think about trying that again. "The Communications Act prohibits anyone from ... interfering with authorized radio communications, including Wi-Fi," said FCC Chairman Tom Wheeler in a statement. "Marriott's request seeking the FCC's blessing to block guests' use of non-Marriott networks is contrary to this basic principle." Wheeler pointed out that the FCC's Enforcement Bureau fined Marriott (MAR) $600,000 for blocking Wi-Fi, and said the agency will fine other hotels if they try anything similar. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 28 07:07:04 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2015 08:07:04 -0500 Subject: [Infowarrior] - Canada Casts Global Surveillance Dragnet Over File Downloads Message-ID: Canada Casts Global Surveillance Dragnet Over File Downloads By Ryan Gallagher and Glenn Greenwald https://firstlook.org/theintercept/2015/01/28/canada-cse-levitation-mass-surveillance/ Canada?s leading surveillance agency is monitoring millions of Internet users? file downloads in a dragnet search to identify extremists, according to top-secret documents. The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files. The revelations about the spying initiative, codenamed LEVITATION, are the first from the trove of files provided by National Security Agency whistleblower Edward Snowden to show that the Canadian government has launched its own globe-spanning Internet mass surveillance system. According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada?s equivalent of the NSA. (The Canadian agency was formerly known as ?CSEC? until a recent name change.) The latest disclosure sheds light on Canada?s broad existing surveillance capabilities at a time when the country?s government is pushing for a further expansion of security powers following attacks in Ottawa and Quebec last year. Ron Deibert, director of University of Toronto-based Internet security think tank Citizen Lab, said LEVITATION illustrates the ?giant X-ray machine over all our digital lives.? ?Every single thing that you do ? in this case uploading/downloading files to these sites ? that act is being archived, collected and analyzed,? Deibert said, after reviewing documents about the online spying operation for CBC News. David Christopher, a spokesman for Vancouver-based open Internet advocacy group OpenMedia.ca, said the surveillance showed ?robust action? was needed to rein in the Canadian agency?s operations. ?These revelations make clear that CSE engages in large-scale warrantless surveillance of our private online activities, despite repeated government assurances to the contrary,? Christopher told The Intercept. The ostensible aim of the surveillance is to sift through vast amounts of data to identify people uploading or downloading content that could be connected to terrorism ? such as bomb-making guides and hostage videos. In the process, however, CSE combs through huge volumes of data showing uploads and downloads initiated by Internet users not suspected of any wrongdoing. In a top-secret PowerPoint presentation, dated from mid-2012, an analyst from the agency jokes about how, while hunting for extremists, the LEVITATION system gets clogged with information on innocuous downloads of the musical TV series Glee. CSE finds some 350 ?interesting? downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data. The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as ?free file upload,? or FFU, ?events.? Only three of the websites are named: RapidShare, SendSpace, and the now defunct MegaUpload. SendSpace said in a statement that ?no organization has the ability/permission to trawl/search Sendspace for data,? adding that its policy is not to disclose user identities unless legally compelled. Representatives from RapidShare and MegaUpload had not responded to a request for comment at time of publication. LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites. The IP addresses are valuable pieces of information to CSE?s analysts, helping to identify people whose downloads have been flagged as suspicious. The analysts use the IP addresses as a kind of search term, entering them into other surveillance databases that they have access to, such as the vast repositories of intercepted Internet data shared with the Canadian agency by the NSA and its British counterpart Government Communications Headquarters. If successful, the searches will return a list of results showing other websites visited by the people downloading the files ? in some cases revealing associations with Facebook or Google accounts. In turn, these accounts may reveal the names and the locations of individual downloaders, opening the door for further surveillance of their activities. Since the secret 2012 presentation about LEVITATION was authored, both RapidShare and SendSpace have toughened security by encrypting users? connections to their websites, which may have thwarted CSE?s ability to target them for surveillance. But many other popular file-sharing sites have still not adopted encryption, meaning they remain vulnerable to the snooping. As of mid-2012, CSE was maintaining a list of 2,200 particular download links that it regarded as connected to suspicious ?documents of interest.? Anyone clicking on those links could have found themselves subject to extra scrutiny from the spies. While LEVITATION is purportedly identifying potential terror threats, Canadian legal experts consulted by CBC News were concerned by the broad scope of the operation. ?The specific uses that they talk about in this [counter-terrorism] context may not be the problem, but it?s what else they can do,? said Tamir Israel, a lawyer with the University of Ottawa?s Canadian Internet Policy and Public Interest Clinic. Picking which downloads to monitor is essentially ?completely at the discretion of CSE,? Israel added. The file-sharing surveillance also raises questions about the number of Canadians whose downloading habits could have been swept up as part of LEVITATION?s dragnet. By law, CSE isn?t allowed to target Canadians. In the LEVITATION presentation, however, two Canadian IP addresses that trace back to a web server in Montreal appear on a list of suspicious downloads found across the world. The same list includes downloads that CSE monitored in closely allied countries, including the United Kingdom, United States, Spain, Brazil, Germany and Portugal. It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports. A CSE spokesman told The Intercept and CBC News in a statement: ?CSE is legally authorized to collect and analyze metadata, including from parts of the Internet routinely used by terrorists. Some of CSE`s metadata analysis activities are designed to identify foreign terrorists who use the Internet to conduct activities that threaten the security of Canada and Canadian citizens. ?CSE does not direct its activities at Canadians or anyone in Canada, and, in accordance with our legislation, has a range of measures in place to protect the privacy of Canadians incidentally encountered in the course of these foreign intelligence operations.? The spokesman declined to comment on whether LEVITATION remained active, and would not provide examples of useful intelligence gleaned from the spying, or explain how long data swept up under the operation is retained. Discussion of ?operations, methods or capabilities,? the spokesman said, would breach the Security of Information Act, a Canadian law designed to protect state secrets. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 28 07:31:52 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2015 08:31:52 -0500 Subject: [Infowarrior] - No, DoJ -- 80% of Tor Traffic Is Not Child Porn Message-ID: <1C20AB85-DD14-4E78-9C6B-75EEC8142211@infowarrior.org> No, Department of Justice, 80 Percent of Tor Traffic Is Not Child Porn ? By Andy Greenberg ? 01.28.15 | The debate over online anonymity, and all the whistleblowers, trolls, anarchists, journalists and political dissidents it enables, is messy enough. It doesn?t need the US government making up bogus statistics about how much that anonymity facilitates child pornography. At the State of the Net conference in Washington on Tuesday, US assistant attorney general Leslie Caldwell discussed what she described as the dangers of encryption and cryptographic anonymity tools like Tor, and how those tools can hamper law enforcement. Her statements are the latest in a growing drumbeat of federal criticism of tech companies and software projects that provide privacy and anonymity at the expense of surveillance. And as an example of the grave risks presented by that privacy, she cited a study she said claimed an overwhelming majority of Tor?s anonymous traffic relates to pedophilia. ?Tor obviously was created with good intentions, but it?s a huge problem for law enforcement,? Caldwell said in comments reported by Motherboard and confirmed to me by others who attended the conference. ?We understand 80 percent of traffic on the Tor network involves child pornography.? That statistic is horrifying. It?s also baloney. In a series of tweets that followed Caldwell?s statement, a Department of Justice flack said Caldwell was citing a University of Portsmouth study WIRED covered in December. He included a link to our story. But I made clear at the time that the study claimed 80 percent of traffic to Tor hidden services related to child pornography, not 80 percent of all Tor traffic. That is a huge, and important, distinction. The vast majority of Tor?s users run the free anonymity software while visiting conventional websites, using it to route their traffic through encrypted hops around the globe to avoid censorship and surveillance. But Tor also allows websites to run Tor, something known as a Tor hidden service. This collection of hidden sites, which comprise what?s often referred to as the ?dark web,? use Tor to obscure the physical location of the servers that run them. Visits to those dark web sites account for only 1.5 percent of all Tor traffic, according to the software?s creators at the non-profit Tor Project. The University of Portsmouth study dealt exclusively with visits to hidden services. In contrast to Caldwell?s 80 percent claim, the Tor Project?s director Roger Dingledine pointed out last month that the study?s pedophilia findings refer to something closer to a single percent of Tor?s overall traffic. The Department of Justice didn?t respond to WIRED?s questions about Caldwell?s comments..... < -- > http://www.wired.com/2015/01/department-justice-80-percent-tor-traffic-child-porn/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 28 07:35:43 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2015 08:35:43 -0500 Subject: [Infowarrior] - =?windows-1252?q?European_counter-terror_plan_inv?= =?windows-1252?q?olves_blanket_collection_of_passengers=92_data?= Message-ID: European counter-terror plan involves blanket collection of passengers? data Exclusive: European commission plans to request 42 items of personal information about air passengers http://www.theguardian.com/uk-news/2015/jan/28/european-commission-blanket-collection-passenger-data -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 28 13:24:22 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2015 14:24:22 -0500 Subject: [Infowarrior] - Experts Unmask 'Regin' Trojan as NSA Tool Message-ID: Experts Unmask 'Regin' Trojan as NSA Tool By Marcel Rosenbach, Hilmar Schmundt and Christian St?cker http://www.spiegel.de/international/world/regin-malware-unmasked-as-nsa-tool-after-spiegel-publishes-source-code-a-1015255.html -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 28 22:01:55 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2015 23:01:55 -0500 Subject: [Infowarrior] - NSA Details Chinese Cyber Theft of F-35, Military Secrets Message-ID: <0BA17DE6-14AA-4C59-8F94-F8EDF046B641@infowarrior.org> NSA Details Chinese Cyber Theft of F-35, Military Secrets http://freebeacon.com/national-security/nsa-details-chinese-cyber-theft-of-f-35-military-secrets/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 10:11:39 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 11:11:39 -0500 Subject: [Infowarrior] - Drone Maker Updates Firmware On All Drones To Stop Any Flights In DC Message-ID: Drone Maker Updates Firmware On All Drones To Stop Any Flights In DC https://www.techdirt.com/articles/20150128/13212829842/you-dont-own-what-you-bought-drone-maker-updates-firmware-all-drones-to-stop-any-flights-dc.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 10:59:28 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 11:59:28 -0500 Subject: [Infowarrior] - USG's misdirected gag order on Google Message-ID: <88C8CE57-1E80-477F-8FB9-7CB1CD0F2D33@infowarrior.org> How about this: if you're worried about a public backlash for your actions, maybe rethink why you're taking such actions to begin with? --rick Feds Gagged Google Over Wikileaks Warrants Because They Were 'Upset By The Backlash' To Similar Twitter Warrants https://www.techdirt.com/articles/20150128/11543329841/feds-gagged-google-over-wikileaks-warrants-because-they-were-upset-backlash-to-similar-twitter-warrants.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 11:13:42 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 12:13:42 -0500 Subject: [Infowarrior] - FCC Redefines 'Broadband' as 25/3 Message-ID: FCC Just Redefined Broadband So Expect Faster Internet Adam Clark Estes http://gizmodo.com/fcc-redefines-broadband-to-bring-you-faster-internet-1682516928 The Federal Communications Commission (FCC) just voted to redefine broadband as "internet which is actually fast enough to use." Now, in order to call its service broadband, companies will need to guarantee download speeds of 25 megabits per second or faster and upload speeds of 3 Mbps or faster. This is really, really good news. This decision might seem arbitrary at first. After all, the FCC is just changing the definition of broadband?it's not actually forcing internet service providers to speed up connections. That's inevitably what this new policy should accomplish, however. Think about it this way: If a company can't call its service broadband, everybody will know that it's slow. So if they want to stay competitive, they'll have to guarantee faster speeds. The new policy will benefit those in rural areas and tribal most. About half of Americans in rural areas don't have access to 25 Mbps down/3 Mbps up speeds, meaning that they can't take advantage of a lot of the internet's best goodies (read: streaming video). Just look at the spread: Previously, the FCC defined broadband as 4 Mbps for downloads and 1 Mbps for uploads. That's well below the current national average of 32.4 Mbps up and 9.9 Mbps down, and it's certainly too slow to support America's streaming video habits. So it makes good sense that the FCC wanted up change the definition of broadband?a word that's synonymous with high-speed internet?in order to motivate ISPs to improve service in those underserved areas. That's the official take on the change. Unofficially, however, the FCC's actions stand to shake up the cable industry in some other interesting ways. The redefinition of broadband should increase competition between ISPs and cable companies as well as encourage the development of better infrastructure. The new policy could also affect the outcome of the pending Comcast-Time Warner Cable merger, since the new definition means that Comcast now has fewer competitors in its broadband business. That means the Department of Justice might decide that a Mega-Comcast would look even more like a monopoly. Of course, none of this is going to happen overnight. The FCC will have to keep a close eye on the industry to ensure that ISPs are advertising their services like they're supposed to, and many of the ISPs will need a little bit of time to upgrade their offerings. This is the first step towards progress, though. The FCC's next step? Net neutrality rules. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 15:09:04 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 16:09:04 -0500 Subject: [Infowarrior] - How Russia outfoxes its enemies Message-ID: <67A04082-6A82-429B-A064-42330F9EA79C@infowarrior.org> 28 January 2015 Last updated at 20:39 ET How Russia outfoxes its enemies Russia's annexation of Crimea last year caught almost everyone off guard. The Russian military disguised its actions, and denied them - but those "little green men" who popped up in the Black Sea peninsula were a textbook case of the Russian practice of military deception - or maskirovka. < -- > http://www.bbc.com/news/magazine-31020283 -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 16:10:58 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 17:10:58 -0500 Subject: [Infowarrior] - EFF Wins Battle Over Secret Sec 215 Legal Opinions Message-ID: January 29, 2015 EFF Wins Battle Over Secret Legal Opinions on Government Spying https://www.eff.org/press/releases/eff-wins-battle-over-secret-legal-opinions-government-spying Department of Justice to Release Analysis of Law Enforcement and Intelligence Agency Access to Census Records San Francisco - The Electronic Frontier Foundation (EFF) has won its four-year Freedom of Information Act lawsuit over secret legal interpretations of a controversial section of the Patriot Act, including legal analysis of law enforcement and intelligence agency access to census records. The U.S. Department of Justice today filed a motion to dismiss its appeal of a ruling over legal opinions about Section 215 of the Patriot Act, the controversial provision of law relied on by the NSA to collect the call records of millions of Americans. As a result of the dismissal, the Justice Department will be forced to release a previously undisclosed opinion from the Office of Legal Counsel (OLC) concerning access by law enforcement and intelligence agencies to census data under Section 215. "The public trusts that information disclosed for the census won't wind up in the hands of law enforcement or intelligence agencies," Staff Attorney Mark Rumold said. "The public has a right to know what the Office of Legal Counsel's conclusions were on this topic, and we're happy to have vindicated that important right." In October 2011?the 10th anniversary of the signing of USA Patriot Act?EFF sued the Justice Department to gain access to all "secret interpretations" of Section 215. At earlier stages in the litigation, the Justice Department had refused to publicly disclose even the number of documents that were at issue in the case, claiming the information was classified. In June 2013, the lawsuit took a dramatic turn after The Guardian published an order from the Foreign Intelligence Surveillance Court authorizing the bulk collection of call records data of Verizon customers. That disclosure helped EFF secure the release of hundreds of pages of legal opinions, including multiple opinions of the Foreign Intelligence Surveillance Court excoriating the NSA for disregarding the court's orders. However, the Justice Department continued to fight for secrecy for the legal opinion over access to census data under Section 215. Last August, a federal district court judge ordered the government to disclose the OLC opinion. "The Justice Department has made a wise decision in dismissing the appeal," Rumold said. "We filed this suit nearly four years ago to inform the public about the way the government was using Section 215. We're well overdue to have a fully informed, public debate about this provision of law, and hopefully the disclosure of this opinion will help move the public debate forward." Although the motion for dismissal was filed today, the government has not provided EFF with the opinion. After receiving the document, EFF will also make it available through its website. For more information on the case visit: https://www.eff.org/foia/section-215-usa-patriot-act Contact: Mark Rumold Staff Attorney Electronic Frontier Foundation mark at eff.org -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 18:45:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 19:45:46 -0500 Subject: [Infowarrior] - 'Anonymized' credit card data not so anonymous, study shows Message-ID: <597B740F-D8F5-443E-973C-3C9553B0441A@infowarrior.org> Jan 29, 5:20 PM EST 'Anonymized' credit card data not so anonymous, study shows http://hosted.ap.org/dynamic/stories/U/US_SCI_DATA_PRIVACY By SETH BORENSTEIN and JACK GILLUM Associated Press WASHINGTON (AP) -- Credit card data isn't quite as anonymous as promised, a new study says. Scientists showed they can identify you with more than 90 percent accuracy by looking at just four purchases, three if the price is included - and this is after companies "anonymized" the transaction records, saying they wiped away names and other personal details. The study out of the Massachusetts Institute of Technology, published Thursday in the journal Science, examined three months of credit card records for 1.1 million people. "We are showing that the privacy we are told that we have isn't real," study co-author Alex "Sandy" Pentland of MIT said in an email. His research found that adding just a glimmer of information about a person from an outside source was enough to identify him or her in the trove of financial transactions they studied. Companies routinely strip away personal identifiers from credit card data when they share information with outsiders, saying the data is now safe because it is "anonymized." But the MIT researchers showed that anonymized isn't quite the same as anonymous. Drawing upon a sea of data in an unnamed developed country, the researchers pieced together available information to see how easily they could identify somebody. They looked at information from 10,000 shops, with each data piece time-stamped to calculate how many pieces of data it would take on average to find somebody, said study lead author Yves-Alexandre de Montjoye, also of MIT. In this case the experts needed only four pieces, three if price is involved. As an example, the researchers wrote about looking at data from September 23 and 24 and who went to a bakery one day and a restaurant the other. Searching through the data set, they found there could be only person who fits the bill - they called him Scott. The study said, "and we now know all of his other transactions, such as the fact that he went shopping for shoes and groceries on 23 September, and how much he spent." It's easier to identify women, but the research couldn't explain why, de Montjoye said. The study shows that when we think we have privacy when our data is collected, it's really just an "illusion," said Eugene Spafford, director of Purdue University's Center for Education and Research in Information Assurance and Security. Spafford, who wasn't part of the study, said it makes "one wonder what our expectation of privacy should be anymore." "It is not surprising to those of us who spend our time doing privacy research," said outside expert Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University. "But I expect it would be surprising to most people, including companies who may be routinely releasing de-identified transaction data, thinking it is safe to do so." Credit card companies and industry officials either declined comment or did not respond to requests for comment. The once-obscure concept of metadata - or basic transactional information - grew mainstream in recent years following revelations by former National Security Agency contractor Edward Snowden. Those disclosures from once-top secret U.S. government documents revealed that the NSA was collecting the records of digital communications from millions of Americans not suspected of a crime. The use of so-called "big data" has been a lucrative prospect for private companies aiming to cash in on the trove of personal information about their consumers. Retail purchases, online web browsing activity and a host of other digital breadcrumbs can provide firms with a wealth of data about you - which is then used in sophisticated advertising and marketing campaigns. And big data-mining was used extensively in the 2012 president election to win over voters or seek out prospective donors. "While government surveillance has been getting a lot of press, and certainly the revelations warrant such scrutiny, a large number of corporations have been quietly expanding their use of data," said privacy consultant and author Rebecca Herold. Studies like this show "how metadata can be used to pinpoint specific individuals. This also raises the question of how such data would be used within insurance actuarial calculations, insurance claims and adjustments, loan and mortgage application considerations, divorce proceedings." --- Online: Journal Science: http://www.sciencemag.org --- Seth Borenstein can be followed at http://twitter.com/borenbears Jack Gillum can be followed at https://twitter.com/jackgillum -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 18:46:49 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 19:46:49 -0500 Subject: [Infowarrior] - D-Link routers vulnerable to DNS hijacking Message-ID: D-Link routers vulnerable to DNS hijacking Posted on 29 January 2015 http://www.net-security.org/secworld.php?id=17888 At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE, he noted for Computerworld. The flaw allows attackers to access the device's Web administration interface without authentication, and through it to modify the DNS settings, which could allow them to redirect users to malware-laden and phishing sites and prevent them to visit legitimate sites for OS and software updates (including security software). Donev hasn't notified D-Link of this flaw, but has released exploit code for the flaw in a security advisory. The flaw can be exploited remotely if the device's interface is exposed to the Internet - and many are, to allow legitimate remote administration. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 18:50:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 19:50:17 -0500 Subject: [Infowarrior] - Europe Gets A Cyber Security Incubator Message-ID: <43B34207-3351-4E95-833A-4555504440EE@infowarrior.org> Europe Gets A Cyber Security Incubator Posted Jan 27, 2015 by Natasha Lomas (@riptari) London?s ? and Europe?s ? crowded startup accelerator scene is getting a new addition. Not fintech-related, this time. Rather the focus is cyber security. The Cyber London (CyLon for short) 12-week program, has been co-founded by Alex van Someren of VC firm Amadeus Capital Partners, who previously founded U.K. cryptography company nCipher and has advised the U.K. government on various tech issues; along with Jonathan Luff and Grace Cassy, co-founders of strategic technology consultancy Epsilon Advisory Partners, who also bring foreign and security policy experience to the table, including working with No.10 Downing Street. CyLon?s program will be managed by the Ignite accelerator, and is being run as a not-for-profit, financed by a variety of sponsors ? including Amadeus and Epsilon; along with global hedge fund Winton, and international law firms Freshfields Bruckhaus Deringer; and Fried, Frank, Harris, Shriver & Jacobson ? none of whom will be taking equity in the selected teams. So this is about proximity to promising security startups to help with deal flow in the case of investors, and the chance to pick up future clients in the case of the legal and consultancy firms. Although Luff stressed there won?t be any limits placed on the startups in terms of who they can or can?t work with. CyLon also has an advisory board to help steer the program. This has two members at launch: namely Passion Capital?s Eileen Burbidge, and Jon Bradford, MD of the Techstars London incubator program. Passion Capital has some skin in the security game already, via b2b cyber security portfolio company Digital Shadows. Burbidge also has a personal interest in security, with a private investment in secure messaging app Wickr. She?s been banging the drum for the U.K. to do more in the security space for a while now ? putting her mouth where her money is, and vice versa. The criteria for choosing teams to enter the CyLon business bootcamp are being left ?quite broad?, according to Luff, to maximize interest and help establish the program. ?We are defining this as ?cyber and information security technologies or products?. That is quite deliberate because we want to encourage a good number of people to take an interest in the program and to apply,? he told TechCrunch. Startups selected to go through CyLon will get ?5,000 to cover their living expenses, and be based in a 4,000 sq. ft. co-working space provided by Winton in Hammersmith, West London. ?We are going to be looking at applications over the next month to six weeks and we?ll be looking for the kinds of things you would expect from a strong accelerator and an incubator program: people with interesting ideas in interesting areas, able to demonstrate that they?ve got the skills required to develop those ideas,? Luff added. He said they expect to take about 10 startups in the first intake, and are looking to run two programs per year. Financing from the program sponsors has been secured for one year at this point, and they?re not yet looking beyond that at this point ? intending to see how CyLon runs in year one. < - > http://techcrunch.com/2015/01/27/cylon/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 19:30:52 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 20:30:52 -0500 Subject: [Infowarrior] - Copyright Law Is Eating Away At Our Cultural History: And It's Time To Fix That Message-ID: <7F0472C0-F38B-48C6-8DDD-38F972F7002D@infowarrior.org> Copyright Law Is Eating Away At Our Cultural History: And It's Time To Fix That from the archiving-history-is-great dept If you weren't under a social media-less rock a few weeks ago, you hopefully heard about the Internet Archive releasing over 2,000 MS-DOS video games, playable in the browser. As I noted to someone on Twitter, it was like half of my childhood on the screen. What I found truly amazing was that with every excited Twitter or Facebook comment I saw, it was about a different game. For me, it was things like Oregon Trail, Pole Position, Lode Runner and Championship Baseball (and also some college memories of avoiding studying by playing Scorched Earth -- hey, at least it sorta felt like I was learning physics). But for others it was something entirely different. Each person seemed to latch onto their own moment in history (and a new chance to procrastinate or waste time by reliving that experience). < - > https://www.techdirt.com/articles/20150129/06091629847/copyright-law-is-eating-away-our-cultural-history-its-time-to-fix-that.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 20:00:24 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 21:00:24 -0500 Subject: [Infowarrior] - Dropbox transparency report shows continued interest from governments Message-ID: <630E0242-9FAB-40CA-8B88-4B1124C47A32@infowarrior.org> Dropbox transparency report shows continued interest from governments Weather report shows moon likely to rise some time around sunset By Dave Neal Thu Jan 29 2015, 14:58 http://www.theinquirer.net/inquirer/news/2392716/dropbox-transparency-report-shows-continued-interest-from-governments DROPBOX has released its latest transparency report and revealed details of data requests from the US government as well as from overseas agencies. The Dropbox Transparency Report revealed that the company dealt with 275 requests from law enforcement agencies during the six months to 31 December 2014, and told users about this when it was legally allowed to. "At Dropbox, we want to be as transparent as possible about government requests for user information," the firm said. "We publish a Transparency Report twice a year to share the number of requests we've received, and we've laid out principles that guide how we handle these requests. "Since today is international Data Privacy Day, it's a perfect time to provide you with an update." Dropbox said that 20 of the 275 demands in the past six months related to requests from agencies outside the US, and that the company was served with 135 search warrants relating to over 250 accounts, two court orders and 116 subpoenas. National security-related demands can be counted only in bands, and Dropbox said that there were somewhere between zero and 249 requests. Dropbox suggested that governments will often demand information when they have no right to. "Governments continue to request that we not notify users of requests for their data, even when there is no legal basis for the requests," the firm said. "We received 71 such requests between July and December 2014 and responded by informing the requesting agency of our policy to always provide notice unless prohibited by a valid court order (or equivalent)." Demands from outside the US do not appear to have affected any accounts. Two were sent by UK agencies, and the remaining 18 by countries including Malta, India, Germany and France. Dropbox was spared any demands to take down any stored information during the period, but did have to let a requesting agency know that it had sent its demands to the wrong service provider. The report shows that the firm acquiesced when it had to, and informed punters when it could. ? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 29 20:21:31 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jan 2015 21:21:31 -0500 Subject: [Infowarrior] - China Further Tightens Grip on the Internet Message-ID: China Further Tightens Grip on the Internet By ANDREW JACOBSJAN. 29, 2015 BEIJING ? Jing Yuechen, the founder of an Internet start-up here in the Chinese capital, has no interest in overthrowing the Communist Party. But these days she finds herself cursing the nation?s smothering cyberpolice as she tries ? and fails ? to browse photo-sharing websites like Flickr and struggles to stay in touch with the Facebook friends she has made during trips to France, India and Singapore. Gmail has become almost impossible to use here, and in recent weeks the authorities have gummed up Astrill, the software Ms. Jing and countless others depended on to circumvent the Internet restrictions that Western security analysts refer to as the Great Firewall. By interfering with Astrill and several other popular virtual private networks, or V.P.N.?s, the government has complicated the lives of Chinese astronomers seeking the latest scientific data from abroad, graphic designers shopping for clip art on Shutterstock and students submitting online applications to American universities. < -- > http://www.nytimes.com/2015/01/30/world/asia/china-clamps-down-still-harder-on-internet-access.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 30 08:07:50 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jan 2015 09:07:50 -0500 Subject: [Infowarrior] - Google enlists Chrome in push for encrypted Web Message-ID: Be warned: Google enlists Chrome in push for encrypted Web Google has taken its first step to flag ordinary sites like Wikipedia and CNN with a security warning because they are unencrypted, allowing all data transmissions to be viewed by the prying eyes of hackers or governments. Stephen Shankland @stshank January 30, 2015 5:33 AM PST Google has added a feature to Chrome that can alert users about unencrypted network connections common on many parts of the Web. The feature isn't on by default. Screenshot by Stephen Shankland/CNET Google just gave Chrome something of an insecurity complex. That's because the company has enlisted Chrome -- the No. 2 desktop browser worldwide -- in its effort to make secure, encrypted connections on the Web the rule rather than the exception. Encryption scrambles data during transmission to protect users from identity thieves and prying governments. This week, Google built a feature into a test version of Chrome to explicitly warn people about Web pages that were delivered without encryption. As the feature spreads to mainstream versions of Chrome, it could alarm people who thought Web pages were working fine and could impose new costs on Web site operators who don't want their users fretting that something is wrong. But in Google's view, the problem needs fixing. < - > http://www.cnet.com/news/chrome-becoming-tool-in-googles-push-for-encrypted-web/#ftag=CAD590a51e -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 30 11:38:21 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jan 2015 12:38:21 -0500 Subject: [Infowarrior] - =?windows-1252?q?Verizon_Wireless_to_Allow_Comple?= =?windows-1252?q?te_Opt_Out_of_Mobile_=91Supercookies=92?= Message-ID: <4ECC0D20-56CF-4549-8639-831FEB28AB4E@infowarrior.org> Verizon Wireless to Allow Complete Opt Out of Mobile ?Supercookies? By Brian X. Chen and Natasha Singer January 30, 2015 11:31 am January 30, 2015 11:31 am Verizon Wireless, which has been under fire by privacy advocates since late last year, has decided to make a major revision to its mobile ad-targeting program. Users who do not want to be tracked with an identifier that Verizon uses for ad-targeting purposes will soon be able to completely opt out, the company said on Friday. In the past, Verizon allowed users to opt out of the marketing side of the program, but they had no option to disable being tagged with its undeletable customer codes, which critics dubbed ?supercookies.? Some security researchers quickly illustrated that third parties, like advertisers, could easily exploit Verizon?s persistent tracking to continually follow a user?s web browsing activities. < - > http://bits.blogs.nytimes.com/2015/01/30/verizon-wireless-to-allow-complete-opt-out-of-mobile-supercookies/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 30 12:41:49 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jan 2015 13:41:49 -0500 Subject: [Infowarrior] - =?windows-1252?q?_Music_Group_Threatens_Popcorn_T?= =?windows-1252?q?ime=92s_Blog_Platform?= Message-ID: <8D1907B7-4A39-41FC-9B82-A87FC5032908@infowarrior.org> Music Group Threatens Popcorn Time?s Blog Platform n what could be one of the most unusual anti-piracy moves yet, an open source blogging platform has been threatened by the music industry after movie-focused Popcorn Time simply used the company's software. Ghost founder John O'Nolan is surprised and decidedly unimpressed. < - > http://torrentfreak.com/music-group-threatens-popcorn-times-blog-platform-150129/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 30 14:08:31 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jan 2015 15:08:31 -0500 Subject: [Infowarrior] - Wi-Fi issues continue to hamper OS X users despite updates Message-ID: (not on 10.10, and have no desire to be on 10.10, either! --rick) Wi-Fi issues continue to hamper OS X users despite updates By Fred O'Connor IDG News Service | January 29, 2015 http://www.itworld.com/article/2877734/wifi-issues-continue-to-hamper-os-x-users-despite-updates.html Apple?s efforts this week to remedy the Wi-Fi connectivity issues plaguing many OS X users produced mediocre results, judging by comments left in Apple?s support forum. Immediately following the Oct. 16 public release of Mac OS X Yosemite, an undetermined but substantial number of users took to discussion forums and social media to report that the OS crippled and in some cases disabled their machine?s Wi-Fi capabilities. As of Thursday, the thread ?OSX Yosemite Wifi issues? on Apple?s support forum had 709,855 views and 2,261 comments. Apple has never officially acknowledged issues surrounding Yosemite and Wi-Fi connectivity, but release notes for Yosemite updates show that Apple is aware of the issue. In November, Apple issued a beta build of Yosemite to developers and asked them to focus on three areas, including Wi-Fi. The update, labeled 10.10.1, was publicly released on Nov. 17 but didn?t solve the Wi-Fi issues. A second update, labeled 10.10.2, was publicly released Tuesday. Leading off the improvements offered in the update was ?resolves an issue that might cause Wi-Fi to disconnect,? according to the release notes. Despite this claim, Apple?s support forum was filled with tales of frustrated users who upgraded to 10.10.2 and still had weak or nonexistent Wi-Fi connections and trouble using Wi-Fi with Bluetooth-enabled devices. ?I don?t know what has been fixed with 10.10.2 but I see absolutely zero improvement,? wrote a person whose 2011 personal and work iMacs lose Wi-Fi connectivity. Even after 10.10.2 was installed on an iMac, the machine forces a router reboot when connecting, another user reported. When the router reboots, all other devices on the network immediately lose their Internet connection, the commenter noted, adding: ?Since upgrading to Yosemite last year I haven?t been able to use wifi.? Another person had Wi-Fi connectivity after installing the update, but enabling Bluetooth wrecked the connection. ?I turned on bluetooth to use it with my apple magic mouse and apple wireless keyboard, but wlan issues still exists. Turning [Bluetooth] off, all works as usual,? the person said. At Drew University in Madison, New Jersey, Yosemite?s flaws forced the school?s IT department to dissuade students and faculty from upgrading to the OS. ?As this upgrade appears to be more troublesome than other Apple releases, University Technology is strongly advising that users who have not already done so not to upgrade their Macs to Yosemite and instead wait until Apple addresses these issues,? the school?s IT department said in a Jan. 9. email obtained by IDG News Service. The university didn?t immediately reply to further requests for comment. Mac owners aren?t the only Apple users experiencing wireless connection failures after updating their OS. Wi-Fi connectivity issues have also dogged iOS 8 since Apple released the mobile OS on Sept. 17. The thread ?iOS 8 Wi-Fi problems? in the Apple Support forum has 527,483 views and 1,629 comments since Sept. 20. Unlike with Mac OS, Apple has yet to indicate that iOS 8 may have a bug that wrecks the Wi-Fi capabilities of iPhones, iPads and iPod touches. Apple released its latest mobile OS update, labelled 8.1.3, on Tuesday, but the release notes didn?t mention a Wi-Fi fix. Instead, the update reduced the amount of storage space required to perform an update and resolved an issue around some users being unable to enter their Apple ID password for Messages and FaceTime, among other fixes. Users who hoped the update would fix their Wi-Fi issues faced disappointment after installing the software. ?I did the update to 8.1.3 and it made no difference on the WiFi issue,? said a person who installed the update on Tuesday. ?Upgraded to 8.1.3, no discernible improvement, still poor wifi connection,? wrote another person on Wednesday. Apple didn?t immediately reply to a request for comment. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 31 16:12:23 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Jan 2015 17:12:23 -0500 Subject: [Infowarrior] - The NFL wants you to think these things are illegal Message-ID: The NFL wants you to think these things are illegal Yes, you can record Sunday's game. And you can talk about it. by Sherwin Siy, Public Knowledge Jan 31 2015, 1:14pm EST http://arstechnica.com/tech-policy/2015/01/the-nfl-wants-you-to-think-these-things-are-illegal/ The Super Bowl is the NFL?s flagship event each year, and the league has invested a lot in the event?s branding and broadcasting. In light of that investment, it?s understandable that the NFL would be protective of its trademarks and copyrights surrounding it. But that protectiveness has led to the NFL, and other businesses around it, perpetuating a number of myths about what you can and can?t do with the Super Bowl?including the words ?Super Bowl.? Saying ?Super Bowl? in an ad We?re already being bombarded by ads from sports bars, grocery stores, fast-food chains, and countless other companies tying their ads in to ?The Big Game.? It?s a completely ridiculous circumlocution that just draws attention to itself and the absurdity that is trademark law. Obviously they?re talking about the Super Bowl; they?re clearly not talking about the Cal-Stanford game, or a high-stakes poker match, or a rugby match in Twickenham. Conventional wisdom is that advertisers are avoiding calling a Super Bowl a Super Bowl because they don?t want to infringe on the NFL?s trademark in the name. But if that?s the case, it?s because the advertisers are being overly cautious, not because they?d actually be doing anything illegal. The core purpose of trademark law has always been to identify the source of goods?to make sure that some competitor doesn?t try to pass off its goods as the genuine article. Over the years, that original purpose has been added to and supplemented with other theories, but its fundamental aim remains the same: keeping consumers from being fooled as to whether or not the trademark owner is making or endorsing the person using the trademark without permission. This doesn?t mean that people are barred from using trademarked terms, though. Burger King can use the terms ?McDonald?s? and ?Big Mac? in its ads to refer to its competitor; movies and TV shows can use and display products without permission?if they make fake brands or blur them out, it?s either out of an excess of caution or in the hope that brands later become sponsors. No one is going to think that your local grocery is offering sales on chicken wings and Doritos because they?re sponsoring the Super Bowl or are representing the NFL. They?re saying ?Super Bowl? because that?s how human beings refer to this Sunday?s broadcast of the National Football League?s championship game. And they?re allowed to speak like human beings, just like you and I are free to talk, tweet, and text about the game. Taping, describing, or even talking about the game The NFL has a strange take on what people can do with the broadcast of the game, too. If you?ve watched enough football, you?ve undoubtedly seen this odd little clip: The voiceover in the clip says: "This telecast is copyrighted by the NFL for the private use of our audience. Any other use of this telecast or any pictures, descriptions, or accounts of the game without the NFL's consent is prohibited." That second sentence is bunk from a legal standpoint. It is not illegal to describe or give an account of one of the biggest media events of the year. You can talk about the Super Bowl without infringing copyright. This is not a case of the NFL politely looking the other way while most of America, in public and private, in casual conversations and in commercial broadcasts, discusses the game without the NFL?s permission. The NFL would be laughed out of court for trying to prevent them from doing so?just because you have a copyright in a work doesn?t mean you can prevent people from talking about it. Copyright simply doesn?t extend that far. The NFL is also drastically overstating its case when it comes to actual copies of the game or pictures coming from it. You can record the Super Bowl. It?s been undeniably, unquestionably legal since 1984 that you can record the broadcast to watch later (and skip commercials, if you?re so inclined). And the fair use doctrine that allows you to do this also lets you use those recordings for other purposes, too. If you want to use clips for commentary or criticism or news reporting of some aspect of the game or the broadcast, that?s perfectly legal, too. But the NFL has been using that disclaimer, or some form of it?basically miseducating America about copyright law?for years. Some years ago, one group actually complained about the broadcast of these falsehoods to the Federal Trade Commission, but didn?t get too far. In fact, the NFL has overreached so far on this in the past that when copyright professor Wendy Seltzer posted a video clip of that very disclaimer in order to critique it, the NFL sent a takedown notice to remove the clip from YouTube. After several rounds of irony-deficient messages back and forth, the clip was reinstated, and thus your ability to see it and its successors today remains un-prohibited by the NFL and copyright law. So if you find yourself hesitating about recording The Big Game because of the example set by the NFL and scores of advertisers, you can just relax. You can tape the Super Bowl. You can call it by its actual name. And you can discuss it all you want at the water cooler the next day. The law can?t stop you?no matter what the NFL says. Sherwin Siy is the vice president of legal affairs at Public Knowledge. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 31 18:45:28 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Jan 2015 19:45:28 -0500 Subject: [Infowarrior] - Sling TV is here.... Message-ID: <8F789E1D-B6A7-4A30-AB83-168E63D1CF94@infowarrior.org> Just got my SlingTV advance-registration code (signed up a few weeks back), signed up 5 minutes later, and currently flipping between live ESPN and CNN via my Roku 3. So far, it?s looking pretty decent. While there are other channels included in the base package, $20/mo for live streaming ESPN and (if needed) CNN is well worth it to me ? especially if the ESPN feed is run better than the one sent to the WatchESPN app! Presuming the public launch goes well and service quality is maintained, I suspect cablecos are going to see a wave of video cancellations in February. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 31 21:43:13 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Jan 2015 22:43:13 -0500 Subject: [Infowarrior] - Army cyber defenders released code to help detect and understand cyber attacks. Message-ID: <21AD68F7-408B-4407-8B8C-BF55F23EE801@infowarrior.org> January 31, 2015 | ScienceBlog.com Army cyber defenders released code to help detect and understand cyber attacks. http://scienceblog.com/76752/army-open-sources-cyber-defense-code-new-github-project/#OhH6AJSB7FMXIaS8.97 The forensic analysis code called Dshell has been used, for nearly five years, as a framework to help the U.S. Army understand the events of compromises of Department of Defense networks. A version of Dshell was added to the GitHub social coding website on Dec. 17, 2014 with more than 100 downloads and 2,000 unique visitors to date. Dshell is a framework that its users can use to develop custom analysis modules based on compromises they have encountered. It is anticipated that other developers would contribute to the project by adding modules that benefit others within the digital forensic and incident response community, said William Glodek, Network Security branch chief, U.S. Army Research Laboratory, or ARL. ?Outside of government there are a wide variety of cyber threats that are similar to what we face here at ARL. ?Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems,? said Glodek, whose page is the first official U.S. Army page on GitHub. GitHub is the center of gravity for software developers not only in the U.S, but around the world. Since the release, Dshell has been accessed by users in 18 countries, he said. ?For a long time, we have been looking at ways to better engage and interact with the digital forensic and incident response community through a collaborative platform,? Glodek said. ?The traditional way of sharing software even between government entities, can be challenging. We have started with Dshell because the core functionality is similar to existing publicly available tools but provides a simpler method to develop additional functionality. What Dshell offers is a new mechanism, or framework, which has already been proven to be useful in government to better analyze data.? Glodek would like to see others in the open source community add value and expertise to the existing Dshell framework, he said. He is starting an open source working group at ARL to look at other potential projects for a GitHub repository. ?I want to give back to the cyber community, while increasing collaboration between Army, the Department of Defense and external partners to improve our ability to detect and understand cyber attacks,? Glodek said. In the next six months, Glodek expects to have a flourishing developer community on GitHub with users from government, academia and industry. ?The success of Dshell so far has been dependant on a limited group of motivated individuals within government. By next year it should be representative of a much larger group with much more diverse backgrounds to analyze cyber attacks that are common to us all,? Glodek said. The Army Research Laboratory is part of the U.S. Army Research, Development and Engineering Command, which has the mission to develop technology and engineering solutions for America?s Soldiers. RDECOM is a major subordinate command of the U.S. Army Materiel Command. AMC is the Army?s premier provider of materiel readiness?technology, acquisition support, materiel development, logistics power projection and sustainment?to the total force, across the spectrum of joint military operations. If a Soldier shoots it, drives it, flies it, wears it, eats it or communicates with it, AMC provides it. -- It's better to burn out than fade away.