From rforno at infowarrior.org Sun Mar 1 15:10:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Mar 2015 16:10:51 -0500 Subject: [Infowarrior] - =?utf-8?q?NBC_Universal_Tries_to_Censor_TorrentFr?= =?utf-8?q?eak=E2=80=99s_News_About_Leaked_Films?= Message-ID: <0B8B7591-39DE-4E5F-8D6C-33DF9FC8E955@infowarrior.org> NBC Universal Tries to Censor TorrentFreak?s News About Leaked Films ? By Ernesto ? on March 1, 2015 http://torrentfreak.com/nbc-universal-tries-censor-news-leaked-films-150301/ In an attempt to make it harder for people to find pirated copies of its movies, NBC Universal has tried to remove several TorrentFreak articles from Google's search results. Apparently, talking about piracy is already enough for websites to be hit by takedown requests. Earlier this year an unprecedented flood of leaked movies hit the net, including screener copies of popular titles such as American Sniper, Selma and Unbroken. Hoping to steer people away from these unauthorized copies the copyright holders sent out thousands of takedown notices. These efforts generally target URLs of torrent sites, cyberlockers and streaming services that link to the unauthorized movies. However, some requests go a little further, targeting news publications such as the one you?re reading at the moment. Last week NBC Universal sent a series of takedown notices to Google including one for the leaked movie ?Unbroken.? Aside from the usual suspects, the list of allegedly infringing URLs also included our recent coverage of the screener leaks. As with the other pages, NBC Universal urged Google to remove our news report from its search results. Luckily, Google appears to have whitelisted our domain name so the search giant didn?t comply with the request. However, other sites may not be so lucky and could have their articles removed. The overreaching takedown request doesn?t appear to be an isolated incident. Two days earlier NBC Universal sent another takedown notice targeting our coverage of the ?Taken 3? leak. But there?s more. Aside from our news articles there are also other dubious claims in the notices, such as the request to remove a live concert from the band ?Unbroken.? The question remains whether NBC Universal intentionally targeted our news articles our not. While the latter seems to be the most likely explanation, it doesn?t change the fact that the overbroad censorship requests go too far. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 2 07:19:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Mar 2015 08:19:44 -0500 Subject: [Infowarrior] - The Democratization of Cyberattack Message-ID: <1A1613E5-D975-4504-8F3C-E2C0D65CAD94@infowarrior.org> The Democratization of Cyberattack https://www.schneier.com/blog/archives/2015/03/the_democratiza_1.html The thing about infrastructure is that everyone uses it. If it's secure, it's secure for everyone. And if it's insecure, it's insecure for everyone. This forces some hard policy choices. When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers. This isn't the only example of once-top-secret US government attack capabilities being used against US government interests. StingRay is a particular brand of IMSI catcher, and is used to intercept cell phone calls and metadata. This technology was once the FBI's secret, but not anymore. There are dozens of these devices scattered around Washington, DC, as well as the rest of the country, run by who-knows-what government or organization. By accepting the vulnerabilities in these devices so the FBI can use them to solve crimes, we necessarily allow foreign governments and criminals to use them against us. Similarly, vulnerabilities in phone switches--SS7 switches, for those who like jargon--have been long used by the NSA to locate cell phones. This same technology is sold by the US company Verint and the UK company Cobham to third-world governments, and hackers have demonstrated the same capabilities at conferences. An eavesdropping capability that was built into phone switches to enable lawful intercepts was used by still-unidentified unlawful intercepters in Greece between 2004 and 2005. These are the stories you need to keep in mind when thinking about proposals to ensure that all communications systems can be eavesdropped on by government. Both the FBI's James Comey and UK Prime Minister David Cameron recently proposed limiting secure cryptography in favor of cryptography they can have access to. But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents. Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon. We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance. As long as criminals are breaking into corporate networks and stealing our data, as long as totalitarian governments are spying on their citizens, as long as cyberterrorism and cyberwar remain a threat, and as long as the beneficial uses of computer technology outweighs the harmful uses, we have to choose security. Anything else is just too dangerous. This essay previously appeared on Vice Motherboard. From rforno at infowarrior.org Mon Mar 2 07:20:57 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Mar 2015 08:20:57 -0500 Subject: [Infowarrior] - Fwd: Feds Admit Stingrays Can Disrupt Cell Service of Bystanders References: <1661044578.1007622.1425302147032.JavaMail.yahoo@mail.yahoo.com> Message-ID: <3CDD48D7-5AA0-4E0F-9829-AB701ED36072@infowarrior.org> > From: Mark > > > Kim Zetter Security > 03.01.15 > 4:55 pm > http://www.wired.com/2015/03/feds-admit-stingrays-can-disrupt-cell-service-bystanders/ > Feds Admit Stingrays Can Disrupt Cell Service of Bystanders > The Justice Department and local law enforcement agencies insist that the only reason for their secrecy is to prevent suspects from learning how the devices work and devising methods to thwart them. > But a court filing recently uncovered by the ACLU suggests another reason for the secrecy: the fact that stingrays can disrupt cellular service for any phone in their vicinity?not just targeted phones?as well as any other mobile devices that use the same cellular network for connectivity as the targeted phone. > Civil liberties groups have long asserted that stingrays are too invasive because they can sweep up data about every phone in their vicinity, not just targeted phones, and can interfere with their calls. Justice Department and local law enforcement agencies, however, have refused to confirm this or answer other questions about the tools. > But in the newly uncovered document (.pdf)?a warrant application requesting approval to use a stingray?FBI Special Agent Michael A. Scimeca disclosed the disruptive capability to a judge. > ?Because of the way, the Mobile Equipment sometimes operates,? Scimeca wrote in his application, ?its use has the potential to intermittently disrupt cellular service to a small fraction of Sprint?s wireless customers within its immediate vicinity. Any potential service disruption will be brief and minimized by reasonably limiting the scope and duration of the use of the Mobile Equipment.? > The document was previously sealed and only came to light after the defense attorney for a defendant in the case filed a motion last year to dismiss evidence collected by the stingray. It?s the first time the ACLU has seen the FBI acknowledge the stingray?s disruptive capabilities and raises a number of questions about the nature of the disruption and whether the Federal Communications Commission knew about it when it certified the equipment. > ?We think the fact that stingrays block or drop calls of cell phone users in the vicinity should be of concern to cell service providers, the FCC, and ordinary people,? says Nate Wessler staff attorney with the ACLU?s Speech, Privacy, and Technology Project. ?If an emergency or important/urgent call (to a doctor, a loved one, etc.) is blocked or dropped by this technology, that?s a serious problem.? > Stingrays are mobile surveillance systems the size of a small briefcase that impersonate a legitimate cell phone tower in order to trick mobile phones and other mobile devices in their vicinity into connecting to them and revealing their unique ID and location. Stingrays emit a signal that is stronger than the signal of other cell towers in the vicinity in order to force mobile phones and other devices to establish a connection with them and reveal their unique ID. Stingrays can then determine the direction from which the phone connected with them, data that can then be used to track the movement of the phone as it continuously connects to the fake tower. > Although stingrays are designed to recognize 911 calls and let them pass to legitimate cell towers without connecting to the stingray, the revelation from the FBI agent raises the possibility that other kinds of emergency calls not made to 911 may not get through. > Law enforcement agencies around the country have been using variations of the stingray since the mid-90s to track the movement of suspects in this way. The technology is used by the FBI, the Secret Service, the U.S. Marshals Service, Customs and Border Patrol agents and the Drug Enforcement Agency as well as local law enforcement agencies in more than a dozen states. > But the secrecy around their use has been extreme, due in part to non-disclosure agreements that law enforcement agencies sign with the companies that make stingrays. > Stingrays Cloaked in Secrecy > Authorities in several states have been caught deceiving judges and defense attorneys about how they use the controversial technology or have simply used the devices without obtaining a warrant in order to avoid disclosing their use to a court. In other cases they have withheld information from courts and defense attorneys about how the stingrays work, refraining from disclosing that the devices pick up location data on all systems in their vicinity, not just targeted phones. Law enforcement agencies have even gone so far as to intervene in public records requests to prevent the public from learning about the technology. > The revelation in the court document is therefore significant and also begs the question: Who else knew about this capability and for how long? The Federal Communications Commission is responsible for certifying equipment that operates on radio frequencies to make sure that devices comply with certain technical standards and do not cause radio interference. If the companies that make stingrays failed to disclose the disruption of service to the federal agency, it would mean the devices had potentially been approved under false pretenses. > ?If an emergency or important/urgent call (to a doctor, a loved one, etc.) is blocked or dropped by this technology, that?s a serious problem.? > The Harris Corporation in Florida?the leading maker of stingrays for law enforcement in the U.S. and an aggressive proponent of secrecy around their use?has already been singled out for a questionable statement the company made to the FCC in a 2010 email. In the correspondence, a Harris representative told the FCC that the technology was used by law enforcement only ?in emergency situations.? But according to records the ACLU obtained from the police department in Tallahassee, Florida, in nearly 200 cases that the equipment was used since 2007 only 29 percent of these involved an emergency. Stingrays are regularly used in day-to-day criminal investigations to track suspected drug dealers, bank robbers and others. > The FCC certified stingray equipment from Harris in April 2011 and March 2012. > Asked whether the company disclosed the stingray?s disruptive capabilities to the FCC when it sought certification, an FCC official told WIRED, ?We can?t comment on how the devices operate because that information is confidential in accordance with the FCC?s application process.? She said Harris had specifically ?requested confidentiality in the application process.? > She also said that if ?wireless customers experiencing unexplained service disruptions or interference? report it to the FCC, the agency will ?investigate the causes.? > How Stingray Disruption Works > The case in which the FBI disclosed the service disruption is ongoing and involves a defendant named Claude Williams who was suspected of participating in a string of armed bank robberies. In July 2012, the FBI?s Scimeca submitted an application for a warrant to use a stingray to track Williams?s phone. > Although Scimeca was seeking authorization to use a stingray, he referred to it alternatively as mobile pen register and trap and trace equipment in his application. The nomenclature is important because the ACLU has long accused the government of misleading judges by using this term. Pen registers record the numbers dialed from a specific phone number, while trap and trace devices record the numbers that dial into a particular number. But stingrays are used primarily to track the location and movement of a device. > Although Scimeca disclosed to the magistrate that the equipment could disrupt phone service, he didn?t elaborate about how the disruption might occur. Experts suspect it has something to do with the ?catch-and-release? way stingrays work. For example, once the stingray obtains the unique ID of a device, it releases it so that it can connect to a legitimate cell tower, allowing data and voice calls to go through. > ?As each phone tries to connect, [the stingray] will say, ?I?m really busy right now so go use a different tower. So rather than catching the phone, it will release it,? says Chris Soghoian, chief technologist for the ACLU. ?The moment it tries to connect, [the stingray] can reject every single phone? that is not the target phone. > But the stingray may or may not release phones immediately, Soghoian notes, and during this period disruption can occur. > Disruption can also occur from the way stingrays force-downgrade mobile devices from 3G and 4G connectivity to 2G to get them to connect and reveal their unique ID and location. > In order for the kind of stingray used by law enforcement to work, it exploits a vulnerability in the 2G protocol. Phones using 2G don?t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate. > ?Depending on how long the jamming is taking place, there?s going to be disruption,? says Soghoian. ?When your phone goes down to 2G, your data just goes to hell. So at the very least you will have disruption of internet connectivity. And if and when the phones are using the stingray as their only tower, there will likely be an inability to receive or make calls.? > ?A Grave Threat to Privacy? > Concerns about the use of stingrays is growing. Last week, Senator Bill Nelson (D?Florida) sent a letter to the FCC calling on the agency to disclose information about its certification process for approving stingrays and any other tools with similar functionality. Nelson asked in particular for information about any oversight put in place to make sure that use of the devices complies with the manufacturer?s representations to the FCC about how the technology works and is used. > Nelson also raised concerns about their use in a remarkable speech on the Senate floor. The Senator said the technology ?poses a grave threat to consumers? cellphone and Internet privacy,? particularly when law enforcement agencies use them without a warrant. He also noted that invasive devices like the stingray will inevitably force lawmakers to come up with new ways to protect privacy. > His combative speech marks the first time a lawmaker has called out the controversial technology in the public chamber. But his speech was also remarkable for another reason: Nelson?s state of Florida is home to the Harris Corporation, and the company is his second biggest campaign donor. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Mon Mar 2 09:02:18 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Mar 2015 10:02:18 -0500 Subject: [Infowarrior] - Amateur Divers Find Long-Lost Nuclear Warhead Message-ID: (c/o JC) Georgia: Amateur Divers Find Long-Lost Nuclear Warhead February 12th, 2015 | by Barbara Johnson http://worldnewsdailyreport.com/georgia-amateur-divers-find-long-lost-nuclear-warhead/ Savannah| A couple of tourists from Canada made a surprising discovery while scuba diving in Wassaw Sound, a small bay located on the shores of Georgia. Jason Sutter and Christina Murray were admiring the marine life of the area when they stumbled upon a Mark 15 thermonuclear bomb that had been lost by the United States Air Force more than 50 years ago. The couple from London in Ontario, was on a two week vacation in Georgia and Florida to practise their favorite hobby, scuba diving, when they decided to dive near the shores of Tybee Island. While admiring the plants and fishes near the sea floor, they noticed a large cylindrical item partially covered by sand. They investigated the object and found out that it was actually a sort of bomb or missile, so they decided to contact the authorities. ?I noticed an object that looked like a metal cylinder, which I thought was an oil barrel? says Jason Sutter. ?When I dug it up a bit, I noticed that it was actually a lot bigger and that there was some writing on the side. When I saw the inscription saying that it was a Mk-15 nuclear bomb, I totally freaked out. I caught Chritina by the arm and made signs to tell her we had to leave. We made an emergency ascent, went back to shore and then we called 911.? The couple is still shocked after their frightening discovery and say they will avoid diving for the rest of their trip. Rapidly understanding the gravity of the situation, the 911 operator contacted every possible emergency service, including the coast guard and the military, leading to the deployment of more than 20 ships and 1500 men in the area. Using the GPS coordinates given by the couple, they rapidly located the powerful 3.8 megaton bomb. An unmanned submarine was sent to determine the condition of the bomb, before explosive experts were sent to disarm it. Fortunately, the thermonuclear weapon produced in 1955 seemed in sufficiently good shape for a team of Navy seals to try to defuse it. They successfully deactivated the warhead after hours of strenuous work, allowing the rest of the bomb to be moved. The delicate recovery operation took more than 48 hours, but the bomb was finally recovered and transported Mayport Naval Station in Florida. A full set of tests and analysis will now be performed on the warhead to evaluate its actual state and the possible ecological and health hazard that its presence in the bay for 50 years could represent. Navy explosive ordnance Disposal technicians spent nearly five hours working on the warhead before they were able to extract the detonator and the uranium core of the weapon, allowing the fuselage to be moved. The federal and state authorities were well-aware that a nuclear warhead had been lost in the area in the 1950?s and had never been recovered, but no efforts had been done for years to recover it. It was lost on the night of February 5, 1958, when a B-47 Stratojet bomber carrying the 7,600-pound hydrogen bomb on a simulated combat mission off the coast of Georgia collided with an F-86 Saberjet fighter at 36,000 feet of altitude. The collision destroyed the fighter and severely damaged a wing of the bomber, leaving one of its engines partially dislodged. The bomber?s pilot, Maj. Howard Richardson, was instructed by the Homestead Air Force Base in Florida. to jettison the H-bomb before attempting a landing. Richardson dropped the bomb into the shallow waters of Wassaw Sound, near the mouth of the Savannah River, where he believed the bomb would be swiftly recovered. The crew did not see an explosion when the bomb struck the sea and they managed to land the B-47 safely at the nearest base. For the following six weeks, the Air Force looked for the bomb without success. Underwater divers scoured the depths, troops tromped through nearby salt marshes, and a blimp hovered over the area attempting to spot a hole or crater in the beach or swamp. Researches were finally abandoned and the bomb remained hidden for more than 50 years until the unlucky couple stumbled upon it. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 2 09:03:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Mar 2015 10:03:44 -0500 Subject: [Infowarrior] - Isis threatens Twitter CEO & employees Message-ID: Isis threatens Twitter employees over blocked accounts Terror group supporters threaten social network, as well as co-founder Jack Dorsey specifically @alexhern Monday 2 March 2015 04.58 EST Last modified on Monday 2 March 2015 09.49 EST http://www.theguardian.com/technology/2015/mar/02/isis-threatens-twitter-employees-over-blocked-accounts-jack-dorsey Isis supporters have threatened Twitter employees, including co-founder Jack Dorsey specifically, with death over the social network?s practice of blocking accounts associated with the group. In an Arabic post uploaded to the image-sharing site JustPaste.it, the group told Twitter that ?your virtual war on us will cause a real war on you?. It warned that Jack Dorsey and Twitter employees have ?become a target for the soldiers of the Caliphate and supporters scattered among your midst!? ?You started this failed war ? We told you from the beginning it?s not your war, but you didn?t get it and kept closing our accounts on Twitter, but we always come back. But when our lions come and take your breath, you will never come back to life.? Twitter?s terms of service explicitly ban ?direct, specific threats of violence against others?, and the company has followed YouTube in proactively shutting down Isis-related Twitter accounts, with the aid of the UK?s counter-terrorism internet referral unit. When the company has identified a user as being associated with Isis, it moves aggressively to keep them off the social network. As the Guardian reported previously, ?one account run by Rayat al-Tawheed, who speaks on behalf of mainly UK-origin pro-Isis fighters, had a replacement account taken down by Twitter within just a few minutes of its relaunch? in September, after sending just three non-offensive tweets. During a Lords? committee hearing in July, Twitter?s Sin?ad McSweeney said it had ?in excess of 100 people? working 24/7 to examine reports to Twitter across a range of issues. A Twitter spokesman told Buzzfeed that ?our security team is investigating the veracity of these threats with relevant law enforcement officials? . -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 2 19:52:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Mar 2015 20:52:16 -0500 Subject: [Infowarrior] - Age Discrimination for Tinder? Message-ID: <8751C44B-32FD-470A-8F80-1A8C0DC1F274@infowarrior.org> Hey, Olds: Tinder's New Premium App Will Cost You Double If You're Over 30 Tinder Plus offers new features that the company says older users will pay more for, assuming they can get over the ego punch. By Evie Nagy http://www.fastcompany.com/3043092/fast-feed/hey-olds-tinders-new-premium-app-will-cost-you-double-if-youre-over-30?partner=rss Last week, BuzzFeed executive editor Doree Shafrir wrote a strong argument for using Tinder to find a relationship if you're over 30, despite the app's image as a hookup facilitator for twentysomethings. The company has evidently determined that lots of people agree with her, because its new premium app, Tinder Plus, will charge people over 30 twice as much as their younger counterparts. Tinder Plus users in the U.S. under 30 will pay $9.99 per month, while those over 30 will pay $19.99. The premium version of the app includes two main features: Rewind, allowing users to undo a left swipe, or indication that they're not interested, in case they rejected a profile by mistake, and Passport, allowing users to search for profiles in other geographic areas, for example in advance of a trip to that region. According to NPR, Tinder's market research supported the tiered pricing by age. "Over the past few months, we've tested Tinder Plus extensively in several countries," said a Tinder spokesperson in a statement. "We've priced Tinder Plus based on a combination of factors, including what we've learned through our testing, and we've found that these price points were adopted very well by certain age demographics. Lots of products offer differentiated price tiers by age, like Spotify does for students, for example. Tinder is no different; during our testing we've learned, not surprisingly, that younger users are just as excited about Tinder Plus, but are more budget constrained, and need a lower price to pull the trigger." It's hard, of course, not to see the move as a statement of desirability?set the entry bar higher for older users, you'll get fewer older users in the pool of available daters. But the truth is probably as Tinder claims. Older people looking for love are willing to pay more for the premium app's flexibility. We'll see if that holds once the uneven pricing is now public. Because...ouch. Evie Nagy is a Staff Writer at FastCompany.com, newly based in the Bay Area after almost a decade in New York, writing features and news with a focus on Fast Company's Most Creative People. From rforno at infowarrior.org Mon Mar 2 19:53:47 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Mar 2015 20:53:47 -0500 Subject: [Infowarrior] - Send (free!) encrypted messages between Android, iOS Message-ID: <67FA29A8-0000-4647-87A5-57D7AC7CBB91@infowarrior.org> Now you can easily send (free!) encrypted messages between Android, iOS Signal 2.0 makes end-to-end encryption ridiculously easy. by Megan Geuss - Mar 2, 2015 7:50pm EST http://arstechnica.com/security/2015/03/now-you-can-easily-send-free-encrypted-messages-between-android-ios/ In surveillance era, clever trick enhances secrecy of iPhone text messages "Perfect forward secrecy" comes to iOS and gets a boost on Android. On Monday, Open Whisper Systems announced the release of Signal 2.0, the second version of its app for iOS. What makes this latest release special is that it allows users to send end-to-end encrypted messages, for free, to users of Redphone and TextSecure, Android apps supported by Open Whisper Systems that encrypt calling and text messages, respectively. Previously, this kind of cross-platform secure messaging cost money in the form of a monthly subscription fee that both the sender and the receiver of the message had to pay. (Or, encrypting messages cost considerable time and effort to implement without a dedicated app.) Signal and its Android counterpart TextSecure are unique in that they use forward encryption, which generates temporary keys for each message, but still allow asynchronous messaging through the use of push notifications and "prekeys." Ars reported on the implementation details in 2013. Open Whisper Systems has pulled ahead of other privacy apps by making its interface easy for a person who doesn't know too much about encryption to use. It's also open source, so it can be vetted by experts, and its open encryption protocol can be adopted by other messaging apps. In fact, last November, messaging platform Whatsapp deployed Open Whisper Systems' protocol for its 500 million Android users. Still, until now communicating with iOS users from an Android phone has been much more challenging. Signal also will allow users to ?enable screen security,? which prevents iOS from taking a screenshot of the app in use when the user exits the app. Text and voice encryption have taken on extra importance in recent weeks since The Intercept reported on the latest leak from former National Security Agency (NSA) contractor Edward Snowden, in which documents showed that NSA and GCHQ officials had hacked into SIM card manufacturer e-mails and proceeded to steal millions of encryption keys corresponding to the SIMs. From there, state-sponsored spies would be able to collect cell phone transmissions and decrypt them, even if the transmissions were stored for years. Gemalto, one of the world's largest SIM manufacturers, has denied the reported scope of the NSA's and the GCHQ's hacking. Speaking to Fusion, Moxie Marlinspike, the founder of Open Whisper Systems, said that high-profile coverage of government spying is pushing up demand for encrypted messaging apps. ?Every time [Intercept parent company] First Look publishes a story, our installs go up,? he said. ?It?s well-documented that calls and messages you send over [phone networks] are not private. Things like Signal are a way to have private communication from your phone and also a better experience. Sending media messages to your friends will be frictionless and high quality and a lot better than sending MMS.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 3 19:59:30 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Mar 2015 20:59:30 -0500 Subject: [Infowarrior] - But, but Petraeus' leaks were forgivable, right? Message-ID: <8A11268E-B591-4CB6-BBE4-BE10D30F9E9A@infowarrior.org> Did you hear the one where the top guy at the CIA cuts a deal for handing over classified material to his mistress? He might get a whole year in prison for it, but it looks more likely he'll get a slap on the hand and maybe even keep his security clearance. Yes, that's real. About the plea deal: He pleads guilty to one single count of unauthorized removal and retention of classified documents. < - > All eight books ?collectively contained classified information regarding the identifies of covert officers, war strategy, intelligence capabilities and mechanisms, diplomatic discussions, quotes and deliberative discussions from high-level National Security Council meetings? and discussions with the president of the United States.? The books also contained ?national defense information, including top secret/SCI and code word information,? according to the court papers. In other words: These weren?t just ordinary secrets. This was highly, highly classified material. < - > http://crooksandliars.com/2015/03/wait-till-you-hear-what-petraeus-handed -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 4 06:30:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Mar 2015 07:30:10 -0500 Subject: [Infowarrior] - The Hillary Clinton Hosting Service Message-ID: <536F2E83-DA54-430D-BEE0-A1DF130D4BAF@infowarrior.org> (I guess she could always run a hosting service if she doesn't win the presidency.... --rick) Clinton ran own computer system for her official emails By JACK GILLUM and TED BRIDIS Mar. 4, 2015 7:16 AM EST http://bigstory.ap.org/article/b78ba433af3a45209668f745158d994c/clinton-ran-homebrew-computer-system-official-emails1 WASHINGTON (AP) ? The computer server that transmitted and received Hillary Clinton's emails ? on a private account she used exclusively for official business when she was secretary of state ? traced back to an Internet service registered to her family's home in Chappaqua, New York, according to Internet records reviewed by The Associated Press. The highly unusual practice of a Cabinet-level official physically running her own email would have given Clinton, the presumptive Democratic presidential candidate, impressive control over limiting access to her message archives. It also would distinguish Clinton's secretive email practices as far more sophisticated than some politicians, including Mitt Romney and Sarah Palin, who were caught conducting official business using free email services operated by Microsoft Corp. and Yahoo Inc. Most Internet users rely on professional outside companies, such as Google Inc. or their own employers, for the behind-the-scenes complexities of managing their email communications. Government employees generally use servers run by federal agencies where they work. In most cases, individuals who operate their own email servers are technical experts or users so concerned about issues of privacy and surveillance they take matters into their own hands. It was not immediately clear exactly where Clinton ran that computer system. Clinton has not described her motivation for using a private email account ? hdr22 at clintonemail.com, which traced back to her own private email server registered under an apparent pseudonym ? for official State Department business. Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton's home, an email server there would have been well protected from theft or a physical hacking. But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers. Those professional facilities provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems and redundant communications lines. A spokesman for Clinton did not respond to requests seeking comment from the AP on Tuesday. Clinton ignored the issue during a speech Tuesday night at the 30th anniversary gala of EMILY's List, which works to elect Democratic women who support abortion rights. It was unclear whom Clinton hired to set up or maintain her private email server, which the AP traced to a mysterious identity, Eric Hoteham. That name does not appear in public records databases, campaign contribution records or Internet background searches. Hoteham was listed as the customer at Clinton's $1.7 million home on Old House Lane in Chappaqua in records registering the Internet address for her email server since August 2010. The Hoteham personality also is associated with a separate email server, presidentclinton.com, and a non-functioning website, wjcoffice.com, all linked to the same residential Internet account as Mrs. Clinton's email server. The former president's full name is William Jefferson Clinton. In November 2012, without explanation, Clinton's private email account was reconfigured to use Google's servers as a backup in case her own personal email server failed, according to Internet records. That is significant because Clinton publicly supported Google's accusations in June 2011 that China's government had tried to break into the Google mail accounts of senior U.S. government officials. It was one of the first instances of a major American corporation openly accusing a foreign government of hacking. Then, in July 2013, five months after she resigned as secretary of state, Clinton's private email server was reconfigured again to use a Denver-based commercial email provider, MX Logic, which is now owned by McAfee Inc., a top Internet security company. The New York Times reported Monday that Clinton exclusively used a personal email account it did not specify to conduct State Department business. The disclosure raised questions about whether she took actions to preserve copies of her old work-related emails, as required by the Federal Records Act. A Clinton spokesman, Nick Merrill, told the newspaper that Clinton complied with the letter and spirit of the law because her advisers reviewed tens of thousands of pages of her personal emails to decide which ones to turn over to the State Department after the agency asked for them. In theory but not in practice, Clinton's official emails would be accessible to anyone who requested copies under the U.S. Freedom of Information Act. Under the law, citizens and foreigners can compel the government to turn over copies of federal records for zero or little cost. Since Clinton effectively retained control over emails in her private account even after she resigned in 2013, the government would have to negotiate with Clinton to turn over messages it can't already retrieve from the inboxes of federal employees she emailed. The AP has waited more than a year under the open records law for the State Department to turn over some emails covering Clinton's tenure as the nation's top diplomat, although the agency has never suggested that it didn't possess all her emails. Clinton's private email account surfaced publicly in March 2013 after a convicted Romanian hacker known as Guccifer published emails stolen from former White House adviser Sidney Blumenthal. The Internet domain was registered around the time of her secretary of state nomination. Rep. Trey Gowdy, R-S.C., chairman of the special House committee investigating the Benghazi attacks, said the committee learned last summer ? when agency documents were turned over to the committee ? that Clinton had used a private email account while secretary of state. More recently the committee learned that she used private email accounts exclusively and had more than one, Gowdy said. President Barack Obama signed a bill last year that bans the use of private email accounts by government officials unless they retain copies of messages in their official account or forward copies to their government accounts within 20 days. The bill did not become law until more than one year after Clinton left the State Department. ___ Associated Press writer Stephen Braun contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 4 09:42:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Mar 2015 10:42:37 -0500 Subject: [Infowarrior] - Tom Ridge Can Find Terrorists Anywhere Message-ID: Tom Ridge Can Find Terrorists Anywhere https://www.schneier.com/blog/archives/2015/03/tom_ridge_can_f.html -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 4 10:53:12 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Mar 2015 11:53:12 -0500 Subject: [Infowarrior] - Florida Legislators Introduce Bill That Would Strip Certain Site Owners Of Their Anonymity Message-ID: <999A4FE3-118E-4E79-BBC1-020FEE639D1F@infowarrior.org> Florida Legislators Introduce Bill That Would Strip Certain Site Owners Of Their Anonymity https://www.techdirt.com/articles/20150303/07454630195/florida-legislators-introduce-bill-that-would-strip-certain-site-owners-their-anonymity.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 4 13:13:32 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Mar 2015 14:13:32 -0500 Subject: [Infowarrior] - A Group 'Hacked' the NSA's Website to Demonstrate a Widespread Bug Message-ID: <526A7AD6-D30A-4493-A6CA-225E530D03A9@infowarrior.org> A Group 'Hacked' the NSA's Website to Demonstrate a Widespread Bug Written by Lorenzo Franceschi-Bicchierai March 3, 2015 // 07:28 PM EST A group of researchers only needed $104 and 8 hours of Amazon?s cloud computing power to hack the NSA?s website. And their feat was made possible by a bug that, ironically, was practically created by the NSA itself and its anti-encryption policies from 20 years ago. The NSA?s site was just the guinea pig to demonstrate a newly-disclosed internet flaw called ?FREAK. The bug, first ?disclosed on Monday by Akamai, allows an attacker to intercept a supposedly secure connection between people using Android or Apple devices and thousands, if not millions, of websites. This gives the hackers the chance to impersonate said website and steal confidential data like passwords and logins. Now, as crypto expert Matthew Green correctly ?pointed out, this wasn?t really a ?hack.? Mounting a man-in-the-middle attack against NSA.gov is not the same as hacking the NSA (as an always-appropriate XKCD cartoon illustrates)??. < ? .> http://motherboard.vice.com/read/a-group-hacked-the-nsa-website-to-demonstrate-widespread-bug-freak -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 4 19:29:18 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Mar 2015 20:29:18 -0500 Subject: [Infowarrior] - WH threatens veto on GOP-backed "bad science" bills Message-ID: <79562068-A040-4307-8259-1A971830F5E0@infowarrior.org> ScienceInsider Breaking news and analysis from the world of science policy Daniel Parks/Flickr (CC BY-NC 2.0) Congressional Republicans say bills are designed to make the process of writing EPA regulations, such as those covering drinking water, more transparent. Update: White House issues veto threat as House prepares to vote on EPA 'secret science' bills Email Puneet By Puneet Kollipara 3 March 2015 4:45 pm http://news.sciencemag.org/environment/2015/03/u-s-house-prepares-vote-controversial-epa-secret-science-and-science-advice The U.S. House of Representatives could vote as early as this week to approve two controversial, Republican-backed bills that would change how the U.S. Environmental Protection Agency (EPA) uses science and scientific advice to inform its policies. Many Democrats, scientific organizations, and environmental groups are pushing back, calling the bills thinly veiled attempts to weaken future regulations and favor industry. White House advisers today announced that they will recommend that President Barack Obama veto the bills if they reach his desk in their current form (statements here and here). The bills, introduced by a mostly Republican cast of sponsors in both the House and the Senate, would require that EPA use only publicly available, reproducible data in writing regulations and seek to remake the membership and procedures of the agency?s science advisory panels. Supporters, including industry groups such as the U.S. Chamber of Commerce, argue that the legislation would improve the transparency and soundness of how EPA uses science, making regulations less costly and more effective. Opponents, however, are calling the bills wolves in sheep?s clothing. ?I cannot support legislation that makes it easier for industry to implement their destructive playbook, because risking the health of the American people is not a game that I?m willing to play,? said Representative Paul Tonko (D?NY) at a 25 February committee meeting on the bills. Versions of both bills had been introduced in previous Congresses, and their revival was widely expected as part of Republicans? continuing efforts to block key parts of Obama?s environmental agenda. H.R. 1030, the EPA Secret Science Reform Act, was introduced in the House by Representative Lamar Smith (R?TX), chair of the House science committee; a Senate companion is backed by Senator John Barrasso (R?WY). The bill would require the data EPA use for future regulations to be publicly available so that other scientists can independently analyze it. ?The legislation provides an opportunity for the type of transparent and accountable government the American people want and deserve,? Smith said just before a 25 February committee vote to send the bill to the full House. H.R. 1029, the EPA Science Advisory Board (SAB) Reform Act, meanwhile, was introduced in the House by representatives Frank Lucas (R?OK) and Collin Peterson (D?MN) and in the Senate by senators John Boozman (R?AR) and Joe Manchin (D?WV). The bill would make changes to the structure and procedures of the SAB, a federally chartered body of scientists and economists who review EPA risk assessments and policy documents and advise the agency on other science-related matters. The bill would improve scientific advice to EPA by ?guaranteeing a well-balanced expert panel, increasing transparency, and encouraging public participation,? Lucas said before the committee also voted to send the bill to the full House. Democrats, science groups, and public-interest groups have numerous concerns about both bills. The secret science bill, for example, would apparently bar EPA from using public health studies based on confidential patient information, wrote the American Statistical Association?s president, David Morganstein, in a 25 February letter to lawmakers. That would force the agency into ?a choice ? between maintaining data confidentiality and issuing needed regulations,? he wrote. Also, efforts to deidentify sensitive data before release?by stripping names and other information?aren?t fail-safe, Morganstein wrote. But backers of the bill said those problems could be resolved. Study participants could sign waivers acknowledging that the raw data could become public, said Representative Dana Rohrabacher (R?CA). People concerned about their privacy could also decline to participate, he suggested. ?Their specific participation isn?t necessary to have a successful research project,? he said at the committee meeting. Democrats disagreed. Researchers? findings could become skewed, because many potential participants?especially the sickest ones?would drop out. ?You need a broad, unbiased sample in order to have valid results,? Representative Zoe Lofgren (D?CA) said at the meeting. Democrats are further concerned about another provision, not included in earlier versions, that would give EPA only $1 million per year to implement the bill, which would entail, among other things, obtaining raw data from study authors. The nonpartisan Congressional Budget Office calculated that the bill would cost $250 million annually to implement early on, and that?s only if EPA were to halve the number of studies it used to 25,000 annually, said Representative Donna Edwards (D?MD). ?It forces the agency into an untenable position??either ignore the bill?s requirements because of lack of funding or comply with them and stop using scientific studies almost entirely after the money runs out, Edwards said. ?The majority is actually legislating failure,? she said. Another provision in the advisory board legislation also troubles some outside groups. It would allow industry scientists greater leeway to join EPA panels, but bar academic scientists on the panels from talking about matters related to research they?re doing. The idea is to provide balance and prevent conflicts of interest, backers say. But the provision ?turns the idea of conflict of interest on its head,? wrote Andrew Rosenberg, director of the Center for Science and Democracy at the Union of Concerned Scientists in Cambridge, Massachusetts, in a 25 February letter to lawmakers. Even though the bill contains new language that lets scientists talk about their research if their expertise is externally peer reviewed and publicly disclosed, Rosenberg worries that language is legally ambiguous, as scientists' work isn't limited to published research. Another provision requiring advisory panels to respond to all public comments would encourage commenters to bombard panelists, preventing the panels from finishing their work, said Representative Eddie Bernice Johnson (D?TX), the top Democrat on the House science committee. ?I assume that is the point of this legislation,? Johnson said. Committee Republicans defeated a number of Democratic amendments to alter the bills before sending them to the full House, but approved one (by voice vote) from Representative Alan Grayson (D?FL) that would bar all lobbyists from serving on EPA advisory panels. The full House is expected to approve the bills as early this week. The Senate?s course of action isn?t yet clear. *Update, 4 March, 11:00 a.m.: This story has been updated to include the White House's veto threat, and to clarify a bill provision on academic members of advisory panels. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 5 13:15:28 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2015 14:15:28 -0500 Subject: [Infowarrior] - Quartering spyware troops in the digital age Message-ID: (c/o geer) www.usatoday.com/story/opinion/2015/03/01/constitutional-law-third-amendment-quartering-column/24220593/ Quartering spyware troops in the digital age Glenn Harlan Reynolds 1:55 p.m. EST March 2, 2015 The Third Amendment keeps a low profile, but it is time to revisit who and what we quarter. In 1893, historian Frederick Jackson Turner published a famous paper on the closing of the American frontier. The last unsettled areas, he said, were being populated, and that meant the end of an era. I think that something a bit like that is happening in my field of constitutional law. The last part of the Bill of Rights left almost untouched -- the Third Amendment -- is now becoming the subject of substantial academic commentary, with a symposium on the amendment, which I attended, this past weekend held by the Tennessee Law Review. The Tennessee Law Review published the very first law review article on the Third Amendment back in 1949. But there weren't very many to follow: a handful, over many decades. Maybe that's because the Third Amendment just plain works. It provides: "No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law." That doesn't happen much -- The Onion ran a parody piece some years ago entitled "Third Amendment Rights Group Celebrates Another Successful Year" -- and so it may just be that the Third Amendment is the only part of the Bill of Rights that really works. Except that it may not be working the way that we think. The only Supreme Court case in which the Third Amendment did any heavy lifting is Griswold v. Connecticut, a case that's not about troop-quartering, but about birth control. The Supreme Court held that the Third Amendment's "penumbra" (a legal term that predates the Griswold case) extended to protecting the privacy of the home from government intrusions. "Would we," asked the court, "allow the police to search the sacred precincts of marital bedrooms for telltale signs of the use of contraceptives?" The very idea, said the court, was "repulsive." Likewise, the U.S. Court of Appeals for the Second Circuit held in Engblom v. Carey that the Third Amendment protects a "fundamental right to privacy" in the home. Since then, courts haven't done much to flesh these holdings out, but I wonder if they should. In the 18th century, when the Third Amendment was drafted, "troop quartering" meant literally having troops move into your house to live at your expense and sleep in your beds. It destroyed any semblance of domestic privacy, opening up conversations, affection, even spats to the observation and participation of outsiders. It converted a home into an arena. Today we don't have that, but we have numerous intrusions that didn't exist in James Madison's day: Government spying on phones, computers, and video -- is spyware on your computer like having a tiny soldier quartered on your hard drive? -- intrusive regulations on child-rearing and education, the threat of dangerous "no-knock" raids by soldierly SWAT teams that break down doors first and ask questions later. The Third Amendment hasn't been invoked in these cases -- well, actually, it has, in the case of a SWAT team in Henderson, Nev., that took over a family home so that it could position itself against a neighbor's house -- but maybe it should be. At least, maybe we should go farther in recognizing a fundamental right of privacy in people's homes. At common law, the saying was that a man's home is his castle, or, as William Pitt put itin 1763: "The poorest man may in his cottage bid defiance to all the forces of the crown. It may be frail, its roof may shake; the wind may blow through it; the storms may enter, the rain may enter -- but the King of England cannot enter." In this post-drug war era of no-knock raids, SWAT teams, and governmental spying, it's sad to think that we are, in fact, less secure in our homes than "the poorest man" in his own cottage was under the English kings we once revolted against. And if that's the case, maybe the Third Amendment isn't working as well as we think. I think that courts -- and legislators, and citizens -- need to work harder to protect the sanctity of the home against official intrusions. We're already spied on and regulated throughout the day. We should, at least, be able to relax behind our own doors. Glenn Harlan Reynolds, a University of Tennessee law professor, is the author of The New School: How the Information Age Will Save American Education from Itself. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 5 13:15:32 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2015 14:15:32 -0500 Subject: [Infowarrior] - Snowden Deserves Petraeus-Like Deal, Backers Say Message-ID: <970C29BC-7171-40C3-9FCC-B72067504009@infowarrior.org> Snowden Deserves Petraeus-Like Deal, Backers Say Congressman: Leaks to impress a girlfriend are much worse than exposing unconstitutional surveillance. http://www.usnews.com/news/articles/2015/03/04/edward-snowden-deserves-david-petraeus-like-deal-backers-say < - > Meanwhile, Rep. Alan Grayson, D-Fla., who has opposed mass surveillance programs Snowden exposed, bristled at the idea of comparing the criminal conduct of Petraeus and Snowden. ?Gen. Petraeus violated the law to impress a girlfriend,? he says. ?Edward Snowden released confidential information in order to bring attention to overwhelming and pervasive constitutional violations.? Snowden revealed ?the fact that the Fourth Amendment seems to be shredded, the fact that the constitutional requirements of probable cause and particularity have been thrown out the window ? these are things we never would have known but for his actions,? he says. Grayson hopes the Obama administration will treat Snowden with even greater leniency, but he doubts that will happen. ?Petraeus is part of the club and Edward Snowden is not,? he says. ?I don?t expect the kind of leniency that was shown to someone who is an insider will also be conferred on someone who is an outsider, particularly when you view the administration's abysmal record regarding whistleblowers in general.? < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 5 13:20:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2015 14:20:44 -0500 Subject: [Infowarrior] - Kill Section 215, but don't blame us if another 9/11 happens. Message-ID: <8E22FDF8-1940-42B9-8E96-D700479C3F44@infowarrior.org> (extracted from larger article @ Techdirt) Jason Koebler at Vice spells it out succinctly: Kill Section 215, but don't blame us if another 9/11 happens. https://www.techdirt.com/articles/20150302/16581330187/clapper-attacks-we-didnt-prevent-past-cant-be-prevented-future-if-section-215-is-allowed-to-die.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 5 18:42:39 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2015 19:42:39 -0500 Subject: [Infowarrior] - CSI: Cyber takes stupidity to a new level Message-ID: <7DF4B8BA-905A-490D-9C6D-91C2A4C0088E@infowarrior.org> (c/o EP) CSI: Cyber takes stupidity to a new level Last updated 12:27 06/03/2015 http://www.stuff.co.nz/entertainment/blogs/couch-potato/11334366/CSI-Cyber-takes-stupidity-to-a-new-level Once upon a time - when I had virtually no taste in television shows - I used to watch CSI and CSI: Miami. Always against my better judgement, of course. As a former scientist I would scoff at laboratory results in seconds that would normally take hours or days to obtain. And the zooming in on low resolution photos and using the magic 'enhance' function that only television writers seem to think exists in order to get a number plate? Cue bashing of head against the wall. But despite all that I held out some hope for CSI: Cyber, the latest spinoff of the tired old franchise. An interesting cast, led by recent Oscar-winner Patricia Arquette and Dawson himself, James Van Der Beek could surely make the fascinating world of cybercrime relevant and engaging. Unfortunately they only succeeded in making the worst pilot since Dads, and a show so bad it will surely kill the franchise stone dead. To suggest Arquette was phoning it in is something of an understatement. A mannequin shows more depth and range than she did during the first episode, although to be fair the script didn't particularly help her. And Van Der Beek was as lifeless as his forehead. And that doesn't even begin to describe the massive problems of this show. The dialogue was something I'd have been embarrassed to read in a 10-year-old's homework book, like this for example: "I know how hard this must be," Arquette says to a kidnapped baby's mother. "Do you have children?" "No." "Then you don't know." It had the emotional depth of a sociopath's convention. And if the dialogue was't bad, at other times it was beyond laughable. In one scene Van Der Beek runs after a bad guy escaping on a trail bike. Realising he can't catch him, he withdraws his gun, shoots once and kills the guy. He walks up to the body and phones in that an agent has been involved in a shooting. "Yes, I'm okay," he says. "But the other guy's going to need a body bag." BOOM! All it needed was David Caruso to appear in the background, removing his sunglasses and the ridiculousness would have been complete. I've written before about the dumbing down of television shows but CSI: Cyber took it to a completely new level. The most egregious example was when Van Der Beek walked around to the back of the property and we see an electricity box with a red wire being but hanging out of it. He walks up, picks up the wire, examines it and utters the priceless "Hmmm, security wire's been cut". And then there was the lying of the mother of the kidnapped baby. She clearly has something to hide and Arquette's on the case. She asks a question - and the camera zooms in on the eyes and they're a bit shifty. "Ah", says everyone. "She's lying. I wonder what she's got to hide." But wait. What's this? Another question? Camera zooms in on her mouth and she's biting her lips. "Okay, she's definitely lying. We've established that. Move on!" But no! Another question! Zoom in on her hands. She's gripping herself weirdly after a question about breastfeeding. BURN THE WITCH! LIAR! There's spoonfeeding your audience, as many shows do to ensure important plot points aren't missed, and treating them like imbeciles. The writers for CSI: Cyber clearly feel the majority of their viewers have the brain capacity of an amoeba. And so to the technology. Surely that would be at least realistic, right? Computers are so ubiquitous and capable that they couldn't screw it up. Oh, how little faith I had in the writers' ability to get it so wrong. The cry of 'MALWARE' was accompanied by green letters on the screen being overwhelmed by animated red characters. The virtual autopsies were cring-inducing. And the hacking of a gaming console that ended with one of the techs, in seconds, tracing a console to a specific address? It's as real as my hopes of winning the Booker Prize. And if that wasn't quite enough, there was the moment that Arquette says the magical line "Someone's got some peepee". It's to a baby, thankfully - but I had to double check. Where could this possibly be going? Ah diaper edges trap fingerprints, Arquette tells the urine machine. Cue black dust - and a bad, smudgy fingerprint of one of the kidnappers. A quick snap of the fingerprint and, real time, on Van Der Beek's phone a picture of the woman appears. Now all of this is bad. Actually beyond bad. Appallingly awful. Embarrasing in fact. But there was one moment that was so much worse that I still don't quite believe it was real. Having found the bad guys who were auctioning off kidnapped babies the CSI team couldn't shut the system down because they didn't have the 20-digit password. But Van Der Beek is on to something. He notices a new tattoo on one of the bad guys - a large portrait of someone with a date underneath it. Dawson rips the shirt off in one swife movement and there are other tattoos over the guy's body. The whole team realises it at the same time - all those dates underneath ARE THE PASSWORD. Queue some guessing in which order it needs to go and they crack the password first time! Yep, the bad guy spent hours in pain and thousands of dollars on fake portraits and dates all over his body - TO REMEMBER A 20 CHARACTER PASSWORD. I hope none of his co-bad guys ever needed the password while he was out getting groceries. Imagine the scene in Whole Foods as he strips off and tries to read the numbers backwards in a mirror? Actually, don't. If you want a laugh at just how appalling a show can be, then the resourceful amongst you will be able to stream it easily enough. The rest of you? Try and find an easier way to remember a password and avoid CSI: Cyber like the plague. Me? I'm off to scrub my hard drive and hope they don't trace my IP address and make me watch the rest of the season as punishment. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 6 13:53:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Mar 2015 14:53:46 -0500 Subject: [Infowarrior] - CIA to make sweeping changes, focus more on cyber ops: agency chief Message-ID: <15874D35-BADA-4FE7-85C4-F0B316193207@infowarrior.org> CIA to make sweeping changes, focus more on cyber ops: agency chief By Mark Hosenball WASHINGTON Fri Mar 6, 2015 2:06pm EST http://www.reuters.com/article/2015/03/06/us-usa-cia-idUSKBN0M223920150306 (Reuters) - The Central Intelligence Agency is launching one of the biggest reorganizations in its history, aimed in part at sharpening its focus on cyber operations and incorporating digital innovations into intelligence gathering, CIA director John Brennan said. In a presentation to reporters this week, Brennan said he also is creating new units within the CIA, called "mission centers," intended to concentrate the agency's focus on specific challenges or geographic areas, such as weapons proliferation or Africa. On the cyber front, the CIA chief said he is establishing a new "Directorate of Digital Innovation" to lead the agency's efforts to track and take advantage of advances in cyber technology. U.S. officials said that Brennan decided the agency had to increase the resources and emphasis it devoted to cyberspace because advanced communications technology is rapidly becoming pervasive. Historically, electronic eavesdroppers at the National Security Agency have been at the cutting edge of digital innovation within the U.S. government. But the CIA felt that it too had to reorganize to keep up with the technological "pace of change," as one official put it. Brennan said the new digital directorate will have equal status within the agency with four other directorates which have existed for years. "Our ability to carry out our responsibilities for human intelligence and national security responsibilities has become more challenging" in today's digital world, Brennan said. "And so what we need to do as an agency is make sure we?re able to understand all of the aspects of that digital environment." Created in 1947, the CIA is divided into four major directorates. Two - the Directorate of Science and Technology, which among other activities invents spy gadgets, and the Directorate of Support, which handles administrative and logistical tasks - will retain their names. The Directorate of Intelligence will be renamed "Directorate of Analysis" to reflect its function as the home of agency experts who collate and analyze information from secret and open sources, Brennan said. The National Clandestine Service, home of front-line agency undercover "case officers," who recruit spies and conduct covert actions, will be renamed Directorate of Operations, which is what it had been called for most of the agency's history. The 10 new "mission centers" will bring together CIA officers with expertise from across the agency's range of disciplines to concentrate on specific intelligence target areas or subject matter, Brennan said. Competition between spy agencies and between units within agencies has led to "stove piping" of information that should have been widely shared and to critical information falling through bureaucratic cracks, Brennan and other U.S. intelligence officials said. "I know there are seams right now, but what we?ve tried to do with these mission centers is cover the entire universe, regionally and functionally, and so something that?s going on in the world falls into one of those buckets," Brennan said. The CIA currently operates at least two such interdisciplinary centers, covering counter-terrorism and counter-intelligence. (Editing By Warren Strobel and Grant McCool) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 6 13:59:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Mar 2015 14:59:26 -0500 Subject: [Infowarrior] - Oracle dumping crapware into Mac Java bundles Message-ID: <9A7413C0-681D-40A9-ABED-4D186784EA43@infowarrior.org> Oracle's now dumping Java crapware bundles on your Mac, too by Steve Dent | @stevetdent | 10 hrs ago http://www.engadget.com/2015/03/06/java-adware-mac/ Since megayachts aren't going to buy themselves, Larry Ellison's Oracle has been picking up extra cash for years by slipping adware to Windows users via its ubiquitous Java software. If you felt smug because you were on a Mac, guess what! Installing Java on your OSX-equipped MacBook could now lead to an unexpected encounter with the dreaded "Ask.com" toolbar, too. Though not as dangerous as SuperFish, the program will hijack your browser's search functions and delivery iffy, ad-laden results while being tricky for neophytes to remove. If you don't pay attention during installation, you can easily end up with it, as you need to purposefully opt out to avoid it. For Java 8 Update 40 on Mac, the update instructions now confirm that "Oracle has partnered with companies that offer various products," including Ask.com (McAfee products have also been bundled on the PC). As ZDnet pointed out, the parent company of Ask.com -- which also owns Tinder, OKCupid, the Daily Beast and others -- paid out $883 million to partners like Oracle to distribute its toolbar and other wares. The software is hated enough that it spawned a Change.org petition that has so far garnered 20,000 or so signatures. Oracle's introduction of the adware "bundle" to the Mac seems particularly bad timing considering how fresh the Lenovo adware installation fiasco is in everybody's minds. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 8 12:54:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2015 13:54:26 -0400 Subject: [Infowarrior] - Canadians Face 'Intrusive' Spy Bill That Echoes US Patriot Act Message-ID: <46ED4EB2-5417-44CF-A56A-FF4E464C8182@infowarrior.org> Published on Thursday, March 05, 2015 by Common Dreams Snowden: Canadians Face 'Intrusive' Spy Bill That Echoes US Patriot Act by Nadia Prupis, staff writer http://www.commondreams.org/news/2015/03/05/snowden-canadians-face-intrusive-spy-bill-echoes-us-patriot-act In a teleconference hosted by the Canadian Journalists for Free Expression at Ryerson University on Wednesday, NSA whistleblower Edward Snowden warned that the country's intelligence agencies have the "weakest oversight" in the Western world, and that new anti-terror legislation championed by Prime Minister Stephen Harper was "an emulation of the American Patriot Act." "And when [the agencies are] trying to expand their powers, it's pretty amazing that we have the Canadian government trying to block the testimony of former prime ministers who've had access to classified information, who understand the value of these programs, and who are warning the public broadly and saying this is something we really need to talk about, this is something we really need to debate, this is something we really need to be careful about," Snowden continued. As Common Dreams previously reported, the new surveillance legislation, known as Bill C-51, "would expand the Canadian Security Intelligence Service (CSIS)'s powers to 'disrupt terrorism offenses and terrorist activity;' make it easier for law enforcement agencies to carry out preventive detentions, and allow them for longer time, make it easier to federal agencies to share information, and give law enforcement agencies power 'to disrupt terrorism offenses and terrorist activity.'" While critics have said the scope of the legislation is overly broad and exploits recent attacks to expand unwarranted surveillance powers, Harper and others in Parliament say the bill is necessary for national security. But in Canada, terrorism kills fewer people than lightning strikes, Snowden said, adding that mass surveillance is an ineffective method in catching lone wolf attackers. "When you think about bulk collection . . . and you collect everything on everybody, you don?t really understand anything about it," he said. "You can drown in data. You can?t make the connections and more data is constantly generated all the time." Moreover, the charge of national security is not strong enough to warrant sacrificing personal freedom, Snowden continued. "No matter what we do, no matter what laws we pass, we cannot throw away all of our rights, all of our liberties, all of our traditional freedoms because we are afraid of rare instances of criminal activity," he said. "Governments never had this power in the past where they could pre-emptively investigate every member of society, place them under quite intrusive surveillance." During the hour-long chat, Snowden also said of electronic information, "Everything can be subverted." Earlier this week, Snowden's main Russian lawyer Anatoly Kucherena reiterated the whistleblower's desire to return home to the U.S. from Moscow, where he has lived under political asylum since exposing U.S. spying operations in 2013. Kuchereno said that Snowden would be willing to come home, where he is wanted on espionage charges, if he could be guaranteed a fair and impartial trial. That doesn't seem to be possible at this point, Snowden said Wednesday. "There is no fair trial available on offer right now." This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 8 12:54:34 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2015 13:54:34 -0400 Subject: [Infowarrior] - How the war on terrorism became a business model Message-ID: <44B20B9B-232F-4970-99BE-D93F0290ADFF@infowarrior.org> March/April/May 2015 Operation Rent Seeking How the war on terrorism became a business model. By Mike Lofgren http://www.washingtonmonthly.com/magazine/marchaprilmay_2015/on_political_books/operation_rent_seeking054219.php In present-day America?s politically polarized atmosphere, it is easy to characterize divisive issues like the war on terrorism, the Wall Street bailout, or the Affordable Care Act as symbols of a clash of ideologies. Ideology is present in all of these issues, but it is possible to overrate it as a factor in contemporary policymaking. When I was a congressional staffer, I became acutely aware that elected officials choose issues to put at the top of their agendas mainly for their ability to shake money out of the purses of contributors. The subsequent histrionics in the House or Senate chamber are pure theater for the benefit of C-SPAN and the poor recluses who watch it. Behind every political cause is a racket designed to privatize the profits and socialize the losses. It is no wonder, then, that James Risen, national security correspondent for the New York Times, has been in legal jeopardy with two presidential administrations of different parties. His new book, Pay Any Price: Greed, Power, and Endless War, is a chronicle of fascinating and heretofore secret stories in America?s war on terrorism. The book has a simple and arresting thesis: the longest war in America?s history is pure nirvana for the greedy and unscrupulous. Whatever the architects of the war on terrorism thought? they were doing, the Iraq War?s purpose rapidly evolved within the iron cage of the Washington public-private ecology into a rent-seeking opportunity for contractors and bureaucratic empire building for government employees. Its real, as opposed to ostensible, purpose seems to be endless, low-level war. The rote appeals to patriotism are just another way of mau-mauing critics. With a theme that attacks the underlying bipartisan consensus on terrorism of the last dozen years, it is no wonder the Justice Department once contemplated heaving Risen into federal prison. Pay Any Price: Greed, Power, and Endless War by James Risen Houghton Mifflin Harcourt, 304 pp. The author opens his book with a little-known operation from the Iraq War; it began immediately after the U.S. occupation of that country and continued until the summer of 2004. Air Force C-17 cargo planes transported $20 billion in cash from the vaults of the New York Federal Reserve Bank in East Rutherford, New Jersey, to Baghdad. The ostensible purpose of this cash, much of which had never been formally appropriated by Congress, was to revive the country?s shattered public services and pay Iraqi civil servants. The program was so hideously mismanaged that $11.7 billion of the $20 billion was unaccounted for, disappeared, or was stolen. As one might expect in a Middle East culture of baksheesh, an unknown quantity was pocketed by Iraqi politicians. But another, also undetermined, amount was skimmed by mid-level and junior U.S. military officers in charge of counting and distributing the cash; Risen mentions the cases of some who were caught depositing suspiciously large sums in their bank accounts in the United States. Unfortunately he says nothing about the senior officers who had extraordinary discretion over much of the cash under the Commander?s Emergency Response Program. I recall generals trooping to Capitol Hill throughout the mid-2000s to sing the praises of CERP; the reader can imagine just how popular a pallet of cash not subject to the accountability clause of the Constitution would be! A congressional colleague of mine at the time who had just come from a job at the Treasury Department told me that some U.S. personnel in Iraq amused themselves by tossing shrink-wrapped packets of $100 bills back and forth as if they were Nerf footballs. War, of course, is synonymous with waste, as procurement boondoggles stretching back to the War of Independence attest. But the war on terrorism is in a class by itself. Greatly abetted by then Secretary of Defense Dick Cheney?s blanket outsourcing of military logistics in 1992, the money spent on war has become a gold rush for private, largely unaccountable contractors. The same holds true in the intelligence community: about 70 percent of the National Security Agency?s budget is spent on contracts. That, combined with the fact that the revolving door to a corporate board seat beckons senior agency officials, means the pull is always toward waste, fraud, and abuse. Former NSA insider Thomas Drake, who blew the whistle on a gold-plated contractor program and was charged under the Espionage Act for his pains, told me last year that his old agency is ?literally helpless? without contractors. It is hardly surprising that the hundreds of billions of dollars funding the war on terrorism will tempt the acquisitive instincts of contractors and their agency counterparts. But it is up to senior officials in the executive branch to exercise oversight and discipline over the process. Oversight is also a key constitutional function of Congress. Risen documents that such oversight is still almost totally lacking. He notes that the administration of George W. Bush habitually obstructed the special inspector general for Iraq reconstruction (SIGIR), Stuart Bowman, who tried to do his job in uncovering fraud and theft. In 2010 Bowman finally tracked down $2 billion of the lost cash: it was in a bunker in Lebanon. Incredibly, the Obama administration did not grant his team clearance to enter Lebanon to continue the pursuit. What about Capitol Hill, and particularly those gimlet-eyed Republicans whose core philosophy is that government cannot run a lemonade stand, and who mercilessly exposed Solyndra, the General Services Administration?s junkets, and purported waste in the stimulus bill? Rather than exposing waste in the war on terrorism and clawing back the money, GOP lawmakers have exacerbated the mess by throwing more money at the agencies than they could ever spend wisely, assuming wisdom were even present. They are also not terribly interested in bad-news stories about anything that falls under the rubric of national security. In February 2006, Secretary of State Condoleezza Rice testified before my employer, the Senate Budget Committee, on the State Department?s budget, and much time was spent on the state of reconstruction in Iraq. The secretary began to reel off impressive statistics on the rebuilding of the water, sewer, and electric power systems. At that point ranking Democrat Kent Conrad sharply questioned her based on a leaked draft SIGIR report refuting her optimistic presentation of reconstruction in nearly every particular. The hearing was finally getting interesting: Rice?s voice fell into that nervous tremolo that we all previously heard when the 9/11 Commission caught her in a less than truthful statement. Nearly instantly, however, the chairman, Republican Judd Gregg, normally an indefatigable fiscal conservative and rooter-out of waste, gaveled the hearing to a premature ending, thereby relieving Condi of her torment and the public of the full story. The next day, I learned from a colleague that as soon as Rice had returned to the State Department from her inquisitorial tribulation on the Hill, Bowen started receiving pressure to withdraw the report. The true state of Iraq reconstruction was vital for policymakers to learn: not only did the lack of clean water and reliable electricity make Iraqis? lives miserable; the absence of power meant businesses could not operate and more people were thrown into the swelling ranks of the unemployed and disaffected. Many of those people began to see the Americans as hostile occupiers rather than liberators, and it is not surprising that the growing insurgency targeted them for recruitment. The syndrome the Bush administration created in Iraq was what former Pentagon critic Chuck Spinney has called a ?self-licking ice cream cone?: the measures to fight the war on terrorism guaranteed more terrorists, which in turn guaranteed the agencies more money to fight the war on terrorism. The same process was at work with respect to torture and drone strikes. It is a great business model for contractors and bureaucratic empire builders, but far less favorable as a national survival strategy. Readers may remember that during the first years after 9/11 a few ?terrorism experts? that the cable news channels always give credence to were claiming that al-Qaeda?s propaganda videos might contain tiny alphanumeric and bar codes buried within the pixels; presumably these were coded messages to followers about planned terrorist attacks. Then, after a while, the story faded away. Why? The story was the sliver that leaked into the public media from what Risen describes as a super-secret program that hoodwinked the Central Intelligence Agency, the Department of Defense, and the White House. The idea was hatched by Dennis Montgomery, a problem gambler with casino debts, and financed by Warren Trepp, a former partner of junk bond king Michael Milken. Neither had experience with defense, intelligence, or IT, but they partnered to develop pattern-recognition software that could supposedly detect messages within video images. This was manna from heaven for the CIA?s Directorate of Science and Technology (S&T), which had played a lead role during the Cold War but had been sidelined by the war on terrorism. They could finally get in the game, and their desire to be relevant swamped their common sense. Montgomery deceived them in test demonstrations that were much like conjuror?s tricks?Montgomery the gambler was always looking at ways to beat the house. The S&T directorate sold the program to the CIA leadership and the White House. Risen tells us that John Brennan, the current CIA director, whose dishonesty became notorious during the Senate?s torture investigation, was a fan of the scheme. At one point CIA director George Tenet was feeding the raw?and worthless?data to President Bush, who had to act as his own intelligence analyst. Even when the CIA leadership finally cottoned on to the fraud, such was their embarrassment that they kept the whole fiasco secret. Prosecuting or debarring Montgomery was out of the question, so he merely continued peddling the hoax to other agencies. The Defense Department?s Special Operations Command fell for the con, paying Montgomery?s company $10 million for the software to aid in automatic target recognition so that the sensors of Predator drones could detect targets to assassinate. Since this worked no better than decoding al-Qaeda?s fictitious secret messages, the Defense Department quietly dropped the program, but kept up a veil of secrecy to hide their own embarrassment. How could government agencies with a vast network of research labs and armies of science PhDs fall for a technological hoax as elementary as the ?Mechanical Turk? of eighteenth-century Europe or the hundred-miles-per-gallon Fish carburetor of the 1950s? There are several factors: the long-standing American bias toward technological panaceas; the bureaucratic competitiveness of the S&T directorate, which wanted to enhance its role in the war on terrorism; and the smothering blanket of government secrecy, which prevented other agencies from learning of the hoax. There is, however, something more to it that Risen does not explain in his thoroughly disillusioning volume about what goes on in the boiler room of the ship of state as it sails to meet the terrorist foe. The attacks of 9/11 seem to me to have unhinged a significant portion of the American population, particularly those occupying influential positions such as the news media. Government officials, who follow the mob rather than lead it, showed the same psychological symptoms in aggravated form. Disoriented and emotionally labile in the wake of 9/11, they were easy marks for the greedy contractors and out-and-out con men that Risen profiles. As he says, ?They are the beneficiaries of one of the largest transfers of wealth from public into private hands in American history.? Risen unfortunately almost loses the plot in a long middle chapter about private intelligence operations that the lay reader may find hard to follow for want of more interpretation by the author. He does reveal, however, the convoluted and confused methods of U.S. intelligence operations, where it is difficult even?or perhaps especially?for intelligence officials to know who is working with us and who is against us. Risen points out how national security objectives are undermined by competitive and sometimes acrimonious rivalry between the Federal Bureau of Investigation and the CIA, reminding one of the jealousy between the KGB and the GRU (Main Intelligence Directorate) in the former Soviet Union. Contrary to popular belief, wealth in the Middle East no longer comes only from oil. Risen shows us how the geyser of post-9/11 American money is financing hordes of Middle Eastern arms dealers, informers, money launderers, mafiosi, and not a few terrorists. Risen rubs in the implication that minimum-wage jobs in the United States are the price Americans pay for villas in Beirut and Amman. The author ends with the contention that the goal of the war is endless war. He does not go into the analysis, but I believe that there are strong structural grounds supporting his claim. During the Cold War, the prospect of open conflict with the Soviet Union was so catastrophic that no one, not even the arms industry, wanted war. What they wanted was a surrogate war: an arms race. America stayed at peace, but defense budgets rose with each new claim of ten-foot-tall Russians. That process was reflected in high procurement budgets that were of interest to the major contractors, while the operations budget, which was mainly an internal Defense Department interest, lagged in comparison. With the broad outsourcing of operations accounts (the budget that pays for maintaining an army fighting in the field, a budget that grows rapidly during war), contractors now have an incentive for endless low-level war. Someone may have made the cynical cost-benefit analysis that the less-than-existential national stakes and the relatively low casualty rate?6,000 U.S. military dead in thirteen years of war amount to only a third of U.S. dead from the one-month-long Battle of the Bulge?make a prolonged war on terrorism an acceptable business model. And contractor involvement is not only logistical?companies like Blackwater have been involved in actual shooting. It is difficult to read Pay Any Price and not come away with the sick feeling that the Bush presidency?which, after all, only assumed office by the grace of judicial wiring and force majeure?was at bottom a corrupt and criminal operation in collusion with private interests to hijack the public treasury. But what does that say about Congress, which acted more often as a cheerleader than a constitutional check? And what does it tell us about the Obama administration, whose Justice Department not only failed to hold the miscreants accountable, but has preserved and expanded some of its predecessors? most objectionable policies? Partisans may squabble over the relative culpability of the Bush and Obama administrations, as well as that of Congress, but that debate is now almost beside the point. If Risen is correct, America?s campaign against terrorism may have evolved to the point that endless war is the tacit but unalterable goal, regardless of who is formally in charge. Mike Lofgren is a former congressional staff member who served on both the House and Senate budget committees. His book about Congress, The Party Is Over: How Republicans Went Crazy, Democrats Became Useless, and the Middle Class Got Shafted, appeared in paperback in August 2013. He is currently writing a book about the sociology of the national security state, to be published in early 2016. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 8 12:54:41 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2015 13:54:41 -0400 Subject: [Infowarrior] - Verizon, Cisco, Microsoft And Others Pull The Plug On Default Encryption In HTTP/2 Message-ID: <60349D23-14F1-4F9B-8DD8-55BB6721FC09@infowarrior.org> Verizon, Cisco, Microsoft And Others Pull The Plug On Default Encryption In HTTP/2 By Lucian ArmasuMarch 6, 2015 12:08 PM - Source: Daniel Stenberg | B 10 comments http://www.tomshardware.com/news/verizon-cisco-microsoft-http2-encryption,28703.html#xtor=RSS-181 The HTTP/2 standard, the successor to HTTP/1.1, has recently been finalized by the Internet Engineering Task Force (IETF), and now all browsers and servers are free to use it. The HTTP/2 protocol initially started as a Google project called SPDY, which was encrypted by default, and it later entered the standardization process at IETF, so all browsers can start using it. Unfortunately, despite the protocol's initial promise to be encrypted-only, the Open Web Alliance group, formed by companies such as Verizon, Comcast, Cisco, DISH, Microsoft and others, managed to fight against that plan in the last few months of the protocol's standardization process, making encryption optional. (You can learn more about the Open Web Alliance in this InfoWorld article.) This happened despite an almost unanimous consensus of IETF in the fall of 2013 (post-Snowden revelations) that it will try to bring an Internet where everything is encrypted by default (see video below). Through the lobbying power of the Open Web Alliance group and through well-placed members inside of IETF as co-chairs from companies such as Cisco, and even from agencies such as the NSA, the IETF organization eventually lost consensus for mandating that all HTTP/2 connections be secure by default. The ones who had the most to gain from this are the telecom companies, which have recently started injecting ads into their customers browsing to make some extra revenue, despite already being paid more than reasonably well for their Internet connection services. Some of these companies have backtracked somewhat from doing this, in the sense that their tracking and ad-injection is optional, but still requires an opt-out; meaning, it's enabled by default for all customers. Even if they had backtracked completely due to the recent PR scandals about these issues, the damage to the HTTP/2 protocol is already done, because it's unlikely that there will be an updated version that mandates encryption anytime soon. The previous version of the HTTP protocol came out in 1999, which is 16 years ago. Fortunately, the browsers that have adopted it so far, such as Chrome and Firefox, are only enabling the encrypted version of HTTP/2. In these browsers, there won't be an option to use the HTTP/2 protocol without encryption, at least for now. Despite Microsoft being part of the group that opposed mandatory encryption in HTTP/2, the Internet Explorer (IE) browser that comes with Windows 10 right now only has the encrypted version of HTTP/2 as well. However, Windows 10 is still in preview mode, and we haven't seen Project Spartan yet. So it remains to be seen if Microsoft will keep the encrypted-only HTTP/2 or adopt the plain-text one as well in the final versions of IE browsers. If Microsoft wants IE to be seen as secure as Chrome and Firefox, then hopefully the company will support only the encrypted version of HTTP/2. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 8 21:13:48 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2015 22:13:48 -0400 Subject: [Infowarrior] - Senator on Internet Policy Subcommittee Has "Never Sent an Email" Message-ID: <5A9C2D51-96D8-4528-BDB1-303F6DDB42B7@infowarrior.org> Senator on Internet Policy Subcommittee Has "Never Sent an Email? http://gizmodo.com/senator-on-internet-policy-subcommittee-has-never-sent-1690216135 -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 9 07:43:29 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2015 08:43:29 -0400 Subject: [Infowarrior] - Major credit agencies agree to changes sought by advocates Message-ID: <46B7A7CE-0BD3-420E-B21D-7458C4E350C0@infowarrior.org> Major credit agencies agree to changes sought by advocates Mar. 9, 2015 8:35 AM EDT http://bigstory.ap.org/article/00cec733006d4f61afb24e797723b351/major-credit-agencies-agree-changes NEW YORK (AP) ? The three largest credit-reporting agencies will change the way they handle records in a major revamp long sought by consumer advocates. People who contest items in their credit reports will receive additional information concerning those disputes, including instructions on what they can do if they don't like the answer they get. In a bid to increase accuracy, medical debts won't be reported until after a 180-day waiting period to allow time for insurance payments to be applied. The agencies agreed to remove from credit reports previously reported medical collections that have been or are being paid by insurance companies. Equifax, Experian and TransUnion are also honing their focus to better handle disputes with consumers and to help victims of identity theft and fraud. The three credit reporting agencies will jettison reports on debts that didn't arise from a contract or agreement with the consumer, such as tickets or fines. Data collected by the agencies on hundreds of millions of people are used to create "credit scores" which can determine who gets a loan and how much interest is paid on that loan. The changes are intended to provide people with more transparency and more simple navigation when dealing with the bureaus that hold their credit reports. The announcement Monday arrived after months of negotiations between Equifax, Experian, TransUnion and New York Attorney General Eric Schneiderman. A working group will be formed under the agreement to regularly review consistency and to ensure that collected data is applied to consumers uniformly. The changes will begin to be implemented over the next several months. Discussions with other attorneys general are ongoing and there remains the possibility for more agreements ahead. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 9 10:35:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2015 11:35:10 -0400 Subject: [Infowarrior] - Obama launches new training program for tech jobs Message-ID: <4BD198F5-9208-49F5-A26E-5941C1D74E2C@infowarrior.org> (Point 3 I have problems with. 'Coding' is not the be-all end-all for creating interest in tech careers, nor should it be used as a required course in high schools, as it is in some places. --rick) http://www.engadget.com/2015/03/09/obama-techhire/?ncid=rss_truncated President Obama launches new training program for tech jobs by Daniel Cooper | @danielwcooper | 54 mins ago America is suffering from a lack of tech-savvy workers, and that's one of the reasons that wages are stagnant. It's enough of an issue that President Obama is launching TechHire, a program designed to get citizens into well-paid jobs in the technology sector. In short, the scheme is a way to increase STEM knowledge, connect workers to opportunities and break down the barriers between giving people a chance. The first part of TechHire involves connecting companies and districts, which will work together to connect skilled workers to jobs they may not have found. In addition, those companies will launch "fast track" programs to help train people whilst on the job. Second, a new federal fund of $100 million will be put in place to bankroll new training opportunities for low-skilled workers. This process will also look to empower people with child care responsibilities, non-English speakers and those with disabilities. The third element of the plan is to get private companies to run "coding bootcamps" to women, veterans and minorities. Rather than expecting employees to study for a four-year degree, these bootcamps would be run across a few months and help people get their foot on the ladder of a new job. The program has already been trialled in communities like Louisville, NYC and Delaware, and now 21 communities are getting involved. The plan has support from some big names in the tech world, including Microsoft, Cisco and LinkedIn -- helping the President affirm his commitment to put science and technology at the heart of his plans. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 9 12:55:27 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2015 13:55:27 -0400 Subject: [Infowarrior] - =?windows-1252?q?Hollywood=92s_Anti-Piracy_Secret?= =?windows-1252?q?s_Must_Be_Revealed=2C_Court_Rules?= Message-ID: <14067986-BA04-477F-849F-6A1BB6B2B162@infowarrior.org> Hollywood?s Anti-Piracy Secrets Must Be Revealed, Court Rules ? By Ernesto ? on March 9, 2015 http://torrentfreak.com/hollywoods-anti-piracy-secrets-must-be-revealed-court-rules-150309/ All records that are part of the now-closed case between Hotfile and the MPAA will be unsealed in the interests of the public. In a decision that will be a disappointment to the industry group, U.S. District Court Judge Kathleen Williams declined a request from the MPAA who wanted to keep sensitive court filings sealed indefinitely claiming they may benefit pirates. More than a year has passed since the MPAA defeated Hotfile, but the case has still been stirring in the background. Hoping to find out more about Hollywood?s anti-piracy policies the Electronic Frontier Foundation (EFF) previously asked the court to make several sealed documents available to the public. These documents are part of the counterclaim Hotfile filed, where it accused Warner of repeatedly abusing the DMCA takedown process. In particular, the EFF wants the public to know how Hollywood?s anti-piracy policies and tools work. District Court Judge Kathleen Williams sided with the EFF and ruled that it?s in the public interest to unseal the information. The MPAA, however, argued that this may hurt some of its members. Information regarding Columbia Pictures? anti-piracy policies, in particular, would still be beneficial to pirates for decades to come, the Hollywood group argued. ?Defendants have cited two specific pieces of information regarding Columbia?s enforcement policies that, if revealed to the public, could compromise Columbia?s ability to protect its copyrighted works,? the MPAA?s lawyers wrote. In addition, anti-piracy vendor Vobile feared that having its pricing information revealed could severely hurt the company. Judge Williams has now reviewed these and other arguments but ruled that sealing records indefinitely is not an option. In this case, the public interest in the records outweighs the concerns of the MPAA. ?In reaching this conclusion, the Court has weighed the parties? interests in maintaining the confidentiality of the sealed entries, including Plaintiffs? assertions that disclosure of the sealed information would undermine the effectiveness of their antipiracy systems and copyright enforcement abilities, as well as third-party Voible?s argument that disclosure of the sealed data would unfairly put it at economic risk, against the presumption in favor of public access to court records,? Williams writes (pdf). As a result of this decision all sealed documents will be made public ten years after the case was filed, which is on February 8, 2021. Previously, Warner Bros. already released some of the confidential documents. Among other things the unsealed records showed that Warner Bros. uses ?sophisticated robots? to track down infringing content. How damaging the other documents are to Hollywood?s anti-piracy efforts will become clear in five years. However, it?s unlikely to top the Sony-leak of last December, through which many sensitive anti-piracy strategies were already unveiled. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 9 12:57:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2015 13:57:17 -0400 Subject: [Infowarrior] - DIRNSA wants non-attributive retaliatory authority Message-ID: <67E26BE1-85B6-426B-BB95-3661ED0E333E@infowarrior.org> Should the U.S. be able to counter-attack nation-state cyber-aggressors without attribution? Martin Anderson, The Stack Monday 9 March, 2015 http://thestack.com/adm-michael-rogers-nsa-cyber-command-090315 The testimony of U.S. Navy Adm. Michael S. Rogers on March 4th - before the House Armed Services Committee on cyber operations and improving the military?s cybersecurity posture - not only paints an unusually vivid picture of a nation trying to re-invent its military infrastructure in response to a problem that it only partially understands, but also provides some indication as to the means by which it intends to get off the back-foot regarding response policies to cyber-attacks such as last autumn?s Sony Hack incident. Rogers is the Director of the National Security Agency (NSA) and of the far newer United States Cyber Command (U.S.CYBERCOM), and provided testimony [PDF] in support of President Obama?s nomination of him to continue as head of Cyber Command (potentially under full Unified Command status instead of its ongoing status as a sub-unified command subordinate to United States Strategic Command [SAC]) and in a reconfirmation of his role as head of the NSA. In response to the question ?Can deterrence be an effective strategy in the absence of reliable attribution?? [p19], Rogers answers broadly in the affirmative, but notes that while attribution has improved, it is ?not timely in many circumstances?. Rogers continues: ?A healthy, engaged partnership with the Intelligence Community is vital to continued improvement in attribution. Second, is development of defensive options which do not require full attribution to meet the requirements of law and international agreement [?] We must ensure we leverage the newest technology to identify our attackers before and during an attack ? not just after.? (my emphasis) The problems of ascertaining cyber-attack attribution and achieving useful response times is complex, and addressed in-depth in Rogers? testimony, which is perhaps best-summarised by his expression of the need for the U.S. to ?move from what is currently a reactive posture, to a proactive one,? Rogers argues for increased autonomy of action for a Cyber Command upgraded to the status of Full Combatant Command, and not answerable to the U.S. Strategic Command: ?If confirmed, as the Commander of U.S. CYBERCOM, as a Sub-unified Combatant Commander I would be required to coordinate and communicate through Commander, U.S. Strategic Command to seek Secretary of Defense or even Presidential approval to defend the nation in cyberspace. In a response cycle of seconds to minutes, this could come with a severe cost and could even obviate any meaningful action. As required in the current Standing Rules of Engagement, as a Combatant Commander, I would have the requisite authorities to directly engage with SECDEF or POTU.S. as necessary to defend the nation,? (p30, my emphasis) The ?need for speed? in responding to a critical cyber-attack is obvious, and well-argued in Rogers? submission. But the first implication of a military cyber-response capability which can retaliate to (apparently) nation-state cyber-attacks without attribution or subordination to departments nearer the White House is the possibility that the enemies of a nation state (or those seeking to embarrass or implicate the U.S.) need only find a way of launching a significant cyber-attack from within the ?target? country ? or from cyberspace which appears to emanate from that country - in order to draw U.S. fire toward it. If you want an even tighter fit to your tinfoil hat, you could speculate that the U.S. itself could undertake such action if expedient to its general aims towards a particular nation. In reality the issue probably has more to do with ?prior information? ? the fact that a body such as a combatant-status-enabled U.S. Cyber Command might already know the identity of a cyber-aggressor but need to trade off the future usefulness of this undisclosed information against the necessity to protect and respond publicly. Whether myth or truth, Group Captain F.W. Winterbottom?s 1974 contention that Winston Churchill let Coventry burn during WWII in order to protect the cracking of the enigma code probably remains the best-known military example of ?balancing equities? or ?gain-loss? calculations ? a subject discussed extensively by Adm. Rogers in his submission to the House Armed Services Committee [p15]. Rogers writes: ?The risk-loss equation in the DOD is made after comprehensive consultation with the intelligence community and the impacted Commander,? and continues ?When gain-loss issues arise, all parties have the responsibility to comprehensively state the issues and impacts with these discussions beginning at the action officer level. Formal disagreements unresolved after U.S. Cyber Command review follow a clear path to department and national decision makers, to include the President if need be.? The testimony represents one of the most interesting recent discussions of the current politics and polemics about cyber-security in the west, with some assuring ? as well as chilling ? indications of how future policy and frameworks may develop. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 9 13:08:15 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2015 14:08:15 -0400 Subject: [Infowarrior] - Apple launches ResearchKit for medical research Message-ID: <51EEDC82-C6AE-4184-89B1-5152315E5EC2@infowarrior.org> (I?m liking this idea. ?rick) Apple launches ResearchKit to bring your data to medical research Stacey Higginbotham Mar. 9, 2015 - 10:55 AM PDT https://gigaom.com/2015/03/09/apple-launches-researchkit-to-bring-your-data-to-medical-research/ We?re finally getting to some of the promise of connected health with the launch of ResearchKit, a framework announced at the Apple event Monday that allows medical researchers to take advantage of the data gathered by the iPhone to help advance their own diagnostics or studies of disease. The framework, like HomeKit or HealthKit, is simply a way for researchers to build applications and get data out of the iPhone that might be useful for their own purposes, but it represents a huge opportunity to make it easy to recruit people to participate in giving doctors insights about their ongoing health conditions on a regular basis, as opposed to during monthly office visits. It also offers a chance to give patients objective tests for diseases such as Parkinson?s as opposed to subjective evaluations based on a doctor?s opinion of how a patient is able to walk. Now, for example, they could speak inot their iPhone on a ResearchKit app and give objective data, or take a dexterity test based on tapping. Both were examples given by Jeff Williams, during the presentation as he showed of the first five apps built using ResearchKit that are available today. The five apps were focused on five disease including Parkinson?s, asthma, breast cancer, cardiovascular disease and diabetes. In the case of asthma, the phone would be used in conjunction with environmental tests and connected inhalers, so the GPS coordinates of the places where a person used their inhaler could be linked to the environmental tests. It?s reminiscent of the Asthmapolis does, only with an iPhone and a university. And that?s what?s important here. I?ve seen a lot of specialized sensor efforts together data from patient populations, and specialized efforts to reach our to doctors and hospitals, but if ResearchKit has one thing going for it, it?s that many patients and doctors already use the primary tool they?ll need already ? their iPhone. I may not like the platform because it locks people in, but one of the biggest hurdles to patient?s adopting new medical technology is that it?s hard to use. Either the patients or the doctors don?t want to learn how to use it. Downloading an app is much easier than learning how to connect a new device to your Wi-Fi network or toting around a new device. So this approach has a lot of promise. Plus, Williams stressed two really important things at the event. The first was that Apple will not see any of the user data and the second is that Apple will open source ResearchKit, making it available to all platforms. Thus, what you have here is the beginning of what could become a widely adopted way for people to volunteer their medical data for science or to their doctor in a way that is private and could reach beyond the Apple ecosystem. If that is what comes to pass, ResearchKit might be the biggest thing Apple launches today, even counting a watch. Apple will release ResearchKit next month. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 9 18:54:01 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2015 19:54:01 -0400 Subject: [Infowarrior] - Senate approves former Google executive for patent chief Message-ID: Senate approves former Google executive for patent chief By Jordain Carney and Mario Trujillo - 03/09/15 06:14 PM EDT http://thehill.com/policy/technology/235117-senate-approves-former-google-exec-as-patent-chief The Senate on Monday approved a former Google executive to lead the U.S. Patent and Trademark Office, which has been without a confirmed leader for more than two years. Michelle Lee, who has led the agency for months as deputy director, was approved by voice vote. She will also serve as the under secretary of Commerce for intellectual property. The Senate also unanimously approved Daniel Henry Marti to be the White House?s intellectual property enforcement coordinator, a position that has been vacant since August 2013. The nominations were approved without fanfare, as not a single senator spoke about the nominations during the 30 minutes of allotted debate time. Lee and Marti were both nominated last year and underwent a first round of testimony before the Judiciary Committee in December. The Senate ran out of time to confirm them, and both nominations were pushed into the new Congress. Lee will take over the office at a time when patent litigation reform is high on the congressional agenda. Bipartisan leaders in both chambers are working on legislation to rein in so-called patent trolls, after reform died in the Senate last year. She said during her confirmation hearing before the Judiciary Committee that she was open to legislation that would curb ?patent trolls,? companies that are accused of filing frivolous lawsuits to extract settlements from tech companies. Though tech companies praised Lee?s nomination, she caught criticism for Sen. Orrin Hatch (R-Utah) for not getting into specifics about patent reform. The Utah Republican backs a strong fee shifting provision that would require the losing party in patent litigation to pay the winner?s legal fees. Lee recently started a series of initiatives aimed at cutting down on vague or low-quality patents that have been partly blamed for an increase in litigation. During her testimony before the Judiciary Committee, she also addressed the agency?s telework program, which came under fire last summer over allegations that some employees were abusing it. Sen. Chuck Grassley (R-Iowa), who now leads the Judiciary Committee as chairman, suggested that employees must be punished if behavior at the agency was to change. "If there is abuse of the nature we are talking about [and] heads don't roll, nothing really changes," he said. For nearly a decade, Lee served as a lawyer and leader on patent policy for Google. In 2012, she moved to the Patent Office, where she started a satellite office in Silicon Valley. She holds degrees in both law and computer science. The Senate also approved by voice vote two members of the Farm Credit Administration Board: Jeffery Hall and Dallas Tonsager. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 10 08:41:40 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2015 09:41:40 -0400 Subject: [Infowarrior] - Wikipedia sues NSA Message-ID: <2F869F1A-10A0-44D7-98D2-9A22EE183BAF@infowarrior.org> Stop Spying on Wikipedia Users By JIMMY WALES and LILA TRETIKOVMARCH 10, 2015 http://www.nytimes.com/2015/03/10/opinion/stop-spying-on-wikipedia-users.html SAN FRANCISCO ? TODAY, we?re filing a lawsuit against the National Security Agency to protect the rights of the 500 million people who use Wikipedia every month. We?re doing so because a fundamental pillar of democracy is at stake: the free exchange of knowledge and ideas. Our lawsuit says that the N.S.A.?s mass surveillance of Internet traffic on American soil ? often called ?upstream? surveillance ? violates the Fourth Amendment, which protects the right to privacy, as well as the First Amendment, which protects the freedoms of expression and association. We also argue that this agency activity exceeds the authority granted by the Foreign Intelligence Surveillance Act that Congress amended in 2008. Most people search and read Wikipedia anonymously, since you don?t need an account to view its tens of millions of articles in hundreds of languages. Every month, at least 75,000 volunteers in the United States and around the world contribute their time and passion to writing those articles and keeping the site going ? and growing. On our servers, run by the nonprofit Wikimedia Foundation, those volunteers discuss their work on everything from Tiananmen Square to gay rights in Uganda. Many of them prefer to work anonymously, especially those who work on controversial issues or who live in countries with repressive governments. These volunteers should be able to do their work without having to worry that the United States government is monitoring what they read and write. Unfortunately, their anonymity is far from certain because, using upstream surveillance, the N.S.A. intercepts and searches virtually all of the international text-based traffic that flows across the Internet ?backbone? inside the United States. This is the network of fiber-optic cables and junctions that connect Wikipedia with its global community of readers and editors. As a result, whenever someone overseas views or edits a Wikipedia page, it?s likely that the N.S.A. is tracking that activity ? including the content of what was read or typed, as well as other information that can be linked to the person?s physical location and possible identity. These activities are sensitive and private: They can reveal everything from a person?s political and religious beliefs to sexual orientation and medical conditions. The notion that the N.S.A. is monitoring Wikipedia?s users is not, unfortunately, a stretch of the imagination. One of the documents revealed by the whistle-blower Edward J. Snowden specifically identified Wikipedia as a target for surveillance, alongside several other major websites like CNN.com, Gmail and Facebook. The leaked slide from a classified PowerPoint presentation declared that monitoring these sites could allow N.S.A. analysts to learn ?nearly everything a typical user does on the Internet.? The harm to Wikimedia and the hundreds of millions of people who visit our websites is clear: Pervasive surveillance has a chilling effect. It stifles freedom of expression and the free exchange of knowledge that Wikimedia was designed to enable. During the 2011 Arab uprisings, Wikipedia users collaborated to create articles that helped educate the world about what was happening. Continuing cooperation between American and Egyptian intelligence services is well established; the director of Egypt?s main spy agency under President Abdel Fattah el-Sisi boasted in 2013 that he was ?in constant contact? with the Central Intelligence Agency. So imagine, now, a Wikipedia user in Egypt who wants to edit a page about government opposition or discuss it with fellow editors. If that user knows the N.S.A. is routinely combing through her contributions to Wikipedia, and possibly sharing information with her government, she will surely be less likely to add her knowledge or have that conversation, for fear of reprisal. And then imagine this decision playing out in the minds of thousands of would-be contributors in other countries. That represents a loss for everyone who uses Wikipedia and the Internet ? not just fellow editors, but hundreds of millions of readers in the United States and around the world. In the lawsuit we?re filing with the help of the American Civil Liberties Union, we?re joining as a fellow plaintiff a broad coalition of human rights, civil society, legal, media and information organizations. Their work, like ours, requires them to engage in sensitive Internet communications with people outside the United States. That is why we?re asking the court to order an end to the N.S.A.?s dragnet surveillance of Internet traffic. Privacy is an essential right. It makes freedom of expression possible, and sustains freedom of inquiry and association. It empowers us to read, write and communicate in confidence, without fear of persecution. Knowledge flourishes where privacy is protected. Jimmy Wales, the founder of Wikipedia, is a board member of the Wikimedia Foundation, of which Lila Tretikov is the executive director. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 10 13:07:09 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2015 14:07:09 -0400 Subject: [Infowarrior] - CIA tried to undermine Apple dev tools Message-ID: CIA 'tried to crack security of Apple devices' Agency tried to create dummy version of development software that would allow it to insert surveillance back doors into apps James Ball Tuesday 10 March 2015 06.25 EDT Last modified on Tuesday 10 March 2015 07.18 EDT http://www.theguardian.com/technology/2015/mar/10/cia-tried-to-crack-security-of-apple-devices The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed. The newly disclosed documents from the National Security Agency?s internal systems show surveillance methods were presented at its secret annual conference, known as the ?jamboree?. The most serious of the various attacks disclosed at the event was the creation of a dummy version of Apple?s development software Xcode, which is used by developers to create apps for iOS devices. The modified version of Xcode would allow the CIA, NSA or other agencies to insert surveillance backdoors into any app created using the compromised development software. The revelation has already provoked a strong backlash among security researchers on Twitter and elsewhere, and is likely to prompt security audits among Apple developers. The latest revelations of sustained hacking efforts against Apple devices are set to further strain already difficult relations between the technology company and the US government. Apple had previously been a partner in the Prism programme, in effect a legal backdoor to obtain user information by the NSA and its allies, but in the wake of the Snowden revelations it has stepped up efforts to protect user privacy, including introducing end-to-end encryption on iMessages. Tim Cook, the CEO of Apple, warned Barack Obama in public remarks this month that history had shown ?sacrificing our right to privacy can have dire consequences?. Other efforts showcased at the intelligence agency jamboree included a means of introducing keylogger software ? which records and transmits every stroke a compromised user types ? into systems through Apple?s software update tool on its laptop and desktop computers. Analysts were also exploring a sophisticated approach to breaking encryption on individual devices using the activity pattern of its processor while it is encrypting data, known as a ?side channel? attack, as part of a bid to gain further access to the core software the devices run. The presentation notes revealed by the Intercept suggested that at the time of the presentation in March 2012 the technique had not yet been successful in extracting the key. US academics and security researchers have questioned the legality of the CIA?s efforts to attack Apple?s security. ?If US products are OK to target, that?s news to me,? Matthew Green of the Information Security Institute at John Hopkins University told the Intercept. ?Tearing apart the products of US manufacturers and potentially putting back doors in software distributed by unknowing developers all seems to be going a bit beyond ?targeting bad guys?. It may be a means to an end, but it?s a hell of a means.? The exploits revealed by the Intercept are the latest in a long list of stories disclosing intelligence agency activities against Apple and its platforms. In January 2014, the Guardian disclosed a variety of exploits being used by the UK intelligence agency GCHQ and the NSA against mobile phones. These included bids to extract personal information from data transmitted by apps including Angry Birds, as well as a range of capabilities to activate remotely the microphone on iPhones and Android devices ? a project codenamed Nosey Smurf. The Guardian also disclosed this year that GCHQ had been engaged in hacking software and hardware widely used in the west, including Cisco routers and Kaspersky antivirus software, -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 10 14:39:43 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2015 15:39:43 -0400 Subject: [Infowarrior] - "Rowhammer" attack Message-ID: Cutting-edge hack gives super user status by exploiting DRAM weakness "Rowhammer" attack goes where few exploits have gone before, into silicon itself. http://arstechnica.com/security/2015/03/cutting-edge-hack-gives-super-user-status-by-exploiting-dram-weakness/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 10 20:07:23 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2015 21:07:23 -0400 Subject: [Infowarrior] - First Hillary, Now Chuck Hagel Message-ID: <8F7233B9-8D57-4988-83AA-5E49E2617989@infowarrior.org> Former Sec. of Defense Hagel's Private Email Address Found on Official Email From White House http://www.nbcwashington.com/investigations/Former-Sec-of-Defense-Hagels-Private-Email-Address-Found-on-Email-From-White-House-295813861.html http://www.zerohedge.com/news/2015-03-10/first-hillary-now-chuck-hagel-former-secretary-defense-also-used-personal-email -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 10 21:02:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2015 22:02:16 -0400 Subject: [Infowarrior] - The CIA is giving its surveillance tech to US law enforcement Message-ID: The CIA is giving its surveillance tech to US law enforcement by Andrew Tarantola | @terrortola | 1 hr ago http://www.engadget.com/2015/03/10/the-cia-is-giving-its-surveillance-tech-to-us-law-enforcement/ The Justice Department's newest electronic dragnet--plane-mounted "dirtboxes" that can slurp thousands of cellular phone ID's from the air -- was originally developed by the CIA to hunt terrorists in the Middle East, The Wall Street Journal reports. Now however, it's being used domestically to track American citizens. That's not good. According to a new report from the WSJ, the US Marshals Service, with assistance from both the CIA and Boeing, developed these Cessna-mounted devices. They are electronic sniffers that mimic cellular tower signals to incite any cellular telephone within range to broadcast its identifying registration information. It's essentially an aerial man-in-the-middle attack and one that has cost US taxpayers more than $100 million to create. With this information, US Marshals can effectively locate, identify, and lock on to specific cell phones -- out of a sample population of thousands or even tens of thousands of devices -- to within an accuracy of just three yards. What's more, once the suspect phone is found, Marshals can then listen in on any calls originating from it. According to the WSJ, these devices have been in operation since 2007, mounted on Cessna aircraft flying out of five metropolitan airfields throughout the US and can access a majority of the US population. This isn't the first time that this technology has been put to use by US officials, mind you. Dirtbox technology first debuted in the Middle East where it was utilized in the hunt for terrorists in both Afghanistan and Iraq. However, this new program marks a troubling collaboration between domestic law enforcement and the nation spy agency that blurs a very important operational distinction between the two agencies. That is, the CIA is an outward-looking agency; its purpose is to gather information from abroad regarding external threats to national security. The US Marshals (and the DOJ in general), instead is tasked with enforcing federal law here in the States. To provide the DOJ with more than a million dollars worth of equipment designed specifically to hunt people that aren't protected by the Constitution and then allow federal officials to listen in on calls may conform to the letter of the law -- as both the CIA and DOJ have asserted to the WSJ -- but it certainly doesn't conform to the spirit. And it could very well lead to further and more aggressive domestic surveillance efforts in the future. Both the Electronic Frontier Foundation and the American Civil Liberties Union have already filed FOIA requests regarding the program and have requested "additional information about the Department of Justice's and Department of Homeland Security's acquisition, possession, and use of cell site simulators deployed on aircraft" ahead of any further legal action. We've already seen that the Feds have very few qualms about utilizing digital dragnets like PRISM. This Dirtbox technology appears to signal a newfound readiness to apply these overreaching information gathering practices to not just our online lives but to our mobile devices as well. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 11 10:02:12 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2015 11:02:12 -0400 Subject: [Infowarrior] - Propaganda: ISIL does conduct mock executions Message-ID: (One of the questions most commonly asked about these videos. Experts said that was probably the case, and this defector seems to confirm it. --rick) Why did victims in Islamic State beheading videos look so calm? They didn?t know it was real. By Adam Taylor and Sarah Kaplan March 11 at 9:05 AM http://www.washingtonpost.com/blogs/worldviews/wp/2015/03/11/why-did-victims-in-islamic-state-beheading-videos-look-so-calm-they-didnt-know-it-was-real/ For all their stage-managed professionalism, the videos of killings released by the Islamic State have often left viewers confused about the exact circumstances of what was being shown in the video. Their videos of beheadings, for instance, do not show the act itself, which initially led some to speculate that they may have been faked. More unnervingly, there was also the calm with which many hostages spoke to the camera. Why would hostages comply with Islamic State propaganda, if they knew that it would result in their death? Some even suggested that perhaps the hostages had struck a deal with their captors for a more humane death. [See: A list of high-profile beheadings by the the Islamic State] According to a new Sky News interview with an Islamic State defector, that wasn't the case. Instead, he explained that the hostages were calm because they had been in this situation before. They did not know they were about to die. The former Islamic State member, referred to as "Saleh," told the British television company that the extremist group would put the hostages through mock executions. Saleh himself told the hostages that they would not be killed, recalling that he said to them, "Don't worry, doesn't matter, nothing dangerous for you." However, Sky News reports that Saleh knew the plan was always to kill the hostages eventually, despite any limited kindness shown to them by their captors. [Related: Islamic State appears to be fraying from within] Similar reports of mock executions have surfaced before: Last year the New York Times reported that American journalist James Foley was subjected to them, as well as beatings and waterboarding. Counterterrorism officials recently told ABC News they believed these mock executions explained why hostages appeared compliant in videos. The interview with Saleh, however, appears to have been the first confirmation of the practice from someone linked to the Islamic State. The interview is exclusive to Sky News, so the Post cannot independently confirm Saleh?s identity. But Shashank Joshi, a senior research fellow at the British security think tank Royal United Services Institute, said that the use of the kind of ?psychological warfare? that Saleh describes seems characteristic of Islamic State. ?Indeed if you did not have that it would be very difficult to stage manage these killings,? he said in a phone interview. The Islamic State militants may have decided on this tactic based on the experiences of their predecessors. Writing for The Post last year, Aki Peritz, a former CIA counterterrorism analyst, noted that in videos of killings from the Iraq war, hostages who knew they were going to be killed often acted unpredictably and gave upsetting pleas for their lives. In one video from 2004, a South Korean named Kim Sun Il screamed for his life: "I don't want to die. I don't want to die." His captors were from Jamaat al-Tawhid, a precursor group to the Islamic State. If the mock execution reports are true, they may also explain why the killings themselves were not shown on film. Even if the hostages realized what was happening at the last minute, they may still have put up a struggle that would have ruined the video's propaganda elements. In one video shot over a decade ago in Iraq, Italian Fabrizio Quattrocchi is said to have pulled off his mask and confronted his captors just before he was shot. "Now you'll see how an Italian dies," he was reported to have shouted. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 11 22:10:32 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2015 23:10:32 -0400 Subject: [Infowarrior] - Cyber Information Sharing Act Is Cyber-Surveillance, Not Cybersecurity Message-ID: <8281B71B-15EE-4989-88B3-DC271B5E306C@infowarrior.org> (Good analysis, discussion, and recommendations of this latest idiotic ?cybersecurity? proposal. -rick) Version 2.0 of the Senate Intelligence Committee?s Cyber Information Sharing Act Is Cyber-Surveillance, Not Cybersecurity http://www.newamerica.org/oti/version-20-of-the-senate-intelligence-committees-cyber-information-sharing-act-is-cyber-surveillance-not-cybersecurity/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 12 06:52:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2015 07:52:44 -0400 Subject: [Infowarrior] - =?windows-1252?q?Doctorow=3A_Technology_should_be?= =?windows-1252?q?_used_to_create_social_mobility_=96_not_to_spy_on_citize?= =?windows-1252?q?ns?= Message-ID: Technology should be used to create social mobility ? not to spy on citizens NSA and GCHQ mass surveillance is more about disrupting political opposition than catching terrorists Cory Doctorow Tuesday 10 March 2015 07.06 EDT http://www.theguardian.com/technology/2015/mar/10/nsa-gchq-technology-create-social-mobility-spy-on-citizens Why spy? That?s the several-million pound question, in the wake of the Snowden revelations. Why would the US continue to wiretap its entire population, given that the only ?terrorism? they caught with it was a single attempt to send a small amount of money to Al Shabab? One obvious answer is: because they can. Spying is cheap, and cheaper every day. Many people have compared NSA/GCHQ mass spying to the surveillance programme of East Germany?s notorious Stasi, but the differences between the NSA and the Stasi are more interesting than the similarities. The most important difference is size. The Stasi employed one snitch for every 50 or 60 people it watched. We can?t be sure of the size of the entire Five Eyes global surveillance workforce, but there are only about 1.4 million Americans with Top Secret clearance, and many of them don?t work at or for the NSA, which means that the number is smaller than that (the other Five Eyes states have much smaller workforces than the US). This million-ish person workforce keeps six or seven billion people under surveillance ? a ratio approaching 1:10,000. What?s more, the US has only (?only?!) quadrupled its surveillance budget since the end of the Cold War: tooling up to give the spies their toys wasn?t all that expensive, compared to the number of lives that gear lets them pry into. IT has been responsible for a 2-3 order of magnitude productivity gain in surveillance efficiency. The Stasi used an army to surveil a nation; the NSA uses a battalion to surveil a planet. Spying, especially domestic spying, is an aspect of what the Santa Fe Institute economist Samuel Bowles calls guard labour: work that is done to stabilise property relationships, especially the property belonging to the rich. The amount a state needs to expend on guard labour is a function of how much legitimacy the state holds in its population?s reckoning. A state whose population mainly views the system as fair needs to do less coercion to attain stability. People who believe that they are well-served by the status quo will not work to upset it. States whose populations view the system as illegitimate need to spend more on guard labour. It?s easy to see this at work: Bahrain, Saudi Arabia, China and North Korea spend disproportionate sums on guard labour. Highly redistributive Nordic states with strong labour laws, steeply progressive taxation and tenant protection spend less on guard labour. They attain social stability through the carrot of social programmes, not the stick of guard labour. In Capital in the 21st Century, Thomas Piketty uses the wealth disparity on the eve of the French Revolution as a touchstone for the moment at which the perception of the state?s illegitimacy goes to infinity, when even emptying the treasury for guard labour will not keep the guillotine at bay. Piketty is trying to convince global elites (or at least the policymakers beholden to them) that it?s cheaper to submit to a redistributive 1% annual global wealth tax than it is to buy the guards to sustain our present wealth disparity. There?s an implied max/min problem here: the intersection of a curve representing the amount of wealth you need to spend on guards to maintain stability in the presence of a widening rich/poor gap and the amount you can save on guards by creating social mobility through education, health, and social welfare is the point at which you should stop paying for cops and start paying for hospitals and schools. This implies that productivity gains in guard labour will make wider wealth gaps sustainable. When coercion gets cheaper, the point at which it makes ?economic sense? to allow social mobility moves further along the curve. The evidence for this is in the thing mass surveillance does best, which is not catching terrorists, but disrupting legitimate political opposition, from Occupy to the RCMP?s classification of ?anti-petroleum? activists as a threat to national security. Technology also brings productivity gains to social programmes. Basic sanitation, green revolution crops, cheap material production, and access to vaccines and mobile internet devices allow states to lift the desperately poor into a more sustainable existence for less than ever, affording stability to wealth gaps that might have invoked the guillotine in previous centuries. The mobile phone is important to this story, since it?s both a means of raising quality of life ? through access to information and markets ? and keeping its users under close, cheap surveillance. The neoliberal answer to this is: so what? If the rich can be richer than ever without the poor having to starve, doesn?t that mean that the system is working? Boris Johnson?s big cornflakes have been sorted to the top of the packet, and have produced so much efficiency that everyone is better off for it, just as market theory predicts. Even if you think that hereditary dynasties and extreme wealth for the few and hereditary, extreme poverty for the many is morally fine, the reality is that extreme wealth concentration distorts policy. We want policy to reflect the best available evidence, but when legislators are drawn from, and beholden to, a tiny ruling elite, they can only make evidence-based policy to the extent that the evidence doesn?t inconvenience rich people. It?s obvious that excluding 52% of the population from public life is bad for the economy in Saudi Arabia. It?s obvious that Canada, a country characterised by huge wilderness and resource-extraction, is in terrible danger from climate change and that it?s madness for its oil-backed Tory government to dismantle its world-class climate and environment science infrastructure, literally setting fire to the archives. It?s obvious that the finance sector is corrupt to the highest levels, and that the City is the heart of a vast criminal enterprise. It?s obvious that homeopathy is bunk, even if Prince Charles likes it. And so on. A state that is beholden to a small number of people is also beholden to that elite?s sacred cows. It is incompatible with evidence-based policy. Why spy? Because it?s cheaper than playing fair. Our networks have given the edge to the elites, and unless we seize the means of information, we are headed for a long age of IT-powered feudalism, where property is the exclusive domain of the super-rich, where your surveillance-supercharged Internet of Things treats you as a tenant-farmer of your life, subject to a licence agreement instead of a constitution. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 12 06:53:54 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2015 07:53:54 -0400 Subject: [Infowarrior] - What should the next Aaron Swartz do when the DOJ knocks? Message-ID: <40021D81-69E6-41BC-AAC0-62EF33803F60@infowarrior.org> What should the next Aaron Swartz do when the DOJ knocks? Aaron Swartz found out the hard way that you can't expect justice from the Department of Justice: what should the next Aaron Swartz do when facing decades in prison for information activism? By Harry Kopyto http://boingboing.net/2015/03/12/aaron-swartz-and-impact-litiga.html I am among those who have seen the recently released documentary about Aaron Swartz's short life, The Internet's Own Boy. I watched the film in light of my own experiences as a lawyer and paralegal engaged in social justice battles for more than four decades. I have been an advocate and media organizer for rights causes involving individuals and groups seeking access to justice through Canada's legal system. I've taken on more than 70 cases that changed Canadian law, helping to establish employment rights for gay people (eventually followed by changes in provinces' human rights codes to include sexual orientation as a prohibited category for discrimination); compensation for discrimination against Black nurses who lacked sufficient support from their union; affirming the historic right of private prosecution in a unanimous Supreme Court decision against the Ontario government; establishing sexual harassment at work as a workplace safety issue -- thereby allowing female employees to get rapid redress; litigating on behalf of victims of the RCMP Security Service that contributed to its disbanding and civilian reconstitution; achieving the largest awards in a human rights case and in a rent abatement case in Canada and winning a precedent-setting ruling against a multi-national corporation seeking to monopolize control over domain names. In these and other struggles, my weapons of choice were committees of mutual support, rallies, and publishing to broad audiences. These experiences prompted me to consider how Aaron Swartz might have pursued a more aggressive public campaign as part of his legal defense. On January 6, 2011, Swartz was arrested for a bold act of apparent disobedience?he accessed the JSTOR repository of scholarly articles. According to his prosecutors, he intended to release these to the public. Corporations whose profits depended on charging to access scholarship were not amused. Still, none of them chose to sue. Only the United States federal prosecutors pressed the case, intending to make an example of Aaron. They couldn't ignore his conduct. It would have been a precedent that, if allowed to stand, would be a beacon for others. Much blame has been placed on ham-handed prosecutors like Stephen Heymann who tried to hammer Aaron into submission. When Aaron and his supporters embarrassed the prosecutor by publicly questioning the prosecution's legitimacy, Heymann and his colleagues retaliated by adding a long list of new charges to Aaron's case. They turned his alleged unauthorized access to a network -- usually dismissed as a misdemeanor "continuance without a finding" -- into a massive federal indictment. This was a scare tactic to frighten Aaron into submission. First, the stick: a potential sentence of 35 years. Then, the carrot: a few months in jail in an open comfortable setting. The feds wanted capitulation, a guilty plea. Supervising U.S. Attorney Carmen Ortiz needed a guilty plea to finesse Aaron's brazen attack against the privatization of knowledge. The ruthless, ambitious Heymann wasn't just lead prosecutor in the case -- he was also hoping to burnish his credentials for a future political career. Swartz was accused of something more threatening than a property offense?he had launched a public interest attack on the commodification of knowledge. There was no violation of copyright law. There was no trespass on federal property. There was no privacy violation. Downloading a scholar's article, even numerous times, cannot constitutionally constitute a felony under U.S. law. The prosecutors didn't want to try the untested constitutionality of the Computer Fraud and Abuse Act (CFAA) in a highly publicized court case. They knew Aaron's case wouldn't be easy for them to win if it went to trial. They were ready to give Aaron a kiss for a plea. One of Aaron's lawyers, Marty Weinberg, nearly negotiated a plea bargain that would have kept Aaron outside of a cell completely. The punishment was negotiable -- within limits. The government sought an admission of guilt and time in prison so it could show its mettle in defending privately (and profitably) controlled access to information. With hindsight, it appears that the 18 months spent negotiating a plea with the feds was wasted. But going to trial was tremendously risky: though a victory could have resulted in the law being declared unconstitutional, the downside was the threat of an outrageously lengthy jail term. Pleading guilty could have resulted in a comparatively light sentence (and a felony on his record).. Aaron's lawyers knew well that federal felony prosecutions result in findings of guilt 93% of the time ( U.S. Department of Justice, U.S. Attorney's Annual Statistical Report). Of course, many of Aaron's family and friends focused on winning a sure deal to keep Aaron out of jail with his morale intact. For some, including, it seems Aaron, a highly publicized public campaign to prove his innocence by striking the law from the books raised the stakes too high. The bullying prosecutors were intransigent. Although Aaron's lawyers were willing and able to contest the power of the Dept. of Justice, if directed, the uncertainty of the outcome strongly suggested a more sober approach. They pleaded instead for mercy, even sharing information with the feds about Aaron's mental health history. But in my experience though, the cold and calculating representatives of officialdom never care about the personal troubles of the victim of abusive laws when a political agenda is at stake. The U.S. government brutalized Aaron. The law he was charged under is largely untested, especially in the context of Aaron's benign conduct. The merits of the charges were wide open to a constitutional challenge?they were too vague and indefinite to pass the test of specificity needed to provide adequate notice of the prohibited conduct. The CFAA also violated the principle that one cannot be found guilty of an offence more than once?double indemnity. Many constitutional lawyers were salivating at the prospect of challenging these parts of the CFAA. How it was that an alleged breach of a non-negotiable terms-of-service boilerplate agreement could result in criminal prosecution for 13 federal felonies left many lawyers scratching their heads in wonder. Aaron's acts were harmless: there was no physical harm, no economic harm. JSTOR could not prove it lost a cent. It never sought compensation -- there was nothing to compensate! Yet a non-custodial plea bargain turned out, unexpectedly, to be out of reach despite the best efforts of three sets of top lawyers. And the evidence against Aaron? MIT's facilities and Web connections were accessible to the public who identify themselves as "visitors" under MIT's "open campus" policy. They could access JSTOR through its network without pay. No lock was picked. The doors to the depository where Aaron's laptop hooked into JSTOR's hardware were never secured. Among the downloaded articles were many that had been prepared with public money and were already freely available through sites more difficult to access. There wasn't even a sign indicating that the room where Aaron connected his laptop was off limits. In fact, in response to his death, many JSTOR journal archives were made available for free to the public (how posthumously generous). Was there anything that could have been done that could have resulted in a different outcome? Suppose, for a moment, that we lived in an alternate reality. Suppose that we could have known, somehow, that the negotiations for a reasonable plea would be futile. Suppose that we anticipated how self-destructively Aaron would react to the prospect that his aspirations to a political career, not to mention his freedom, could be dashed by a conviction for a federal felony, which would prevent him from even voting for the rest of his life. Suppose Aaron's lawyers, versed in civil liberties law and impact litigation, had been directed to focus their energy on defending Aaron by demanding that the law under which he was charged be declared constitutionally inapplicable. Just as Aaron helped mobilize millions of activists to bring down the hated SOPA law, could a similar mobilization have saved Aaron? Aaron's lawyers spoke truth to power. Would the outcome have been different if they spoke power to power? Didn't Aaron himself, through organized efforts, help start a campaign that flooded Congress with eight million phone calls to block SOPA, a victory so expansive that it stunned even Aaron? Imagine a different paradigm. Let's consider a not-guilty defence of Aaron based on a strategy of broad appeal and mass mobilization. Manhattan's former top federal prosecutor had already called for the charges to be dropped. Retired federal judge Nancy Gertner had questioned the propriety of laying the charges in the first place. Law professor Stephen L. Carter described the prosecution as "ridiculous". Would tens of thousands of American youth have responded actively to a public campaign, whether on the net, in the streets or in front of the courthouse? What impact would an international defence committee with broad public representation and prominent sponsors have had? With speaking tours for Aaron to build support on campuses and in communities? With phone campaigns to flood congress, MIT or Harvard? With crowdsourcing to raise funds for Aaron's legal defence? With legal intervention by civil liberties groups in the court case? With demonstrations at U.S. embassies around the world? On September 16, 2012, an Aaron Swartz Defence Fund was initiated by Bettina Neuefeind (lawyer, activist, wife of Creative Commons founder Larry Lessig) when Aaron was already deeply depressed. Just three months before Aaron's death, this fund was announced with a call for public support. Remember that Aaron's last lawyer, Elliot Peters, was aghast when the only media present during Aaron's final court appearance was a lone reporter from a student paper. We only have a few clues to how Aaron would have reacted to a mass public campaign. We do know that Aaron felt the weight of the prosecution but spoke little of it. He hid it well (or maybe not so well). One close friend of Aaron's blamed him for taking his life without asking for help. Go easy. He was consumed by his guilt with regard to the crushing financial burden the legal defence imposed on the people who cared for him. He was frightened by the escalating threats to his ex-girlfriend, to subpoena her along with her files to implicate their friends and compel her to testify before a Grand Jury on pain of imprisonment if she refused. What some called his shyness was also Aaron's generous reluctance to enmesh others in what he saw as a personal issue. Imagine that we appealed to Harvard's and MIT's faculty and student associations to support Aaron. They might have reacted positively in contrast to the gutless administrators who proclaimed "neutrality", putting paid to Aaron's father's hopes that they would come to Aaron's rescue. When the prosecution threatened to implicate Aaron's partner and broaden its investigation, imagine a legal strategy to push back and redouble efforts to massively publicize this tactic of blatant intimidation and blackmail. Imagine that we ringed the courthouse with a phalanx of protestors every time Aaron's case appeared in court? Could we have mobilized public sentiment in defence of Aaron? Aaron's mood was always brightest and most combative, even exhilarated, when he mobilized the public behind him. The prospect of success in Aaron's legal battle may have been dramatically enhanced by the creation of an independent, visible, ongoing, international militant campaign in which legal tactics were subordinate to the struggle to defeat a quintessentially political prosecution under a law that was and continues to be legally indefensible. Imagine if we could have convinced Aaron to do what he was best at doing?campaigning publicly for justice! In the real world, we know the course of events demoralized Aaron and filled him with feelings of guilt and shame for burdening his family and implicating his friends. Those who loved Aaron tried their best. Two days after the plea-bargaining blew apart on January 11, 2013, Aaron's family was close to a million dollars in debt. He could not afford a trial. Suppose there was a broad social and political infrastructure to supplement his legal defence. Would the Aaron that turned the online world upside down not have thrived in an uncompromising, bold, unwavering public, social, and legal struggle which looked to him for moral and political leadership? Wouldn't the same Aaron who was so deeply committed to sharing the vast store of human knowledge have also thrived as the cutting edge of a campaign to overturn an indefensible law that blocked such access? Aaron's attempt to mobilize public support for his case -- a press release in support of his case from Demand Progress, the organization he helped found -- provoked an all-out retaliation from the U.S. prosecutors. At the first whiff of resistance, they added 13 felony counts to his charge-sheet. They understood that Aaron was attacking them on their weakest flank. In the courtroom, they would likely win -- as they obtain findings of guilt in 93 percent of federal felony prosecutions. In the streets and in the court of public opinion, and especially on the Internet, they were fighting on Aaron's home turf. It's easy to understand Aaron's decision, and the decision of his supporters and legal team, to retreat from provoking the rage of the U.S. prosecutors who had him in their crosshairs. But the U.S. prosecutors have shown us what to expect from capitulation. They have shown us what happens when we let them intimidate us into giving up on the only force we have that they lack. There will be more Aarons. The CFAA is still on the books, and it one of the stupidest, most grotesque statutes in the USA, overdue for a constitutional challenge. Aaron's tactics evolved with each fight, the ones he won and the ones he lost. He lost this one, and taught us a lesson we need to remember -- next time. The key idea is to build a movement that can change the balance of forces. To build such a movement you have to have a vision -- overturn a bad law in court by pleading not guilty and protect a victim of the bad law. It's tempting to see the farcical conviction of Barrett Brown as an example of why pushing back is a waste of effort, but Barrett Brown did exactly the opposite. Brown is an American writer, activist and journalist from Texas who facilitated analysis of information leaked by the hacktivist collective Anonymous and other sources that exposed the private machinations of the vast intelligence contracting network. His work was seminal in translating raw data about the U.S. military-industrial complex into an accessible, centralized format to the dismay of the cybersecurity industry. Following the 2012 Stratfor email leak, the U.S. Department of Justice filed 17 charges against him, seeking to silence him forever. Brown's only offence was posting online a publicly available link containing publicly available data that he was researching as a journalist. He accepted his guilty plea as valid. Never questioned the law itself. Agreed that he was guilty and should be punished. He thereby effectively sanctified the law itself, which criminalized the posting of links. In fact, he justified his prosecution by asking for an overall sentence of 30 months (time served). The court gave him four years for threatening a police officer and his children on YouTube while only 12 months for posting the link. So now he sits in jail after his sentencing in January. Yes, there was a public campaign in his case. But only to get money to pay lawyers to lower his sentence and collect character-testifying letters from people in an attempt to influence the judge. It was a sympathy ploy with no focused political demand. There was never any prospect of building a unified movement that could inspire people with a vision of doing away with this law around a clear, unifying demand. But even assuming for the sake of argument that the cases were identical, should we conclude that just because someone loses, then everyone would lose? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 12 12:38:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2015 13:38:10 -0400 Subject: [Infowarrior] - First Star Wars spin-off movie announced Message-ID: <38C661BF-86BB-43E1-BDAC-FA977A57BF57@infowarrior.org> The First Star Wars Spin Off Film Will Be ?Rogue One,? Joining Formation December 16, 2016 Posted 5 minutes ago by Darrell Etherington (@drizzled) http://techcrunch.com/2015/03/12/the-first-star-wars-spin-off-film-will-be-rogue-one-joining-formation-december-16-2016/ Star Wars has a new, official stand-alone spin-off film coming. Rogue One, starring Felicity Jones and written by Rian Johnson. The movie will be the first in a series of spin-offs that focus on Star Wars universe peripheral characters and side-stories, according to Disney, and will premiere on December 16, 2016, a year after the next main continuity Star Wars film. There?s nothing else so far in terms of details about the series, but the name indicates it will follow the adventures of fighter pilots, likely flying X-Wings. Rogue Squadron was the straighter squadron that played a pivotal role in the Empire Strikes Back, and then later in Return of the Jedi, and which likely grew from Red Squadron in the initial Star Wars IV: A New Hope Series. In addition to Luke Skywalker, other notable members of the squad include Wedge Antilles and Biggs Darklighter. The Rogue Squadron story provided the basis for a series of extended universe novels called Rogue Squadron, which I loved and read the vast majority of, including some multiple times. So I am excited about this thing, you could say. Disney also announced that Star Wars: Episode VIII will premiere on May 26, 2017, so the studio is switching to a summer release window for the next main franchise instalment. All indications are that Disney hopes to turn Star Wars into an elaborate, interconnected cinematic universe the way that it has with Marvel, and that?s just extra cool ? provided they can actually make good movies from the base material now that George Lucas is out of the picture. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 12 12:38:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2015 13:38:10 -0400 Subject: [Infowarrior] - First Star Wars spin-off movie announced Message-ID: <38C661BF-86BB-43E1-BDAC-FA977A57BF57@infowarrior.org> The First Star Wars Spin Off Film Will Be ?Rogue One,? Joining Formation December 16, 2016 Posted 5 minutes ago by Darrell Etherington (@drizzled) http://techcrunch.com/2015/03/12/the-first-star-wars-spin-off-film-will-be-rogue-one-joining-formation-december-16-2016/ Star Wars has a new, official stand-alone spin-off film coming. Rogue One, starring Felicity Jones and written by Rian Johnson. The movie will be the first in a series of spin-offs that focus on Star Wars universe peripheral characters and side-stories, according to Disney, and will premiere on December 16, 2016, a year after the next main continuity Star Wars film. There?s nothing else so far in terms of details about the series, but the name indicates it will follow the adventures of fighter pilots, likely flying X-Wings. Rogue Squadron was the straighter squadron that played a pivotal role in the Empire Strikes Back, and then later in Return of the Jedi, and which likely grew from Red Squadron in the initial Star Wars IV: A New Hope Series. In addition to Luke Skywalker, other notable members of the squad include Wedge Antilles and Biggs Darklighter. The Rogue Squadron story provided the basis for a series of extended universe novels called Rogue Squadron, which I loved and read the vast majority of, including some multiple times. So I am excited about this thing, you could say. Disney also announced that Star Wars: Episode VIII will premiere on May 26, 2017, so the studio is switching to a summer release window for the next main franchise instalment. All indications are that Disney hopes to turn Star Wars into an elaborate, interconnected cinematic universe the way that it has with Marvel, and that?s just extra cool ? provided they can actually make good movies from the base material now that George Lucas is out of the picture. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 12 20:35:00 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2015 21:35:00 -0400 Subject: [Infowarrior] - UK gov: bulk collection is not mass surveillance Message-ID: <45F8F2E1-4963-44D1-9A48-79A46A19800A@infowarrior.org> PRISM: UK government finds that bulk collection is not mass surveillance http://www.theinquirer.net/inquirer/news/2399451/prism-uk-government-finds-that-bulk-collection-is-not-mass-surveillance GCHQ is just doing its job, in a way By Dave Neal Thu Mar 12 2015, 16:41 THE MUCH ANTICIPATED OFFICIAL government review into GCHQ bulk data collection has found that such activity is fine, and should not be considered mass surveillance. It also acknowledged that some legislative change is needed. Yup. The Intelligence and Security Committee of Parliament (ISC) has surprised us all by deciding that following "a comprehensive review of the full range of intrusive capabilities available to the UK intelligence Agencies", it is able to "present a landmark in terms of the openness and transparency surrounding the Agencies' work, and tell us that fears are unfounded. The short version of this, presented to us by MP Hazel Blears, is that GCHQ operates within the law in a way that corresponds with legislation and a regime that is overly complicated and lacking in transparency. "The internet has transformed the way we communicate and conduct our day - to - day lives. However this has led to a tension between the individual right to privacy and the collective right to security," said the right honourable Blears, who reminded us that it is the threat of terrorism that necessitates the ?intrusive' work of the agencies. "The security and intelligence Agencies have a crucial role protecting UK citizens from threats to their safety. The importance of this work is reflected in the fact that the Agencies have been given legal authority to use a range of intrusive powers which they use to generate leads, to discover threats, to identify those who are plotting in secret against the UK and to track those individuals," she added. "However, in a democratic society those powers cannot be unconstrained: limits and safeguards are essential. The question we have considered is whether the intrusion is justified and whether the safeguards are sufficient." The answer to that is yes. The ICS report, a long one, is pretty transparent, apart from the parts that are redacted and finds the government feeling pretty OK about what it gets up to, again. It says that the activities that are carried out are carefully considered and that bulk collection is a necessary stage on the way to informed, proper targeted investigations. "Given the extent of targeting and filtering involved, it is evident that while GCHQ's bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance," it explains. "GCHQ is not collecting or reading everyone's emails: they do not have the legal authority, the resources, or the technical capability to do so. We have established that bulk interception cannot be used to search for and examine the communications of an individual in the UK unless GCHQ first obtain specific authorisation." Still, some change is needed and the ICS recommends movements in the direction of transparency, it adds that the report is a good part of this and recommended that the government make a real effort to be more open. Another recommendation is for a redrafting of current 'over complicated' legislation, something that will perhaps enjoy support from the agencies and their backers. "There is a legitimate public expectation of openness and transparency in today's society," it added, "and the security and intelligence Agencies are not exempt from that". Outside of government the responses are rather different. While the ICS has opted to treat its results to a 'no harm done' retelling, citizens rights groups are less forgiving. Jim Killock, the executive director at the Open Rights Group, is particularly unimpressed with the results. He said that the ICS left a lot out of its report, and questioned the committees independence. "The ISC's should have apologised to the nation for their failure to inform Parliament about how far GCHQ's powers have grown. This report fails to address any of the key questions apart from the need to reform our out-of-date surveillance laws," he said. "This just confirms that the ISC lacks the sufficient independence and expertise to hold the agencies to account." The Open Rights Group supports the idea of legislative change, but one that meets the requirements of basic human rights. Privacy International, a group that has taken on GCHQ and its practices on many fronts, said that the ISC report will not soothe anyone's worries. Rather it said, the report and its admissions should disturb citizens. While it welcomes the report it did so through gritted teeth. "The ISC's report should trouble every single person who uses a computer or mobile phone: it describes in great detail how the security services are intercepting billions of communications each day and interrogating those communications against thousands of selection fields," it said. "The ISC has attempted to mask the reality of its admissions by describing GCHQ's actions as 'bulk interception'. However, no amount of technical and legal jargon can obscure the fact that this is a parliamentary committee, in a democratic country, telling its citizens that they are living in a surveillance state and that all is well." Privacy International hopes that any plans to redraw surveillance legislation look to restrain surveillance and keep the agencies in line. "Today's report is official confirmation that the security services will seek to overstep any powers that are granted to them. Any new surveillance law should therefore seek to restrain, and not expand, the Government's powers," it added. "Parliament must ensure that the law is fit for purpose, that all powers and actions are explicitly authorised by an independent judiciary, and properly overseen to audit use and address any abuse. Otherwise, we will find ourselves in a similar situation years from now without the benefit of a future Edward Snowden to prompt officials to do their jobs." The UK Pirate Party also hopes for a more open and fair legislative position. It recommended that when the agencies use their 'intrusive methods' it should be in a very transparent and legal framework. Andy Halsall, Pirate Party Candidate for Sheffield Central, said: "Whilst I welcome this report, it's obvious that we need to continue to debate the role of mass surveillance and the boundaries between acceptable and prudent precautions and indiscriminate snooping." "There are clearly still major issues around meta-data, targeted versus bulk intercept, and oversight. I don't accept that the bulk collection of communications of UK citizens isn't mass surveillance. Just because the communications being intercepted may not all be read, or that the services being used are located abroad should not remove the requirement for an individual warrant." Liberty was perhaps the most damning of all, and had little praise for the 'landmark' report and its transparency. Liberty director Shami Chakrabarti said: "The ISC has repeatedly shown itself as a simple mouthpiece for the spooks - so clueless and ineffective that it's only thanks to Edward Snowden that it had the slightest clue of the agencies' antics. "The Committee calls this report a landmark for 'openness and transparency' - but how do we trust agencies who have acted unlawfully? No doubt it would be simpler if we went along with the spies' motto of ?no scrutiny for us, no privacy for you' - but what an appalling deal for the British public.? ? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 13 07:11:03 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2015 08:11:03 -0400 Subject: [Infowarrior] - Full of Fail: CISA advances in secret session Message-ID: <6364DD51-37EE-4A79-9B9A-D237FE058867@infowarrior.org> US Senate committee advances cybersecurity bill in secret session Bipartisan group of senators vote 14 to 1 on Cybersecurity Information Sharing Act as lone dissenter calls measure ?a surveillance bill by another name? Alan Yuhas in Washington and Spencer Ackerman in New York Thursday 12 March 2015 18.58 EDT Last modified on Friday 13 March 2015 07.48 EDT http://www.theguardian.com/us-news/2015/mar/12/us-senate-advance-cybersecurity-bill-nsa The Senate intelligence committee advanced a priority bill for the National Security Agency on Thursday afternoon, approving long-stalled cybersecurity legislation that civil libertarians consider the latest pathway for surveillance abuse. The vote on the Cybersecurity Information Sharing Act, 14 to 1, occurred in a secret session inside the Hart Senate office building. Democrat Ron Wyden was the dissenter, calling the measure ?a surveillance bill by another name?. Senator Richard Burr, the committee chairman, said the bill would create avenues for private-to-private, private-to-government and government-to-private information sharing. The bill?s bipartisan advocates consider it a prophylactic measure against catastrophic data theft, particularly in light of recent large-scale hacking of Sony, Target, Home Depot and other companies. Private companies could share customer data ?in a voluntary capacity? with the government, Burr said, ?so that we bring the full strength of the federal government to identifying and recommending what anybody else in the United States should adopt?. ?The sharing has to be voluntary, not coercive, and it?s got to be protected,? said Senator Dianne Feinstein, the committee?s vice-chair, adding that the information would pass through the Department of Homeland Security ? and ?transferred in real time to other departments where it?s applicable?. Feinstein said the bill?s provisions would ?only be used for counterterrorism purposes and certain immediate crimes?. Several iterations of the cybersecurity bill have failed in recent years, including a post-Edward Snowden effort that the committee, then under Democratic leadership, approved last year. President Obama, renewing the push earlier this year, has called for a bill to enhance information sharing between businesses particularly banks and others in the financial sector and the federal government surrounding indications of malicious network intrusions. Both the administration and Congress intend the legislation to join a panoply of recent moves to bolster cybersecurity, including February?s announced creation of a consolidated center within the intelligence agencies for analysis of internet-borne threats. ?This bill will not eliminate [breaches] happening,? Burr said. ?This bill will hopefully minimize the impact of a penetration because of the real-time response.? Feinstein said that companies, ?reluctant to share with the government because they are subject to suit? would be protected from lawsuits ?for cybersecurity purposes? under the bill. But the bill faces strong opposition inside and outside Congress. Beyond expanding government?s reach into private data outside warrant requirements, it mandates real-time access to that data for intelligence agencies and the military. ?Significantly undermine privacy and civil liberties? Privacy advocates consider the bill to provide a new avenue for the NSA to access consumer and financial data, once laundered through the Department of Homeland Security (DHS), the initial public repository for the desired private-sector information. Campaigners consider the emphasis placed by the bill?s backers on DHS?s role to be a misleading way of downplaying NSA access to win congressional support. A coalition of nearly 50 technologists, privacy groups and campaigners wrote to the committee earlier this month urging rejection of a bill that would ?significantly undermine privacy and civil liberties? and potentially permit corporations to ?hack back? at perceived network intrusions. Wikimedia joins civil rights groups in lawsuit against NSA internet spying Read more The bill ?does not effectively require private entities to strip out information that identifies a specific person prior to sharing cyber-threat indicators with the government, a fundamental and important privacy protection,? the 2 March letter reads. Its changes to federal law ?would permit companies to retaliate against a perceived threat in a manner that may cause significant harm, and undermine cybersecurity?, particularly given the misattributions of responsibility frequently seen in hacking cases. Companies can only take ?defensive measures? and not ?countermeasures against another company?, Feinstein said. Burr said that language in the bill would require companies to ?remove all personal information before that data is transferred to the federal government?, and that the Department of Homeland Security would scrub any data not cleaned by companies. ?We?ve tried to minimize in that any personal, identifying data that could be captured,? he said. But Burr admitted the bill would still allow companies to share directly with the NSA, and could potentially receive liability protections if information is shared ?not electronically?. ?Our preference is the electronic transfer through the DHS portal,? he said. While the NSA has labored to convince the public to move on from international condemnation of its digital dragnets ? though Congress has passed no legislation to curtail them ? acrimony within the tech sector at the surveillance giant persists. At a Washington forum last month, Yahoo?s chief security officer confronted the NSA?s chief, Admiral Mike Rogers, over a recent push by US security agencies to undermine encryption for government benefit, a revival of the so-called ?Crypto Wars? of the 1990s. Alex Stamos of Yahoo challenged Rogers to explain why his company should not do the same thing on behalf of US adversaries or competitors to facilitate their spying on the United States. Rogers, in what was seen as a heated exchange, resisted the comparison. Against that backdrop of suspicion, it is uncertain if the new cybersecurity bill can garner the votes in the broader Senate and House that its predecessors could not. The digital-rights group Access on Thursday was already seeking to mobilize its membership to call legislators in objection to the bill. Wyden declined to comment to reporters, saying as he left the meeting: ?You guys know I like talking about this stuff but I can?t say anything.? He later articulated his dissent in a statement: ?The most effective way to protect cybersecurity is by ensuring network owners take responsibility for security. Strong cybersecurity legislation should make clear that government agencies cannot order US hardware and software companies to build weaker products, as senior FBI officials have proposed.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 13 11:44:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2015 12:44:38 -0400 Subject: [Infowarrior] - Computer-stored encryption keys are not safe from side-channel attacks Message-ID: <583F9BF8-C777-43F3-A478-054E53535B52@infowarrior.org> (c/o geer) Computer-stored encryption keys are not safe from side-channel attacks By Michael Kassner March 11, 2015, 1:25 PM PST Using side-channel technology, researchers at Tel Aviv University can extract decryption keys from RSA and ElGamal implementations without altering or having control of a computer. < -- > http://www.techrepublic.com/article/computer-stored-encryption-keys-are-not-safe-from-side-channel-attacks/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 13 11:48:41 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2015 12:48:41 -0400 Subject: [Infowarrior] - WH playing favorites w/whistleblower protections Message-ID: Obama plays favorites, protects loose-lipped generals who leak top secret info By Rowan Scarborough - The Washington Times - Thursday, March 12, 2015 http://www.washingtontimes.com/news/2015/mar/12/obama-protects-generals-in-leak-probes-while-low-l/ Analysts are questioning whether the White House is protecting one of its inner-circle members in a leak investigation, especially given the Obama administration?s demonstrated willingness to prosecute and imprison lower-level government employees for providing classified information to the press. Retired Marine Corps Gen. James ?Hoss? Cartwright was vice chairman of the Joint Chiefs of Staff and somewhat of a White House fixture as a close military adviser to President Obama. For over a year, he reportedly has been the target of a Justice Department criminal investigation. He is suspected of leaking to The New York Times highly classified details of a U.S. cyberwarfare program against Iran and its quest for nuclear weapons. Gen. Cartwright played a critical role in the covert action, whose weapon was a cyberworm called Stuxnet and whose code name was ?Olympic Games.? The Washington Post reported Wednesday that the probe has come to a halt because the White House fears prosecution would force the administration to disclose secret sources and methods. Despite the slowdown, Mr. Obama has been the most aggressive president in history in hunting down and prosecuting government personnel who leak. In six years, the Justice Department has prosecuted nine leakers: One Army soldier; two National Security Agency personnel; two FBI employees; one State Department contractor; two former CIA officers; and, just recently, one retired general. Six have been, or will be, sentenced to prison terms. David H. Petraeus, like Gen. Cartwright a retired four-star general, received what some consider a slap on the wrist. He pleaded guilty to a misdemeanor count for providing eight classified journals to his lover and biographer. He almost certainly will avoid prison. The other eight have one thing in common: they are relatively low-ranking employees far from the centers of power and from connections to senior Obama aides. Not so Gen. Cartwright, who gained wide White House access as the nation?s No. 2 military officer before retiring in August 2011. By law, the Joint Chiefs of Staff chairman is the principal military adviser to the defense secretary and to the president. ?What? Hypocrisy from the Obama administration?? said Larry Johnson, a former CIA analyst. ?Justice in the U.S. is not blind. The blindfold is off and keeping an eye out for friends and family who need protection. The scales of justice are not balanced, but heavily weighted to favor political friends. There?s a complete double standard on how we?re treating these people. It?s just not right. If you?re a favored general, you get a pass.? Ken Allard, a retired Army intelligence officer, said it appears the White House is protecting Gen. Cartwright under the guise of national security. ?The one thing about these people is that they are consistent in their wrongdoing,? Mr. Allard said. ?I was shocked to hear that Hoss Cartwright was being investigated. As a former special agent, I also understood that a number of far more likely suspects abounded in the West Wing. The Justice Department going after Hoss was simply a ploy to divert attention away from those White House officials, who were presumably carrying out their president?s wishes.? The 2012 report in The New York Times notes a tense meeting at the White House to deal with the Stuxnet worm?s unintended escape out of Iran: ??Should we shut this thing down?? Mr. Obama asked, according to members of the president?s national security team who were in the room.? The Post story Wednesday quoted an unidentified source as saying the Cartwright investigation has stalled because White House counsel Kathryn Ruemmler was ?unwilling to provide the documentation, citing security concerns, including those relating to sources and methods.? Ms. Ruemmler, a close confidante of Mr. Obama?s, stepped down in June and returned to private law practice. She declined to comment to The Post. A White House spokeswoman Thursday declined to comment to The Washington Times. Gen. Cartwright?s attorney, Greg Craig, who was Mr. Obama?s first White House counsel, said he has not heard from the Justice Department. ?Gen. Jim Cartwright is an American hero who served his country with distinction for four decades,? Mr. Craig said. ?Any suggestion that he could have betrayed the country that he loved is preposterous.? Gen. Cartwright, who has remained active in Washington?s national security circles and is a scholar at the Center for Strategic and International Studies, is suspected of being a source for the New York Times report by David E. Sanger and his subsequent book. It disclosed a joint U.S.-Israeli covert operation, begun by President George W. Bush, to infect Iran?s nuclear industry with the debilitating cyberworm. The Times of Israel speculated Thursday that the investigation is on hold for fear of worsening relations with the Jewish State, which, like the U.S., has never publicly acknowledged the Stuxnet attacks. New disclosures could complicate U.S.-led negotiations with Iran aimed at stopping Tehran from building a nuclear arsenal. ?It will be interesting to see if there is any movement on the investigation and case against Cartwright after the upcoming election in Israel,? said Bart Bechtel, a former CIA officer. ?Cartwright truly stepped in it with his disclosure. The administration probably wants this matter to slowly slip from everyone?s memories, at least until after there is some conclusion in the negotiations with Iran.? The Obama administration has, in fact, brought to public trial recently a former CIA officer who provided information on another anti-Iran nuclear operation to New York Times reporter James Risen. The former officer was convicted in January. The Stuxnet operation was highly classified. Its disclosure prompted Republicans to charge that the White House was leaking secrets to make Mr. Obama look like a strong commander in chief in an election year. Attorney General Eric H. Holder Jr. opened an investigation and assigned the job outside the Washington office to Rod J. Rosenstein, the U.S. attorney for Maryland. Last year, NBC News reported that Mr. Rosenstein had notified Gen. Cartwright that he was a target of the investigation. A target letter means the government believes it has substantial information that the person committed a crime and likely will face indictment. The nine government personnel charged criminally with leaking secrets during the Obama administration: ? Edward Snowden. The former National Security Agency contractor provided copious documents and briefings on how the NSA listens to and tracks terrorist suspects. He is charged with violating the Espionage Act and is living in Russia. ? Thomas Drake. The NSA senior manager provided classified NSA budget documents. He was indicted in 2010 on 10 felony charges, but all charges were dropped. He pleaded guilty to a misdemeanor of exceeding the authorized use of a computer and received one year of probation. ? Shamai Leibowitz. The FBI translator pleaded guilty to providing classified documents to a blogger and was sentenced to 20 months in prison. ? Donald Sachtleben. The former FBI agent pleaded guilty to providing The Associated Press with details of an intelligence operation against al Qaeda-linked terrorists in Yemen. A judge sentenced him in November to more than three years in prison. The Justice Department discovered his identify via a mass capturing of AP telephone calls, emails and text messages, sending shock waves through Washington?s journalism community. ? Jeffrey Sterling. The former CIA officer was indicted in 2011 on charges of providing classified information to Mr. Risen of The New York Times on a covert operation to stall Iran?s nuclear program. Sterling was convicted in January and will be sentenced in April. ? John Kiriakou. The former CIA officer was sentenced to 2 years in prison in January 2013 for disclosing the name of a covert officer. He is now finishing his sentence under house arrest in Virginia. ?Stephen Kim. The former State Department contractor pleaded guilty to a felony charge of providing classified information to Fox News about North Korea. In April, he was sentenced to 13 months in prison. The FBI also targeted Fox News reporter James Rosen as a possible ?co-conspirator.? It marked another leak investigation that rattled Washington journalists, who complained that the administration was having a chilling effect on the process of obtaining government information. ? Bradley Manning. The Army soldier was sentenced to 35 years in prison for leaking mounds of classified cables to Wikileaks, a self-described whistleblower group. Although five leakers received prison sentences and one is to be sentenced, the Justice Department is recommending only probation for Gen. Petraeus. The four-star Army general commanded the 2007 troop surge in Iraq, ran the war in Afghanistan and then landed the top job at the CIA. He has agreed to plead guilty to one misdemeanor charge of sharing classified information with his mistress, Paula Broadwell. He also admitted that he lied to investigators about sharing secrets. Former CIA analyst Mr. Johnson sees a trend. The White House is stalling a probe of Mr. Cartwright and giving a light sentence to Mr. Petraeus, two high-ranking, well-connected retired officers, while lower-ranking leakers get locked up. ?Just add this to the list of David Petraeus, who gets a wrist slap while others, like John Kiriakou, actually go to prison,? he said. Copyright ? 2015 The Washington Times, LLC. Click here for reprint permission. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 13 18:33:29 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2015 19:33:29 -0400 Subject: [Infowarrior] - Officials Upset Tech Companies Reluctant To Play Along With Administration's 'Information Sharing' Charade Message-ID: <16EF529C-4BE0-4251-9E73-DE72DEB96BDF@infowarrior.org> (not surprising at all. ?rick) Officials Upset Tech Companies Reluctant To Play Along With Administration's 'Information Sharing? Charade https://www.techdirt.com/articles/20150308/17365530256/officials-upset-tech-companies-reluctant-to-play-along-with-administrations-information-sharing-charade.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 14 20:00:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Mar 2015 21:00:37 -0400 Subject: [Infowarrior] - Cybersecurity and the Age of Privateering: A Historical Analogy Message-ID: <976186B5-3797-49BE-AE04-7C188F263084@infowarrior.org> March 2015 Cybersecurity and the Age of Privateering: A Historical Analogy Florian Egloff florian.egloff at cybersecurity.ox.ac.uk Clarendon Scholar DPhil Candidate in Cyber Security Centre for Doctoral Training in Cyber Security and Department of Politics and International Relations, University of Oxford http://www.politics.ox.ac.uk/materials/centres/cyber-studies/Working_Paper_No.1_Egloff.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 14 20:38:07 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Mar 2015 21:38:07 -0400 Subject: [Infowarrior] - Blackberry launches new secure tablet Message-ID: <6102A9C5-D25F-4DFE-B72D-85EE528BE08A@infowarrior.org> Blackberry launches new secure tablet Sun Mar 15, 2015 4:00am IST http://in.reuters.com/article/2015/03/14/us-blackberry-tablet-idINKBN0MA0WJ20150314 (Reuters) - Seeking to extend its range of secure mobile devices, BlackBerry Ltd said on Saturday it was launching a high-security tablet, developed with International Business Machines Corp and Samsung Electronics Co Ltd. The SecuTABLET, based on Samsung's Galaxy Tab S 10.5 and being presented by BlackBerry unit Secusmart at tech fair CeBIT 2015 in Germany, reflects the Canadian company's stress on secure connections for governments and businesses as it seeks to preserve a niche market after a drubbing in recent years at the hands of emerging smartphone makers such as Apple Inc. ?Security is ingrained in every part of BlackBerry?s portfolio, which includes voice and data encryption solutions,? said Dr. Hans-Christoph Quelle, chief executive officer of Secusmart GmbH, in a statement on the new device. The device was undergoing certification by the German Federal Office for Information Security for secure rating, the statement said, adding that the new tablet used the same security technology as the Secusmart Security Card. "Working alongside IBM and Samsung, we have added the last link in the chain of the Federal Security Network. Subject to certification of the SecuTABLET, German government agencies will have a new way to access BlackBerry?s most secure and complete communications network in the world,? Quelle said. (Writing by Frances Kerry; Editing by Marguerita Choy) -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 15 17:31:01 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Mar 2015 18:31:01 -0400 Subject: [Infowarrior] - Hertz puts cameras in its rental cars Message-ID: Hertz puts cameras in its rental cars, says it has no plans to use them http://fusion.net/story/61741/hertz-cameras-in-rental-cars/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 16 07:32:36 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Mar 2015 08:32:36 -0400 Subject: [Infowarrior] - VA enacts shortest LPR retention policy in country Message-ID: Virginia passes shortest limit in US on keeping license plate reader data by Cyrus Farivar - Mar 16, 2015 7:00am EDT Virginia has become the first state in America to impose a very short data retention limit on the use of automated license plate readers (LPRs, or ALPRs). VA cops will now only be able to keep such data for seven days unless there is an active, ongoing criminal investigation. New Hampshire previously banned the devices outright, while Maine has imposed a 21-day limit. However, many jurisdictions nationwide, ranging from the New York State Police to the Oakland Police Department, have no formal data retention limit. That means the location data?often resulting in millions of records collected over years?is effectively kept forever. Governor Terry McAuliffe (D) signed the Virginia bill into law on March 10, and it will take effect on July 1. His spokesman did not immediately respond to Ars' request for comment. "It is great to see that Virginia legislators have recognized the threats to privacy posed by longer ALPR retention periods and also recognized that longer retention periods aren?t necessary to serve the main purposes of ALPRs?finding wanted and stolen vehicles," Jennifer Lynch, an attorney with the Electronic Frontier Foundation, told Ars by e-mail. "In 2013, Virginia?s Attorney General issued a formal opinion on ALPRs where he stated that Virginia shouldn?t be keeping ALPR data on innocent citizens. However, that opinion didn?t have the force of law. If passed, this bill will, and I hope other states will follow Virginia?s lead." The law, entitled the "Government Data Collection and Dissemination Practices Act," expands the state?s definition of "personal information" to include license plate number and "presence at any place," or location data. As the statute explains .... < - > http://arstechnica.com/tech-policy/2015/03/virginia-passes-shortest-limit-in-us-on-keeping-license-plate-reader-data/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 16 07:39:19 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Mar 2015 08:39:19 -0400 Subject: [Infowarrior] - =?utf-8?q?A_Police_Gadget_Tracks_Phones=3F_Shhh!_?= =?utf-8?q?It=E2=80=99s_Secret?= Message-ID: <35035F0D-B1D8-4420-B08E-1E6A13B8CEE4@infowarrior.org> A Police Gadget Tracks Phones? Shhh! It?s Secret By MATT RICHTELMARCH 15, 2015 http://www.nytimes.com/2015/03/16/business/a-police-gadget-tracks-phones-shhh-its-secret.html A powerful new surveillance tool being adopted by police departments across the country comes with an unusual requirement: To buy it, law enforcement officials must sign a nondisclosure agreement preventing them from saying almost anything about the technology. Any disclosure about the technology, which tracks cellphones and is often called StingRay, could allow criminals and terrorists to circumvent it, the F.B.I. has said in an affidavit. But the tool is adopted in such secrecy that communities are not always sure what they are buying or whether the technology could raise serious privacy concerns. The confidentiality has elevated the stakes in a longstanding debate about the public disclosure of government practices versus law enforcement?s desire to keep its methods confidential. While companies routinely require nondisclosure agreements for technical products, legal experts say these agreements raise questions and are unusual given the privacy and even constitutional issues at stake. ?It might be a totally legitimate business interest, or maybe they?re trying to keep people from realizing there are bigger privacy problems,? said Orin S. Kerr, a privacy law expert at George Washington University. ?What?s the secret that they?re trying to hide?? The issue led to a public dispute three weeks ago in Silicon Valley, where a sheriff asked county officials to spend $502,000 on the technology. The Santa Clara County sheriff, Laurie Smith, said the technology allowed for locating cellphones ? belonging to, say, terrorists or a missing person. But when asked for details, she offered no technical specifications and acknowledged she had not seen a product demonstration. Buying the technology, she said, required the signing of a nondisclosure agreement. ?So, just to be clear,? Joe Simitian, a county supervisor, said, ?we are being asked to spend $500,000 of taxpayers? money and $42,000 a year thereafter for a product for the name brand which we are not sure of, a product we have not seen, a demonstration we don?t have, and we have a nondisclosure requirement as a precondition. You want us to vote and spend money,? he continued, but ?you can?t tell us more about it.? The technology goes by various names, including StingRay, KingFish or, generically, cell site simulator. It is a rectangular device, small enough to fit into a suitcase, that intercepts a cellphone signal by acting like a cellphone tower. The technology can also capture texts, calls, emails and other data, and prosecutors have received court approval to use it for such purposes. Cell site simulators are catching on while law enforcement officials are adding other digital tools, like video cameras, license-plate readers, drones, programs that scan billions of phone records and gunshot detection sensors. Some of those tools have invited resistance from municipalities and legislators on privacy grounds. The nondisclosure agreements for the cell site simulators are overseen by the Federal Bureau of Investigation and typically involve the Harris Corporation, a multibillion-dollar defense contractor and a maker of the technology. What has opponents particularly concerned about StingRay is that the technology, unlike other phone surveillance methods, can also scan all the cellphones in the area where it is being used, not just the target phone. ?It?s scanning the area. What is the government doing with that information?? said Linda Lye, a lawyer for the American Civil Liberties Union of Northern California, which in 2013 sued the Justice Department to force it to disclose more about the technology. In November, in a response to the lawsuit, the government said it had asked the courts to allow the technology to capture content, not just identify subscriber location. The nondisclosure agreements make it hard to know how widely the technology has been adopted. But news reports from around the country indicate use by local and state police agencies stretching from Los Angeles to Wisconsin to New York, where the state police use it. Some departments have used it for several years. Money for the devices comes from individual agencies and sometimes, as in the case of Santa Clara County, from the federal government through Homeland Security grants. Christopher Allen, an F.B.I. spokesman, said ?location information is a vital component? of law enforcement. The agency, he said, ?does not keep repositories of cell tower data for any purpose other than in connection with a specific investigation.? A fuller explanation of the F.B.I.?s position is provided in two publicly sworn affidavits about StingRay, including one filed in 2014 in Virginia. In the affidavit, a supervisory special agent, Bradley S. Morrison, said disclosure of the technology?s specifications would let criminals, including terrorists, ?thwart the use of this technology.? ?Disclosure of even minor details? could harm law enforcement, he said, by letting ?adversaries? put together the pieces of the technology like assembling a ?jigsaw puzzle.? He said the F.B.I. had entered into the nondisclosure agreements with local authorities for those reasons. In addition, he said, the technology is related to homeland security and is therefore subject to federal control. In a second affidavit, given in 2011, the same special agent acknowledged that the device could gather identifying information from phones of bystanders. Such data ?from all wireless devices in the immediate area of the F.B.I. device that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.? But, he added, that information is purged to ensure privacy rights. In December, two senators, Patrick J. Leahy and Charles E. Grassley, sent a letter expressing concerns about the scope of the F.B.I.?s StingRay use to Eric H. Holder Jr., the attorney general, and Jeh Johnson, the secretary of Homeland Security. The Harris Corporation declined to comment, according to Jim Burke, a company spokesman. Harris, based in Melbourne, Fla., has $5 billion in annual sales and specializes in communications technology, including battlefield radios. Jon Michaels, a law professor at the University of California, Los Angeles, who studies government procurement, said Harris?s role with the nondisclosure agreements gave the company tremendous power over privacy policies in the public arena. ?This is like the privatization of a legal regime,? he said. Referring to Harris, he said: ?They get to call the shots.? For instance, in Tucson, a journalist asking the Police Department about its StingRay use was given a copy of a nondisclosure agreement. ?The City of Tucson shall not discuss, publish, release or disclose any information pertaining to the product,? it read, and then noted: ?Without the prior written consent of Harris.? The secrecy appears to have unintended consequences. A recent article in The Washington Post detailed how a man in Florida who was accused of armed robbery was located using StingRay. As the case proceeded, a defense lawyer asked the police to explain how the technology worked. The police and prosecutors declined to produce the machine and, rather than meet a judge?s order that they do so, the state gave the defendant a plea bargain for petty theft. At the meeting in Santa Clara County last month, the county supervisors voted 4 to 1 to authorize the purchase, but they also voted to require the adoption of a privacy policy. (Sheriff Smith argued to the supervisors that she had adequately explained the technology and said she resented that Mr. Simitian?s questioning seemed to ?suggest we are not mindful of people?s rights and the Constitution.?) A few days later, the county asked Harris for a demonstration open to county supervisors. The company refused, Mr. Simitian said, noting that ?only people with badges? would be permitted. Further, he said, the company declined to provide a copy of the nondisclosure agreement ? at least until after the demonstration. ?Not only is there a nondisclosure agreement, for the time being, at least, we can?t even see the nondisclosure agreement,? Mr. Simitian said. ?We may be able to see it later, I don?t know.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 16 16:06:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Mar 2015 17:06:53 -0400 Subject: [Infowarrior] - =?windows-1252?q?FBI=92s_Plan_to_Expand_Hacking_P?= =?windows-1252?q?ower_Advances_Despite_Privacy_Fears?= Message-ID: FBI?s Plan to Expand Hacking Power Advances Despite Privacy Fears Google had warned that the rule change represents a ?monumental? constitutional concern. By Dustin Volz http://www.nationaljournal.com/tech/fbi-s-plan-to-expand-hacking-power-advances-despite-privacy-fears-20150316 March 16, 2015 A judicial advisory panel Monday quietly approved a rule change that will broaden the FBI's hacking authority despite fears raised by Google that the amended language represents a "monumental" constitutional concern. The Judicial Conference Advisory Committee on Criminal Rules voted 11-1 to modify an arcane federal rule to allow judges more flexibility in how they approve search warrants for electronic data, according to a Justice Department spokesman. Known as Rule 41, the existing provision generally allows judges to approve search warrants only for material within the geographic bounds of their judicial district. But the rule change, as requested by the department, would allow judges to grant warrants for remote searches of computers located outside their district or when the location is unknown. The government has defended the maneuver as a necessary update of protocol intended to modernize criminal procedure to address the increasingly complex digital realities of the 21st century. The FBI wants the expanded authority, which would allow it to more easily infiltrate computer networks to install malicious tracking software. This way, investigators can better monitor suspected criminals who use technology to conceal their identity. But the plan has been widely opposed by privacy advocates, such as the American Civil Liberties Union, as well as some technologists, who say it amounts to a substantial rewriting of the rule and not just a procedural tweak. Such a change could threaten the Fourth Amendment's protections against unreasonable search and seizures, they warn, and possibly allow the FBI to violate the sovereignty of foreign nations. The rule change also could let the agency simultaneously target millions of computers at once, even potentially those belonging to users who aren't suspected of any wrongdoing. Google weighed in last month with public comments that warned that the tweak "raises a number of monumental and highly complex constitutional, legal and geopolitical concerns that should be left to Congress to decide." In an unusual move, Justice Department lawyers rebutted Google's concerns, saying the search giant was misreading the proposal and that it would not result in any search or seizures not "already permitted under current law." The judicial advisory committee's vote is only the first of several stamps of approval required within the federal judicial branch before the the rule change can formally take place?a process that will likely take over a year. The proposal is now subject to review by the Standing Committee on Rules of Practice and Procedure, which normally can approve amendments at its June meeting. The Judicial Conference is next in line to approve the rule, a move that would likely occur in September. The Supreme Court would have until May 1, 2016 to review and accept the amendment, which Congress would then have seven months to reject, modify or defer. Absent any congressional action, the rule would take place on Dec. 1, 2016. Privacy groups vowed to continue fighting the rule change as it winds its way through the additional layers of review. "Although presented as a minor procedural update, the proposal threatens to expand the government's ability to use malware and so-called 'zero-day exploits' without imposing necessary protections," said ACLU attorney Nathan Freed Wessler in a statement. "The current proposal fails to strike the right balance between safeguarding privacy and Internet security and allowing the government to investigate crimes." Drew Mitnick, policy counsel with digital rights group Access, said the policy "should only be considered through an open and accountable legislative process." Google did not immediately respond to a request for comment. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 17 07:57:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2015 08:57:59 -0400 Subject: [Infowarrior] - Most. Transparent. Administration. Ever. (part....I lost count) Message-ID: <9F149656-C16C-4FA6-AB35-0C084EB63792@infowarrior.org> White House Celebrates National Freedom Of Information Day By Making Office Of The Administration Completely UnFOIA-able https://www.techdirt.com/articles/20150316/14110430329/white-house-celebrates-national-freedom-information-day-making-office-administration-completely-unfoia-able.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 17 11:45:48 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2015 12:45:48 -0400 Subject: [Infowarrior] - Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper Message-ID: Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gatekeeper-bypass-exacerbated-by-unencrypted-av-downloads/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 17 15:13:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2015 16:13:26 -0400 Subject: [Infowarrior] - NSA Is Going to Love These USB-C Charging Cables Message-ID: <5CBE75DF-EAA2-4F6A-9897-B67C8DA957BB@infowarrior.org> The NSA Is Going to Love These USB-C Charging Cables Mario Aguilar http://gizmodo.com/he-nsa-is-going-to-love-these-usb-c-charging-cables-1691781672 Thanks to Apple's new MacBook and Google's new Chromebook Pixel, USB-C has arrived. A single flavor of cable for all your charging and connectivity needs? Hell yes. But that convenience doesn't come without a cost; our computers will be more vulnerable than ever to malware attacks, from hackers and surveillance agencies alike. The trouble with USB-C stems from the fact that the USB standard isn't very secure. Last year, researchers wrote a piece of malware called BadUSB which attaches your computer using USB devices like phone chargers or a thumb drives. Once connected, the malware basically takes over a computer imperceptibly. The scariest part is that the malware is written directly to the USB controller chip's firmware, which means that it's virtually undetectable and so far, unfixable. Before USB-C, there was a way to keep yourself somewhat safe. As long as you kept tabs on your cables, and never stuck random USB sticks into your computer, you could theoretically keep it clean. But as The Verge points out, the BadUSB vulnerability still hasn't been fixed in USB-C but now the insecure port is the slot where you connect your power supply. Heck, it's shaping up to be the slot where you connect everything. You have no choice but to use it every day. Think about how often you've borrowed a stranger's power cable to get charged up. Asking for a charge from a stranger is like having unprotected sex with someone you picked up at the club. But what the Verge fails to mention however, is that it's potentially much worse than that. If everyone is using the same power charger, it's not just renegade hackers posing as creative professionals in coffee shops that you need to worry about. With USB-C, the surveillance establishment suddenly has a huge incentive to figure out how to sneak a compromised cable into your power hole. It might seem alarmist and paranoid to suggest that the NSA would try to sneak a backdoor into charging cables through manufacturers, except that the agency has been busted trying exactly this kind of scheme. Last year, it was revealed that the NSA paid security firm RSA $10 million to leave a backdoor in their encryption unpatched. There's no telling if or when or how the NSA might try to accomplish something similar with USB-C cables, but it stands to reason they would try. We live in a world where we plug in with abandon, and USB-C's flexibility is designed to make plugging in easier than ever. Imagine never needing to guess whether or not your aunt's house will have a charger for your phone. USB-C could become so common that this isn't even a question. Of course she has one! With that ubiquity and convenience comes a risk that the tech could become exploited?not just by criminals, but also by the government's data siphoning machine. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 17 17:18:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2015 18:18:38 -0400 Subject: [Infowarrior] - Most. Transpar....oh, forget it. Message-ID: <1B943310-4F06-4099-9E9A-8A6C1F6B2F7B@infowarrior.org> What's Going On In Obama's Trade Meeting With Democrats? That's Classified. Posted: 03/16/2015 5:38 pm EDT Updated: 5 hours ago http://www.huffingtonpost.com/2015/03/16/obama-trade-meeting_n_6881058.html WASHINGTON -- As the Obama administration gives House Democrats a hard sell on a major controversial trade pact this week, it will be doing so under severe conditions: Any member of Congress who shares information with the public from a Wednesday briefing could be prosecuted for a crime. "I'm not happy about it," said Rep. Alan Grayson (D-Fla.). "It is part of a multi-year campaign of deception and obstruction. Why do we classify information? It's to keep sensitive information out of the hands of foreign governments. In this case, foreign governments already have this information. They're the people the administration is negotiating with. The only purpose of classifying this information is to keep it from the American people." On Wednesday, Labor Secretary Thomas Perez and U.S. Trade Representative Michael Froman are scheduled to brief Democrats on one of the most hotly contested aspects of the Trans-Pacific Partnership: granting foreign corporations the power to challenge domestic laws and regulations before an international arbitration panel. The platform, known as Investor-State Dispute Settlement, or ISDS, has been assailed by Sen. Elizabeth Warren (D-Mass.) and some libertarian critics for its potential to undermine key regulations at the expense of American sovereignty. ISDS has been part of U.S. free trade agreements since NAFTA was signed into law in 1993, and has become a particularly popular tool for multinational firms over the past few years. But while the topic remains controversial, particularly with Democrats, many critics of the administration emphasize that applying national security-style restrictions on such information is an abuse of the classified information system. An additional meeting earlier on Wednesday on currency manipulation with Froman and Treasury Secretary Jack Lew is not classified. "It's not like they will be discussing the nuclear codes," said Lori Wallach, director of Global Trade Watch at Public Citizen. The Obama administration has not publicly released drafts of the Trans-Pacific Partnership deal that it continues to negotiate with 11 other nations. Progressive opponents have said the deal could undermine key rules and exacerbate income inequality, while supporters -- mostly Republicans -- have said that it will expand economic growth and lower prices for U.S. consumers. The public has had to rely on leaks of individual deal chapters to adjudicate claims. "Throughout the entire TPP negotiating process, the Administration has been needlessly secretive," Rep. Rosa DeLauro (D-Conn.) said in a statement provided to HuffPost. "Even now, when they are finally beginning to share details of the proposed deal with Members of Congress, they are denying us the ability to consult with our staff or discuss details of the agreement with experts. This flies in the face of how past negotiations have been conducted and does not help the Administration?s credibility. If the TPP would be as good for American jobs as they claim, there should be nothing to hide." An administration official said the briefing is classified because ?these are sensitive, ongoing international negotiations.? DeLauro, Rep. Lloyd Doggett (D-Texas) and others have been particularly critical of the administration's secrecy standards on TPP, with Doggett accusing Froman of dodging his request to see the deal with staff members who have a security clearance. A spokesman for the USTR said in a statement that the administration "has made and continues to make classified documents available to any Member of Congress who is interested in reviewing them." "We have released public summaries of our negotiating objectives, and we are now embarking on a new series of briefings for Members and their staffs that go above and beyond past practices,? he said. Doggett told HuffPost there's "a difference between getting a briefing and seeing the documents themselves." "I tried to find out what level of classification applies," he said. "Can my top cleared staff read it? If he can hear about ISIS, is there something in here that prevents him from seeing these trade documents?" Doggett says he hasn't received a response to those questions from Froman. Each member of Congress will be allowed to bring one staffer with a security clearance to the briefing on Wednesday. Froman, the top trade negotiator in the administration, has tried to thaw relations with his Democratic critics by holding private briefings. Some of those meetings have gone poorly for the administration. In January of last year, members of Congress were angry that Froman privately backtracked on a public promise to secure an enforceable environmental chapter to the deal. There won't be many specific gripes from Wednesday's meeting, however. It is a criminal offense to share classified information with the press, and the Obama administration has been exceptionally aggressive in prosecuting leaks for years. To pass TPP, Obama will likely need Congressional approval for Trade Promotion Authority -- a power that denies Congress the ability to amend the final agreement and bars it from being filibustered. Neither chamber has introduced TPA legislation, however, as the administration presses for additional Democratic votes. Republican leaders in both chambers of Congress support both TPA and the trade deal, although many tea party groups do not. House Minority Leader Nancy Pelosi (D-Calif.) has said she would like to find a "path to yes" for the Democrats on the deal, including more meetings with administration staff. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 18 07:17:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2015 08:17:16 -0400 Subject: [Infowarrior] - Proposed: The Great Firewall of Australia Message-ID: <32C43A8F-7DE8-4D51-B1CF-8DFE07F5A705@infowarrior.org> Brandis prepares to introduce site blocking legislation By Allie Coyne on Mar 17, 2015 2:49 PM (1 day 8 hours ago) http://www.itnews.com.au/News/401763,brandis-to-introduce-site-blocking-legislation-this-week.aspx Updated: ISPs not consulted. The federal government plans to introduce legislation next week allowing content owners to apply for court orders to force internet service providers to block overseas file-sharing websites. The Copyright Amendment (Online Infringement) Bill - led by Attorney-General George Brandis - was today cleared for introduction into parliament by the Coalition. A spokesperson for Brandis confirmed the bill would be introduced next week, and was expected to be referred to the Senate Legal and Constitutional Affairs Legislation Committee for review. "There will be adequate time for consultation and for people to make submissions throughout this process," the spokesperson said. The bill - the text of which is yet to be made public - will facilitate the blocking of overseas websites used for downloading and uploading copyright infringing content. John Stanton, CEO of telco industry body the Communications Alliance, said it was "disappointing" that the industry had not been consulted on the bill prior to its impending introduction. Simon Bush, head of the Australian Home Entertainment Distributors Association, confirmed rights holders had also not seen a copy of the draft legislation, but said both parties was aware it was coming. The draft legislation forms part of the Government's crackdown on copyright infringement, announced last year. Last December the ISP industry was given four months to develop a code for tackling online copyright infringement or risk having one forced upon it through legislation. The Government at the same time said it would also amend the Copyright Act to enable rights holders to apply for a court order requiring ISPs to block access to non-Australian websites that had been proven to provide access to infringing content. "The power will only apply to websites outside Australia as rights holders are not prevented from taking direct action against websites operated within Australia," the Government said at the time. Brandis and Communications Minister Malcolm Turnbull at the time said such an approach was the "least burdensome and most flexible way" to address online copyright infringement. They claimed rights holders had made efforts to improve content availability and affordability in recent times, but Australians were still downloading content without paying. Turnbull also at the time conceded that shutting down overseas file-sharing websites could result in a game of whack-a-mole - evident through the reappearance of The Pirate Bay under a different domain after the file-sharing site was pulled down in a Swedish raid. "If you are asking me is it possible for .. The Pirate Bay to then move to another IP address or another URL, of course that is true," Turnbull said at the time. "There's no silver bullet here. There's a whole range of solutions and tools both on the side of the ISPs and on the side of the rights owners that will materially mitigate copyright infringement." The site-blocking scheme has been likened to online censorship by critics including consumer advocate group Choice and Pirate Party Australia, who argue it will create a filter that will allow the content industry to hit consumers with disproportionate penalties. Time running out for copyright code ISPs and content owners have only several weeks left to reach agreement on the most contentious element of the industry code to tackle copyright infringement: cost. Last month the two parties said they had come to agreement on the foundations for the three-strikes scheme, but were still working through who should foot the bill for its operation. Stanton today told iTnews the parties were inching closer to resolution on the issue. He said the "chasm" that had existed between the two parties during similar discussions in 2012 was now more of a "ravine" the ISP industry was hoping it could jump over. Updated 18/3: To reflect the confirmed date of the legislation's introduction. Copyright ? iTnews.com.au . All rights reserved. From rforno at infowarrior.org Wed Mar 18 07:17:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2015 08:17:20 -0400 Subject: [Infowarrior] - =?utf-8?q?The_Wolf_Is_Guarding_the_Hen_House=3A_T?= =?utf-8?q?he_Government=E2=80=99s_War_on_Cyberterrorism?= Message-ID: The Wolf Is Guarding the Hen House: The Government?s War on Cyberterrorism By John W. Whitehead March 17, 2015 ?The game is rigged, the network is bugged, the government talks double-speak, the courts are complicit and there?s nothing you can do about it.??David Kravets, reporting for Wired Nothing you write, say, text, tweet or share via phone or computer is private anymore. As constitutional law professor Garrett Epps points out, ?Big Brother is watching?. Big Brother may be watching you right now, and you may never know. Since 9/11, our national life has changed forever. Surveillance is the new normal.? This is the reality of the internet-dependent, plugged-in life of most Americans today. A process which started shortly after 9/11 with programs such as Total Information Awareness (the predecessor to the government?s present surveillance programs) has grown into a full-fledged campaign of warrantless surveillance, electronic tracking and data mining, thanks to federal agents who have been given carte blanche access to the vast majority of electronic communications in America. Their methods completely undermine constitution safeguards, and yet no federal agency, president, court or legislature has stepped up to halt this assault on our rights.... < - > https://www.rutherford.org/publications_resources/john_whiteheads_commentary/the_wolf_is_guarding_the_hen_house_the_governments_war_on_cyberterrorism --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 18 11:29:11 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2015 12:29:11 -0400 Subject: [Infowarrior] - Most. Transpar....from a certain point of view Message-ID: US sets new record for denying, censoring government files By TED BRIDIS Mar. 18, 2015 10:20 AM EDT http://bigstory.ap.org/article/ab029d7c625149348143a51ff61175c6/us-sets-new-record-denying-censoring-government-files WASHINGTON (AP) ? The Obama administration set a new record again for more often than ever censoring government files or outright denying access to them last year under the U.S. Freedom of Information Act, according to a new analysis of federal data by The Associated Press. The government took longer to turn over files when it provided any, said more regularly that it couldn't find documents, and refused a record number of times to turn over files quickly that might be especially newsworthy. It also acknowledged in nearly 1 in 3 cases that its initial decisions to withhold or censor records were improper under the law ? but only when it was challenged. Its backlog of unanswered requests at year's end grew remarkably by 55 percent to more than 200,000. It also cut by 375, or about 9 percent, the number of full-time employees across government paid to look for records. That was the fewest number of employees working on the issue in five years. The government's new figures, published Tuesday, covered all requests to 100 federal agencies during fiscal 2014 under the Freedom of Information law, which is heralded globally as a model for transparent government. They showed that despite disappointments and failed promises by the White House to make meaningful improvements in the way it releases records, the law was more popular than ever. Citizens, journalists, businesses and others made a record 714,231 requests for information. The U.S. spent a record $434 million trying to keep up. It also spent about $28 million on lawyers' fees to keep records secret. The government responded to 647,142 requests, a 4 percent decrease over the previous year. It more than ever censored materials it turned over or fully denied access to them, in 250,581 cases or 39 percent of all requests. Sometimes, the government censored only a few words or an employee's phone number, but other times it completely marked out nearly every paragraph on pages. On 215,584 other occasions, the government said it couldn't find records, a person refused to pay for copies or the government determined the request to be unreasonable or improper. The White House touted its success under its own analysis. It routinely excludes from its assessment instances when it couldn't find records, a person refused to pay for copies or the request was determined to be improper under the law, and said under this calculation it released all or parts of records in 91 percent of requests ? still a record low since President Barack Obama took office using the White House's own math. "We actually do have a lot to brag about," White House spokesman Josh Earnest said. Separately, the Justice Department congratulated the Agriculture and State departments for finishing work on their oldest 10 requests, said the Pentagon responded to nearly all requests within three months and praised the Health and Human Services Department for disclosing information about the Ebola outbreak and immigrant children caught crossing U.S. borders illegally. The government's responsiveness under the open records law is an important measure of its transparency. Under the law, citizens and foreigners can compel the government to turn over copies of federal records for zero or little cost. Anyone who seeks information through the law is generally supposed to get it unless disclosure would hurt national security, violate personal privacy or expose business secrets or confidential decision-making in certain areas. It cited such exceptions a record 554,969 times last year. Under the president's instructions, the U.S. should not withhold or censor government files merely because they might be embarrassing, but federal employees last year regularly misapplied the law. In emails that AP obtained from the National Archives and Records Administration about who pays for Michelle Obama's expensive dresses, the agency blacked-out a sentence under part of the law intended to shield personal, private information, such as Social Security numbers, phone numbers or home addresses. But it failed to censor the same passage on a subsequent page. The sentence: "We live in constant fear of upsetting the WH (White House)." In nearly 1 in 3 cases, when someone challenged under appeal the administration's initial decision to censor or withhold files, the government reconsidered and acknowledged it was at least partly wrong. That was the highest reversal rate in at least five years. The AP's chief executive, Gary Pruitt, said the news organization filed hundreds of requests for government files. Records the AP obtained revealed police efforts to restrict airspace to keep away news helicopters during violent street protests in Ferguson, Missouri. In another case, the records showed Veterans Affairs doctors concluding that a gunman who later killed 12 people had no mental health issues despite serious problems and encounters with police during the same period. They also showed the FBI pressuring local police agencies to keep details secret about a telephone surveillance device called Stingray. "What we discovered reaffirmed what we have seen all too frequently in recent years," Pruitt wrote in a column published this week. "The systems created to give citizens information about their government are badly broken and getting worse all the time." The U.S. released its new figures during Sunshine Week, when news organizations promote open government and freedom of information. The AP earlier this month sued the State Department under the law to force the release of email correspondence and government documents from Hillary Rodham Clinton's tenure as secretary of state. The government had failed to turn over the files under repeated requests, including one made five years ago and others pending since the summer of 2013. The government said the average time it took to answer each records request ranged from one day to more than 2.5 years. More than half of federal agencies took longer to answer requests last year than the previous year. Journalists and others who need information quickly to report breaking news fared worse than ever. Under the law, the U.S. is required to move urgent requests from journalists to the front of the line for a speedy answer if records will inform the public concerning an actual or alleged government activity. But the government now routinely denies such requests: Over six years, the number of requests granted speedy processing status fell from nearly half to fewer than 1 in 8. In January, the U.S. reminded agencies that it should carefully consider such "breaking news" requests. The CIA, at the center of so many headlines, has denied every such request the last two years. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 18 11:32:21 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2015 12:32:21 -0400 Subject: [Infowarrior] - DRM removes 99.7% of product's lifespan Message-ID: <8B509430-91E6-4456-8A84-586D4DE5FAFD@infowarrior.org> DRM; Or How To Make 30,000-Hour LED Bulbs 'Last' Only One Month https://www.techdirt.com/articles/20150317/08091030343/drm-how-to-make-30000-hour-led-bulbs.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 18 17:38:55 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2015 18:38:55 -0400 Subject: [Infowarrior] - SCO-IBM Linux Lawsuit: It's Back! Message-ID: SCO-IBM Linux Lawsuit: It's Back! http://www.osnews.com/story/28408/SCO-IBM_Linux_Lawsuit_It_s_Back_ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 19 07:02:39 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2015 08:02:39 -0400 Subject: [Infowarrior] - FOIA: Don't look behind the curtain Message-ID: Obama wants us to believe he's been transparent. But don't look behind the curtain Trevor Timm The administration is shielding itself from Foia requests and threatening members of Congress who want to increase openness while lauding its own transparency initiatives Wednesday 18 March 2015 10.17 EDT http://www.theguardian.com/commentisfree/2015/mar/18/obama-transparency-foia-sunshine-week The Obama administration publicly patted itself on the back this week for their supposed unmatched commitment to openness and accountability. But if you want to understand the White House?s actual commitment to transparency, don?t listen to their speeches or press releases - look at what they were doing quietly, off stage. On the very same day as the administration was hailing its non-existent transparency achievements during an event for Sunshine Week, it was also permanently shielding a key White House office from the Freedom of Information Act (Foia). The White House Office of Administration, which is in charge of archiving White House emails, had accepted Foia requests for 30 years, until the Bush administration convinced a court they didn?t have to in 2007. Open government groups are up in arms that the Obama White House is making Bush?s secrecy policy permanent and declaring the entire office off-limits to the public. (This week, in another event that also shows their true colors, the administration threatened to prosecute any members of Congress who reveal details of a controversial trade deal draft that many public interest groups want to be made public.) The Justice Department - where the administration held its Sunshine ?celebrations? - is tasked with enforcing Obama?s now-notorious pledge to be the Most Transparent Administration in History?. (A detailed study by the Associated Press released today found the Obama administration, six years after its pledge, denied more Foia requests and censored more files than ever in 2014 - beating the record they set last year.) Their celebration of ?progress? each year around this time is usually accompanied by eye rolls from observers, given that the Justice Department has continually been singled out as one of the worst agencies when it comes to complying with Obama?s transparency directive. But this year?s Justice Department event deserves particular derision, since the Justice Department secretly helped prevent the very modest and uncontroversial Foia Improvements Act from passing Congress last December. The act had already been passed by both houses unanimously and just needed to be voted on by the House one more time to make sure the Senate and House language lined up. At the last minute, Representative John Boehner refused to bring the bill to the floor. Only later, did we learn that a few federal agencies, notably the Justice Department, lodged complaints with Congress about the bill that kept it from going to a vote. The worst part? The Justice Department?s objection was over language that was based virtually word for word on their own Foia policy, which was signed by Eric Holder in 2009 (see a comparison here). They effectively lobbied against making their own policy law - which says a lot about whether they actually uphold that policy in the first place. After Hillary Clinton?s email scandal, in which her use of a private email server thwarted dozens of public records requests ? and the recent news that her fellow presidential candidate Jeb Bush took seven years to comply with Florida open records laws ? there?s no better time for Congress to champion Foia reform. Senator Patrick Leahy renewed a call for Congress to do just that this week. While they?re at it, Congress should add government email retention laws with teeth and provide more funding to cash-strapped Foia offices, so that agencies can actually handle the increased load of requests they have been receiving since the internet has made filing requests easier for the average citizen. More and more people want information on what their government is doing on their behalf. Ignoring those requests won?t make them go away. Nor will the government?s self-congratulation on ?transparency? fool anyone. So why not do something actually meaningful and pass Foia reform. ? This article was updated on 18 March 2015 with information on the newest AP study of the Obama administration?s transparency efforts. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 19 06:47:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2015 07:47:14 -0400 Subject: [Infowarrior] - UK spies claim broad powers to hack worldwide Message-ID: UK spies claim broad powers to hack worldwide By Juha Saarinen on Mar 19, 2015 10:19 AM (12 hours ago) http://www.itnews.com.au/News/401848,uk-spies-claim-broad-powers-to-hack-worldwide.aspx Admit to using vulnerabilities for intelligence gathering. The British government has defended the surveillance activites of its spy agencies, claiming they have broad powers to spy on any person's communications and computers around the world in secret, even when the targets are not under suspicion. The statement follows a complaint filed against the Government Communications Headquarters (GHCQ), the British signals intelligence agency, last June by a coalition of internet providers in Europe and Korea along with human rights lobby group Privacy International. The complaint is currently being investigated by the UK's Investigatory Powers Tribunal (IPT), and the British government has now taken the unusual step of releasing an open response [pdf], defending GCHQ and the agency's actions. While GCHQ won't acknowledge any one operation in particular as per its "neither confirm nor deny" policy, the agency said it may conduct computer network exploitation (CNE) attacks to obtain intelligence when it believes national interest is at stake. The open response from GCHQ's lawyers states the agency could embark upon operations similar to those conducted by criminals and hackers: "CNE operations vary in complexity. At the lower end of the scale, an individual may use someone?s login credentials to gain access to information," the response reads. "More complex operations may involve exploiting vulnerabilities in software in order to gain control of devices or networks to remotely extract information, monitor the user of the device or take control of the device or network. "These types of operations can be carried out illegally by hackers or criminals. In limited and carefully controlled circumstances, and for legitimate purposes, these types of operations may also be carried out lawfully by certain public authorities." The circumstances under which CNE operations are considered helpful to obtain intelligence on individuals deemed as criminals or harmful to national security are broad. Wanted communications that are not in the course of their transmission and therefore cannot be intercepted can lead to CNE attacks being used by GCHQ, ditto if there is no communications service provider to serve an interception warrant upon. Furthermore, CNE operations may be used if "a more comprehensive set of the target's communications or data of intelligence interest is required than can be obtained through other means," the open response stated. Despite former United States National Security Agency contractor Edward Snowden's document leaks to the contrary, lawyers acting for GCHQ vehemently deny that the agency is involved in indiscriminate mass surveillance, and called the allegations "extreme" and "disproportionate." The open response also states that one of GCHQ's functions by law is "to monitor or interfere with electromagnetic, acoustic and other emissions" in order to glean information. GCHQ also operates within a legal framework that gives it powers to target unknown people, irrespective of their intelligence interest in Britain. Domestic spying is subject to warrants, but the warrants do not need to identify targets of surveillance or CNE operations. Nor is it necessary to specify if the target is suspected of, or has committed an offense, the open response claimed. Information gleaned through hacking could also be disclosed outside GCHQ to unspecified organisations. Although GCHQ insisted that its operations and activities must remain secret in order to be effective, it took the unusual step of disclosing the draft equipment interference code of practice (EI Code). The draft EI Code, which had until now been kept secret, sets out practices, procedures and safeguards around intelligence agencies electronic information gathering. It was published in February this year by the UK Home Office and is now subject to public consultation. Copyright ? iTnews.com.au . All rights reserved. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 19 06:50:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2015 07:50:17 -0400 Subject: [Infowarrior] - FREAK: How government security worries got us into this mess Message-ID: FREAK: How government security worries got us into this mess Analysis Cheers guys By Dave Neal Thu Mar 19 2015, 08:25 http://www.theinquirer.net/inquirer/feature/2400375/freak-how-government-security-worries-got-us-into-this-mess FREAK, THE ELDERLY OpenSSL problem that has set insecurity firms alight over the past couple of weeks, continues to make headlines, but why? What on earth caused this terrible mess? We say 'terrible mess' because it has led to warnings about millions of vulnerable websites, people and equipment, and apologies from firms. We say 'terrible mess' in particular because FREAK is an issue that has effectively been caused by a government that was looking to downgrade overseas security for its own nefarious surveillance-related ends. This is exactly the kind of activity that keeps citizens and rights groups awake at night, and the fact that a 20-something-year-old decision is having repercussions now is hard for some to swallow. In order to understand why FREAK is a problem, we are going to have to go back in time. It is the 1990s, so break out your mixtape of Avril Lavigne and Nickelback and remember a time when people talked about Netscape and when the US government was concerned about the quality of RSA encryption and its adoption by johnny foreigner types. At that time the US government was worried about other countries enjoying the same benefits as its citizens, and decided to do something about it. The US cryptography export regulations created then have led to a situation where now, in 2015, we are worried about the integrity of the internet. The repercussions of a decision in 1992 to have a US edition of Netscape with 1024-bit RSA public keys in combination with 128-bit symmetric keys, and an international version with 512 bits and 40 bits are being felt today because the weakened encryption system limped on and made its way into modern technology through a sort of software osmosis. We learned this month that it lurks within official government websites and on software and systems from firms including Microsoft, BlackBerry, Apple and Google. Matthew Green, cryptographer and research professor at Johns Hopkins University, said that the US decision to limit overseas encryption was ?dumb'. "Back in the early 1990s when SSL was first invented at Netscape Corporation, the United States maintained a rigorous regime of export controls for encryption systems. In order to distribute crypto outside of the US, companies were required to deliberately 'weaken' the strength of encryption keys. For RSA encryption, this implied a maximum allowed key length of 512 bits," he said. "The 512-bit export grade encryption was a compromise between dumb and dumber. In theory it was designed to ensure that the NSA would have the ability to ?access' communications, while allegedly providing crypto that was still ?good enough' for commercial use. Or if you prefer modern terms, think of it as the original ?golden master key'." Researchers from Royal Holloway, University in London, published the results of studies into the impact on FREAK on IPv4 servers this week and revealed that a significant number are still rife for exploitation (PDF). Researchers Martin R. Albrecht, Davide Papini, Kenneth G. Paterson, and Ricardo Villanueva-Polanco showed how simple it is to crack a system and save big bucks as a result. "We found that only 9.7 percent of servers now support such export-grade RSA keys. However, we also found that some keys are repeated with high frequency, making each of them an attractive target for a direct factoring attack," they wrote, explaining that they saved some $9,000 in cloud computing costs through a simple computation and a $100 investment. They added that they "consider this to be a good return on investment for a Friday afternoon's work". As would, we assume, any hacker. While exploiting FREAK is easier said than done, the flaw's very existence should anger anyone that has heard calls from governments, abroad and at home, for a weakening of encryption and security. There is a lot to worry about. This year, the Electronic Frontier Foundation urged consumers to wise up to the risk of government surveillance, and warned about another potential historical threat, specifically the controversial Executive Order 12333 surveillance law that was passed in 1981 and still needs tackling. "Most people haven't even heard of it, but Executive Order 12333 is the primary authority the NSA uses to engage in the surveillance of people outside the US," it said. "President Obama could undo the worst parts of this executive order just as easily, by issuing a presidential order banning mass surveillance of people regardless of their nationality." Meanwhile, prime minister David Cameron has hinted that a future Conservative government would seek to ban encryption because of the threat of terrorism. "I think we cannot allow modern forms of communication to be exempt from the ability, in extremis, with a warrant signed by the home secretary, to be exempt from being listened to. That is my very clear view and if I am prime minister after the next election I will make sure we legislate accordingly," he said. "Obviously we are in a coalition. We have made progress on this issue by passing the new law which makes sure we protect some of the abilities we have to stop terrorists." In response to these comments, Jim Killock, executive director of the Open Rights Group, said, "Cameron's plans appear dangerous, ill-thought out and scary... Having the power to undermine encryption will have consequences for everyone's personal security." Hopefully more enlightened lawmakers are listening, because as the venerable security expert Bruce Schneier put it, nothing is going to change unless governments do. "The weak algorithms are still there, and can be exploited by attackers. This is the generic problem with government-mandated backdoors, key escrow, golden keys, or whatever you want to call them," he wrote. "We don't know how to design a third-party access system that checks for morality; once we build in such access, we then have to ensure that only the good guys can do it. And we can't." ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 19 11:56:12 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2015 12:56:12 -0400 Subject: [Infowarrior] - US Threatened Germany Over Snowden, Vice Chancellor Says Message-ID: <2A6CD31A-41CE-4570-BCF8-1C7640CB8F7F@infowarrior.org> US Threatened Germany Over Snowden, Vice Chancellor Says By Glenn Greenwald @ggreenwald Today at 8:42 AM https://firstlook.org/theintercept/2015/03/19/us-threatened-germany-snowden-vice-chancellor-says/ German Vice Chancellor Sigmar Gabriel (above) said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. ?They told us they would stop notifying us of plots and other intelligence matters,? Gabriel said. The vice chancellor delivered a speech in which he praised the journalists who worked on the Snowden archive, and then lamented the fact that Snowden was forced to seek refuge in ?Vladimir Putin?s autocratic Russia? because no other nation was willing and able to protect him from threats of imprisonment by the U.S. government (I was present at the event to receive an award). That prompted an audience member to interrupt his speech and yell out: ?Why don?t you bring him to Germany, then?? There has been a sustained debate in Germany over whether to grant asylum to Snowden, and a major controversy arose last year when a Parliamentary Committee investigating NSA spying divided as to whether to bring Snowden to testify in person, and then narrowly refused at the behest of the Merkel government. In response to the audience interruption, Gabriel claimed that Germany would be legally obligated to extradite Snowden to the U.S. if he were on German soil. Afterward, however, when I pressed the vice chancellor (who is also head of the Social Democratic Party, as well as the country?s economy and energy minister) as to why the German government could not and would not offer Snowden asylum ? which, under international law, negates the asylee?s status as a fugitive ? he told me that the U.S. government had aggressively threatened the Germans that if they did so, they would be ?cut off? from all intelligence sharing. That would mean, if the threat were carried out, that the Americans would literally allow the German population to remain vulnerable to a brewing attack discovered by the Americans by withholding that information from their government. This is not the first time the U.S. has purportedly threatened an allied government to withhold evidence of possible terror plots as punishment. In 2009, a British national, Binyam Mohamed, sued the U.K. government for complicity in his torture at Bagram and Guant?namo. The High Court ordered the U.K. government to provide Mohamed?s lawyers with notes and other documents reflecting what the CIA told British intelligence agents about Mohamed?s abuse. In response, the U.K. government insisted that the High Court must reverse that ruling because the safety of British subjects would be endangered if the ruling stood. Their reasoning: the U.S. government had threatened the British that they would stop sharing intelligence, including evidence of terror plots, if they disclosed what the Americans had told them in confidence about Mohamed?s treatment ? even if the disclosure were ordered by the High Court as part of a lawsuit brought by a torture victim. British government lawyers even produced a letter from an unnamed Obama official laying out that threat. In the Mohamed case, it is quite plausible that the purported ?threat? was actually the byproduct of collaboration between the U.S. and U.K. governments, as it gave the British a weapon to try to scare the court into vacating its ruling: you?re putting the lives of British subjects in danger by angering the Americans. In other words, it is quite conceivable that the British asked the Americans for a letter setting forth such a threat to enable them to bully the British court into reversing its disclosure order. In the case of Germany, no government official has previously claimed that they were threatened by the U.S. as an excuse for turning their backs on Snowden, whose disclosures helped Germans as much as any population outside of the U.S. Pointing to such threats could help a German political official such as the vice chancellor justify what is otherwise an indefensible refusal to protect the NSA whistleblower from persecution at home, though it seems far more plausible ? given far more extremist U.S. behavior in the Snowden case ? that Gabriel?s claims are accurate. Nonetheless, one of two things is true: 1) the U.S. actually threatened Germany that it would refrain from notifying them of terrorist plots against German citizens and thus deliberately leave them vulnerable to violent attacks, or 2) some combination of high officials from the U.S. and/or German governments are invoking such fictitious threats in order to manipulate and scare the German public into believing that asylum for Snowden will endanger their lives. Both are obviously noteworthy, though it?s hard to say which is worse. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 19 15:37:05 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2015 16:37:05 -0400 Subject: [Infowarrior] - DOJ: Trust Us to Not Abuse the CFAA, a Hacking Law We've Always Abused Message-ID: <7AC508C2-9375-43CB-9442-8EEACE4AFBD7@infowarrior.org> (x-posted) Justice Dept: Trust Us to Not Abuse the CFAA, a Hacking Law We've Always Abused Written by Jason Koebler March 19, 2015 // 11:13 AM EST http://motherboard.vice.com/read/justice-department-trust-us-to-not-abuse-the-a-hacking-law-weve-always-abused-cfaa ?President Obama and the Justice Department want Congress to revise a controversial computer hacking law to make it illegal to buy, sell, or rent botnets?the large networks of virus-infected computers that can be used to slow down network traffic, spam people, and brute-force their way into computer systems. The language the White House wants to use to amend the Computer Fraud and Abuse Act makes it illegal to use more than 100 computers "without authorization." It also criminalizes not just password "trafficking," but the sharing of any "means of access" to computers "without authorization," which would include botnets. Problem is, there are legitimate uses for botnets that would technically become illegal if the law is revised. A handful of researchers around the world have employed botnets as a means of learning how they work, what they can be used for, how they can be tracked, and how they can be created. Others have used them to reveal various vulnerabilities in computer systems or to map the internet. "The expansion of the definition [to 'means of access'] may impact researchers who commonly scan public websites to detect potential vulnerabilities," the Electronic Frontier Foundation wrote in a blog post. "These researchers should not have to face a felony charge if a prosecutor thinks they should have known the site prohibited scanning." The Justice Department's response to that concern is "trust us." "Some commentators have raised the concern that this proposal would chill the activities of legitimate security researchers, academics, and system administrators," Leslie Caldwell, the DOJ's assistant attorney general wrote in a blog post Wednesday. "We take this concern seriously. We have no interest in prosecuting such individuals, and our proposal would not prohibit such legitimate activity." Caldwell goes on to explain that there is language in the bill that would make it illegal only if the person ?knew it was wrongful.? The EFF says that?s not enough, and a careful reading of the proposed language doesn?t seem to provide any specific protection to researchers. It's hard to take the Department of Justice at its word when it says it will stick very close to the statute when it prosecutes those who use, buy, sell, and create botnets. Federal prosecutors have notoriously abused the language of the Computer Fraud and Abuse Act, at times stretching the definition of certain provisions of it to prosecute people who accessed computers doing nothing that even resembled hacking. Internet activist Aaron Swartz was prosecuted for downloading a huge number of science papers from a database he had access to, internet troll Weev was prosecuted for exploiting a flaw in AT&T's website that gave out iPad users' email addresses, and others have been prosecuted merely for sharing passwords. The only charge that stuck for the "Cannibal Cop"?that he illegally used his access to a police database?was brought under the CFAA; what he did was creepy and dangerous, but not hacking. "The [CFAA] has definitely been susceptible to abuse. It's been stretched in ways that are improper." Hanni Fakhoury, a staff lawyer for the Electronic Frontier Foundation, told me. "The malleability of the CFAA to provide a tool for law enforcement to prosecute cases like these suggests that the law is problematic." The law, it seems, might be about to get a lot more malleable. We've seen Obama's administration take this tack of selective enforcement in the past, most notably with the Defense of Marriage Act, illegal immigration, and legal weed in Washington and Colorado. The question is, are we willing to trust his administration at his word? More importantly, do we want to continue to put ever-expansive laws on the books, knowing that the next president might not follow suit? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 20 11:15:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2015 12:15:17 -0400 Subject: [Infowarrior] - 5 Extremely Private Things Your iPhone Knows About You Message-ID: <42D7A9DB-FB6A-43C6-A425-BCD95319DBF7@infowarrior.org> 5 Extremely Private Things Your iPhone Knows About You Sara Boboltz Posted: 03/19/2015 7:30 am EDT Updated: 03/19/2015 7:59 am EDT http://www.huffingtonpost.com/2015/03/19/iphone-legal-facts_n_6787876.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 20 15:57:54 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2015 16:57:54 -0400 Subject: [Infowarrior] - Friday Humor: Regarding Apple's product design Message-ID: <76462B43-BCB7-40E7-ACC1-FF7F5031EBBB@infowarrior.org> (Audio NSFW ... but oh so very true.) Why every new Apple MacBook that comes out needs a different goddamn charger http://boingboing.net/2015/03/20/why-every-new-apple-macbook-th.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 20 19:34:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2015 20:34:37 -0400 Subject: [Infowarrior] - Windows 10 to make the Secure Boot alt-OS lock out a reality Message-ID: <80E96794-4940-46FA-98F1-3A49F4C865ED@infowarrior.org> Windows 10 to make the Secure Boot alt-OS lock out a reality Windows 10 hardware must support Secure Boot and won't have to let you turn it off. by Peter Bright - Mar 20, 2015 3:15pm EDT http://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/ Those of you with long memories will recall a barrage of complaints in the run up to Windows 8's launch that concerned the ability to install other operating systems?whether they be older versions of Windows, or alternatives such as Linux or FreeBSD?on hardware that sported a "Designed for Windows 8" logo. To get that logo, hardware manufacturers had to fulfil a range of requirements for the systems they built, and one of those requirements had people worried. Windows 8 required machines to support a feature called UEFI Secure Boot. Secure Boot protects against malware that interferes with the boot process in order to inject itself into the operating system at a low level. When Secure Boot is enabled, the core components used to boot the machine must have correct cryptographic signatures, and the UEFI firmware verifies this before it lets the machine start. If any files have been tampered with, breaking their signature, the system won't boot. This is a desirable security feature, but it has an issue for alternative operating systems: if, for example, you prefer to compile your own operating system, your boot files won't include a signature that Secure Boot will recognize and authorize, and so you won't be able to boot your PC. However, Microsoft's rules for the Designed for Windows 8 logo included a solution to the problem they would cause: Microsoft also mandated that every system must have a user-accessible switch to turn Secure Boot off, thereby ensuring that computers would be compatible with other operating systems. Microsoft's rules also required that users be able to add their own signatures and cryptographic certificates to the firmware, so that they could still have the protection that Secure Boot provides, while still having the freedom to compile their own software. This all seemed to work, and the concerns that Linux and other operating systems would be locked out proved unfounded. This time, however, they're not. At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down. The presentation is silent on whether OEMS can or should provide support for adding custom certificates. Enlarge / The off switch, which was mandatory before, is now optional. Should this stand, we can envisage OEMs building machines that will offer no easy way to boot self-built operating systems, or indeed, any operating system that doesn't have appropriate digital signatures. This doesn't cut out Linux entirely?there have been some collaborations to provide Linux boot software with the "right" set of signatures, and these should continue to work?but it will make it a lot less easy. We've asked Microsoft if the slides are accurate and OEMs will indeed be able to build machines that essentially lock out other operating systems, especially in light of the visceral reaction to the original Secure Boot requirement. We're still awaiting a reply. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 21 22:19:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Mar 2015 23:19:16 -0400 Subject: [Infowarrior] - CIA Just Declassified the Document That Supposedly Justified the Iraq Invasion Message-ID: <08E701FF-5450-45AA-87FB-DCABDC8AA1F8@infowarrior.org> CIA Just Declassified the Document That Supposedly Justified the Iraq Invasion https://news.vice.com/article/the-cia-just-declassified-the-document-that-supposedly-justified-the-iraq-invasionin -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 22 11:54:22 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Mar 2015 12:54:22 -0400 Subject: [Infowarrior] - Netscape: the web browser that came back to haunt Microsoft Message-ID: <93DCDFD6-524A-4636-AEFE-C37AEF34757A@infowarrior.org> Netscape: the web browser that came back to haunt Microsoft John Naughton Bill Gates?s Internet Explorer killed off Netscape? but it rose again in the form of Firefox, and has now had the last laugh http://www.theguardian.com/global/2015/mar/22/web-browser-came-back-haunt-microsoft So Microsoft has decided to ?retire? Internet Explorer, its web browser. So what? For most internet users the news probably ranked somewhere near the latest information about bond yields on Romanian debt. But for old timers like this columnist, it draws a line under an interesting chapter in the modern history of the computer industry. So let?s spool back a bit ? to 1993. By then, the internet was roughly 10 years old, but for its first decade had been largely unknown to anyone other than geeks and computer science researchers. Two years earlier, Tim Berners-Lee had created and released the world wide web onto the internet, but initially no one noticed. Then in the spring of 1993, Marc Andreessen and Eric Bina released Mosaic ? the first graphical browser ? and suddenly the ?real world? realised what the internet was for, and clamoured to get aboard. But here?s the strange thing: Microsoft ? by then the overwhelmingly dominant force in the computing world ? failed to notice the internet. One of Bill Gates?s biographers, James Wallace, claimed that Microsoft didn?t even have an internet server until early in 1993, and that the only reason the company set one up was because Steve Ballmer, Gates?s second-in-command, had discovered on a sales trip that most of his big corporate customers were complaining that Windows didn?t have a ?TCP/IP stack? ? ie, a way of connecting to the internet. Ballmer had never heard of TCP/IP. ?I don?t know what it is,? he shouted at subordinates on his return to Seattle. ?I don?t want to know what it is. But my customers are screaming about it. Make the pain go away.? But even when Microsoft engineers built a TCP/IP stack into Windows, the pain continued. Andreessen and his colleagues left university to found Netscape, wrote a new browser from scratch and released it as Netscape Navigator. This spread like wildfire and led Netscape?s founders to speculate (hubristically) that the browser would eventually become the only piece of software that computer users really needed ? thereby relegating the operating system to a mere life-support system for the browser. Now that got Microsoft?s attention. It was an operating-system company, after all. On May 26, 1995 Gates wrote an internal memo (entitled ?The Internet Tidal Wave?) which ordered his subordinates to throw all the company?s resources into launching a single-minded attack on the web browser market. Given that Netscape had a 90% share of that market, Gates was effectively declaring war on Netscape. Microsoft hastily built its own browser, named it Internet Explorer (IE), and set out to destroy the upstart by incorporating Explorer into the Windows operating system, so that it was the default browser for every PC sold. The strategy worked: Microsoft succeeded in exterminating Netscape, but in the process also nearly destroyed itself, because the campaign triggered an antitrust (unfair competition) suit which looked like breaking up the company, only to founder at the last moment. So Microsoft lived to tell the tale, and Internet Explorer became the world?s browser. By 2000, IE had a 95% market share; it was the de facto industry standard, which meant that if you wanted to make a living from software development you had to make sure that your stuff worked in IE. The Explorer franchise was a monopoly on steroids. But it turned out to be a double-edged sword. Companies and large organisations built their IT infrastructure around Internet Explorer. The NHS, for example, has hundreds of thousands of PCs, and for years, if you wanted to sell software products to it, then they had to be able to run not just on IE but on a specific version (6) of the program. For all I know, that may still be the case. So the very success of Microsoft in dominating the browser market in effect locked some of its biggest customers into an increasingly dysfunctional and insecure time warp. But Microsoft?s monopolistic grip on the PC operating system and office software market also rendered it blind to what was happening in the computing industry generally. Just as it missed the internet when it first appeared, Microsoft also missed the switch to cloud computing and mobile devices. And because Internet Explorer was so dominant, Microsoft had little incentive to update and improve it. So, in the end, other ? more innovative ? browsers like Opera, Safari, Firefox and eventually Google Chrome appeared. In comparison with these newcomers, IE looked increasingly tired and impoverished, the software equivalent of a former heavyweight champion grown fat and arthritic. And the intriguing thing is that the contender that triggered its decline was Firefox, the product of the Mozilla Foundation, an organisation created from the ruins of... Netscape. Who said there?s no justice? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 23 06:29:18 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 07:29:18 -0400 Subject: [Infowarrior] - Canada's cyberwarfare toolbox revealed Message-ID: Communication Security Establishment's cyberwarfare toolbox revealed http://www.cbc.ca/news/canada/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.3002978 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 23 15:00:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 16:00:51 -0400 Subject: [Infowarrior] - Amazon doesn't want you to know how many data demands it gets Message-ID: Amazon doesn't want you to know how many data demands it gets Amazon remains the only US internet giant in the Fortune 500 that has not yet released a report detailing how many demands for data it receives from the US government. Although people are starting to notice, the retail and cloud giant has no public plans to address these concerns. Word first spread last week when the ACLU's Christopher Soghoian, who's spent years publicly denouncing companies for poor privacy practices, told attendees at a Seattle town hall event that he's "hit a wall with Amazon," adding that it's "just really difficult to reach people there." < -- > http://www.zdnet.com/article/amazon-dot-com-the-tech-master-of-secrecy/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 23 15:01:01 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 16:01:01 -0400 Subject: [Infowarrior] - DOJ Isn't Interested In Protecting FBI Whistleblowers Message-ID: <820D98A5-77C9-4CC5-BDE8-A6F840DF2C90@infowarrior.org> DOJ Isn't Interested In Protecting FBI Whistleblowers From Retaliation from the a.-ignore-b.-drag-feet dept You don't hear much about FBI whistleblowers. Many other agencies have had wrongdoing exposed by employees (and the government has often seen fit to slap the whistles out of their mouths with harsh prosecution), but the FBI isn't one of them. Forty-three years ago, whistleblowers broke into the FBI and retrieved damning documents, but no one's really broken out of the FBI to do the same. In fact, the FBI would rather not talk about whistleblowing at all. An optimist might chalk this up to the FBI being a tightly-run organization that polices itself for malfeasance and wrongdoing. They'd be wrong, of course. Just within the past year, the FBI has twice thwarted its own oversight and may soon face budgetary constraints if it won't turn over the documents the DOJ's Inspector General is seeking. There's a reason no one blows the whistle at the FBI and this GAO report spells it out: unlike every other government agency, the DOJ's internal policies contain nothing to shield FBI whistleblowers from retaliation.... < -- > https://www.techdirt.com/articles/20150307/10180630240/doj-isnt-interested-protecting-fbi-whistleblowers-retaliation.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 23 15:01:07 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 16:01:07 -0400 Subject: [Infowarrior] - New version of SecureDrop Message-ID: <6042C360-124E-4951-BB1A-6E750A4EB176@infowarrior.org> New version of SecureDrop, open-source whistleblower submission system originally created by Aaron Swartz By Trevor Timm at 12:48 pm Mon, Mar 23, 2015 http://boingboing.net/2015/03/23/new-version-of-securedrop-ope.html At Freedom of the Press Foundation, we?re excited to announce the release of a brand new version of SecureDrop, our open source whistleblower system which media organizations can use to communicate and receive documents from sources. Version 0.3 has been over a year in the making, and is the result of extensive feedback from both news organizations who already have SecureDrop?like the New Yorker and The Intercept?and from a security audit done by iSec Partners. In addition, we have a new website for SecureDrop, SecureDrop.org, which will serve as a hub for all the news organizations that have installed their own instances, and where you can find all the information you need to use it yourself. We adhere to a policy of getting a security audit of each new version of SecureDrop. This is our third audit (Hi Lawfare!), and you can read our detailed explanation of the security and usability changes we made here, as well as the full audit here. We?ve made so many changes to this version that we?ve asked iSec to put us through a another audit on the new components. We?ll post the results of the fourth audit as soon as we can. Version 0.3 has a redesigned interface that is hopefully easier to navigate for sources and journalists (check out the visual comparison below). The installation process has been simplified and those trying to install it will hopefully run into less problems. While the installation process still has a long way to go so that anyone?regardless of technical skills?can install it, the process is night and day different from when Bruce Schneier and a team of University of Washington researchers spent thirty hours attempting to do so on the original version of SecureDrop before Freedom of the Press Foundation took the project over. There are new security features as well. Every version of SecureDrop will now be installed with grsecurity, a well-respected operating system enhancement that attempts to prevent zero-day exploit attacks, and we?ll be able to automatically send security updates to all SecureDrop instances with the push of a button. In a few days, we?ll also be launching a bug bounty program with the help of BugCrowd. If you?re a security researcher, you?ll be able to set up your own instance of SecureDrop and pentest it. The Toronto Globe and Mail and Gawker Media have launched the new version of SecureDrop in the last couple weeks, bringing the total number of news organizations using it to at least seventeen. We hope by the end of the year we can help even more. SecureDrop was originally coded by Aaron Swartz, in one of the last projects he worked on before he tragically passed away. After his death, Freedom of the Press Foundation adopted the project and we?ve spent the past year and a half making significant upgrades to both the security and usability of it. Special thanks to the SecureDrop team past and present who made this possible: James Dolan, Garrett Robinson, Kevin Gallagher, Runa Sandvik, and the many open-source contributors who volunteered their time and are too numerous to name here. Our goal over the next year is to continue to improve SecureDrop for both sources and journalists, and spread it far and as wide as possible. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 23 15:04:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 16:04:46 -0400 Subject: [Infowarrior] - Fighting the "War on Terror " by Banning Cash Message-ID: <1E35FC02-5233-444D-817C-24E9E459433D@infowarrior.org> Fighting the "War on Terror " by Banning Cash March 22, 2015 Joseph T. Salerno http://mises.org/blog/fighting-war-terror-banning-cash It was just a matter of time before Western governments used the trumped up "War on Terror" as an excuse to drastically ratchet up the very real war on the use of cash and personal privacy that they are waging against their own citizens Taking advantage of public anxiety in the wake of the attacks on Charlie Hebdo and a Jewish supermarket, France has taken the first step. It seems the terrorists involved partially financed these attacks by cash, as well as by consumer loans and the sale of counterfeit goods. What a shockeroo! The terrorists used CASH to purchase some of the stuff they needed--no doubt these murderers were also shod and clothed and used cell phones, cars, and public sidewalks during the planning and execution of their mayhem. Why not restrict their use? A naked , barefoot terrorist without communications is surely less effective than a fully clothed and equipped one. Despite the arrant absurdity of blaming cash and financial privacy for these crimes, French Finance Minister Michel Sapin brazenly stated that it was necessary to "fight against the use of cash and anonymity in the French economy." He then announced extreme and despotic measures to further restrict the use of cash by French residents and to spy on and pry into their financial affairs. These measures, which will be implemented in September 2015, include prohibiting French residents from making cash payments of more than 1,000 euros, down from the current limit of 3,000 euros. Given the parlous state of the stagnating French economy the limit for foreign tourists on currency payments will remain higher, at 10,000 euros down from the current limit of 15,000 euros. The threshold below which a French resident is free to convert euros into other currencies without having to show an identity card will be slashed from the current level of 8,000 euros to 1,000 euros. In addition any cash deposit or withdrawal of more than 10,000 euros during a single month will be reported to the French anti-fraud and money laundering agency Tracfin. French authorities will also have to be notified of any freight transfers within the EU exceeding 10,000 euros, including checks, pre-paid cards, or gold. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 23 16:06:39 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 17:06:39 -0400 Subject: [Infowarrior] - =?windows-1252?q?H-Bomb_Physicist=92s_Book_Runs_A?= =?windows-1252?q?foul_of_Energy_Department?= Message-ID: <1EF1D5B6-1F97-48DB-87D8-CAAAB4F10544@infowarrior.org> (Cue the Streissand Effect?. ?rick) Hydrogen Bomb Physicist?s Book Runs Afoul of Energy Department By WILLIAM J. BROAD MARCH 23, 2015 http://www.nytimes.com/2015/03/24/science/hydrogen-bomb-physicists-book-runs-afoul-of-energy-department.html PHILADELPHIA ? For all its horrific power, the atom bomb ? leveler of Hiroshima and instant killer of some 80,000 people ? is but a pale cousin compared to another product of American ingenuity: the hydrogen bomb. The weapon easily packs the punch of a thousand Hiroshimas, an unthinkable range of destruction that lay behind the Cold War?s fear of mutual annihilation. It was developed in great secrecy, and Washington for decades has done everything in its power to keep the details of its design out of the public domain. Now, a physicist who helped devise the weapon more than half a century ago has defied a federal order to cut from his new book material that the government says teems with thermonuclear secrets. The author, Kenneth W. Ford, 88, spent his career in academia and has not worked on weapons since 1953. His memoir, ?Building the H Bomb: A Personal History,? is his 10th book. The others are physics texts, elucidations of popular science and a reminiscence on flying small planes. He said he included the disputed material because it had already been disclosed elsewhere and helped him paint a fuller picture of an important chapter of American history. But after he volunteered the manuscript for a security review, federal officials told him to remove about 10 percent of the text, or roughly 5,000 words. ?They wanted to eviscerate the book,? Dr. Ford said in an interview at his home here. ?My first thought was, ?This is so ridiculous I won?t even respond.? ? Instead, he talked with federal officials for half a year before reaching an impasse in late January, a narrative he backs up with many documents laid out neatly on his dining room table, beneath a parade of photographs of some of his seven children and 13 grandchildren. World Scientific, a publisher in Singapore, recently made Dr. Ford?s book public in electronic form, with print versions to follow. Reporters and book review editors have received page proofs. The Department of Energy, the keeper of the nation?s nuclear secrets, declined to comment on the book?s publication. But in an email to Dr. Ford last year, Michael Kolbay, a classification officer at the agency, warned that the book?s discussion of the ?design nuances of a successful thermonuclear weapons program? would ?encourage emerging proliferant programs,? a euphemism for aspiring nuclear powers. In theory, Washington can severely punish leakers. Anyone who comes in contact with classified atomic matters must sign a nondisclosure agreement that warns of criminal penalties and the government?s right to ?all royalties, remunerations and emoluments? that result from the disclosure of secret information. But the reality is that atomic pioneers and other insiders ? in talks, books, articles and television shows ? have divulged many nuclear secrets over the decades and have rarely faced any consequences. The result is a twilight zone of sensitive but never formally declassified public information. The policy of the Energy Department is never to acknowledge the existence of such open atomic secrets, a stance it calls its ?no comment? rule. Yet in preparing his book, Dr. Ford deeply mined this shadowy world of public information. For instance, the federal agency wanted him to strike a reference to the size of the first hydrogen test device ? its base was seven feet wide and 20 feet high. Dr. Ford responded that public photographs of the device, with men, jeeps and a forklift nearby, gave a scale of comparison that clearly revealed its overall dimensions. Steven Aftergood, director of the Project on Government Secrecy for the Federation of American Scientists, a private group in Washington, said he had received page proofs of Dr. Ford?s book and expected that many of its details had run afoul of what he characterized as the agency?s classification whims. ?There are probably real issues intertwined with spurious bureaucratic nonsense,? Mr. Aftergood said. He added that it would not be surprising if the Department of Energy did nothing in response to the book?s publication. ?Any action,? Mr. Aftergood said, ?is only going to magnify interest.? In 1979, the department learned that the hard way when it tried to block a magazine?s release of H-bomb secrets; its failure gave the article a rush of free publicity. A main architect of the hydrogen bomb, Richard L. Garwin, whom Dr. Ford interviewed for the book, describes the memoir in its so-called front matter as ?accurate as well as entertaining.? In an interview, Dr. Garwin said he recalled nothing in the book?s telling of hydrogen bomb history that, in terms of public information, ?hasn?t been reasonably authoritatively stated.? Still, he said, his benign view of the book ?doesn?t mean I encourage people to talk about such things.? Hydrogen bombs are the world?s deadliest weapons. The first test of one, in November 1952, turned the Pacific isle of Elugelab, a mile in diameter, into a boiling mushroom cloud. Today, Britain, China, France, Russia and the United States are the only declared members of the thermonuclear club, each possessing hundreds or thousands of hydrogen bombs. Military experts suspect that Israel has dozens of them. India, Pakistan and North Korea are seen as interested in acquiring the potent weapon. Though difficult to make, hydrogen bombs are attractive to nations and militaries because their fuel is relatively cheap. Inside a thick metal casing, the weapon relies on a small atom bomb that works like a match to ignite the hydrogen fuel. Dr. Ford entered this world by virtue of elite schooling. He graduated from Phillips Exeter Academy in 1944 and Harvard in 1948. While working on his Ph.D. at Princeton, he was drawn into the nation?s hydrogen bomb push by his mentor, John A. Wheeler, a star of modern science. Dr. Ford worked in the shadow of Edward Teller and Stanislaw Ulam, bomb designers at the Los Alamos lab in New Mexico. Early in 1951, they hit on a breakthrough idea: using radiation from the exploding atom bomb to generate vast forces that would compress and heat the hydrogen fuel to the point of thermonuclear ignition. From 1950 to 1952, Dr. Ford worked on the project, first at Los Alamos and then back at Princeton. Among other things, he calculated the likelihood that the compressed fuel would burn thoroughly and estimated the bomb?s explosive power. He received his doctorate in 1953, and remained in academia, teaching at such schools as Brandeis; the University of California, Irvine; and the University of Massachusetts Boston. In the interview at his home, he said he was researching his H-bomb memoir when a historian at the Department of Energy suggested that he submit the manuscript for classification review. He did so, and in August, the agency responded. ?Our team is quite taken with your manuscript,? an official wrote. ?However, some concerns have been identified.? In late September, Dr. Ford met with agency officials. Afterward, in an email, he told them that he remained convinced the book ?contains nothing whatsoever whose dissemination could, by any stretch of the imagination, damage the United States or help a country that is trying to build a hydrogen bomb.? On Nov. 3, Andrew P. Weston-Dawkes, director of the agency?s office of classification, wrote Dr. Ford to say that the review had ?identified portions that must be removed prior to publication.? The ordered cuts, 60 in all, ranged from a single sentence to multiple paragraphs, and included endnotes and illustrations. ?Were I to follow all ? or even most ? of your suggestions,? Dr. Ford wrote in reply, ?it would destroy the book.? In December, he told the department he would make a few minor revisions. For instance, in two cases he would change language describing the explosive yields of bomb tests from ?in fact? to ?reportedly.? After much back and forth, the conversation ended in January with no resolution, and the book?s publisher pressed on. The government?s main concern seems to center on deep science that Dr. Ford articulates with clarity. Over and over, the book discusses thermal equilibrium, the discovery that the temperature of the hydrogen fuel and the radiation could match each other during the explosion. Originally, the perceived lack of such an effect had seemed to doom the proposed weapon. The breakthrough has apparently been discussed openly for years. For instance, the National Academy of Sciences in 2009 published a biographical memoir of Dr. Teller, written by Freeman J. Dyson, a noted physicist with the Institute for Advanced Study in Princeton, N.J. It details the thermal equilibrium advance in relation to the hydrogen bomb. At his home, Dr. Ford said he considered himself a victim of overzealous classification and wondered what would have happened if he had never submitted his manuscript for review. ?I was dumbfounded,? he said of the agency?s reaction to it. Dr. Ford said he never intended to make a point about openness and nuclear secrecy ? or do anything other than to give his own account of a remarkable time in American history. ?I don?t want to strike a blow for humankind,? he said. ?I just want to get my book published.? Correction: March 23, 2015 An earlier version of this article misspelled the surname of the director of the Department of Energy?s office of classification, who wrote to Dr. Ford in November. He is Andrew P. Weston-Dawkes, not Weston-Davis. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 23 19:21:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2015 20:21:46 -0400 Subject: [Infowarrior] - The Battle Is For The Customer Interface Message-ID: <998F116A-2973-4D63-9089-0872113CFE41@infowarrior.org> Uber, the world?s largest taxi company, owns no vehicles. Facebook, the world?s most popular media owner, creates no content. Alibaba, the most valuable retailer, has no inventory. And Airbnb, the world?s largest accommodation provider, owns no real estate. Something interesting is happening. < - > http://techcrunch.com/2015/03/03/in-the-age-of-disintermediation-the-battle-is-all-for-the-customer-interface/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 24 17:21:09 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2015 18:21:09 -0400 Subject: [Infowarrior] - =?windows-1252?q?Copyright_Industry=27s_new_ploy?= =?windows-1252?q?=3A_=27True_Origin=92_Bills?= Message-ID: How The Copyright Industry Wants To Undermine Anonymity & Free Speech: 'True Origin? Bills https://www.techdirt.com/articles/20150324/07243230412/how-copyright-industry-wants-to-undermine-anonymity-free-speech-true-origin-bills.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 24 18:28:32 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2015 19:28:32 -0400 Subject: [Infowarrior] - Cops To Congress: Please Leave Us And Our License Plates Readers Alone Message-ID: <356643C1-9374-4E06-BFCB-02A6C880835F@infowarrior.org> Cops To Congress: Please Leave Us And Our License Plates Readers Alone from the any-limits-will-immediately-result-in-ALL-THE-CRIME dept https://www.techdirt.com/articles/20150316/11593730328/cops-to-congress-please-leave-us-our-license-plates-readers-alone.shtml Poor dears. A bunch of law enforcement associations are worried that they won't be able to keep all that sweet, sweet ALPR (automatic license plate reader) data for as long as they want to. In fact, they're so worried, they've issued a letter in response to a nonexistent legislative threat. < - > Shorter police: "We like our shiny tech tools so much, we've forgotten how to perform police work." If they can't get as much as they can, as often as they can and access it at their leisure, the streets will run red with the blood of the innocent. This sort of thinking goes all the way to the top, where the FBI's James Comey has promised death, molestation and Colombia 2.0 if the government isn't allowed to build itself backdoors in cellphone encryption. How a device that delivers a 0.2% hit rate has become something the cops lean on so heavily they simply can't go on without it is a question that deserves a "transparent" answer, rather than the hitch-in-the-throat talking points delivered here. All anyone wants is something telling cops they can't keep everything for as long as they want. They want privacy impact assessments and honest answers to worrying questions. All we've received so far is unproven claims of the tech's "effectiveness" and the constant pimping of dead children and human trafficking victims, with the existential threat of suppliers delivering product to a receptive market thrown in for good measure. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 26 07:39:57 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 08:39:57 -0400 Subject: [Infowarrior] - It's OK to leak government secrets - as long as it benefits politicians Message-ID: <0C489BF4-F6B7-4013-93B2-24F4B4BF73AE@infowarrior.org> It's OK to leak government secrets - as long as it benefits politicians Trevor Timm @trevortimm Wednesday 25 March 2015 11.15 EDT Last modified on Wednesday 25 March 2015 17.42 EDT http://www.theguardian.com/commentisfree/2015/mar/25/its-ok-to-leak-government-secrets-as-long-as-it-benefits-politicians When it comes to classified information, some leaks are more equal than others. If you are a whistleblower like Edward Snowden, who tells the press about illegal, immoral or embarrassing government actions, you will face jail time. But it?s often another story for US government officials leaking information for their own political benefit. Two stories this week perfectly illustrate this hypocrisy and how, despite their unprecedented crackdown on sources and whistleblowers, the Obama administration - like every administration before it - loves to use leaks, if and when it suits them. Consider a government leak that ran in the New York Times on Monday. The article was about 300 of Hillary Clinton?s now notorious State Department emails, which had been hidden away on her private server for years and were turned over to Congress as part of the never-ending Benghazi investigation. ?Four senior government officials? described the content of her emails to New York Times journalists in minute detail ?on the condition of anonymity because they did not want to jeopardize their access to secret information?. Surely the Obama administration will promptly root out and prosecute those leakers, right? After all, the emails haven?t gone through a security review and the chances of them discussing classified information are extremely high. (Even if they don?t, the Espionage Act doesn?t require the information to be classified anyways, only that information leaked be ?related to national defense?.) But those emails supposedly clear Clinton of any wrongdoing in the Benghazi affair, which likely makes the leak in the administration?s interest. But that disclosure was nothing compared to what appeared in the Wall Street Journal a day later, in the wake of Israel?s Prime Minister Benjamin Netanyahu?s underhanded attempts to derail a nuclear deal with Iran. The Journal reported on Tuesday that not only did Israel spy on Americans negotiating with Iran, but they gave that information to Republicans in Congress, in an attempt to scuttle the deal. How does the US know this? Well, according to the Journal and its government sources, the US itself intercepted communications between Israeli officials that discussed information that could have only come from the US-Iran talks. The disclosure of this fact sounds exactly like the vaunted ?sources and methods? - i.e. how the US conducts surveillance and gets intelligence - that the government continually claims is the most sensitive information they have. It?s why they claim Edward Snowden belongs in jail for decades. So while it?s apparently unacceptable to leak details about surveillance that affects ordinary citizens? privacy, its OK for officials to do so for their own political benefit - and no one raises an eyebrow. We can be quite certain that no one will be prosecuted for the leaks given that they benefitted the administration?s powerful former Secretary of State, and bolsters its position in its public dust-up with Israel. When it comes to leaks, the powerful play by different rules than everyone else - despite the fact that they?ve violated the same law they?ve accused so many other leakers of breaking. That?s why David Petraeus was given a sweetheart plea deal with no jail time after leaking highly classified information to his biographer and lover. (He?s apparently already back advising the White House, despite leaking and then lying to the FBI about the identities of countless covert officers). It?s also the same reason why investigations into a leak suspected to have involved General Cartwright, once known as ?Obama?s favorite general?, have stalled. As the Washington Post reported: the defense ?might try to put the White House?s relationship with reporters and the use of authorized leaks on display, creating a potentially embarrassing distraction for the administration?. Former CIA officer Jeffrey Sterling faces sentencing next month after being found guilty of leaking information to New York Times reporter James Risen. Sterling?s problem is that he leaked information showing a spectacular and embarrassing failure on the CIA?s part - which did not help a powerful politician score points. He is also not a general. As a result, he faces decades in jail. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 26 07:39:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 08:39:53 -0400 Subject: [Infowarrior] - RadioShack puts personal data up for sale in bankruptcy auction Message-ID: <9C977711-BAFC-4B9D-82E6-1B96BA53F3D2@infowarrior.org> RadioShack puts customer's personal data up for sale in bankruptcy auction http://www.itworld.com/article/2901029/radioshack-puts-customers-personal-data-up-for-sale-in-bankruptcy-auction.html Asset sale could include millions of e-mails, physical addresses, and customer names, if legal challenges don't stop it. By Jared Newman PCWorld | March 25, 2015 For years, RadioShack made a habit of collecting customers? contact information at checkout. Now, the bankrupt retailer is putting that data on the auction block. A list of RadioShack assets for sale includes more than 65 million customer names and physical addresses, and 13 million email addresses. Bloomberg reports that the asset sale may include phone numbers and information on shopping habits as well. The auction is already over, with Standard General?a hedge fund and RadioShack?s largest shareholder?reportedly emerging as the victor. But a bankruptcy court still has to approve the deal, and RadioShack faces a couple legal challenges in turning over customer data. As Bloomberg points out, Texas Attorney General Ken Paxton has argued that selling the data would be illegal under state law. Texas doesn?t allow companies to sell personal information in a way that violates their own privacy policies, and signage in RadioShack stores claims that ?We pride ourselves on not selling our private mailing list.? Paxton believes that a data sale would affect 117 million people. Oddly enough, the other privacy defender in this case is AT&T, which wants RadioShack?s data destroyed for competitive reasons. AT&T doesn?t think RadioShack is entitled to the personal information it collected from wireless sales, and may be concerned that the data might fall into another carriers? hands. (One bidder wants to co-brand some RadioShack stores as Sprint locations, Bloomberg reports.) There is precedent for allowing customer data to be auctioned off in bankruptcy proceedings. In 2011, the Federal Trade Commission allowed Borders to auction personal data if the same privacy policy applied, the buyer was in the same line of business, and the data was sold alongside other assets. Standard General, which plans to keep some RadioShack stores open, may try to argue that it?s putting the data to similar uses, Bloomberg reports. Why this matters: As if RadioShack wasn?t obnoxious enough when you had to turn over a phone number just to buy a cable splitter. Now, the store?s trying to go back on its promise to keep that data to itself. It?s one more reason to treat these contact information requests with caution, since you can never be sure where the data will end up. This story, "RadioShack puts customer's personal data up for sale in bankruptcy auction" was originally published by PCWorld. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 26 07:40:05 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 08:40:05 -0400 Subject: [Infowarrior] - Security lessons from GermanWings incident Message-ID: <7FB840F5-9FF6-4876-8271-2206FDD3914A@infowarrior.org> If so, this provides some very important lessons in balancing security with reality, and developing appropriate solutions based on an objective understanding of risk, not on fear alone. --rick http://www.nbcnews.com/storyline/german-plane-crash/germanwings-crash-recordings-could-yield-cockpit-door-clues-n330426 The co-pilot of the crashed Germanwings plane appears to have "intentionally" forced the jet into a descent while his captain was locked out of the cockpit, prosecutors said Thursday. < - > "Banging" sounds were also heard, suggesting the captain was trying to force his way back into the cockpit. However, the reinforced cockpit door was locked from the inside and could not be overridden, even with a coded entry panel. "If he had been able to open this door, the captain would have done it," Brice said. < - > Many airlines, especially U.S. carriers, have a flight attendant come into the flight deck if a pilot leaves, for example during a bathroom break. While Lufthansa earlier Thursday would not comment on its cockpit security procedures, it said it followed rules set out by German authorities that allow temporary absence from the flight deck. Former pilots and aviation experts told NBC News that most planes have coded entry door controls, but these can be overridden with a double lock ? a practice implemented industry-wide after the 9/11 attacks. "The cockpit has the ultimate control of the door," said former pilot Captain John Cox. "If it is placed in the override mode then no matter what is done with the code pad, the door will remain locked. The security people were very firm on the need for the flight deck to remain the ultimate authority." "It's likely that an airline like Lufthansa will have fitted the highest specification of security technology," said David Gleave, an aviation safety investigator based at Loughborough University near Leicester, England. "These reinforced doors are designed to be very strong ? they can't be smashed open. That's the point of them." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 07:40:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 08:40:10 -0400 Subject: [Infowarrior] - TPP: It's worse than we thought Message-ID: Corporate Sovereignty Provisions Of TPP Agreement Leaked Via Wikileaks: Would Massively Undermine Government Sovereignty https://www.techdirt.com/articles/20150325/17151130431/corporate-sovereignty-provisions-tpp-agreement-leaked-via-wikileaks-would-massively-undermine-government-sovereignty.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 07:50:21 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 08:50:21 -0400 Subject: [Infowarrior] - USG Wins Dozens of Millions From Kim Dotcom Message-ID: U.S. Government Wins Dozens of Millions From Kim Dotcom ? By Ernesto ? on March 26, 2015 http://torrentfreak.com/u-s-government-wins-dozens-of-millions-from-kim-dotcom-150326/ The U.S. Government has won its civil forfeiture case against Megaupload and Kim Dotcom. As a result, the U.S. now owns Kim Dotcom's bank accounts, cars, art and other property worth dozens of millions of dollars. Megaupload's founder describes the ruling as unjust and says his team will file an appeal at a higher court. Following the 2012 raid on Megaupload and Kim Dotcom, U.S. and New Zealand authorities seized millions of dollars in cash and other property. Claiming the assets were obtained through copyright and money laundering crimes, last July the U.S. government launched a separate civil action in which it asked the court to forfeit the bank accounts, cars and other seized possessions of the Megaupload defendants. Megaupload?s defense heavily protested the request but was found to have no standing, as Dotcom and his colleagues can be seen as fugitives. A few hours ago District Court Judge Liam O?Grady ordered a default judgment in favor of the U.S. Government. This means that the contested assets, which are worth an estimated $67 million, now belong to the United States. ?It all belongs to the U.S. government now. No trial. No due process,? Dotcom informs TF. More than a dozen Hong Kong and New Zealand bank accounts have now been forfeited (pdf) including some of the property purchased through them. The accounts all processed money that was obtained through Megaupload?s alleged illegal activities. The list of forfeited assets further includes several luxury cars, such as a silver Mercedes-Benz CLK DTM and a 1959 pink Cadillac, two 108? Sharp LCD TVs and four jet skis. The memorandum issued by Judge O?Grady repeats many of the allegations in the original indictment. It lists links to infringing materials that could be found on the site and claims that Megaupload purposefully obfuscated its illegal intent. Dotcom refutes these claims as ?Hollywood nonsense? and maintains that Megaupload was operating legally and cooperated with copyright holders when required. ?The default judgment is so thick with DOJ and Hollywood nonsense that one might think they drafted it,? Dotcom says. The New Zealand based entrepreneur believes that it?s been an unfair battle thus far, and with his assets now going to the U.S. it?s certainly not getting any easier. But while the ruling is a huge blow, it also opens up the possibility to have the case reviewed by a higher court. ?For the first time we get the opportunity to test the decisions of this Judge at a higher court. Because of the way his previous rulings were designed he made an appeal impossible. But we now can and probably will appeal O?Grady?s decision on fugitive disentitlement and forfeiture,? Dotcom notes. For now, however, the successful forfeiture request is the U.S. Government?s first major victory against Megaupload. Meanwhile, Dotcom and his fellow Megaupload defendants are still waiting to hear whether they will be sent to the U.S. to stand trial. The extradition hearing will start early June, after a request from Dotcom?s lawyers to postpone it was turned down earlier this week. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 11:15:03 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 12:15:03 -0400 Subject: [Infowarrior] - US Declassifies Document Revealing Israel's Nuclear Program Message-ID: <59E7AD2D-77A9-40A1-9D45-34629D2BC367@infowarrior.org> (at least confirming the decades-old open secret, anyway. --rick) US Declassifies Document Revealing Israel's Nuclear Program Obama revenge for Netanyahu's Congress talk? 1987 report on Israel's top secret nuclear program released in unprecedented move. By Ari Yashar, Matt Wanderman First Publish: 3/25/2015, 8:00 PM http://www.israelnationalnews.com/News/News.aspx/193175#.VRQvN0bshj- In a development that has largely been missed by mainstream media, the Pentagon early last month quietly declassified a Department of Defense top-secret document detailing Israel's nuclear program, a highly covert topic that Israel has never formally announced to avoid a regional nuclear arms race, and which the US until now has respected by remaining silent. But by publishing the declassified document from 1987, the US reportedly breached the silent agreement to keep quiet on Israel's nuclear powers for the first time ever, detailing the nuclear program in great depth. The timing of the revelation is highly suspect, given that it came as tensions spiraled out of control between Prime Minister Binyamin Netanyahu and US President Barack Obama ahead of Netanyahu's March 3 address in Congress, in which he warned against the dangers of Iran's nuclear program and how the deal being formed on that program leaves the Islamic regime with nuclear breakout capabilities. Another highly suspicious aspect of the document is that while the Pentagon saw fit to declassify sections on Israel's sensitive nuclear program, it kept sections on Italy, France, West Germany and other NATO countries classified, with those sections blocked out in the document. The 386-page report entitled "Critical Technological Assessment in Israel and NATO Nations" gives a detailed description of how Israel advanced its military technology and developed its nuclear infrastructure and research in the 1970s and 1980s. Israel is "developing the kind of codes which will enable them to make hydrogen bombs. That is, codes which detail fission and fusion processes on a microscopic and macroscopic level," reveals the report, stating that in the 1980s Israelis were reaching the ability to create bombs considered a thousand times more powerful than atom bombs. The revelation marks a first in which the US published in a document a description of how Israel attained hydrogen bombs. The report also notes research laboratories in Israel "are equivalent to our Los Alamos, Lawrence Livermore and Oak Ridge National Laboratories," the key labs in developing America's nuclear arsenal. Israel's nuclear infrastructure is "an almost exact parallel of the capability currently existing at our National Laboratories," it adds. "As far as nuclear technology is concerned the Israelis are roughly where the U.S. was in the fission weapon field in about 1955 to 1960," the report reveals, noting a time frame just after America tested its first hydrogen bomb. Institute for Defense Analysis, a federally funded agency operating under the Pentagon, penned the report back in 1987. Aside from nuclear capabilities, the report revealed Israel at the time had "a totally integrated effort in systems development throughout the nation," with electronic combat all in one "integrated system, not separated systems for the Army, Navy and Air Force." It even acknowledged that in some cases, Israeli military technology "is more advanced than in the U.S." Declassifying the report comes at a sensitive timing as noted above, and given that the process to have it published was started three years ago, that timing is seen as having been the choice of the American government. US journalist Grant Smith petitioned to have the report published based on the Freedom of Information Act. Initially the Pentagon took its time answering, leading Smith to sue, and a District Court judge to order the Pentagon to respond to the request. Smith, who heads the Institute for Research: Middle East Policy, reportedly said he thinks this is the first time the US government has officially confirmed that Israel is a nuclear power, a status that Israel has long been widely known to have despite being undeclared. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 13:51:52 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 14:51:52 -0400 Subject: [Infowarrior] - FBI Quietly Removes Recommendation To Encrypt Your Phone Message-ID: FBI Quietly Removes Recommendation To Encrypt Your Phone... As FBI Director Warns How Encryption Will Lead To Tears https://www.techdirt.com/articles/20150325/17430330432/fbi-quietly-removes-recommendation-to-encrypt-your-phone-as-fbi-director-warns-how-encryption-will-lead-to-tears.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 13:51:49 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 14:51:49 -0400 Subject: [Infowarrior] - House effort would completely dismantle Patriot Act Message-ID: <6B5AA17C-A946-400F-88E3-19B9F8FFBFF9@infowarrior.org> (Nice idea, doubt it'll go very far. Because, politics.fear, blame, and job security. --rick) House effort would completely dismantle Patriot Act By Julian Hattem - 03/24/15 01:42 PM EDT http://thehill.com/policy/technology/236769-house-effort-would-completely-dismantle-patriot-act A pair of House lawmakers wants to completely repeal the Patriot Act and other legal provisions to dramatically rein in American spying. Reps. Mark Pocan (D-Wis.) and Thomas Massie (R-Ky.) on Tuesday unveiled their Surveillance State Repeal Act, which would overhaul American spying powers unlike any other effort to reform the National Security Agency. ?This isn?t just tinkering around the edges,? Pocan said during a Capitol Hill briefing on the legislation. ?This is a meaningful overhaul of the system, getting rid of essentially all parameters of the Patriot Act.? The bill would completely repeal the Patriot Act, the sweeping national security law passed in the days after Sept. 11, 2001, as well as the 2008 FISA Amendments Act, another spying law that the NSA has used to justify collecting vast swaths of people's communications through the Internet. It would also reform the secretive court that oversees the nation?s spying powers, prevent the government from forcing tech companies to create ?backdoors? into their devices and create additional protections for whistleblowers. ?Really, what we need are new whistleblower protections so that the next Edward Snowden doesn?t have to go to Russia or Hong Kong or whatever the case may be just for disclosing this,? Massie said. The bill is likely to be a nonstarter for leaders in Congress, who have been worried that even much milder reforms to the nation?s spying laws would tragically handicap the nation?s ability to fight terrorists. A similar bill was introduced in 2013 but failed to gain any movement in the House. Yet advocates might be hoping that their firm opposition to government spying will seem more attractive in coming weeks, as lawmakers race to beat a June 1 deadline for reauthorizing portions of the Patriot Act. Reformers have eyed that deadline as their last best chance for reforming some controversial NSA programs, after an effort failed in the Senate last year. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 15:49:29 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 16:49:29 -0400 Subject: [Infowarrior] - FCC 'releases' Stingray users manual Message-ID: <57092418-37F2-4EF9-85AA-5FE71EFABC77@infowarrior.org> ... if by 'release' we refer to a document that's more than 80% redacted, presumably under a very broad interpretation of the exclusion categories. http://cryptome.org/2015/03/fcc-stingray-final.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 26 15:51:21 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2015 16:51:21 -0400 Subject: [Infowarrior] - RSA Conference Banning 'Booth Babes' Message-ID: RSA Conference bans ?booth babes? http://www.networkworld.com/article/2902752/security0/rsa-conference-bans-booth-babes.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 27 13:23:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2015 14:23:17 -0400 Subject: [Infowarrior] - =?utf-8?b?VFNB4oCZcyBTZWNyZXQgKCJCUyIpIEJlaGF2?= =?utf-8?q?ior_Checklist_to_Spot_Terrorists?= Message-ID: <161CCB81-72C4-4C5C-95BB-EC52923F7C02@infowarrior.org> Exclusive: TSA?s Secret Behavior Checklist to Spot Terrorists By Jana Winter and Cora Currier @janawinter at coracurrier Today at 9:59 AM https://firstlook.org/theintercept/2015/03/27/revealed-tsas-closely-held-behavior-checklist-spot-terrorists/ Fidgeting, whistling, sweaty palms. Add one point each. Arrogance, a cold penetrating stare, and rigid posture, two points. These are just a few of the suspicious signs that the Transportation Security Administration directs its officers to look out for ? and score ? in airport travelers, according to a confidential TSA document obtained exclusively by The Intercept. The checklist is part of TSA?s controversial program to identify potential terrorists based on behaviors that it thinks indicate stress or deception ? known as the Screening of Passengers by Observation Techniques, or SPOT. The program employs specially trained officers, known as Behavior Detection Officers, to watch and interact with passengers going through screening. The document listing the criteria, known as the ?Spot Referral Report,? is not classified, but it has been closely held by TSA and has not been previously released. A copy was provided to The Intercept by a source concerned about the quality of the program. The checklist ranges from the mind-numbingly obvious, like ?appears to be in disguise,? which is worth three points, to the downright dubious, like a bobbing Adam?s apple. Many indicators, like ?trembling? and ?arriving late for flight,? appear to confirm allegations that the program picks out signs and emotions that are common to many people who fly. A TSA spokesperson declined to comment on the criteria obtained by The Intercept. ?Behavior detection, which is just one element of the Transportation Security Administration?s (TSA) efforts to mitigate threats against the traveling public, is vital to TSA?s layered approach to deter, detect and disrupt individuals who pose a threat to aviation,? a spokesperson said in an emailed statement. Since its introduction in 2007, the SPOT program has attracted controversy for the lack of science supporting it. In 2013, the Government Accountability Office found that there was no evidence to back up the idea that ?behavioral indicators ? can be used to identify persons who may pose a risk to aviation security.? After analyzing hundreds of scientific studies, the GAO concluded that ?the human ability to accurately identify deceptive behavior based on behavioral indicators is the same as or slightly better than chance.? The inspector general of the Department of Homeland Security found in 2013 that TSA had failed to evaluate SPOT, and ?cannot ensure that passengers at United States airports are screened objectively, show that the program is cost-effective, or reasonably justify the program?s expansion.? Despite those concerns, TSA has trained and deployed thousands of Behavior Detection Officers, and the program has cost more than $900 million since it began in 2007, according to the GAO. The 92-point checklist listed in the ?Spot Referral Report? is divided into various categories with a point score for each. Those categories include a preliminary ?observation and behavior analysis,? and then those passengers pulled over for additional inspection are scored based on two more categories: whether they have ?unusual items,? like almanacs and ?numerous prepaid calling cards or cell phones,? and a final category for ?signs of deception,? which include ?covers mouth with hand when speaking? and ?fast eye blink rate. Points can also be deducted from someone?s score based on observations about the traveler that make him or her less likely, in TSA?s eyes, to be a terrorist. For example, ?apparent? married couples, if both people are over 55, have two points deducted off their score. Women over the age of 55 have one pointed deducted; for men, the point deduction doesn?t come until they reach 65. Last week, the ACLU sued TSA to obtain records related to its behavior detection programs, alleging that they lead to racial profiling. The lawsuit is based on a Freedom of Information Act request the ACLU filed last November asking for numerous documents related to the program, including the scientific justification for the program, changes to the list of behavior indicators, materials used to train officers and screen passengers, and what happens to the information collected on travelers. ?The TSA has insisted on keeping documents about SPOT secret, but the agency can?t hide the fact that there?s no evidence the program works,? said Hugh Handeyside, staff attorney with the ACLU National Security Project, in a statement announcing the lawsuit. Being on the lookout for suspicious behavior is a ?common sense approach? that is used by law enforcement, according to TSA. ?No single behavior alone will cause a traveler to be referred to additional screening or will result in a call to a law enforcement officer (LEO),? the agency said in its emailed statement. ?Officers are trained and audited to ensure referrals for additional screening are based only on observable behaviors and not race or ethnicity.? One former Behavior Detection Officer manager, who asked not to be identified, said that SPOT indicators are used by law enforcement to justify pulling aside anyone officers find suspicious, rather than acting as an actual checklist for specific indicators. ?The SPOT sheet was designed in such a way that virtually every passenger will exhibit multiple ?behaviors? that can be assigned a SPOT sheet value,? the former manager said. The signs of deception and fear ?are ridiculous,? the source continued. ?These are just ?catch all? behaviors to justify BDO interaction with a passenger. A license to harass.? The observations of a TSA screener or a Behavior Detection Officer shouldn?t be the basis for referring someone to law enforcement. ?The program is flawed and unnecessarily delays and harasses travelers. Taxpayer dollars would be better spent funding real police at TSA checkpoints,? the former manager said. A second former Behavior Detection Officer manager, who also asked not to be identified, told The Intercept that the program suffers from lack of science and simple inconsistency, with every airport training its officers differently. ?The SPOT program is bullshit,? the manager told The Intercept. ?Complete bullshit.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 27 15:20:32 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2015 16:20:32 -0400 Subject: [Infowarrior] - Amazon's excessive noncompete for warehouse staff Message-ID: <0F956689-32F4-4F88-8CF5-D8BFA1782F57@infowarrior.org> Exclusive: Amazon makes even temporary warehouse workers sign 18-month non-competes Contract says it can limit jobs across the globe ? By Spencer Woodman ? on March 26, 2015 11:44 am http://www.theverge.com/2015/3/26/8280309/amazon-warehouse-jobs-exclusive-noncompete-contracts -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 27 18:06:49 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2015 19:06:49 -0400 Subject: [Infowarrior] - Amazon reverses on the noncompete thing Message-ID: <5F302F05-414D-4FE9-9FE4-A71652EBEDBE@infowarrior.org> Amazon does an about-face on controversial warehouse worker non-compete contracts Company says it's removing a clause that could keep hourly employees from working elsewhere for 18 months ? By Josh Lowensohn ? on March 27, 2015 06:36 pm http://www.theverge.com/2015/3/27/8303229/amazon-reverses-noncompete-contract-rules Amazon is rolling back a controversial non-compete clause in its contracts for warehouse workers (including temporary ones) that could have kept them from working at competing companies for a year and a half. The Guardian reports that the company is removing that from its worker contracts immediately. A company spokesperson added that "that clause hasn?t been applied to hourly associates." A very wide-ranging clause The controversial contract details were first reported by The Verge yesterday, and quickly drew public ire given their broad scope. Amazon sells just about everything, and the clause in question prohibited workers from going to a company that "directly or indirectly" competed with Amazon after their tenure. It was also a standard operating procedure for workers to reaffirm their contracts, which included the non-compete clause, after being laid off, in exchange for severance. Amazon did not respond to repeated requests for comments before the publishing of The Verge's initial report on the contracts, and did not immediately respond to a request for comment on this latest change. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 27 18:41:25 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2015 19:41:25 -0400 Subject: [Infowarrior] - Night vision eyedrops allow vision of up to 50m in darkness Message-ID: <81984095-BE54-44F2-9A3C-8F0D4DA41F2C@infowarrior.org> Night vision eyedrops allow vision of up to 50m in darkness http://www.independent.co.uk/life-style/gadgets-and-tech/news/night-vision-eyedrops-allow-vision-of-up-to-50m-in-darkness-10138046.html The eyedrops were created by a team of independent Californian biohackers JAMIE CAMPBELL Friday 27 March 2015 It might sound like something straight out of Q?s laboratory or the latest Marvel film but a group of scientists in California have successfully created eye drops that temporarily enable night vision. Science for the Masses, an independent ?citizen science? organisation that operates from the city of Tehacapi, theorised that Chlorin e6 (Ce6), a natural molecule that can be created from algae and other green plants, could enhance eyesight in dark environments. The molecule is found in some deep sea fish, forms the basis of some cancer therapies and has been previously prescribed intravenously for night blindness. The average torch will allow you to see around 10 metres ahead of you Jeff Tibbets, the lab?s medical officer, said: ?There are a fair amount of papers talking about having injected it in models like rats and it?s been used intravenously since the 60s as treatments for different cancers. After doing the research, you have to take the next step.? The next step was to moisten the eyes of biochemical researcher and willing guinea pig Gabriel Licina?s eyes with 50 microlitres of Ce6. The effect was apparently almost instantaneous and, after an hour, he was able to distinguish shapes from 10 metres away in the dark and soon at even greater distances. ?We had people go stand in the woods,? Licina said, ?At 50 metres, I could figure who they were, even if they were standing up against a tree.? The control group without Ce6 were only able to pick out the objects a third of the time, while Licina?s success was 100 per cent. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 28 09:40:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2015 10:40:46 -0400 Subject: [Infowarrior] - Va. Gov. amends license plate reader bill, angers legislators Message-ID: <17028823-274A-41E5-B892-27DD518850E9@infowarrior.org> Va. Gov. McAuliffe amends license plate reader bill, angers legislators By Tom Jackman March 27 at 5:50 PM http://www.washingtonpost.com/news/local/wp/2015/03/27/va-gov-mcauliffe-amends-license-plate-reader-bill-angers-legislators/ A move by Virginia legislators to limit the police use of data from automated license plate readers, and ?any surveillance technology? used by law enforcement, hit a bump Friday afternoon when Gov. Terry McAuliffe (D) amended the General Assembly?s bill, provoking an angry response from the bill?s sponsors and setting up a showdown next month in Richmond. The General Assembly overwhelmingly approved a bill last month which would require police to purge the data from license plate readers within seven days, unless they have a warrant or a pending criminal or terrorism case. The readers, typically installed on the back of moving patrol cars, photograph hundreds of license plates per minute and record the time and location each shot was taken. An instant check of databases can determine if a car is stolen or otherwise wanted, but police can also save the data and review it later to see if a suspect was photographed near the scene of a crime or to locate a missing person. < - > Civil libertarians balked at the possibilities for abuse and invasion of privacy by law enforcement, and after a story in The Washington Post revealed the ongoing practice by police, legislation was first introduced last year and a bipartisan privacy caucus was launched. This year, bills authored by Sen. Chap Petersen (D-Fairfax) and Del. Richard L. Anderson (R-Prince William) proposed not only a seven-day limit on data retention for license plate readers but ?any surveillance technology,? to include body cameras, dashboard cameras, and any future technology police might devise. The legislation passed the Senate 38-0 and the House 95-4. But on Friday, McAuliffe changed the seven-day limit to 60 days, and changed ?any surveillance technology? to ?license plate readers.? Brian Moran, the Secretary of Public Safety and Homeland Security, said Friday that he had ?been informed by numerous law enforcement agencies that license plate readers result in salient and compelling information. The governor?s amendment?represents a significant compromise by law enforcement. The governor believes 60 days is a more appropriate period of time and reaches a compromise with the legislature that?s reasonable.? < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 28 18:29:09 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2015 19:29:09 -0400 Subject: [Infowarrior] - Fwd: referral: The Shut-In Economy References: <20150328013910.C3A87228154@palinka.tinho.net> Message-ID: -- It's better to burn out than fade away. Begin forwarded message: > From: dan > https://medium.com/matter/the-shut-in-economy-ec3ec1294816 > > The Shut-In Economy > By Lauren Smiley > > In the new world of on-demand everything, you're either pampered, > isolated royalty -- or you're a 21st century servant. > > > From rforno at infowarrior.org Sat Mar 28 20:01:18 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2015 21:01:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?Why_America=92s_obsession_with_S?= =?windows-1252?q?TEM_education_is_dangerous?= Message-ID: Why America?s obsession with STEM education is dangerous By Fareed Zakaria March 26 http://www.washingtonpost.com/opinions/why-stem-wont-make-us-successful/2015/03/26/5f4604f2-d2a5-11e4-ab77-9646eea6a4c7_story.html Fareed Zakaria, a columnist for The Washington Post, is the host of ?Fareed Zakaria GPS? on CNN and the author of ?In Defense of a Liberal Education.? If Americans are united in any conviction these days, it is that we urgently need to shift the country?s education toward the teaching of specific, technical skills. Every month, it seems, we hear about our children?s bad test scores in math and science ? and about new initiatives from companies, universities or foundations to expand STEM courses (science, technology, engineering and math) and deemphasize the humanities. From President Obama on down, public officials have cautioned against pursuing degrees like art history, which are seen as expensive luxuries in today?s world. Republicans want to go several steps further and defund these kinds of majors. ?Is it a vital interest of the state to have more anthropologists?? asked Florida?s Gov. Rick Scott. ?I don?t think so.? America?s last bipartisan cause is this: A liberal education is irrelevant, and technical training is the new path forward. It is the only way, we are told, to ensure that Americans survive in an age defined by technology and shaped by global competition. The stakes could not be higher. This dismissal of broad-based learning, however, comes from a fundamental misreading of the facts ? and puts America on a dangerously narrow path for the future. The United States has led the world in economic dynamism, innovation and entrepreneurship thanks to exactly the kind of teaching we are now told to defenestrate. A broad general education helps foster critical thinking and creativity. Exposure to a variety of fields produces synergy and cross fertilization. Yes, science and technology are crucial components of this education, but so are English and philosophy. When unveiling a new edition of the iPad, Steve Jobs explained that ?it?s in Apple?s DNA that technology alone is not enough ? that it?s technology married with liberal arts, married with the humanities, that yields us the result that makes our hearts sing.? Innovation is not simply a technical matter but rather one of understanding how people and societies work, what they need and want. America will not dominate the 21st century by making cheaper computer chips but instead by constantly reimagining how computers and other new technologies interact with human beings. For most of its history, the United States was unique in offering a well-rounded education. In their comprehensive study, ?The Race Between Education and Technology,? Harvard?s Claudia Goldin and Lawrence Katz point out that in the 19th century, countries like Britain, France and Germany educated only a few and put them through narrow programs designed to impart only the skills crucial to their professions. America, by contrast, provided mass general education because people were not rooted in specific locations with long-established trades that offered the only paths forward for young men. And the American economy historically changed so quickly that the nature of work and the requirements for success tended to shift from one generation to the next. People didn?t want to lock themselves into one professional guild or learn one specific skill for life. That was appropriate in another era, the technologists argue, but it is dangerous in today?s world. Look at where American kids stand compared with their peers abroad. The most recent international test, conducted in 2012, found that among the 34 members of the Organization for Economic Cooperation and Development, the United States ranked 27th in math, 20th in science and 17th in reading. If rankings across the three subjects are averaged, the United States comes in 21st, trailing nations such as the Czech Republic, Poland, Slovenia and Estonia. In truth, though, the United States has never done well on international tests, and they are not good predictors of our national success. Since 1964, when the first such exam was administered to 13-year-olds in 12 countries, America has lagged behind its peers, rarely rising above the middle of the pack and doing particularly poorly in science and math. And yet over these past five decades, that same laggard country has dominated the world of science, technology, research and innovation. Consider the same pattern in two other highly innovative countries, Sweden and Israel. Israel ranks first in the world in venture-capital investments as a percentage of GDP; the United States ranks second, and Sweden is sixth, ahead of Great Britain and Germany. These nations do well by most measures of innovation, such as research and development spending and the number of high-tech companies as a share of all public companies. Yet all three countries fare surprisingly poorly in the OECD test rankings. Sweden and Israel performed even worse than the United States on the 2012 assessment, landing overall at 28th and 29th, respectively, among the 34 most-developed economies. But other than bad test-takers, their economies have a few important traits in common: They are flexible. Their work cultures are non-hierarchical and merit-based. All operate like young countries, with energy and dynamism. All three are open societies, happy to let in the world?s ideas, goods and services. And people in all three nations are confident ? a characteristic that can be measured. Despite ranking 27th and 30th in math, respectively, American and Israeli students came out at the top in their belief in their math abilities, if one tallies up their responses to survey questions about their skills. Sweden came in seventh, even though its math ranking was 28th. Thirty years ago, William Bennett, the Reagan-era secretary of education, noticed this disparity between achievement and confidence and quipped, ?This country is a lot better at teaching self-esteem than it is at teaching math.? It?s a funny line, but there is actually something powerful in the plucky confidence of American, Swedish and Israeli students. It allows them to challenge their elders, start companies, persist when others think they are wrong and pick themselves up when they fail. Too much confidence runs the risk of self-delusion, but the trait is an essential ingredient for entrepreneurship. My point is not that it?s good that American students fare poorly on these tests. It isn?t. Asian countries like Japan and South Korea have benefitted enormously from having skilled workforces. But technical chops are just one ingredient needed for innovation and economic success. America overcomes its disadvantage ? a less-technically-trained workforce ? with other advantages such as creativity, critical thinking and an optimistic outlook. A country like Japan, by contrast, can?t do as much with its well-trained workers because it lacks many of the factors that produce continuous innovation. Americans should be careful before they try to mimic Asian educational systems, which are oriented around memorization and test-taking. I went through that kind of system. It has its strengths, but it?s not conducive to thinking, problem solving or creativity. That?s why most Asian countries, from Singapore to South Korea to India, are trying to add features of a liberal education to their systems. Jack Ma, the founder of China?s Internet behemoth Alibaba, recently hypothesized in a speech that the Chinese are not as innovative as Westerners because China?s educational system, which teaches the basics very well, does not nourish a student?s complete intelligence, allowing her to range freely, experiment and enjoy herself while learning: ?Many painters learn by having fun, many works [of art and literature] are the products of having fun. So, our entrepreneurs need to learn how to have fun, too.? No matter how strong your math and science skills are, you still need to know how to learn, think and even write. Jeff Bezos, the founder of Amazon (and the owner of this newspaper), insists that his senior executives write memos, often as long as six printed pages, and begins senior-management meetings with a period of quiet time, sometimes as long as 30 minutes, while everyone reads the ?narratives? to themselves and makes notes on them. In an interview with Fortune?s Adam Lashinsky, Bezos said: ?Full sentences are harder to write. They have verbs. The paragraphs have topic sentences. There is no way to write a six-page, narratively structured memo and not have clear thinking.? Companies often prefer strong basics to narrow expertise. Andrew Benett, a management consultant, surveyed 100 business leaders and found that 84 of them said they would rather hire smart, passionate people, even if they didn?t have the exact skills their companies needed. Innovation in business has always involved insights beyond technology. Consider the case of Facebook. Mark Zuckerberg was a classic liberal arts student who also happened to be passionately interested in computers. He studied ancient Greek intensively in high school and majored in psychology while he attended college. And Facebook?s innovations have a lot to do with psychology. Zuckerberg has often pointed out that before Facebook was created, most people shielded their identities on the Internet. It was a land of anonymity. Facebook?s insight was that it could create a culture of real identities, where people would voluntarily expose themselves to their friends, and this would become a transformative platform. Of course, Zuckerberg understands computers deeply and uses great coders to put his ideas into practice, but as he has put it, Facebook is ?as much psychology and sociology as it is technology.? Twenty years ago, tech companies might have survived simply as product manufacturers. Now they have to be on the cutting edge of design, marketing and social networking. You can make a sneaker equally well in many parts of the world, but you can?t sell it for $300 unless you?ve built a story around it. The same is true for cars, clothes and coffee. The value added is in the brand ? how it is imagined, presented, sold and sustained. Or consider America?s vast entertainment industry, built around stories, songs, design and creativity. All of this requires skills far beyond the offerings of a narrow STEM curriculum. Critical thinking is, in the end, the only way to protect American jobs. David Autor, the MIT economist who has most carefully studied the impact of technology and globalization on labor, writes that ?human tasks that have proved most amenable to computerization are those that follow explicit, codifiable procedures ? such as multiplication ? where computers now vastly exceed human labor in speed, quality, accuracy, and cost efficiency. Tasks that have proved most vexing to automate are those that demand flexibility, judgment, and common sense ? skills that we understand only tacitly ? for example, developing a hypothesis or organizing a closet.? In 2013, two Oxford scholars conducted a comprehensive study on employment and found that, for workers to avoid the computerization of their jobs, ?they will have to acquire creative and social skills.? This doesn?t in any way detract from the need for training in technology, but it does suggest that as we work with computers (which is really the future of all work), the most valuable skills will be the ones that are uniquely human, that computers cannot quite figure out ? yet. And for those jobs, and that life, you could not do better than to follow your passion, engage with a breadth of material in both science and the humanities, and perhaps above all, study the human condition. One final reason to value a liberal education lies in its roots. For most of human history, all education was skills-based. Hunters, farmers and warriors taught their young to hunt, farm and fight. But about 2,500 years ago, that changed in Greece, which began to experiment with a new form of government: democracy. This innovation in government required an innovation in education. Basic skills for sustenance were no longer sufficient. Citizens also had to learn how to manage their own societies and practice self-government. They still do. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 29 17:13:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2015 18:13:44 -0400 Subject: [Infowarrior] - Before Snowden Leaks, NSA Mulled Ending Phone Program Message-ID: Before Edward Snowden Leaks, NSA Mulled Ending Phone Program By KEN DILANIAN Posted: 03/29/2015 8:06 am EDT Updated: 5 hours ago http://www.huffingtonpost.com/2015/03/29/nsa-phone-program_n_6963804.html WASHINGTON (AP) ? The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits. After the leak and the collective surprise around the world, NSA leaders strongly defended the phone records program to Congress and the public, but without disclosing the internal debate. The proposal to kill the program was circulating among top managers but had not yet reached the desk of Gen. Keith Alexander, then the NSA director, according to current and former intelligence officials who would not be quoted because the details are sensitive. Two former senior NSA officials say they doubt Alexander would have approved it. Still, the behind-the-scenes NSA concerns, which have not been reported previously, could be relevant as Congress decides whether to renew or modify the phone records collection when the law authorizing it expires in June. The internal critics pointed out that the already high costs of vacuuming up and storing the "to and from" information from nearly every domestic landline call were rising, the system was not capturing most cellphone calls, and program was not central to unraveling terrorist plots, the officials said. They worried about public outrage if the program ever was revealed. After the program was disclosed, civil liberties advocates attacked it, saying the records could give a secret intelligence agency a road map to Americans' private activities. NSA officials presented a forceful rebuttal that helped shaped public opinion. Responding to widespread criticism, President Barack Obama in January 2014 proposed that the NSA stop collecting the records, but instead request them when needed in terrorism investigations from telephone companies, which tend to keep them for 18 months. Yet the president has insisted that legislation is required to adopt his proposal, and Congress has not acted. So the NSA continues to collect and store records of private U.S. phone calls for use in terrorism investigations under Section 215 of the Patriot Act. Many lawmakers want the program to continue as is. Alexander argued that the program was an essential tool because it allows the FBI and the NSA to hunt for domestic plots by searching American calling records against phone numbers associated with international terrorists. He and other NSA officials support Obama's plan to let the phone companies keep the data, as long as the government quickly can search it. Civil liberties activists say it was never a good idea to allow a secret intelligence agency to store records of Americans' private phone calls, and some are not sure the government should search them in bulk. They say government can point to only a single domestic terrorism defendant who was implicated by a phone records search under the program, a San Diego taxi driver who was convicted of raising $15,000 for a Somali terrorist group. Some fault NSA for failing to disclose the internal debate about the program. "This is consistent with our experience with the intelligence community," said Rep. Justin Amash, R-Mich. "Even when we have classified briefings, it's like a game of 20 questions and we can't get to the bottom of anything." The proposal to halt phone records collection that was circulating in 2013 was separate from a 2009 examination of the program by NSA, sparked by objections from a senior NSA official, reported in November by The Associated Press. In that case, a senior NSA code breaker learned about the program and concluded it was wrong for the agency to collect and store American records. The NSA enlisted the Justice Department in an examination of whether the search function could be preserved with the records stores by the phone companies. That would not work without a change in the law, the review concluded. Alexander, who retired in March 2014, opted to continue the program as is. But the internal debate continued, current and former officials say, and critics within the NSA pressed their case against the program. To them, the program had become an expensive insurance policy with an increasing number of loopholes, given the lack of mobile data. They also knew it would be deeply controversial if made public. By 2013, some NSA officials were ready to stop the bulk collection even though they knew they would lose the ability to search a database of U.S. calling records. As always, the FBI still would be able to obtain the phone records of suspects through a court order. There was a precedent for ending collection cold turkey. Two years earlier, the NSA cited similar cost-benefit calculations when it stopped another secret program under which it was collecting Americans' email metadata ? information showing who was communicating with whom, but not the content of the messages. That decision was made public via the Snowden leaks. Alexander believed that the FBI and the NSA were still getting crucial value out of the phone records program, in contrast to the email records program, former NSA officials say. After the Snowden leaks, independent experts who looked at the program didn't agree. A presidential task force examined NSA surveillance and recommended ending the phone records collection, saying it posed unacceptable privacy risks while doing little if anything to stop terrorism. The task force included Michael Morell, a former deputy CIA director, and Richard Clarke, a former White House counter terrorism adviser. "We cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide that this massive database of extraordinarily sensitive private information is there for the plucking," the report said. Times, dates and numbers called can provide a window into a person's activities and connections. A separate inquiry by the Privacy and Civil Liberties Oversight Board concluded the same thing. David Medine, chairman of that board, said the concerns raised internally by NSA officials were the same as theirs, yet when NSA officials came before the privacy board, they "put on a pretty strong defense for the program. Except their success stories didn't pan out," he said. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 29 21:00:05 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2015 22:00:05 -0400 Subject: [Infowarrior] - The FBI Would Like Us All to Unencrypt Our Phones Message-ID: <4AB83897-A0F1-4D1B-BA4A-A61515B42647@infowarrior.org> The FBI Would Like Us All to Unencrypt Our Phones http://gizmodo.com/the-fbi-would-like-us-all-to-unencrypt-our-phones-1694411185 -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 30 10:39:50 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2015 11:39:50 -0400 Subject: [Infowarrior] - Shooting at NSA headquarters leaves one dead Message-ID: <5F48D22A-9C30-4809-8254-33B71B4697BA@infowarrior.org> Shooting at NSA headquarters leaves one dead By Dana Hedgpeth, Sari Horwitz and Ellen Nakashima March 30 at 10:47 AM http://www.washingtonpost.com/local/crime/officials-respond-to-incident-at-nsa-on-fort-meade-campus/2015/03/30/08bdfe56-d6e1-11e4-ba28-f2a685dc7f89_story.html Shots were fired Monday morning after two people in a vehicle tried to ram a gate at Fort Meade, a military installation in Anne Arundel County, according to an official with knowledge of the investigation. One person was killed and at least one other person was injured, according to two law enforcement officials. Few other details were immediately available about the incident which occurred around 9 a.m. Anne Arundel County Fire officials confirmed that they had sent units to NSA?s facility but said they could not release any information because the incident is on the NSA property. Just before 11 a.m., NSA officials said they had no further information. The military installation of Fort Meade in Anne Arundel County has about 11,000 military personnel on site and another 29,000 civilian employees, according to its web site. The facility sits near the areas of Odenton and Laurel and is the third largest employer in Maryland. It houses the NSA and other federal agencies. At the Fort Meade police headquarters, a spokeswoman said ?preliminary information? was that two people showed up injured at the gate of the facility.? But she gave no other information and referred calls to police at Fort Meade. Local television cameras showed two vehicles that were damaged near a gate at the military base. One emergency personnel worker appeared to be loaded into an ambulance. Marci Miller, a spokesperson with the NSA public affairs office, said there was an incident near the campus but could not release further details at this time. But officials at the FBI?s Baltimore office said they are on the scene but are not the lead agency and referred inquiries to the NSA. Earlier this month, a Beltsville man was arrested in a string of shooting incidents at public buildings around suburban Maryland, including one shooting at a NSA building. The building is along a stretch of road just east of the Baltimore-Washington Parkway, separate from the agency?s Fort Meade headquarters. Hong Young, 35, who was a former prison guard was a suspect in shootings at nine locations. No one was seriously injured in any of the incidents, which also occurred outside stores and along an interstate in Maryland. He told investigators that he was ?hearing voices? that told him to fire the shots. Police found 10 firearms, hundreds of rounds of ammunition and a crossbow in a search of his home. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 30 10:39:52 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2015 11:39:52 -0400 Subject: [Infowarrior] - Canada Forces A La Carte Rules On Cable Industry, Message-ID: <3032C0A7-D77A-4A55-ABE7-6A379834DDD3@infowarrior.org> Canada Forces A La Carte Rules On Cable Industry, Bell Pouts By Refusing To Show Regulator On Television https://www.techdirt.com/articles/20150326/07420230449/canada-forces-la-carte-rules-cable-industry-bell-pouts-refusing-to-show-regulator-television.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 30 18:39:06 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2015 19:39:06 -0400 Subject: [Infowarrior] - Farewell From EFF's Shari Steele Message-ID: March 30, 2015 | By Shari Steele Farewell From Shari Steele https://www.eff.org/deeplinks/2015/03/farewell-shari-steele Today is the start of my last week as an employee of the Electronic Frontier Foundation. I will be leaving after nearly 15 years as EFF's President and Executive Director, having started as a Staff Attorney back in 1992. As I wrap up things here, I've been thinking a lot about where we've been and where we are now, and I thought it would be fun to share some of my reflections in a final blog post. EFF was founded in July of 1990 in response to a series of raids on small bulletin board systems (BBSs) that were believed to have received a stolen electronic document. John Perry Barlow does a fantastic job of explaining that early history, so I won't go into that here. But EFF is turning 25 this summer, so keep your eyes open for lots of upcoming celebrations. EFF was founded in Cambridge, Massachusetts, and was originally housed in a space in Central Square that Mitch Kapor used for his Kapor Enterprises, Inc. In January of 1992, EFF opened a second office in Washington, D.C., and that's when I was hired. Within a year, the Cambridge office of EFF was shut down and everything was consolidated in D.C. EFF chugged along in DC until 1995, when the board moved the organization to San Francisco. At first we were located in founder John Gilmore's basement in Haight Ashbury until the organization got on its feet and moved into the old Hamms Brewery building on Bryant Street. I took over as EFF's ED in July of 2000. EFF was ten years old, and in those first ten years, the organization had churned through seven executive directors. At the time, our only real sources of funding were a couple of very generous individuals. We were working with a barebones staff of five people and our office space had cubicle walls so high, you couldn't even tell if other employees were there or not. Within a few months, we moved to a new office on Shotwell Street, where we stayed until 2013, literally breaking through a wall at one point to increase our square footage. One of my first moves back in 2000 was to beg Cindy Cohn to come on as EFF's Legal Director. I had worked with Cindy on the Bernstein case, where she was the lead pro bono attorney fighting against the U.S. government's encryption policy. Cindy and I managed to convince Lee Tien, a brilliant attorney who had worked on the Bernstein case with us, to join us, as well. And with those two hires, EFF was on its way! Along with hiring Cindy and Lee, I needed to immediately hire a development director. This turned out to be a more difficult task than the EFF board or I had ever imagined, and my failures at doing this successfully became a running joke for the next few years. It turns out fundraising at EFF is actually more like activism than traditional fundraising, because our donors really want to talk about the current events that shape our work. Fortunately, I turned out to be pretty good at fundraising myself (who knew?) until former EFF Activist Richard Esguerra took the helm. I believed that building up our legal team would, in turn, build our reputation, and that the donors would come to recognize and support the important work we were doing. In a partnership that worked, Cindy bolstered the legal team while I focused on the rest, making sure the organization had the resources and staff to support our work. Once the legal work was humming along, I knew it was time to build up our activism team. EFF had always had a focus on activism?we hired the first online person with the title "Activist" in Stanton McCandlish?but at this point, EFF's activism was mostly designed to support our legal work. We'd file a case, and then we'd do an activism campaign around educating our constituents about it. I believed activism itself was a powerful tool that could be used as an alternative to casework. So I went on a quest to find a person who shared my vision of activism and found Rainey Reitman. Activism work is emotional and immediate, and EFF's activists soon developed a voice independent and complementary to our legal team, which was used to doing things carefully and methodically. I believed?and I continue to believe?that EFF needs to attack threats to civil liberties from several fronts, and EFF's activists, along with EFF's lawyers, are some of the most brilliant strategists working in our space. As EFF grew it became apparent that another set of experts within the organization had a bigger role to play. EFF's focus on technology demanded that our lawyers have an expertise in technology. While all of our lawyers were tech-savvy, we needed specialists who could look at code and tell us what it did and explain specifically how new technologies worked. We created the position of staff technologist to support our legal work and help us make proper analogies to the courts. But we soon realized that technology itself is another tool we could use in our fight for rights. We built up our tech projects team and under the active imagination of director Peter Eckersley, we've created technologies that make browsers more secure and encrypt the Internet, among other things. My key role in all of this has been providing a supportive environment to those employees doing our important work. I have handled everything from working with our auditor on our yearly audit and taxes, to rolling out unique employee benefits, to instituting mechanisms to improve communications between teams as we've grown, to speaking with donors, and more. I have "made up" benefits to enable staff members to work for the public interest in an expensive city like San Francisco. EFF has a rental assistance program, a student loan reimbursement program, a discretionary paid leave program, and a 2nd mortgage program for employees purchasing homes. Perhaps our most popular program is "Healthy EFF," where staff members are paid $10 per day for self-reporting personal health-focused behaviors. Since I became ED in July of 2000, the organization has grown in every way to meet the growing challenges to our rights: from our original five employees to 63; from a yearly operating budget of $500,000 to a budget of nearly $9 million; from less than 2,000 members to over 25,000. In addition, we've created and funded two endowments worth $13 million. EFF is mentioned in the press dozens of times per day, including frequent interviews on NPR and in the top national newspapers. We now own our office building on Eddy Street. I don't know what's next for me. I'm moving to the Seattle area with my family, and I'll be looking for my next great adventure there. I leave EFF this week as a thriving, successful organization. Cindy is taking over, and all of the superstars who have made this organization so great will continue their important work. I couldn't be more proud. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 30 18:47:12 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2015 19:47:12 -0400 Subject: [Infowarrior] - Reporters say federal officials, data increasingly off limits Message-ID: (not saying it?.) Access denied: Reporters say federal officials, data increasingly off limits http://www.washingtonpost.com/lifestyle/style/access-denied-reporters-say-federal-officials-data-increasingly-off-limits/2015/03/30/935b4962-c04b-11e4-ad5c-3b8ce89f1b89_story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 31 08:12:28 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2015 09:12:28 -0400 Subject: [Infowarrior] - Australia Outlaws Warrant Canaries Message-ID: <12869104-BD9A-4A1C-AF46-23C9FDD56503@infowarrior.org> Australia Outlaws Warrant Canaries https://www.schneier.com/blog/archives/2015/03/australia_outla.html In the US, certain types of warrants can come with gag orders preventing the recipient from disclosing the existence of warrant to anyone else. A warrant canary is basically a legal hack of that prohibition. Instead of saying "I just received a warrant with a gag order," the potential recipient keeps repeating "I have not received any warrants." If the recipient stops saying that, the rest of us are supposed to assume that he has been served one. Lots of organizations maintain them. Personally, I have never believed this trick would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary. And for all I know, there are right now secret legal proceedings on this very issue. Australia has sidestepped all of this by outlawing warrant canaries entirely: Section 182A of the new law says that a person commits an offense if he or she discloses or uses information about "the existence or non-existence of such a [journalist information] warrant." The penalty upon conviction is two years imprisonment. Expect that sort of wording in future US surveillance bills, too. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 31 14:59:04 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2015 15:59:04 -0400 Subject: [Infowarrior] - =?utf-8?q?Facebook_tracks_all_visitors=2C_even_if?= =?utf-8?q?_you=E2=80=99re_not_a_user_and_opted_out?= Message-ID: <17DCF837-3B23-4D7D-A2F3-5A0C050A4B62@infowarrior.org> Report: Facebook tracks all visitors, even if you?re not a user and opted out In the EU, where free and informed prior consent is required, there could be an issue. by Glyn Moody - Mar 31, 2015 2:10pm EDT http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/ Facebook tracks the Web-browsing activities of all visitors to the facebook.com domain even if they are not a Facebook user, according to new research from Europe. The report (PDF) updates work from earlier this year, which found that Facebook's updated privacy policy breached EU law. The research has been commissioned by the Belgian data protection agency, which is investigating Facebook. It was a collaboration between the Interdisciplinary Centre for Law and ICT/Centre for Intellectual Property Rights (ICRI/CIR) at the University of Leuven and the Department of Studies on Media, Information, and Telecommunication (SMIT) of the Vrije Universiteit Brussels. This newly found tracking, used to provide targeted advertising, is carried out through Facebook's social widget, the Like Button. A cookie is placed in the browser when someone visits any page in the facebook.com domain, including sections that do not require an account. For visitors that are not Facebook users, the cookie contains a unique identifier, and it has an expiration date of two years. Facebook users receive additional cookies that identify them uniquely. Once those cookies have been set, Facebook will receive them for every subsequent visit to a website that uses Facebook's social widget. That applies whether or not the Facebook user is logged in to his or her account and whether or not the visitor to the third-party site actually uses the social widget. The researchers suggest "collection or use of device information envisaged by the 2015 [Facebook Data Use Policy] does not comply with the requirements of article 5(3) of the [European Union's] e-Privacy Directive, which requires free and informed prior consent before storing or accessing information on an individual?s device." The problem is that users are not told enough about what information is being collected and how it is being used. Moreover, the authors of the report say: "Facebook also tracks non-users in a manner which violates article 5(3) of the e-Privacy Directive." The researchers went on to investigate to what extent Facebook's opt-out mechanism allowed people to avoid this tracking. They found that when a Facebook user opts out, Facebook promises to stop collecting browsing information, or use it only specifically for the purpose of showing advertisements. The site continues to track its users when they visit a webpage containing a Facebook social widget even after the user opts out. The situation for visitors who are not Facebook users is even worse, according to the report. During the opt-out process, Facebook sets a long-term identifying cookie and then uses this to track visits to pages that have a Facebook social widget. In other words: "for those individuals who are not being tracked by Facebook (e.g. non-users who have never visited a page on the facebook.com domain, or Facebook users who clear their cookies after logging out from Facebook), using the 'opt out' mechanism proposed for the EU actually enables tracking by Facebook" (emphasis in original). Given that this behavior is likely to fall foul of EU privacy laws, it's curious that Facebook does this in the EU but does not place a long-term identifying cookie when people visit opt-out sites for US and Canadian users, according to the researchers. These results will presumably form the basis of the report for the Belgian data protection agency, which means that Facebook may be required to explain why it seems to be breaching European data protection laws in multiple ways. According to information on the new report's webpage, the Belgian data protection commission "is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium, and Germany. ICRI/CIR and iMinds-SMIT will continue to support the [Belgian] Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues." Facebook may therefore be investigated by data protection authorities in those countries, too. As if that weren't enough, Facebook must also worry about the outcome of the important case currently before the Court of Justice of the European Union, which hinges on whether the data protection it offers to users in the EU is "adequate." The new research results, if confirmed, are hardly going to help. -- It's better to burn out than fade away.