From rforno at infowarrior.org Sun Nov 1 12:00:03 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Nov 2015 13:00:03 -0500 Subject: [Infowarrior] - =?utf-8?q?YIFY/_YTS_Shuts_Down_Forever_=E2=80=93_?= =?utf-8?q?The_End_of_a_Piracy_Icon?= Message-ID: <060F830F-295A-4760-9AA1-74DF2CD165A4@infowarrior.org> YIFY/ YTS Shuts Down Forever ? The End of a Piracy Icon ? By Ernesto ? on October 30, 2015 https://torrentfreak.com/yify-yts-shuts-down-the-end-of-a-piracy-icon-151030/ Popular torrent release group YIFY and its official YTS website have shut down permanently, trusted sources have confirmed to TorrentFreak. The unexpected shutdown marks the end of an era that started at the turn of the decade. More information about the precise circumstances will become public in the near future. Ten days ago the popular movie torrent site YTS stopped working. The downtime raised concern among many BitTorrent users, not least because the site belongs to movie release group YIFY, which has dominated public BitTorrent sites for several years. Today we can report that this reign has come to an end. YIFY and YTS have shutdown permanently, as predicted earlier this week. A lot of information has been made available over the past several days and multiple sources have now confirmed that YTS and YIFY will not return. The entire operation has stopped which means that no new official YIFY movie releases will appear on any torrent site, anywhere. TF has received additional explanatory details from trusted sources, but we have been asked not to reveal all of the information just yet. However, our sources confirm without doubt that the shutdown is permanent. The operator of YTS/YIFY, meanwhile, remains silent. The news marks the end of a remarkable era. YIFY first arrived on the scene in 2010 and the group has shared over 6,000 releases since. The group?s website (YTS.to) also gained popularity in recent years. Earlier this year the operator informed TF that they had close to a million unique visitors per day, generating six million pageviews. The YTS/YIFY shutdown doesn?t mean that piracy will end anytime soon, but it?s one of the most significant changes to the landscape in recent history. YIFY releases were consistently among the most-pirated movies, week after week. In an interview in 2013, YIFY attributed this popularity to the presentation and consistency of its releases. ?I personally think that many people are following and downloading YIFY encodes due to the consistency we offer in our releasing. Everything from the consistent film cover art, to the information layout, and ultimately to the file-size of our encodes,? YIFY said. ?I believe this is important because people like stability and assurance with what they are downloading. By adding consistency to a reasonable file-size, we have filled a spot in the community, which seemingly has a lot of demand,? he added. YIFY also played a crucial part as the primary movie supplier for many Popcorn Time forks. The size of the shutdown fallout will become apparent during the weeks to come. Over the past several days many people have been misled by fake YIFY websites, Facebook accounts and impostors. These should not be trusted and are trying to profit from the confusion. To be continued. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 1 15:18:22 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Nov 2015 16:18:22 -0500 Subject: [Infowarrior] - Apple blocks CCC app/content from Apple TV Message-ID: (x-posted) Another case of censorship-by-platform. --rick http://pastebin.com/zT1n0RPV This is an English translation of https://unthoughted.wordpress.com/2015/10/31/apple-verbietet-inhalte-vom-chaos-computer-club-auf-ihrer-plattform/ (German) ----------------------------------------- Apple doesn?t allow Chaos Computer Club content on its platform ?The Chaos Computer Club in Frankfurt developed a tvOS application to bring talks from its media.ccc.de portal to Apple TV. Apple refused to release the app and took offense at the content.? A CCC made Apple TV App for displaying CCC-talks may not be released on the platform. According to Apple the app is in breach of developer terms and conditions because it enables access to content of which the company disapproves: Apple criticizes that the CCC?s app allows watching publicly given talks, which among others deal with security holes in the widely used Bluetooth technology, or help ?jailbreaking? Apple devices -- enabling the use of applications that have not been approved by Apple. The talks criticized by Apple are all available under the website media.ccc.de and can also be watched through the Apple TV YouTube app, which is not criticized by Apple. The Chaos Computer Club is Europe?s largest group of hackers and a venue for people interested in all sorts of things from all over the world to meet. They usually meet in small gatherings but also in large conferences. They build, test and tinker. Technical barriers are removed, new things created and old things disassembled. Communication and sharing are in the center of all activities, though. The Chaos Computer Club has been creating videos documenting many of the given talks for many years. Members of the Chaos Computer Club Frankfurt (http://www.ccc-ffm.de) started a project, which aimed at making available to a broad audience in an easy and entertaining way content from the media.ccc.de portal. Even though all videos are available online on the Internet, the CCC-FFFM wanted to make them available in an especially easy fashion. Simon called the project ?the Netflix of the CCC? referring to the accessibility of content. The application was ready in time and submitted to Apple?s reviewing process. The message that the app was rejected came seven days later. Apple refers to its ?Program License Agreement PLA 3.2(e)? and refuses to include the app on its platform because the content has information about hacking of Apple?s operating system. The following content was criticized by Apple in its review: Hardware attacks: hacking chips on the (very) cheap (https://media.ccc.de/v/camp2015-6711-hardware_attacks_hacking_chips_on_the_very_cheap) Bluetooth Hacking ? The State of The Art (https://media.ccc.de/v/22C3-536-en-bluetooth_hacking) Hacking Medical Devices (https://media.ccc.de/v/MRMCD2013_-_5209_-_de_-_gate_104_-_201309081123_-_hacking_medical_devices_-_flo) Gamehacking & Reverse Engineering (https://media.ccc.de/v/gpn15-6940-gamehacking_reverse_engineering) Crypto-Hacking Export restrictions (https://media.ccc.de/v/1114) Jailbreak: eine Einf?hrung (https://media.ccc.de/v/hackover14_-_6494_-_en_-_raum_1_7_-_201410251615_-_jailbreak_eine_einfuhrung_-_erik_e) Social Engineering und Industriespionage (https://media.ccc.de/v/MRMCD15-7034-social_engineering_und_industriespionage) $kernel->infect(): Creating a cryptovirus for Symfony2 apps (https://media.ccc.de/v/froscon2014_-_1436_-_en_-_hs6_php_-_201408231115_-_kernel-_infect_creating_a_cryptovirus_for_symfony2_apps_-_raul_fraile) An open source version is available on GitHub and can be installed through the programming IDE Xcode. https://github.com/aus-der-Technik/CCC-TV -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 2 06:05:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Nov 2015 07:05:38 -0500 Subject: [Infowarrior] - F.B.I. Tool to Identify Extremists Is Criticized Message-ID: <644FF5D2-AFDB-4095-87E9-361B87890170@infowarrior.org> F.B.I. Tool to Identify Extremists Is Criticized By LAURIE GOODSTEIN NOV. 1, 2015 http://www.nytimes.com/2015/11/02/us/fbi-tool-to-identify-extremists-is-criticized.html?_r=0 The F.B.I. is about to introduce an interactive program it developed for teachers and students, aimed at training them to prevent young people from being drawn into violent extremism. But Muslim, Arab and other religious and civil rights leaders who were invited to preview the program have raised strong objections, saying it focuses almost entirely on Islamic extremism, which they say has not been a factor in the epidemic of school shootings and attacks in the United States. The program, according to those who saw it at F.B.I. headquarters, called ?Don?t Be a Puppet,? leads the viewer through a series of games and tips intended to teach how to identify someone who may be falling prey to radical extremists. With each successful answer, scissors cut a puppet?s string, until the puppet is free. Continue reading the main story Related Coverage ? Handcuffed for Making Clock, Ahmed Mohamed, 14, Wins Time With ObamaSEPT. 16, 2015 ? ISIS and the Lonely Young AmericanJUNE 27, 2015 In the campaign against terrorists such as the Islamic State, law enforcement agencies have been stepping up efforts to identify those susceptible to recruitment. The agencies have enlisted the cooperation and advice of religious and community leaders. But the controversy over the Federal Bureau of Investigation?s new online tool is one more indication that there is no consensus on who should be involved in detecting and reporting suspects, and where to draw the line between prevention and racial or religious profiling. ?The F.B.I. is developing a website designed to provide awareness about the dangers of violent extremist predators on the Internet,? a spokeswoman for the agency said late Sunday, ?with input from students, educators and community leaders.? The F.B.I. had told the community organizations that the program would be available online as soon as Monday. The organizations? leaders spoke to a reporter only after learning that the F.B.I. was likely to proceed despite their concern that the program would stigmatize Arab and Muslim students, who are already susceptible to bullying. ?Teachers in classrooms should not become an extension of law enforcement,? said Arjun S. Sethi, an adjunct professor of law at the Georgetown University Law Center. Mr. Sethi, who specializes in counterterrorism and law enforcement, was invited by the F.B.I. to give feedback on the program. ?The program is based on flawed theories of radicalization, namely that individuals radicalize in the exact same way and it?s entirely discernible,? he said. ?But it?s not, and the F.B.I. is basically asking teachers and students to suss these things out.? He said the F.B.I.?s program amounted to ?misplaced priorities.? ?The greatest threat facing American schoolchildren today is gun violence,? he said. ?It?s not Muslim extremism.? Teachers do not always have the training or judgment to identify extremists, said several religious leaders who mentioned the Muslim student in Texas who was detained and handcuffed after taking a clock he built to school. The F.B.I. held several meetings last summer to present the online program, along with a larger strategy for involving community leaders in preventing radicalization. The Arab and Muslim groups received an email inviting them to a meeting to give feedback on Oct. 16. About six organizations representing American Muslims, Arabs, Yemenis and Sikhs were at the meeting, where they were given a quick run-through of portions of the online program. It covered different types of violent groups and ideologies, and enumerated some personality changes that might indicate radicalization, according to those who attended. It showed a map of places terrorists have targeted, and included interviews with victims of terrorist attacks. Abed A. Ayoub, the legal and policy director for the American-Arab Anti-Discrimination Committee, recalled: ?They were getting blowback from everybody. It was a very tense meeting.? ?They wanted teachers in social studies, civics and government classes to show this to their students,? said Hoda Hawa, the director of policy and advocacy for the Muslim Public Affairs Council. ?But the website will be accessible by anyone.? She and others interviewed were particularly troubled by a question that she said asked the user to identify which of four or five posts on social media should raise alarm. Among the choices were a person posting about a plan to attend a political event, or someone with an Arabic name posting about going on ?a mission? overseas. The correct answer was the posting with the Arabic name. ?What kind of mission? It could have been humanitarian. It could have been religious,? Ms. Hawa said. Mr. Ayoub said, ?If this is shown to middle and high school students, it?s going to result in the bullying of these children.? A report issued by the 9/11 review commission in May suggested that the F.B.I. , as a law enforcement and intelligence agency, was not ?an appropriate vehicle? for producing prevention programs to counter violent extremism. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 2 06:10:01 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Nov 2015 07:10:01 -0500 Subject: [Infowarrior] - Snapchat tells everyone to chill out over its new privacy policy Message-ID: <6345F3FD-54E0-44F3-B152-C07E866CF1EC@infowarrior.org> Snapchat tells everyone to chill out over its new privacy policy http://www.engadget.com/2015/11/02/snapchat-privacy-policy-update/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 2 06:15:58 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Nov 2015 07:15:58 -0500 Subject: [Infowarrior] - SK nixes SmartSheriff monitor app for kids Message-ID: South Korea pulls plug on government-mandated child surveillance app By RAPHAEL SATTER and YOUKYUNG LEE Associated Press November 2, 2015 ? 2:30am Ahn Young-Joon, Associated Press http://www.startribune.com/apnewsbreak-south-korea-pulls-plug-on-child-monitoring-app/339171291/ SEOUL, South Korea ? The most widely used child surveillance app in South Korea has been pulled from the market after security specialists raised serious concerns about the program's safety. Moon Hyun-seok, a senior official at the Korea Communications Commission, told The Associated Press that "Smart Sheriff" has been removed from the Play store, Google's software marketplace, and that existing users are being asked to switch to other programs. The government plans to shut down the service to existing users "as soon as possible," he said. Smart Sheriff's maker, an association of South Korean mobile operators called MOIBA, declined comment. Smart Sheriff's disappearance is a blow to South Korea's contentious effort to keep closer tabs on the online lives of its youngest citizens. Less than a year ago, the government and schools sent letters to students and parents to encourage them to download Smart Sheriff. While security was one of the reasons that led to the removal of Smart Sheriff, the KCC official said the regulator had decided earlier this year to suspend the app at the end of December. The faster-than-expected availability of free monitoring apps from private companies prompted the regulator to remove the app two months sooner than scheduled, he said. A law passed in April requires all new smartphones sold to those 18 and under to be equipped with software which parents can use to snoop on their kids' social media activity. Smart Sheriff, the most popular of more than a dozen state-approved apps, was meant to keep children safe from pornography, bullying and other threats, but experts say its abysmal security left the door wide open to hackers and put the personal information of some 380,000 users at risk. Pulling the plug on Smart Sheriff was "long overdue," said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app's code. In a pair of reports published in September, Cure53 described the app's security as "catastrophic." Citizen Lab, which is based at the University of Toronto's Munk School of Global Affairs, said the problems could lead to a "mass compromise" of all users. MOIBA said in response then that the vulnerabilities had been dealt with in the six weeks preceding publication of the reports. But the researchers said in new reports published Sunday that the fixes were mainly cosmetic. Anderson said they were "akin to putting a lock on a few of the doors but then leaving the keys to the locks outside." Mario Heiderich of Cure53 said it wasn't his place to say whether it was right to mandate the installation of monitoring apps on children's phones. But he said Smart Sheriff's implementation of the surveillance was disastrous. "If you are going to do it at all, you have to do it right," he said. "And this was not done right at all." Anderson said there was no guarantee that the other monitoring apps didn't also have security issues. If the government requires its citizens to use specific programs, citizens should demand more transparency and more information from the government as well as from the companies that create the apps so that anyone can audit the programs, said Ronald Deibert, director at The Citizen Lab. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 2 14:43:25 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Nov 2015 15:43:25 -0500 Subject: [Infowarrior] - UK bans unbreakable crypto in products/services Message-ID: <879101DF-D383-465B-9F5A-50AA45BAD62C@infowarrior.org> (This is full of so much fail I have no idea where to begin. ---rick) Internet firms to be banned from offering unbreakable encryption under new laws By Tom Whitehead, Security Editor 3:16PM GMT 02 Nov 2015 http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Internet-firms-to-be-banned-from-offering-out-of-reach-communications-under-new-laws.html Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday. Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose. Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant. The move follows concerns that a growing number of encryption services are now completely inaccessible apart from to the users themselves. It came as David Cameron, the Prime Minister, pleaded with the public and MPs to back his raft of new surveillance measures. He said terrorists, paedophiles and criminals must not be allowed a ?safe space? online. Ministers have no plans to ban encryption services because they have an important role in the protection of legitimate online activity such as banking and personal data. But there is concern over some aspects of so-called end-to-end encryption where only the sender and recipient of messages can decipher them. Terrorists and criminals are increasingly using such technology to communicate beyond the reach of MI5 or the police. On its website, Apple promotes the fact that it has, for example, ?no way to decrypt iMessage and FaceTime data when it?s in transit between devices?. It adds: ?So unlike other companies? messaging services, Apple doesn?t scan your communications, and we wouldn?t be able to comply with a wiretap order even if we wanted to.? Last month, Metropolitan assistant commissioner Mark Rowley, the country?s most senior counter-terrorism officer, warned that for some firms it was ?a part of their strategy - they design their products in full recognition that they will be unable to help us because of the way they have designed them?. However, proposals to be published on Wednesday will, for the first time, place a duty on companies to be able to access their customer data in law. A Home Office spokesman said: ?The Government is clear we need to find a way to work with industry as technology develops to ensure that, with clear oversight and a robust legal framework, the police and intelligence agencies can access the content of communications of terrorists and criminals in order to resolve police investigations and prevent criminal acts. ?That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies? reputations rest on their ability to protect their users? data.? The Investigatory Powers Bill is also expected to maintain the current responsibility for signing off requests to snoop with the Home Secretary but with extra judicial oversight ? a move that is likely to anger civil liberty campaigners and some Tory backbenchers. It will also require internet companies to retain the web browsing history of their customers for up to a year. The bill is expected to face a tough route through parliament but Mr Cameron urged critics to back the measures. He told ITV?s This Morning: ?As Prime Minister I would just say to people 'please, let's not have a situation where we give terrorists, criminals, child abductors, safe spaces to communicate'. "It's not a safe space for them to communicate on a fixed line telephone or a mobile phone, we shouldn't allow the internet to be a safe space for them to communicate and do bad things." Lord Carlile, the former terrorism laws watchdog, said there had been a ?lot of demonization? of the police and security services over their intentions for such information. ?I think it is absurd to suggest the police and the security services have a kind of casual desire to intrude on the privacy of the innocent,? he said. ?They have enough difficulty finding the guilty. No-one has produced any evidence of casual curiosity on part of the security services." -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 2 15:26:07 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Nov 2015 16:26:07 -0500 Subject: [Infowarrior] - A 'huge milestone': approval of cancer-hunting virus signals new treatment era Message-ID: A 'huge milestone': approval of cancer-hunting virus signals new treatment era Nicky Woolf http://www.theguardian.com/society/2015/nov/02/fda-approval-imlygic-cancer-hunting-viral-treatment A new cancer treatment strategy is on the horizon that experts say could be a game-changer and spare patients the extreme side effects of existing options such as chemotherapy. Chemotherapy and other current cancer treatments are brutal, scorched-earth affairs that work because cancer cells are slightly ? but not much ? more susceptible to the havoc they wreak than the rest of the body. Their side effects are legion, and in many cases horrifying ? from hair loss and internal bleeding to chronic nausea and even death. Imlygic, which bursts melanoma cells open and triggers immune response, can shrink localised tumours but is not proven to extend life, says FDA But last week the Food and Drug Administration (FDA) for the first time approved a single treatment that can intelligently target cancer cells while leaving healthy ones alone, and simultaneously stimulate the immune system to fight the cancer itself. The treatment, which is called T-VEC (for talimogene laherparepvec) but will be sold under the brand name Imlygic, uses a modified virus to hunt cancer cells in what experts said was an important and significant step in the battle against the deadly disease. It works by introducing a specially modified form of the herpes virus by injection directly into a tumour ? specifically skin cancer, the indication for which the drug has been cleared for use. It was developed by the Massachusetts-based biotech company BioVex, which was acquired in 2011 by biotech behemoth Amgen for $1bn. The genetic code of the virus ? which was originally taken from the cold sore of a BioVex employee ? has been modified so it can kill only cancer cells. Cancer-hunting viruses have long been thought of as a potential source of a more humane and targeted treatment for cancer. Unlike current oncological treatments like chemotherapy and radiotherapy, which kill cancer cells but also damage the rest of the body, viruses can be programmed to attack only the cancer cells, leaving patients to suffer the equivalent of just a day or two?s flu. Treatments such as Imlygic have two modes of action: first, the virus directly attacks the cancer cells; and second, it triggers the body?s immune system to attack the rogue cells too once it detects the virus?s presence. Dr Stephen Russell, a researcher at the Mayo Clinic who specialises in oncolytic virotherapy ? as these treatments are known ? says that the FDA?s clearance of Imlygic represents ?a huge milestone? in cancer treatment development. Viruses are ?nature?s last untapped bioresource?, Russell said. Imlygic itself has an officially fairly modest effect coming out of its clinical studies ? an average lifespan increase of less than five months. But underneath that data, Russell said anecdotally that in his Mayo clinic studies in mice, some programmable viruses saw ?large tumours completely disappearing?. The goal, he said, was to get to the point where the clinical trials would see similarly dramatic outcomes, so that chemotherapy and radiotherapy could finally be consigned to medical history. John Bell, a researcher into viral cancer therapies at the Ottawa Hospital Research Institute in Ottawa, Canada, said that while T-VEC was designed to be directly injected into a tumour ? as opposed to being delivered to the whole body as a systemic treatment would be ? the results showed systemic effects in some cases. The American Cancer Society?s report on rising rates among black women have researchers searching for answers in obesity, medical care and the environment What appears to be happening, Bell said, is that the body?s immune system seems to ?wake up? to the presence of all tumours in the body, even those that were not injected with the virus. Scientists don?t yet know why, Bell said. Some of the treatments use a modified version of measles, rather than herpes, as a vehicle. Both Russell and Bell pointed to a trial participant of Russell?s named Stacy Erholtz, whose incurable myeloma ? blood cancer ? disappeared, largely side effect free, in 36 hours after a treatment using a modified measles virus, an example of the kind of miraculous results that viral oncology researchers hope to replicate. Of course, individual success stories like Erholtz?s are relatively meaningless without the hard data that come with replicable and repeated clinical trials. There are currently a number of similar treatments at the third stage of clinical testing ? still several years of work behind Imlygic in terms of development ? but progress is being made. Russell is hopeful that Imlygic represents ?a first step in the direction of a complete change in the game? in how we treat cancer. ?We can?t prematurely claim that we?ve achieved our ultimate goal, because we haven?t; this really is a single step along that path,? he said. ?But it?s a very important and very significant step.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 3 09:06:00 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Nov 2015 10:06:00 -0500 Subject: [Infowarrior] - OFFS, Exxon. Message-ID: Exxon Sues Roxx Vodka Over Xs: Oil And Vodka Are Oh So Similar https://www.techdirt.com/articles/20151030/07001332675/exxon-sues-roxx-vodka-over-xs-oil-vodka-are-so-similar.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 3 12:24:05 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Nov 2015 13:24:05 -0500 Subject: [Infowarrior] - RedPhone And TextSecure Combine To Form Signal, A Single App For Private Calls And Texts Message-ID: RedPhone And TextSecure Combine To Form Signal, A Single App For Private Calls And Texts http://www.androidpolice.com/2015/11/03/redphone-and-textsecure-combine-to-form-signal-a-single-app-for-private-calls-and-texts/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 3 18:37:35 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Nov 2015 19:37:35 -0500 Subject: [Infowarrior] - FBI Unveils Anti-Terrorist Edutainment Program For Schools Message-ID: <0A9C7ECA-31DF-460A-B509-BA0F465A9385@infowarrior.org> FBI Unveils Anti-Terrorist Edutainment Program For Schools https://www.techdirt.com/articles/20151103/07221032700/fbi-unveils-anti-terrorist-edutainment-program-schools.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 4 08:39:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Nov 2015 09:39:10 -0500 Subject: [Infowarrior] - UK unveils new post-Snowden surveillance ideas Message-ID: <95D15A1A-73D4-4990-8BA8-53D224C7459D@infowarrior.org> For even more social irony, they could've floated this idea on November 5th. They missed it by one day. --rick Theresa May unveils surveillance measures in wake of Snowden claims Ewen MacAskill http://www.theguardian.com/world/2015/nov/04/theresa-may-surveillance-measures-edward-snowden New surveillance powers will be given to the police and security services, allowing them to access records tracking every UK citizen?s use of the internet without any need for any judicial check, under the provisions of the draft investigatory powers bill unveiled by Theresa May. It includes new powers requiring internet and phone companies to keep ?internet connection records? ? tracking every website visited but not every page ? for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data. Local authorities will be banned from accessing internet records. The proposed legislation will also introduce a ?double-lock? on the ministerial approval of interception warrants with a new panel of seven judicial commissioners ? probably retired judges ? given a veto before they can come into force. But the details of the bill make clear that this new safeguard for the most intrusive powers to spy on the content of people?s conversations and messages will not apply in ?urgent cases? ? defined as up to five days ? where judicial approval is not possible. The draft investigatory powers bill published on Wednesday by the home secretary aims to provide a ?comprehensive and comprehensible? overhaul of Britain?s fragmented surveillance laws. It comes two-and-a-half years after the disclosures by the whistleblower Edward Snowden of the scale of secret mass surveillance of the global traffic in confidential personal data carried out by Britain?s GCHQ and the US?s National Security Agency (NSA). It will replace the current system of three separate commissioners with a senior judge as a single investigatory powers commissioner. The draft bill explicitly includes in statute for the first time powers for the bulk collection of large volumes of communications and other personal data by MI5, GCHQ, MI6 and for their use of ?equipment interference powers? ? the ability to hack computers and phones around the world ? for purposes of national security, serious crime and economic wellbeing. In her statement, May also revealed for the first time that successive governments since 1994 have issued secret directions to internet and phone companies to hand over the communications data of British citizens in bulk to the security services. She said these secret ?directions? had allowed the security services to thwart a number of attacks in Britain, including the plot to attack the London Stock Exchange in 2010. May revealed that the use of these powers ? which show that GCHQ was also engaged in mass surveillance programmes on British citizens using their communications data ? under the 1984 Telecommunications Act will be put on a more explicit footing in the new legislation and be subject to the same safeguards as other bulk powers. Rolling coverage of the day?s political developments as they happen, including Theresa May publishing the draft investigatory powers bill Home Office estimates put the extra costs of storing internet connection records and the new judicial oversight regime at ?245m to ?250m over 10 years after the legislation comes into force in December next year. This includes ?175m for the cost of storing everyone?s internet records and ?60m for the extra judicial oversight. Welcoming the bill as a decisive moment in updating Britain?s surveillance laws, May said: ?There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar. ?But I am also clear that the exercise and scope of investigatory powers should be clearly set out and subject to stringent safeguards and robust oversight, including ?double-lock? authorisation for the most intrusive capabilities. This bill will establish world-leading oversight to govern an investigatory powers regime which is more open and transparent than anywhere else in the world.? May told MPs that the introduction of the most controversial power ? the storage of everyone?s internet connection records tracking the websites they have visited, which is banned as too intrusive in the US and every European country including Britain ? was ?simply the modern equivalent of an itemised phone bill?. She said it could not be used to determine whether somebody had visited a mental health website or even a news website but only for the purpose of finding out whether they had visited a communications website, such as WhatsApp, an illegal website or to link their device to a specific website as part of a specific investigation. But the detail of the bill makes clear that the authorisation arrangements for internet connection records will remain exactly the same as the current 517,000 requests for communications data made last year. These requests are made without any kind of warrant and signed off by either a police inspector or superintendent depending on the kind of data. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 4 12:33:12 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Nov 2015 13:33:12 -0500 Subject: [Infowarrior] - Snowden inspires New Zealand 'protected disclosure' regime Message-ID: Snowden inspires New Zealand 'protected disclosure' regime | ZDNet Rob O'Neill http://www.zdnet.com/article/snowden-inspires-new-zealand-protected-disclosure-regime/ The smallest member of the Five Eyes spying alliance is rolling out a "protected disclosures" policy to enable would-be Edward Snowdens to safely blow the whistle on suspected wrongdoing by security agencies. New Zealand's Inspector-General of Intelligence and Security, Cheryl Gwyn, said a formal internal policy for handling protected disclosures, or "whistleblowing", has been developed by her office in liaison with security agencies. "The Edward Snowden disclosures demonstrate how critical it is to have a clear path, with appropriate protections, for disclosing information about suspected wrongdoing within an intelligence and security agency," she said. Edward Snowden has consistently said it was impossible for him to make internal disclosures about what he believed was wrongdoing due to the lack of whistleblower protections he faced in the USA. The Inspector-General, who released her second annual report (PDF) today, is independent from the intelligence and security agencies and is not subject to direction by Government ministers. "It's important that intelligence and security matters are open to scrutiny," Gwyn said. "Consistent with that intention this report sets out my Office's work over the last year in as much detail as possible." She has powers to initiate inquiries into any matter that relates to the compliance by the NZSIS or the GCSB with New Zealand law or into the propriety of their activities. This includes the ability to access premises and documents and to require the appearance of witnesses under oath. The Office of the Inspector-General's role was expanded in late 2013 after incidents of illegal surveillance, including that of Kim Dotcom, emerged. NSA whistleblower Edward Snowden The report says no protected disclosures had been made to the Inspector General under a 2000 whistleblower protection law and the Office of the Inspector-General has not had a formal policy for dealing with such disclosures. The new policy includes: how protected disclosures are to be handled by Inspector General staff; how an employee of the NZSIS or GCSB may make a protected disclosure; what constitutes a protected disclosure; the definition of "employee"; what confidentiality assurances the Inspector-General can provide; and the protections afforded to "whistleblowers" and their limits. Gwyn said that the Annual Report will be supplemented by more detailed reports on specific inquiries as these are completed, but already further shortcomings are emerging. Gwyn noted that the SIS did not provide copies of visual surveillance warrants as required, prompting the Green Party to call for its powers to be curbed and for further oversight by a Parliamentary Select Committee. "The SIS was given extra powers of video surveillance which it has used twice, and both times have been found to have broken the law. At the very least, these new powers have to go," said Green Party co-leader James Shaw. "Of particular concern, is the IGIS's finding that the SIS still does not have sound compliance procedures systems in place," Shaw said. However, the report says SIS has now instituted appropriate arrangements to provide copies of warrants on the day of issue or on the next working day. Gwyn also released her office's work programme. She said she expects to provide assistance to a legislative review of intelligence and security agencies now under way. "I am particularly interested in whether any proposed policies and legislative changes that may arise place sufficient weight on maintaining the privacy of individuals, and whether proposals reflect the concept of proportionality - that is, that the means used by the intelligence and security agencies for obtaining information must be proportionate to the gravity of the interests at risk," she said. "It must be convincingly demonstrated that the present powers of the agencies are insufficient before considering whether to extend those powers." -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 4 17:39:39 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Nov 2015 18:39:39 -0500 Subject: [Infowarrior] - =?utf-8?b?SGVyZeKAmXMgdGhlIEdvdmVybm1lbnTigJlz?= =?utf-8?q?_New_Definition_of_a_Major_Cyberincident?= Message-ID: <6C603E58-B72D-4833-BE64-5F9D1891C051@infowarrior.org> Here?s the Government?s New Definition of a Major Cyberincident By Jack Moore 12:35 PM ET NEXTGOV http://www.nextgov.com/cybersecurity/2015/11/heres-governments-new-definition-major-cyber-incident/123393/ Following a spate of agency data breaches -- and a nudging from Congress -- the White House is updating annual cybersecurity guidelines that, for the first time, provide a definition for a ?major? cyberincident. The new definition -- mandated by a 2014 update to federal cyber legislation -- comes in annual guidance issued to agencies by the Office of Management and Budget as part of the Federal Information Security Management Act. Here are the new criteria for a ?major? incident: ? Involves information that is classified or ?controlled unclassified information,? a broader category that includes proprietary information, intellectual property, trade secrets or personally identifiable information. ? Affects at least 10,000 users and is not ?recoverable? (for example, sensitive data is exfiltrated from agency systems and publicly posted online. Or, the time to recover is unpredictable or would require additional resources.) ? Causes an agency to lose the ability to provide a critical service to at least some users. A ?high-functional? impact, meanwhile, describes an incident in which an agency loses the ability to provide all critical services to users. ? Involves the exfiltration, modification, deletion or any other type of unauthorized access of information or system. The new guidance says agencies can consult with the Department of Homeland Security about whether an incident meets the ?major? threshold, but ultimately it?s up to the victim agency to make the final call. Once agencies notify DHS of a major incident, OMB needs to be looped in within an hour, according to the guidance. Lawmakers need to be notified within seven days. After the initial notification, the agency must keep providing updates to lawmakers including additional information about the threats, actors, response and remediation. Agencies should notify individuals who may be affected by a breach of sensitive government data as ?expeditiously as practicable, without unreasonable delay.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 4 19:25:04 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Nov 2015 20:25:04 -0500 Subject: [Infowarrior] - 'Paid patriotism' under Congressional fire Message-ID: The military paid pro sports teams $10.4 million for patriotic displays, troop tributes By Dave Hogg @Stareagle on Nov 4, 2015, 4:11 http://www.sbnation.com/2015/11/4/9670302/nfl-paid-patriotism-troops-mcain-flake-report-million From rforno at infowarrior.org Thu Nov 5 06:03:24 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Nov 2015 07:03:24 -0500 Subject: [Infowarrior] - Pentagon Farmed Out Its Coding to Russia Message-ID: Pentagon Farmed Out Its Coding to Russia The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year federal investigation that ended this week with a multimillion-dollar fine against two firms involved in the work. < - > http://www.thedailybeast.com/articles/2015/11/04/pentagon-farmed-out-its-coding-to-russia.html -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Nov 5 06:07:26 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Nov 2015 07:07:26 -0500 Subject: [Infowarrior] - TPP Full Text Released Message-ID: <64DBDC32-44F3-4781-9362-ADE095C27B3F@infowarrior.org> (x-posted) After the deal was negotiated in secret and sent out for ratification, of course. Another success for the most transparent administration ever. ;/ https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/TPP-Full-Text -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Nov 5 16:17:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Nov 2015 17:17:38 -0500 Subject: [Infowarrior] - Pentagon Contractors Developing Lethal Cyber Weapons Message-ID: <200B59A9-3EC7-4265-AB44-7B13BD52706A@infowarrior.org> Pentagon Contractors Developing Lethal Cyber Weapons By Aliya Sternstein November 4, 2015 81 Comments http://www.nextgov.com/cybersecurity/2015/11/lethal-virtual-weapons-real/123417/ Under a forthcoming nearly half-billion-dollar military contract, computer code capable of killing adversaries is expected to be developed and deployed if necessary, according to contractors vying for the work and former Pentagon officials. U.S. troops would have the power to launch logic bombs, instead of traditional explosive projectiles, which essentially would direct an enemy's critical infrastructure to self-destruct. Lethal cyber weapons have arrived. As previously reported, an upcoming $460 million U.S. Cyber Command project will outsource to industry all command mission support activities, including ?cyber fires" planning, as well as "cyberspace joint munitions" assessments. Unlike traditional espionage malware or even the Stuxnet virus that sabotaged Iranian nuclear centrifuges, cyber fires would impact human life, according to former Defense officials and a recently released Defense Department "Law of War Manual." The visceral response to the word "war" for anyone in uniform is that it's ugly and people get killed, said Bill Leigher, a recently retired Navy admiral with decades of warfighting experience who now runs Raytheon's government cyber solutions division. "When I use 'cyberwar,' I'm thinking of it, in a sense of war," he said. "So, yes, war is violence." Raytheon, Northrop Grumman and Lockheed Martin are among the major defense firms expected to compete for the CYBERCOM contract. Pentagon Doctrine OKs Digital Arms Going on the offensive in cyberspace, essentially means "defeating the interaction between a processor and its software" to serve a mission, Leigher said. "Combatant commanders choose weapons that they know will further their course of action," he said. If the commander needs to fly an aircraft over an occupied area, and wants to use malware or another cyber capability to help accomplish that goal, the officer must have confidence the cyberattack will work as expected. "I trust it. I know how it's going to be used, and I believe that it is the best option to execute and it doesn't create more risk for the 27-year-old Air Force pilot who is flying over a defended target," Leigher described the decision-making process. In this case, maybe the bull?s-eye would be a maintenance facility on an airfield. By launching a cyberattack, a commander could, for example, shut down the power grid of the facility, and then "you've degraded the enemy's ability to repair aircraft," Leigher said. Digital arms designed to kill are sanctioned under Pentagon doctrine. There is a chapter titled "Cyber Operations" in DOD's first-ever "Law of War Manual," published in June. The section reflects the department's' growing transparency surrounding cyberwarfare, national security legal experts say. Less than three years ago, most activities beyond defensive maneuvers were classified. The manual lays out three sample actions the Pentagon deems uses of force in cyberspace: "trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes." Same Rules for Traditional Bombs or Bullets The Pentagon?s stated role in cyberspace is to block foreign hackers targeting domestic systems, assist U.S. combat troops overseas and defend military networks. The U.S. armed forces ?are developing tools and capabilities? necessary to carry out all three of those missions, Pentagon spokeswoman Laura Rojas told Nextgov in an email. ?We do this consistent with U.S. and international law." The law is clear that cyber operations might also kill civilians, the experts say. Cyber strikes are allowed even if ?it is certain that civilians would be killed or injured -- so long as the reasonably anticipated collateral damage isn?t excessive in relation to what you expect to gain militarily," said retired Maj. Gen. Charles J. Dunlap, executive director of Duke University's Center on Law, Ethics and National Security. "These are essentially the same rules as for attacks employing traditional bombs or bullets.? Because nearly all military forces depend on the same networks as civilians, it is not hard to imagine a situation where a cyberattack takes innocent lives, Dunlap said. "A piece of malware, for example, might destroy a military industrial-control system of some sort, but if not designed to self-neutralize, it might go on to do the same to a civilian system of similar design, possibly with fatal consequences to civilians," Dunlap said. Destructive cyberattacks also risk the possibility of nonviolent collateral damage. Microsoft, as of March, was still dealing with the fallout from the spread of the Stuxnet virus. Microsoft had to issue a patch for a software flaw the U.S. and Israel allegedly used to take over the specific system running Iran's nuclear equipment. To date, there have been no reports of other infected machines reacting the same way. Will Adversaries Follow Same Rules? The use of lethal software aligns with 2010 comments by then-Deputy Defense Secretary William Lynn published in Foreign Affairs, stating, "As a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare.? ?What we see right now is essentially the implementation of the decision," said Tim Maurer, a cyber policy researcher at the Carnegie Endowment for International Peace. In elaborating on the term ?cyber joint munitions,? CYBERCOM spokeswoman Kara Soules told Nextgov in an email that understanding the success rate of the weapon is critical. ??Cyber joint munitions effectiveness? describes that a particular cyber capability has been evaluated and its effectiveness is known against a particular target,? she said. The target is a person, place or object a commander is eyeing to neutralize, according to the associated Joint Chiefs of Staff policy. ?Cyber fires? has a broader meaning and ?can be used for offensive or defensive objectives, and can be designed to create effects in and through cyberspace,? she said. Outside the United states, other governments are hiring nongovernment organizations to build cyber munitions, too, Maurer noted. Some of them operate underground. For instance, there are hackers who sell "zero day" exploits capable of attacking systems containing undetected security vulnerabilities known only to the seller. Black hat hackers who can sell cyber munitions to governments as well as extremist groups like ISIS thrust the world into unknown territory. "I?m fairly confident that U.S. cyber capabilities can be very precise and targeted and tailored," Maurer said. The question, though, is whether it is possible for "less-sophisticated actors to be similarly targeted and tailored in the tools that they use.? The discussion surrounding the firing of cyber arms hearkens back to before the days of Manhattan Project, some former military leaders say. ?It reminds me of the run-up to the strategic bombing campaigns of World War II,? said Cedric Leighton, a retired National Security Agency and Air Force intelligence director. ?Just like then, the consequences of an attack using cyber munitions will not be completely foreseeable.? CYBERCOM should be examining code warfare today, if only to be prepared: ?Our military could be confronted by a tough cyber adversary at any moment," he added. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 6 06:49:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Nov 2015 07:49:16 -0500 Subject: [Infowarrior] - Sessions: Kill TPP now. Message-ID: Jeff Sessions: Kill The ?Anti-Democratic? Trans-Pacific Partnership In The Crib, Repeal Fast-Track Authority Now http://www.breitbart.com/big-government/2015/11/05/jeff-sessions-kill-the-anti-democratic-trans-pacific-partnership-in-the-crib-repeal-fast-track-authority-now/ > - > The Office of the United States Trade Representative has finally released the full text of the Trans-Pacific Partnership. The 30 chapter document, plus preamble and annexes and side instruments, is available here. But instead of delivering the text of the trade agreement in one easy to read document, each element has been uploaded separately. The entire TPP agreement has been separated into over one hundred different pdf documents. http://www.weeklystandard.com/blogs/trade-text-finally-released_1059101.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 6 07:10:58 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Nov 2015 08:10:58 -0500 Subject: [Infowarrior] - TPP will ban rules that require source-code disclosure Message-ID: TPP will ban rules that require source-code disclosure http://boingboing.net/2015/11/06/tpp-will-ban-rules-that-requir.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 6 11:17:58 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Nov 2015 12:17:58 -0500 Subject: [Infowarrior] - Leak of Comcast documents detailing the coming data caps Message-ID: Leak of Comcast documents detailing the coming data caps and what you'll be told when you call in about it. https://www.reddit.com/r/technology/comments/3rnfnm/leak_of_comcast_documents_detailing_the_coming -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 6 11:25:05 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Nov 2015 12:25:05 -0500 Subject: [Infowarrior] - OT: Japan 'Force Awakens' trailer offers more hints Message-ID: Star Wars: The Force Awakens ? six things learned from the Japanese trailer More individual moments make their debut, including BB-8?s voice, Kylo Ren?s ship and Rey at the wrong end of a lightsaber http://www.theguardian.com/film/2015/nov/06/star-wars-the-force-awakens-japanese-trailer-five-things-we-learned -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Nov 7 22:10:45 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Nov 2015 23:10:45 -0500 Subject: [Infowarrior] - YIFY: The rise and fall of the world's most prolific movie pirate Message-ID: YIFY: The rise and fall of the world's most prolific movie pirate http://www.engadget.com/2015/11/04/yify-explainer/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 8 16:30:11 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Nov 2015 17:30:11 -0500 Subject: [Infowarrior] - Leaking to support the US narrative Message-ID: <4B726737-2267-4F3D-8174-9D8BA2C98D06@infowarrior.org> US officials have no problem leaking classified information about surveillance?as long as it fits their narrative November 6, 2015 By Trevor Timm https://freedom.press/blog/2015/11/us-officials-have-no-problem-leaking-classified-information-about-surveillance -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 8 19:53:34 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Nov 2015 20:53:34 -0500 Subject: [Infowarrior] - Nastiness threatens online reader comments Message-ID: <1965EF3B-DF1F-4A0D-9802-96D4E4A4C817@infowarrior.org> (c/ dan g) Nastiness threatens online reader comments http://news.yahoo.com/nastiness-threatens-online-reader-comments-053929979.html Washington (AFP) - The Internet was supposed to facilitate better exchange between the public and news media. But vile and hateful comments changed all that. In the face of rising vitriol -- attacks, bigotry and general nastiness -- news organizations are increasingly throwing in the towel on online comments. Last month, Vice Media's Motherboard news site turned off reader comments, saying "the scorched earth nature of comments sections just stifles real conversation." It instead began taking "letters to the editor" to be screened by staff. Vox Media's online news site The Verge said in July it was "turning off comments for a bit," noting that the tone was "getting a little too aggressive and negative." Blogging platform Medium this past week allowed its users to hide reader comments, acknowledging that "sometimes you may not want to get in a discussion." The Chicago Sun-Times, The Daily Beast, news website Re/code, the millennial-focused news site Mic and Popular Science also have shut off comments. And Vox.com launched last year without them, saying that "flame wars" turned readers off. "Newsrooms are really struggling with this," said Jennifer Stromer-Galley, a professor of information studies at Syracuse University. "They like the idea of the comments because it brings readers back, it creates a community of people who are dedicated and that's good for advertising," she told AFP. "But the downside is that when people see lots of vitriol and attack, even if they are not using bad language, it turns people off. The worry is that instead of fostering communication, you lose readers." Research this year by University of Houston professor Arthur Santana found anonymous comments on online news sites can often bring out the vilest of views, particularly on hot topics such as immigration. Santana found readers referred to immigrants as "cockroaches, locusts, scumbags, rats, bums, buzzards, blood-sucking leeches, vermin, slime, dogs, brown invaders, wetbacks," among others. Santana said that newspapers "have expressed frustration with rampant incivility and ad hominem attacks in their commenting forums," but may also be hurting their own reputations by becoming a place for mud-slinging. The problem is not limited to US news sites: "flame wars" have forced the shutdown of comments on South Africa's largest online news publisher 24.com and Independent Online has done the same. Controlling online forums can be especially tricky in countries where news organizations may be held liable for defaming content from readers. Some news organizations have sought to clamp down on incivility by requiring registration and banning anonymity. - Facebook as a tool? - One tool is from Facebook, whose plug-in verifies the identity of those who post comments, requiring people to use their real names. Some evidence indicates the Facebook platform and other tools have helped the tone. A 2013 University of Kent study found that by making users "accountable," the Facebook system makes them "less likely to engage in uncivil discussion." But when The Huffington Post ended anonymous comments and began using the Facebook plug-in, it sparked anger. By creating obstacles to posting, "you lose a lot of commenters," said David Wolfgang, a doctoral researcher in journalism at the University of Missouri. Wolfgang, who has been researching the state of online news comments, said many newsrooms were unprepared for the deluge of acrimony but should not give up. "If your local news organization isn't going to provide a space for this conversation, who will? It doesn't always work out the way we want, but that doesn't mean we should throw it out," he said. - Tech solutions? - Large news organization employ teams of moderators, sometimes with help from outside contractors, to weed out inappropriate comments. But that's not feasible for many budget-stretched newsrooms. Some are looking to technology, to filter out nastiness and highlight constructive conversations from readers. Several private vendors offer software for this. The Washington Post and New York Times have joined forces on a project funded by the Knight Foundation to create open-source software that can be adapted for news websites to get a better handle on online discussions. Greg Barber, director of digital news projects at the Post and a member of the "Coral Project" team working with the Mozilla Foundation, said the competing dailies realized that "we had the same problems and it made sense for us to work together." "Civility is a challenge for everyone," Barber said, adding that the Post gets some eight million comments a year and struggles to keep a positive tone with its own moderators and an outside contractor. "When users come in and see a pie fight, they are likely to pick up a pie and throw it," he said. "If they see a reasoned discussion, they will want to contribute in a reasoned way." Project members have spoken with publishers in 25 countries interested in trying the software, which will be offered free. News sites may use their own criteria to keep the dialogue on course, according to Barber. Barber said the software, set to be released for testing in January, aims not only to filter out the ugliness but to identify the "trusted" readers and display constructive comments more prominently. "It's not just to scrape the mud off our boots, but to find and highlight the valuable contributions," he said. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 9 07:55:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Nov 2015 08:55:38 -0500 Subject: [Infowarrior] - =?utf-8?q?Why_Johnny_Still=2C_Still_Can=E2=80=99t?= =?utf-8?q?_Encrypt?= Message-ID: <6C6FA2C0-AC6E-46AB-A7C1-23834D31A092@infowarrior.org> Why Johnny Still, Still Can?t Encrypt: Evaluating the Usability of a Modern PGP Client http://arxiv.org/pdf/1510.08555.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 9 17:33:02 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Nov 2015 18:33:02 -0500 Subject: [Infowarrior] - Judge calls for NSA to halt phone records program Message-ID: <6981C09B-5F96-468D-9B1E-8C21CAAE214E@infowarrior.org> Judge calls for NSA to halt phone records program Julian Hattem http://thehill.com/policy/national-security/259550-judge-calls-for-nsa-to-halt-phone-records-program A federal judge on Monday called for the Obama administration to immediately halt its controversial collection of Americans? phone records, mere days before the contested program is set to end. In his ruling, Judge Richard Leon of the U.S. District Court of the District of Columbia doubled down on his assertion that the National Security Agency (NSA) program ?likely violates the Construction? and warned that ?the loss of constitutional freedoms for even one day is a significant harm.? Monday?s ruling comes nearly two years after he initially called the NSA program ?almost Orwellian,? and slightly less than three weeks before it is scheduled to end. As such, the decision ?is perhaps the last chapter in the judiciary?s evaluation of this particular program?s compatibility with the Constitution,? he wrote. ?It will not, however, be the last chapter in the ongoing struggle to balance privacy rights and national security interests under our Constitution in an age of evolving technological wizardry.? Ultimately, the legal process makes it unlikely that the NSA will have to reverse course before the program is set to end later this month. But civil liberties advocates nonetheless greeted the decision as a major victory that could be used to spur additional legal takedowns of U.S. spying programs. The NSA program collects ?metadata? about millions of Americans? phone records without a warrant. The metadata include the numbers dialed in a call, when the calls occurred and how long the call lasted, but not the actual content of people?s conversations. The program was revealed to the public by Edward Snowden, and burst to the fore during a congressional battle over government surveillance earlier this year. On Twitter, Snowden called Monday?s decision ?historic.? After the 2013 ruling in which Leon decried the program and a similar decision from an appeals court this spring, Congress voted to end the NSA?s program and replace it with a system requiring the government to receive a court order to search through private companies? phone records. That new system is set to go into place on Nov. 29, 180 days after the legislation was signed. Other courts have been less willing than Leon to order the NSA to shut down its phone records program, given that Congress has already acted. Congress was ?clear,? the Second Circuit Court of Appeals said in October, that the current program ought to continue until the Nov. 29 deadline. In his scathing response, Leo declared that he ?cannot, and will not, sit idle in the face of likely constitutional violations for fear that it might be viewed as meddling with the decision of a legislative branch that lacked the political will, or votes, to expressly and unambiguously authorize the program for another six months.? Courts have also been generally mixed about the program in general. While the Second Circuit called it illegal in May, the D.C. Circuit overturned Leon?s decision in August. At the time, the D.C. Circuit said that the idiosyncratic legal activist who first filed the challenge, Larry Klayman, had not met the legal threshold to file suit against it. After that appeals court ruling, the case ? known as Klayman v. Obama ? was sent back down to Leon. Klayman added new plaintiffs to the case and filed a new complaint with additional information, leading to Monday?s order. It is ?overwhelmingly likely? that the new plaintiffs were swept up in the NSA?s program, Leon wrote, giving them the legal standing to sue. This story was updated at 1:52 p.m. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 9 18:37:56 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Nov 2015 19:37:56 -0500 Subject: [Infowarrior] - =?utf-8?q?Comcast_says_it=E2=80=99s_not_to_blame_?= =?utf-8?q?after_200=2C000_user_accounts_were_put_up_for_sale_online?= Message-ID: <0E5CBF23-5A8B-40F7-A89D-7802D34FA2D4@infowarrior.org> Comcast says it?s not to blame after 200,000 user accounts were put up for sale online https://www.washingtonpost.com/news/the-switch/wp/2015/11/09/comcast-says-its-not-to-blame-after-200000-accounts-were-illegally-put-up-for-sale/ Comcast will reset the passwords of roughly 200,000 customers after their account information wound up for sale on a shadowy Web site, the company said Monday. The package of personal data, including the e-mail addresses and passwords of Comcast customers, was listed for sale for $1,000 on a Dark Web site that was also marketing a number of other questionable goods. The Dark Web is a collection of sites that are publicly accessible but cannot found by search engines. Usually Dark Web users need specialized software or instructions to visit a specific Web address. Comcast said it was not hacked and that its systems and apps were not compromised. The company blamed the incident instead on unsuspecting customers who may have visited malware-laden sites or fallen victim to other schemes that allowed hackers to obtain their data. To prove the list was legitimate, the seller on the Dark Web site exposed the information of a few dozen customer accounts, and offered to sell 100,000 of them for $300. As many as 590,000 accounts were put up for sale for $1,000. But only a third of the entries were actually up-to-date and therefore at risk, Comcast said. The others appear to be old or fake information. ?We?re taking this seriously and we?re working to get this fixed for those customers who may have been impacted,? said a company spokesperson, ?but the vast majority of information out there was invalid.? The company said it will not offer credit monitoring to affected customers because Comcast itself was not hacked. Selling personal information on the Dark Web is a burgeoning business. In a report last month, McAfee labs said the price for stolen credit and debit cards usually goes for $4 to $30 in the United States while bank login credentials can go for $190. ?Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior,? said Raj Samani, a chief technology officer for Internet Security, which runs McAfee Labs. ?This ?cybercrime-as-a-service? marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.? Brian Fung covers technology for The Washington Post, focusing on telecommunications and the Internet. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.\ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 10 14:40:40 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Nov 2015 15:40:40 -0500 Subject: [Infowarrior] - Sorry, MPAA, Court Rejects Your Plan For A Secret SOPA At The ITC Message-ID: <16AA3162-B376-41ED-8343-CABB804B2CA7@infowarrior.org> Sorry, MPAA, Court Rejects Your Plan For A Secret SOPA At The ITC from the try,-try-again dept Last year, when the Sony emails leaked, and it was revealed that the MPAA was still totally focused on bringing SOPA back through alternative means, one of the strategies explored was getting the International Trade Commission (the ITC) to set up a sort of secret SOPA. The ITC is an already problematic government agency that is already widely abused by patent holders. Basically, you can ask the ITC to "block" some sort of "illegal foreign competition." And for patent holders, this has meant going to the ITC and claiming that a foreign firm (or a domestic firm that is importing products) is violating its patents, and thus the ITC should issue an injunction blocking any such products from entering the US at its borders. This is already troublesome in the patent context, because the ITC process is entirely separate from either the USPTO's review of patents or the federal courts -- and actually has different rules. So even if a court might decide that a patent is invalid under existing rules, the ITC may have already started blocking the import of products, claiming patent infringement. It basically allowed patent holders to get two bites at the apple (sometimes, quite literally at Apple). The MPAA's theory was that if the ITC can block "infringing products" at the border, why can't it basically do the same thing for "infringing content." The goal of the strategy -- which even the MPAA's legal experts admitted was a long shot -- was to find a key case, in which "digital goods" of some sort went before the ITC, and see if it could get a ruling in its favor. It found that case in the ClearCorrect case, in which the company ClearCorrect faced off against the ITC over its 3D printing of clear plastic braces, custom-designed for each patients' teeth. While another company holds patents on a similar process, ClearCorrect tried to get around this by doing the computer work in Pakistan, and then sending the completed digital model back to the US to be printed. Thus, ClearCorrect argued, it was not violating the patents in the US and was just getting a digital file. The ITC ruled against ClearCorrect, and the company appealed the ITC's ruling out into the federal court system where the case was heard by the appeals court for the Federal Circuit (CAFC). The MPAA weighed in supporting the ITC, hoping to give teeth to the idea that the ITC can block "digital goods" at the border for "infringement." Thankfully, the good folks at Public Knowledge weighed in on the other side, noting what a massive and dangerous expansion of power this would be for the ITC in a very digital world. Thankfully, today, the CAFC sided with ClearCorrect and against the ITC (and the MPAA), noting that the ITC has no jurisdiction to issue injunctions on digital products. The decision was written by CAFC chief judge, Sharon Prost (who has really shaken up CAFC in a good way since taking over last year). Prost correctly notes that the ITC's original decision was a massive, unauthorized expansion of the ITC's jurisdiction, without the necessary Congressional approval. < - > https://www.techdirt.com/articles/20151110/11330732777/sorry-mpaa-court-rejects-your-plan-secret-sopa-itc.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 11 07:35:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Nov 2015 08:35:20 -0500 Subject: [Infowarrior] - DOJ Has Blocked Everyone In The Executive Branch From Reading The Senate's Torture Report Message-ID: <98044F74-D301-43FB-A0DF-CDDC7CE3C9CE@infowarrior.org> DOJ Has Blocked Everyone In The Executive Branch From Reading The Senate's Torture Report https://www.techdirt.com/articles/20151110/01353532771/doj-has-blocked-everyone-executive-branch-reading-senates-torture-report.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 11 08:01:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Nov 2015 09:01:59 -0500 Subject: [Infowarrior] - =?utf-8?q?Microsoft_Tightens_EU_Clients=E2=80=99_?= =?utf-8?q?Data_Protection?= Message-ID: <98C7DE28-5389-468A-8D83-688BE606B953@infowarrior.org> Microsoft Tightens EU Clients? Data Protection Friedrich Geiger Nov. 11, 2015 8:06 a.m. ET http://www.wsj.com/articles/microsoft-tightens-eu-clients-data-protection-1447247197 BERLIN? Microsoft Corp. MSFT -1.20 % said Wednesday it would offer European customers the option of storing their cloud data in Germany, addressing concerns about the security of U.S. data centers following reports of surveillance by intelligence agencies. Data that customers enter into Internet-based Microsoft software for office and business applications will be stored in two data centers owned by Deutsche Telekom AG DTEGY 0.62 % , Germany?s largest telecommunications group. Microsoft will only be granted access to this data if it is given permission by the customer or Deutsche Telekom?s T-Systems subsidiary, which operates the data centers. If T-Systems grants access, Microsoft would only proceed under supervision. The German data centers will ?offer customers choice and trust in how their data is handled and where it is stored,? said Microsoft Chief Executive Satya Nadella. The announcement came weeks after the European Court of Justice struck down an agreement between the U.S. and European Union that had allowed the transfer of Europeans? personal data to the U.S. The ?Safe Harbor? pact violated the privacy rights of Europeans by exposing them to allegedly indiscriminate surveillance by the U.S. government, according to the court. German data protection authorities said after the ruling they wouldn?t allow any new data transfers to the U.S. The ruling by the EU?s highest court has upended technology plans for many trans-Atlantic companies. ?It undermines all businesses,? said U.S. Commerce Secretary Penny Pritzker during a recent visit to Germany. Microsoft said 83% of German businesses expect their cloud provider to operate data centers in Germany, according to a study by German business group Bitkom. The new service will be available to customers in the EU and some neighboring countries from the second half of next year. Microsoft applications such as Office 365, Azure and Dynamics CRM Online will be delivered from data centers in Frankfurt and Magdeburg. Since former National Security Agency contractor Edward Snowden accused U.S. authorities of carrying out widespread surveillance, Deutsche Telekom has rolled out a number of products aimed at protecting users from espionage and eavesdropping, including encrypted email, secure smartphones and German data centers. ?We are investing in Germany as a center of IT business because German data protection standards are highly valued,? said Deutsche Telekom Chief Executive Tim H?ttges, when opening a data center near Magdeburg last year. Microsoft, challenged by mistrust of privacy-seeking Europeans, has said the U.S. shouldn?t be able to touch data which the company stores for customers overseas. A U.S. judge ordered Microsoft last year to turn over customer?s email account details that it stored in Ireland for a narcotics probe. Microsoft has appealed the decision. Other countries are also pressing U.S. technology titans to keep their citizens? data on local soil. A new law in Russia requires companies such as Facebook Inc. FB 1.33 % and Twitter Inc. TWTR -0.15 % to store and process data about Russian users within the country?s borders. Write to Friedrich Geiger at friedrich.geiger at wsj.com -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 11 08:23:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Nov 2015 09:23:51 -0500 Subject: [Infowarrior] - =?utf-8?q?Own_a_Vizio_Smart_TV=3F_It=E2=80=99s_Wa?= =?utf-8?q?tching_You?= Message-ID: <1743A00B-2A9F-4582-BB61-9A15F04FB67A@infowarrior.org> Own a Vizio Smart TV? It?s Watching You Vizio, one of the most popular brands on the market, is offering advertisers ?highly specific viewing behavior data on a massive scale.? by Julia Angwin ProPublica, Nov. 9, 2015, 11:57 a. http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 11 11:29:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Nov 2015 12:29:59 -0500 Subject: [Infowarrior] - =?utf-8?q?Snooper=E2=80=99s_Charter=3A_UK_gov?= =?utf-8?q?=E2=80=99t_can_demand_backdoors=2C_give_prison_sentences_for_di?= =?utf-8?q?sclosing_them?= Message-ID: <30577FA9-DCB1-4CA8-A0E7-79C3241B051C@infowarrior.org> Snooper?s Charter: UK gov?t can demand backdoors, give prison sentences for disclosing them by Glyn Moody - Nov 6, 2015 8:35am EST http://arstechnica.co.uk/tech-policy/2015/11/snoopers-charter-uk-govt-can-demand-backdoors-give-prison-sentences-for-disclosing-them/ HM Prison Wormwood Scrubs: People in the UK could end up here if they mention any backdoors they find or hear about. Buried in the 300 pages of the draft Investigatory Powers Bill (aka the Snooper's Charter), published on Wednesday, is something called a "technical capability notice" (Section 189). Despite its neutral-sounding name, this gives the UK's home secretary almost unlimited power to impose "an obligation on any relevant operators"?any obligation?subject to the requirement that "the Secretary of State considers it is reasonable to do so." There is also the proviso that "it is (and remains) practicable for those relevant operators to comply with those requirements," which probably rules out breaking end-to-end encryption, but would still allow the home secretary to demand that companies add backdoors to their software and equipment. That's bad enough, but George Danezis, an associate professor in security and privacy engineering at University College London, points out that the Snooper's Charter is actually much, much worse. The Investigatory Powers Bill would also make it a criminal offence, punishable with up to 12 months in prison and/or a fine, for anyone involved to reveal the existence of those backdoors, in any circumstances (Section 190(8).) As Danezis explains: "Secret backdoor notices (I mean 'technical capability notices') will be issued, and enterprising geek that wants to open a debate about them will either know nothing about them, or be breaking the law. There will be no debate about what kind of back doors, of when they should be used?all will be happening in total secrecy." Similar gag orders would apply to the other main elements of the Snooper's Charter: interception (Section 43(1-7)); "equipment interference" (hacking?Section 148); and retaining communications data (Section 77). Gag orders would also be in place for bulk communications data collection (Section 133). As Danezis explains, this bit would be particularly problematic: "This goes way beyond protecting specific operation, since the acquisition is performed in bulk, and cannot betray any specifics. The secrecy order protects the capability to access in bulk certain categories of communication data, which in effect means shielding it from any proper scrutiny as related to its necessity, or appropriateness in the future, or any debate on that matter." The dismal picture painted above could just be tip of the iceberg, too. The draft Investigatory Powers Bill forbids anyone involved in interception from ever disclosing that fact, including during court proceedings (section 42). As Danezis writes: "Note that this section is absolute: it does not have exceptions, for example in relation to the public interest: such as the ability to discuss the benefit or downsides of part interception activities; no exception for talking about this to MPs, or other democratic representatives; or even to exculpate anyone who otherwise would be wrongfully found guilty." It seems that the central purpose of the revamped Snooper's Charter is not so much the claimed tidying-up of existing surveillance powers, nor even the extension of those powers, although it certainly does that too. At the heart of proposed Investigatory Powers Bill is something much more insidious: an attempt to make it impossible for anyone in the know to discuss any details of the government's surveillance activities, ever. As Danezis puts it: "The gagging provisions are a clear example that calls for a mature debate around surveillance are mere rhetoric, the securocrats want one last discussion before making any discussion about surveillance simply impossible." -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 11 19:30:29 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Nov 2015 20:30:29 -0500 Subject: [Infowarrior] - Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users Message-ID: <8A306702-3F3A-442F-9478-47747B457608@infowarrior.org> Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users ? Andy Greenberg Security ? Date of Publication: 11.11.15. 11.11.15 ? Time of Publication: 5:01 pm. 5:01 pm http://www.wired.com/2015/11/tor-says-feds-paid-carnegie-mellon-1m-to-help-unmask-users/ Ever since a Carnegie Mellon talk on cracking the anonymity software Tor was abruptly pulled from the schedule of the Black Hat hacker conference last year, the security community has been left to wonder whether the research was silently handed over to law enforcement agencies seeking to uncloak the internet?s anonymous users. Now the non-profit Tor Project itself says that it believes the FBI did use Carnegie Mellon?s attack technique?and paid them handsomely for the privilege. The Tor Project on Wednesday afternoon sent WIRED a statement from its director Roger Dingledine directly accusing Carnegie Mellon of providing its Tor-breaking research in secret to the FBI in exchange for a payment of ?at least $1 million.? You can now read the full statement on the Tor Project?s blog.1 And while Carnegie Mellon?s attack had been rumored to have been used in takedowns of dark web drug markets that used Tor?s ?hidden service? features to obscure their servers and administrators, Dingledine writes that the researchers? dragnet was larger, affecting innocent users, too. ?Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes,? Dingledine writes. ?Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.? Tor?s statement all but confirms that Carnegie Mellon?s attack was used in the late 2014 law enforcement operation known as Operation Onymous, carried out by the FBI and Europol. That dark web purge took down dozens of Tor hidden services, including several of the most popular Tor-based black markets for drugs including the Silk Road 2, and led to at least 17 arrests. Tor, for its part, has made efforts to subsequently block the attack, which it says it first detected in July of 2014. When WIRED contacted Carnegie Mellon, it didn?t deny the Tor Project?s accusations, but pointed to a lack of evidence. ?I?d like to see the substantiation for their claim,? said Ed Desautels, a staffer in the public relations department of the university?s Software Engineering Institute. ?I?m not aware of any payment,? he added, declining to comment further. Tor?s Dingledine responded to that call for evidence by telling WIRED that it identified Carnegie Mellon as the origin of the attack by pinpointing servers running on Tor?s network that were used in the de-anonymization technique. When it asked Carnegie Mellon if the servers were being run by its researchers?a suspicion based on the canceled Black Hat conference presentation?the anomalous servers disappeared from the network and the university offered no response. The $1 million payment, Dingledine says, was revealed to Tor by ?friends in the security community.? WIRED has also reached out to the FBI for comment, and we?ll update this story if the agency responds. Tor?s accusations against Carnegie Mellon were triggered Wednesday morning by a report from Vice?s Motherboard news site, which found a reference in legal documents obtained by the defense attorneys of alleged Silk Road 2 drug dealer Brian Richard Farrell. According to the documents, prosecutors revealed to Farrell?s lawyers that the technique used to identify him was ?based on information obtained by a ?university-based research institute? that operated its own computers on the anonymous network used by Silk Road 2.0.? In his statement, Tor?s Dingledine excoriates Carnegie Mellon for violating its academic ethics to help invade the privacy of Tor?s users. ?This attack?sets a troubling precedent: Civil liberties are under attack if law enforcement believes it can circumvent the rules of evidence by outsourcing police work to universities. If academia uses ?research? as a stalking horse for privacy invasion, the entire enterprise of security research will fall into disrepute,? Dingledine writes. ?We teach law enforcement agents that they can use Tor to do their investigations ethically, and we support such use of Tor?but the mere veneer of a law enforcement investigation cannot justify wholesale invasion of people?s privacy, and certainly cannot give it the color of ?legitimate research.'? ?Whatever academic security research should be in the 21st century,? he concludes, ?it certainly does not include ?experiments? for pay that indiscriminately endanger strangers without their knowledge or consent.? 1UPDATE 4:45 PM ET 11/11/15: This story has been updated to link to the Tor Project?s full statement. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Nov 12 10:07:22 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Nov 2015 11:07:22 -0500 Subject: [Infowarrior] - UK's wishy-washy Internet security problem Message-ID: <08C529B0-6B46-4FFC-A0C4-AD6B53C5FFBD@infowarrior.org> So clearly, the first step is to criminalise strong encryption, as their Prime Minister and Home Secretary have proposed in recent weeks. Because that's real helpful to security, right? --rick GCHQ chief claims that everything is failing cyber security http://www.theinquirer.net/inquirer/news/2434496/gchq-chief-claims-that-everything-is-failing-cyber-security (c/o dg) Cyber threats can never be defeated http://www.telegraph.co.uk/finance/economics/11988990/Cyber-threats-can-never-be-defeated-warns-Bank-deputy.html Britain will never extinguish cyber threats "once and for all", according to the deputy governor of the Bank of England, who warned that protecting the financial system against online attacks presented a "big challenge" for the industry. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Nov 14 08:58:40 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Nov 2015 09:58:40 -0500 Subject: [Infowarrior] - Live News Should Challenge Narratives, Not Desperately Try to Create Them Message-ID: <32EAF8ED-5190-4E3A-9E3E-184D9FCD7A22@infowarrior.org> medium.com After the Paris Attacks: Live News Should Challenge Narratives, Not Desperately Try to Create Them ? Thoughts on Media ? Medium Christian Christensen https://medium.com/@ChrChristensen/after-the-paris-killings-live-news-should-challenge-narratives-not-desperately-try-to-create-them-645a691ae68a As the events from Oslo on July 22, 2011 filtered through, TV news producers began to scramble. Many people had been murdered by a gunman, and they needed experts to give expert opinions. Fast. What followed was one of the the most embarrassing examples of uninformed mass punditry in news history. This ?must? have been Al Qaeda, most opined. Then, even after Breivik was identified and captured, a number of experts simply refused to believe reality and spun their earlier guesswork. I remember watching CNN?s coverage of Oslo, and not once did an anchor challenge any of these experts. It was an exercise in throwing any half-baked opinion against the wall, hoping against hope that something might stick. During horrific attacks such as the ones in Oslo and now Paris, there is a certain inevitability to people turning to large, mainstream TV news for information and updates. That?s because TV is still the dominant news source for most citizens: size, trust and pure habit lead us to the places we know. Our personal media history matters. Social media, we are told, while superficially informative and occasionally entertaining, are ultimately dangerous during crises, laden with speculation, half-truths, untruths, hot takes and political points-scoring. However, what I saw when I flicked between BBC, CNN and other large-scale channels as I followed the events in France was little more than those things. In fact, the level of speculation and death-toll pornography on my TV screen more than equaled what I saw on my computer screen. For me, the worst of these sins (from a journalistic perspective) is the uncritical deference shown to ?experts? and pundits invited to help viewers put horrific events ?into context.? More often than not, these experts muddy already filthy waters by spouting guesses and half-truths. Or, they take the opportunity to forward a particular political agenda. In one of the most egregious cases right after the Paris mass murder, BBC World invited ex-CIA chief James Woolsey into the studio to offer some nuggets of wisdom. He used this platform to offer a m?lange of US talking points about terrorism, compounded with the suggestion that the mass influx of refugees from Syria ?set the context? for the horrific events in Paris. Instead of challenging Woolsey by asking, for example, how the influx of refugees was connected given the fact that almost all of them were fleeing the very violence seen in Paris, the presenter simply gushed how lucky the BBC were to have him on the show?and moved on. The common excuse used for slipshod guesswork and punditry is that events are ?fluid? and that these are, after all, just opinions. That?s as weak as it is disingenuous. The assertion that there is a relationship between the influx of refugees to Europe and the events in Paris, for example, stigmatizes people who have fled their homes, their families and everything they know in order to find safety. If an expert insists on positing that relationship to millions of viewers without a shred of evidence, then they must be called on it. To not do so is professional misconduct. Being a guest on a major TV news program is not an offer to come up with on-the-spot bullshit with a guarantee of immunity from interrogation. It is a position of social and cultural power made available to very few people, and should be treated as such. When someone offers an opinion, even if it is totally wrong, it stays in our heads, filed away as a ?legitimate argument? that has entered into the public domain. It?s a little known process called memory. Essentially, what I am talking about here is a desperate desire on the part of major news organizations to create and drive the narrative of these terror attacks, when what they should be doing is questioning and interrogating narratives. This process involves a heavy emphasis on confirmed sources, restraint, and a focus on information of vital importance (telephone numbers, hospital information, requests for blood, etc.). In conjunction with these elements, the following are key: ? recognizing and addressing that fact that all forms of media media???as social, political and economic actors???are part of the story; ? a reduction in the use of screaming, violent or sensationalist headlines and logos; ? occasionally noting the spread of myths and half-truths, and making an active effort to refute them (when possible); ? avoiding an over-reliance upon experts and commentators (that?s avoiding an over-reliance, not an elimination?some are excellent); ? challenging guests and experts who forward problematic, stereotypical or unfounded theories and assertions; ? broadening the selection of guests and experts to include a greater diversity of opinion and perspective; ? reminding audiences that sourcing is important, and explaining why; ? staying away from initial ?unconfirmed? reports, no matter how sensational they may appear; ? a reduction in the use of death toll numbers (until firm numbers are established). News is about story-telling power, and events such as the mass murders in Paris amplify that power by increasing our focus (in times of extreme emotion) upon journalistic output. Live events are indeed ?fluid? and unpredictable, but that is precisely why restraint and a critical eye are needed in order to sort and critique the multiple narratives that emerge. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 15 11:22:37 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Nov 2015 12:22:37 -0500 Subject: [Infowarrior] - Exploiting Emotions About Paris to Blame Snowden Message-ID: <32310528-0CDB-4DAF-A6F8-B6EE3F04B781@infowarrior.org> (good critical analysis, I might add. --rick) Exploiting Emotions About Paris to Blame Snowden, Distract from Actual Culprits Who Empowered ISIS Glenn Greenwald Nov. 15 2015, 7:23 a.m. https://theintercept.com/2015/11/15/exploiting-emotions-about-paris-to-blame-snowden-distract-from-actual-culprits-who-empowered-isis/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 15 20:08:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Nov 2015 21:08:20 -0500 Subject: [Infowarrior] - Anonymous vs. the Islamic State Message-ID: Anonymous vs. the Islamic State Paul McLeary | 1 day ago http://foreignpolicy.com/2015/11/13/anonymous-hackers-islamic-state-isis-chan-online-war/ For John Chase, the breaking point came on Jan. 7, when al Qaeda-linked militants gunned down 12 people at the Paris office of Charlie Hebdo. Subsequent attacks by a gunman affiliated with the Islamic State would take five more lives. Watching triumphant jihadi messages bounce across Twitter, the 25-year-old Boston native was incensed. They needed to be stopped. Although Chase?s formal education ended with high school, computers were second nature to him. He had begun fiddling with code at the age of 7 and freelanced as a web designer and social media strategist. He now turned these skills to fighting the Islamic State, also known as ISIS. Centralizing other hacktivists? efforts, he compiled a database of 26,000 Islamic State-linked Twitter accounts. He helped build a website to host the list in public view and took steps to immunize it against hacking counterattacks by Islamic State sympathizers. He even assumed an appropriately hacker-sounding nom de guerre, ?XRSone,? and engaged any reporter who would listen. In doing so, Chase briefly became an unofficial spokesman for #OpISIS ? and part of one of the strangest conflicts of the 21st century. For more than a year, a ragtag collection of casual volunteers, seasoned coders, and professional trolls has waged an online war against the Islamic State and its virtual supporters. Many in this anti-Islamic State army identify with the infamous hacking collective Anonymous. They are based around the world and hail from every walk of life. They have virtually nothing in common except a passion for computers and a feeling that, with its torrent of viral-engineered propaganda and concerted online recruiting, the Islamic State has trespassed in their domain. The hacktivists have vowed to fight back. The effort has ebbed and flowed, but the past nine months have seen a significant increase in both the frequency and visibility of online attacks against the Islamic State. To date, hacktivists claim to have dismantled some 149 Islamic State-linked websites and flagged roughly 101,000 Twitter accounts and 5,900 propaganda videos. At the same time, this casual association of volunteers has morphed into a new sort of organization, postured to combat the Islamic State in both the Twitter ?town square? and the bowels of the deep web. Chase, who has since shifted his focus to other pursuits, boasts a story typical of those volunteers who work to track and counteract the Islamic State?s online propaganda apparatus. Few of these hacktivists are hood-wearing, network-cracking, Internet savants. Instead, they are part-time hobbyists, possessed of a strong sense of justice and a disdain for fundamentalists of all stripes. Many, but not all, are young people ? some are more seasoned, former military or security specialists pursuing a second calling. The oldest is 50. These hacktivists speak of a desire to ?do something? in the fight against the Islamic State, even if that ?something? may sometimes just amount to running suspicious Twitter accounts through Google Translate. This is something new. Anonymous arose from the primordial, and often profane, underground web forums to cause mischief, not to take sides in real wars. The group gained notoriety for its random, militantly apolitical, increasingly organized hacking attacks during the mid-2000s. Its first ?political? operation was an Internet crusade against the Church of Scientology following its suppression of a really embarrassing Tom Cruise video. In time, however, Anonymous operations became less about laughs and more about causes, fighting the establishment and guaranteeing a free and open Internet. In 2010, the group launched #OpPayback, retaliating against PayPal for, among other things, suspending payments to WikiLeaks following the publication of a trove of classified U.S. documents. This was followed by a cascade of increasingly political operations: in support of the Occupy Wall Street movement and the Arab Spring protests; against the CIA and Interpol; against Muslim discrimination in Myanmar; and on behalf of democratic activists in Hong Kong. Most recently, Anonymous launched a muddled campaign against purported members of the Ku Klux Klan. As Paul Williams, a hacktivist writer and occasional documentarian, writes in a colorful history of the group, ?Anonymous had come to the conclusion that they were no longer abstractly playing with scatology and paedo bears.? Today, in the fight against the Islamic State, the hacking collective finds itself split by a potentially existential crisis. If Anonymous defends the unrestricted use of the Internet, should this guarantee not apply to everyone, including Islamic State militants? What exactly does it mean when members of a group formed to flout authority find themselves sharing many of the same goals as the U.S. government? In public and private debates that range across cyberspace, self-identifying Anonymous members struggle to reconcile the group?s past with its uncertain present. Although some anti-Islamic State operatives now disavow their connection to Anonymous (intending to avoid precisely this issue), the distinction is hardly so clear to outside observers. #OpISIS and Anonymous share many of the same members, the same motifs, and the same tactics. < - > http://foreignpolicy.com/2015/11/13/anonymous-hackers-islamic-state-isis-chan-online-war/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 16 14:45:47 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Nov 2015 15:45:47 -0500 Subject: [Infowarrior] - Blaming Encryption for Terrorist Attacks Is a Mistake Message-ID: Blaming Encryption for Terrorist Attacks Is a Mistake Kate Knibbs Filed to: Encryption 11/16/15 2:19pm http://gizmodo.com/blaming-encryption-for-terrorist-attacks-is-a-mistake-1742801241 We don?t know the specifics of how the terrorist attacks in Paris last Friday were carried out. That hasn?t stopped the law enforcement community from shamelessly blaming encryption for helping terrorists, or from seizing the attack as an opportunity to defend surveillance. Intelligence officials are blaming the Paris attacks on the free availability of encryption tools to protect private conversations, the implication being that if we could only track what the terrorists were saying to one another, we would have stopped it. But we already have a historical case of how we react to a terror plot that we have surveillance coverage over: Mumbai. We were watching. We didn?t stop it. The 2008 Mumbai attacks are a good example of what it looks like when a terrorist organization carries out a plot. Afterwards, the steps and missteps the intelligence community took before and during that attack were scrutinized, and some of the documents Snowden leaked shed light on what went down. The intelligence community knew about some of the attackers, it was able to track them, but it failed to identify their plan until it was too late. That failure has nothing to do with encryption. Some of the Mumbai terrorists were known to British, Indian, and US intelligence agencies, but the agencies didn?t share enough information with each other to figure out the plot beforehand. It was only after the attacks that they swapped intel and saw how many hints they missed. The Mumbai attackers weren?t skulking around in blind spots. One of them used Google Earth to map out where they would go. The problem wasn?t that the terrorists were too wily with their privacy tools, or that those privacy tools stymied an investigation. It was that the intelligence community didn?t effectively analyze and share the ample information it collected. ?I cannot remember a single instance in my career when we ever stopped a plot based purely on signals intelligence,? retired CIA counterterrorism chief Charles Faddis told the New York Times at the time. Yet these trumped-up charges against encryption don?t account for the crucial role human intelligence plays. The same kind of shitty information-sharing among foreign agencies may have hindered the intelligence community in the Paris attacks as well. A Turkish official says that Turkey had warned France twice about one of Friday?s attackers, but did not hear back. Israeli, Iraqi, and Jordanian officials also reported that they had issued warnings to France. Yet law enforcement officials wasted no time fingering encryption as a terrorist tool to further their agendas. New York Police Commissioner Bill Bratton said the Islamic State?s ability to go ?dark? will play ?a significant factor in this event? on This Week With George Stephanopoulos on Sunday. Bratton continued his media blitz against encryption on Face the Nation. ?We, in many respects, have gone blind as a result of the commercialization and the selling of these devices that cannot be accessed either by the manufacturer or, more importantly, by us in law enforcement, even equipped with search warrants and judicial authority,? he said. ?This is something that is going to need to be debated very quickly because we cannot continue operating where we are blind.? CIA director John Brennan called the attack a ?wake-up call? during the debate around encryption, saying that ?unauthorized disclosures and hand-wringing over the government?s role? made it harder for the international intelligence community to prevent attacks. The ?unauthorized disclosure? he referred to is, of course, Edward Snowden?s whistleblowing, as though terrorists suddenly realized they were being tracked by law enforcement in 2013. We don?t know exactly how the intelligence community missed what was about to happen in Paris. A mistaken Forbes report claimed that Belgium?s federal home affairs minister, Jan Jambon, stated that the terrorists used Playstation 4 to talk to each other. But Jambon made that statement before the attacks. Whatever platforms the terrorists used to communicate, the idea that encryption foiled the intelligence community?s efforts to stop them is still hypothetical. Even if we do learn that these attackers used the most cutting-edge, hardcore encryption tools privacy advocates would jizz over, the argument that the solution is to dismantle these tools by making keys for government actors is absurd. We?ve known that terrorists have used encryption since at least 2001, as Glenn Greenwald pointed out. This has been happening for almost two decades. The rhetoric against privacy tools is cynical opportunism, and accusing encryption of enabling the attacks is a callous shifting of responsibility. Framing encryption as a major factor in the attacks is not only jumping to an unproven conclusion, it ignores the main reason that most terror attacks aren?t stopped: A failure to share information. A lock on a bomb makes it harder to defuse, but we?re not going to start blaming or banning locks. Encryption provides privacy services that make the internet safer for the vast majority of its users. Instead of using it as a bogeyman to scare people into supporting a surveillance apparatus that has been proven inefficient at stopping attacks, the intelligence community should acknowledge its failures in assessing the threats it could see. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 16 14:47:14 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Nov 2015 15:47:14 -0500 Subject: [Infowarrior] - =?utf-8?q?Surveillance_Hawk_Stewart_Baker_Confirm?= =?utf-8?q?s_Dragnet_Didn=E2=80=99t_Work_as_Designed?= Message-ID: <8F06BDC1-9767-4245-AB7E-72C39D121A96@infowarrior.org> Surveillance Hawk Stewart Baker Confirms Dragnet Didn?t Work as Designed Published November 15, 2015 | By emptywheel https://www.emptywheel.net/2015/11/15/surveillance-hawk-stewart-baker-confirms-dragnet-didnt-work-as-designed/ The French authorities are just a day into investigating the horrid events in Paris on Friday. We?ll know, over time, who did this and how they pulled it off. For that reason, I?m of the mind to avoid any grand claims that surveillance failed to find the perpetrators (thus far, French authorities say they know one of the attackers, who is a French guy they had IDed as an extremist, but did not know of people identified by passports found at the Stade ? though predictably those have now been confirmed to be fake [update: now authorities say the Syrian one is genuine, though it?s not yet clear it belonged to the attacker], so authorities may turn out to know their real identity). In any case, Glenn Greenwald takes care of that here. I think it?s possible the terrorists did manage to avoid detection via countersurveillance ? though the key ways they might have done so were available and known before Edward Snowden?s leaks (as Glenn points out). But there is one claim by a surveillance hawk that deserves a response. That?s former DHS and NSA official Stewart Baker?s claim that because of this attack we shouldn?t stop the bulk collection of US persons? phone metadata. The problem with this claim is that the NSA has a far more extensive dragnet covering the Middle East and Europe than it does on Americans. It can and does bulk collect metadata overseas without the restrictions that existed for the Section 215 dragnet. In addition to the metadata of phone calls and Internet communications, it can collect GPS location, financial information, and other metadata scraped from the content of communications. The dragnet covering these terrorists is the kind of dragnet the NSA would love to have on Americans, if Americans lost all concern for their privacy. And that?s just what the NSA (and GCHQ) have. The French have their own dragnet. They already had permission to hold onto metadata, but after the Charlie Hebdo attacks, they expanded their ability to wiretap without court approval. So the key ingredients to a successful use of the metadata were there: the ability to collect the metadata and awareness that one of the people was someone of concern. The terrorists may have used encryption and therefore made it more difficult for authorities to get to the content of their Internet communications (though at this point, any iPhone encryption would only now be stalling investigators). But their metadata should still have been available. There?s no good way to hide metadata, which is why authorities find metadata dragnets so useful. French authorities knew of at least one of these guys, and therefore would have been able to track his communication metadata, and both the Five Eyes and France have metadata dragnets restricted only by technology, and therefore might have been able to ID the network that carried out this attack. Stewart Baker claims that Section 215 was designed to detect a plot like this. But the metadata dragnet covering France and the Middle East is even more comprehensive than Section 215 ever was. And it didn?t detect the attack (it also didn?t detect the Mumbai plot, even though ? or likely because ? one of our own informants was a key player in it). So rather than be a great argument for why we need to keep a dragnet that has never once prevented an attack in the US, Baker?s quip is actually proof that the dragnets don?t work as promised. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 16 18:57:18 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Nov 2015 19:57:18 -0500 Subject: [Infowarrior] - After Paris attacks, the CIA Director is pushing for encryption backdoors. Here's what he gets wrong. Message-ID: After Paris attacks, the CIA Director is pushing for encryption backdoors. Here's what he gets wrong. Author: Kim Zetter http://www.wired.com/2015/11/paris-attacks-cia-director-john-brennan-what-he-gets-wrong-about-encryption-backdoors/ It?s not surprising that in the wake of the Paris terrorist attacks last Friday, US government officials would renew their assault on encryption and revive their efforts to force companies to install backdoors in secure products and encryption software. Just last month, the government seemed to concede that forced decryption wasn?t the way to go for now, primarily because the public wasn?t convinced yet that encryption is a problem. But US officials had also noted that something could happen to suddenly sway the public in their favor. Robert S. Litt, general counsel in the Office of the Director of National Intelligence, predicted as much in an email sent to colleagues three months ago. In that missive obtained by the Washington Post, Litt argued that although ?the legislative environment is very hostile today, it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.? With more than 120 people killed in Paris, government officials are already touting the City of Light as the case against encryption. In the story about that email, another US official explained to the Post that the government had not yet succeeded in persuading the public that encryption is a problem because ?[w]e do not have the perfect example where you have the dead child or a terrorist act to point to, and that?s what people seem to claim you have to have.? With more than 120 people killed last week in Paris and dozens more seriously wounded, government officials are already touting the City of Light as that case. CIA deputy director Michael Morell said as much on CBS This Morning, suggesting that recalcitrant US companies and NSA whistleblower Edward Snowden are to blame for the attacks. ?We don?t know yet, but I think what we?re going to learn is that [the attackers] used these encrypted apps, right?,? he said on the show Monday morning. ?Commercial encryption, which is very difficult, if not impossible, for governments to break. The producers of this encryption do not produce the key, right, for either them to open this stuff up or for them to give to governments to open this stuff up. This is the result of Edward Snowden and the public debate. I now think we?re going to have another public debate about encryption, and whether government should have the keys, and I think the result may be different this time as a result of what?s happened in Paris.? CIA Director John Brennan said something similar at a security forum this morning (.pdf). ?There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it,? he said. ?And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve?. And I do hope that this is going to be a wake-up call.? 'Intel agencies are drowning in data... It's not about having enough data; it's a matter of not knowing what to do with the data they already have.' EFF Attorney Nate Cardozo No solid information has come out publicly yet about what communication methods the attackers used to plot their assault. On Sunday, the New York Times published a story stating that the Paris attackers ?are believed to have communicated [with ISIS] using encryption technology.? The paper?s sources were unnamed European officials briefed on the investigation. It was not clear, however, ?whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate,? the paper noted. Twitter users harshly criticized the Times story, and it has since disappeared from the site (though it is archived) and the URL now points to a different story, with no mention of encryption. A Yahoo news story on Saturday added to the theme, declaring that the Paris attacks show that US surveillance of ISIS is going dark. ?Over the past year, current and former intelligence officials tell Yahoo News, IS terror suspects have moved to increasingly sophisticated methods of encrypted communications, using new software such as Tor, that intelligence agencies are having difficulty penetrating?a switch that some officials say was accelerated by the disclosures of former NSA contractor Edward Snowden.? Numerous other news stories have suggested that attackers like the ones who struck Paris may be using something other than WhatsApp. According to the Daily Mail and others, authorities in Belgium, where some of the attackers were based, have found evidence that jihadis there have been using the PlayStation 4 network to recruit and plan attacks. A source told the paper that they are using it because ?Playstation 4 is even more difficult to monitor than WhatsApp.? The sources didn?t indicate if they were speaking specifically about the Paris attackers or about other jihadis in that country. But the fallacy of these statements has already been pointed out in other stories noting that communication passing through the PlayStation network is not encrypted end-to-end, and Sony can certainly monitor communications passing through its network, making it even less secure than WhatsApp. US Law enforcement and intelligence agencies have been warning for years that their inability to decrypt communication passing between phones and computers?even when they have a warrant or other legal authority to access the communication?has left them in the dark about what terrorists are planning. But there are several holes in the argument that forcing backdoors on companies will make us all more secure. While doing this would no doubt make things easier for the intelligence and law enforcement communities, it would come at a grave societal cost?and a different security cost?and still fail to solve some of the problems intelligence agencies say they face with surveillance. 1. Backdoors Won?t Combat Home-Brewed Encryption. Forcing US companies and makers of encryption software to install backdoors and hand over encryption keys to the government would not solve the problem of terrorist suspects? products that are made in countries not controlled by US laws. ?There?s no way of preventing a terrorist from installing a Russian [encryption] app or a Brasilian app,? notes Nate Cardozo, staff attorney for the Electronic Frontier Foundation. ?The US or UK government could mandate [backdoors], but Open Whisper Systems is not going to put in a backdoor in their product period and neither is PGP. So as soon as a terrorist is sophisticated enough to know how to install that, any backdoor is going to be defeated.? Such backdoors also will be useless if terrorist suspects create their own encryption apps. According to the security firm Recorded Future, after the Snowden leaks, its analysts ?observed an increased pace of innovation, specifically new competing jihadist platforms and three major new encryption tools from three different organizations?GIMF, Al-Fajr Technical Committee, and ISIS.? Encryption backdoors and keys also don?t help when terrorists stop using digital communications entirely. A 2011 AP story indicated that al-Qaida had long ago ditched cell phones and internet-connected computers in favor of walkie talkies and couriers. News reports about the Paris attacks have indicated that some of the perpetrators lived in the same town in Belgium?which would have made it very easy to coordinate their attack in person, without the need for digital communication. 2. Other Ways to Get Information. The arguments for backdoors and forced decryption often fail to note the many other methods law enforcement and intelligence agencies can use to get the information they need. To bypass and undermine encryption, intelligence agencies can hack the computers and mobile phones of known targets to either obtain their private encryption keys or obtain email and text communications before they?re encrypted and after they?re decrypted on the target?s computer. In the case of seized devices that are locked with a password or encryption key, these devices have a number of security holes that give authorities different options for gaining access, as WIRED previously reported. A story this week pointed to vulnerabilities in BitLocker that would make it fairly easy to bypass the Windows encryption tool. And the leaks of Edward Snowden that the NSA and British intelligence agencies have a constantly evolving set of tools and methods for obtaining information from hard-to-reach systems. ?We?re still living in an absolute Golden Age of surveillance,? says Cardozo. ?And there is always a way of getting the data that is needed for intelligence purposes.? 3. Encryption Doesn?t Obscure Metadata. Encryption doesn?t prevent surveillance agencies from intercepting metadata and knowing who is communicating with whom. Metadata can reveal phone numbers and IP addresses that are communicating with one another, the date and time of communication and even in some cases the location of the people communicating. Such data can be scooped up in mass quantities through signals intelligence or by tapping undersea cables. Metadata can be extremely powerful in establishing connections, identities and locating people. ?[CIA] Director Brennan gleefully told us earlier this year that they kill people based on metadata,? Cardozo says. ?Metadata is enough for them to target drone strikes. And that?s pretty much the most serious thing we could possibly do with surveillance.? Some metadata is encrypted?for example, the IP addresses of people who use Tor. But recent stories have shown that this protection is not foolproof. Authorities have exploited vulnerabilities in Tor to identify and locate suspects. ?Tor can make the ?where? a little more difficult, but doesn?t make it impossible [to locate someone],? Cardozo says. ?And Tor is a lot harder [for suspects]to use than your average encrypted messaging tool.? 4. Backdoors Make Everyone Vulnerable. As security experts have long pointed out, backdoors and encryption keys held by a service provider or law enforcement agencies don?t just make terrorists and criminals open to surveillance from Western authorities with authorization?they make everyone vulnerable to the same type of surveillance from unauthorized entities, such as everyday hackers and spy agencies from Russia, China, and other countries. This means federal lawmakers on Capitol Hill and other government workers who use commercial encryption would be vulnerable as well. The National Security Council, in a draft paper about encryption backdoors obtained by the Post earlier this year, noted the societal tradeoffs in forcing companies to install backdoors in their products. ?Overall, the benefits to privacy, civil liberties and cybersecurity gained from encryption outweigh the broader risks that would have been created by weakening encryption,? the paper stated. If all of these aren?t reason enough to question the attacks on encryption, there is another reason. Over and over again, analysis of terrorist attacks after the fact has shown that the problem in tracking the perpetrators in advance was usually not that authorities didn?t have the technical means to identify suspects and monitor their communications. Often the problem was that they had failed to focus on the right individuals or share information in a timely manner with the proper intelligence partners. Turkish authorities have already revealed that they had contacted French authorities twice to warn them about one of the attackers, but that French authorities never got back to them until after the massacre in Paris on Friday. Officials in France indicated that they had thwarted at least six other attack plots in recent months, but that the sheer number of suspects makes it difficult to track everyone. French intelligence maintains a database of suspected individuals that currently has more than 11,000 names on it, but tracking individuals and analyzing data in a timely manner to uncover who poses the greatest threat is more than the security services can manage, experts there have said. It?s a familiar refrain that seems to come up after every terrorist attack. ?If Snowden has taught us anything, it?s that the intel agencies are drowning in data,? Cardozo says. ?They have this ?collect it all mentality? and that has led to a ridiculous amount of data in their possession. It?s not about having enough data; it?s a matter of not knowing what to do with the data they already have. That?s been true since before 9/11, and it?s even more true now.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 17 07:03:25 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Nov 2015 08:03:25 -0500 Subject: [Infowarrior] - Cameron advocates fast-tracking of controversial net legislation after Paris attacks Message-ID: <0544D24D-A191-4807-B362-36BFBF11BE1F@infowarrior.org> Cameron advocates fast-tracking of controversial net legislation after Paris attacks Martin Anderson Mon 16 Nov 2015 3.10pm https://thestack.com/security/2015/11/16/cameron-draft-investigatory-powers-bill-timetable-paris/ In the wake of Friday?s attacks in Paris, UK prime minister David Cameron has added his support to the idea of fast-tracking approval for the controversial Draft Investigatory Powers Bill, stating in regards to the parliamentary procedure for the bill?s approval: ?I think we should look at the timetable?. The prime minister was speaking on Radio 4?s Today programme, and his comment supports the views of ex-terror legislation watchdog Lord Carlile, who was most vocal over the weekend that DIPA should not be held back by excessive misgivings about loss of privacy or the extent of the ability of the state to spy on private individuals. Speaking to Sky News and writing in the Daily Mail, Carlile ? who was the UK?s Independent Reviewer of Terrorism Legislation between 2001-2011 ? implicitly criticised the acts of ex-NSA whistleblower Edward Snowden, saying that the disclosures had ?shown terrorists ways to hide their electronic footprints?, and advocated the ratification of DIPA not by the end of 2016 as projected, but by the end of the year. Carlile wrote: ?These are extraordinary times. The threat from terrorist attacks emanating from Syria is the highest it has ever been, and we cannot wait for another horrific murder like that of Drummer Lee Rigby before we act.? Today David Cameron also opined ?We do need to take parliament and people with us. And remember this is about maintaining our capabilities and putting everything on a very clear statutory footing.? The prime minister?s announcement, post-Paris, that GCHQ would be adding 1,900 staff to GCHQ seems to have been opportunistic timing, since the additional resources were allocated prior to Friday?s events. Comment There is a cynical logic to capitalising on public terror before reason re-triumphs over passion, outrage and natural human sympathies; but in this instance Cameron and Carlile separately offer up the figure of the most undisciplined of the Christmas morning kids, tearing open the presents at 2am because dawn is just too long to wait. If true character manifests as the way we behave under pressure, then no news, tragic or otherwise, obviates the need for the UK to show character and look intelligently ? and with great assiduity and circumspection ? at the new deal which it intends to strike between government and governed. Since Friday night half of Facebook has been alight with sympathy for people made victims of political circumstances unconnected to them; the other half was speculating, from the first minutes of news of the Paris attacks, how long it would be before something tragic was once again made an excuse for something terrible. If anything the Paris attacks ? and any further attacks that may come in the period before Christmas, before the world scatters so thinly as to represent too few distinct single targets ? should be cause for an even more exacting look at the Draft Investigatory Powers Bill. Because if we?re not thinking straight due to the force of recent events, we are obviously not ready to consider such serious matters at the moment. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 17 07:04:01 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Nov 2015 08:04:01 -0500 Subject: [Infowarrior] - After Paris, Encryption Will Be a Key Issue in the 2016 Race Message-ID: <5BE84EE1-F017-491C-851D-4E8C9EB0F0E2@infowarrior.org> After Paris, Encryption Will Be a Key Issue in the 2016 Race Author: Issie Lapowsky. http://www.wired.com/2015/11/after-paris-encryption-will-be-a-key-issue-in-the-2016-race/ When the Democratic presidential contenders gathered on the debate stage in Des Moines, Iowa, on Saturday, just hours after a series of terrorist attacks in Paris left at least 129 people dead, the candidates spent the early portion of their time on stage examining issues related to national security. They spoke of boots on the ground, regime changes, what role the United States ought to play in the fight against ISIS, and whether or not they use the term ?radical Islam.? But curiously, throughout the lengthy discussion, the one issue that was never mentioned?not once?was encryption. That?s lucky, at least for the candidates. As the world continues to reel from the Paris attacks, the debate over whether tech companies like Apple and Google are allowed to fully encrypt users? communications will, no doubt, become one of the central dramas of the national security conversation going into the 2016 presidential race. It may also be among the toughest issues for the candidates, especially Democrats, to navigate. Encryption may be among the toughest issues for the candidates, especially Democrats, to navigate. Just yesterday, CIA director John Brennan said that he hoped the Paris attacks would serve as ?a wakeup call? to those who oppose government surveillance in favor of personal privacy. ?There are a lot of technological capabilities that are available right now that make it exceptionally difficult both technically as well as legally for intelligence security services to have insight that they need to uncover it,? he said, adding that terrorists have ?gone to school? to figure out ways to evade intelligence officials. Brennan attributed that fact, in part, to Edward Snowden?s disclosures of the National Security Agency?s bulk data collection programs, saying they tipped would-be terrorists off to surveillance tactics. ?In the past several years, because of a number of unauthorized disclosures and a lot of hand-wringing over the government?s role in the effort to try to uncover these terrorists,? he said, ?there have been some policy and legal and other actions that make our ability, collectively, internationally, to find these terrorists much more challenging.? This, of course, is not the first time we?ve heard these concerns from government officials. Just a day before the Paris attacks, the NSA?s former general counsel, Matt Olsen, told an audience gathered in Des Moines that after Snowden came forward, the agency ?lost track of terrorists.? Meanwhile, FBI director James Comey has been an outspoken critic of encryption, arguing that it enables criminals to ?go dark.? Whether encryption is really the security risk the government makes it out to be, of course, is still up for debate. We at WIRED have debated it plenty. Now it?s time for the presidential candidates to do the same. Democrats? Conundrum Until now, the Democratic candidates in particular have been light on detail about where they stand on encryption and surveillance. This reticence stands to reason. By aligning themselves too closely with Washington?s intelligence community, they could alienate their Silicon Valley base, which is increasingly powerful in politics. But if they cater too much to the interests of tech companies such as Apple and Google, they could lose favor among voters who increasingly see national security as the country?s most pressing issue. Former Secretary of State Hillary Clinton has walked an uneasy line on the subject of surveillance in the past. On one hand, she was a supporter of the controversial PATRIOT Act as a senator back in 2001, a decision that?s been widely criticized by Bernie Sanders? camp. This summer, she also said that cybersecurity legislation such as the Cybersecurity Information Sharing Act, or CISA, which is already highly unpopular among privacy advocates, doesn?t go far enough in encouraging tech companies to share information with the US government. And during the first debate, she said Snowden ?stole very important information that has unfortunately fallen into a lot of the wrong hands,? and that he shouldn?t return home ?without facing the music.? 'I think there are really strong, legitimate arguments on both sides.' Hillary Clinton At the same time, however, she has endorsed the USA Freedom Act, which would end the NSA?s bulk data collection program, calling it ?a good step forward in ongoing efforts to protect our security and civil liberties.? And at a conference earlier this year, Clinton told Re/Code?s Kara Swisher that encryption is ?a classic hard choice,? but she hedged before offering up her plan for what to do about it. ?I would be the first to say I don?t have the answer,? she said. ?I think there are really strong, legitimate arguments on both sides.? Vermont Senator Bernie Sanders, on the other hand, has been far more outspoken in his opposition of government surveillance. He received a round of applause at the first Democratic debate for voting against the PATRIOT Act and has said that, as president, he would shut down the NSA?s surveillance program altogether. But national security is considered Sanders? major weak spot. Even those who support his stance on inequality sometimes question his ability as commander-in-chief. The more fearful Americans become of the threat ISIS poses, the weaker Sanders? stance on surveillance may appear to the electorate beyond Sanders? base. After all, a recent poll showed that 56 percent of voters said they would give the government access to some personal data if it meant protecting the country from a terrorist attack. Keeping Both Sides Happy On the other side of the aisle, candidates like Jeb Bush, Marco Rubio, Carly Fiorina, Donald Trump, and Chris Christie have all spoken out against encryption and the need for government surveillance. The one notable exception, of course, is Kentucky Sen. Rand Paul, who said at a conference last week that he believes governments should require warrants to access people?s communications. Still, that policy doesn?t apply to companies like Apple, which promises users that their data is encrypted so that it can?t be accessed even with a warrant. The battle over how to balance security and privacy, of course, is nothing new in politics. Just last month, the Obama administration backed away from legislation that would have forced tech companies to decrypt messages for law enforcement. The move was seen as a win for technologists and privacy advocates alike. Those same advocates are now hoping that fear won?t cause politicians to resume the fight against encryption. ?The Paris attacks are absolutely tragic, but the response must not be to undermine cybersecurity for digital services on which many millions of people depend,? said Harley Geiger, senior counsel and advocacy director for the Center for Democracy & Technology. ?Weakening encryption will also not prevent organized groups from using strong encryption. Difficult-to-crack encryption and apps will continue to be available on the Internet, even if governments seek to ban them.? And yet, as calls for stronger national security spread post-Paris, candidates that support encryption may face added pressures from both the public and their Republican opponents to reevaluate?or at the least, delineate?where they stand on encryption. And when they do, they may find it?s not so easy to keep both sides happy. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 17 09:44:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Nov 2015 10:44:10 -0500 Subject: [Infowarrior] - Blaming cryptography (and Snowden) again Message-ID: Blaming cryptography (and Snowden) again By Richard Forno on November 17, 2015 at 7:16 am https://cyberlaw.stanford.edu/blog/2015/11/blaming-cryptography-again -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 17 09:48:10 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Nov 2015 10:48:10 -0500 Subject: [Infowarrior] - NYT Quietly Pulls Article Blaming Encryption in Paris Attacks Message-ID: NYT Quietly Pulls Article Blaming Encryption in Paris Attacks Posted to Technology November 16, 2015 by Giuseppe Macri http://www.insidesources.com/new-york-times-article-blaming-encryption-paris-attacks/ Questions about how the terrorists behind Friday?s attacks in Paris managed to evade electronic surveillance have fueled worrisome speculation in Europe and in the U.S. from intelligence experts, lawmakers and the press ? including the New York Times, which on Sunday quietly pulled from its website a story alleging the attackers used encrypted technology. On Sunday, the Times published a story citing unidentified ?European officials? who told the outlet the attackers coordinated their assault on the French capital via unspecified ?encryption technology.? ?The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly,? the article, which has since been removed, stated. ?It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption.? A link to the NYT article now redirects readers to a separate, general article on the attacks, which does not contain the word ?encrypt.? The original piece can be found on the Internet Archive. The Times later posted a second article citing an anonymous ?European counterterrorism official? who was quoted saying authorities? ?working assumption is that these guys were very security aware,? but clarified officials ?offered no evidence.? ?European officials said they believed the Paris attackers had used some kind of encrypted communication, but offered no evidence,? the article reads. ??The working assumption is that these guys were very security aware, and they assumed they would be under some level of observation, and acted accordingly,? said a senior European counterterrorism official who spoke on the condition of anonymity to discuss confidential information.? The Islamic State, or ISIS, the terror group that has seized control of parts of northern Syria and western Iraq, claimed responsibility for the attack that claimed 129 lives. The New York newspaper of record was far from the only source to allege the attackers relied on encryption early on. Politico published a story Sunday quoting Belgium Interior Minister Jan Jambon naming PlayStation 4 as a difficult communication platform to ?decrypt.? French authorities said they confiscated at least one of the video game consoles from one attacker?s belongings. ??The most difficult communication between these terrorists is via PlayStation 4,? the minister said, three days before the terrorist attacks in Paris. ?It?s very, very difficult for our services ? not only Belgian services but international services ? to decrypt the communication that is done via PlayStation 4.'? ?It?s unclear if the suspects in the attacks used PlayStation as a means of communication,? the article continues. ?But the sophistication of the attacks raises questions about the ability of law enforcement to detect plots as extremists use new and different forms of technology to elude investigators.? Forbes posted a similar article Saturday explaining the PlayStation platform isn?t necessarily encrypting would-be terrorists communications, but rather makes it difficult for authorities to surveil certain in-game methods of communication, such as chats via headset in private game sessions or writing messages via in-game functions, like spelling words with dropped items or shooting walls. ?While it remains unclear whether the Paris ISIS terrorists employed PS4 to communicate, there are a few options, from sending messages through the PlayStation Network (PSN) online gaming service and voice-chatting to even communicating through a specific game,? the article reads. Sony did not respond to a request for comment on what, if any, forms of encryption it implements over gamers? communications, or if it has an infrastructure in place for monitoring the content of those communications and facilitating government surveillance requests. ?Documents leaked by Edward Snowden in 2013 revealed that the NSA and CIA actually embedded themselves in games like World of Warcraft to infiltrate virtual terrorist meet-ups,? the Forbes piece added. Blaming Snowden for supposedly alerting extremists to the fact that they?re being surveiled emerged just as quickly, with former George W. Bush press secretary and current Fox News commentator Dana Perino tweeting ?F Snowden. F him to you know where and back? Friday night. Seemingly in reference to the forthcoming Oliver Stone film about Snowden starring Joseph Gordon-Levitt, Perino?s Fox News colleague Greg Gutfeld tweeted, ?if the attack was aided through ?whistleblowers? leaking what the NSA cannot penetrate, will that be part of the movie?? The topic of criminals and terrorists ?going dark,? or using encrypted online communications platforms ? which often times companies on the scale of Apple can?t unlock without a users? password ? has been popular on Capitol Hill in the last year. Law enforcement and intelligence agency heads, including FBI Director James Comey and NSA Director Mike Rogers, have repeatedly warned legislators they?re facing an increasing intelligence gap in the ?dark space? ? a direct result, they argue, of Internet service providers refusing to work with authorities on a ?back door? for agencies to surveil encrypted communications. RELATED: Comey on Encryption and Criminals ?Going Dark?: ?We?re Not Making it Up? Though the White House backed away from that position earlier this fall, Robert Litt, a lawyer in the Office of the Director of National Intelligence, wrote in an August email obtained by the Washington Post that the pro-encryption tide ?could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.? Over the weekend former agency officials, including ex-NSA and CIA head Michael Hayden, agreed. ?We spent the last two-and-a-half years withdrawing from collection activities that even this president, President Obama?was comfortable with and we?ve pulled back,? Hayden told CBS. ?I think the events in Paris are going to give a better balance now to the kinds of discussions we need to have.? Former CIA Deputy Director Michael Morell said he suspects the Paris attacks will weigh heavily on the encryption fight ongoing. ?I think what we?re going to learn is that these guys are communicating via these encrypted apps, the commercial encryption, which is very difficult, if not impossible, for governments to break, and the producers of which don?t produce the keys necessary for law enforcement to read the encrypted messages,? Morell said on CBS? ?Face the Nation? Sunday. ?We need to have a public debate about this,? he continued. ?We have in a sense had a public debate ? that debate was defined by Edward Snowden, and the concern about privacy. I think we?re now going to have another debate about that ? it?s going to be defined by what happened in Paris.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 17 15:14:13 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Nov 2015 16:14:13 -0500 Subject: [Infowarrior] - Daesh wants to kill via cyber, says UK chancellor Message-ID: <4A540713-2775-465B-A0F9-4CAAC2B89E27@infowarrior.org> I'm sure they're also hoping someone builds a Death Star so they can use that capability, too. Talk about kneejerk sensational evidence-free posturing by a politician to push his own agenda. --rick Islamic State militants will aim to kill via cyberattacks, says UK chancellor November 17, 201511:05 AM PST The terrorist threat posed by Islamic State militants will eventually lead to cyberattacks intended to "kill people" by fracturing critical national infrastructure, British Chancellor George Osborne said Tuesday. "They do not yet have that capability," Osborne said in a speech to UK intelligence agency GCHQ. "But we know they want it, and are doing their best to build it." < - > http://www.cnet.com/news/islamic-state-militants-will-aim-to-kill-with-cyberattacks-says-uk-chancellor/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 17 18:10:43 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Nov 2015 19:10:43 -0500 Subject: [Infowarrior] - Data center fire kills Internet in Azerbaijan Message-ID: Data center fire kills Internet in Azerbaijan 17 November 2015 By Max Smolaks http://www.datacenterdynamics.com/critical-environment/data-center-fire-kills-internet-in-azerbaijan/95227.article Almost the entire population of Azerbaijan lost Internet connectivity on Monday, after a fire broke out at a telecommunications facility owned by Delta Telecom. According to network performance specialist Dyn, the outage affected services provided by NTT, Telecom Italia, Telia, Level 3, Rostelecom and Transtelecom, as well as mobile network operator Azercell. The only way to access Internet services for nearly eight hours was through local mobile operators Backcell and Azerfon. A single point of failure Azerbaijan is a former Soviet republic that has seen rapid development thanks to its rich oil and gas reserves. The country has been running several projects aimed at modernizing its communications infrastructure, including participation in Trans-Eurasian Information Highway (TASIM). At about 16:10 on Monday, consumers, businesses and government agencies across Azerbaijan suddenly lost their connections to the Internet. Banks couldn?t make domestic money transfers, and even Point-of-Sale terminals were not working. Turns out the outage was caused by a fire at a Delta Telecom data center in the capital Baku. Delta Telecom is the primary network provider in Azerbaijan, responsible for around 90 percent of Internet traffic, and a major player in the Caucasus region. According to a statement from Delta, some cables in an old data center caught fire. Firefighters and emergency services had to be involved, and the service was only restored by 23:30, after traffic was rerouted to another facility. However, the Internet was still reported to be unreliable in some parts of the country. Interestingly, no international traffic flowing though Azerbaijan was affected by the outage. ?Transmission channels to Georgia, Iran, and the Middle East were working at full capacity,? Iltimas Mammadov, the minister of communications, told AzerNews. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 18 09:04:21 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Nov 2015 10:04:21 -0500 Subject: [Infowarrior] - =?utf-8?q?Mass_Surveillance_Isn=E2=80=99t_the_Ans?= =?utf-8?q?wer_to_Fighting_Terrorism?= Message-ID: Mass Surveillance Isn?t the Answer to Fighting Terrorism The Editorial Board http://www.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.html?_r=0 It?s a wretched yet predictable ritual after each new terrorist attack: Certain politicians and government officials waste no time exploiting the tragedy for their own ends. The remarks on Monday by John Brennan, the director of the Central Intelligence Agency, took that to a new and disgraceful low. Speaking less than three days after coordinated terrorist attacks in Paris killed 129 and injured hundreds more, Mr. Brennan complained about ?a lot of hand-wringing over the government?s role in the effort to try to uncover these terrorists.? What he calls ?hand-wringing? was the sustained national outrage following the 2013 revelations by Edward Snowden, a former National Security Agency contractor, that the agency was using provisions of the Patriot Act to secretly collect information on millions of Americans? phone records. In June, President Obama signed the USA Freedom Act, which ends bulk collection of domestic phone data by the government (but not the collection of other data, like emails and the content of Americans? international phone calls) and requires the secretive Foreign Intelligence Surveillance Court to make its most significant rulings available to the public. John Brennan, the director of the C.I.A. Win Mcnamee/Getty Images These reforms are only a modest improvement on the Patriot Act, but the intelligence community saw them as a grave impediment to antiterror efforts. In his comments Monday, Mr. Brennan called the attacks in Paris a ?wake-up call,? and claimed that recent ?policy and legal? actions ?make our ability collectively, internationally, to find these terrorists much more challenging.? It is hard to believe anything Mr. Brennan says. Last year, he bluntly denied that the C.I.A. had illegally hacked into the computers of Senate staff members conducting an investigation into the agency?s detention and torture programs when, in fact, it did. In 2011, when he was President Obama?s top counterterrorism adviser, he claimed that American drone strikes had not killed any civilians, despite clear evidence that they had. And his boss, James Clapper Jr., the director of national intelligence, has admitted lying to the Senate on the N.S.A.?s bulk collection of data. Even putting this lack of credibility aside, it?s not clear what extra powers Mr. Brennan is seeking. Most of the men who carried out the Paris attacks were already on the radar of intelligence officials in France and Belgium, where several of the attackers lived only hundreds of yards from the main police station, in a neighborhood known as a haven for extremists. As one French counterterrorism expert and former defense official said, this shows that ?our intelligence is actually pretty good, but our ability to act on it is limited by the sheer numbers.? In other words, the problem in this case was not a lack of data, but a failure to act on information authorities already had. In fact, indiscriminate bulk data sweeps have not been useful. In the more than two years since the N.S.A.?s data collection programs became known to the public, the intelligence community has failed to show that the phone program has thwarted a terrorist attack. Yet for years intelligence officials and members of Congress repeatedly misled the public by claiming that it was effective. The intelligence agencies? inability to tell the truth about surveillance practices is just one part of the problem. The bigger issue is their willingness to circumvent the laws, however they are written. The Snowden revelations laid bare how easy it is to abuse national-security powers, which are vaguely defined and generally exercised in secret. Listening to Mr. Brennan and other officials, like James Comey, the head of the Federal Bureau of Investigation, one might believe that the government has been rendered helpless to defend Americans against the threat of future terror attacks. Mr. Comey, for example, has said technology companies like Apple and Google should make it possible for law enforcement to decode encrypted messages the companies? customers send and receive. But requiring that companies build such back doors into their devices and software could make those systems much more vulnerable to hacking by criminals and spies. Technology experts say that government could just as easily establish links between suspects, without the use of back doors, by examining who they call or message, how often and for how long. In truth, intelligence authorities are still able to do most of what they did before ? only now with a little more oversight by the courts and the public. There is no dispute that they and law enforcement agencies should have the necessary powers to detect and stop attacks before they happen. But that does not mean unquestioning acceptance of ineffective and very likely unconstitutional tactics that reduce civil liberties without making the public safer. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 18 11:11:36 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Nov 2015 12:11:36 -0500 Subject: [Infowarrior] - McCain Promises To Introduce Legislation To Backdoor Encryption Message-ID: <5C176C8F-A77C-4AB1-A156-85CA027C7726@infowarrior.org> Senator McCain Promises To Introduce Legislation To Backdoor Encryption, Make Everyone Less Safe https://www.techdirt.com/articles/20151118/06064032849/senator-mccain-promises-to-introduce-legislation-to-backdoor-encryption-make-everyone-less-safe.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 18 13:27:45 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Nov 2015 14:27:45 -0500 Subject: [Infowarrior] - Senator Cotton Introduces Bill To Extend Unconstitutional NSA Surveillance Message-ID: The political lunacy is in full-swing this week..... Senator Cotton Introduces Bill To Extend Unconstitutional NSA Surveillance https://www.techdirt.com/articles/20151118/06514832851/senator-cotton-introduces-bill-to-extend-unconstitutional-nsa-surveillance.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 18 13:36:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Nov 2015 14:36:53 -0500 Subject: [Infowarrior] - And in related security irony.... Message-ID: <6808D063-A80E-409A-8CFB-394563A81E40@infowarrior.org> (h/t several people) ...., this is hot off the press from the Manhattan DA's Office. It's proposed solution? ?Congress should enact a statute that requires any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant.? REPORT OF THE MANHATTAN DISTRICT ATTORNEY?S OFFICE ON SMARTPHONE ENCRYPTION AND PUBLIC SAFETY November 2015 http://manhattanda.org/sites/default/files/11.18.15%20Report%20on%20Smartphone%20Encryption%20and%20Public%20Safety.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 18 15:01:59 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Nov 2015 16:01:59 -0500 Subject: [Infowarrior] - But this doesn't fit 'our' narrative.... Message-ID: Signs Point to *Unencrypted* Communications Between Terror Suspects Dan Froomkin Nov. 18 2015, 11:32 a.m. https://theintercept.com/2015/11/18/signs-point-to-unencrypted-communications-between-terror-suspects/ In the wake of the Paris attack, intelligence officials and sympathizers upset by the Edward Snowden leaks and the spread of encrypted communications have tried to blame Snowden for the terrorists? ability to keep their plans secret from law enforcement. Yet news emerging from Paris ? as well as evidence from a Belgian ISIS raid in January ? suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted. European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying ?we?re off; we?re starting.? Police were also able to trace the phone?s movements. The Telegraph reported that ?eyewitness accounts and surveillance of mobile telephone traffic? suggested that Abdelhamid Abaaoud, the suspected strategist of both the Paris attack and one that was foiled in Belgium, was staying at the safe house. Details about the major ISIS terror plot averted 10 months ago in Belgium also indicate that while Abaaoud previously attempted to avoid government surveillance, he did not use encryption. A prescient bulletin sent out in May by the Department of Homeland Security assessed ?that the plot disrupted by Belgian authorities in January 2015 is the first instance in which a large group of terrorists possibly operating under ISIL direction has been discovered and may indicate the group has developed the capability to launch more complex operations in the West.? Abaaoud?s planned operation in Belgium was blown when authorities, who had been closely surveilling his three accomplices, stormed their safe house in the city of Verviers after determining that they were planning a major attack ? very much like the one that took place in Paris on Friday. A pitched firefight between Belgian commandos and the ISIS veterans firing Kalashnikov rifles and lobbing grenades ended with two suspects dead and a third captured. Belgian investigators concluded that Abaaoud directed the foiled operation there by cellphone from Greece ? and that despite his attempts to avoid surveillance, his communications were in fact intercepted. Just a few days after the raid, Belgian news website RTL Info ran a whole article titled ?What the Terrorist Suspects under Surveillance Were Saying.? It described surveillance over several months, through wiretaps and listening devices placed in the suspects? car and their apartment. Screen grab of Abdelhamid Abaaoud wearing a GoPro camera. Photo: RTBF video Some of the telephone conversations that were intercepted used code or obscure Morroccan dialects. Ironically, the suspects were overheard discussing the need to frequently swap out their cellphones. Abaaoud has a brilliant history of avoiding capture ? in fact, in an interview with ISIS? Dabiq magazine he bragged that his ?name and picture were all over the news yet I was able to stay in their homeland, plan operations against them, and leave safely when doing so became necessary.? But when it comes to defeating electronic surveillance, there?s good reason to question his tradecraft. After all, he wore a video camera on his head (what is that, a GoPro 3?) And he lost a cellphone in Syria that was full of unencrypted pictures and videos. A journalist, Etienne Huver, obtained the phone from sources in a Syrian refugee camp last year. His report for RTBF Belgian television, about the contents of the phone of the most wanted man in Europe included footage of Abaaoud clowning around, posing with a rifle, and driving a car dragging the corpses of Free Syrian Army fighters. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Nov 19 14:05:25 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Nov 2015 15:05:25 -0500 Subject: [Infowarrior] - The sad truth behind Ted Koppel's cyberwar book Message-ID: <3C57FC1F-65F6-4629-8028-10F01E93CF30@infowarrior.org> (x-posted) Ted Koppel Writes Entire Book About How Hackers Will Take Down Our Electric Grid... And Never Spoke To Any Experts https://www.techdirt.com/articles/20151117/07350332835/ted-koppel-writes-entire-book-about-how-hackers-will-take-down-our-electric-grid-never-spoke-to-any-experts.shtml < - > The book also has quotes ("blurbs" as they're called) from lots of famous people -- nearly all of whom are also famous TV news talking heads or DC insiders who have a long history of hyping up "cyber" threats. But what's not on the list? Anyone with any actual knowledge or experience in actual computer security, especially as it pertains to electric grids. Want to know how useful the book actually is? All you really need to read is the following question and answer from an interview Koppel did with CSO Online: Did you interview penetration testers who have experience in the electric generation/transmission sector for this book? No, I did not. Also in that interview, Koppel admits that he hasn't heard anything from actual information security professionals (though he admits he may have missed it since he's been on the book tour). But, still, if you're writing an entire book with a premise based entirely on information security practices, you'd think that this would be the kind of thing you'd do before you write the book, rather than after it's been published. Instead, it appears that Koppel just spoke to DC insiders who have a rather long history of totally overhyping "cyberthreats" -- often for their own profits. In another interview, Koppel insists that he didn't want to be spreading rumors -- but doesn't explain why he didn't actually speak to any technical experts. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Nov 19 20:46:53 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Nov 2015 21:46:53 -0500 Subject: [Infowarrior] - =?utf-8?q?What=E2=80=99s_the_Evidence_Mass_Survei?= =?utf-8?q?llance_Works=3F_Not_Much?= Message-ID: <6B6DD846-7B54-4003-A07A-034B3E245E81@infowarrior.org> What?s the Evidence Mass Surveillance Works? Not Much Officials are again pointing to the need for mass surveillance to take down terrorists. Here?s what we know about how well it works. by Lauren Kirchner ProPublica, Nov. 18, 2015, 1:21 p.m. https://www.propublica.org/article/whats-the-evidence-mass-surveillance-works-not-much -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Nov 19 21:14:03 2015 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Nov 2015 22:14:03 -0500 Subject: [Infowarrior] - OT: Hillary Clinton's Aides Demand Comedy Club Remove Video Making Fun Of Her Message-ID: <6445CCA9-8F69-44B8-8FA2-EA55B7A3C90B@infowarrior.org> Hillary Clinton's Aides Demand Comedy Club Remove Video Making Fun Of Her http://www.zerohedge.com/news/2015-11-19/hillary-clintons-aides-demand-comedy-club-remove-video-making-fun-her < - > Let?s now make sure this video benefits from a huge Streisand effect. Should someone this thin-skinned, someone so weak she demands a safe space from humor, ever be considered for the Presidency? < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 20 07:49:30 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Nov 2015 08:49:30 -0500 Subject: [Infowarrior] - =?utf-8?q?YouTube_Pays_Users=E2=80=99_Legal_Bills?= =?utf-8?q?_to_Defend_Fair_Use?= Message-ID: <960C0B96-FDF0-4CA4-9C61-074697159F54@infowarrior.org> YouTube Pays Users? Legal Bills to Defend Fair Use ? By Andy ? on November 20, 2015 https://torrentfreak.com/youtube-pays-users-legal-bills-to-defend-fair-use-151120/ Google has strengthened its stance towards wrongful DMCA notices that serve to intimidate YouTube users. Drawing a symbolic line in the sand, Google says it will cover legal costs associated with defending four videos which all use copyrighted content but are protected under 'fair use' legislation, should they be targeted by rightsholders. According to Google more than half a million hours of video are uploaded to YouTube every day. Although with ContentID the company tries, determining the copyright status of every single minute is an almost impossible task. While identifying copyrighted movies, TV shows and music are all within the company?s abilities, when used in certain ways all of those things can be legally shown on YouTube, even without copyright holders? permission. Under U.S. law the concept is known as ?fair use? and it enables copyrighted material to be used for purposes including criticism, news reporting, teaching and research. However, some copyright holders like to contest the use of their content on YouTube no matter what the context, issuing DMCA takedown notices and landing YouTube users with a ?strike? against their account. YouTube has been criticized in the past for not doing enough to protect its users against wrongful claims but now the company appears to be drawing a line in the sand, albeit a limited one, in defense of those legally using copyrighted content in transformative ways. In a blog post Google?s Copyright Legal Director says that YouTube will showcase several user-created videos in its Copyright Center and cover all legal costs should rightsholders challenge how each uses copyrighted content. ?YouTube will now protect some of the best examples of fair use on YouTube by agreeing to defend them in court if necessary,? Fred von Lohmann said. ?We?re doing this because we recognize that creators can be intimidated by the DMCA?s counter notification process, and the potential for litigation that comes with it.? The first four titles showcased can be found here and each presents a classic demonstration of fair use. For example, the first uses game clips for the purposes of review, while the second offers a critique of third-party UFO videos. Google hopes that by standing behind videos such as these, YouTubers and those seeking to take down content will become educated on what is and isn?t appropriate when it comes to using other people?s copyrighted content. ?In addition to protecting the individual creator, this program could, over time, create a ?demo reel? that will help the YouTube community and copyright owners alike better understand what fair use looks like online and develop best practices as a community,? Google?s Copyright Legal Director adds. Perhaps needless to say, Google isn?t in a position to offer legal support to everyone uploading content to YouTube but it has pledged to ?resist legally unsupported DMCA takedowns? as part of its normal processes. ?We believe even the small number of videos we are able to protect will make a positive impact on the entire YouTube ecosystem, ensuring YouTube remains a place where creativity and expression can be rewarded,? Fred von Lohmann concludes. Of course, it?s unlikely that any video showcased by Google will experience any legal problems so the defense offer from the company is largely symbolic. However, the overall gesture indicates that the company is paying attention to the fair use debate and is prepared to help its users stand up for their rights. That will be gratefully received. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 20 07:55:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Nov 2015 08:55:44 -0500 Subject: [Infowarrior] - EU clamps down on bitcoin, because terror Message-ID: <5E37729E-9BF1-41C4-927F-C1C44B947928@infowarrior.org> (Was BC involved in any way shape or form w/the Paris events? Not that we know of, but since something MIGHT be connected to terrorism sometime somewhere, it must be banned or regulated, in the name of security. Logicfail. ---rick) EU clamps down on bitcoin, anonymous payments to curb terrorism funding http://www.reuters.com/article/2015/11/19/us-france-shoooting-eu-terrorism-funding-idUSKCN0T81BW20151119#lz6kk82FWUPlCWAw.97 BRUSSELS European Union countries plan a crackdown on virtual currencies and anonymous payments made online and via pre-paid cards in a bid to tackle terrorism financing after the Paris attacks, a draft document seen by Reuters said. EU interior and justice ministers will gather in Brussels on Friday for a crisis meeting called after the Paris carnage of last weekend. They will urge the European Commission, the EU executive arm, to propose measures to "strengthen controls of non-banking payment methods such as electronic/anonymous payments and virtual currencies and transfers of gold, precious metals, by pre-paid cards," draft conclusions of the meeting said. Bitcoin is the most common virtual currency and is used as a vehicle for moving money around the world quickly and anonymously via the web without the need for third-party verification. Electronic anonymous payments can be made also with pre-paid debit cards purchased in stores as gift cards. EU ministers also plan "to curb more effectively the illicit trade in cultural goods," the draft document said. (Reporting by Francesco Guarascio) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 20 08:20:05 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Nov 2015 09:20:05 -0500 Subject: [Infowarrior] - Yahoo restricting Mail accounts if it detects ad-blockers Message-ID: <3A33E6E3-D444-4B7C-8310-9B2B92E4E78C@infowarrior.org> Yahoo restricting Mail accounts if it detects ad-blockers http://www.engadget.com/2015/11/20/yahoo-ad-blocker-issue/ Yahoo is reportedly preventing some of its users with ad blockers installed on their computers from accessing their email accounts. Digiday has spotted a thread on the Adblock Plus forums with complaints from a couple of people who couldn't access Yahoo Mail on both Chrome and Firefox. One of them posted a screenshot of the message he got asking him to "disable Ad Blocker to continue using" the service, which you can see below the fold. If you take a close look at the URL, you'll see that it says "reason=ADBLK_TRAP." Even Andrei Herasimchuk -- Yahoo's former Senior Director of Product Design, who once helped revamp Mail itself, and Twitter's former Director of Design -- lamented on the microblogging website that he couldn't access his account. Digiday notes that it's becoming increasingly common for websites to lock out users if they don't disable their ad blockers, with The Washington Post being among the publications that enforced the rule in the past. We've reached out to Yahoo for clarification, and we'll update this post once we hear back. For now, if you're experiencing the same issue, you can try using other browsers or signing in on other devices. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Nov 20 09:40:58 2015 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Nov 2015 10:40:58 -0500 Subject: [Infowarrior] - Let's have an argument about encryption Message-ID: Let's have an argument about encryption by Violet Blue | @violetblue | 18 hours ago http://www.engadget.com/2015/11/19/lets-have-an-argument-about-encryption/ Government officials have been vexed for quite some time now that they can't surveil communications that use end-to-end encryption. Never mind that to crack encrypted platforms open for one spy would mean to open them up for all spies. Just being able to roll WhatsApp, Telegram and iMessage into the Pentagon's bulk surveillance programs is good enough for them, thanks. Worrying about what that might mean to the intelligence gathering capabilities of their adversaries is apparently "not in their department." After the devastating attacks in Paris last Friday, U.S. officials wasted no time in using fear to insist that messaging apps using end-to-end encryption be "backdoored" for surveillance access, and rolled into the Pentagon's bulk surveillance programs. The internet, rather than treating the officials like children who want to smash the family piggy bank to collect copper pennies, has decided to argue with them. Oh boy, you must be thinking, a giant public argument about encryption. I'm sure this will end well in the court of public opinion, especially at a time in our history when the fictional crimes and criminals on CSI: Cyber are cited as the foundation for "cyberpsychology" and securing its new role in criminal psychology. Actually, I can think of many ways in which it could end well. Except instead of having a serious debate about encrypted comms, and capitalizing on the critical opportunity to talk about how to prevent atrocities like those in Paris, we got served a slice of scare tactics with a side of tinfoil hat. The whole embarrassing sideshow kicked off Monday when U.S. officials hit the media circuit looking like Old Man Jenkins trying to scare the public with the boogeyman of encryption. (He'd be getting away with backdoors if it weren't for those pesky privacy kids.) Specifically, CIA Director John Brennan gave a press conference Monday in Washington where he said multi-department information gathering ops were "hampered" by concerns about privacy, and blamed public "hand wringing" over its surveillance programs as an obstacle to catching the bad guys. Privacy is a serious concern. But don't get distracted by finger pointing; the bigger concern is security. The struggle for the U.S. defense industrial complex to comprehend cyber is real. Despite the Pentagon's insistence that malware is analogous to missile strikes, backdooring encryption is not the same as wiretapping. Because of the way you'd have to break end-to-end encryption, bulk data collection would be the only type of operational access possible. If we viewed the DoD as an attacker on a network, this could be called giving them "persistent access." Since WhatsApp has in the neighborhood of 450 million users and Telegram has around 62 million users, so much data would be collected that scale and cost will require analysis to be automated. Meaning, if the DHS gets their way with encrypted messaging apps, we'd once again be cast into the NSA Pit of Despair when it came to expectations of accuracy -- or privacy. I doubt they'll get their way. Tech companies are unwilling to budge on breaking product security -- even before the Paris attacks, Tim Cook had to patiently explain like a seasoned parent that "any backdoor is a backdoor for everyone. Opening a backdoor can have very dire consequences." Still, the lack of confirmed reports didn't keep officials from hyping terrorist use of encrypted messaging products. Some officials told press the terrorists "probably" used encrypted apps like WhatsApp, which led outlets like NBC News to run bizarre mashups of conjecture like "ISIS Uses WhatsApp, PlayStation to 'Go Dark' and Elude Surveillance." Needless to say, I was crestfallen when we all found out Sony's gaming console was not, in fact, used for covert cyber-communications, and the PS4 on my holiday wish list wasn't going to be "research" write-off after all. Until I can write off my PS4, I've got popcorn ready for our front row seats to what's now a giant media flamewar, festooned with the tinfoil hats and scare tactics I mentioned earlier. One side is a pile-on of infosec professionals, tech reporters, digital civil liberties activists, topped by an NYT Editorial Board op-ed condemning mass surveillance. The other side believes if you're against encryption backdoors then you're "with the terrorists." Like California Sen. Dianne Feinstein who told MSNBC, "I think Silicon Valley has to take a look at their products because if you create a product that allows evil monsters to operate in this way ... that can't be pierced even with a court order ... That is a big problem." To me, it's an even bigger problem that officials think their idea is in any way safe. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Nov 21 08:48:28 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Nov 2015 09:48:28 -0500 Subject: [Infowarrior] - The 'blame Snowden' idiocy grows Message-ID: <3BE2D4CF-1520-4B3E-89F6-2AF6E309B33C@infowarrior.org> The moronic and incorrect Tie-Snowden-with-Paris brigade remains out in full-force. http://thehill.com/blogs/blog-briefing-room/260817-ex-cia-director-snowden-should-be-hanged-for-paris More @ http://www.dailymail.co.uk/news/article-3327298/Ex-CIA-head-James-Woolsey-said-d-like-watch-Edward-Snowden-hanged-treason.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Nov 21 09:19:40 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Nov 2015 10:19:40 -0500 Subject: [Infowarrior] - Fight on terror: can encryption help? Message-ID: <8F0942A4-2CF0-4FFA-9229-4470EE344FD3@infowarrior.org> Fight on terror: can encryption help? SCITECH / 21 November 2015 at 09:12am By: AFP http://beta.iol.co.za/scitech/technology/news/fight-on-terror-can-encryption-help-1948882 Encryption can be a terrorist's tool. But it's also a key for those hunting attackers, and for many others. The technology for encryption can keep data and conversations private, making it a double-edged sword that can equally be used by democracy campaigners, law enforcement or violent extremists. The November 13 attacks in Paris spurred calls for better tools for investigators to track criminals who rely on encrypted communications. But no solution is readily available that would avoid major impacts on privacy, civil liberties and a wide range of online communications including electronic commerce. The US government is both a supporter of encryption - funding projects aimed at helping pro-democracy activists - while at the same time pressing for ways to gain access to encrypted data for certain investigations. ?That schizophrenia is inherent in the NSA (National Security Agency) itself,? said Sascha Meinrath, who heads the digital rights group X-Lab. ?The NSA is tasked both to secure our communications and to survey our communications.? Interest in encryption has been growing since revelations in documents leaked in 2013 by former US intelligence contractor Edward Snowden describing the NSA's vast abilities to sweep up data. But officials from the CIA, NSA and FBI as well as lawmakers and local law enforcement leaders have complained that they are ?going dark,? unable to tap into new encrypted apps and smartphones which may be locked down with keys available only to users. Democratic presidential candidate Hillary Clinton joined the debate, saying ?we should take the concerns of law enforcement and counterterrorism professionals seriously.? ?They have warned that impenetrable encryption may prevent them from accessing terrorist communications and preventing a future attack.? Clinton said on Thursday that ?we need Silicon Valley not to view government as its adversary.? ?We need to challenge our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy,? she said. But technology specialists in the private sector argue that any ?back door? allowing authorities to gain access to encrypted data, could also be exploited by a hacker, or used by repressive regimes as well as democratic ones. ?Anytime you introduce a back door you can't just program it so only one entity can grab that data,? said Mike Janke, chief executive of Silent Circle, an app featured on a ?safe? list recently circulated by the Islamic State organisation. ?Hackers can get into it better than anybody.? Technology players defend the principles of encryption, saying it is legitimately used to keep data confidential by Fortune 500 companies, government leaders, journalists and dissidents around the world. Meinrath said encryption ?is one of the world's most used technologies for routing around censorship. It enables millions of people to access information and news that they would otherwise not see.? The US government has acknowledged this need by funding projects for secure and encrypted communications through the Open Technology Fund led by Radio Free Asia, and which Meinrath has advised. Illustrating the complexity of the issue, however, the fund provided more than $1.3 million to the Open Whisper project - whose Redphone and Signal apps have been deemed ?safe? by IS for its members to use. The US military also created the Tor network for encrypted communications, which was developed for secret military communications but is also used now for underground ?Darknet? markets. Under pressure to act following the Paris attacks, Silent Circle and others took some steps to make it harder for terrorists to use their services. Janke told AFP the Swiss-based company was ?enacting more aggressive back-end payment technology to reduce the likelihood of evildoers? like IS using the service. Telegram, a secure communications app created by Russian Internet guru Pavel Durov, said it had blocked dozens of accounts associated with IS that were reportedly being used to spread extremist propaganda. Activists say the current debate revives the 1990s ?crypto war? battle when the government sought a special ?key? for Internet communications, before throwing in the towel. Encryption backers say it is like any other technology - whether it is a car, telephone or gun - which can be used for good or evil. ?Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety,? said Dean Garfield of the Information Technology Industry Council, which represents major tech firms. ?We deeply appreciate law enforcement's and the national security community's work to protect us,? he said. ?But weakening encryption or creating back doors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy.? Jason Healey, a former White House advisor who is now a Columbia University researcher and Atlantic Council fellow, said any new laws on encryption are unlikely to be effective. ?If the terrorists are clever enough to avoid NSA-monitored technology, won't they be smart enough to avoid future NSA-backdoored cryptography and devices?? he wrote in The Christian Science Monitor. ?They will simply switch to non-US software that has more privacy safeguards or is difficult to monitor.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Nov 21 17:22:38 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Nov 2015 18:22:38 -0500 Subject: [Infowarrior] - =?utf-8?q?Anonymous_are_now_=E2=80=98rickrolling?= =?utf-8?b?4oCZIElzaXM=?= Message-ID: <73414664-1B25-4B81-8251-883CB81F6A70@infowarrior.org> Anonymous are now ?rickrolling? Isis http://www.dazeddigital.com/artsandculture/article/28512/1/anonymous-are-apparently-rickrolling-isis -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 22 18:34:51 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Nov 2015 19:34:51 -0500 Subject: [Infowarrior] - =?utf-8?q?Stopping_WhatsApp_Won=E2=80=99t_Stop_Te?= =?utf-8?q?rrorists?= Message-ID: <7474C70A-C582-4EE5-8979-B4C51B58AD4E@infowarrior.org> Stopping WhatsApp Won?t Stop Terrorists NOV. 20, 2015 Zeynep Tufekci http://www.nytimes.com/2015/11/22/opinion/stopping-whatsapp-wont-stop-terrorists.html IS the ability to send encrypted messages making it hard to stop terrorists? That?s what many intelligence officials and politicians have been saying about rumors that the terrorists in France communicated using encrypted services like WhatsApp or Apple iMessage. For decades, government officials have been warning about the threat of criminals and terrorists ?going dark? ? becoming impenetrable to law enforcement surveillance ? through the use of encryption. There is a bill in Britain calling for weaker encryption. Here in the United States, Senator John McCain says he will hold hearings in the Senate and propose legislation on this topic, while Hillary Rodham Clinton warned that encryption was a ?particularly tough problem.? And yet, just last month, people claiming to be teenagers hacked into the AOL account of the director of the Central Intelligence Agency, John Brennan. Almost every week, we read about another spectacular data leak. It seems that, simultaneously, a set of technologies exist that defy all attempts, including by well-resourced governments, to spy on private messages, and yet our data is so unprotected that even C.I.A. directors can?t keep their files secure. We hear a lot about privacy (a crucial consideration) in this discussion, but there is another fundamental issue at stake: Law enforcement agencies can?t weaken encryption for terrorists without weakening it for everyone. And making it easier for malicious hackers and foreign governments to spy on us is not a good idea. Governments don?t like encryption because it impedes mass surveillance ? the scooping up of everyone?s information to sort out later. But most governments don?t need mass surveillance. They have other ways of getting into potential terrorists? phones and computers, using methods better suited to counterterrorism. Here?s a short history of encryption. Until the 1970s, in order to send a secret message, you had to find a secure way to send a ?key? first, so that the recipient could decode the message. This, as you might know from spy novels, made routine covert communication difficult, largely the realm of governments. In the 1970s, computer scientists and cryptologists created a brilliant solution ? public key cryptography ? that allowed a computer to generate a linked set of keys, one private and one public. ?Alice? would publish this public key for the world, and ?Bob? would use that key to encrypt a message that only she could read. Alice and Bob no longer needed to meet first to securely exchange keys, or even know each other to communicate in secrecy. This is essentially how platforms like WhatsApp work. They allow far-flung networks of strangers to communicate securely. Mass surveillance can?t scoop up these communications, because they?d just look like gobbledygook in all the reams of data. (Though even with encryption, many governments can still collect ?metadata,? which reveals who talks with whom.) But there?s simply no way to ban encryption, for terrorists or anyone else. The technology is already widely available, and will remain accessible, even if WhatsApp is pressured into abandoning it. Mass surveillance is not the only tool to use in going after terrorists. Think of it this way: Our computer networks have some really strong locks (encryption) on flimsy houses where every window (i.e., the rest of the computer) is left open. If encryption is widespread, law enforcement has to enter each targeted house one by one, through the open windows. Law enforcement has little problem doing this. Computer weaknesses in areas other than encryption mean that an adversary with resources (like the American government) can almost always break into computers and phones that it actively targets. This is targeted surveillance, and it?s actually a more appropriate method for countering terrorism. Terrorism is perpetrated by a small number of people who are not easy to identify in an automated manner. Mass surveillance creates a lot of big data that is more suited to analyzing large-scale patterns ? things that are done by lots of people in similar and predictable ways ? rather than finding those needles in haystacks. It can overwhelm security systems by producing a lot of noise and false positives. After many terrorist attacks in the past, we have learned that law enforcement agencies had dossiers on some of the attackers, but failed to connect the dots. This one is no different. The problem, once again, appears to be that there were too many potential suspects on too many lists, and that the authorities had not developed the capacity to identify and track the threat that only a few actually posed. Access to the unencrypted text of messages is no magic bullet. Drowning in data, the authorities didn?t even get around to translating the 9/11 terrorists? messages until after attacks had taken place. Many of the Paris attackers lived in the same area, and some in the same house; they didn?t need to write to one another. They also spoke a Moroccan dialect of Arabic that the police apparently did not understand too well. Intelligence agencies bear the blame for not predicting terrorist attacks, and they tend to defensively call for more surveillance and less encryption after each attack. But the real problems that need to be discussed involve far broader issues, like a destabilized Middle East; protracted wars; the huge outflow of desperate refugees; colonial pasts; homegrown religious fanatics; and the failures of assimilation. We should acknowledge that it?s very hard to stop a few people who want to murder civilians in public places and are willing to die along the way. The challenge is not how to collect more data from everyone, but how to identify and track the few truly dangerous people. In the meantime, law enforcement agencies should quit trying to weaken encryption. They can help harden all computer networks against all types of spying (including their own) or let them stay weak to make all spying easier (including by hackers and foreign powers). Just this year, we learned that sensitive files containing security clearance information for more than 20 million Americans, including many fingerprints, had been stolen by hackers probably working for a foreign government. Encryption cannot be wished away, and weakening it will hurt us all. Zeynep Tufekci is an assistant professor at the School of Information and Library Science at the University of North Carolina and a contributing opinion writer. A version of this op-ed appears in print on November 22, 2015, on page SR7 of the New York edition with the headline: The WhatsApp Theory of Terrorism. Today's Paper|Subscribe -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 23 12:32:34 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Nov 2015 13:32:34 -0500 Subject: [Infowarrior] - Moscow judge shuts down Scientology, cites trademark Message-ID: <533D3DFA-DECF-4F08-8F63-B98B1AB19A61@infowarrior.org> Moscow judge shuts down Scientology, cites trademark The Associated Press http://www.nola.com/news/index.ssf/2015/11/scientology_shut_down_moscow.html MOSCOW ? A Russian court has ordered the Church of Scientology in Moscow to be dissolved. The Moscow City Court on Monday (Nov. 23) accepted arguments from the Justice Ministry that the term "Scientology" is trademarked and thus cannot be considered a religious organization covered by the constitution's freedom-of-religion clause. Prosecutors also said the church carried out activities in St. Petersburg, though it was only authorized to operate in Moscow, according to the Tass news agency. Several books by Scientology founder L. Ron Hubbard are banned in Russia for "extremist" content. A church representative said the decision would be appealed, Russian news agencies reported. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 23 16:35:13 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Nov 2015 17:35:13 -0500 Subject: [Infowarrior] - Comcast injects copyright warnings into browsers Message-ID: <6CC1455F-857F-4015-95D4-F122CA77FBFD@infowarrior.org> Comcast injects copyright warnings into browsers, raising privacy concerns | ZDNet Zack Whittaker http://www.zdnet.com/article/comcast-injects-copyright-warnings-into-your-browser/ If Comcast thinks you're downloading copyrighted material, you can be sure it'll let you know. But how it does it has raised questions over user privacy. The cable and media giant has been accused of tapping into unencrypted browser sessions and displaying warnings that accuse the user of infringing copyrighted material -- such as sharing movies or downloading from a file-sharing site. That could put users at risk, says the developer who discovered it. Jarred Sumner, a San Francisco, Calif.-based developer who published the alert banner's code on his GitHub page, told ZDNet in an email that this could cause major privacy problems. Sumner explained that Comcast injects the code into a user's browser as they are browsing the web, performing a so-called "man-in-the-middle" attack. (Comcast has been known to alert users when they have surpassed their data caps.) This means Comcast intercepts the traffic between a user's computer and their servers, instead of installing software on the user's computer. But that opens up a whole host of problems, such as allowing Comcast to modify what is displayed on the user's page. "This probably means that Comcast is using [deep packet inspection] on subscriber's internet and/or proxying subscriber internet when they want to send messages to subscribers," he said. "That would let Comcast modify unencrypted traffic in both directions." That would mean Comcast could, if it wanted to, trick users into thinking they are on one site when they're on another instead. "There are scarier scenarios where this could be used as a tool for censorship, surveillance, [or] selling personal information," said Sumner. Sumner confirmed he used Comcast at home. "It started appearing on every single non-HTTPS website on every device on my home's network," he said. It's almost impossible for websites that are encrypted, which display "HTTPS" in the address bar, to be affected. Not only does an SSL security certificate prevent anyone from knowing what's going on during the browsing session, it also adds a layer of integrity to the site, meaning it hasn't been modified by a third-party while it was being displayed. "This is highly dubious behavior from Comcast. The last thing anyone wants is unapproved third-party JavaScript libraries being injected onto their pages. This could have serious performance and security implications," said one user in the comments. Others in the comments section said they also saw this, adding that it was first seen back in June. This is not the first time Comcast has been accused of controversial tactics. Most recently, Comcast was accused of exploiting a loophole in the net neutrality rules, allowing its users to stream an unlimited amount of video -- despite its data caps, because the company said it was being provided over its cable network rather than the internet. That falls foul of the rules because its competitors, like Netflix, would count against the data limits, according to the Washington Post. A Comcast spokesperson said in an email on Monday that this is "not new," adding that engineers "transparently posted an Internet Engineering Task Force (IETF) white paper about it" as early as 2011, which can be found here. The spokesperson did not, however, address of the apparent privacy concerns. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 23 17:37:41 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Nov 2015 18:37:41 -0500 Subject: [Infowarrior] - Yahoo confirms 'testing' anti-ad-blocker policy for email Message-ID: <574C20CC-661A-4AEA-AB9C-E165E18C5F38@infowarrior.org> Clinging To Relevance, Yahoo Prevents Ad Block Users From Checking Yahoo Mail https://www.techdirt.com/articles/20151120/09402532872/clinging-to-relevance-yahoo-prevents-ad-block-users-checking-yahoo-mail.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 24 06:24:44 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Nov 2015 07:24:44 -0500 Subject: [Infowarrior] - Proposed Regulations for Drones Are Released Message-ID: <52DE5A89-5D5B-43CE-992F-9FBDCC08282D@infowarrior.org> Proposed Regulations for Drones Are Released http://www.nytimes.com/2015/11/24/technology/proposed-regulations-for-drones-are-released.html < - > In addition to entering the machines into a national database, the task force said, drone owners should display a government-issued registration number on each machine. The group also recommended that owners submit their names and addresses, but said email addresses and phone numbers should be optional. The rules would apply to recreational drones weighing half a pound to 55 pounds. The F.A.A. would enforce registration rules and oversee the database. The task force recommended that the F.A.A. carve out separate registration-related penalties for drones. Registration violations applying to any aircraft can now exceed $25,000. That amount was established to deter suspected drug traffickers and tax evaders but should not apply to users of small recreational drones, the groups said. ?The task force recommends the F.A.A. expressly establish a reasonable and proportionate penalty schedule that is distinct from those relating to traditional manned aviation,? the group said in its report. The task force did not go as far with its recommendations as some aviation and security experts had hoped. The proposals say owners should not have to submit any information about their aircraft, for example. It also said there should not be a requirement for drone users to be citizens or permanent residents. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Nov 24 06:33:46 2015 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Nov 2015 07:33:46 -0500 Subject: [Infowarrior] - Axel Springer Goes After iOS 9 Ad Blockers In New Legal Battle Message-ID: Axel Springer Goes After iOS 9 Ad Blockers In New Legal Battle Sarah Perez http://techcrunch.com/2015/11/23/axel-springer-goes-after-ios-9-ad-blockers-in-new-legal-battle/?ncid=rss German media giant Axel Springer, which operates top European newspapers like Bild and Die Welt, and who recently bought a controlling stake in Business Insider for $343 million, has a history of fighting back against ad-blocking software that threatens its publications? business models. Now, it?s taking that fight to mobile ad blockers, too. According to the makers of the iOS content blocker dubbed ?Blockr,? which is one of several new iOS 9 applications that allow users to block ads and other content that slows down web browsing, Axel Springer?s WELTN24 subsidiary took them to court in an attempt to stop the development and distribution of the Blockr software. Specifically, explains the law firm representing Blockr, Axel Springer wanted to prohibit Blockr?s developers from being able to ?offer, advertise, maintain and distribute the service? which can be used today to block ads on http://www.welt.de, including the website?s mobile version. Blockr?s lawyers argued in a hearing on November 19 that its software is legal and should be allowed to continue, and that it?s the user?s choice to use an ad blocker. In the hearing, the court seemed to agree with the startup, and pointed out that Axel Springer has other options for handling how it wants to deal with ad blockers. For example, it could re-use its prior tactics that involve locking out users from a website when it detects that the visitor is using ad blocking software. The final ruling, however, is not until December 10. This is not the first time Axel Springer has gone to war with ad blockers. Ad-blocking firm Eyeo, whose Adblock Plus is one of the most used ad blockers on the web, recently won its court battle with the publisher when a German court ruled that the web browser extension didn?t breach laws on competition, copyright or market dominance, according to a report from Reuters. (Axel Springer said it would appeal the ruling.) But despite its failure to win within the court system, the publisher has found other ways of forcing readers to abandon their ad blockers when visiting its online properties. In October, Axel Springer forced visitors to Bild to turn off their ad blockers or pay a monthly fee to continue using the site. Earlier this month, the publisher reported the success of this measure, saying that the proportion of readers using ad blockers dropped from 23% to the single digits when faced with the choice to turn off the software or pay. ?The results are beyond our expectations,? said Springer chief exec Mathias D?pfner at the time. ?Over two-thirds of the users concerned switched off their adblocker.? He also noted that the Bild.de website received an additional 3 million visits from users who could now see the ads in the first two weeks of the experiment going live. Given that the publisher has already been defeated in the courts in its fight against a similar application, and found a workaround to address its concerns about the missed advertising revenue, a win against Blockr doesn?t look promising. Axel Springer did not yet respond to a request for comment. (We?ll update if one is provided). offered the following comment: Axel Springer SE is demonstrating its position regarding ad blocking in various legal initiatives: Ad blocking interferes with the constitutionally protected position of publishing houses and endangers the refinancing? ? and hence, in the long run, the existence ? ?of professional online journalism. We are currently not commenting on the number and status of ongoing legal proceedings. The law firm Lampmann, Haberkamm & Rosenbaum, has also now released a statement in English, which was provided by Blockr?s co-creator Arno Appenzeller. The lawyer explains that Axel Springer?s Die Welt tried to obtain a preliminary injuction without warning in the at the district court of Stuttgart (Landgericht Stuttgart) through the law firm Lubberger Lehment. Die Welt argued that the software was illegally obstructing its digital content and therefore had to be banned. The court said it didn?t see any legal grounds for the injunction. ?We are therefore pleased that the court followed our arguments regarding the legality of the software?, said Lawyer Dr. Niklas Haberkamm, LL.M. oec. after the hearing. The co-founders of Blockr, Arno Appenzeller and Tim Poller, added: ?our intention with Blockr is to give users a choice to what they see while browsing the web. There is a lot of stuff intruding users privacy, spaming the small size mobile screens or draining their mobile data. We think this choice matters in many ways and hope the court will consider this.? Axel Springer is not the only publisher that?s taking a confrontational approach to dealing with ad blockers, The FT recently reported. U.K. newspaper City AM banned ad blockers from its website; U.K. broadcasters ITV and Channel 4 have now done the same; and the Washington Post redirects readers to a subscription page, or asks them to sign up to newsletters, or disable their ad-blocking software. Even Yahoo has gotten in on the action, blocking users from their email when they have AdBlock running. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 25 08:27:16 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Nov 2015 09:27:16 -0500 Subject: [Infowarrior] - For thin-skinned college students, we have nobody to blame but ourselves Message-ID: <67194251-025D-463C-A468-BCB2BCD1474A@infowarrior.org> For thin-skinned college students, we have nobody to blame but ourselves By Kathleen Parker https://www.washingtonpost.com/opinions/for-thin-skinned-students-we-have-nobody-to-blame-but-ourselves/2015/11/24/613a815c-92e9-11e5-a2d6-f57908580b1f_story.html It would be easy to call protesting college students crybabies and brats for pitching hissy fits over hurt feelings, but this likely would lead to such torrents of tearful tribulation that the nation?s university system would have to shut down for a prolonged period of grief counseling. Besides, it would be insensitive. Instead, let me be the first to say: It?s not the students? fault. These serial tantrums are direct results of our Everybody Gets a Trophy culture and an educational system that, for the most part, no longer teaches a core curriculum, including history, government and the Bill of Rights. The students simply don?t know any better. This isn?t necessarily to excuse them. Everyone has a choice whether to ignore a perceived slight ? or to form a posse. But as with any problem, it helps to understand its source. The disease, I fear, was auto-induced with the zealous pampering of the American child that began a few decades ago. The first sign of the epidemic of sensitivity we?re witnessing was when parents and teachers were instructed never to tell Johnny that he?s a ?bad boy,? but that he?s ?acting? like a bad boy. Next, Johnny was handed a blue ribbon along with everyone else on the team even though he didn?t deserve one. This had the opposite effect of what was intended. Rather than protecting Johnny?s fragile self-esteem, the prize undermined Johnny?s faith in his own perceptions and judgment. It robbed him of his ability to pick himself up when he fell and to be brave, honest and hardy in the face of adversity. Self-esteem is earned, not bestowed. Today?s campuses are overrun with little Johnnys, their female counterparts and their adult enablers. How will we ever find enough fainting couches? Lest anyone feel slighted so soon, this is also not to diminish the pain of racism (or sexism, ageism, blondism or whatever -ism gets one?s tear ducts moistened). But nothing reported on campuses the past several weeks rises to the level of the coerced resignations of a university chancellor and president. The affronts that prompted students to demand the resignations include: a possibly off-campus, drive-by racial epithet apparently aimed at the student body president; another racial epithet , hurled by a drunk white student; a swastika drawn with feces in a dorm restroom. Someone certainly deserves a spanking ? or psychoanalysis. Sigmund Freud had plenty to say about people who play with the products of their alimentary canal. But do such events mean that students have been neglected, as protesters have charged? Or that the school tolerates racism? Concurrent with these episodes of outrage is the recent surge on campuses of ?trigger warnings? in syllabuses to alert students to content that might be upsetting, and ?safe spaces ? where students can seek refuge when ideas make them uncomfortable. It seems absurd to have to mention that the purpose of higher education is to be challenged, to be exposed to different views and, above all, to be exhilarated by the exercise of free speech ? other people?s as well as one?s own. The marketplace of ideas is not for sissies, in other words. And it would appear that knowledge, the curse of the enlightened, is not for everyone. The latter is meant to be an observation, but on many college campuses today, it seems to be an operating principle. A recent survey of 1,100 colleges and universities found that only 18 percent require American history or government, where such foundational premises as the First Amendment might be explained and understood. The survey, by the American Council of Trustees and Alumni, assesses schools according to whether they have at least one required course in composition, foreign language at the intermediate level, American government or history, economics, science, mathematics and literature. Coincidentally, the very institutions where students are dominating what passes for debate also scored among the worst: University of Missouri, D; Yale University, C; Dartmouth College, C; and Princeton University, C ? all for requiring only one or a few of the subjects. Amherst College scored an F for requiring none of them. Such is the world we?ve created for young people who soon enough will discover that the world doesn?t much care about their tender feelings. But before such harsh realities knock them off their ponies, we might hope that they redirect their anger. They have every right to despise the coddling culture that ill prepared them for life and an educational system that has failed to teach them what they need to know. Weep for them ? and us. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Nov 25 08:27:24 2015 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Nov 2015 09:27:24 -0500 Subject: [Infowarrior] - Trump undermines our fight against the Islamic State Message-ID: (I don't often post items from traditonal DC 'insiders' but this one rings true. --rick) Donald Trump undermines our fight against the Islamic State https://www.facebook.com/davidignatiusbooks https://www.washingtonpost.com/opinions/donald-trump-undermines-our-fight-against-the-islamic-state/2015/11/24/d03c8eb6-92f2-11e5-b5e4-279b4501e8a6_story.html Crises bring out the best and worst in people, as has been demonstrated vividly this past week by the behavior of President Obama and GOP presidential candidate Donald Trump. Obama showed his best face in Tuesday?s news conference with visiting French President Fran?ois Hollande. Obama was cool and restrained, analytically clear, and appropriately apolitical in describing how the United States will work with France in combating the Islamic State. He avoided inflaming the delicate and potentially dangerous situation following the shoot-down of a Russian military jet by Turkey. David Ignatius writes a twice-a-week foreign affairs column and contributes to the PostPartisan blog. View Archive Perhaps most important, Obama embodied America?s best self by combating the panicky, anti-Muslim sentiment that?s loose in the country following the Paris attacks. In voicing the welcome to immigrants that?s chiseled on the Statue of Liberty, he reminded us where America?s real strength lies. Obama has often misfired on Syria and the Islamic State. I wish he had been a more aggressive leader since this crisis began four years ago. I wish he hadn?t sounded petty and political last week in criticizing GOP politicians. But Tuesday he was a model of responsible leadership. Now look at Trump?s behavior over the past few days. He has displayed a level of irresponsibility that borders on recklessness. This is a time when the essence of leadership is clarity and restraint ? when even politicians should put aside their usual braggadocio and self-aggrandizement for the good of the country. Trump has done the opposite. He appears to be inflaming the situation deliberately, to advance his presidential campaign. It?s rare that we see this level of demagoguery in U.S. politics, but it?s frightening. His divisive comments play so directly into the polarizing strategies of our terrorist adversaries ? who want to foment Western-Muslim hatred ? that a case can be made that he has put the country at greater risk. Trump tosses hand grenades of rumor, slander and intolerance. He makes inflammatory statements with no factual support, such as his assertion Nov. 14 that ?our president wants to take in 250,000 [refugees] from Syria,? or his claim Saturday that ?thousands and thousands of people were cheering? in Muslim neighborhoods in New Jersey when the twin towers fell. These aren?t just a politician?s exaggerations: They?re dangerous fabrications, meant to engender fear at a time when calm is needed. Trump?s comments Monday on waterboarding were also damaging to this country. Remember, this is a technique that the United States (and most of the rest of the world) now regards as an illegal form of torture. ?Would I approve waterboarding? You bet your ass I would. .?.?. And I would approve more than that. .?.?. Believe me, it works. And you know what? If it doesn?t work, they deserve it anyway, for what they?re doing.? Put aside questions of ethics and morality. These public calls for torture are the verbal equivalent of the photos of prisoner abuse at Abu Ghraib. Are Trump?s comments really making us less safe? I fear that?s so: Professional counterterrorism experts say that the United States has had relatively few ?lone wolf? attacks partly because Muslim Americans believe they are part of the national community. They have a stake in the United States and its security. The FBI and local law enforcement agencies work 24/7 to build this sense of trust and cooperation so that when Muslim communities see extremists in their midst, they will report them to authorities. These essential threads of interdependence are what Trump is ripping apart. Try to read his words as a Muslim neighbor would, when Trump said Nov. 17, ?We?re going to have to look at the mosques. We?re going to have to look very, very carefully.? Or when he responded to a question two days later about creating databases to track Muslims, ?certainly? and ?absolutely.? Trump?s defenders say he misspoke, or was responding to a question ? but that?s precisely the point. He wasn?t being clear and careful, on a subject where clarity is essential in this moment of crisis. Let?s state the problem in the simplest terms: If Muslim Americans come to believe that prominent leaders (such as the top GOP presidential candidate) view them as less worthy of rights and protections than others, then the job of the Islamic State?s recruiters will become easier. The work of intelligence officers, cops and soldiers who have been trying to stop our terrorist adversaries will become more difficult. It?s hard to imagine that someone would put the country at greater risk for personal political benefit. But that?s exactly what Trump has been doing. It?s outrageous behavior, and responsible Republicans must insist that it stop. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Nov 29 18:56:42 2015 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Nov 2015 19:56:42 -0500 Subject: [Infowarrior] - OT: America Is Too Dumb for TV News Message-ID: <3AE45126-D426-4094-A239-0583491BE4FB@infowarrior.org> America Is Too Dumb for TV News By Matt Taibbi http://www.rollingstone.com/politics/news/america-is-too-dumb-for-tv-news-20151125 Donald Trump said this to supporters at an Alabama rally: "Hey, I watched when the World Trade Center came tumbling down. And I watched in Jersey City, New Jersey, where thousands and thousands of people were cheering as that building was coming down. Thousands of people were cheering." It was a hell of a revelation. Where did this witnessing take place? Was he standing on the Hoboken terminal clock tower? George Stephanopoulus challenged Trump on this on ABC's This Week, noting that police said nothing like that happened. TRUMP: It did happen. I saw it. STEPHANOPOULOS: You saw that? TRUMP: It was on television. I saw it. Until recently, the narrative of stories like this has been predictable. If a candidate said something nuts, or seemingly not true, an army of humorless journalists quickly dug up all the facts, and the candidate ultimately was either vindicated, apologized, or suffered terrible agonies. Al Gore for instance never really recovered from saying, "I took the initiative in creating the Internet." True, he never said he invented the Internet, as is popularly believed, but what he did say was clumsy enough that the line followed him around like an STD for the rest of his (largely unsuccessful) political life. That dynamic has broken down this election season. Politicians are quickly learning that they can say just about anything and get away with it. Along with vindication, apology and suffering, there now exists a fourth way forward for the politician spewing whoppers: Blame the backlash on media bias and walk away a hero. This season has seen an explosion of such episodes. Carly Fiorina, in a nationally televised debate, claimed to have watched a nonexistent video of evil feminists harvesting fetal brains. Ben Carson has been through a half-dozen factual dustups, including furious debates over whether or not he stabbed someone and whether or not he once won $10 for being the only honest student in an (apparently nonexistent) Yale psychology class. Trump, meanwhile, has been through more of these beefs than one can count, even twice blabbing obvious whoppers in live televised debates. Once he claimed the Trans-Pacific Partnership was designed to help China, moving Rand Paul to point out that China isn't in the TPP. Another time he denied that he once called Marco Rubio "Mark Zuckerberg's personal senator." The line was on Trump's website as he spoke. In all of these cases, the candidates doubled or tripled down when pestered by reporters and fact-checkers and insisted they'd been victimized by biased media. A great example of how candidates have handled this stuff involved Fiorina. The former HP chief keeps using a roundly debunked line originally dug up by the Romney campaign, about how 92 percent of the jobs lost under Obama belonged to women. The Romney campaign itself ditched the line because it was wrong even in 2012. When confronted this year, Fiorina simply said, "If the liberal media doesn't like the data, maybe the liberal media doesn't like the facts." This latest episode with Trump and the 9/11 "celebrations" was fascinating. When Trump started to take heat, he at first did something one journalist I know calls "panic-Googling." Panic-Googling is saying or writing something dumb, then frantically rushing to the Internet to see if you can luck out into evidence for what you've already blabbed in public. Trump thought he lucked out, digging up a September 18, 2001, Washington Post article by reporters Serge Kovaleski and Frederick Kunkle. The old clip claimed a few people had been detained after allegedly being spotted celebrating in "tailgate-style" parties on rooftops in northern New Jersey. Seizing upon this factoid, Trump tweeted, "I want an apology! Many people have tweeted that I am right!" Forgetting that this didn't come close to being an affirmation that he'd seen "thousands" of people celebrating on television, Trump's supporters howled in outrage. Who were these biased witch-hunters to accuse him of lying? The Donald was right all along! Other supporters referenced an article by Debbie Schlussel, Detroit's schlocky Ann Coulter knockoff, who long ago insisted in print that she once watched an MTV news report describing post-9/11 celebrations by Arabs in Paterson, New Jersey. It wasn't Jersey City, Schlussel said, and Trump got the numbers wrong, but aside from those minor issues, he was dead right. Next in the progression came Rush Limbaugh, who came to Trump's defense by saying that "regardless of the specific details," Trump was right about Muslims on American soil celebrating the collapse of the towers on 9/11. "The bottom line is that a lot of Americans are well aware that Muslims were cheering," Rush said. "Maybe not in New Jersey in great numbers, but around the world they were because we saw the video." As if the "regardless of the specific details" excuse wasn't weird enough, Trump spokesman Corey Lewandowski next went on Breitbart radio to explain that the campaign had in fact provided material about celebrating Muslims to mainstream news outlets, who were now collectively declining to run it because of an ongoing conspiracy against Trump. "They want to try and discredit as many people as possible so they can have an establishment candidate come in," he said. "Because they are all controlled by special interests and all controlled by the media." This is a horrible thing to have to say about one's own country, but this story makes it official. America is now too dumb for TV news. It's our fault. We in the media have spent decades turning the news into a consumer business that's basically indistinguishable from selling cheeseburgers or video games. You want bigger margins, you just cram the product full of more fat and sugar and violence and wait for your obese, over-stimulated customer to come waddling forth. The old Edward R. Murrow, eat-your-broccoli version of the news was banished long ago. Once such whiny purists were driven from editorial posts and the ad people over the last four or five decades got invited in, things changed. Then it was nothing but murders, bombs, and panda births, delivered to thickening couch potatoes in ever briefer blasts of forty, thirty, twenty seconds. What we call right-wing and liberal media in this country are really just two different strategies of the same kind of nihilistic lizard-brain sensationalism. The ideal CNN story is a baby down a well, while the ideal Fox story is probably a baby thrown down a well by a Muslim terrorist or an ACORN activist. Both companies offer the same service, it's just that the Fox version is a little kinkier. When you make the news into this kind of consumer business, pretty soon audiences lose the ability to distinguish between what they think they're doing, informing themselves, and what they're actually doing, shopping. And who shops for products he or she doesn't want? That's why the consumer news business was always destined to hit this kind of impasse. You can get by for a long time by carefully selecting the facts you know your audiences will like, and calling that news. But eventually there will be a truth that displeases your customers. What do you do then? In this case, as Rush said, "Americans are well aware Muslims were cheering" after 9/11. Because America "knows" this, it now expects the news media to deliver that story. And if reporters refuse, it can only be out of bias. What this 9/11 celebrations story shows is that American news audiences have had their fantasies stroked for so long that they can't even remember stuff that happened not that long ago. It's like an organic version of 1984, with audiences constantly editing even their own memories to fit their current attitudes about things. It was preposterous from the start to think that there could have been contemporaneous broadcasts of "thousands" of people in New Jersey celebrating the 9/11 attacks. Does nobody remember how people felt that day? If there had been such broadcasts, there would have been massacres ? angry Americans would have stormed Jersey City. In fact, police had to be deployed to places like Paterson anyway to protect immigrants from exactly that sort of mob violence. This is one of the reasons we know Muslims weren't dancing en masse in the streets, because police were parked on those streets in huge numbers to keep people out. The Newark Star-Ledger did a report in the weeks after the attacks from Paterson showing the city in "virtual lockdown," with police camped in Muslim neighborhoods for the protection of the locals. "In this neighborhood, in South Paterson, we don't feel threatened," Samir Asmar, a Palestinian who became a U.S. citizen, told the paper. "But once we go outside, I fear for my wife and son." Beyond all of that: if footage of such a celebration existed, it would have skyrocketed around the country, and not popped off ineffectually on some local broadcast for just Donald Trump to see and remember. The whole thing is nuts. There are people of all political persuasions who insist to this day they saw something like what Trump described, but nobody describes anything like the scale of the story Trump is spinning. To believe there was a mass demonstration of open, gloating defiance right across the river from Manhattan while the Towers smoldered, speaks to a powerfully crazy fantasy both about American impotence and about a brazen, homogenous evil in Muslim-American communities. Maybe in the wake of Paris that's the way people feel, but it's not close to what happened. If we can't even remember things correctly even in the video age, things are going to get weird pretty fast in this country. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 30 09:04:17 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Nov 2015 10:04:17 -0500 Subject: [Infowarrior] - Details Of How The Paris Attacks Were Carried Out Show Little Effort By Attackers To Hide Themselves Message-ID: Details Of How The Paris Attacks Were Carried Out Show Little Effort By Attackers To Hide Themselves from the but-we-blame-encryption? dept https://www.techdirt.com/articles/20151127/22282132933/details-how-paris-attacks-were-carried-out-show-little-effort-attackers-to-hide-themselves.shtml On Friday, the Wall Street Journal's Stacy Meichtry and Joshua Robinson published an in-depth bit of reporting on the planning and operational setup of the Paris attackers, revealing a bunch of previously unknown details. The key thing, however, isn't just the total lack of anything that looks like sophisticated encryption, but the opposite. The attackers basically did nothing to hide themselves, communicating out in the open, booking houses and cars in their real names, despite some of them being on various terrorist watch lists. It discusses how Brahim Abdeslam booked a house using an online website (Homelidays -- a French service that is similar to Airbnb, though it predates Airbnb by a lot), using his own name. So did his brother, Salah Abdeslam, who booked a hotel for a bunch of the attackers (using his real name) on Booking.com. The piece mentions, as we noted earlier, that the attackers appeared to communicate via unencrypted SMS. It also mentions how the guy who planned the attacks, Abdelhamid Abaaoud, bragged about his plans in ISIS's English-language glossy magazine months ago. Again, you'd think that this would alert the intelligence community to actually watch the guy, but again it appears he did little to hide his movements or communications. In fact, the report notes that after Abaaoud shot up a restaurant, he went back to check out the aftermath of the attacks that he had helped put together -- and kept his mobile phone with him the whole time, making it easy to track his whereabouts: An hour after Mr. Abaaoud finished shooting up restaurants, he emerged from a metro station in the 12th district, according to data police pulled from his cellphone. He headed west toward the sound of sirens, his path zigzagging as he returned to the scene of his crimes. For two hours after the massacre ended, prosecutors say, Mr. Abaaoud surveyed his handiwork, at one point blending in with panicked crowds and bloodied victims streaming from the Bataclan You can read the entire thing and note that, nowhere does the word "encryption" appear. There is no suggestion that these guys really had to hide very much at all. So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it's very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they're grasping at straws to find something to blame, even if it had nothing to do with the attacks. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 30 11:32:20 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Nov 2015 12:32:20 -0500 Subject: [Infowarrior] - Thinking About ISIS And Its Cyber Capabilities: Somewhere Between Blue Skies and Falling Ones Message-ID: <8978C478-1E58-4C8F-BC03-FB2956791168@infowarrior.org> Thinking About ISIS And Its Cyber Capabilities: Somewhere Between Blue Skies and Falling Ones By Brian Nussbaum on November 29, 2015 at 10:59 am https://cyberlaw.stanford.edu/blog/2015/11/thinking-about-isis-and-its-cyber-capabilities-somewhere-between-blue-skies-and-falling -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 30 11:44:21 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Nov 2015 12:44:21 -0500 Subject: [Infowarrior] - Renminbi Is Approved as a Main World Currency Message-ID: China?s Renminbi Is Approved as a Main World Currency Keith Bradsher http://www.nytimes.com/2015/12/01/business/international/china-renminbi-reserve-currency.html HONG KONG ? The International Monetary Fund on Monday approved the Chinese renminbi as one of the world?s main central bank reserve currencies, a major acknowledgment of the country?s rising financial and economic heft. The I.M.F. decision will help pave the way for broader use of the renminbi in trade and finance, securing China?s standing as a global economic power. But it also introduces new uncertainty into China?s economy and financial system, as the country was forced to relax many currency controls to meet the I.M.F. requirements. The changes could inject volatility into the Chinese economy, since large flows of money surge into the country and recede based on its prospects. This could make it difficult for China to maintain its record of strong, steady growth, especially at a time when its economy is already slowing. The I.M.F. will start including the renminbi in the fund?s unit of accounting, the so-called special drawing rights, at the end of September. The renminbi will take its place alongside the dollar, the euro, the yen and the pound. Many central banks follow this benchmark in building their reserves, so countries could start holding more renminbi as a result. China will also gain more influence in international bailouts denominated in the fund?s accounting unit, like Greece?s debt deal. The decision to include the renminbi ?is an important milestone in the integration of the Chinese economy into the global financial system,? Christine Lagarde, the managing director of the I.M.F., said in a statement. ?It is also a recognition of the progress that the Chinese authorities have made in the past years in reforming China?s monetary and financial systems. The continuation and deepening of these efforts will bring about a more robust international monetary and financial system, which in turn will support the growth and stability of China and the global economy.? China?s leadership has made it a priority to join this group of currencies, naming it in October as one of its highest economic policy priorities in the coming years. The renminbi?s new status ?will improve the international monetary system and safeguard global financial stability,? President Xi Jinping of China said in mid-November. In the months before the I.M.F. decision, China took several actions to make sure that the renminbi was more widely embraced. China did so partly to meet the I.M.F.?s rule that a currency must be ?freely usable? before it can be included in this benchmark. China and Britain have sold renminbi-denominated sovereign bonds for the first time in London, which has emerged as Europe?s hub for the currency. Even Hungary has announced plans to issue its own renminbi-denominated bonds as well, while the Ceinex exchange in Frankfurt has begun trading funds this month based on renminbi bonds. Preparations began to trade renminbi-denominated oil contracts in Shanghai, where copper and aluminum contracts are already sold. Most important, China began changing the way it sets the value of the renminbi each morning. In doing so, it abruptly devalued the currency. The entry itself into the special drawing right is mainly symbolic. But such broader moves toward greater financial transparency and easier trading ? part of the process to meet the I.M.F. requirements ? will have long-term effects on the renminbi?s use. ?There?s this obsession with the S.D.R., and it?s completely out of proportion to its economic impact, which is likely to be trivial,? said Randall Kroszner, a former Federal Reserve Board governor who is now an economics professor at the University of Chicago. ?It may be that in the drive to get into the S.D.R., they may make changes that make the renminbi more attractive for international market participants.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Nov 30 14:10:42 2015 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Nov 2015 15:10:42 -0500 Subject: [Infowarrior] - =?utf-8?q?_The_National_Security_Letter_spy_tool_?= =?utf-8?q?has_been_uncloaked=2C_and_it=E2=80=99s_bad?= Message-ID: The National Security Letter spy tool has been uncloaked, and it?s bad No warrants needed to get browsing history, online purchase records, and other data. by David Kravets - Nov 30, 2015 2:25pm EST http://arstechnica.com/tech-policy/2015/11/the-national-security-letter-spy-tool-has-been-uncloaked-and-its-bad/ -- It's better to burn out than fade away.