From rforno at infowarrior.org Fri Apr 1 06:01:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Apr 2016 07:01:06 -0400 Subject: [Infowarrior] - Google's 4/1 prank backfires hard Message-ID: <46422BC2-DC3E-4B57-B87B-AC70DFD654B4@infowarrior.org> Google disables April Fools' Day joke amid user fury after prank backfires http://www.theguardian.com/technology/2016/apr/01/google-disables-april-fools-joke-gmail-mic-drop -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 1 12:17:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Apr 2016 13:17:08 -0400 Subject: [Infowarrior] - Obama undermined press freedom. Now he wants a strong media to stop Trump? Message-ID: <9F6B3DBD-1B8E-48ED-A762-0C3D846716FF@infowarrior.org> http://www.theguardian.com/commentisfree/2016/mar/30/barack-obama-press-freedom-strong-media-stop-donald-trump Obama undermined press freedom. Now he wants a strong media to stop Trump? Sara Morrison The president can?t lecture the press to be more aggressive. He has made an enemy of investigative journalists and whistleblowers President Obama had harsh words for the state of journalism and how it has lapsed in its duties to hold public figures ? specifically those vying for his current job ? accountable. If that?s truly important to him, he can start with his own administration. Obama spoke Monday night at the Toner Prize ceremony, which honors excellence in political reporting. When he first ran for president in 2008, Obama said, candidates couldn?t just get away with saying whatever they wanted, regardless of truth. The current election cycle, he said, indicates that this is no longer the case. There?s plenty of evidence of that ? and most of it revolves around one candidate in particular. Now that Donald Trump?s hold on the Republican nomination seems all but certain, we?re seeing the ?how did we allow Trump to happen?? media self-flagellation in Sunday columns and the ?did we allow Trump to happen?? self-questioning in others. Robin Toner, an investigative journalist who died in 2008 and for whom the Toner prize was named, ?demanded that we be accountable to the public for the things that we said and for the promises that we made,? Obama said. ?We should be held accountable.? Allow me to do exactly that. Obama?s own track record shows that if anyone isn?t being held accountable for the promises he?s made, it?s Obama himself ? at least when it comes to the deep-diving investigative journalism he professes to want more of. On his first day on the job, way back in January 2009, Obama issued a memorandum declaring that his administration was ?committed to creating an unprecedented level of openness in government ? and establish a system of transparency?. This was one of his campaign promises. Seven years later, the president has fallen well short of this vow, and many journalists see his administration as the least transparent of all. The Freedom of Information Act (Foia), signed into law in 1966, is meant to give citizens access to information about the government agencies their taxes support. Less than two weeks ago, the Associated Press reported that the Obama administration set a new record in the percentage of Foia requests answered with either redacted files or nothing at all: 77%. That?s up 12 points from the first year of Obama?s presidency. This is an administration that prosecutes people for leaking information to the press that would hold it accountable, and which continually obfuscates journalists? and citizens? efforts to extract any information from it at all. This is an administration that claimed, repeatedly, that emails to and from former deputy assistant secretary of state Philippe Reines did not exist ? only to finally reveal that thousands of them did, several years and one lawsuit later. This is an administration that has used the Espionage Act to punish whistleblowers at least seven times. By contrast, before Obama?s presidency, the act, in place since the first world war, was used to prosecute government officials who leaked to the media just three times. This is an administration that has gone after journalists who report on information obtained from leakers by secretly obtaining months? worth of phone records. That spent seven years trying to compel the New York Times? James Risen to reveal his sources. That snooped through Fox News? James Rosen?s private emails and accused the reporter of possibly being a ?co-conspirator? in order to get a warrant to do so, and to then keep that warrant secret. This is an administration that has made it exceedingly difficult for journalists to obtain information from even health and science agencies, like the Environmental Protection Agency and the US Department of Agriculture, denying requests and restricting access that was once granted. That allows the Drug Enforcement Agency to charge $1.4m to search for its records on El Chapo ? a sum that must be paid in full before the agency would begin to fill the request. This is an administration that has been happy to present the press with the story it wants the public to know, but then throws every possible roadblock in front of journalists looking for the story that the public deserves to know. ?It?s the kind of journalism that?s never been more important ? A job well done is about more than just handing someone a microphone,? Obama said on Monday night. ?It is to probe and to question, and to dig deeper and to demand more.? He?s right about that. Unfortunately for his constituents, it?s also a job he has refused to let many journalists do. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 1 12:17:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Apr 2016 13:17:21 -0400 Subject: [Infowarrior] - Reddit removes 'warrant canary', signaling US sought its user data Message-ID: <766E1F8F-CF72-4E4D-8E3A-0B89F926A585@infowarrior.org> Reddit removes 'warrant canary', signaling US sought its user data Danny Yadron http://www.theguardian.com/technology/2016/mar/31/reddit-removes-warrant-canary-signaling-us-sought-its-user-data US national security authorities may now view Reddit as a way to spy on people. A collection of message boards filled with notoriously vocal users, the pseudo-anonymous service on Thursday removed a line ? a ?warrant canary? ? from its annual report on government data requests that said it had never received a secret request for user data under the US Foreign Intelligence Surveillance Act, or Fisa. So-called national security letters seeking data are usually secret by nature and the recipients often cannot acknowledge their existence. As a clever workaround, many technology companies put declarations on their websites or in their data request reports stating that, as of a certain date, they?ve never received a national security letter. The understanding is that if they do ever receive such a letter, they will remove the declarations as a sort of early warning system, like the doomed birds in a coal mine. On Thursday, Reddit appeared to do just that. For the website?s users, which are legion, it offers a sobering, if unsurprising, reminder that what they say and do on Reddit is just as likely to be targeted by investigators as Facebook posts and Gmail messages are. In early 2015, Reddit?s transparency report on government data requests included these sentences: ?As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information. If we ever receive such a request, we would seek to let the public know it existed.? Those lines are missing from the transparency report Reddit published Thursday. The company did not return a request for comment. Reddit users are well-known as a combative and skeptical bunch. After Reddit posted the transparency report Thursday, some of them asked an administrator, called ?spez?, what happened to the warrant canary. ?I?ve been advised not to say anything one way or the other,? spez said. ?Even with the canaries, we?re treading a fine line. The whole thing is icky.? In 2014, Twitter sued the Justice Department for violating its free speech rights by blocking it from disclosing how many national security letters it receives. That case is ongoing. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Apr 3 13:01:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Apr 2016 14:01:28 -0400 Subject: [Infowarrior] - The Panama Papers leaked Message-ID: <7DDDEA8F-B93B-451D-B98A-355B36A61765@infowarrior.org> What you need to know about the Panama Papers Luke Harding http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers What is Mossack Fonseca? It is a Panama-based law firm whose services include incorporating companies in offshore jurisdictions such as the British Virgin Islands. It administers offshore firms for a yearly fee. Other services include wealth management. Where is it based? The firm is Panamanian but runs a worldwide operation. Its website boasts of a global network with 600 people working in 42 countries. It has franchises around the world, where separately owned affiliates sign up new customers and have exclusive rights to use its brand. Mossack Fonseca operates in tax havens including Switzerland, Cyprus and the British Virgin Islands, and in the British crown dependencies Guernsey, Jersey and the Isle of Man. How big is it? Mossack Fonseca is the world?s fourth biggest provider of offshore services. It has acted for more than 300,000 companies. There is a strong UK connection. More than half of the companies are registered in British-administered tax havens, as well as in the UK itself. How much data has been leaked? A lot. The leak is one of the biggest ever ? larger than the US diplomatic cables released by WikiLeaks in 2010, and the secret intelligence documents given to journalists by Edward Snowden in 2013. There are 11.5m documents and 2.6 terabytes of information drawn from Mossack Fonseca?s internal database. Are all people who use offshore structures crooks? No. Using offshore structures is entirely legal. There are many legitimate reasons for doing so. Business people in countries such as Russia and Ukraine typically put their assets offshore to defend them from ?raids? by criminals, and to get around hard currency restrictions. Others use offshore for reasons of inheritance and estate planning. Are some people who use offshore structures crooks? Yes. In a speech last year in Singapore, David Cameron said ?the corrupt, criminals and money launderers? take advantage of anonymous company structures. The government is trying to do something about this. It wants to set up a central register that will reveal the beneficial owners of offshore companies. From June, UK companies will have to reveal their ?significant? owners for the first time. What does Mossack Fonseca say about the leak? The firm won?t discuss specific cases of alleged wrongdoing, citing client confidentiality. But it robustly defends its conduct. Mossack Fonseca says it complies with anti-money-laundering laws and carries out thorough due diligence on all its clients. It says it regrets any misuse of its services and tries actively to prevent it. The firm says it cannot be blamed for failings by intermediaries, who include banks, law firms and accountants. Panama Papers reporting team: Juliette Garside, Luke Harding, Holly Watt, David Pegg, Helena Bengtsson, Simon Bowers, Owen Gibson and Nick Hopkins -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Apr 3 13:05:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Apr 2016 14:05:50 -0400 Subject: [Infowarrior] - Giant Leak of Offshore Financial Records Exposes Global Array of Crime and Corruption Message-ID: <20CCB280-AB3A-4CD2-93EA-7A9D983725E1@infowarrior.org> Giant Leak of Offshore Financial Records Exposes Global Array of Crime and Corruption The International Consortium of Investigative Journalists A massive leak of documents exposes the offshore holdings of 12 current and former world leaders and reveals how associates of Russian President Vladimir Putin secretly shuffled as much as $2 billion through banks and shadow companies. The leak also provides details of the hidden financial dealings of 128 more politicians and public officials around the world. The cache of 11.5 million records shows how a global industry of law firms and big banks sells financial secrecy to politicians, fraudsters and drug traffickers as well as billionaires, celebrities and sports stars. These are among the findings of a yearlong investigation by the International Consortium of Investigative Journalists, German newspaper S?ddeutsche Zeitung and more than 100 other news organizations. The files expose offshore companies controlled by the prime ministers of Iceland and Pakistan, the king of Saudi Arabia and the children of the president of Azerbaijan. They also include at least 33 people and companies blacklisted by the U.S. government because of evidence that they?d been involved in wrongdoing, such as doing business with Mexican drug lords, terrorist organizations like Hezbollah or rogue nations like North Korea and Iran. One of those companies supplied fuel for the aircraft that the Syrian government used to bomb and kill thousands of its own citizens, U.S. authorities have charged. < - BIG SNIP - > https://panamapapers.icij.org/20160403-panama-papers-global-overview.html -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Apr 5 06:30:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Apr 2016 07:30:49 -0400 Subject: [Infowarrior] - rights to continued operation in a digital world References: <20160405012840.55922A06D80@palinka.tinho.net> Message-ID: <2E020D7C-7405-456E-9D92-DE189430AA66@infowarrior.org> > Begin forwarded message: > > From: dan at geer.org > Subject: referral: rights to continued operation in a digital world > Date: April 4, 2016 at 9:28:40 PM EDT > To: rforno at infowarrior.org > Cc: dan at geer.org > > [uproar amongst home automation folks, but a good example of > what dependence on connected devices means] > > http://www.businessinsider.com/googles-nest-closing-smart-home-company-revolv-bricking-devices-2016-4?op=1 > > Nest, a smart-home company owned by Google's holding company Alphabet, > is dropping support for a line of products -- and will make customers' > existing devices completely useless. > > It's a move that has infuriated some customers, and raises worrying > questions about the rights of consumers in the ever-more connected > future. > > In October 2014, Nest acquired Revolv, a smart-home device maker, > nine months after it was itself bought by Google. The terms of the > Revolv deal were not disclosed, and as Re/code reported at the time, > the deal was an acqui-hire -- buying a company for its talent rather > than its products or users. > > Nest cofounder Matt Rogers praised Revolv as "the best team out > there," and Revolv immediately stopped selling its $300 home hub, > which could be used to control lights, doors, alarms, and so on. > > Revolv's team was to work on "Work with Nest," Nest's API program, > but customers' existing Revolv products continued to be supported > -- until recently. > > Just over a month ago, Revolv updated its website to announce that > it is closing down completely, pulling the plug on its existing > products in May. "We're pouring all our energy into Works with Nest > and are incredibly excited about what we're making," wrote Revolv > founders Tim Enwall and Mike Soucie. "Unfortunately, that means we > can't allocate resources to Revolv anymore and we have to shut down > the service." > > From rforno at infowarrior.org Tue Apr 5 06:30:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Apr 2016 07:30:55 -0400 Subject: [Infowarrior] - OT: Admiral Ackbar dies at 93 Message-ID: Erik Bauersfeld, who immortalized 'It's a trap' as Admiral Ackbar in Star Wars, dies Bauersfeld, who died at the age of 93, turned the words ?It?s a trap!? from a minor acting role into one of the most beloved lines in the Star Wars series http://www.theguardian.com/us-news/2016/apr/04/erik-bauersfeld-admiral-ackbar-its-a-trap-star-wars Monday 4 April 2016 21.09 EDT Last modified on Tuesday 5 April 2016 06.26 EDT Erik Bauersfeld, who turned three words from a minor acting role ? ?It?s a trap!? ? into one of the most beloved lines of the Star Wars series, has died. His manager, Derek Maki, says the performer died Sunday at his home in Berkeley, California, at the age of 93. Bauersfeld stayed in radio for much of his life. He stumbled into the Star Wars series while working on a radio project at Lucasfilm. Bauersfeld ended up voicing the roles of both the rebellion?s Admiral Ackbar and Jabba the Hut?s ghostly steward Bib Fortuna in 1983?s Return of the Jedi. Admiral Ackbar also appeared in The Force Awakens. Despite limited screen time, the character with a large domed head and fish-like eyes was a definite Star Wars fan favorite. His line ?It?s a trap!? even became a popular meme. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Apr 5 12:37:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Apr 2016 13:37:50 -0400 Subject: [Infowarrior] - The Pentagon Has No Idea Who to Call if There's a Cyber Attack Message-ID: The Pentagon Has No Idea Who to Call if There's a Cyber Attack Sophie Kleeman Today 12:32pm http://gizmodo.com/the-pentagon-has-no-idea-who-to-call-if-theres-a-cyber-1769133185 As our inevitable descent into digital anarchy looms large, there is some comfort to be taken in the fact that powerful, well-funded entities like the Department of Defense are there to provide protection and security. Psych! According to a report released on Monday by the United States Government Accountability Office (GAO), the Pentagon doesn?t have a properly defined chain of command when it comes to ?cyber incidents.? The GAO, which is the federal government?s biggest watchdog, found that the roles and responsibilities for how to support civilian leaders are mighty unclear. Essentially, the Department of Defense has plans in place?officially called the Defense Support of Civil Authorities?that dictate how military forces can be used for domestic events like natural and man-made disasters. But it has no such guidelines for cyber attacks. ?Various guidance documents are inconsistent on which combatant command would be designated the supported command and have primary responsibility for supporting civil authorities during a cyber incident,? the report said. One plan, for example, says that US Northern Command?tasked with defending the country and its national interests?would be in charge. A different plan, however, tasks the US Cyber Command with the same responsibility. Another major problem is the absence of a dual-status commander (i.e. someone who controls both federal military and National Guard forces). This problem played out in real time last year during a simulation of a massive cyber attack: the dual-status commander didn?t have full control over some cyber units which were then unable to perform their extremely important jobs. In response to the findings, the Department of Defense noted in the report that it ?concurs? with the recommendations. It also promises that these issues will be ?addressed.? (It outlined some cyber security tactics in a 2015 report, where it noted that ?partnership[s]? were very important.) According to the GAO report, however, as of this January, ?DOD had not begun efforts to issue or update guidance and did not have an estimate on when the guidance will be finalized.? Oh. (When reached by email, a spokeswoman for the Department had no additional comment.) But according to Joseph Kirschbaum, the director for defense capabilities and management at the GAO, ill-preparedness for digital threats is a relatively common governmental problem. ?We have indeed found similar kinds of gaps in agency plans as we found in the most recent report,? Kirschbaum told Gizmodo in an email. ?Just about everything in cyberspace is also constantly evolving, which further complicates planning.? So the Pentagon is having trouble because the internet is complicated and stuff. Some excuse. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Apr 5 14:55:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Apr 2016 15:55:43 -0400 Subject: [Infowarrior] - Cyber commander says it's 'not realistic' to shut down Internet Message-ID: <72D37F41-7088-4191-9C47-3A05F147803C@infowarrior.org> Cyber commander says it's 'not realistic' to shut down Internet By Rudy Takala http://www.washingtonexaminer.com/cyber-commander-says-its-not-realistic-to-shut-down-internet/article/2587694 It simply would not be possible to shut down areas of the Internet that terrorists use to conduct malicious activity, the head of U.S. Cyber Command told a Senate panel on Tuesday. "In a very simplistic way, people ask why can't we shut down that part of the Internet. ... Why are we not able to infiltrate that more?" Sen. Joe Manchin, D-W.Va., asked Cyber Command leader Adm. Mike Rogers during a hearing on the agency's budget for fiscal 2017. "The idea that you're just going to shut down the Internet given its construction and complexity is not realistic," Rogers responded. "It's just not that simple. I wish I could say that there's a part of the Internet that was only used by a specific set of users." Manchin maintained it was a common question from his constituents. "I've had people ask me, can't you just stop it from that area of the world where all the problems are coming, be it Syria or in parts of Iraq or Iran," he said. "I'm not just trying to find an answer, because that question is asked like shut her down, like you do your telephone, but it doesn't work that way," Manchin concluded. The comments came in the context of the broader cybersecurity threat potentially posed by the Islamic State. "They've harnessed the power of the information arena to promulgate their ideology on a global basis, to recruit on a global basis, to generate revenue and to move money as well as coordinate some level of activity on a large dispersed basis," Rogers told the panel. "What concerns me when I look at the future is, what happens if a non-state actor, ISIL being one of them, starts to view cyber as a weapons system? That would really be a troubling development," Rogers said. Presidential contenders Hillary Clinton and Donald Trump have both suggested "closing up" components of the Internet in order to combat terrorism, though those proposals have been largely met with ridicule. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 6 12:06:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Apr 2016 13:06:35 -0400 Subject: [Infowarrior] - Using The All Writs Act To Route Around The Fifth Amendment Message-ID: <11D430CC-AB0F-4321-BF5B-E034CC9D58F6@infowarrior.org> Using The All Writs Act To Route Around The Fifth Amendment https://www.techdirt.com/articles/20160404/19300434101/using-all-writs-act-to-route-around-fifth-amendment.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 6 19:00:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Apr 2016 20:00:30 -0400 Subject: [Infowarrior] - FBI spills iPhone hacking secret to senators Message-ID: <13C51316-3B25-45A5-879B-AEDADEA3CC09@infowarrior.org> DiFi.....ugh. FBI spills iPhone hacking secret to senators Shara Tibken http://www.cnet.com/news/fbi-spills-iphone-hacking-secret-to-senators/#ftag=CAD590a51e The FBI may be keeping Apple in the dark about how it broke into an iPhone used by a terrorist. But now it's letting some members of Congress in on the secret. The law enforcement agency has started briefing some US Senators about how it accessed data stored on an iPhone 5C owned by Syed Farook, one of the people involved in December's San Bernardino, California, terrorist attack that killed 14 people. That phone has been at the heart of a contentious and very public battle between Apple and the FBI -- one that has turned into a broader debate over privacy and security. Sen. Dianne Feinstein (D-Calif.) was briefed by the FBI about how it got into the iPhone 5C, a representative from her office confirmed to CNET, though he declined to give any details about the briefing. Feinstein is the vice chairman of the Senate Select Committee on Intelligence and one of the backers of a bill that would make sure the government can access encrypted data. Feinstein has called encryption "the Achilles' heel of the Internet." The National Journal, which originally reported the news of the briefings by the FBI, also said Sen. Richard Burr (R-N.C.), the chairman of the Senate Intelligence Committee and co-sponsor of an encryption bill with Feinstein, was offered a briefing but hasn't taken it yet. His office didn't immediately respond to a request for comment. The National Journal said both Feinstein and Burr believe Apple shouldn't be given information on how the FBI broke into the phone, which is an obvious stance given the bill they're planning to introduce as soon as this week. "I don't be?lieve the gov?ern?ment has any ob?lig?a?tion to Apple," Fein?stein said in a state?ment emailed to the National Journal. "No com?pany or in?di?vidu?al is above the law, and I'm dis?mayed that any?one would re?fuse to help the gov?ern?ment in a ma?jor ter?ror?ism in?vest?ig?a?tion." Law enforcement agencies like the FBI often give classified briefings to federal intelligence committees. But they don't have the same obligation to tell companies how they circumvent their security controls if sharing the information could hurt investigations. That has been particularly vexing to Apple of late. The day before a hearing was set in Riverside, California, about whether Apple should help the FBI unlock an iPhone, the FBI said it had found an alternate way to get into the phone. A week later, it said it had successfully accessed data on the iPhone but wouldn't say whether it would tell Apple about the method it used. Apple, which had been fighting a search warrant to help the FBI unlock Farook's iPhone, has said it wants the information so it can make sure its devices are secure. Apple didn't have a comment Wednesday beyond its remarks last week after the DOJ dropped its search warrant. The FBI didn't immediately respond to a request for comment. Technology companies and rights groups argue that strong encryption, which scrambles data so it can be read only by the right person, is needed to keep people safe and protect privacy. Law enforcement argues it can't fight crimes unless it has access to information on mobile devices. The standoff between Apple and the FBI brought more attention to the encryption battle, which is sure to keep going. Reuters, citing sources, reported Wednesday that the White House won't offer public support for the encryption legislation soon to be proposed by Burr and Feinstein. President Barack Obama previously had seemed to support the bill, saying last month that Americans have always made privacy trade-offs with the government when it comes to public safety. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 7 07:40:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Apr 2016 08:40:35 -0400 Subject: [Infowarrior] - Encryption issue puts federal agencies at odds Message-ID: Encryption issue puts federal agencies at odds http://thehill.com/policy/cybersecurity/275417-encryption-issue-puts-federal-agencies-at-odds -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 8 10:49:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Apr 2016 11:49:22 -0400 Subject: [Infowarrior] - Text of Burr-DiFi Crypto Access Bill Message-ID: (x-posted) A quick -- and decaffinated -- skim suggests something fairly Kafka-esque if not generally convoluted and unenforceable: Tech companies must assist law enforcement with obtaining encypted data, but we're not going ..."to require or prohibit any specific design or operating system...." Huh??? Am I incorrect in thinking this sounds like they're trying to respond to the concerns of LEO and 'do something' about the 'problem' for PR purposes but in actuality (if it gets enacted, which I doublt) it's really a wash. They also define "government" to be any US federal, state, or local gov entity. https://cryptome.org/2016/04/burr-decrypt-draft.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Apr 11 09:01:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Apr 2016 10:01:27 -0400 Subject: [Infowarrior] - Classified vs. Classified Message-ID: <4D3EC990-617D-4824-8538-250000F63CEB@infowarrior.org> Posted w/o any comment other than to mutter "cult of classification, anyone?". http://newyork.cbslocal.com/2016/04/10/obama-clinton-emails/ < - > ?What I also know, because I handle a lot of classified information, is that there are ? there?s classified, and then there?s classified,? Obama told Fox News. ?There?s stuff that is really top-secret, top-secret, and there?s stuff that is being presented to the president or the secretary of state, that you might not want on the transom, or going out over the wire, but is basically stuff that you could get in open-source.? < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Apr 11 18:03:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Apr 2016 19:03:38 -0400 Subject: [Infowarrior] - Burr And Feinstein Plan One Sided Briefing For Law Enforcement To Bitch About 'Going Dark' Message-ID: <1FB48138-A279-49B7-8294-17DE2F037C75@infowarrior.org> Burr And Feinstein Plan One Sided Briefing For Law Enforcement To Bitch About 'Going Dark' https://www.techdirt.com/articles/20160411/13460534154/burr-feinstein-plan-one-sided-briefing-law-enforcement-to-bitch-about-going-dark.shtml From rforno at infowarrior.org Mon Apr 11 18:18:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Apr 2016 19:18:24 -0400 Subject: [Infowarrior] - =?utf-8?b?T2JhbWHigJlzIOKAmGNsYXNzaWZpZWTigJkg?= =?utf-8?q?comments_strike_nerve?= Message-ID: Obama?s ?classified? comments strike nerve By Julian Hattem - 04/11/16 05:17 PM EDT http://thehill.com/policy/national-security/275887-obamas-classified-comments-strike-nerve President Obama?s latest defense of Hillary Clinton has struck a nerve with both the GOP and government leakers such as Edward Snowden. The president?s comments ? ?there?s classified and then there?s classified? ? suggested some classified information is more sensitive than other classified information, uniting in scorn critics across the political spectrum. To advocates for government transparency, the remarks stunk of duplicity by suggesting that federal classification rules are arbitrary and don't apply to the Democratic presidential front-runner. ?If only I had known,? tweeted Snowden, the former National Security Agency (NSA) contractor who fled the country in 2013 before leaking reams of classified documents about global surveillance. Snowden is now facing multiple federal charges for his leaks. ?For a lower rank-and-file person, that?s not a defense you can ever use,? said Bradley Moss, a lawyer who handles matters related to classified information. Conservatives saw new reasons to worry that the administration cannot be trusted to adequately investigate Clinton's exclusive use of a primate email server as secretary of State. Obama ?concede[d]? that Clinton ?mishandles classified information? and then ?twist[ed] to defend her,? blared the Republican National Committee. ?It leaves you with a sense that he is reaching his thumb toward the scale,? said Ron Hosko, a former high-ranking FBI official. ?I think it is, as I said, unnecessary and, from an investigators? point of view, not at all beneficial.? White House spokesman Josh Earnest was forced to defend the remark, which he said was a sign of the ?disputes in the national security bureaucracy? about how to treat classified information that has been widely discussed in the media. Obama made the comments in an interview with ?Fox News Sunday? in response to a question about Clinton?s ?homebrew? setup. ?There?s stuff that is really top-secret, top-secret, and there?s stuff that is being presented to the president or the secretary of State, that you might not want on the transom, or going out over the wire, but is basically stuff that you could get in open source,? Obama said. The government does have different levels for the sensitivity of classified material, ranging from ?confidential? to ?top-secret.? But criminal charges for mishandling classified information are largely blind to the distinction. Obama has often prided himself on leading ?the most transparent administration in history,? and in fact the number of new classified documents has declined under his watch. Yet at the same time, the Obama administration has been pilloried for its poor responsiveness under the Freedom of Information Act (FOIA), with requests that can take years to fulfill and record levels of agencies withholding documents. Additionally, more leakers have faced charges under the 1917 Espionage Act under this president than all others combined. Trying to split hairs with Clinton?s setup, his critics say, is hypocritical. ?I can?t make an excuse for someone mishandling a confidential document by saying, ?Oh it was just confidential,?? said Moss, referring the lowest level of classification. ?I?ll get laughed out of the room by security.? The White House said on Monday that Obama has never asked for or received a classified briefing about the federal investigations concerning Clinton?s machine. ?His knowledge of the case is based on public reporting,? Earnest told reporters. But if Obama had not been kept abreast of the investigation related to Clinton?s machine, then critics were left wondering why he would seek to characterize the contents of the roughly 2,000 emails now considered classified. ?How does he know?? said Hosko. ?For the president to weigh in on what might be the facts or might be wildly erroneous, I think it does little to help preserve the view of the integrity of the investigation and that it isn?t being politicized,? he added. ?His comments certainly influence people.? According to the State Department, none of the material on Clinton's machine was marked as classified at the time it was sent. Obama?s distinction about what should and should not be classified will serve as little solace to journalists filing FOIA requests or people charged with mishandling sensitive documents. But they will surely be cited in legal briefings nonetheless, potentially undermining the government?s moral high ground. Just last Friday, the Navy reportedly brought charges against Lt. Cmdr Edward Lin for handing classified information over to other countries, including potentially China and Taiwan. ?Now does this guy get to pick and choose what?s classified and what?s not classified?? said Morgan Wright, a cybersecurity consultant who has worked with the U.S. government. ?Can you imagine now the legal arguments that people are going to create because of this?? If nothing else, Obama opened his administration up for jokes at his own expense. ?Anyone have the number for the Attorney General?? Snowden tweeted on Sunday. ?Asking for a friend.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Apr 12 18:09:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Apr 2016 19:09:00 -0400 Subject: [Infowarrior] - NWS to stop SHOUTING as of 5/11 Message-ID: <2B21BFA4-9153-4573-A4DE-FC2649A910F5@infowarrior.org> National Weather Service will stop using all caps in its forecasts Farewell teletype, hello mixed-case characters April 11, 2016 LISTEN UP! BEGINNING ON MAY 11, NOAA?S NATIONAL WEATHER SERVICE FORECASTS WILL STOP YELLING AT YOU. http://www.noaa.gov/national-weather-service-will-stop-using-all-caps-its-forecasts New forecast software is allowing the agency to break out of the days when weather reports were sent by ?the wire? over teleprinters, which were basically typewriters hooked up to telephone lines. Teleprinters only allowed the use of upper case letters, and while the hardware and software used for weather forecasting has advanced over the last century, this holdover was carried into modern times since some customers still used the old equipment. Better late than never, but the slow change was not for lack of trying. The National Weather Service has proposed to use mixed-case letters several times since the 1990s, when widespread use of the Internet and email made teletype obsolete. In fact, in web speak, use of capital letters became synonymous with angry shouting. However, it took the next 20 years or so for users of Weather Service products to phase out the last of the old equipment that would only recognize teletype. Recent software upgrades to the computer system that forecasters use to produce weather predictions, called AWIPS 2offsite link (The Advanced Weather Interactive Processing System), are allowing for the change to mixed-case letters. The switch will happen on May 11, after the required 30-day notification period to give customers adequate time to prepare for the change. ?People are accustomed to reading forecasts in upper case letters and seeing mixed-case use might seem strange at first,? said NWS meteorologist Art Thomas. ?It seemed strange to me until I got used to it over the course of testing the new system, but now it seems so normal,? he said. Three forecast products will transition to mixed-case use on May 11, including area forecast discussions, public information statements and regional weather summaries. Severe weather warnings will transition this summer, with other forecasts and warnings transitioning to the new system through early next year. Upper case letters in forecasts will not become obsolete ? forecasters will have the option to use all capital letters in weather warnings to emphasize threats during extremely dangerous situations. Certain forecast products with international implications, such as aviation and shipping, will continue to use upper case letters, per international agreements that standardize weather product formats across national borders. NOAA?s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Twitter, Facebook, Instagram and our other social media channels. Media contact Susan Buchanan 301-427-9000 -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 13 05:46:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Apr 2016 06:46:34 -0400 Subject: [Infowarrior] - FBI IG on Forensics Equipment Use Message-ID: Inspector General Says FBI Not Doing Enough To Prevent Abuse Of Cell Phone Forensic Equipment By Law Enforcement Officers https://www.techdirt.com/articles/20160327/11395434023/inspector-general-says-fbi-not-doing-enough-to-prevent-abuse-cell-phone-forensic-equipment-law-enforcement-officers.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 13 09:27:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Apr 2016 10:27:29 -0400 Subject: [Infowarrior] - OPM Seeks Social Media Tracking for Background Checks Message-ID: <3FD22E1B-531F-4438-97BE-C92BED9A21E8@infowarrior.org> OPM Seeks Social Media Tracking for Background Checks By Jack Moore http://www.nextgov.com/cio-briefing/2016/04/opm-seeking-social-media-tracking-background-checks/127380/ The Office of Personnel Management is preparing for a pilot program to automatically track public social media postings of people applying for security clearances. OPM is conducting market research to find companies that can perform automated social media tracking and other types of Web crawling as part of the background investigation process, according to an April 8 request for information posted online. Responses from interested companies are due by April 15. OPM is looking for companies that can automatically browse ?publicly available electronic information,? which includes information posted to news and media sites; Facebook, Twitter and other social media postings; blog postings; online court records, updates to photo and video-sharing sites; and information gleaned from online e-commerce sites, such as Amazon and eBay. OPM is interested in companies that have fully automated capabilities -- ?with no human intervention,? according to the RFI -- with the ability to search for information ?in the parts of the World Wide Web whose contents are not indexed by standard search engines.? Companies should also have a ?robust identity matching algorithm? that won?t get tricked by similar names and return irrelevant results. The pilot project tests the feasibility of obtaining social media tracking from commercial vendors and will be a joint effort between OPM, which is responsible for performing most federal employee background checks, and the Office of the Director of National Intelligence, according to an OPM spokesman. Testing of the new tech will be conducted on a population of 400 investigations, the spokesman said, although there?s still no word on when the pilot project is set to get underway. The new solicitation is the latest in a series of government initiatives to explore the use of social media in the background investigation process. Some of these efforts have been stymied by missed deadlines and unclear policy. Pentagon and intelligence officials are leading an effort to establish ?continuous evaluation? of clearance-holders using automated data checks to replace periodic reinvestigations that currently occur only once every five or 10 years. Intelligence officials had planned to have a continuous evaluation capability in place for the most sensitive clearance holders by December 2014 but missed the deadline, according to progress updates posted on Performance.gov. Officials now plan to roll out the new program in phases, with at least 5 percent of top-secret clearance holders being continuously evaluated by March 2017. As of December, about 225,000 personnel undergo the automatic checks. A public-records continuous evaluation project is also currently underway at the State Department, according to the Performance.gov update. At a hearing in February, federal officials told lawmakers they were still working out the kinks in government policy for more widespread use of social media in the clearance process. Last June, OPM awarded a sole source contract to California-based tech company Social Intelligence for a preliminary pilot program examining social media in the clearance process. Under the terms of the contract, Social Intelligence, which has also participated in DOD social media pilots, was to provide 400 reports of publicly available online information over the following six to nine months. The security clearance process has been rocked by controversy in recent years. Last summer, OPM announced it had fallen victim to a massive data breach affecting millions of background investigation records. Even earlier, critics raised questions about OPM?s handling of background checks, pointing to potential missed red flags in the backgrounds of National Security Agency contractor Edward Snowden and other so-called ?insider threats.? In January, the Obama administration announced plans to overhaul the process, establishing a new National Background Investigations Bureau and tasking the Defense Department with the responsibility for storing and securing sensitive files. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 13 14:28:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Apr 2016 15:28:51 -0400 Subject: [Infowarrior] - WH considers killing "confidential" classification level Message-ID: <90DCF057-C978-4016-8FDA-3B42DEF292BF@infowarrior.org> (Election politics aside I think this is LONG overdue and is a large part of the decades-old overclassification problem. However, while it sounds great, does that mean that 'secret' suddenly becomes the new 'confidential' -- ie will it really change anything? --rick) Obama administration considers killing lowest tier of info classification Lauren Schneiderman By Julian Hattem - 04/13/16 10:22 AM EDT http://thehill.com/policy/national-security/276126-obama-administration-considers-killing-lowest-tier-of-classification The Obama administration is considering a proposal to kill off the lowest tier of classification amid escalating scrutiny on top government officials? ability to safeguard sensitive information. In a memo circulated to intelligence agency leaders last month, Director of National Intelligence James Clapper asked for feedback about getting rid of the ?confidential? level of classification. ?Please comment on whether the CONFIDENTIAL classification level can be eliminated from your agencies? guides and the negative impacts this might have on mission success,? Clapper wrote to the heads of the CIA, Defense Intelligence Agency and three other federal intelligence offices in his three-page memo. ?This action could promote transparency,? Clapper added, by ?simplifying agency classification practices,? focusing only on sensitive material ?that would cause significant and demonstrable harm to national security if improperly released? and reflect the fact ?that few, if any? clearances are issued at the ?confidential? level alone. Additionally, Clapper noted, the United Kingdom eliminated its ?confidential? level of government secrecy in 2014, so following suit would ?align? the two countries? systems. In addition to "confidential," the government also marks sensitive information as "secret" and "top secret." Eliminating the lowest level of classification would have a dramatic effect on the number of classified documents created by the government. It also could have beneficial effects for Democratic presidential candidate and former Secretary of State Hillary Clinton, whose private email server contained thousands of messages now considered classified. The vast majority of the roughly 2,000 documents on Clinton?s machine are considered confidential. The potential change to eliminate the lowest level of classification was one of four possibilities listed in Clapper?s memo. Other suggestions included reducing the number of people able to classify materials, implementing a new ?discretionary? program for declassifying documents and creating a new classification guide for agencies across the intelligence community. The suggestions are in response to an executive order Obama signed in 2009, which aimed to open up government secrets. ?I believe your efforts will serve as a significant step forward in furthering our shared goals for greater openness and reduced classification activity while protecting legitimate national security interests,? Clapper wrote. The memo was dated March 23 but was largely ignored until Politico reported on the suggestion Wednesday. The Federation of American Scientists?s project on government secrecy posted the memo on its blog last week. Obama has had a mixed record on government openness, despite his frequent promises to be ?the most transparent administration in history.? The White House has scaled back the number of new classified documents and taken steps to peel back the curtain on government secrecy, such as with his 2009 executive order. Yet the administration has also been accused of having a paltry record on compliance with the Freedom of Information Act, and more government leakers have been accused of crimes under the 1917 Espionage Act than during all other presidents combined. This week, Obama was pilloried by some government leakers and Republicans following comments seeming to dismiss concerns about Clinton?s emails, while also suggesting that some classified information is not worthy of rigorous protection. ?There?s classified, and then there?s classified,? Obama said on ?Fox News Sunday? last weekend. ?There?s stuff that is really top secret, top secret, and there?s stuff that is being presented to the president or the secretary of State that you might not want on the transom, or going out over the wire, but is basically stuff that you could get in open source.? ? This report was updated at 10:48 a.m. Tags: Hillary Clinton -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 13 19:42:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Apr 2016 20:42:27 -0400 Subject: [Infowarrior] - UC Davis spent thousands to scrub pepper spray references from Internet Message-ID: UC Davis spent thousands to scrub pepper spray references from Internet By Sam Stanton and Diana Lambertsstanton at sacbee.com http://www.sacbee.com/news/local/article71659992.html UC Davis contracted with consultants for at least $175,000 to scrub the Internet of negative online postings following the November 2011 pepper spraying of students and to improve the reputations of both the university and Chancellor Linda P.B. Katehi, newly released documents show. The payments were made as the university was trying to boost its image online and were among several contracts issued following the pepper spray incident. Some payments were made in hopes of improving the results computer users obtained when searching for information about the university or Katehi, results that one consultant labeled ?venomous rhetoric about UC Davis and the chancellor.? Others sought to improve the school?s use of social media and to devise a new plan for the UC Davis strategic communications office, which has seen its budget rise substantially since Katehi took the chancellor?s post in 2009. Figures released by UC Davis show the strategic communications budget increased from $2.93 million in 2009 to $5.47 million in 2015. ?We have worked to ensure that the reputation of the university, which the chancellor leads, is fairly portrayed,? said UC Davis spokeswoman Dana Topousis. ?We wanted to promote and advance the important teaching, research and public service done by our students, faculty and staff, which is the core mission of our university.? Money to pay the consultants came from the communications department budget, Topousis said. It is one more example of how out of touch the leadership at UC Davis is when it comes to their public perspective. Doug Elmets, public affairs consultant The documents outlining the expenditures were released to The Sacramento Bee this week in response to requests filed last month under the California Public Records Act. The documents reflect an aggressive effort to counteract an avalanche of negative publicity that arose after the Nov. 18, 2011 pepper spraying of student protesters by campus police. Fallout from that incident continued for more than a year, as investigations and lawsuits played out and spawned criticism of UC Davis and demands that Katehi resign. In January 2013, UC Davis signed on with a Maryland company called Nevins & Associates for a six-month contract that paid $15,000 a month. ?Nevins & Associates is prepared to create and execute an online branding campaign designed to clean up the negative attention the University of California, Davis, and Chancellor Katehi have received related to the events that transpired in November 2011,? a six-page proposal from Nevins promised. ?Online evidence and the venomous rhetoric about UC Davis and the Chancellor are being filtered through the 24-hour news cycle, but it is at a tepid pace,? the proposal said. The objectives Nevins outlined for the contract included ?eradication of references to the pepper spray incident in search results on Google for the university and the Chancellor.? That objective was to be achieved by advising UC Davis officials on the use of Google platforms as part of ?an aggressive and comprehensive online campaign to eliminate the negative search results for UC Davis and the Chancellor.? < - > In June 2014, the university hired Sacramento-based ID Media Partners in an $82,500 contract to ?design and execute a comprehensive search engine results management strategy.? The firm, which does business under the name IDMLOCO, said in documents provided by the university that its ?primary goal? was to ?achieve a reasonable balance of positive natural search results on common terms concerning UC Davis and Chancellor Katehi.? A second contract was awarded to IDMLOCO in February 2015 for a fee of $8,000 a month ? up to a limit of $96,000 ? to develop an ?integrated social media program for executive communications.? IDMLOCO was awarded a third contract in September 2015 for $22,500 a month, or a maximum of $67,500, to ?provide an assessment of the University?s Strategic Communications redesign.? ?Given the recent changes in the Strategic Communications team, this is the right opportunity to fully understand and thoughtfully design an organization that maps to the Chancellor?s goals for the university,? IDMLOCO said in a proposal to Karl Engelbach, Katehi?s associate chancellor. IDMLOCO has offices on L Street and was co-founded by Matt Eagan, a campaign aide to former Gov. Arnold Schwarzenegger, and Bryan Merica, a technology consultant who also is a co-founded of the Fox&Hounds blog that focuses on politics and business. Merica and Eagan did not respond to requests for comment Wednesday. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 14 06:44:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Apr 2016 07:44:03 -0400 Subject: [Infowarrior] - Appeals court rules warrantless collection of cellphone location data constitutional Message-ID: Court rules warrantless collection of cellphone location data constitutional A federal court of appeals rejected a constitutional challenge from two convicted robbers making it more likely that the US supreme court will consider the issue http://www.theguardian.com/us-news/2016/apr/14/court-rules-warrantless-collection-of-cellphone-location-data-constitutional -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 14 06:55:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Apr 2016 07:55:12 -0400 Subject: [Infowarrior] - F.B.I. Tried to Defeat Encryption 10 Years Ago, Files Show Message-ID: <597A603E-C54C-4E8C-90CC-E67C64485215@infowarrior.org> F.B.I. Tried to Defeat Encryption 10 Years Ago, Files Show Matt Apuzzo http://www.nytimes.com/2016/04/14/technology/fbi-tried-to-defeat-encryption-10-years-ago-files-show.html WASHINGTON ? In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable. So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group?s computers to help get around the encryption. That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency?s recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround. The Trail Mix records also reveal what is believed to be the first example of the F.B.I. remotely installing surveillance software, known as spyware or malware, as part of a criminal wiretap. ?This was the first time that the Department of Justice had ever approved such an intercept of this type,? an F.B.I. agent wrote in a 2005 document summing up the case. The next year, six activists were convicted of conspiracy to violate the Animal Enterprise Protection Act in the case. An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was ?circumstantial evidence of their agreement to participate in illegal activity.? Ryan Shapiro, a national security researcher and animal welfare advocate, provided the documents in the case to The New York Times after obtaining them in a Freedom of Information Act lawsuit. Several important details remain secret, including whether the tactic worked. The wiretap was disclosed at trial but the software hacking was not, said Lauren Gazzola, one of the defendants, who now works for the Center for Constitutional Rights. It is also unclear why the Justice Department, which is required to report every time it comes across encryption in a criminal wiretap case, did not do so in 2002 or 2003. The Justice Department and F.B.I. did not comment Wednesday. The Trail Mix documents provide an unusual, if dated, glimpse at the cat-and-mouse game that the F.B.I. has been playing for years with people who use technology to keep their affairs secret. The records show that, even when encryption was not widely used, there was a growing frustration about it in the F.B.I. To defeat it, agents built and used surveillance software earlier than was known. ?The documents show that the F.B.I. has been in the hacking business for a long time,? said Chris Soghoian, a technology analyst with the American Civil Liberties Union who reviewed the records. The technology company has been locked in a major legal battle against law enforcement officials over privacy and security. In 2008 the F.B.I. began a campaign called ?Going Dark? to build support for laws requiring companies to allow government access to data in unencrypted form. But the Trail Mix records show that agents were frustrated by encryption many years earlier, and saw the fight against terrorism as an opportunity to get new authority. ?The current terrorism prevention context may present the best opportunity to bring up the encryption issue,? an F.B.I. official said in a December 2002 email. A month later, a draft bill, called Patriot Act 2, revealed that the Justice Department was considering outlawing the use of encryption to conceal criminal activity. The bill did not pass. The Trail Mix investigation focused on sabotage and stalking at Huntingdon Life Sciences, a company with a New Jersey laboratory that conducted pharmaceutical testing on animals. The group Stop Huntingdon Animal Cruelty strongly opposed the company?s testing and advocated protests to end it. F.B.I. agents contended members of the group were also behind criminal attacks that included nuisances like sending nonstop faxes of all-black paper and hacking attacks that caused more than $450,000 in damages and lost business. Federal law labeled such attacks eco-terrorism. The activists communicated using a well-known security program called Pretty Good Privacy, which makes emails unreadable by anyone without a password and a digital key. The agents tried several tactics, including getting a ?full-content? wiretap that intercepted every byte that left the group?s computers. Yet the encryption proved unbreakable. More than a decade later, the F.B.I. still cannot break sophisticated encryption such as the kind used on Apple?s iPhones. Early this year, in its investigation of the San Bernardino, Calif., terrorist attack, the Justice Department tried to require Apple to remove some security features from a locked iPhone so the F.B.I. could guess the password. Eventually, a private consultant developed a way to hack into the phone without Apple?s help, and sold the idea to the F.B.I. Agents in the Trail Mix case also found a workaround. Like the San Bernardino case, the Trail Mix solutions were classified. ?Please be advised that the tool itself is classified SECRET,? an F.B.I. computer specialist from Quantico, Va., wrote in early 2003 while delivering an early version of the tool. ?Further, any indication that the tool is specifically software in nature is also classified.? Exactly what the software was built to do is still not clear. But language in the documents suggests that it may have copied the digital keys, kept track of keystrokes to help the F.B.I. identify the passwords, or both. In a Mafia case years earlier, agents sneaked into a Philadelphia office and attached a device to a computer that recorded every keystroke. That classified device helped agents break into an encrypted file. But until Trail Mix, such a tactic had never been tried using software as part of a wiretap, the documents show. Cases like Operation Trail Mix and the San Bernardino shootings are examples of why many government officials say they need a new law to guarantee access to encrypted data. Going case-by-case, hack-by-hack is impractical, they say. ?Individually tailored solutions have to be the exception and not the rule,? Valerie Caproni, the F.B.I.?s top lawyer, told Congress in 2011. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 14 07:50:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Apr 2016 08:50:22 -0400 Subject: [Infowarrior] - =?utf-8?q?_I=E2=80=99m_documenting_my_own_Alzheim?= =?utf-8?q?er=E2=80=99s_disease_while_I_still_can?= Message-ID: I?m documenting my own Alzheimer?s disease while I still can I fear the day when I put my fingers on the keyboard and don?t know how to write anymore. By Greg O'Brien April 13 Greg O'Brien is the author of "On Pluto: Inside the Mind of Alzheimer's" and a patient-advocate for the Alzheimer's Association. He is featured in the NOVA film ?Can Alzheimer?s Be Stopped?" < - > https://www.washingtonpost.com/posteverything/wp/2016/04/13/im-documenting-my-own-alzheimers-disease-while-i-still-can/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 14 09:31:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Apr 2016 10:31:59 -0400 Subject: [Infowarrior] - Next U.S. National Military Strategy to be Classified Message-ID: Next U.S. National Military Strategy to be Classified http://fas.org/blogs/secrecy/2016/04/military-strategy/ In a number of national security policy areas, there is a long-term trend in favor of greater transparency and disclosure. For example, the U.S. Army openly published a manual last week on Techniques for Information Collection During Operations Among Populations (ATP 3-55.4). It supersedes and replaces a previous publication from 2007 (FM 2-91.6) that was for restricted distribution and was marked For Official Use Only. But in some other areas, the arrow of transparency is pointed backwards and previously unclassified categories of records are becoming newly restricted or classified. That appears to be the case with The National Military Strategy of the United States of America. It was publicly released as an unclassified document in 2015, but the forthcoming edition that is to be completed by the end of next year will be classified. ?The [next] national military strategy will be a classified document,? said Marine Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, in a March 29 speech at the Center for Strategic and International Studies. He acknowledged that up to now the National Military Strategy was ?an unclassified document that has historically, you know, been written for the public.? But the next Strategy will not be made public, although ?we will certainly articulate to the public the guts of a national military strategy,? he said. He did not elaborate on the rationale for classification of the hitherto unclassified document, except to say that ?in my mind, what the national military strategy ought to do is drive the development of our operation[al] plans. And more importantly, drive the development of viable options that we would need in a crisis [or] contingency.? His speech was reported in Defense News (April 5) and the US Naval Institute News (March 29). The Congressional Research Service said ?it can be assumed? that Special Operations Forces ?will figure prominently in DOD?s new classified military strategy document.? But CRS warned that ?a high or increased level of U.S. SOF involvement in the nation?s new classified military strategy could come with a price?. there could be a tendency to assign them an inordinate amount of responsibility under this new strategic construct.? See U.S. Special Operations Forces (SOF): Background and Issues for Congress, updated April 8, 2016. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 14 15:33:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Apr 2016 16:33:49 -0400 Subject: [Infowarrior] - MSFT sues gov over secret warrants Message-ID: <75E45072-2532-4AD2-9E7E-C5047FCB53EC@infowarrior.org> Keeping secrecy the exception, not the rule: An issue for both consumers and businesses Posted April 14, 2016 by Brad Smith - President and Chief Legal Officer This morning we filed a new lawsuit in federal court against the United States government to stand up for what we believe are our customers? constitutional and fundamental rights ? rights that help protect privacy and promote free expression. This is not a decision we made lightly, and hence we wanted to share information on this step and why we are taking it.... < - > http://blogs.microsoft.com/on-the-issues/2016/04/14/keeping-secrecy-exception-not-rule-issue-consumers-businesses/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 14 15:42:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Apr 2016 16:42:33 -0400 Subject: [Infowarrior] - Moronic US Attorney idea ... 'ban importing OS crypto' Message-ID: US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption https://www.techdirt.com/articles/20160413/17431434176/us-attorney-suggests-solution-to-open-source-encryption-ban-importation-open-source-encryption.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Apr 16 18:19:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Apr 2016 19:19:25 -0400 Subject: [Infowarrior] - =?utf-8?q?The_FBI=E2=80=99s_Asinine_Attempt_to_Re?= =?utf-8?q?troactively_Justify_Cracking_Farook=E2=80=99s_Phone?= Message-ID: <9B9E1030-1A5A-4E69-A8D4-CA3DABCDAB6E@infowarrior.org> The FBI?s Asinine Attempt to Retroactively Justify Cracking Farook?s Phone https://www.emptywheel.net/2016/04/15/the-fbis-asinine-attempt-to-retroactively-justify-cracking-farooks-phone/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Apr 18 07:47:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Apr 2016 08:47:43 -0400 Subject: [Infowarrior] - Fwd: 85% of online advertising to Facebook + Google References: <20160418123204.77970A06D91@palinka.tinho.net> Message-ID: <4D4BDA3B-A1F6-4295-94AC-C8FD8C43FB2B@infowarrior.org> -- It's better to burn out than fade away. > Begin forwarded message: > > From: dan at geer.org > > 85% of online advertising to Facebook + Google, users never leave > walled gardens > > http://www.nytimes.com/2016/04/18/business/media-websites-battle-falteringad-revenue-and-traffic.html > From rforno at infowarrior.org Mon Apr 18 07:47:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Apr 2016 08:47:37 -0400 Subject: [Infowarrior] - Fwd: How the Senate Encryption Bill Resembles Chinese Law (And How it Does Not) References: <1531501498.1925127.1460979287681.JavaMail.yahoo@mail.yahoo.com> Message-ID: <4C8A56C2-5155-41E5-B095-D4F3DAD40B15@infowarrior.org> -- It's better to burn out than fade away. > Begin forwarded message: > > From: Mark > > > How the Senate Encryption Bill Resembles Chinese Law (And How it Does Not) > By Patrick Tucker > April 15, 2016 > http://www.defenseone.com/technology/2016/04/how-senate-encryption-bill-resembles-chinese-law-and-how-it-does-not/127546/ > The Senate Intelligence Committee unveiled legislation this week that would require technology companies to give up your encrypted iPhone messages to law enforcement. The bill shares a bit with similar legislation China adopted last year. > The Senate?s Compliance with Court Orders Act of 2016 wants to make technology companies like Apple comply with court orders and give ?intelligible information or data, or appropriate technical assistance to obtain such information or data,? to law enforcement. In other words, the bill says that communications companies no longer could provide end-to-end encryption to consumers that the providers can?t break (even under court order.) That means that they can?t offer?actual end-to-end encryption. > So far, the bill has earned predictable condemnation from the technology community, whose reaction has run the spectrum from mockery to alarm. Kevin Bankston, who directs New America?s Open Technology Institute, described it toWired as ?easily the most ludicrous, dangerous, technically illiterate? proposal he had seen in 20 years. Reuters reports that the White House?is hesitant . > Two law-enforcement associations are backing the measure. The National District Attorneys Association and the International Association of Chiefs of Police sent a letter to committee heads Thursday, thanking them for their efforts to rein in Apple and other communications companies run amok (by offering security features that make devices safer for consumers to the inconvenience of law enforcement.) > ?We saw recently in the San Bernardino case, Apple refused to comply with a valid, legally issued search warrant obtained by establishing probable cause before a judge. This unfortunate decision by Apple only serves to highlight the fact that Apple and other companies currently have the ability to unilaterally decide who has access to evidence that is essential to day to day investigations. Simply put, this allows for profit companies to determine what they believe is the appropriate balance between customer data security, versus the security of our communities,? the groups argue in the letter. > If the legislation were to pass, consumers from Boston to Beijing could lose security features that protect data from hackers and, yes, governments. > The proposed law resembles new Chinese rules that also demand companies help authorities access user data. > In 2014, a committee within the National People?s Congress?was considering legislation that would have required technology companies to build encryption backdoors into systems and devices for the Chinese government to use as part of investigations into terrorism (though the definition of terrorism was fairly broad .) The rule also would have mandated that companies store customer data on servers located in China. > U.S. Secretary of State John Kerry, U.S. Treasury Secretary Jacob Lew, and other U.S. officials?objected to the legislation. The U.S. technology community also presented a united front on the issue, and the pleas worked. The legislation that passed at the end of last year removed the controversial part about housing data onshore in China, and forcing companies to share encryption keys with the government. But it did require them to offer ?technical means of assistance? to law enforcement. > Chinese parliament law division head Li Shouwei?told reporters that the law was ?the same as what other major countries in the world do.? > The Compliance With Court Orders Act is not expected to pass. If it does, companies like Apple will face similar pressure from the U.S. and China, the technology industry?s number one target market for future sales . Smartphone penetration into the Chinese market is at?about 50?percent. > If the legislation were to pass, consumers from Boston to Beijing could lose security features that protect data from hackers, and, yes, governments. > Robert Atkinson, president of the Information Technology and Innovation Foundation, or ITIF, a Washington think tank, says the two bills differ substantially in terms of intent. ?China?s legislation on encryption is in part designed to squelch free speech; our?s is designed to help prevent crime and terror,? he said, but added ?that?s not to say that the Senate bill is the right bill. It?s not.? > Reason? The bill overlooks the importance of ?strong encryption to U.S. cybersecurity,? Atkinson argued, something that they cover in this new?report. > By Patrick Tucker // Patrick Tucker is technology editor for Defense One. He?s also the author of The Naked Future: What Happens in a World That Anticipates Your Every Move? (Current, 2014) . Previously, Tucker was deputy editor for The Futuristfor nine years. Tucker has written about emerging technology in Slate, The Sun, MIT Technology Review, Wilson Quarterly, The American Legion Magazine, BBC News Magazine, Utne Reader, and elsewhere. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Mon Apr 18 08:01:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Apr 2016 09:01:52 -0400 Subject: [Infowarrior] - US and Russia to meet on cybersecurity Message-ID: <4419BCFA-0BED-4B79-A1E1-728DEA24B385@infowarrior.org> US and Russia to meet on cybersecurity Katie Bo Williams http://thehill.com/policy/cybersecurity/276639-us-and-russia-to-meet-on-cybersecurity Senior Russian and U.S. cybersecurity officials will meet this week in Geneva to renew efforts to prevent a cyber war between the two nations, officials told CNN. Officials from the White House, the State Department and FBI will attend the meetings, which will focus on a review of several cybersecurity ?confidence-building? agreements signed in 2013 by the two governments. According to one official, the meetings will not be a resumption of the so-called Bilateral Presidential Commission working group, suspended in 2014 after Russia annexed Crimea. Relations between the U.S. and Russia have been strained since the Kremlin invaded eastern Ukraine and began supporting pro-Russian separatists. U.S. officials have tried to downplay the meetings. "This meeting is not a restart of the Bilateral Presidential Commission working group, but it is in our interest to discuss cybersecurity issues with Russia, including to review the 2013 Bilateral U.S.-Russia Cyber [confidence-building measures]," said one senior U.S. official. One of those measures includes a ?hot line? between the two governments to allow officials to communicate during a cybersecurity crisis. The meetings come just months after suspected Russian hackers shut down large portions of the Ukrainian power grid in a coordinated cyberattack that is seen as the first major blackout caused by hackers. Current and former U.S. officials cite Russia as a key nation-state threat when it comes to cybersecurity. Hackers from Russia, Iran and China are all probing the U.S. power grid for vulnerabilities, officials note. National Security Agency Director Michael Rogers even acknowledged to lawmakers that China and ?one or two? other countries could shut down portions of critical U.S. infrastructure using a cyberattack. Russia is believed to be on that list. While the Ukrainian government and many security researchers believe that Russia was behind the strike on civilian infrastructure, the Obama administration has not publicly blamed Russia for the attack. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Apr 19 17:53:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Apr 2016 18:53:20 -0400 Subject: [Infowarrior] - Secret spy court scolded NSA, FBI for not deleting data Message-ID: <195E60BA-045A-403E-89AE-B8361BC973B1@infowarrior.org> Secret spy court scolded NSA, FBI for not deleting data Julian Hattem http://thehill.com/policy/national-security/276904-secret-spy-court-scolded-nsa-fbi-for-not-deleting-data Analysts within the National Security Agency ?potentially? violated the law by improperly failing to delete information collected about people on the Internet, the federal court overseeing U.S. intelligence agencies declared in an opinion declassified on Tuesday. A judge on a secretive federal court was ?extremely concerned? that the NSA?s continued to hold on to data that it was supposed to delete, he wrote in the November 2015 opinion. By maintaining retention of the information, the spy agency violated ?several provisions? of its internal policies, and was ?potentially? in violation of the law, Judge Thomas Hogan of the U.S. Foreign Intelligence Surveillance Court (FISC) claimed in the heavily redacted order. In addition to the infractions by the NSA, officials at the FBI also failed to abide by protections designed to protect attorney-client privileges in an unidentified number of cases discovered in 2014 and 2015, Hogan claimed. The violations were contained in an 80-page order declassified by the Office of the Director of National Intelligence on Tuesday. The shadowy FISC always meets behind closed doors and is tasked with overseeing operations at U.S. intelligence agencies. In a statement releasing the decision and two other orders from the FISC on Tuesday, the nation?s top spy office suggested that the violations were the result of miscommunication. ?The government has informed the court that there was no intent to leave the FISC with a misimpression or misunderstanding, and it has acknowledged that its prior representations could have been clearer,? the Office of the Director of National Intelligence claimed. Unless it has been designated for retention, the NSA is supposed to delete data picked up on the Internet within two or five years, depending on the means through which it was collected. But in a notice to the FISC last July, the government said that it was retaining some data on two systems used by the spy agency for longer. According to the court opinion, the NSA claimed that it was keeping the data for ?collection avoidance? and to comply with other procedures. The court had previously demanded that the NSA get rid of data in a similar situation in 2010 and 2012, and ?it would be difficult to conclude? that the ruling did not also apply in the July, 2015, case, Hogan claimed. ?Perhaps more disturbing and disappointing than the NSA?s failure to purge this information for more than four years, was the government?s failure to convey to the court explicitly during that time that the NSA was continuing to retain this information,? he wrote. The topic was discussed at a secret Oct. 8 hearing, and the government soon after pledged to comply with some procedures it had violated. Separately, the Hogan claimed to have been ?extremely concerned? about some of the cases in the FBI's situation, which appeared to signal some agents? confusion about the rules they needed to have in place to protect attorney-client privileges. In October, the government promised to take additional steps to fix the problems, which ?satisfied? the judge. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 21 06:23:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Apr 2016 07:23:26 -0400 Subject: [Infowarrior] - UK surveillance bill will force tech companies to disclose new products before they lau Message-ID: <664B8404-2294-4049-84BA-8825116E9902@infowarrior.org> UK surveillance bill will force tech companies to disclose new products before they launch | ZDNet Zack Whittaker http://www.zdnet.com/article/uk-spy-bill-will-force-tech-firms-to-disclose-future-products-before-launch/ Internet, phone, and tech companies will have to inform the UK government of new products, services, and features ahead of their launch to ensure that they can be subject to surveillance. The new policy is buried within a draft code of practice document as part of the UK government's efforts to reform its surveillance laws, and will impose obligations on tech companies operating in the country. The policy will compel companies to inform the government of any major changes to products that may hinder or prevent police and intelligence agencies from intercepting communications or accessing stored retained data. "[Companies] subject to a technical capability notice must notify the Government of new products and services in advance of their launch, in order to allow consideration of whether it is necessary and proportionate to require the [company] to provide a technical capability on the new service," the policy document reads. It's seen as an effort to ensure that no product or service can include unbreakable or end-to-end encryption, which can make state surveillance difficult. The policy is a supplemental document to the Investigatory Powers Bill, a draft bill that aims to reform and clarify fragmented parts of existing legislation. Much of the UK government's surveillance powers date back to 2000, and have been interpreted and since expanded by legal amendments and internal policies. The bill hasn't gone unnoticed, drawing criticism and heavy scrutiny, both at home and around the world. A group of UN rapporteurs and experts told lawmakers that there would be a "chilling effect" on freedoms of speech and expression, should the UK's draft surveillance bill become law. US tech companies are also far from happy with the bill, arguing that it would among other things undermine strong encryption. Any company with operations in the UK -- including Apple, Facebook, Google, Microsoft, and Twitter, which have submitted written evidence calling on the British lawmakers to revise the bill -- would have to comply with the rules. "The tech companies will have little say and the Government say explicitly they have the power to bring legal action against them if they do not comply," said Millie Graham Wood, a legal officer at Privacy International. In a blog post, she said that companies who face demands under the bill by the government would have no recourse or judicial oversight. "It is not solely the lack of judicial oversight and accountability that could push companies away from the UK," said Graham Wood in an email. "Many companies have submitted evidence to the Investigatory Powers Bill committees on the impact of having to retain communications data for up to 12 months." The UK government is set to finalize its surveillance reform proposals in the coming months. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 21 06:25:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Apr 2016 07:25:52 -0400 Subject: [Infowarrior] - =?utf-8?q?Of_Course_Congress_Is_Clueless_About_Te?= =?utf-8?q?ch=E2=80=94It_Killed_Its_Tutor?= Message-ID: <09DE3380-BB73-4276-96DA-04E45EE24E83@infowarrior.org> Of Course Congress Is Clueless About Tech?It Killed Its Tutor Author: Kim Zetter http://www.wired.com/2016/04/office-technology-assessment-congress-clueless-tech-killed-tutor/ When the draft version of a federal encryption bill got leaked this month, the verdict in the tech community was unanimous. Critics called it ludicrous and technically illiterate?and these were the kinder assessments of the ?Compliance with Court Orders Act of 2016,? proposed legislation authored by the offices of Senators Diane Feinstein and Richard Burr. The encryption issue is complex and the stakes are high, as evidenced by the recent battle between Apple and the FBI. Many other technology issues that the country is grappling with these days are just as complex, controversial, and critical?witness the debates over law enforcement?s use of stingrays to track mobile phones or the growing concerns around drones, self-driving cars, and 3-D printing. Yet decisions about these technical issues are being handled by luddite lawmakers who sometimes boast about not owning a cell phone or never having sent an email. Politicians on Capitol Hill have plenty of staff to advise them on the legal aspects of policy issues, but, oddly, they have a dearth of advisers who can serve up unbiased analysis about the critical science and technology issues they legislate. This wasn?t always the case. US lawmakers once had a body of independent technical and scientific experts at their disposal who were the envy of other nations: the Office of Technology Assessment. That is, until the OTA got axed unceremoniously two decades ago in a round of budget cuts. 'It is just the height of self-imposed ignorance that Congress would insist on doing without the OTA.' Former Congressman Rush Holt Now, when lawmakers most need independent experts to guide them through the morass of technical details in our increasingly connected world, they have to rely on the often-biased advice of witnesses at committee hearings?sometimes chosen simply for their geographical proximity to Washington DC or a lawmaker?s home district. ?There are so many things that the OTA could be helpful on today,? says former congressman Rush Holt, a research physicist by training, who tried to revive the OTA during his time in office. ?It is just the height of self-imposed ignorance that Congress would insist on doing without the OTA.? Congress Needs OTA More Than Ever Congress? need for the OTA is more glaring in light of the fact that the White House recently engaged two lauded technical experts to advise the executive branch. Last year, the White House made Princeton University computer science professor Ed Felten its deputy chief technology officer for the Office of Science and Technology Policy. A respected voice in the privacy and security communities, Felten now advises the White House on important issues like the encryption backdoor debate. And this year the President?s Privacy and Civil Liberties Oversight Board?which advises the president on the privacy and civil liberties implications of NSA surveillance programs, among other things?gained its first high-level technology adviser with the appointment of Columbia University computer scientist Steve Bellovin. More recently, the White House named a number of tech experts to its new cybersecurity commission. Yet Congress stubbornly refuses to do the same for itself. Ashkan Soltani, who recently served as chief technologist to the Federal Trade Commission, says it?s important to have experts who are not lobbyists or activists with an ax to grind and do not represent companies that stand to profit from the decisions lawmakers make. Tech and science geeks, he says, can ?basically be an encyclopedia for how things work, and can really help policymakers get to a good outcome,? he told WIRED. ?We had that in the OTA and that went away, and I think that was a huge mistake.? To be fair, Soltani says that some lawmakers do engage technologists on their own to educate themselves individually, but they?re the exception. Revelations about the NSA's spying programs made it obvious that lawmakers who oversaw these programs lacked the ability to comprehend modern intelligence agencies' sophisticated levels of surveillance. In 2012, when Rep. Bill Foster (D-Illinois), a particle physicist, was elected to office, he noted that only about 4 percent of federal lawmakers have technical backgrounds. But rather than acknowledge this shortcoming, both Democratic and Republican politicians have exploited their lack of expertise to sidestep controversial issues. Both sides, for example, have wielded the ?I?m not a scientist? excuse to avoid taking stands on the controversial practice of fracking. A lack of scientific and technical expertise has not stopped other lawmakers, however, from disputing and even attacking recognized experts whose research produces findings the lawmakers don?t support. The lack of tech expertise on Capitol Hill has never been more glaring than in the wake of the Edward Snowden leaks. Revelations about the NSA?s extensive spying programs made it obvious that lawmakers who conducted oversight of these programs lacked the ability to comprehend the level of surveillance modern intelligence agencies can do with the sophisticated technologies available to them today. As a result, many politicians briefed on the surveillance programs were unable to pose the right questions about the NSA?s controversial bulk collection of phone records and email metadata. After the secret phone records program was exposed in 2013, President Obama insisted that ?every member of Congress? had been briefed on it. But these were legal briefings ?to explain the law? relevant to the program. Lawmakers didn?t understand the extensive surveillance the government could do simply by mining the metadata around the calls that people make to one another?data that can reveal a lot about a person?s activity and the people with whom they associate. ?Most members of Congress don?t know enough about science and technology to know what questions to ask, and so they don?t know what answers they?re missing,? Holt told WIRED. Even when those answers are publicly available for anyone to read, lawmakers don?t seem to know how to find them or have anyone ensuring that they heed them. The recent Feinstein-Burr crypto bill, for example, completely ignores the public warnings of crypto experts (.pdf) and intelligence officials that installing crypto backdoors in systems is a bad idea. Lamenting the Loss of OTA These were precisely the kinds of concerns raised in the 1960s when interest in a special tech advisory body first emerged on Capitol Hill. The Office of Technology Assessment was created in 1972 by an act of Congress during the Nixon administration, when lawmakers expressed alarm that they couldn?t understand and properly legislate complicated science and technology issues. Former Senator Edward L. Bartlett bemoaned that policymakers were often easily swayed by special interests as a result. ?Far too often congressional committees for expert advice rely upon the testimony of the very scientists who have conceived the program, the very scientists who will spend the money if the program is authorized and appropriated for.? The OTA was designed not only to educate lawmakers but also to serve as a counterweight to the biased experts the White House trotted out in support of bills it wanted lawmakers to approve. At its peak, the OTA had an annual budget of about $20 million and around 140 permanent staffers who were supplemented when needed by subject-matter experts from outside. All of them together provided detailed research on everything from acid rain and sustainable agriculture to electronic surveillance and anti-ballistic missile programs. The reports the OTA produced over the years were known for their rigor. ?There was a lot of effort to make sure that the reports were really solid and had been vetted,? says Andrew Wyckoff, who managed the OTA?s Information, Telecommunications and Commerce program before the OTA?s demise. The OTA was so revered that the Washington Times once called it ?the voice of authority in a city inundated with statistics and technical gobbledygook.? Other countries, such as the Netherlands, even sent representatives to DC to learn how it worked so they could replicate it back home. There's another reason lawmakers may not want to resurrect the OTA: A panel of independent experts, producing facts that contradict a lawmaker's position, make it hard for a politician to deceive and sway the public. To avoid politicization, the OTA was overseen by a bi-partisan board of 12 lawmakers?drawn equally from both parties in the House and Senate?who decided which projects OTA would tackle. Although the OTA occasionally proposed a research project on its own, the majority were requested by individual lawmakers or congressional committees. During its two decades, the group produced more than 700 reports, some on highly classified topics like terrorism. Others addressed nuclear proliferation, the effectiveness of satellite and space programs, genetic engineering, computer security and privacy, the environmental impact of various technologies, and the role US forces should play in United Nations peacekeeping operations. Although the OTA never made policy recommendations, its reports played an important role in influencing policy, from limiting employer rights to give workers polygraph tests, to encouraging lawmakers to extend Medicare coverage to older women for mammograms and pap smears. Why OTA Got Cut The OTA and lawmakers didn?t always get along, however. Some lawmakers whined about the time it took the OTA to produce reports (.pdf)?one to two years on average, by which time legislation relevant to the reports had often already been passed or rejected. But this wasn?t an insurmountable problem, and the OTA could have adapted to the needs of lawmakers by producing interim reports, Wyckoff says. ?In fact there were constant briefings going on behind the scenes with OTA staff and congressional committees,? he recalls. Other times it was unpopular simply because its reports didn?t support the conclusions lawmakers preferred, as happened with President Reagan?s beloved $20-billion Star Wars initiative, which the OTA concluded was a disaster. ?When it came to missile defense, it was pretty clear to them that [the technology] wouldn?t work as claimed, so they said so,? Holt says. The Star Wars program was eventually dissolved five years later. If that was a victory of sorts, it was short-lived, as the OTA itself was killed two years after that in 1995, a victim of the Republican Party?s Contract with America vow to shrink government. ?Congress was looking for a certain size budget cut, and unfortunately the OTA?s budget fit that perfectly,? says Wyckoff. The OTA ?may have deserved a maiming,? he adds, ?but certainly not the death penalty.? Critics considered the act a disturbing blow against reason and worried about the effect it would have on future policymaking. ?Decision-making is easy if you can ignore the facts and skip the details,? M. Granger Morgan, head of the Department of Engineering and Public Policy at Carnegie Mellon University, wrote in an opinion piece for the Pittsburgh Post-Gazette after the vote. Holt made numerous attempts over the years to revive the OTA while in Congress, without success. Those opposed to the OTA?s revival claimed there was no money to fund it, but Holt disagrees. ?We?re talking about what would be a few tens of millions of dollars, which is decimal dust in the federal budget,? Holt told WIRED. ?If Congress wanted the help of OTA, wanted that information available to them, Congress certainly could have afforded it.? Some critics of the OTA contend that research entities like the Government Accountability Office and Congressional Research Services fill the void left by OTA (.pdf). But Peter Blair, a former assistant director of the OTA, disagrees and says GAO and CRS reports don?t provide the kind of highly technical information OTA reports gave lawmakers, and in a language they could easily understand. ?The one real value of OTA was in a specific congressional context and in a language that would be relevant to the Congress,? says Blair. Wyckoff says the CRS does great work, but it?s produced primarily by single-subject experts. ?It?s hard for one person to go into issues that are increasingly multi-disciplinarian projects,? he says. By contrast, ?OTA would construct panels to look at [issues] from many different dimensions.? But there may be one other reason lawmakers have resisted calls to resurrect the OTA?fear that reports from an independent body like the OTA would conflict with their positions on issues. A panel of independent experts, producing facts that contradict a lawmaker?s position, make it hard for a politician to deceive and sway the public. ?[P]eople?generally and policy makers especially?tend to use really broad language to describe things, which allows enough ambiguity to let them get the outcome they want,? says Soltani. ?But when you have a geek on the other side of the table, it forces you to get into a level of specificity that makes it harder to be vague, lie, or even describe things inaccurately.? To revive the OTA, lawmakers wouldn?t need to do anything more than restore funding for it. But that?s not likely to occur anytime soon. Two years ago, Holt introduced an amendment to the legislative branch spending bill of 2015 that would allocate funds to do precisely that. A coalition of science, tech, legal, and civil liberties groups sent a letter to leaders of the House Appropriations Subcommittee urging them to revive the OTA. ?Technology plays a central role in our lives, from biomedicine to banking, from national security to new energy sources,? they wrote. ?Congress needs an independent source of expertise it can trust.? Holt?s amendment would have earmarked just $2.5 million to jumpstart the OTA?a small fraction of the OTA?s operating budget during its heyday?but even that didn?t make the cut. Lawmakers rejected his amendment by a vote of 248 to 164. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Apr 21 06:55:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Apr 2016 07:55:45 -0400 Subject: [Infowarrior] - Privacy International Releases Trove of Documents That Proves Staggering Reach of Surveillance Agencies Message-ID: <0F59A0A5-CBF3-4CB0-9A47-605346F1293D@infowarrior.org> REVEALED: Privacy International Releases Trove of Documents That Proves Staggering Reach of Surveillance Agencies 20 April 2016 Embargoed until 00.01 Thursday 21 April. The documents referred to in this press release are downloadable here Previously confidential documents published today reveal the staggering extent of UK Government surveillance that has been kept secret from the public and Parliament for the last 15 years. Revealed in a case brought by Privacy International about the use of so-called 'Bulk Personal Datasets' and a law dating back to 1984, the extracts show that the UK Government's intelligence services, GCHQ, MI5, and MI6, routinely requisition personal data from potentially thousands of public and private organisations. This includes data held by financial institutions and may also include anything from confidential NHS records to databases of people who have signed electronic petitions. The term 'Bulk Personal Datasets' was first used in March last year in an Intelligence & Security Committee (ISC) Report. Even the ISC, the Parliamentary Committee that oversees the work of the intelligence agencies and has full security clearance, was unaware of the use of BPDs until recently. The papers released today act as proof of, and show the sheer scale of, British intelligence agency surveillance of our personal data. It goes far beyond monitoring our text messages, email messages, and social media posts. The intelligence agencies have secretly given themselves access to potentially any and all recorded information about us. The documents reveal the potential to requisition medical records and confidential information shared with a doctor (including blood group, physical characteristics (hair/eye colour), biometrics), travel records, financial records, population data, commercial data (details of corporations and individuals involved in commercial activities), regular feeds from internet and phone companies, billing data or subscriber details, content of communications (including with lawyers, MPs, or doctors), and records from government departments. The Intelligence and Security Committee reported (paras 156, 158) that there are hundreds of millions of records which may be linked together. The datasets are likely to contain significant quantities of information about British citizens. None of the intelligence agencies have been able to provide statistics about the volume of personal information about British citizens included in the datasets. The extent of abuses of personal sensitive data has also been revealed for the first time. In recent years only three cases of non-compliance or misuse resulted in staff being disciplined. It is not apparent that any victims have been notified. The documents also describe the intelligence agencies' use of Section 94 of The Telecommunications Act 1984 to access data in bulk. The Telecommunications Act is pre-internet legislation that was never intended to enable this level of intrusion in a digital age. Until November 2015 that use of Section 94 to require telecommunications companies to provide bulk access to communications data outside the protections of the RIPA (Regulation of Investigatory Powers Bill) regime was unknown..... < - > https://www.privacyinternational.org/node/853 -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 22 13:54:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Apr 2016 14:54:38 -0400 Subject: [Infowarrior] - Court Says National Security Letters Are Now Constitutional Under USA Freedom Act Message-ID: <1DC53AB2-FF27-4CB9-920A-F0315BB1C3A2@infowarrior.org> Court Says National Security Letters Are Now Constitutional Under USA Freedom Act https://www.techdirt.com/articles/20160421/16473934241/court-says-national-security-letters-are-now-constitutional-under-usa-freedom-act.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 22 13:56:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Apr 2016 14:56:26 -0400 Subject: [Infowarrior] - Expanding Unconstitutional Backdoor Searches Of Surveillance Data Is Easy: Just Change What Words Mean Message-ID: Expanding Unconstitutional Backdoor Searches Of Surveillance Data Is Easy: Just Change What Words Mean https://www.techdirt.com/articles/20160422/07350334243/expanding-unconstitutional-backdoor-searches-surveillance-data-is-easy-just-change-what-words-mean.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 22 17:39:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Apr 2016 18:39:23 -0400 Subject: [Infowarrior] - Hollywood Raises Red Flag Over FCC's Plan for TV Set-Top Boxes Message-ID: Hollywood Raises Red Flag Over FCC's Plan for TV Set-Top Boxes Rob Golum @robserved April 22, 2016 ? 5:54 PM EDT http://www.bloomberg.com/news/articles/2016-04-22/hollywood-raises-red-flag-over-fcc-s-plan-for-tv-set-top-boxes Hollywood is raising concerns about a U.S. government proposal that would make it easier for pay-TV customers to buy their own set-top boxes, saying it would facilitate piracy. The Federal Communications Commission voted in February to begin drafting rules that will open cable and satellite providers? devices to competition. That would be great news for tech companies devising new ways to deliver entertainment to your living room -- and spell trouble for cable companies, which get billions of dollars from renting out the boxes that connect to TVs. Movie makers are siding with the cable companies. The Motion Picture Association of America, the studios? trade and lobbying group, outlined the industry?s objections in a statement Friday, saying the FCC?s proposal amounts to ?taking the intellectual property of the content industry and giving it to some members of the technology industry? or ?making it easier for pirate site operators to build a black market business.? The organization expressed concerns over set-top boxes that could search the Internet for video, serving up results displaying pirated programs alongside authorized content. ?We must oppose any regulation that would import the piracy problem from the Internet search world into the pay-TV world by mixing pirated content with authorized content, causing further harm to content creators and the creative economy,? the MPAA said. According to the MPAA, the FCC proposal requires pay-TV providers to transmit to third-party device manufacturers and Internet application developers all the content that pay-TV providers license from programmers, without requiring those third parties to seek consent from the programmers or to compensate them. ?The text of the proposal falls short, treading into copyright issues over which the FCC has no authority,? the MPAA said. Virtually all pay-TV subscribers rent their set top boxes from cable or satellite companies. The average household pays more than $200 a year in rental fees, generating almost $20 billion in revenue, according to U.S. Senators Edward J. Markey, a Massachusetts Democrat, and Democrat Richard Blumenthal of Connecticut. Some movie studios are owned by corporations that also have large stakes in the cable industry. Universal Pictures is part of Comcast Corp., the biggest U.S. cable provider. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Apr 23 17:07:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Apr 2016 18:07:31 -0400 Subject: [Infowarrior] - The Terrorist iPhone Snow Job Message-ID: <37AC918D-F57E-490E-9069-E6DF1F5DA5FA@infowarrior.org> The Terrorist iPhone Snow Job http://original.antiwar.com/Adam_Dick/2016/04/20/terrorist-iphone-snow-job/ by Adam Dick, April 21, 2016 It all started so ?harmless.? The Federal Bureau of Investigation (FBI) wanted to access the information of a person being investigated for mass murder so, the FBI said, it could try to prevent more terrorist attacks. A couple months later this has morphed into a situation where the FBI is offering to help police departments across America access secured information of any electronic device connected to criminal investigations and where members of the United States Senate are moving forward with legislation to force technology companies to give the government access to secured, including via encryption, electronic devices information. First, the FBI?s bumbled handling of an iPhone connected to a mass killing in San Bernardino provided an opening for the FBI to seek a precedent-setting court order to require Apple to assist the government in overcoming the phone?s security. Rather convenient, one might say, for a government agency determined to search and seize with the minimum possible constraint. Then, when Apple resisted the court?s order that was obtained ex parte (without Apple being afforded an opportunity to present its opposing arguments), the FBI dropped the case, claiming it found people who helped it bypass the iPhone?s security. This is after the FBI had told the magistrate judge that the FBI needed Apple?s help to accomplish the task. Now, a ?law enforcement source? has told CBS News that ?so far nothing of real significance has been found? on the San Bernardino iPhone. This latest development should come as no surprise. There were plenty of indications early on that the San Bernardino iPhone likely had very little to no information that would be helpful for pursuing the mass murder investigation or for protecting people from any potential terrorist attack. Jenna McLaughin summed up in a February 26 The Intercept article what seemed to be the FBI?s real motivation in seeking the court order: ?It?s becoming increasingly clear that law enforcement doesn?t really think there?s any important data on San Bernardino killer Syed Rizwan Farook?s iPhone and that it has more precedent-setting value than investigative value.? McLaughlin then proceeds in her article to detail several reasons to believe there would be little to no investigative benefit gained from overcoming the iPhone?s security. Among other reasons, McLaughlin notes that the FBI already had ?plenty of phone data, none of which indicated any overseas terror connection;? that the local police chief had said there was ?a reasonably good chance that there is nothing of any value on the phone;? and that the iPhone was Farook?s employer-owned work phone that ? unlike his laptop computer and two personal phones ? he had not bothered to demolish. The FBI?s effort to force Apple to overcome the San Bernardino iPhone?s security was never about one phone of one terrorist. Instead, it was about expanding the ability to overcome privacy protections of electronic devices via the courts after the executive branch had tried and failed in its effort to help bring through Congress legislation that would force companies to provide the government with ?backdoor? access to electronic information. As time goes on, the veneer is wearing away. Investigators, including at the American Civil Liberties Union, are revealing the great breadth of the FBI?s effort to obtain court orders against Apple and other technology companies, as well as that such efforts appear more likely to arise from victimless drug crime investigations than from terrorism or murder investigations. Also, just four days after FBI Director James Comey had claimed in a February 21 press release that ?The San Bernardino litigation isn?t about trying to set a precedent or send any kind of message,? Comey admitted before the US House of Representatives Intelligence Committee that the San Bernardino iPhone court proceedings ?will be instructive for other courts.? Then, shortly after the FBI announced its success at breaching the San Bernardino iPhone?s security without Apple?s assistance, the FBI sent a letter to police departments across America promising to help them overcome privacy protections on electronic devices. Considering that Manhattan, New York District Attorney Cyrus R. Vance, Jr. claimed in February that his prosecutors alone have 175 iPhones with information they want to access but cannot because of encryption, there is likely much demand for the FBI?s assistance. Meanwhile, the legislative push that the Obama administration publicly abandoned in the fall of 2015 appears to have new energy. On Wednesday, Senate Intelligence Committee Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA) released draft legislation intended to empower courts to require Apple and others to, as Feinstein puts it, ?render technical assistance or provide decrypted data? in criminal investigations. While Feinstein uses the word ?terrorists? three times in her three-paragraph introduction to the draft legislation on her Senate website, there is no doubt that her goal, like the FBI?s, is for the US government to be able to exercise sweeping power to overcome privacy protections on electronic devices, and not just for terrorism investigations. Talk of terrorism is a persuasive way of advancing the privacy-stripping effort by using people?s fear to overcome their desire for liberty. The effort to ensure the US government can exercise expansive powers, including even the conscription of technology companies, to overcome security keeping electronic information private has taken some twists and turns in the last few months. But, make no mistake: An attack on liberty and privacy is moving forward in the courts and in Congress. Reprinted from The Ron Paul Institute for Peace & Prosperity. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Apr 24 15:34:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Apr 2016 16:34:13 -0400 Subject: [Infowarrior] - YIFY Speaks: Confessions Of A Movie Piracy Icon Message-ID: YIFY Speaks: Confessions Of A Movie Piracy Icon ? By Ernesto ? on April 24, 2016 For several years YTS/YIFY was one of Hollywood's biggest arch-rivals, but that suddenly ended late last year after its founder was threatened with a multi-million dollar lawsuit. Today, YIFY speaks for the first time after the shutdown. About how it all started, fans, haters, movie piracy and his accomplishments. <- > https://torrentfreak.com/yify-speaks-confessions-of-a-movie-piracy-icon-160424/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Apr 25 07:42:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Apr 2016 08:42:50 -0400 Subject: [Infowarrior] - Kuwait to DNA test and tag all tourists Message-ID: <76903434-BFDE-45D6-96A9-5E8169C5FDCB@infowarrior.org> (c/o DG) Kuwait to DNA test and tag all tourists 2016-04-23 11:00 - Thinus Ferreira http://traveller24.news24.com/Flights/kuwait-to-dna-test-and-tag-all-tourists-20160423 Cape Town ? All visitors and tourists to Kuwait will now have to submit to a DNA test and be DNA tagged before they?re allowed to enter the Persian Gulf state. In a world first, Kuwait wants to DNA ?tag? everybody in, as well as entering the country with the new DNA legislation that will become law this year. The Kuwait government says the forced DNA testing won?t affect people?s personal freedom and privacy but will be done to keep track of people and to help if they commit crimes. Tourists and visitors to Kuwait will get their DNA taken through specimens of saliva or a few drops of blood done at a special DNA testing facility at the airport. The DNA collection will be done at a special testing centre at Kuwait International Airport and there will be ?consequences of rejecting its procedures? for visitors who refuse the mandatory test. Citizens will be DNA tested by using mobile testing centres that will move through the state and residents will have their DNA captured when they apply for the issuing or renewing of residency visas during medical examinations. According to The Kuwait Times, the DNA testing law is ?aimed at creating an integrated security database?. The law ? the first of its kind in the world ? and the DNA tagging will only be used for ?criminal security purposes? according to Kuwait officials. ?Kuwait will have a database including DBA fingerprints of allcitizens, residents and visitors. This law is the first of its kind in the world and Kuwait is the first country worldwide to apply the system,? notes the publication. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Apr 26 06:40:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Apr 2016 07:40:26 -0400 Subject: [Infowarrior] - FBI Hides Its Surveillance Techniques From Federal Prosecutors Because It's Afraid They'll Become Defense Lawyers Message-ID: <32F6C441-DE43-4D46-8C15-3EF35021649A@infowarrior.org> FBI Hides Its Surveillance Techniques From Federal Prosecutors Because It's Afraid They'll Become Defense Lawyers https://www.techdirt.com/articles/20160423/20522034256/fbi-hides-surveillance-techniques-federal-prosecutors-because-afraid-theyll-become-defense-lawyers.shtml We know the FBI isn't willing to share its investigative techniques with judges. Or defendants. Or the general public. Or Congress. The severely restrictive NDAs it forced law enforcement agencies to sign before allowing them to obtain IMSI catchers is evidence of the FBI's secrecy. Stingray devices were being used for at least a half-decade before information starting leaking into the public domain. The FBI doesn't want to hand over details on its hacking tools. Nor does it want to discuss the specifics of the million-dollar technique that allowed it to break into a dead terrorist's phone (which held nothing of interest). USA Today's Brad Heath has obtained documents showing the FBI's tech secrecy extends even further than its nominal opponents (judges, defense lawyers, defendants). Its secrecy even involves freezing out other players on the same team. < - > In case you can't see or read the picture above, here's what the memo says: Over the past few months, ERF [Engineering Research Facility] has expressed concern about Tech Agents revealing technical details to Case Agents and especially to AUSAs. There have been several instances of AUSAs becoming familiar with our techniques, then resigning and becoming defense lawyers. There also is concern about retiring Agents performing investigative work for defense counsel (i.e. right here in MP). < - > So, the FBI will hide information from their own case agents in order to prevent defendants from obtaining the details of the surveillance used to build a case against them. Needless to say, preventing the defense from obtaining these details also prevents judges and juries from hearing them and using those to weigh the Constitutionality of the techniques. This secrecy undercuts defendants' rights by denying them the opportunity to challenge the evidence or the methods used to obtain it. It also blows right by the Fourth Amendment by obfuscating the techniques used, a process that begins with search warrant affidavits that deliberately leave out essential details in order to protect the FBI's surveillance secrets. The FBI's cavalier attitude towards the rights of Americans traces back to the days of J. Edgar Hoover. While the agency has moved ahead in terms of technical prowess, the underlying "ends justifies the means" attitude appears unchanged. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 27 07:15:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Apr 2016 08:15:22 -0400 Subject: [Infowarrior] - A complete guide to the new 'Crypto Wars' Message-ID: A complete guide to the new 'Crypto Wars' http://www.dailydot.com/politics/encryption-crypto-wars-backdoors-timeline-security-privacy/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Apr 27 14:24:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Apr 2016 15:24:57 -0400 Subject: [Infowarrior] - The Burr-Feinstein Crypto Bill Would Gut Our Cybersecurity Message-ID: <2A197F56-DCD0-4122-9F3A-FBB5F1B0616C@infowarrior.org> The Burr-Feinstein Crypto Bill Would Gut Our Cybersecurity ? April 26, 2016 ? Riana Pfefferkorn https://law.stanford.edu/2016/04/26/the-burr-feinstein-crypto-bill-would-gut-our-cybersecurity/ In the name of saving cybersecurity, a new bill before Congress would kill cybersecurity. On April 13, Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) released an official draft of their long-awaited anti-encryption bill. The sponsors of the ?Compliance with Court Orders Act of 2016? (CCOA) call it an innocuous law-and-order measure to ensure that American companies comply with court orders. In truth, it is a technologically tone-deaf and downright dangerous piece of legislation. The CCOA would apply to device manufacturers, software and app makers, social media companies, cloud storage providers, and many others. When the government obtains a court order or warrant while investigating serious crimes or terrorism, covered entities must either provide the requested information in ?intelligible? ?unencrypted ? form or give law enforcement all technical assistance necessary to render it intelligible. In short, the CCOA requires that covered entities guarantee that law enforcement can access and understand their users? information. However appealing this might sound, it is actually an attack on security, something the public needs more, not less of. Strong security, including encryption, is critical for e-commerce, banking, national security, privacy, freedom of expression, protecting intellectual property, and the U.S. tech sector?s global competitiveness. As cryptography experts have repeatedly and consistently explained for over two decades (since the last time the U.S. government threatened strong encryption in the 1990s), we cannot make a ?golden key? that only ?good guys? with a court order can use to ?unlock? encrypted information. Any built-in means for accessing encrypted data can, and will, be used by the bad guys too. That?s why the experts are against it. Yet the Burr-Feinstein bill perpetuates the ?golden key? fantasy. In the pursuit of that impossible goal, the bill would effectively ban cornerstone security concepts such as end-to-end encryption, which makes communications readable only by the sender and intended recipient, and perfect forward secrecy, which protects previous encrypted communications even if an encryption key or password is compromised in the future. The CCOA is a misguided reaction to law enforcement?s alarmist and unsupported claims that criminal activity is ?going dark? due to encryption. Contrary to those claims, this is actually a ?golden age for surveillance? where more information about people than ever before is available to law enforcement from smartphones, social networks, cloud storage providers, and text-messaging and email services. Given the plethora of information available to investigators, not to mention eyewitnesses, informants, and video surveillance, taking the risk of making communications information less secure is foolhardy. The CCOA would ban American entities from providing their customers the best data protection they possibly can. You?d think Congress would find better encryption desirable, given Washington?s embarrassing record of security snafus at federal agencies including the Office of Personnel Management, the IRS, and even the FBI, not to mention breaches at Sony or the multiple hospitals that have been subject to ransomware demands. The punchline to this joke of a bill: The CCOA won?t keep the bad guys from hiding their activities. Even FBI Director James Comey has admitted that sophisticated criminals and terrorists will continue to use encryption that?s impervious to law enforcement, no matter what law the U.S. passes. Reports by security expert Bruce Schneier and New America?s Open Technology Institute found hundreds of effective encryption offerings that are readily available from open-source projects and entities outside the U.S., beyond the CCOA?s jurisdiction. Plus, there are already millions of existing devices, apps, and software programs that employ encryption designs the CCOA seeks to ban. Burr and Feinstein cannot hope to reach all of them. The only good news about the Burr-Feinstein bill is that it has been given poor odds of passing. The White House has refused to endorse it, and other members of Congress including Rep. Darrell Issa (R-CA) and Sen. Ron Wyden (D-OR) have roundly condemned it. So has Reform Government Surveillance, a coalition of Internet companies. While the April 13 draft is clearly not finished, there is no amount of work that could fix it. Sens. Burr and Feinstein should finally start listening to what the experts have been saying for two decades: There is no golden key. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 29 13:58:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Apr 2016 14:58:19 -0400 Subject: [Infowarrior] - Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill Message-ID: <18D0FF5F-43E3-4CED-9FBC-A356F8B0BD36@infowarrior.org> Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill https://www.techdirt.com/articles/20160428/23212934310/senators-burr-feinstein-write-ridiculous-ignorant-op-ed-to-go-with-their-ridiculous-ignorant-bill.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Apr 29 13:58:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Apr 2016 14:58:31 -0400 Subject: [Infowarrior] - Supreme Court Gives FBI More Hacking Power Message-ID: Supreme Court Gives FBI More Hacking Power Jenna McLaughlin Apr. 28 2016, 6:18 p.m. https://theintercept.com/2016/04/28/supreme-court-gives-fbi-more-hacking-power/ The Supreme Court on Thursday approved changes that would make it easier for the FBI to hack into computers, many of them belonging to victims of cybercrime. The changes will take immediate affect in December, unless Congress adopts competing legislation. Previously, under the federal rules on criminal procedures, a magistrate judge couldn?t approve a warrant request to search a computer remotely if the investigator didn?t know where the computer was?because it might be outside his or her jurisdiction. The rule change, sent in a letter to Congress on Thursday, would allow a magistrate judge to issue a warrant to search or seize an electronic device if the target is using anonymity software like Tor. Over a million people use Tor to browse popular websites like Facebook every month for perfectly legitimate reasons, in addition to criminals who use it to hide their locations. The changes, which would allow the FBI go hunting for anyone browsing the Internet anonymously in the U.S. with a single warrant, are already raising concerns among privacy advocates who have been closely following the issue. ?Whatever euphemism the FBI uses to describe it?whether they call it a ?remote access search? or a ?network investigative technique??what we?re talking about is government hacking, and this obscure rule change would authorize a whole lot more of it,? Kevin Bankston, director of Open Technology Institute, said in a press release. Ahmed Ghappour, a visiting professor at University of California Hastings Law School, has described it as ?possibly the broadest expansion of extraterritorial surveillance power since the FBI?s inception? because it could potentially allow the FBI to hack a large number of computers domestically and abroad. The Supreme Court ruling also expands the warrants to allow the FBI to hack into computers in five or more districts that have been hacked, such as those infected by a botnet?a type of malware that gives criminal hackers the power to take over many innocent ?zombie? computers to distribute spam or spread viruses. This part of the ruling would allow the FBI to search the victim?s property, explained Amie Stepanovich, senior policy counsel for digital rights group Access Now in a message to The Intercept. ?On account of their distributed nature, investigations of unlawful botnets undoubtedly pose a significant barrier to law enforcement,? she said in testimony before an obscure judiciary committee that considered the rule change before it got to the Supreme Court. However, ?the proposed amendment unilaterally expands [FBI] investigations to further encompass the devices of the victims themselves, those who have already suffered injury and are most at risk by the further utilization of the botnet.? It?s up to Congress to propose legislation that would modify or reject the proposed changes to the criminal procedure rules. Lawmakers have until Dec. 1, otherwise the new policies would immediately take affect. ?These amendments will have significant consequences for Americans? privacy and the scope of the government?s powers to conduct remote surveillance and searches of electronic devices,? Senator Ron Wyden, D-Ore., wrote in a press release. ?I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Apr 30 09:28:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Apr 2016 10:28:07 -0400 Subject: [Infowarrior] - FISC did not deny any surveillance requests last year Message-ID: <5FF02535-F990-45EE-A4ED-C70D679F1884@infowarrior.org> US foreign intelligence court did not deny any surveillance requests last year http://www.theguardian.com/law/2016/apr/30/fisa-court-foreign-intelligence-surveillance-fbi-nsa-applications The secretive US foreign intelligence surveillance court did not deny a single government request in 2015 for electronic surveillance orders granted for foreign intelligence purposes, continuing a longstanding trend, a Justice Department document showed. The court received 1,457 requests last year on behalf of the National Security Agency and the FBI for authority to intercept communications, including email and phone calls, according to a Justice Department memo sent to leaders of relevant congressional committees on Friday. The court did not reject any of the applications in whole or in part, the memo showed. The total represented a slight uptick from 2014, when the court received 1,379 applications and rejected none. The court, which acts behind closed doors, was established in 1978 to handle applications for surveillance warrants against foreign suspects by US law enforcement and intelligence agencies and grew more controversial after 2013 leaks by former NSA contractor Edward Snowden. Intelligence committee senator said he plans to introduce bill to block expansion to ?rule 41? on warrants for suspects who hide their location, set for December The electronic surveillance often is conducted with the assistance of internet and telecommunications companies. Civil liberties advocates have long derided the court for acting as a ?rubber stamp? for government surveillance operations. Government officials have said the Justice Department is careful about its applications and that sometimes orders are modified substantially by the court. The court modified 80 applications in 2015, a more than fourfold increase from the 19 modifications made in 2014. The memo also stated that 48,642 national security letter (NSL) requests were made in 2015 by the FBI. NSLs are a type of subpoena authority used to compel internet and telecommunications firms to hand over customer data, such as web browsing history, email addresses and subscriber information. One NSL often contains multiple requests for information, such as a sequence of emails believed relevant to an investigation. The majority of NSL requests, 31,863, made in 2015 sought information on foreigners, regarding a total of 2,053 individuals, the memo stated. The FBI made 9,418 requests for national security letters in 2015 for information about US citizens and legal immigrants, regarding a total of 3,746 individuals, it showed. The FBI also made 7,361 NSL requests for only ?subscriber information?, typically names, addresses and billing records, of Americans and foreigners regarding 3,347 different people. National security letters have been available as a law enforcement tool since the 1970s, but their frequency and breadth expanded dramatically under the USA Patriot Act enacted shortly after the 9/11 attacks on the United States. They are almost always accompanied by an open-ended gag order issued by the Justice Department barring companies from disclosing the contents of the demand for customer data. The government also made 142 applications to the surveillance court for access to business records, and it did not deny any of those requests, according to the memo. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Apr 30 18:07:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Apr 2016 19:07:28 -0400 Subject: [Infowarrior] - The government wants your fingerprint to unlock your phone Message-ID: <4456345C-0994-4F87-A205-F776BDF036FF@infowarrior.org> The government wants your fingerprint to unlock your phone. Should that be allowed? Los Angeles Times http://www.latimes.com/local/california/la-me-iphones-fingerprints-20160430-story.html As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it. It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair? The U.S. Supreme Court has held that police can search phones with a valid warrant and compel a person in custody to provide physical evidence such as fingerprints without a judge's permission. But some legal experts say there should be a higher bar for biometric data because providing a fingerprint to open a digital device gives the state access to a vast trove of personal information and could be a form of self-incrimination. "It isn't about fingerprints and the biometric readers," said Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law, but rather, "the contents of that phone, much of which will be about her, and a lot of that could be incriminating." In the Glendale case, the FBI wanted the fingerprint of Paytsar Bkhchadzhyan, a 29-year-old woman from L.A. with a string of criminal convictions who pleaded no contest to a felony count of identity theft. She was sentenced in that case on Feb. 25 in a Van Nuys courtroom. Jail records and court documents show that about 45 minutes after Bkhchadzhyan was taken into custody, U.S. Magistrate Judge Alicia Rosenberg ? sitting in a federal courtroom 17 miles away ? signed off on the warrant for the defendant to press her finger on the phone. By 1 p.m., an FBI agent specializing in cybercrimes took her print, according to court papers. Why authorities wanted Bkhchadzhyan to unlock the phone is unclear. The phone was seized from a Glendale residence linked to Sevak Mesrobian, who according to a probation report was Bkhchadzhyan's boyfriend and a member of the Armenian Power gang with the moniker of "40." Asst. U.S. Atty. Vicki Chou said the search was part of an ongoing probe. She declined further comment. Other court documents in the case were filed under seal. Even with the limited outlines of the inquiry, Brenner said the act of compelling a person in custody to press her finger against a phone breached the 5th Amendment's protection against self-incrimination. It forced Bkchadzhyan to testify ?without uttering a word ? because by moving her finger and unlocking the phone, she authenticated its contents. "By showing you opened the phone, you showed that you have control over it," Brenner said. "It's the same as if she went home and pulled out paper documents ? she's produced it." But Albert Gidari, the director of privacy at Stanford Law School's Center for Internet and Society, said the action might not violate the 5th Amendment prohibition of self-incrimination. "Unlike disclosing passcodes, you are not compelled to speak or say what's 'in your mind' to law enforcement," Gidari said. "'Put your finger here' is not testimonial or self-incriminating." The issue partly revolves around the prevailing legal stance toward fingerprints. Law enforcement routinely obtains search warrants to examine property or monitor telecommunications, even swab inside an inmate's mouth for DNA. But fingerprints have long remained in the class of evidence that doesn't require a warrant, along with providing handwriting samples or standing in a lineup. Courts have categorized fingerprints as "real or physical evidence" sourced from the body, unlike communications or knowledge, which cannot be compelled without violating the 5th Amendment. George M. Dery III, a lawyer and criminal justice professor at California State University, Fullerton, likened the warrant to the government's request for a key. "Before cell phones, much of this information would be found in a person's home," Dery said, noting that search warrants commonly authorize police to march into a home and seize evidence. "This has a warrant. Even though it is a big deal having someone open up their phone, they've gone to a judge and it means there's a likelihood of criminal activity." Apple's fingerprint sensor, known as Touch ID, is installed on phones and tablets rolled out after 2013, and the optional feature has a narrow window during which it is viable for an investigator. The Touch ID biometric reader cannot be used if the phone has not been unlocked for 48 hours. If a phone is restarted, or goes beyond the 48-hour window, only a passcode can open it. Few courts have taken up the issue of whether a defendant can be forced to unlock his or her iPhone, either with a password or fingerprint. In a Virginia trial court, David Charles Baust was accused of trying to strangle a woman in his bedroom, which was equipped with a video recording device that the victim said could have been linked to Baust's phone. Investigators seized the phone via search warrant, but it could only be opened with a passcode or fingerprint reader. In 2014, a judge said Baust could be compelled to provide his fingerprint to open a locked phone but could not be ordered to disclose a passcode. The judge reasoned that providing a fingerprint was akin to giving a key, while giving a passcode ? stored in one's mind ? entailed revealing knowledge and therefore testifying. Baust was later acquitted. George Mgdesyan, an attorney who has previously represented both Bkhchadzhyan and Mesrobian, said he was unsure why authorities were trying to unlock her phone. He said he was not representing Bkhchadzhyan in any federal criminal matter and believed the probe included hacking and possibly "other issues." The attorney denied that the search of Bkhchadzhyan's phone was connected to Mesrobian, who has been held in North Kern State Prison since Feb. 12. matt.hamilton at latimes.com -- It's better to burn out than fade away.