From rforno at infowarrior.org Tue Dec 20 20:33:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Dec 2016 02:33:15 -0000 Subject: [Infowarrior] - Employee sues Google for 'illegal' confidentiality policies Message-ID: Employee sues Google for 'illegal' confidentiality policies It apparently runs an internal spying program and even prohibits employees from writing a novel about working in Silicon Valley. Nicole Lee, @nicole 2h ago in Internet https://www.engadget.com/2016/12/20/employee-sues-google-for-illegal-confidentiality-policies/ The Information has reported that a Google employee brought a lawsuitagainst his employer, accusing the company for internal confidentiality policies that supposedly breach California labor laws. One of the more egregious complaints is that Google apparently runs an internal "spying program" that encourages employees to snitch on one another if they think someone leaked information to the press. Further, Google apparently warns employees to not write about potentially illegal activities within the company, even to Google's own attorneys. There's even a note that prohibits employees from writing "a novel about someone working at a tech company in Silicon Valley" without approval. The employee, known only as "John Doe" in the suit, said that one of the reasons for this strict policy is that the company is very fearful of leaks to the press, so much so that anyone who's guilty of it could be fired. In fact, the employee in question was apparently falsely accused of doing just that. "Confidential information" is classified as "everything at Google," and can't be shared with "press, members of the investment community, partners, or anyone else outside of Google." Essentially, the lawsuit alleges that employees are barred from discussing anything about Google anywhere. According to the lawsuit, current labor laws state that employees should be able to discuss workplace conditions and potential violations inside the company without the fear of retribution. Additionally, that it should relax the policies so that employees are allowed to speak about the company to outsiders under certain circumstances. The lawsuit was filed in the California Superior Court in San Francisco under California's Private Attorneys General Act. If successful, the state would collect 75 percent of the penalty, while the rest would be paid out over to the company's 65,000 employees. Since there are 12 alleged violations in the suit, the maximum fine could amount to $3.8 billion, with each employee getting about $14,600. "Google's motto is 'don't be evil.' Google's illegal confidentiality agreements and policies fail this test," the lawsuit said. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 21 11:00:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Dec 2016 17:00:56 -0000 Subject: [Infowarrior] - =?utf-8?q?Congrats=2C_hackers=3A_you=E2=80=99re_n?= =?utf-8?q?ow_a_munition_=28sort_of=29?= Message-ID: Congrats, hackers: you?re now a munition (sort of) Wassenaar rules require export licenses for anything that could be considered ?intrusion software??but not in US, yet. Sean Gallagher - Dec 20, 2016 10:01 pm UTC http://arstechnica.com/tech-policy/2016/12/us-fails-in-bid-to-renegotiate-arms-trade-restrictions-on-exploit-data-export/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 21 11:11:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Dec 2016 17:11:10 -0000 Subject: [Infowarrior] - EU's highest court delivers blow to UK snooper's charter Message-ID: <9DBB9D12-1BED-4A54-8E1D-B5C9ABB31862@infowarrior.org> EU's highest court delivers blow to UK snooper's charter Indiscriminate collection of emails is illegal, court rules in response to challenge originally brought by David Davis Owen Bowcott Legal affairs correspondent @owenbowcott https://www.theguardian.com/law/2016/dec/21/eus-highest-court-delivers-blow-to-uk-snoopers-charter Wednesday 21 December 2016 08.13 EST First published on Wednesday 21 December 2016 04.20 EST ?General and indiscriminate retention? of emails and electronic communications by governments is illegal, the EU?s highest court has ruled, in a judgment that could trigger challenges against the UK?s new Investigatory Powers Act ? the so-called snooper?s charter. Only targeted interception of traffic and location data in order to combat serious crime ? including terrorism ? is justified, according to a long-awaited decision by the European court of justice (ECJ) in Luxembourg. The finding came in response to a legal challenge initially brought by the Brexit secretary, David Davis, when he was a backbench MP, and Tom Watson, Labour?s deputy leader, over the legality of GCHQ?s bulk interception of call records and online messages. EU ruling means UK snooper's charter may be open to challenge Read more Davis and Watson, who were supported by Liberty, the Law Society, the Open Rights Group and Privacy International, had already won a high court victory on the issue, but the government appealed and the case was referred by appeal judges to the ECJ. The case will now return to the court of appeal to be resolved in terms of UK legislation. The aim of going to Luxembourg was to clarify EU law on surveillance. The two MPs had argued successfully in the domestic courts that the Data Retention and Investigatory Powers Act (Dripa) 2014 was illegal. Dripa has since been replaced by the Investigatory Powers Act, which comes into force at the end of this month. At issue was whether there are EU standards on data retention that need to be respected by member states in domestic legislation. The result, though immediately significant, could prove academic once the UK has withdrawn from the EU and the ECJ no longer has jurisdiction over the UK. In a summary of the ruling, the court said electronic communications allow ?very precise conclusions to be drawn concerning the private lives of persons whose data has been retained?. It added: ?The interference by national legislation that provides for the retention of traffic data and location data with that right must therefore be considered to be particularly serious. ?The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference. ?Legislation prescribing a general and indiscriminate retention of data ? exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society.? Prior authorisation by a court or independent body to access retained data is required for each official request, the ECJ said. Before becoming Brexit minister, Davis travelled to Luxembourg to hear the case. He argued that the British government was ?treating the entire nation as suspects? by ignoring safeguards on retaining and accessing personal communications data. Davis, one of the most vociferous critics of the state?s powers to collect data on its citizens, withdrew from the case following his ministerial appointment. The Dripa case was heard by 15 ECJ judges. It coincided with successive atrocities in Paris, Brussels and Nice that reinforced political demands for expansion of powers to intercept emails and phone calls to help catch Islamic State militants operating on the continent. Lawyers for the UK government maintained that intercepted communications have been at the heart of every terrorist case investigated by police and the security services in recent years. Responding to the ruling, Watson said: ?At a time when we face a real and ever-present terrorist threat, the security forces may require access to personal information none of us would normally hand over. That?s why it?s absolutely vital that proper safeguards are put in place to ensure this power is not abused, as it has been in the recent past. ?Most of us can accept that our privacy may occasionally be compromised in the interests of keeping us safe, but no one would consent to giving the police or the government the power to arbitrarily seize our phone records or emails to use as they see fit. It?s for judges, not ministers, to oversee these powers.? Martha Spurrier, director of the human rights group Liberty, said: ?Today?s judgment upholds the rights of ordinary British people not to have their personal lives spied on without good reason or an independent warrant. The government must now make urgent changes to the Investigatory Powers Act [IPA] to comply with this. ?This is the first serious post-referendum test for our government?s commitment to protecting human rights and the rule of law. The UK may have voted to leave the EU ? but we didn?t vote to abandon our rights and freedoms.? Liberty is preparing to challenge the IPA in court. Jim Killock, executive director of the Open Rights Group, said: ?Blanket surveillance of our communications is intrusive and unacceptable in a democracy. ?The government must act quickly to rewrite the IPA or be prepared to go to court again.? The snooper?s charter is back A Home Office spokesperson said: ?We are disappointed with the judgment from the European court of justice and will be considering its potential implications. ?The government will be putting forward robust arguments to the court of appeal about the strength of our existing regime for communications data retention and access.? The shadow home secretary, Diane Abbott, said: ?Many of us warned that these powers were far too widely drawn. Effectively, they allow for fishing expeditions where data is collected on a vast number of individuals. They also allow for data gathering against anyone suspected of the most minor crimes, not just terrorism and organised crime, and there is insufficient judicial oversight. Targets were not informed.? The Liberal Democrat home affairs spokesman Brian Paddick said: ?Collecting and storing everyone?s internet web browsing histories and phone records so government agencies can look at them is an Orwellian nightmare that intrudes into our privacy and erodes our civil liberties.? Daniel Carey, the solicitor from Deighton Pierce Glynn who represented the Open Rights Group and Privacy International, said: ?The court is very clear that indiscriminately retaining everyone?s metadata is unlawful, which is a point my clients placed particular emphasis on. This prohibition arises out of longstanding EU legislation, which the UK played an important role in creating.? Camilla Graham Wood, of Privacy International, said: ?Today?s judgment is a major blow against mass surveillance and an important day for privacy. It makes clear that blanket and indiscriminate retention of our digital histories can be a very intrusive form of surveillance that needs strict safeguards against abuse and mission creep.? The National Police Chiefs? Council lead for communications data, assistant chief constable Richard Berry said: ?We will work within any authorisation and oversight regime deemed appropriate by parliament and courts of law. But it is important for us to have a regime that is practical and dynamic enough to be able to respond to the volume and urgency of our cases. Any changes that impede our ability to access data quickly with appropriate safeguards will undermine our ability to keep people safe.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 21 15:20:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Dec 2016 21:20:34 -0000 Subject: [Infowarrior] - Yahoo email scan shows U.S. spy push to recast constitutional privacy Message-ID: <729A2DA0-E8ED-4C7C-B882-CBDE40EE6DD6@infowarrior.org> Technology News | Wed Dec 21, 2016 | 2:33pm EST Yahoo email scan shows U.S. spy push to recast constitutional privacy By Joseph Menn http://www.reuters.com/article/us-yahoo-nsa-fourth-amendment-analysis-idUSKBN14A25F Yahoo Inc's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings. The order on Yahoo from the secret Foreign Intelligence Surveillance Court (FISC) last year resulted from the government's drive to change decades of interpretation of the U.S. Constitution's Fourth Amendment right of people to be secure against "unreasonable searches and seizures," intelligence officials and others familiar with the strategy told Reuters. The unifying idea, they said, is to move the focus of U.S. courts away from what makes something a distinct search and toward what is "reasonable" overall. The basis of the argument for change is that people are making much more digital data available about themselves to businesses, and that data can contain clues that would lead to authorities disrupting attacks in the United States or on U.S. interests abroad. While it might technically count as a search if an automated program trawls through all the data, the thinking goes, there is no unreasonable harm unless a human being looks at the result of that search and orders more intrusive measures or an arrest, which even then could be reasonable. Civil liberties groups and some other legal experts said the attempt to expand the ability of law enforcement agencies and intelligence services to sift through vast amounts of online data, in some cases without a court order, was in conflict with the Fourth Amendment because many innocent messages are included in the initial sweep. "A lot of it is unrecognizable from a Fourth Amendment perspective," said Orin Kerr, a former federal prosecutor and Georgetown University Law School expert on surveillance. "It's not where the traditional Fourth Amendment law is." But the general counsel of the Office of the Director of National Intelligence (ODNI), Robert Litt, said in an interview with Reuters on Tuesday that the legal interpretation needed to be adjusted because of technological changes. "Computerized scanning of communications in the same way that your email service provider scans looking for viruses - that should not be considered a search requiring a warrant for Fourth Amendment purposes," said Litt. He said he is leaving his post on Dec. 31 as the end of President Barack Obama's administration nears. DIGITAL SIGNATURE Reuters was unable to determine what data, if any, was handed over by Yahoo after its live email search. The search was first reported by Reuters on Oct. 4. Yahoo and the National Security Agency (NSA) declined to explain the basis for the order. The surveillance court, whose members are appointed by U.S. Supreme Court Chief Justice John Roberts, oversees and approves the domestic pursuit of intelligence about foreign powers. While details of the Yahoo search are classified, people familiar with the matter have told Reuters it was aimed at isolating a digital signature for a single person or small team working for a foreign government frequently at odds with America. The ODNI is expected to disclose as soon as next month an estimated number of Americans whose electronic communications have been caught up in online surveillance programs intended for foreigners, U.S. lawmakers said. The ODNI's expected disclosure is unlikely to cover such orders as the one to Yahoo but would encompass those under a different surveillance authority called section 702. That section allows the operation of two internet search programs, Prism and "upstream" collection, that were revealed by former NSA contractor Edward Snowden more than three years ago. Prism gathers the messaging data of targets from Alphabet Inc's Google, Facebook, Microsoft, Apple among others. Upstream surveillance allows the NSA to copy web traffic to search data for certain terms called "selectors," such as email addresses, that are contained in the body of messages. ODNI's Litt said ordinary words are not used as selectors. The Fourth Amendment applies to the search and seizure of electronic devices as much as ordinary papers. Wiretaps and other surveillance in the internet age are now subject to litigation across the United States. But in the FISC, with rare exceptions, the judges hear only from the executive branch. Their rulings have been appealed only three times, each time going to a review board. Only the government is permitted to appeal from there, and so far it has never felt the need. PUBLIC LEGAL CHALLENGES The FISC?s reasoning, though, is heading into public courts. The 9th U.S. Circuit Court of Appeals on Dec. 5 cited FISC precedents in rejecting an appeal of an Oregon man who was convicted of plotting to bomb a Christmas tree lighting ceremony after his emails were collected in another investigation. Groups such as the American Civil Liberties Union and the Electronic Frontier Foundation are fighting the expansion of legalized surveillance in Congress and in courts. On Dec. 8, the ACLU argued in the 4th U.S. Circuit Court of Appeals that a lawsuit by Wikipedia?s parent group against the NSA should not have been dismissed by a lower court, which ruled that the nonprofit could not show it had been snooped on and that the government could keep details of the program secret. The concerns of civil libertarians and others have been heightened by President-elect Donald Trump's nomination of conservative Representative Mike Pompeo of Kansas to be director of the CIA. Pompeo, writing in the Wall Street Journal in January, advocated expanding bulk collection of telephone calling records in pursuit of Islamic State and its sympathizers who could plan attacks on Americans. Pompeo said the records could be combined with "publicly available financial and lifestyle information into a comprehensive, searchable database." Yahoo's search went far beyond what would be required to monitor a single email account. The company agreed to create and then conceal a special program on its email servers that would check all correspondence for a specific string of bits. Trawling for selectors is known as "about" searching, when content is collected because it is about something of interest rather than because it was sent or received by an established target. It is frequently used by the NSA in its bulk upstream collection of international telecom traffic. The Privacy and Civil Liberties Oversight Board, an appointed panel established by Congress as part of its post-9/11 expansion of intelligence authority, reported in 2014 that "about" searches "push the program close to the line of constitutional reasonableness." A glimpse of the new legal arguments came in a FISC proceeding last year held to review NSA and FBI annual surveillance targets and four sets of procedures for limiting the spread of information about Americans. Judge Thomas Hogan appointed Amy Jeffress, an attorney at Arnold and Porter and a former national security prosecutor, to weigh in, the first time that court had asked an outside privacy expert for advice before making a decision. Jeffress argued each search aimed at an American should be tested against the Fourth Amendment, while prosecutors said that only overall searching practice had to be evaluated for "reasonableness." Hogan agreed with the government, ruling that even though the Fourth Amendment was all but waived in the initial data gathering because foreigners were the targets, the voluminous data incidentally gathered on Americans could also be used to investigate drug deals or robberies. "While they are targeting foreign intelligence information, they are collecting broader information, and there needs to be strong protections for how that information is used apart from national security," Jeffress told Reuters. ODNI's Litt wrote in a February Yale Law Review article that the new approach was appropriate, in part because so much personal data is willingly shared by consumers with technology companies. Litt advocated for courts to evaluate "reasonableness" by looking at the entirety of the government's activity, including the degree of transparency. Litt told Reuters that he did not mean, however, that the same techniques in "about" searches should be pushed toward the more targeted searches at email providers such as Yahoo. Although speaking generally, he said: "My own personal approach to this is you should trade off broader collection authority for stricter use authority," so that more is taken in but less is acted upon. This position strikes some academics and participants in the process as a remarkable departure from what the highest legal authority in the land was thinking just two years ago. That was when the Supreme Court's Roberts wrote for a majority in declaring that mobile phones usually could not be searched without warrants. After prosecutors said they had protocols in place to protect phone privacy, Roberts wrote: "Probably a good idea, but the Founders did not fight a revolution to gain the right to government agency protocols." With little evidence that the Supreme Court agrees with the surveillance court, it remains possible it would reverse the trend. But a case would first need to make its way up there. (Reporting by Joseph Menn in San Francisco; additional reporting by Dustin Volz, Mark Hosenball and John Walcott in Washington; Editing by Jonathan Weber and Grant McCool) -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 22 15:40:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Dec 2016 21:40:00 -0000 Subject: [Infowarrior] - Hayden: Managing intelligence in a world of post-truth BS Message-ID: <35AE74D6-259D-4B39-81AE-86FA7130AB93@infowarrior.org> Managing intelligence in a world of post-truth BS By Gen. Michael Hayden, contributor - 12/22/16 12:13 PM EST 178 http://thehill.com/blogs/pundits-blog/homeland-security/311510-managing-intelligence-in-a-world-of-post-truth-bs It's been a helluva six weeks for American intelligence. The president-elect has declined most daily intelligence briefings, characterized them as painfully repetitive, re-tarred the community with its failure on Iraq's weapons of mass destruction, shrugged off a high-confidence judgment on Russian election meddling as "ridiculous" and reportedly had his staff take a threat briefing from the head of Israel's Mossad. Transition team spokespeople have also alleged political agendas within the intelligence community but suggested conditions would improve when the new president "put(s) his own people in there." That last point is chilling for a community that prides itself on ? indeed, exists only to pursue ? objectivity. At least that's the ideal, even if the pursuit is sometimes flawed. And the whole package of transition actions and comments threatens the self-identity of those who feel that they do important and often irreplaceable work routinely valued by policy makers. Intel veterans were also gobsmacked with Mr. Trump's claim that the traditional President?s Daily Brief would simply tell him the same thing in the same words "every single day for the next eight years," a description that ignores the shifting complexities of a turbulent world, the timely needs of a nation with global interests and an intelligence community with global capacities that he can tune to his needs. Temperature levels across the intel network are high. Leaders are being asked fundamental questions about role and purpose that they have never had trouble answering before. Lower ranks fear that their past, current and future sacrifices will be neither recognized, appreciated nor matter much in policy deliberations. The situation isn't good; it's worse than many expected, certainly worse than many had hoped. But before we join the slide toward despair and panic (and exit), let's push back a bit against the council of our darker angels. There have been bright spots. During CIA nominee Mike Pompeo's visits to the agency to prepare for confirmation, he has shown enthusiasm and humility and has been well received. Two other huge consumers of the President?s Daily Brief, retired Gen. James Mattis at Defense and retired Gen. John Kelly at Homeland Security, are known and respected officers. Intelligence community leadership has stepped up. In one instance, a senior pre-empted his staff's funk by telling his team to go back to their desks, pull out their oath of office, read it, and go back to work. Great advice. Continue to do what you should be doing; creating the best intelligence possible. Adaptability has often been a strongpoint for the intel community. This is, after all, a transition. Presidents learn in different ways. For Bush 43 it was largely about the dialogue. Barack Obama was more the reader and, at least early in his administration, the word was out to keep it short. (One wag analyst complained that he was writing PDB haiku.). Jimmy Carter didn't take a brief at all, preferring summaries from his national security adviser. For my money, more is better than less; personal is better than impersonal; direct is better than indirect; and dialogue is better than tossing the thing over the transom. But the president decides, and if this president sticks to his never-mind-but-if-something-should-change-call-me approach (which might not survive the first crisis), I'd put a lot of effort in ensuring that Vice President Pence is fully up to speed. He acts like an avid consumer already, has the trust of the president and appears unburdened by preconceptions about what the intelligence should say. The vice president will be a busy man, but I'd also work to fold into his morning brief what we called "deep dives" under Bush 43. These were designed to give broader context than was regularly in the PDB's tighter, more focused articles. The longer format allowed richer nuance and deeper background, and since it was briefed by the analyst authors rather than the regular briefer, it routinely prompted extended exchanges ? and human contact. Still, there's the question of how to react to the president-elect's ill-considered statements and tweets. I would never put this into an all-hands message, but the intelligence workforce needs to be counseled to ignore or at least discount them. Everyone is feeling their way here and there's still a fair amount of campaign mode in the air. Watch what he says and does after he assumes the office is the message I would stress. What is said can often hurt, but it hasn't always proven very predictive. I'd chill a bit. Then jump over all of that by inviting the president to pay an early visit to the agency. Presidents Bush and Obama both spoke to the agency workforce at campaign-like rallies in the agency's iconic lobby and both worked the rope line afterward. It would help the new president and the CIA better connect. I'd also make sure that the new president had a chance to sit face-to-face with operators and analysts in some of the agency's centers. (No one undercover will be in the lobby as the press is snapping its photos!) The counterterrorism center and the Syria task force easily come to mind. Put a human face on those who go into harm's way to get otherwise unavailable truth and who will be sending their often unhappy news downriver to the White House. The president and his leadership style may even make a few friends here, as these folks are generally frustrated with the slow pace of decision-making from the Obama administration. Finally, while working for the better, one can't totally dismiss potentially darker outcomes. So, off calendar, I'd quietly have a meeting ? cheese, wine, beer, pretzels, in the conference room, after hours ? with my most senior leaders about the very concept of truth. And I'd begin with last month's Oxford Dictionaries selection of post-truth ? "circumstances in which objective facts are less influential in shaping public opinion than appeals to emotion and personal belief? ?as the international word of the year. An understandable choice on their part, as the concept has caught fire in post-mortems of the last election and in ongoing American political discourse. You have to let a discussion like this go where it will, but in the end, I would urge a commitment that, no matter what happens more broadly in society or government, no post-truth BSever be allowed to cross the fence line at Langley. American intelligence has to be an institution ready to say, "Sir, we can't back you up on that one, and we are prepared to say so." It may never get to that, of course, but if it does, best to know in advance who of your team you can count on to man the barricades with you. Gen. Michael Hayden is a former director of the CIA and the National Security Agency. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 22 16:53:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Dec 2016 22:53:26 -0000 Subject: [Infowarrior] - U.S. government begins asking foreign travelers about social media Message-ID: <20266029-4D9A-4BDA-B540-D8CE1CB20C2F@infowarrior.org> (security theater, part XXX.....) U.S. government begins asking foreign travelers about social media By Tony Romm 12/22/16 05:23 PM EST http://www.politico.com/story/2016/12/foreign-travelers-social-media-232930 NEW YORK ? The U.S. government quietly began requesting that select foreign visitors provide their Facebook, Twitter and other social media accounts upon arriving in the country, a move designed to spot potential terrorist threats that drew months of opposition from tech giants and privacy hawks alike. Since Tuesday, foreign travelers arriving in the United States on the visa waiver program have been presented with an ?optional? request to ?enter information associated with your online presence,? a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites. The new policy comes as Washington tries to improve its ability to spot and deny entry to individuals who have ties to terrorist groups like the Islamic State. But the government has faced a barrage of criticism since it first floated the idea last summer. The Internet Association, which represents companies including Facebook, Google and Twitter, at the time joined with consumer advocates to argue the draft policy threatened free expression and posed new privacy and security risks to foreigners. Now that it is final, those opponents are furious the Obama administration ignored their concerns. House report: Edward Snowden in contact with Russian agents By Eric Geller "There are very few rules about how that information is being collected, maintained [and] disseminated to other agencies, and there are no guidelines about limiting the government?s use of that information," said Michael W. Macleod-Ball, chief of staff for the American Civil Liberties Union?s Washington office. "While the government certainly has a right to collect some information ... it would be nice if they would focus on the privacy concerns some advocacy groups have long expressed." A spokeswoman for Customs and Border Protection, who said the government approved the change on Dec. 19, told POLITICO on Thursday the new policy is meant to ?identify potential threats.? Previously, the agency had said it wouldn't prohibit entry to foreigners who didn?t provide their social media account information. The question itself is included in what?s known as the Electronic System for Travel Authorization, a process that certain foreign travelers must complete to come to the United States. ESTA and a related paper form specifically apply to those arriving here through the visa-waiver program, which allows citizens of 38 countries to travel and stay in the United States for up to 90 days without a visa. Presidential Transition Trump?s terror-fighting team yet to take shape By Michael Crowley As soon as the government unveiled its draft proposal in June, however, consumer protection advocates expressed outrage. In a letter sent in August, the ACLU, Center for Democracy and Technology charged it posed immense privacy risks, given that social media accounts serve as ?gateways into an enormous amount of [users?] online expression and associations, which can reflect highly sensitive information about that person?s opinions, beliefs, identity and community.? The groups also predicted the burden would ?fall hardest on Arab and Muslim communities, whose usernames, posts, contacts and social networks will be exposed to intense scrutiny.? After the policy changed, Nathan White, the senior legislative manager of Access Now, again blasted it as a threat to human rights. ?The choice to hand over this information is technically voluntary,? he said. ?But the process to enter the U.S. is confusing, and it?s likely that most visitors will fill out the card completely rather than risk additional questions from intimidating, uniformed officers ? the same officers who will decide which of your jokes are funny and which ones make you a security risk.? Opponents also worry that the U.S. change will spark similar moves by other countries. "Democratic and non-democratic countries ? including those without the United States? due process protections ? will now believe they are more warranted in demanding social media information from visitors that could jeopardize visitors? safety," said Internet Association general counsel Abigail Slater. ?The nature of the DHS? requests delves into personal information, creating an information dragnet.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 22 16:55:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Dec 2016 22:55:02 -0000 Subject: [Infowarrior] - fw: A MESSAGE TO 2600 READERS AND WRITERS Message-ID: <177E1F30-EC0F-4187-835F-52FEC855A0A7@infowarrior.org> https://www.2600.com/content/message-2600-readers-and-writers A MESSAGE TO 2600 READERS AND WRITERS Since November, we have witnessed a variety of reactions to the surprising political developments in our country. We expect nothing less and welcome the thoughts, opinions, ideas, and schemes that our readers and writers put forth. There is one disturbing perspective, though, that we need to address. A number of people in our community feel that hackers in particular will be under increased scrutiny and will be facing significant threats under a Trump administration. We've received requests from both readers and writers to erase all evidence of their existence in our correspondence and to cancel their subscriptions and remove their names from our database. On more than one occasion, all hacker-related clothing was also thrown in the trash. It's this reaction that we find more disturbing than any of the many potential threats we're facing. Why? Because bad things happen when people let them. As long as we stand united and are willing to fight back against anything that would threaten us as individuals or as a community, we have what it takes to prevent such threats from taking hold. If we yield, it's handing out a blank check. Yes, there is much to be concerned about and even to fear. Hackers, as always, seem to be right in the middle of the controversial news stories bombarding us every day. But we need to embrace this, not push it away. We have always protected the confidentiality of both our subscribers and those sources who contribute material to our publication. We will never stop doing this. There is great strength in numbers and in intelligence. We need both in order to survive what may be hugely challenging times. We cannot let the specter of oppression slow us down because if such a scenario were to come true, that is when we would be needed the most. We should have more articles than ever, edgy and controversial material that we embrace, and a ton of people who aren't afraid to read and collect what we're putting out. After all, it's in the darkest hours when a bright light makes the most difference. We are changing the terms for writers of printed pieces, beginning with the Winter 2016-2017 issue due out in early January. Instead of a choice between a year of our magazine or one of our t-shirts, we are now offering both of these items for every article printed. And as for what articles we're looking for, as always we want pieces that embrace the hacker spirit, that examine and dissect technology in ways others haven't, and/or that reveal inconvenient truths about services and products that those in charge really don't want people to know about. Bombshells and leaks of all types are great and, as mentioned, we always protect our sources. And, being a printed magazine, it's a lot harder to block or filter us from any part of the globe. You can send your article contributions to articles at 2600.com or by surface or air mail to 2600 Editorial Department, PO Box 99, Middle Island, NY 11953 USA. We are but one window into a world of amazing voices. Please support others as well as us. If our speech and communication are to be seen as a threat to any regime, it's far better that there be a huge number of us than a tiny number. There will be some tests ahead and probably some hard times. We can't think of a better group to face that with. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Dec 25 19:37:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Dec 2016 01:37:18 -0000 Subject: [Infowarrior] - Spying after Snowden: What's changed and what hasn't Message-ID: <501E6C51-D739-4611-98FC-0E8CEB85CCC0@infowarrior.org> Spying after Snowden: What's changed and what hasn't By Julian Hattem - 12/25/16 09:08 AM EST 27 http://thehill.com/policy/technology/310457-spying-after-snowden-whats-changed-and-what-hasnt Over the last three and a half years, Edward Snowden has gone from an anonymous government contractor to a global celebrity made the subject of two major motion pictures. To some, he?s a martyr, forced to while away his time in Russia to avoid unfair charges from a U.S. government that was exposed by his actions. To others, he?s a traitor who gave up American secrets, endangered the lives of soldiers and then went running to the Kremlin for protection. But for all of his cultural import, Snowden?s decision to leak thousands of classified documents has done little to change the way the United States conducts surveillance. Domestic intelligence agencies are more entrenched than ever despite reforms passed by Congress. In Europe, governments chose to expand spy powers after a series of terrorist attacks. From the beginning, Snowden insisted that he never set out to upend the law. ?Remember, I didn?t want to change society,? Snowden told the Washington Post in December of 2013, shortly after being unmasked as the man who had leaked the huge cache of sensitive information ?I wanted to give society a chance to determine if it should change itself.? In that regard, he?s certainly been successful. Snowden?s revelations made headlines for months and caused a diplomatic crisis for the Obama administration, which was forced to explain spying on foreign leaders such as German Chancellor Angela Merkel. Some portions of the Patriot Act briefly expired last summer, in the midst of a bitter fight among lawmakers over changes to the NSA. The dramatic leaks have also made a mark on popular culture. Hollywood action movies now routinely feature an over-aggressive spying state. A fictionalized version of the former NSA contractor?s life story was released this summer, starring Joseph Gordon-Levitt and Shailene Woodley. A documentary about Snowden directed by one of the journalists who worked with him, ?Citizenfour,? won an Academy Award last year. In Silicon Valley, the impact of Snowden?s leaks has been deep and lasting. Tech companies stood to lose billions of dollars over the leaks, which created global distrust in their services. In response, companies like Google and Facebook have taken a series of steps to protect and encrypt user data, even at the risk of angering government authorities. Earlier this year, Apple refused to cooperate when the FBI sought access to the iPhone of one of the killers behind last December?s terrorist massacre in San Bernardino, Calif. It seems unlikely that Apple would have taken such a firm stand, and fought so hard in court, if the Snowden leaks hadn?t happened. ?The fact that the most profitable corporation in the world was engaged in a high-profile public dispute with the FBI in a terrorism case is something that would?ve been unimaginable a few years ago,? said Ben Wizner, Snowden?s lawyer at the American Civil Liberties Union. ?It?s fair to say that we?re living in a different world because of Snowden.? Snowden?s critics argue the reaction to the leaks was overblown and fueled by misperceptions about how U.S. intelligence agencies operate. ?Effective programs for targeting foreign terror suspects were inaccurately portrayed as pervasive wiretapping operations to spy on American citizens and listen to their phone calls,? Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee, said in a statement to The Hill. ?Among some people, this perception led to increased suspicion of the intelligence community, which is unfortunate, since our intelligence professionals are doing really hard, important and sometimes dangerous work to prevent terror attacks.? When it comes to U.S. law, Snowden?s leaks have barely registered at all, experts say. ?In terms of actual programmatic change, there?s been relatively little,? said Geoffrey Stone, a law professor at the University of Chicago. Snowden?s leaks can be directly connected to only one new law, which ended the NSA?s bulk collection of Americans? phone records, among other changes. However, by requiring the NSA to go to private phone companies when seeking data, Congress likely ended up expanding the information available to the spy agency, as lawmakers such as Sen. Ted Cruz (R-Texas) have argued. Under the previous system, the NSA reportedly had trouble acquiring records from cellphones. Now it is able to obtain them with a court order. The records detail the numbers involved in a phone call, when it occurred and how long it lasted, but do not include the content of the conversations. Overseas, the legal response to Snowden has been more pronounced ? although in some places, the movements have been to solidify government surveillance powers, not undo them. ?Snowden?s disclosures, ironically, probably produced a more sustained legal effect overseas,? said Stephen Vladeck, a law professor at the University of Texas. ?And that effect has been in both directions.? Following Snowden's leaks, Europe?s top court ruled that the U.S. did not adequately protect the private data of EU citizens, forcing a prolonged negotiation with the U.S. over new rules that were finalized earlier this year. But the United Kingdom's House of Commons this summer approved a controversial bill explicitly outlining powers for intelligence agencies, dubbed the ?snooper?s charter.? In some cases, the bill gave clear authority for the government to continue programs it had already been running. Next year, U.S. privacy activists are hoping Congress will refuse to reauthorize a more sweeping intelligence law, Section 702 of the 2008 update of the Foreign Intelligence Surveillance Act. The law authorizes more expansive internet surveillance operations, such as the NSA?s PRISM and Upstream data collection. Legislative jockeying ahead of the 2017 deadline has already begun, but the momentum for reform appears to have stalled, at least temporarily. The issue of surveillance reform didn?t emerge at all in the presidential race. And after twice approving symbolic measures to end alleged ?backdoor? spying of Americans, the House this summer voted against making changes to the law, in a sign that renewed concerns about terrorism outweighed privacy fears. ?I believe most Americans have a good understanding of the threats we face today and that they support the intelligence community?s efforts to keep our service members safe and our homeland secure,? said Nunes, who lobbied his colleagues to oppose the measure to end backdoor spying. Snowden himself remains in Russia, where he has sought asylum to avoid espionage charges in the U.S. He appears regularly via satellite at privacy panels and conferences, and has reportedly raked in more than $200,000 in speaking fees over the last year. But his future remains uncertain. A brief publicity effort aimed at persuading Obama to grant him a pardon seems to have fizzled out. Despite suggestions by his lawyers that he could eventually be granted protection in Europe or elsewhere, he is stuck in Russia for the time being. ?At least from a public discourse perspective, I think it?s very hard to overstate just what kind of impact Edward Snowden had,? Vladeck said. ?With regard to the law, I think the verdict is far more mixed.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 27 07:13:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Dec 2016 13:13:30 -0000 Subject: [Infowarrior] - Court Says Government Needs Better Excuses If It Wants To Keep Hiding DEA Surveillance Docs Message-ID: Court Says Government Needs Better Excuses If It Wants To Keep Hiding DEA Surveillance Docs from the even-these-bare-bones-are-barely-there dept The EFF has won a small battle in a larger war against the US government for its continued withholding of documents related to its Hemisphere program. Files on this custom-built AT&T/DEA surveillance system have already made their way into the hands of the public. Contrary to the government's claims about other methods (warrants, subpoenas) taking too long to obtain phone records, previously-released documents showed AT&T employees worked directly alongside agents in DEA offices to perform instantaneous searches for records. The EFF is seeking information not included in the Powerpoint presentation already produced by the DEA. It's looking for records on court cases where evidence derived from the program was submitted, communications between the government and AT&T concerning the program, communications between government agencies about the Hemisphere program, and Congressional briefings related to the side-by-side surveillance effort. The government has refused to turn over much of what's been requested for a variety of reasons, the main one being infamous FOIA exemption b(5). The government has other reasons for withholding information, but this is its favorite. The court, however, finds that most of its arguments amount to little more than "because." From the opinion [PDF]: < - > https://www.techdirt.com/articles/20161224/11031036344/court-says-government-needs-better-excuses-if-it-wants-to-keep-hiding-dea-surveillance-docs.shtml From rforno at infowarrior.org Tue Dec 27 10:01:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Dec 2016 16:01:46 -0000 Subject: [Infowarrior] - Tom Bossert named as new WH counterterror/HLS advisor Message-ID: <5FADF696-3D81-4E2B-990F-F244E0197037@infowarrior.org> Trump picks Tom Bossert as homeland security adviser By Eric Geller 12/27/16 10:13 AM EST http://www.politico.com/blogs/donald-trump-administration/2016/12/tom-bossert-homeland-security-adviser-232977 President-elect Donald Trump announced Tuesday that Tom Bossert, a former national security aide to President George W. Bush, will serve as his homeland security adviser in the White House. Bossert, currently a fellow at the Atlantic Council?s Cyber Statecraft Initiative, ?has a handle on the complexity of homeland security, counterterrorism, and cybersecurity challenges,? Trump said in a statement. Bossert was a deputy homeland security adviser in the last year of the Bush administration, when he helped draft the federal government?s first cybersecurity strategy. He also spent two years as the White House director of infrastructure protection policy, a role that involved management of U.S. critical infrastructure security. Bossert highlighted cybersecurity as a priority in his new job, saying in a statement that the U.S. ?must work toward [a] cyber doctrine that reflects the wisdom of free markets, private competition and the important but limited role of government in establishing and enforcing the rule of law, honoring the rights of personal property, the benefits of free and fair trade, and the fundamental principles of liberty.? The Trump transition team said that Bossert?s post of assistant to the president for homeland security and counterterrorism, formerly filled by a deputy to the national security adviser, will be ?elevated and restored to its independent status.? From rforno at infowarrior.org Tue Dec 27 12:28:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Dec 2016 18:28:30 -0000 Subject: [Infowarrior] - OT: Carrie Fisher dies at 60 Message-ID: Carrie Fisher, child of Hollywood who blazed a path as 'Star Wars' heroine, screenwriter and author, dies at 60 Josh Rottenberg http://www.latimes.com/entertainment/movies/la-et-mn-carrie-fisher-obit-20161227-story.html Actress and writer Carrie Fisher, who rose to global fame as the trail-blazing intergalactic heroine Princess Leia in the ?Star Wars? franchise and later went on to establish herself as an author and screenwriter with an acerbic comic flair, has died. Fisher suffered a heart attack on Friday during a flight to Los Angeles from London, where she had been filming the third season of the Amazon comedy series ?Catastrophe.? Upon landing, she was quickly rushed to UCLA Medical Center upon landing, but after three days in intensive care, she died, a family publicist confirmed. She was 60 years old. From the moment she first stepped onto the screen in 1977?s ?Star Wars,? the character of Leia Organa ? whip-smart, wryly funny and fearless enough to stand up to the likes of Darth Vader without batting an eye, with an instantly iconic set of buns on either side of her head ? inspired generations of young girls to be bold and inspired crushes in generations of young boys. Decades later, when Fisher returned to the role in last year?s ?Star Wars: The Force Awakens,? she reflected to The Times on her status as a new kind role model in the pop culture landscape. ?I remember the first time it was weird to me was when someone wanted to thank me because they?d become a lawyer because of me,? Fisher said. ?The main thing they said is that they identified with me. I felt like that was somebody that could be heroic without being a superhero and be relatable.? Leia was a fierce and regal warrior, but Fisher?s offscreen life was more messy, marked by bouts of drug abuse, a complicated family history and struggles with mental illness ? all of which she would use as material for lacerating comedy in her numerous works of fiction and nonfiction. Born into Hollywood royalty on Oct. 21, 1956, to singer Eddie Fisher and actress Debbie Reynolds, who divorced when she was 2, Fisher rocketed to her fame in her own right when director George Lucas cast her as Leia in his space opera while she was still a teenager. She reprised the role in 1980?s ?The Empire Strikes Back? and 1983?s ?Return of the Jedi.? In the wake of ?Star Wars,? Fisher continued to act on occasion in films such as Woody Allen?s ?Hannah and Her Sisters? and the romantic comedy ?When Harry Met Sally?? But the shadow of ?Star Wars? was not easy to escape, and it wasn?t until Fisher turned to writing with the semi-autobiographical 1987 novel ?Postcards from the Edge? that she began to define herself outside of the role of Princess Leia. In ?Postcards from the Edge,? Fisher satirized her own acting career, her offscreen struggle with drug abuse and bipolar disorder and her sometimes stormy relationship with her mother. (The bond between Fisher and Reynolds is explored in of an upcoming HBO documentary, ?Bright Lights: Starring Carrie Fisher and Debbie Reynolds.?) ?Postcards from the Edge? was adapted for the big screen by director Mike Nichols in 1990 and went on to launch an entirely new career for Fisher as a bestselling author and screenwriter. Though Fisher?s facility as a writer may have surprised fans who only knew her from her work in the galaxy far, far away, it was hardly news to those who knew her best. ?I started reading really early ? I wanted to impress my father, who is unimpressable? she told The Times in 2008. ?My family called me ?the bookworm? and they didn?t say it in a nice way. I fell in love with words?. By about 16 I wanted to be Dorothy Parker.? Fisher went on to write several more novels, including ?Surrender the Pink? and ?Delusions of Grandma,? and, again using her life as material, published a 2008 memoir called ?Wishful Drinking,? based on a one-woman show she had performed on Broadway. Less publicly, she also earned steady work as one of the film industry?s most in-demand script doctors. At the time of her death, Fisher was on tour promoting her recently published book ?The Princess Diarist.? A memoir based on diaries Fisher kept around the time she filmed the first ?Star Wars? movie,? the book revealed that the actress had carried on an affair with co-star Harrison Ford, who played the roguish smuggler Han Solo, with whom Leia had an often tempestuous romantic relationship. Indeed, Fisher ? who was briefly married to singer Paul Simon in the early 1980s and had a daughter, Billie Catherine Lourd, from a later relationship with talent agent Bryan Lourd ? was never one to shy away from uncomfortable or intimate subjects. On social media, she cultivated a brash, wise-cracking persona, whether posting droll one-liners or photos of her French bulldog, Gary. When some moviegoers complained on social media about how much older she looked in ?The Force Awakens? than when she had last played the character more than three decades earlier, she retorted on Twitter with her typical sharp wit, ?Please stop debating about whether or not I aged well. Unfortunately it hurts all 3 of my feelings.? Fisher had been confirmed to return to the role of Leia in the next installment in the franchise, ?Episode VIII,? due in theaters December 2017. The film finished shooting this summer, but plot details ? including what part Leia plays in the next chapter of the saga ? have been kept tightly under wraps. Although some actors might bemoan being so closely associated with a single role for so many years, Fisher never seemed to resent being linked to Leia, even if she did admit to disliking the character?s famous buns, calling them a ?hair-don?t instead of a hairdo.? ?It's not always fun, but it?s certainly life-changing,? she told The Times last year. ?I have been Princess Leia exclusively. It?s been a part of my life for 40 years?. I?m like the diplomat to a country that I haven?t been to yet. I am that country.? From rforno at infowarrior.org Tue Dec 27 16:59:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Dec 2016 22:59:28 -0000 Subject: [Infowarrior] - Duke issues warning to profs about emails falsely claiming to be from a potential studen Message-ID: <8BACE4B7-0421-4771-9334-6EE0AE6AA7AC@infowarrior.org> Duke warns professors about emails from someone claiming to be a student, seeking information about their courses -- many in fields criticized by some on the right. By Scott Jaschik December 27, 2016 https://www.insidehighered.com/news/2016/12/27/duke-professors-report-emails-someone-falsely-claiming-be-student-seeking Duke University professors took to social media on Tuesday to see if they could trust emails from someone claiming to be a student, seeking information about reading lists in their courses for the coming semester. It is unclear how many Duke professors received the emails, and this is a time of year that some faculty members aren't checking email regularly. But those who went public with the emails noticed that the courses about which the so-called student was seeking information all happened to be the types of classes that some right-wing bloggers like to criticize. The person sending the email sought information, for example, on courses called "Money, Sex and Power," "Energy and Environmental Justice" and "Religion and Mass Incarceration." The email messages, which did not come from a Duke email account, were very similar in asking for a reading list so the alleged student "could get a better idea of if the class is right for me." Professors who shared their emails said that they would try to answer such questions from a Duke student, but didn't want to inadvertently help someone trying to attack either higher education generally or certain fields of study. Many cited the mood in academe in a time when new groups like Professor Watchlist are appearing. The list is for people to name faculty members who "promote anti-American values and advance leftist propaganda in the classroom.? Ara Wilson, associate professor of women's studies at Duke, said via email that she responded to the email, offering to send a syllabus for "Money, Sex and Power" if the person seeking her out sent her a Duke email address, but the person who sent the email claimed that his Duke account didn't work. The emails came from someone claiming to be Gary Joe, but Duke says no such person is a current student. The university sent out an alert to faculty members Tuesday suggesting they not respond to the alleged student, and said that he has tried before to get information from faculty members about Duke classes. Inside Higher Ed sent email to Gary Joe seeking to find out who he is and why he is sending the email. He did not respond but this article will be updated if he does. Here are some of the comments on Twitter about the emails sent to Duke professors: Gender Studies has always been a Right Wing target, so we're primed for scrutiny, critique, and insult. https://t.co/NCT4GVtlnM ? ara wilson (@arawilson) December 27, 2016 @kjhealy ?Dear Gary Joe ? Sorry, that class is full. May I suggest you take Prof. Sokal?s Towards a Transformative Hermeutics of Phishing?? ? TED (@EpicureanDeal) December 27, 2016 Gender Studies has always been a Right Wing target, so we're primed for scrutiny, critique, and insult. https://t.co/NCT4GVtlnM ? ara wilson (@arawilson) December 27, 2016 From rforno at infowarrior.org Wed Dec 28 15:39:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Dec 2016 21:39:17 -0000 Subject: [Infowarrior] - Telegram Now Being Targeted By Politicians Because Terrorists (Also) Use It Message-ID: <2F4893EC-7C84-45F0-BDEA-C6278D77D38B@infowarrior.org> Telegram Now Being Targeted By Politicians Because Terrorists (Also) Use It from the ineffective-noise dept Victims of terrorist attacks are busy suing Facebook, Twitter, and YouTube for supposedly providing material support for terrorism by not shutting down ISIS-related accounts fast enough. Twitter has gathered more negative attention than most, thanks to its inconsistent application of the "Twitter Rules." Not only has it fielded lots of complaints from so-called "alt-right" figureheads, but non alt-righter Senator John McCain tends to use the service as a national security punching bag during periodic bitchfests hearings on phone encryption. End-to-end encryption is also the bane of several governments' existence, but even all this concern about unintercepted criminal communications has yet to tip the scale towards mandated backdoors. Instead, pressure is being applied in other ways. Twitter recently killed off a few hundred thousand terrorist-linked accounts, so those looking for a new terrorist support network d/b/a a social media service have begun sniping at secure messaging service Telegram. Telegram has been the recipient of periodic signup surges, thanks to government action around the globe. WhatsApp, which recently added end-to-end encryption, has been routinely blocked by a handful of national governments, with Brazil denying access to its citizens most frequently. Every time WhatsApp is blocked, other encrypted messaging services see their user bases grow. The same will happen with alternatives to Telegram, which is now being labeled as ISIS's favorite chat app. The recent addition of a desktop version means encrypted communications aren't limited to terrorists with cellphones. That's apparently problematic, at least according to a few US legislators. < - > https://www.techdirt.com/articles/20161224/07243736341/telegram-now-being-targeted-politicians-because-terrorists-also-use-it.shtml From rforno at infowarrior.org Thu Dec 29 13:26:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Dec 2016 19:26:37 -0000 Subject: [Infowarrior] - U.S. Punishes Russia for Election Hacking, Ejecting Operatives Message-ID: U.S. Punishes Russia for Election Hacking, Ejecting Operatives David E. Sanger http://www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanctions.html Asked on Wednesday night at his Mar-a-Lago estate in Palm Beach, Fla., about reports of the impending sanctions, Mr. Trump said: ?I think we ought to get on with our lives. I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what is going on. We have speed, we have a lot of other things, but I?m not sure we have the kind, the security we need.? The Obama administration is also planning to release a detailed ?joint analytic report? from the Federal Bureau of Investigation and the Department of Homeland Security that is clearly based in part on intelligence gathered by the National Security Agency. A more detailed report on the intelligence, ordered by President Obama, will be published in the next three weeks, though much of the detail ? especially evidence collected from ?implants? in Russian computer systems, tapped conversations and spies ? is expected to remain classified. Despite the fanfare and political repercussions surrounding the announcement, it is not clear how much real effect the sanctions may have, although they go well beyond the modest sanctions imposed against North Korea for its attack on Sony Pictures Entertainment two years ago. Starting in March 2014, the United States and its Western allies levied sanctions against broad sectors of the Russian economy and blacklisted dozens of people, some of them close friends of President Vladimir V. Putin, after the Russian annexation of Crimea and its activities to destabilize Ukraine. Mr. Trump suggested in an interview with The New York Times earlier this year that he believed those sanctions were useless, and left open the possibility he might lift them. Mr. Obama and his staff have debated for months when and how to impose what they call ?proportionate? sanctions for the remarkable set of events that took place during the election, as well as how much of them to announce publicly. Several officials, including Vice President Joseph R. Biden Jr., have suggested that there may also be a covert response, one that would be obvious to Mr. Putin but not to the public. While that may prove satisfying, many outside experts have said that unless the public response is strong enough to impose a real cost on Mr. Putin, his government and his vast intelligence apparatus, it might not deter further activity. ?They are concerned about controlling retaliation,? said James A. Lewis, a cyberexpert at the Center for Strategic and International Studies in Washington. The Obama administration was riven by an internal debate about how much of its evidence to make public. Although the announcement risks revealing sources and methods, it was the best way, some officials inside the administration argued, to make clear to a raft of other nations ? including China, Iran and North Korea ? that their activities can be tracked and exposed. In the end, Mr. Obama decided to expand an executive order that he issued in April 2015, after the Sony hacking. He signed it in Hawaii on Thursday morning, specifically giving himself and his successor the authority to issue travel bans and asset freezes on those who ?tamper with, alter, or cause a misappropriation of information, with a purpose or effect of interfering with or undermining election processes or institutions.? Mr. Obama used that order to immediately impose sanctions on four Russian intelligence officials: Igor Valentinovich Korobov, the current chief of a military intelligence agency, the G.R.U., and three deputies: Sergey Aleksandrovich Gizunov, the deputy chief of the G.R.U.; Igor Olegovich Kostyukov, a first deputy chief, and Vladimir Stepanovich Alekseyev, also a first deputy chief of the G.R.U. But G.R.U. officials rarely travel to the United States, or keep their assets here, so the effects may be largely symbolic. It is also unclear if any American allies will impose parallel sanctions on Russia. Got a confidential news tip? The New York Times would like to hear from readers who want to share messages and materials with our journalists. The administration also put sanctions on three companies and organizations that it said supported the hacking operations: the Special Technologies Center, a signals intelligence operation in St. Petersburg; a firm called Zor Security that is also known as Esage Lab; and the ?Autonomous Non-commercial Organization Professional Association of Designers of Data Processing Systems,? whose lengthy name, American officials said, was cover for a group that provided specialized training for the hacking. ?It is hard to do business around the world when you are named like this,? a senior administration official with long experience in Russia sanctions said on Thursday morning. The official spoke on the condition of anonymity because of the sensitive nature of the intelligence. But the question will remain whether the United States acted too slowly ? and then, perhaps, with not enough force. Members of Hillary Clinton?s election campaign argue that the distractions caused by the leakage of emails, showing infighting in the D.N.C., and later the private communications of John D. Podesta, the campaign chairman, absorbed an American press corps more interested in the leaks than in the phenomena of a foreign power marrying new cybertechniques with old-style information warfare. Certainly the United States had early notice. The F.B.I. first informed the D.N.C. that it saw evidence that the committee?s email systems had been hacked in the fall of 2015. Months of fumbling and slow responses followed. Mr. Obama said at a new conference he was first notified early this summer. But one of his top cyberaides met Russian officials in Geneva to complain about cyberactivity in April. By the time the leadership of the D.N.C. woke up to what was happening, the G.R.U. had not only obtained those emails through a hacking group that has been closely associated with it for years, but, investigators say, also allowed them to be published on a number of websites, from a newly created one called ?DC Leaks? to the far more established WikiLeaks. Meanwhile, several states reported the ?scanning? of their voter databases ? which American intelligence agencies also attributed to Russian hackers. But there is no evidence, American officials said, that Russia sought to manipulate votes or voter rolls on Nov. 8. Mr. Obama decided not to issue sanctions ahead of the elections, for fear of Russian retaliation ahead of election day. Some of his aides now believe that was a mistake. But the president made clear before leaving for Hawaii that he planned to respond. The question now is whether the response he has assembled will be more than just symbolic, deterring not only Russia but others who might attempt to influence future elections. From rforno at infowarrior.org Fri Dec 30 07:14:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Dec 2016 13:14:45 -0000 Subject: [Infowarrior] - Winter is coming: prospects for the American press under Trump Message-ID: (h/t DH) Winter is coming: prospects for the American press under Trump http://pressthink.org/2016/12/winter-coming-prospects-american-press-trump/ From rforno at infowarrior.org Fri Dec 30 12:51:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Dec 2016 18:51:33 -0000 Subject: [Infowarrior] - James Risen: If Donald Trump Targets Journalists, Thank Obama Message-ID: If Donald Trump Targets Journalists, Thank Obama By JAMES RISEN DEC. 30, 2016 http://www.nytimes.com/2016/12/30/opinion/sunday/if-donald-trump-targets-journalists-thank-obama.html WASHINGTON ? If Donald J. Trump decides as president to throw a whistle-blower in jail for trying to talk to a reporter, or gets the F.B.I. to spy on a journalist, he will have one man to thank for bequeathing him such expansive power: Barack Obama. Mr. Trump made his animus toward the news media clear during the presidential campaign, often expressing his disgust with coverage through Twitter or in diatribes at rallies. So if his campaign is any guide, Mr. Trump seems likely to enthusiastically embrace the aggressive crackdown on journalists and whistle-blowers that is an important yet little understood component of Mr. Obama?s presidential legacy. Criticism of Mr. Obama?s stance on press freedom, government transparency and secrecy is hotly disputed by the White House, but many journalism groups say the record is clear. Over the past eight years, the administration has prosecuted nine cases involving whistle-blowers and leakers, compared with only three by all previous administrations combined. It has repeatedly used the Espionage Act, a relic of World War I-era red-baiting, not to prosecute spies but to go after government officials who talked to journalists. Under Mr. Obama, the Justice Department and the F.B.I. have spied on reporters by monitoring their phone records, labeled one journalist an unindicted co-conspirator in a criminal case for simply doing reporting and issued subpoenas to other reporters to try to force them to reveal their sources and testify in criminal cases. I experienced this pressure firsthand when the administration tried to compel me to testify to reveal my confidential sources in a criminal leak investigation. The Justice Department finally relented ? even though it had already won a seven-year court battle that went all the way to the Supreme Court to force me to testify ? most likely because they feared the negative publicity that would come from sending a New York Times reporter to jail. In an interview last May, President Obama pushed back on the criticism that his administration had been engaged in a war on the press. He argued that the number of leak prosecutions his administration had brought had been small and that some of those cases were inherited from the George W. Bush administration. ?I am a strong believer in the First Amendment and the need for journalists to pursue every lead and every angle,? Mr. Obama said in an interview with the Rutgers University student newspaper. ?I think that when you hear stories about us cracking down on whistle-blowers or whatnot, we?re talking about a really small sample. ?Some of them are serious,? he continued, ?where you had purposeful leaks of information that could harm or threaten operations or individuals who were in the field involved with really sensitive national security issues.? But critics say the crackdown has had a much greater chilling effect on press freedom than Mr. Obama acknowledges. In a scathing 2013 report for the Committee to Protect Journalists, Leonard Downie, a former executive editor of The Washington Post who now teaches at Arizona State University, said the war on leaks and other efforts to control information was ?the most aggressive I?ve seen since the Nixon administration, when I was one of the editors involved in The Washington Post?s investigation of Watergate.? When Mr. Obama was elected in 2008, press freedom groups had high expectations for the former constitutional law professor, particularly after the press had suffered through eight years of bitter confrontation with the Bush administration. But today, many of those same groups say Mr. Obama?s record of going after both journalists and their sources has set a dangerous precedent that Mr. Trump can easily exploit. ?Obama has laid all the groundwork Trump needs for an unprecedented crackdown on the press,? said Trevor Timm, executive director of the nonprofit Freedom of the Press Foundation. Dana Priest, a Pulitzer Prize-winning reporter for The Washington Post, added: ?Obama?s attorney general repeatedly allowed the F.B.I. to use intrusive measures against reporters more often than any time in recent memory. The moral obstacles have been cleared for Trump?s attorney general to go even further, to forget that it?s a free press that has distinguished us from other countries, and to try to silence dissent by silencing an institution whose job is to give voice to dissent.? The administration?s heavy-handed approach represents a sharp break with tradition. For decades, official Washington did next to nothing to stop leaks. Occasionally the C.I.A. or some other agency, nettled by an article or broadcast, would loudly proclaim that it was going to investigate a leak, but then would merely go through the motions and abandon the case. Of course, reporters and sources still had to be careful to avoid detection by the government. But leak investigations were a low priority for the Justice Department and the F.B.I. In fact, before the George W. Bush administration, only one person was ever convicted under the Espionage Act for leaking ? Samuel Morison, a Navy analyst arrested in 1984 for giving spy satellite photos of a Soviet aircraft carrier to Jane?s Defense Weekly. He was later pardoned by President Bill Clinton. Things began to change in the Bush era, particularly after the Valerie Plame case. The 2003 outing of Ms. Plame as a covert C.I.A. operative led to a criminal leak investigation, which in turn led to a series of high-profile Washington journalists? being subpoenaed to testify before a grand jury and name the officials who had told them about her identity. Judith Miller, then a New York Times reporter, went to jail for nearly three months before finally testifying in the case. The Plame case began to break down the informal understanding between the government and the news media that leaks would not be taken seriously. The Obama administration quickly ratcheted up the pressure, and made combating leaks a top priority for federal law enforcement. Large-scale leaks, by Chelsea Manning and later by Edward J. Snowden, prompted the administration to adopt a zealous, prosecutorial approach toward all leaking. Lucy Dalglish, the dean of the University of Maryland?s journalism school, recalls that, during a private 2011 meeting intended to air differences between media representatives and administration officials, ?You got the impression from the tone of the government officials that they wanted to take a zero-tolerance approach to leaks.? Sign Up for the Opinion Today Newsletter Every weekday, get thought-provoking commentary from Op-Ed columnists, the Times editorial board and contributing writers from around the world. Receive occasional updates and special offers for The New York Times's products and services. ? See Sample ? Privacy Policy The Justice Department, facing mounting criticism from media organizations, has issued new guidelines setting restrictions on when the government could subpoena reporters to try to force them to reveal their sources. But those guidelines include a loophole allowing the Justice Department to continue to aggressively pursue investigations into news reports on national security, which covers most leak investigations. In addition, the guidelines aren?t codified in law and can be changed by the next attorney general. More significantly, the Obama administration won a ruling from the Fourth Circuit Court of Appeals in my case that determined that there was no such thing as a ?reporter?s privilege? ? the right of journalists not to testify about their confidential sources in criminal cases. The Fourth Circuit covers Virginia and Maryland, home to the C.I.A., the Pentagon and the National Security Agency, and thus has jurisdiction over most leak cases involving classified information. That court ruling could result, for example, in a reporter?s being quickly jailed for refusing to comply with a subpoena from the Trump administration?s Justice Department to reveal the C.I.A. sources used for articles on the agency?s investigation into Russian hacking during the 2016 presidential election. Press freedom advocates already fear that under Senator Jeff Sessions, Mr. Trump?s choice to be attorney general, the Justice Department will pursue journalists and their sources at least as aggressively as Mr. Obama did. If Mr. Sessions does that, Ms. Dalglish said, ?Obama handed him a road map.? James Risen is an investigative reporter for The New York Times and the author of ?Pay Any Price: Greed, Power and Endless War.? From rforno at infowarrior.org Sat Dec 31 14:04:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Dec 2016 20:04:33 -0000 Subject: [Infowarrior] - The IT security culture, hackers vs. industry consortia Message-ID: <09FE7415-BCDC-4F9B-BB55-A195B1F0DC1C@infowarrior.org> The IT security culture, hackers vs. industry consortia Harald Welte 2016-12-06 http://laforge.gnumonks.org/blog/20161206-it_security_culture_telecoms/ In a previous life I used to do a lot of IT security work, probably even at a time when most people had no idea what IT security actually is. I grew up with the Chaos Computer Club, as it was a great place to meet people with common interests, skills and ethics. People were hacking (aka 'doing security research') for fun, to grow their skills, to advance society, to point out corporate stupidities and to raise awareness about issues. I've always shared any results worth noting with the general public. Whether it was in RFID security, on GSM security, TETRA security, etc. Even more so, I always shared the tools, creating free software implementations of systems that - at that time - were very difficult to impossible to access unless you worked for the vendors of related device, who obviously had a different agenda then to disclose security concerns to the general public. Publishing security related findings at related conferences can be interpreted in two ways: On the one hand, presenting at a major event will add to your credibility and reputation. That's a nice byproduct, but that shouldn't be the primarily reason, unless you're some kind of a egocentric stage addict. On the other hand, presenting findings or giving any kind of presentation or lecture at an event is a statement of support for that event. When I submit a presentation at a given event, I think carefully if that topic actually matches the event. The reason that I didn't submit any talks in recent years at CCC events is not that I didn't do technically exciting stuff that I could talk about - or that I wouldn't have the reputation that would make people consider my submission in the programme committee. I just thought there was nothing in my work relevant enough to bother the CCC attendees with. So when Holger 'zecke' Freyther and I chose to present about our recent journeys into exploring modern cellular modems at the annual Chaos Communications Congress, we did so because the CCC Congress is the right audience for this talk. We did so, because we think the people there are the kind of community of like-minded spirits that we would like to contribute to. Whom we would like to give something back, for the many years of excellent presentations and conversations had. So far so good. However, in 2016, something happened that I haven't seen yet in my 17 years of speaking at Free Software, Linux, IT Security and other conferences: A select industry group (in this case the GSMA) asking me out of the blue to give them the talk one month in advance at a private industry event. I could hardly believe it. How could they? Who am I? Am I spending sleepless nights and non-existing spare time into security research of cellular modems to give a free presentation to corporate guys at a closed industry meeting? The same kind of industries that create the problems in the first place, and who don't get their act together in building secure devices that respect people's privacy? Certainly not. I spend sleepless nights of hacking because I want to share the results with my friends. To share it with people who have the same passion, whom I respect and trust. To help my fellow hackers to understand technology one step more. If that kind of request to undermine the researcher/authors initial publication among friends is happening to me, I'm quite sure it must be happening to other speakers at the 33C3 or other events, too. And that makes me very sad. I think the initial publication is something that connects the speaker/author with his audience. Let's hope the researchers/hackers/speakers have sufficiently strong ethics to refuse such requests. If certain findings are initially published at a certain conference, then that is the initial publication. Period. Sure, you can ask afterwards if an author wants to repeat the presentation (or a similar one) at other events. But pre-empting the initial publication? Certainly not with me. I offered the GSMA that I could talk on the importance of having FOSS implementations of cellular protocol stacks as enabler for security research, but apparently this was not to their interest. Seems like all they wanted is an exclusive heads-up on work they neither commissioned or supported in any other way. And btw, I don't think what Holger and I will present about is all that exciting in the first place. More or less the standard kind of security nightmares. By now we are all so numbed down by nobody considering security and/or privacy in design of IT systems, that is is hardly any news. IoT how it is done so far might very well be the doom of mankind. An unstoppable tsunami of insecure and privacy-invading devices, built on ever more complex technology with way too many security issues. We shall henceforth call IoT the Industry of Thoughtlessness. From rforno at infowarrior.org Sat Dec 31 14:57:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Dec 2016 20:57:54 -0000 Subject: [Infowarrior] - Taibbi: Something About This Russia Story Stinks Message-ID: <1B80673D-83EC-4033-8CEC-9AE69C8CA556@infowarrior.org> (x-posted) Something About This Russia Story Stinks By Matt Taibbi Nearly a decade and a half after the Iraq-WMD faceplant, the American press is again asked to co-sign a dubious intelligence assessment < - > http://www.rollingstone.com/politics/features/something-about-this-russia-story-stinks-w458439 From rforno at infowarrior.org Sat Dec 31 22:43:16 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 01 Jan 2017 04:43:16 -0000 Subject: [Infowarrior] - PEOTUS Promises a Revelation on Hacking Message-ID: Trump Promises a Revelation on Hacking By MAGGIE HABERMAN DEC. 31, 2016 http://www.nytimes.com/2016/12/31/us/politics/donald-trump-russia-hacking.html WEST PALM BEACH, Fla. ? President-elect Donald J. Trump, expressing lingering skepticism about intelligence assessments of Russian interference in the election, said on Saturday evening that he knew ?things that other people don?t know? about the hacking, and that the information would be revealed ?on Tuesday or Wednesday.? Speaking to a handful of reporters outside his Palm Beach, Fla., club, Mar-a-Lago, Mr. Trump cast his declarations of doubt as an effort to seek the truth. ?I just want them to be sure because it?s a pretty serious charge,? Mr. Trump said of the intelligence agencies. ?If you look at the weapons of mass destruction, that was a disaster, and they were wrong,? he added, referring to intelligence cited by the George W. Bush administration to support its march to war in 2003. ?So I want them to be sure,? the president-elect said. ?I think it?s unfair if they don?t know.? He added: ?And I know a lot about hacking. And hacking is a very hard thing to prove. So it could be somebody else. And I also know things that other people don?t know, and so they cannot be sure of the situation.? When asked what he knew that others did not, Mr. Trump demurred, saying only, ?You?ll find out on Tuesday or Wednesday.? Mr. Trump, who does not use email, also advised people to avoid computers when dealing with delicate material. ?It?s very important, if you have something really important, write it out and have it delivered by courier, the old-fashioned way, because I?ll tell you what, no computer is safe,? Mr. Trump said. ?I don?t care what they say, no computer is safe,? he added. ?I have a boy who?s 10 years old; he can do anything with a computer. You want something to really go without detection, write it out and have it sent by courier.? The comments on Saturday were a departure from a statement that Mr. Trump issued through transition officials last week, in which he said that it was time for people to ?move on? from the hacking issue but that he would be briefed on the matter by intelligence officials early in the new year. On Thursday, President Obama ordered a set of retaliatory measures against Russia over the election hacking. The United States expelled 35 Russian diplomats and shuttered two estates that it claimed had been used for intelligence-gathering. The Russian president, Vladimir V. Putin, declined to respond in kind to the measures, a gesture that Mr. Trump appeared to view favorably. He praised it on Twitter and criticized news media coverage that had been harsh about Russia. Mr. Trump, who has sought a warmer relationship with Mr. Putin, has repeatedly scoffed at the notion that Russia was behind the hacking, a stance at odds with members of his own party. At one point, Mr. Trump declared that the hacking may have been the work of ?someone sitting on their bed weighing 400 pounds.? A version of this article appears in print on January 1, 2017, on Page A10 of the New York edition with the headline: Trump Again Expresses Doubts. Order Reprints| Today's Paper|Subscribe From rforno at infowarrior.org Mon Dec 5 10:06:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Dec 2016 16:06:10 -0000 Subject: [Infowarrior] - 2016 GPO Plum Book Released Message-ID: https://www.govinfo.gov/features/2016-plum-book News December 5, 2016 - GPO Releases United States Policy and Supporting Positions The U.S. Government Publishing Office (GPO) has made the 2016 United States Policy and Supporting Positions, or the ?The Plum Book?, available on govinfo and as a mobile web app (no download required). Previous editions of the Plum Book, back to 1996, are also available on govinfo. About the Plum Book Published by the Senate Committee on Homeland Security and Governmental Affairs and House Committee on Government Reform alternately after each Presidential election, the Plum Book lists over 7,000 Federal civil service leadership and support positions in the legislative and executive branches of the Federal Government that may be subject to noncompetitive appointment, nationwide. The duties of many such positions may involve advocacy of Administration policies and programs and the incumbents usually have a close and confidential working relationship with the agency or other key officials. The list originated in 1952 during the Eisenhower administration. For twenty-two years prior, the Democrats controlled the Federal Government. When President Eisenhower took office, the Republican Party requested a list of government positions that President Eisenhower could fill. The next edition of the Plum Book appeared in 1960 and has since been published every four years, just after the Presidential election. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 5 12:37:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Dec 2016 18:37:46 -0000 Subject: [Infowarrior] - Free course: Crypto 101 Message-ID: (c/o DM) Crypto101 Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels. https://www.crypto101.io/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 7 09:19:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Dec 2016 15:19:48 -0000 Subject: [Infowarrior] - CBS: John Kelly nom'd to be next DHS secretary Message-ID: <473F014C-2AE9-4669-9963-C13A63ADE5F9@infowarrior.org> Donald Trump picks Gen. John Kelly for Department of Homeland Security secretary CBS News December 7, 2016, 8:30 AM http://www.cbsnews.com/news/donald-trump-gen-john-kelly-dhs-secretary-department-homeland-security/ Donald Trump is tapping Gen. John Kelly to run the Department of Homeland Security, CBS News confirms. The final request and acceptance, sources told CBS? Major Garrett, occurred while Kelly was traveling in Europe. His pick for DHS secretary will be announced by the transition staff in the coming days. Kelly is the third general tapped by the president-elect, joining Gen. James Mattis, Mr. Trump?s pick to become the next secretary of Defense, and Lt. Gen. Michael Flynn, Mr. Trump?s incoming national security advisor. Like Mattis, Kelly is a Marine with a reputation for bluntness. Kelly was the commander of U.S. Southern Command until earlier this year. In that posting, he oversaw American military operations in South America and Central America. Before that, he commanded American forces numerous times in Iraq, and spent a year as the top Marine in that country. He then was an aide to defense secretaries Leon Panetta and Robert Gates. Created after the 9/11 attacks, the Department of Homeland Security now employs nearly 250,000 people. Trump pledged repeatedly to better secure America?s borders on the campaign trail, and it is likely that Kelly, should he take the position, will be central to that effort. Unlike Flynn, Kelly did not endorse Mr. Trump during the campaign and indicated he would be open to serving in either a Republican or Democratic administration. He has also referred to domestic politics as a ?cesspool? in an interview over the summer with Foreign Policy magazine. Kelly, who served nearly 46 years in the Marine Corps, is the highest-ranking American military official to lose a child in combat since 9/11. His son, Marine Lt. Robert Michael Kelly, was killed in action in Afghanistan in 2010. CBS News? Major Garrett, Christopher Isham, Steve Chaggaris, and Arden Farhi contributed reporting to this story. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 7 17:04:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Dec 2016 23:04:56 -0000 Subject: [Infowarrior] - Flickering lights may illuminate a path to Alzheimer's treatment Message-ID: Flickering lights may illuminate a path to Alzheimer's treatment Melissa HealyContact Reporter http://www.latimes.com/science/sciencenow/la-sci-sn-led-lights-alzheimers-plaques-20161206-story.html New research demonstrates that, in mice whose brains are under attack by Alzheimer?s dementia, exposure to lights that flicker at a precise frequency can right the brain?s faulty signaling and energize its immune cells to fight off the disease. Light therapy for Alzheimer?s is miles from being ready to treat patients ? even those with the earliest signs of the disease. But the new research has already prompted creation of a start-up company ? Cognito Therapeutics Inc. ? to approach the Food and Drug Administration about clinical trials, and to explore ways to deliver precisely calibrated flickers of light to human research subjects. Even if the new research does not yield a treatment for Alzheimer?s, it is expected to deepen understanding of a key player in the disease ? the brain?s dedicated immune system ? and point to ways it can be used to fight the disease. In 2016, 5.4 million Americans are believed to have Alzheimer?s, which causes progressive loss of memory and cognitive function. In a study published Wednesday in the journal Nature, neuroscientists demonstrated that microglia ? immune cells that are a key part of the brain?s cleanup crew ? can be activated by inducing rhythmic electrical impulses in the brain called gamma oscillations. In the region of the brain that processes sight, at least, researchers at the Massachusetts Institute of Technology showed they could induce cells to fire in synchronous gamma oscillation without so much as a needle stick: When they set mice in a box illuminated by LED lights flickering precisely at 40 Hz, the neurons of each animal?s visual cortex began humming along at the same frequency. The effect was dramatic in mice bred to develop the sticky brain plaques and tangles that are a hallmark of Alzheimer?s disease in humans. After only an hour in front of the lights, the scientists found reduced levels of amyloid protein in the visual cortices of the animals. They detected a noticeable uptick in the size and activity of microglia, suggesting that these immune cells were vacuuming up more amyloid protein and stepping up their trash-disposal efforts. Noting that this effect lasted less than a full day, the scientists then gave some of the mice a week of daily sessions in the flickering light. Compared to mice who did not get the weeklong light therapy, those that did had 67% fewer amyloid plaques ? the clumps of amyloid protein that appear to gum up the function of a brain in the grips of Alzheimer?s. And the plaques that they had were, on average, 64% smaller. In mice, these effects were limited to the visual cortex. In humans with Alzheimer?s, that?s not one of the brain regions that gets gummed up early or significantly by amyloid plaques. But the authors of the new research held out hope that the light therapy might induce gamma oscillations, or their immune-boosting effect, more broadly in human brains, or that some change in delivery of the light might extend its effects to brain regions, such as the hippocampus, that are profoundly affected by Alzheimer?s. It?s not hard to induce gamma oscillations naturally: Our neurons achieve such synchrony when we are learning, paying attention or engaging our short-term memory. But getting populations of neurons to fire in such resonance is hard even for the healthy to sustain for very long, and with the onset of many brain diseases, it becomes harder. The new findings are a welcome victory for an approach to treating Alzheimer?s disease that has fallen on hard times. Just two weeks ago, Eli Lilly & Co. researchers acknowledged disappointing clinical trial results for solanezumab, an experimental therapy that also aimed to prevent or slow Alzheimer?s by blocking the formation of amyloid plaques. Some scientists have grown discouraged with treatment efforts that focus on such ?biomarkers? of the disease in the brain. Others, including the authors of the new paper, suggest instead that scientists aren?t using such therapies early enough, or that they just haven?t found the best way to prevent the protein clumping and the cascade of cell death that follows. ?I think we have something very fundamentally different? from previous attempts to develop an anti-amyloid treatment for Alzheimer?s disease, said Li-Huei Tsai, a senior author of the new paper. The light therapy ?doesn?t involve any chemicals or small molecules that have to be delivered directly into your body,? said Tsai, who directs MIT?s Picower Institute for Learning and Memory. While its effects still must be tested in humans, she said that inducing gamma waves with flickering light gets around some of the problems that have doomed so many experimental Alzheimer?s medications. Among those problems have been unintended drug effects and the inability of some drugs to reach the brain from the bloodstream. ?We just directly recruit other neurons and other cell types in the brain to sort of enable the brain?s inner ability to repair itself,? Tsai said. She described the flickering light that kick-starts the process as ?very low intensity, very ambient, very soft light.? ?You can hardly see the flicker itself, actually,? she added. The researchers focused on gamma oscillations in the brain partly because these synchronized brain rhythms are severely reduced in the hippocampus and other regions acutely affected by Alzheimer?s. To establish that increasing gamma oscillations would energize microglial cells in structures such as the hippocampus, the team first used optogenetics, a technique in which lights implanted into the brain are used to turn specially tagged brain cells off and on. That technique essentially established the link between gamma oscillations and activation of the brain?s immune cells. But the researchers reasoned that optogenetics would ultimately be too intrusive to use in a human treatment. So they began exploring ways to energize those special cells in less invasive ways. Gamma oscillation and immune system activity also appear to be reduced in other neuropsychiatric conditions, including autism, Parkinson?s disease and schizophrenia. Tsai said her lab and others have begun collaborating to explore the possible benefits of light therapy for those diseases as well. Keith Fargo, director of scientific programs and outreach at the Alzheimer?s Assn., cautioned that it?s not time yet for those worried about Alzheimer?s to go looking for LED lights that emit electromagnetic radiation in the gamma range. The value of the new research, he said, lies mostly in what it reveals about the role of the immune system in Alzheimer?s disease. ?It?s more like a proof of concept that you can, in various ways, improve brain synchronicity and stimulate the immune system,? said Fargo, who was not involved in the new research. ?What?s important here is that you can harness the immune system, whether with a drug or a noninterventional method like this,? to fight Alzheimer?s, he added. ?We?re not all going to go out and get 40-hertz light bulbs for our brains,? he said. Senior study coauthor Edward S. Boyden, a pioneer in optogenetics, echoed that caution and the hope is that the new research will generate broader insights into the brain?s electrical oscillations and its self-repair mechanisms. ?There may be other ways to engage these circuits,? said Boyden, a professor of bioengineering and brain and cognitive sciences at MIT. ?There may be a universal circuit motif that can be found in many regions.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 7 17:11:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Dec 2016 23:11:30 -0000 Subject: [Infowarrior] - American and British Spy Agencies Targeted In-Flight Mobile Phone Use Message-ID: <3EE265E9-14AA-41E9-B07A-25544F9E1C28@infowarrior.org> American and British Spy Agencies Targeted In-Flight Mobile Phone Use Jacques Follorou, Le Monde https://theintercept.com/2016/12/07/american-and-british-spy-agencies-targeted-in-flight-mobile-phone-use/ In the trove of documents provided by former National Security Agency contractor Edward Snowden is a treasure. It begins with a riddle: ?What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight.? This riddle appeared in 2010 in SIDtoday, the internal newsletter of the NSA?s Signals Intelligence Directorate, or SID, and it was classified ?top secret.? It announced the emergence of a new field of espionage that had not yet been explored: the interception of data from phone calls made on board civil aircraft. In a separate internal document from a year earlier, the NSA reported that 50,000 people had already used their mobile phones in flight as of December 2008, a figure that rose to 100,000 by February 2009. The NSA attributed the increase to ?more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought.? The sky seemed to belong to the agency. In a 2012 presentation, Government Communications Headquarters, or GCHQ, the British equivalent of the NSA, in turn disclosed a program called ?Southwinds,? which was used to gather all the cellular activity, voice communication, data, metadata, and content of calls on board commercial aircraft. The document, designated ?top secret strap,? one of the highest British classification levels, said the program was still restricted to the regions covered by satellites from British telecommunications provider Inmarsat: Europe, the Middle East, and Africa. An image of Inmarsat?s ?unparalleled broadband experience in the sky.? Source: Inmarsat.com The data was collected ?in near real time? and an aircraft could be ?tracked? every two minutes, according to the presentation. To spy on a telephone, all that was required was that the aircraft be cruising at an altitude above 10,000 feet. Secret aerial stations on the ground could intercept the signal as it transited through a satellite. The simple fact that the telephone was switched on was enough to give away its position; the interception could then be cross-referenced with the list of known passengers on the flight, the flight number, and the airline code to determine the name of the smartphone user. GCHQ and the NSA used bird names to refer to programs involving the surveillance of in-flight telephone calls; examples include ?Thieving Magpie? and ?Homing Pigeon,? as we learn from Glenn Greenwald in his 2014 book ?No Place to Hide.? Le Monde examined information about the surveillance of aircraft and their passengers around the world between 2005 and 2013, including unpublished documents from the Snowden archives; the evidence demonstrates that from an early date, Air France drew particular attention from the United States and the United Kingdom. Air France was targeted as early as 2005, as disclosed in an NSA document setting out the broad outline of a program for ?worldwide civilian aircraft tracking.? Dated July 5, the 13-page memo provides a chronological, detailed list of the main stages of the program. The document stated that based on a CIA report, some or all ?Air France and Air Mexico flights? had been ?possible terrorist targets? since late 2003. The legal department of the NSA found ?no problem with targeting Air France and Air Mexico flights overseas,? and ?when the flights enter U.S. airspace, they should be more than covered by the U.S. air traffic control system.? In February 2005, these same lawyers outlined legal procedures be adopted for such collection. The naming of Air France as a risk to the U.S. was not just a simple hypothesis by a few NSA technicians. An impressive circle of security and intelligence officials were informed of the purported danger represented by the French company. The 2005 NSA memo was sent to roughly 20 recipients, including the North American Air Defense Command; the CIA; the Department of Homeland Security; the National Reconnaissance Office, which operates satellites for the U.S. government; the Defense Intelligence Agency; and the Air Force chief of staff. This fixation with Air France continued in the years that followed. Air France first tested the in-flight use of a smartphone on service from Paris to Warsaw on December 17, 2007. As an Air France spokesperson confirmed to Le Monde, ?We began early, but since then, we have carried out tests continuously and today, like other companies, we are getting ready to move directly to Wi-Fi on board.? Questioned by Le Monde about the British and American surveillance activities, the company?s response was measured: ?We are visibly not the only ones to have been targeted and we know absolutely nothing about these practices.? In its 2012 presentation, GCHQ observed that 27 companies had already enabled or were about to enable passenger use of mobile phones, particularly in first and business class on long-haul flights. These included British Airways (which only enabled data and SMS functions), Hong Kong Airways, Aeroflot, Etihad, Emirates, Singapore Airways, Turkish Airlines, Cathay Pacific, and Lufthansa. Air France, however, is synonymous with the surveillance of in-flight calls to the extent that the GCHQ presentation used a full-page sketch of one of its planes to illustrate the working of in-flight interception in the presentation. As an example of their know-how, GCHQ and the NSA provide numerous examples of calls intercepted on board commercial flights. The examples show that data was intercepted on March 23, 2012, at 1:56 p.m. on the UAE airline Etihad?s flight 8271 between JFK and Denver; on an Aeroflot?s Nice-Moscow flight on May 20, 2011, and subsequently that same year; on Qatar Airways flights from Milan to Doha and from Athens to Doha; and from Jeddah to Cairo (Saudi Airlines) and from Paris to Muscat (Oman Air). Data collection was also conducted against BlackBerrys, according to the presentation, which identified BlackBerry PIN codes and email addresses on an aircraft on January 2, 2012, at 10:23 a.m., but did not include destination or the airline company. The spoils of war ? observed phone uses ? are proudly listed in the GCHQ presentation: voice communication, data, SMS, Webmail, Webchat, social networks (Facebook, Twitter, etc.), travel apps, Google Maps, currency converters, media, VOIP, BitTorrent, and Skype. In the course of its intrusion exercises, GCHQ discovered, somewhat to its surprise, that it is not alone in its interest in these in-flight communications. GCHQ notes that the Russian company Aeroflot has set up a system of specific connections for GSM phones on its aircraft ?presumably for legal intercept,? as the agency remarks in a technical memo. Today, approximately 100 companies permit in-flight use of telephones. ?Customers now consider it normal, even necessary, to remain connected in flight,? an Air France spokesperson said. Aviation security authorities have all approved the use of GSM phones on board aircraft and the experts estimate that the years 2016, 2017 and 2018 will go down in history as the years of the in-flight mobile phone, in particular with the long-term installation of in-flight Wi-Fi. This will further extend the scope of espionage by providing a pool of potential targets comprising several hundreds of thousands of people, a level of popularity anticipated by the NSA seven years ago. This implies a population that goes far beyond terrorist targets. The political or economic surveillance of passengers in business or in first class on long-haul flights could be put to many other uses. There is no limit to surveillance activities and each novelty is a technical challenge to be met. The intelligence services even seem to be slightly jaded. In the 2010 newsletter article, NSA analysts were already thinking further afield. ?What?s next, trains? We?ll have to keep watching ?? This article was published today in Le Monde. It is the result of a collaboration with The Intercept and is based on documents provided by NSA whistleblower Edward Snowden. GCHQ responded to Le Monde with a statement that it does not comment on intelligence matters and that its activities are ?authorized, necessary and proportionate? and ?entirely compatible with the European Convention on Human Rights.? NSA said its activities complied with U.S. law and policy and declined to comment further. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 8 14:52:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Dec 2016 20:52:42 -0000 Subject: [Infowarrior] - John Glenn, first American to orbit the Earth, dies at 95 Message-ID: <61F0DEE1-745B-4747-BC13-5C562D6C9A8F@infowarrior.org> John Glenn, first American to orbit the Earth, dies at 95 https://www.washingtonpost.com/national/john-glenn-first-american-to-orbit-the-earth-dies-at-95/2016/12/08/98863c00-b967-11e6-a677-b608fbb3aaf6_story.html John Glenn, who captured the nation?s attention in 1962 as the first American to orbit the Earth during a tense time when the United States sought supremacy over the Soviet Union in the space race, and who rocketed back into space 36 years later, becoming the oldest astronaut in history, died Dec. 8 at a hospital in Columbus, Ohio. Mr. Glenn, who in his post-NASA career served four terms as a U.S. senator from Ohio, was 95. The death was confirmed by Hank Wilson, communications director at the John Glenn College of Public Affairs at Ohio State University. Mr. Glenn had a stroke after heart-valve replacement surgery in 2014, but the immediate cause was not announced. Mr. Glenn was one of the seven original astronauts in NASA?s Mercury program, which was a conspicuous symbol of the country?s military and technological might at the height of the Cold War. He was not the first American in space ? two of his fellow astronauts preceded him ? but his three-orbit circumnavigation of the globe captured the imagination of his countrymen like few events before or since. Mr. Glenn was the last survivor of the Mercury Seven. In an era when fear of encroaching Soviet influence reached from the White House to kindergarten classrooms, Mr. Glenn, in his silver astronaut suit, lifted the hopes of a nation on his shining shoulders. When he emerged smiling from his Friendship 7 capsule after returning from space, cheers echoed throughout the land. ?You had to have been alive at that time to comprehend the reaction of the nation, practically all of it,? author Tom Wolfe, who coined the phrase ?the right stuff? to describe Mr. Glenn and the other Mercury astronauts, wrote in a 2009 essay. ?John Glenn, in 1962, was the last true national hero America has ever had.? After he was elected to the U.S. Senate from Ohio in 1974, Mr. Glenn served on Capitol Hill for 24 years and made a halfhearted run for the Democratic presidential nomination in 1984. When he was 77 and completing his fourth Senate term in 1998, he had one final flight of glory, returning to space as a crew member aboard the space shuttle Discovery. As heroes go, the freckle-faced Mr. Glenn appeared unassuming and seemed to embody the middle-American values of modesty, steadiness and hard work. He had climbed the ranks of the Marine Corps, becoming a full colonel, by accepting the most dangerous assignments and never flinching under pressure. He flew 149 combat missions in two wars and was a test pilot in the 1950s, when faster-than-sound airplanes often veered out of control and crashed in smoking heaps. When he joined the astronaut corps in 1959, no one knew whether a human being could survive the ordeals of space travel. Yet for all the risks he faced, Mr. Glenn was a man of careful preparation and quiet responsibility. ?Godspeed, John Glenn? On Oct. 4, 1957, the Soviet Union made a bold advance on the Cold War chessboard by launching Sputnik, the first man-made satellite to orbit Earth. In response, the U.S. government formed NASA in 1958 amid widespread fear that the country was falling behind the Soviets in technology and military strength. Of the seven original astronauts of the Mercury program ? the others were M. Scott Carpenter, L. Gordon Cooper Jr., Virgil I. ?Gus? Grissom, Walter M. ?Wally? Schirra Jr., Alan B. Shepard Jr. and Donald K. ?Deke? Slayton ? Mr. Glenn was the oldest and the lone Marine. A lieutenant colonel at the time, he also had the highest rank and the most combat experience. He did not drink, smoke or swear and maintained a disciplined, straight-arrow manner while training in Cocoa Beach, Fla., near NASA?s space center at Cape Canaveral. Comfortable in front of cameras ? which followed the astronauts everywhere after they signed a $500,000 deal with Life magazine for a series of exclusive stories ? Mr. Glenn was in many ways the public face of NASA. Privately, however, there was friction among the ?Magnificent Seven,? as the Mercury astronauts were dubbed in the news media. Concerned that some of his colleagues? dalliances with women could lead to bad publicity and jeopardize the manned space program, Mr. Glenn confronted his fellow astronauts, admonishing them to avoid any semblance of wrongdoing. ?There was no doubt whatsoever that Glenn meant every word of it,? Wolfe wrote in his 1979 book, ?The Right Stuff.? ?When he got his back up, he was formidable. He was not to be trifled with.? Not all of the astronauts were pleased with Mr. Glenn?s righteousness, however, and Shepard told him to mind his own business. ?His moralizing led to colorful and heated exchanges among the pilots, and it wasn?t pleasant banter,? Shepard and Slayton wrote in their 1995 book, ?Moon Shot.? When the astronauts voted among themselves to confer the honor of being the first American in space, they chose Shepard. On May 5, 1961, Shepard had a 15-minute suborbital space flight, followed two months later by Grissom on a similar mission. But two Soviet cosmonauts had already circled the Earth by August 1961. Mr. Glenn?s turn came on Feb. 20, 1962. After 11 delays because of bad weather or faulty equipment, he sat in his tiny space capsule, the Friendship 7, atop an MA-6 rocket that had failed in 40 percent of its test flights. After liftoff at 9:47 a.m., backup pilot Carpenter said on national television, ?Godspeed, John Glenn.? The moment was shared by practically the entire nation, as a television audience of 135 million ? the largest up to that time ? witnessed the launch. The flight plan called for seven orbits, but after the first, the capsule began to wobble. Mr. Glenn overrode the automatic navigation system and piloted Friendship 7 with manual controls for two more orbits, reaching a height of 162 miles above the Earth?s surface. Midway through the flight, a warning light indicated that the heat shield, which would protect the capsule during its reentry into Earth?s atmosphere, may have come loose. Without a heat shield, it was possible that Mr. Glenn could burn up inside the capsule as it raced back from space. As Friendship 7 was descending, all radio contact was lost. Shepard, acting as ?capsule communicator? from Cape Canaveral, tried to reach Mr. Glenn in his spacecraft, saying, ?How do you read? Over.? After about 4 minutes and 20 seconds of silence, Mr. Glenn could finally be heard: ?Loud and clear. How me?? ?How are you doing?? Shepard asked. ?Oh, pretty good,? Mr. Glenn casually responded, later adding, ?but that was a real fireball, boy.? Exterior pieces of the capsule?s had broken off during reentry and burst into flame. A defective warning light caused much of the panic, but during those four tense minutes, it was feared that Mr. Glenn had been lost ? along with the promise of the space program. When he splashed down in the Atlantic Ocean after 4 hours 56 minutes aloft, Mr. Glenn emerged as an almost mythic figure who had scaled heights no American had reached before. ?I was fully aware of the danger,? he said in 1968. ?No matter what preparation you make, there comes the moment of truth. You're playing with big stakes ? your life. But the important thing to me wasn?t fear but what you can do to control it.? He was greeted upon his return by President John F. Kennedy and Vice President Lyndon B. Johnson. After an estimated 1 million spectators crowded the streets of Washington, Mr. Glenn insisted that the other six Mercury astronauts join him for a parade before 4 million people in New York. ?During his ticker-tape parade up Broadway,? Wolfe wrote, ?you have never heard such cheers or seen so many thousands of people crying.? From pilot to politics John Herschel Glenn Jr. was born July 18, 1921, in Cambridge, Ohio, and grew up in New Concord, Ohio. His father ran a plumbing supply business and later had a Chevrolet dealership. His mother taught at an elementary school. Mr. Glenn was an honor student in high school, lettered in three sports and played trumpet in the band. At Muskingum College in New Concord, he was a reserve center on the football team. He took flying lessons in his teens and left college early in 1942 to enter a Navy pilot training program before transferring to the aviation branch of the Marine Corps. On April 6, 1943, he married Anna ?Annie? Castor, whom he had known since childhood. During World War II, Mr. Glenn flew 59 missions as a fighter pilot and took part in the Marshall Islands campaign in the Pacific. He was stationed on Guam in the Western Pacific and was a flight instructor in Texas before returning to action in the Korean War. He was in the same squadron in Korea as baseball star Ted Williams and flew 90 missions as a jet fighter pilot. He once returned with more than 200 holes shot through the fuselage and wings of his plane. Attached to an Air Force unit, Mr. Glenn shot down three Soviet-made MiGs during the final nine days of the war in 1953, leading his crew to paint ?MiG Mad Marine? on the side of his F-86 Sabre jet. After Korea, Mr. Glenn was a test pilot at the naval air station at Patuxent River, Md., and set a transcontinental speed record on July 16, 1957, by flying an F8U-1 Crusader jet coast to coast in 3 hours 23 minutes. He worked at the Navy?s Bureau of Aeronautics and eventually was awarded a bachelor?s degree by Muskingum. He also found time in 1957 to appear on the game show ?Name That Tune? with child actor Eddie Hodges. They split $25,000 in prize money, which was more than Mr. Glenn?s annual pay as a test pilot. When NASA began recruiting a team of astronauts, it sought skilled pilots who could withstand rigorous physical and psychological testing and who ? to fit into cramped space capsules ? were shorter than 5 feet 11 inches tall. (Mr. Glenn was 5-foot-101 / 2 .) With their courage and know-how, the Mercury astronauts embodied the spirit of the ?New Frontier? espoused by Kennedy, and Mr. Glenn became friends with the youthful president and his brother Robert F. Kennedy, the attorney general. Encouraged by the Kennedy family, Mr. Glenn resigned from the astronaut corps in 1964 to run for the U.S. Senate in Ohio. He dropped out after slipping on a rug and striking his head on a bathtub, resulting in inner-ear problems that required extensive medical treatment. In 1965, he retired from the Marine Corps, having received six Distinguished Flying Crosses and 19 Air Medals. He then became an executive with Royal Crown Cola, invested in real estate and worked with a management company that operated Holiday Inns, particularly around Orlando. Within a few years, he was a millionaire. Mr. Glenn stayed close to the Kennedys and was at the Ambassador Hotel in Los Angeles when Robert Kennedy was assassinated in June 1968. He accompanied five of Kennedy?s 10 children (an 11th was born after his death) back to their home in McLean, Va. The next morning, Mr. Glenn informed the other children that their father had been killed. ?When Bob died, I had to sit on the edge of the bed as each child was waking up and tell them their dad was not coming home,? Mr. Glenn told a Muskingum audience in 1997. ?It was one of the hardest things I ever did.? He was a pallbearer at Robert Kennedy?s funeral at Arlington National Cemetery and handed the flag from the coffin to Sen. Edward M. Kennedy (D-Mass.). Soon afterward, Mr. Glenn helped organize a group that successfully lobbied for passage of a national gun control act in 1968. ?I have held a job, Howard? Making a second bid for the Senate in 1970, Mr. Glenn called for the withdrawal of U.S. troops from Vietnam, but he lost the Democratic primary in Ohio to businessman Howard M. Metzenbaum. Then-Rep. Robert Taft Jr., a Republican, won the general election. Early in 1974, Metzenbaum was appointed to the Senate to fill the expiring term of William B. Saxbe, who resigned to become U.S. attorney general. When Metzenbaum ran for a full Senate term that year, Mr. Glenn challenged him again in the primary. At a time when the military was unpopular, Metzenbaum repeatedly called Mr. Glenn ?colonel? and questioned his ability as a leader, saying he had never ?met a payroll.? The comment was widely seen as an insult, insinuating that Mr. Glenn had never held a ?real? job. In a debate with Metzenbaum, the retired Marine flashed the steel beneath his benign Midwestern smile. ?I served 23 years in the United States Marine Corps,? Mr. Glenn said. ?I was through two wars. I flew 149 missions. My plane was hit by antiaircraft fire on 12 different occasions. ?I was in the space program. It wasn?t my checkbook, it was my life that was on the line. .?.?. I ask you to go with me . . . to a veterans hospital, and look those men with their mangled bodies in the eye and tell them they didn?t hold a job. ?You go with me to any Gold Star mother, and you look her in the eye and tell her that her son did not hold a job. ?.?.?. Stand in Arlington National Cemetery ? where I have more friends than I like to remember ? and you watch those waving flags . . . and you tell me that those people didn?t have a job. ?I tell you, Howard Metzenbaum, you should be on your knees every day of your life thanking God that there were some men ? some men ? who held a job. . . . And their self-sacrifice is what has made this country possible. ?I have held a job, Howard.? The powerful ?Gold Star Mother? speech, recognizing families that had lost children in foreign wars, quickly turned the polls in Mr. Glenn?s favor. He defeated Metzenbaum in the primary and then easily won the November general election, sweeping all of Ohio?s 88 counties. Reelected in 1980, 1986 and 1992, Mr. Glenn was the first senator from Ohio to win four consecutive elections. A senator in space On Capitol Hill, Mr. Glenn was a strong supporter of the military and an authority on intelligence issues. He supported a woman?s right to abortion and was an advocate of campaign finance reform, national health insurance and medical research. He sponsored bills to improve the safety of nursing homes, reduce government paperwork and limit nuclear proliferation. As chairman of the Governmental Affairs Committee from 1988 to 1994, he helped create the Department of Veterans Affairs. In the late 1980s, Mr. Glenn?s political action committee accepted a contribution from financier Charles H. Keating Jr., who was at the center of a nationwide savings-and-loan scandal. The Senate Ethics Committee ruled that Mr. Glenn ?exercised poor judgment,? but he was cleared of any wrongdoing. He made a run for the 1984 Democratic presidential nomination but proved to be an awkward campaigner and quit the race early, saying, ?I humiliated my family, gained 16 pounds and went millions of dollars into debt.? On Feb. 20, 1997, the 35th anniversary of his spaceflight, Mr. Glenn announced that he would not run for reelection in 1998. He established a public policy institute at Ohio State University and wrote his memoirs. In 2012, Mr. Glenn was awarded the Presidential Medal of Freedom, the nation?s highest civilian honor. In addition to his wife, of Columbus and Bethesda, Md., survivors include two children, J. David Glenn of Berkeley, Calif., and Carolyn ?Lyn? Glenn of St. Paul, Minn.; and two grandsons. Revered for his heroism as an astronaut, Mr. Glenn remained close to the space program long after leaving NASA. In 1986, immediately after the explosion of the space shuttle Challenger, he made a little-publicized trip to Cape Canaveral to comfort the families of astronauts killed in the disaster. Every year, he sent the results of his physical exams to NASA, just in case. At 75, he could still do 75 push-ups. In 1996, he set a flying record by piloting a twin-engine plane from Dayton, Ohio, to Washington in 1 hour, 36 minutes. When Mr. Glenn was named to the crew of the space shuttle Discovery, skeptics said NASA was awarding him a vanity flight to make him, at 77, the oldest person ever to go into space. During the nine-day mission in 1998, Mr. Glenn helped film the flight and took part in experiments on aging. He made one of his final public appearances in June 2016, when the Columbus airport was renamed in his honor. His return to space was a reminder of what he had accomplished more than three decades earlier, when he soared into the heavens and gave renewed hope to a grateful nation. ?People are afraid of the future, of the unknown,? he said in 1962. ?If a man faces up to it and takes the dare of the future, he can have some control over his destiny.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Dec 9 06:13:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Dec 2016 12:13:30 -0000 Subject: [Infowarrior] - John Glenn: The Last American Hero? Message-ID: John Glenn: The Last American Hero? Dale Butland http://www.nytimes.com/2016/12/08/opinion/john-glenn-the-last-american-hero.html?_r=0 Columbus, Ohio ? World War II and Korean War hero. First American to orbit the Earth. Kennedy family friend and confidant. The only four-term senator in Ohio history. An astronaut again at the age of 77. Newspaper writers and evening news broadcasters will detail John Glenn?s one-of-a-kind biography ? and most of them will surely observe that his passing on Thursday at the age of 95 marks ?the end of an era.? To me, John actually personified an era ? one that, like him, has largely passed from the scene and may never again be recaptured. It was a period whose values were forged during the Great Depression, tested in the bloodiest war and expressed most clearly at the personal level by the interlocking virtues of modesty, courage and conviction. Beginning in 1980 and continuing for nearly two decades, I was lucky enough to work for him, including as press secretary and director of his final re-election campaign in 1992. We were also friends, and I will cherish having been able to speak with him shortly before he died. Despite his international celebrity, the ticker-tape parades and the schools and streets named in his honor, John never let any of it go to his head. He dined with kings, counseled presidents and signed autographs for athletes and movie stars. But he never pulled rank, rarely raised his voice and remained unfailingly polite and conscious of his responsibilities as a hero and a role model until the day he died. The courage John displayed wasn?t merely physical, though he certainly had plenty of that. Anyone who flew 149 combat missions in two wars as a Marine fighter pilot ? and then volunteered to become a Mercury 7 astronaut at a time when our rockets were just as likely to blow up on the launchpad as they were to return home safely ? obviously had physical courage to spare. But for me, even more impressive was John?s personal and political bravery, especially when it came to defending the values and friends he held dear. Perhaps the best example of what I?m talking about occurred in an incident that, to the best of my knowledge, he never publicly disclosed. Following his 1962 spaceflight, John and Robert F. Kennedy became such close friends that their families sometimes vacationed together. By 1968, John had retired from the Marine Corps and taken a job as president of a major American corporation?s international division. ?We were living in New York, and they were paying me $100,000 a year, which at that time was real money,? he told me. ?For the first time in our lives, Annie and I didn?t have to worry about putting our kids through college or helping our parents financially as they got older.? That spring, Mr. Kennedy decided to run for president and John readily agreed to campaign for him. John?s employer, however, wasn?t keen on having its highest profile executive publicly supporting Mr. Kennedy. So John was soon summoned to an ?emergency meeting? of the corporate board where a resolution was to be passed barring any board member from ?engaging in partisan politics in 1968.? When the meeting was called to order, John rose from his seat to say that there was something his colleagues should know before taking a vote. ?Bob Kennedy asked me to campaign for him and I told him I would. And I will, because he is my friend. And if keeping my word means I can?t be associated with this company any longer, I can live with that. ?But if that?s what happens, we?re going to walk out of this room and you?re going to hold your press conference and I?m going to hold mine. And we?ll see who comes out better.? No vote was called and the meeting was quickly adjourned. John?s politics, of course, aren?t the point of this story. To me, it was his fierce determination to keep a promise to a friend, even at the expense of sacrificing the first real financial security he and his family had ever known. It?s the kind of courage we don?t see much anymore. When John passed away, we lost a man who many say is the last genuine American hero. Not because others won?t do heroic things, but because national heroes aren?t easily crowned or even acknowledged in this more cynical age. He belonged to an earlier and more innocent era ? when we trusted our institutions, thought government could accomplish big and important things, still believed politics could be a noble profession, and didn?t think that ticker-tape parades were reserved for World Series or Super Bowl champions. But the last ?good? war ended almost 70 years ago. The Cold War is almost 30 years past. The space program has lost its luster. The clarity with which John saw honor and moral responsibility seems almost quaint today. And the time when we could all cheer for the same national hero may now be past. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Dec 9 06:18:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Dec 2016 12:18:32 -0000 Subject: [Infowarrior] - HBO took down girl's painting because it used 'Winter Is Coming, ' dad says Message-ID: HBO took down girl's painting because it used 'Winter Is Coming,' dad says Chris Matyszczyk https://www.cnet.com/news/hbo-took-down-girls-painting-because-it-says-winter-is-coming-says-dad/#ftag=CAD590a51e Today's topic is: Do lawyers ever go too far? One dad thinks they might. Jonathan Wilcox from Edwinstowe in the UK says HBO's lawyers have taken something of a disliking to his 13-year-old daughter's art. As the Register reports, she was participating in Huevember, an art challenge that asks competitors to choose a color a day and draw something. Wilcox's daughter drew a painting of a young woman, with, as it turned out, a contentious set of words above it. "She was uploading her pictures to a variety of sites and sharing them on Facebook," Wilcox told the Register. "For this particular piece, she decided to title it 'Winter is Coming.'" One of the sites she posted it to was Redbubble. This is a site for independent artists, where you can buy their works. Wilcox says he doesn't believe that his daughter was trying to make money. But along, he says, came HBO on a black, snarling dragon. It owns the trademark to the phrase "Winter Is Coming," words which my innards scream every time my girlfriend wants to watch "Game Of Thrones." Should you have managed to avoid this show -- and I commend you for that -- the line is uttered to express the onset of dark times. HBO's lawyers, says Wilcox, asked Redbubble to take his daughter's painting down. "HBO should get a life or stick something where the sun doesn't shine," he told the Register. Redbubble's regional counsel Paul Gordon told me that he hadn't personally seen the takedown notice, but confirmed that the painting had been removed after a request from HBO. "To clarify, that doesn't mean Redbubble has formed an opinion either way as to whether the work is infringing," he said. "Like most other online marketplaces, we operate under the framework of the Digital Millennium Copyright Act, meaning we have a legal obligation to act on takedown notices that contain the prescribed elements in our IP/Publicity Rights Policy." Artists can object and file a counter-notice. However, Gordon told me Redbubble hasn't received one from Wilcox's daughter. For its part, HBO didn't immediately respond to a request for comment. Wilcox told the Register that his daughter is autistic. He encourages people to "boycott any HBO production, as they go around picking on and upsetting disabled children who have acted in total innocence." I have a better solution. There's one person who could dissect this situation with a little verve and vigor and fight for the little person: John Oliver. Yes, the the Brit who does those wonderful, um, takedowns on HBO. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Dec 10 07:21:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Dec 2016 13:21:40 -0000 Subject: [Infowarrior] - =?utf-8?q?Unpacking_the_New_CIA_Leak=3A_Don?= =?utf-8?q?=E2=80=99t_Ignore_the_Aluminum_Tube_Footnote?= Message-ID: Unpacking the New CIA Leak: Don?t Ignore the Aluminum Tube Footnote https://www.emptywheel.net/2016/12/09/unpacking-new-cia-leak-dont-ignore-aluminum-tube-footnote/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Dec 10 18:15:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Dec 2016 00:15:28 -0000 Subject: [Infowarrior] - Twitter says no to law enforcement protest policing tool Message-ID: <1ADD2EE1-9C07-4639-926A-38BF0471F298@infowarrior.org> Twitter says no to law enforcement protest policing tool https://www.engadget.com/2016/12/10/twitter-says-no-to-law-enforcement-protest-policing-tool/ Media Sonar was used to track protestors by hashtag and keywords. Remember, using Twitter's data feed for spying and surveillance is a violation of the service's developer agreement. With the list of keywords, the Northern California chapter of the American Civil Liberties Union's evidence suggests that Media Sonar was selling itself as a way to monitor African Americans specifically. One column groups keywords together under a heading named "Mike Brown Related." Mike Brown was the unarmed black teenager shot by a white police officer in Ferguson, Missouri in 2014. Further documents (PDF) show that the firm pitches itself as a way to "avoid the warrant process when identifying social media accounts for particular individuals." What's more, the company apparently directed law enforcement officials to not mention the Media Sonar by name in court, instead using "proprietary search engine" or "internet tools" when pressed for information under oath. It's a far cry from issuing cyanide capsules to its customers, but still pretty telling of the company's intent to keep its secrets safe. This isn't the first time Twitter has done this, and it likely won't be the last organization to mine social media data for policing. This fall, Facebook, Instagram and Twitter cut off access to tracking systems from Geofeedia. We've reached out to Twitter for more information and will update this post should it arrive. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 12 16:33:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Dec 2016 22:33:45 -0000 Subject: [Infowarrior] - Fiorina for DNI???? Message-ID: If true, my only response? DAFUQ? -- rick Trump considering Fiorina for director of national intelligence: New York Times http://www.reuters.com/article/us-usa-trump-fiorina-idUSKBN14122B REUTERS/Shannon Stapleton U.S. President-elect Donald Trump spoke on Monday to former chief executive of Hewlett-Packard Carly Fiorina about the job of director of national intelligence, the New York Times reported, citing a senior Trump transition team member. Fiorina, once a rival for the White House Republican nomination who clashed with Trump during primary debates, visited Trump Tower, his transition team said on a conference call. (Reporting by Tim Ahmann; Writing by Eric Walsh; Editing by Doina Chiacu) -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 12 16:37:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Dec 2016 22:37:24 -0000 Subject: [Infowarrior] - Netgear working to fix flaw that left thousands of devices open to attack Message-ID: <3E269234-C983-4D4F-B798-9E8DA09C7A5C@infowarrior.org> Netgear working to fix flaw that left thousands of devices open to attack Several routers in the Nighthawk line affected, CERT recommends customers discontinue use CSO | Dec 12, 2016 4:00 AM PT A remotely exploitable vulnerability in the Nighthawk line of Netgear routers was disclosed on Friday. The flaw leaves customers exposed to having their connections hijacked, as someone exploiting the vulnerability can take complete control of the device. Despite having months to address the problem, Netgear has yet to publish a fix. The vulnerability was discovered in August by Andrew Rollins, a security researcher from St Louis, MO. Rollins, who uses the handle Acew0rm, notified Netgear about the problem on August 25, but the company never responded to him. After waiting a few months, Rollins disclosed the vulnerability to the public, where it was brought to the attention of CERT. If exploited, an attacker could issue basic commands to the device by appending them to the end of a specially crafted URL. Such commands could enable Telnet, or otherwise provide full control to the attacker. < -- > http://www.csoonline.com/article/3148695/security/netgear-working-to-fix-flaw-that-left-thousands-of-devices-open-to-attack.html -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 13 14:27:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Dec 2016 20:27:17 -0000 Subject: [Infowarrior] - Researchers Find Vulnerability That Enables Accounting Fraud, PwC Decides The Best Response Is A Legal Threat Message-ID: (Some idiocy never changes. -- rick) Researchers Find Vulnerability That Enables Accounting Fraud, PwC Decides The Best Response Is A Legal Threat from the you're-not-helping dept For years now, we've noted that some companies apparently think it's a good idea to punish security researchers that expose vulnerabilities in their products, even when the researchers use the proper channels to report their findings. This kind of absurdity runs hand-in-hand with international attempts to criminalize security research -- or the tools researchers use -- to do their jobs. Obviously, this kind of behavior has one tangible end result: it makes all of us less secure. The latest chapter in this saga of myopic bumbling comes courtesy of PwC, which for whatever reason decided that the best response to a major security flaw found in one of the company's products was to to fire off a cease and desist letter aimed at the researchers. More specifically, Munich-based ESNC published a security advisory earlier this month documenting how a remotely exploitable bug in a PwC security tool could allow an attacker to gain unauthorized access to an impacted SAP system. The advisory was quick to point out that the vulnerability could allow a hacker to manipulate accounting documents and financial results and commit fraud, if they were so inclined .... < - > https://www.techdirt.com/articles/20161213/07484536261/researchers-find-vulnerability-that-enables-accounting-fraud-pwc-decides-best-response-is-legal-threat.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Dec 14 16:55:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Dec 2016 22:55:46 -0000 Subject: [Infowarrior] - Yahoo discloses 1 billion accounts breached Message-ID: Yahoo discloses 1B account breach Elizabeth Weise , USATODAY 5:46 p.m. EST December 14, 2016 http://www.usatoday.com/story/tech/news/2016/12/14/yahoo-discloses-likely-new-1-billion-account-breach/95443510/ SAN FRANCISCO ? Yahoo on Wednesday disclosed a breach that took place in August of 2013 which may have resulted in data associated with more than one billion user accounts being stolen. This new, 1-billion-account breach is separate from a 500-million-account breach the company disclosed in September. At the time, the 500-million-account breach was the largest on record. Yahoo said in September that it believed the 500-million-account breach was linked to a state-sponsored actor. In Wednesday's statement the company said is has connected some of the activity associated with the 1-billion-account breach to the same same state-sponsored actor. Yahoo did not say what country it believed the state-sponsored actor was working for. Verizon is in the process of acquiring Yahoo. In a statement, it said "As we?ve said all along, we will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions.? November disclosure Yahoo disclosed in November that a law enforcement officials had given it data files showing what appeared to be evidence that an unknown third party had access to Yahoo user data. Yahoo brought in outside forensic experts and confirmed that the data was in fact from Yahoo users. As part of that analysis, Yahoo now says it believes the attacker ?stole data associated with more than one billion user accounts,? the company said in a release. Yahoo does not know who was behind the theft. The stolen account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers, the company said. Yahoo is working to notify affected users, and is working closely with law enforcement to investigate the breach. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 15 06:18:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Dec 2016 12:18:02 -0000 Subject: [Infowarrior] - Site blocking to start in Australia Message-ID: abc.net.au Pirate Bay to be blocked in Australia, Federal Court rules By Will Ockenden and national technology reporter Jake Sturmer Updated December 15, 2016 19:22:28 http://www.abc.net.au/news/2016-12-15/federal-court-orders-pirate-bay-blocked-in-australia/8116912?pfmredir The Federal Court has ordered internet companies to block five copyright-infringing websites, including torrent website The Pirate Bay. Key points: ? Federal Court orders internet service providers, such as Telstra, to block five copyright-infringing websites ? It's the first time site-blocking laws have been used successfully in Australia ? Blocked websites will include Torrentz, TorrentHound, IsoHunt and SolarMovie Internet companies now have 15 business days to implement the blocks. The Federal Court has allowed internet service providers (ISPs) to choose the method of blocking. It could be DNS blocking, blocking IP addresses, URL blocking or any other technical methods which are mutually agreed to by ISPs and rights holders. It is the first time the site-blocking laws have been used successfully in Australia, and is a win for copyright holders who have long wanted to see the end of the website. The Federal Court handed down its judgement this afternoon, also ordering that ISPs block similar bittorrent websites Torrentz, TorrentHound, IsoHunt and streaming service SolarMovie. Once the sites are blocked, people who continue to visit the blocked sites will see a warning page informing them the site cannot be accessed. The "landing page" as it is referred to, will be hosted by either the ISP or the rights holder. The page will show that access has been disabled by order of the Federal Court because it "infringes or facilitates the infringement of copyright". There is nothing in the act that discusses penalties for people who try to access the sites. The applicants Foxtel and Village Roadshow filed their case in the Federal Court in February. Foxtel applied to have The Pirate Bay, Torrentz, TorrentHound, and IsoHunt blocked. Village Roadshow wanted SolarMovie to be made inaccessible in Australia. Telstra, Optus, TPG and M2 were the major respondents. 'Criminals and scammers look out' While the two rights holders got what they wanted in a block, the Federal Court has not ordered what is known as a "rolling injunction". That would have allowed new websites to be added without court approval or oversight. Instead, Foxtel or Village Roadshow will have to file and serve a new affidavit outlining the new website's domain name or IP address. Even without the rolling injunction, Foxtel was quick to welcome the Federal Court's decision, saying it was looking forward to a reduction in online piracy. "This judgment is a major step in both directly combating piracy and educating the public that accessing content through these sites is not OK, in fact it is theft," Foxtel chief executive Peter Tonagh said in a statement. "This judgement gives us another tool to fight the international criminals who seek to profit from the hard work of actors, writers, directors and other creators the world over." Village Roadshow co-chief executive Graham Burke also welcomed the decision but vowed to keep fighting. "We will be back in court at the earliest possible moment and we'll be blocking 50 sites," he said. "So criminals and scammers look out." Under the ruling, copyright holders will have to pay $50 to internet companies for every domain blocked. "We would've liked no cost, which is the case in the UK, however the judge has awarded $50 per website ... and we think that's fair and that's reasonable," Mr Burke said. Some enterprising internet users have found ways to get around site-blocking laws by using a VPN, which hides the user's country of origin. But Mr Burke was confident this approach would not be popular in Australia. "The experience overseas is not many people use VPNs because they cost money as well," he said. "[A torrent website user would] still face the issue of dealing with viruses, scams and a pretty terrible, terrible neighbourhood so I think that should factor, but I think also when we explain to people that it's not a victimless crime, that other people lose their jobs, I think that will have an impact. "So I don't see that as significant. I think we can address that." In a statement, Telstra said it would comply with the Federal Court's order. "We support flexible, fair and workable approaches to reduce online infringement and protect intellectual property," it said. Kickass Torrents case still before courts It has been a long, exhaustive legal process which included a multi-day hearing where ISPs and rights holders argued over costs and legal oversight. The judgement on Foxtel and Village Roadshow's case means that only the music industry's case to have Kickass Torrents blocked remains active. The operators of The Pirate Bay, Torrentz, TorrentHound, IsoHunt and SolarMovie were not represented, and did not appear at the Federal Court hearing. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Dec 16 07:32:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Dec 2016 13:32:44 -0000 Subject: [Infowarrior] - The Idea of Lisp Message-ID: <674D591F-C8CC-4094-8B76-404F7FFFF252@infowarrior.org> The Idea of Lisp Eric Normand Dec 13, 2016 LISP. It conjures up visions of a bygone age of computers the size of refrigerators, ALL CAPS CODE, and parentheses. Oh! so many parentheses! So why is Object-Oriented Programming's creator so enamored with the idea of Lisp? And what can he mean by a programming language being an idea anyway? Should I blame my Computer Science education for not teaching it to me? Lisp was first introduced to the world in a paper called Recursive Functions of Symbolic Expressions and Their Interpretation by Machines, Part I, written by John McCarthy. In it, McCarthy introduces many new ideas to programming. Among them are conditional expressions (that's right, if/then/else) and using more than one letter--sometimes even words and phrases--for variables (like they still do in math). Your favorite programming language owes those two features to John McCarthy. But there is an even deeper idea lurking in the definition of Lisp itself. He defines 5 primitive operations (atom, eq, cons, car, and cdr) along with a conditional expression. It also assumes the ability to define functions. And then he uses those to define an entire programming language, defined in itself. Let me say that again: John McCarthy wrote 6 easy things in machine code, then combined them to make a programming language. Before that, the only higher-level programming language was Fortran, which took 18 man-years to develop. Fortran was a big achievement, but Lisp was a big idea. Let's unpack this tremendous idea a bit: < - > https://dev.to/ericnormand/the-idea-of-lisp -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Dec 16 07:54:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Dec 2016 13:54:35 -0000 Subject: [Infowarrior] - =?utf-8?q?Op-ed=3A_I=E2=80=99m_throwing_in_the_to?= =?utf-8?q?wel_on_PGP=2C_and_I_work_in_security_=E2=80=9CIf_you_need_to_se?= =?utf-8?q?curely_contact_me=2E=2E=2E_DM_me_asking_for_my_Signal_number=2E?= =?utf-8?q?=E2=80=9D__Filippo_Valsorda_-_12/10/2016=2C_9=3A00_AM?= Message-ID: <0C38E8B1-C4D7-4FDC-8953-241123D6001D@infowarrior.org> Op-ed: I?m throwing in the towel on PGP, and I work in security ?If you need to securely contact me... DM me asking for my Signal number.? Filippo Valsorda - 12/10/2016, 9:00 AM Filippo Valsorda is an engineer on the Cloudflare Cryptography team, where he's deploying and helping design TLS 1.3, the next revision of the protocol implementing HTTPS. He also created a Heartbleed testing site in 2014. This post originally appeared on his blog and is re-printed with his permission. < - > http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Dec 16 14:00:16 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Dec 2016 20:00:16 -0000 Subject: [Infowarrior] - =?utf-8?q?Prenda_Law_=E2=80=9Ccopyright_trolls?= =?utf-8?q?=E2=80=9D_Steele_and_Hansmeier_arrested?= Message-ID: Prenda Law ?copyright trolls? Steele and Hansmeier arrested Lawyers who turned porn lawsuits into big business now face criminal charges. Joe Mullin - Dec 16, 2016 6:13 pm UTC http://arstechnica.com/tech-policy/2016/12/breaking-prenda-law-copyright-trolls-steele-and-hansmeier-arrested/ The two lawyers said to be the masterminds behind the Prenda Law, Paul Hansmeier and John Steele, have been arrested and charged with a multimillion-dollar extortion scheme. The two lawyers were charged Wednesday with an 18-count indictment (PDF), describing allegations of fraud, perjury, and money laundering perpetrated between 2011 and 2014. The charges were unsealed and announced today, and first reported by the Minneapolis Star-Tribune. Both Hansmeier, 35, and Steele, 45 were arrested earlier today before the indictment was made public. "The defendants in this case are charged with devising a scheme that casts doubt on the integrity of our profession," said U.S. Attorney Andrew Luger in a statement. "The conduct of these defendants was outrageous ? they used deceptive lawsuits and unsuspecting judges to extort millions from vulnerable defendants. Our courts are halls of justice where fairness and the rule of law triumph, and my office will use every available resource to stop corrupt lawyers from abusing our system of justice." The indictment explains how the defendants "used sham entities to obtain copyrights to pornographic movies?some of which they filmed themselves?and then uploaded those movies to file-sharing websites in order to lure people to download the movies." Prenda Law sued hundreds of people for copyright infringement, accusing them of illegally downloading pornographic movies. In 2013, US District Judge Otis Wright sanctioned the firm in a Los Angeles case, along with Steele and Hansmeier personally, saying they had perpetrated a fraud on the court. Wright also referred the case to criminal investigators. Further Reading ?Look, you may hate me?: 90 minutes with John Steele, porn troll Wright's damning order set off a domino effect, with Prenda and its affiliated lawyers facing a long series of judicial sanctions and fee orders in courts around the country. Steele and Hansmeier fought many of the sanctions, but earlier this year, panels of appellate judges at both the 7th Circuit and 9th Circuit ruled against them, and said they must pay for hundreds of thousands of dollars in attorneys' fees to defense lawyers who fought their claims. State Bar investigators took action as well, filing complaints that ended this year with both lawyers having their licenses to practice law suspended. Hansmeier, who built a new legal practice suing small businesses over violations of the Americans With Disabilities Act, filed for bankruptcy last year. Forgery and identity theft The basic scheme worked like this: Prenda Law, or one of several attorneys who worked with the firm, would file a copyright lawsuit over illegal downloads against a "John Doe" defendant they knew only by an IP address. Then they'd use the discovery process to find out subscriber names from the various ISPs around the country. Once they got it, they?d send out letters and phone calls demanding a settlement payment, typically around $3,000 to $5,000, warning the defendant that if they didn't pay quickly, they would face public allegations over downloading porn. While mass-copyright lawsuits over mainstream media have been a decidedly mixed bag, Prenda's fast-and-loose porn litigation campaign worked well, at least for a few years. In one interview, John Steele said he?d raked in $15 million. That might have been an exaggeration. A spreadsheet revealed in court showed that Prenda made $1.9 million in 2012 alone, and it isn?t clear that included all the accounts. Once a few of those defendants dug in, lawyered up, and investigated Prenda, the lawsuits started to look questionable. Some key documents in Prenda lawsuits were signed by Steele's former housekeeper, Alan Cooper?but Cooper denied it, saying his signature had been forged. As for the porn movies that were the subject of the lawsuits, they weren't exactly big hits. In fact, forensic analysts found that they may have been uploaded to Pirate Bay by Prenda lawyers themselves, as a kind of "honeypot" that could produce the profitable lawsuits they wanted. The indictment also alleges This is a developing story, and we'll update this post as more information becomes available. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 09:50:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Dec 2016 15:50:09 -0000 Subject: [Infowarrior] - =?utf-8?q?Google_facing_FTC_scrutiny_over_privacy?= =?utf-8?q?_=E2=80=94_yet_again?= Message-ID: Google facing FTC scrutiny over privacy ? yet again By Craig Timberg https://www.washingtonpost.com/news/the-switch/wp/2016/12/19/google-facing-ftc-scrutiny-over-privacy-yet-again/ Consumer advocates have filed a complaint with the Federal Trade Commission charging that Google violated user privacy through a policy change that gives the company more leeway to build profiles of people as they browse the Web and use Google services. The complaint, submitted Thursday by Consumer Watchdog and the Privacy Rights Clearinghouse, alleges that Google acted in a ?highly deceptive manner? in changing its privacy policy in June to allow the merging of data collected by various services owned by the company, such as Google Maps, Google search and the DoubleClick online advertising service. The result, the groups say, allows for the gathering of more comprehensive information on most people who use the Web. The changes, which were activated if users opted in when prompted by a query, were widely covered by tech-oriented news sites at the time. Google disputes the allegation that the company acted deceptively and said it made the changes only after testing among users around the world. But the consumer advocates contend that Google did a poor job explaining the changes to its users, causing many to accept changes that undermined their personal privacy without understanding the consequences. ?Google indeed has been a serial privacy violator,? said John M. Simpson, privacy project director for Consumer Watchdog. ?Something needs to be done that gets their attention.? The issue is sensitive because of Google?s history of privacy controversies, one of which resulted in a consent decree with the FTC in 2011 requiring 20 years of audits and promises to not misrepresent privacy policy changes in the future. That decree resulted from Google's handling of user data when it started its ill-fated ?Google Buzz? social network. The consumer advocates say the June changes violated that consent decree and that the company should be forced to relinquish the advertising revenue collected since then ? an amount that Simpson said could reach into the billions of dollars. The company agreed to a record FTC fine of $22.5 million in 2012 after allegations that the company worked around privacy settings on Apple's Safari browser to track users. Google's June changes to its privacy policy drew scrutiny in October, when a report in ProPublica described the shifts as backtracking on a practice, dating to Google's purchase of DoubleClick in 2007, of keeping the advertising network?s data separate from the information collected for other Google products. The June changes, ProPublica wrote, ?quietly erased that last privacy line in the sand ? literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default.? Google has portrayed the privacy policy changes as a natural evolution as users access various company services across a variety of devices, and the company said it worked hard to make sure that users understood the changes and how to manage the privacy settings on their accounts. ?This past June we updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices,? the company said in a statement to The Washington Post that echoed the statement to ProPublica in October. ?Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency. As a result, it is 100 percent optional ? if users do not opt-in to these changes, their Google experience will remain unchanged.? Government scrutiny in the United States, Europe and beyond has become a recurring issue for Google as it has grown into one of the world?s most profitable and pervasive companies. Regulators on several occasions have imposed fines and restrictions that sometimes have served to dampen the company?s rapid growth. The FTC issued a statement on Monday confirming receipt of the groups' complaint and said the agency is ?closely reviewing it.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 09:50:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Dec 2016 15:50:09 -0000 Subject: [Infowarrior] - House Oversight: DOJ, DHS have more than 400 cell-site simulators Message-ID: House Oversight: DOJ, DHS have more than 400 cell-site simulators http://www.washingtontimes.com/news/2016/dec/19/house-oversight-doj-dhs-have-more-than-400-cell-si/ The Department of Homeland Security and Justice Department have spent collectively more than $95 million on secret cellphone tracking technology and own more than 400 cell-site simulators that can be used to zero in covertly on the locations of cellphones, according to a congressional report. A report released Monday by the House Oversight and Government Reform Committee reveals a tally of how many cell-site simulators federal agencies own and recommends that lawmakers adopt a national standard to govern use of the devices by local and federal law enforcement agencies. With 194 cell-site simulators, the FBI has the most of any of the agencies identified as owning the devices, which often are referred to by brand names including Stingray or Hailstorm. The U.S. Marshals Service has 70; U.S. Immigration and Customs Enforcement has 59; U.S. Customs and Border Protection and the Drug Enforcement Administration each has 33; U.S. Secret Service has 32; the Bureau of Alcohol, Tobacco, Firearms and Explosives has 13; the Internal Revenue Service Criminal Investigations division has two; and the Treasury inspector general has one. The report does not indicate the specific types of devices the agencies have but lists the costs of the individual devices purchased as $41,000 to $500,000. Cell-site simulators mimic cell towers to trick cellphones to connect to them, enabling investigators to obtain identifying information about the phones and their locations. Law enforcement officers often deploy the suitcase-sized devices by hauling them in vehicles as they drive through neighborhoods looking for suspects? phones, scooping up data on cellphones of passers-by in the process. Homeland Security and Justice adopted policies in 2015 requiring law enforcement to obtain warrants in most cases before deploying cell-site simulators, but the report notes that there is no standard policy on the use of the devices by local authorities and recommends that federal lawmakers enact legislation to create a national framework for legal use. ?Congress should establish a legal framework that governs government agencies, commercial entities, and private citizens? access to and use of geolocation data, including geolocation data obtained by the use of a cell-site simulator,? reads the report, written by Reps. Jason Chaffetz, Utah Republican, and Elijah E. Cummings, Maryland Democrat. In the meantime, the 36-page report suggests that Homeland Security and Justice require agencies seeking cell-site simulators to adhere to federal guidelines before approving the purchase and use of the devices. The FBI already requires agencies to sign nondisclosure agreements before approving their purchases. The report also suggests that nondisclosure agreements ? which have required prosecutors to abandon criminal charges rather than disclose local police use of cell-site simulators ? should be eliminated altogether. ?Nondisclosure agreements should be replaced with agreements that require clarity and candor to the court whenever a cell-site simulator has been used by law enforcement in a criminal investigation,? the report states. The report does not indicate how many local law enforcement agencies have cell-site simulators, but it states that the Homeland Security Department identified more than $1.8 million in grant money it provided to state and local law enforcement to purchase such technology. Copyright ? 2016 The Washington Times, LLC. Click here for reprint permission. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 09:50:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Dec 2016 15:50:11 -0000 Subject: [Infowarrior] - Your Guide To Overthrowing Media In 2017 Message-ID: <76A4FD9C-AB30-46D7-8CF4-4FA4E79DCE25@infowarrior.org> Your Guide To Overthrowing Media In 2017 December 20, 2016 by Ijeoma Oluo http://www.theestablishment.co/2016/12/20/your-guide-to-overthrowing-media-in-2017/ 2016 was the year that everything failed. A massively garbage year on the trash heap of history. This was the year that we took all of our society?s weaknesses, mixed them all together, put them in the oven, and ended up with a Donald Trump presidency. And at the center of it all, was our media. Our horrible, no-good, very bad media. Now, before I start sounding like a Fox News commenter shouting ?LAME-STREAM MEDIA,? let me just say this: 1) I know there are some really good sources of information and commentary out there (I happen to believe that this very publisher is one of them.) and 2) I understand the weirdness of a member of media talking about how much media sucks. There are a lot of news and information sources out there and, truly, all the information you need to make good decisions is already being written by somebody. But in the grand scheme of things, know this: for every dogged reporter trying to get an important scoop, there are three writers trying to make facts as unrecognizable as possible. For every editor obsessing about the accuracy of pieces, there are three trying to come up with the clickbait-iest titles they can. For every publisher trying to inform, there are three trying to ?infotain.? 2016 was the year where we chose fake news over real and placation over edification. While our media has played a very large part in this, we?d be neglecting our own responsibility if we said that this was all their fault. These are tough times for news media. Nobody watches TV anymore, less than nobody gets the paper delivered, and nobody has figured out how to make money off of the internet. Our media sources are struggling to stay afloat and battling for what little money is out there. No one is getting rich off of this game anymore. So many of our media companies are going where the money is, and the money isn?t in real news?it?s in confirmation: Confirmation of your worst fears, of your bigotries, of your animosities, of your unequivocal rightness. Yes, it feels good to read news stories that prove how wise you are, but that instant gratification keeps us from growing?at best?and makes us far less wise, at worst. Bad media can make us ill-informed, cruel, divisive, apathetic, and complacent. In order to save ourselves, we must first save our media. And we must do that by forcing it to become better. Here are some ways you can start. 1. Verify all sources. I don?t care if it?s the New York Times or The Wall Street Journal?nobody is to be trusted at face value. Click on all links and make sure the different sources independently verify what the article says. Also make sure that the article doesn?t just link to an identical version of the same story (a clear warning sign that the publisher is cutting corners by lifting language from the original source story). No links in the piece? If it?s an opinion piece, fine?just remember that it?s nothing more than opinion. If it?s a piece reporting news, a quick google search should be able to verify if what you?re reading is true, but after that, give that publisher a lot of side-eye for not listing sources. Can?t verify a piece? DO NOT SHARE IT. 2. Call out misleading headlines. One of the most damaging things to happen to modern media is the SEO Headline. The lengths to which some editors will go to get clicks is not only misleading, but often dangerous?because nobody reads articles anymore. If you see a headline that in no way matches the article, or seems to drum up controversy that isn?t actually there, make your displeasure known with the editors (not the writers, they almost never get to choose the titles for their pieces) and let them know that if this continues, you will no longer be reading their articles. Editors are doing this for the clicks, and threatening your future readership is the only thing that will get them to stop. 3. While we?re talking about it?read the actual article. I?ve often joked that I?m going to rename all my articles ?Shit You Won?t Read Before Commenting.? My point is: Read the article. The whole article. Not just the headline. Not just the comments by your friend who shared it. Not just the Twitter replies. Read the article. Then stop and think about it before you comment. 4. Diversify your media. Not just diversity in your writers, but diversity in editorial slant, subject matter, and country of origin. Read things that make you uncomfortable. Read things that are boring. Read whatever you can that seems sincerely and ethically written. Remember: You are reading to be better informed. That is not always fun, it?s not always interesting, it?s rarely what you expected?but it?s always worth it. 5. Demand that your media stop participating in the normalization of hatred, violence, and bigotry. Calling rape a ?controversial sexual encounter?? Calling a hate crime a ?racially charged incident?? Calling an outright lie a ?mistake?? Calling White Supremacists the ?Alt-Right?? Call it out, each and every time, ask your friends and community to do the same, and keep your readership with publications who are not willing to coddle hatred in order to project a false sense of ?objectivity.? 6. Pay for your media. Ugh, right? I understand, the internet tells us that everything should be free, but really?how do you think writers get paid? If you value quality writing and editing, that requires enough money for the writers and editors to take the time to do a good job. Don?t run from paywalls of publications you admire, don?t ignore that ?donate? button?pay for your quality media, before they are forced to cut some really important corners. When you put money into quality publications, not only does it allow those publications to continue to put out quality work, but it encourages slacking publications to start doing the same to get in on those integrity bucks. 7. Stop sharing harmful publications. One of the ways in which some of the worst of our industry makes money is from the ?quick click??yes, this headline seems true so you just share it, because you want to get that information to your friends right away. But often, even if that piece of hot news is true, that click is used to finance the 30% of that publication?s articles that are not true or are highly misleading. Once a publisher has shown itself to regularly publish false or misleading or hateful articles?BAN THEM FOREVER. There is no way to share their work without contributing to the damage they do. So there you have it, seven steps to help overthrow media in 2017. Revolution starts here. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 10:20:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Dec 2016 16:20:20 -0000 Subject: [Infowarrior] - Forgers Use Fake Web Users to Steal Real Ad Revenue Message-ID: <706E7FFE-6FAC-4659-AC40-562A0AE73FBD@infowarrior.org> Forgers Use Fake Web Users to Steal Real Ad Revenue Vindu Goel http://www.nytimes.com/2016/12/20/technology/forgers-use-fake-web-users-to-steal-real-ad-revenue.html The spoofed outlets include a who?s who of the web: video-laden sites like Fox News and CBS Sports, large news organizations like The New York Times and The Wall Street Journal, major content platforms like Facebook and Yahoo and niche sites like Allrecipes.com and AccuWeather. Although the main targets were in the United States, news organizations in other countries were also affected. ?It will be a big shock to all of these publishers that someone was selling inventory supposedly on their sites,? Mr. Tiffany said in an interview the day before the report?s release. He said White Ops had traced the fraud to Russia and believed the organization behind it was a criminal enterprise out to make money. There was no evidence of a connection between the fraud and the politically motivated hacking during the United States election that American intelligence agencies and President Obama have linked to the Russian government. The Methbot scheme ? named after the word ?meth? that shows up in its software code ? was carefully designed to evade the antifraud mechanisms the advertising industry has put in place in recent years. Digital ad fraud was projected to cost marketers more than $7 billion in 2016, according to a study by the Association of National Advertisers and White Ops. To carry out the operation: 1. The Methbot forgers first took numeric internet addresses they controlled and falsely registered them in the names of well-known internet service providers. Among those were Comcast, AT&T and Cox, as well as fake companies like AmOL. This allowed the thieves to make it look as though the web traffic from Methbot?s servers in Dallas and Amsterdam were really coming from individual users of those internet providers. 2. The forgers then associated the addresses with 571,904 bots designed to mimic human web surfers. Embedded in the bots? web browsers were fake geographic locations, a fake history of other sites visited and fake logins to social networks like Facebook. ?The bots would start and stop video just like people do and move the mouse and click,? Mr. Tiffany said. 3. The perpetrators connected the bots to the automated advertising networks that sell unsold ad space for thousands of websites. A bot would pretend to visit a website like CNN.com, and the ad networks would conduct a microsecond bidding war against one another to show a brand?s video ad. But instead of going to the real CNN, the bot?s web browser would go to a fake site that nobody could see, and the ad would play there. 4. Finally, the system would report fake data to the ad networks and advertisers to persuade them that a human had watched the ad on the real content site. ?It would send just the right kind of metrics back to look like real live audiences that were logged into Facebook and watching videos all day,? Mr. Tiffany said. The thieves then collected payment for the ads. The report did not name the advertisers tricked by the fraud. White Ops said the thieves received high prices for the fake ad views, garnering an average price of $13 per 1,000 video views. Over all, the botnet delivered 200 million to 300 million fake ad views per day and brought in $3 million to $5 million in daily revenue, according to the company?s analysis. White Ops is releasing the full list of fake internet addresses and impersonated websites so that fraud-detection services and ad networks can block them. The company has also shared its findings with American law enforcement authorities and is working with them to further investigate the fraud. Mr. Tiffany said the use of bots to steal ad revenue is not new in the industry, but it ?has never happened at this scale before.? He continued, ?It all adds up to the most profitable bot operation we?ve ever seen.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 14:17:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Dec 2016 20:17:59 -0000 Subject: [Infowarrior] - happy holidays to infowarrior-l Message-ID: <3868437F-D2E7-4970-8C7D-8B5738E5E86C@infowarrior.org> (My traditional holiday message, ganked from one of my favorite BBC sitcom series of the 1980s) (c/o https://www.youtube.com/watch?v=vShJa6GobFQ) Bernard: "Before you go home for the holidays, Minister, Sir Humphrey has something to say to you." Sir Humphrey: "Minister, Just one thing. I wonder if I might crave your momentary indulgence in order to discharge a, by-no-means disagreeable obligation, which is over the years become more-or-less, an established practice within government circles, as we approach the terminal period of the year, calendar of-course not financial. In fact not to put a too fine a point on it, week 51, and submit to you, with all appropriate deference for your consideration at a convenient juncture, a sincere and sanguine expectation and indeed confidence. Indeed one might go so far to say, hope, that the aforementioned period may be, at the end of the day, when all relevant factors have been taken into consideration, susceptible of being deemed to be such as, to merit the final verdict of having been, by-no-means unsatisfactory in it?s overall outcome and in the final analysis to give grounds for being judged, on mature reflection to have been conducive to generating a degree of gratification, which will be seen in retrospect to have been significantly higher than the general average." Jim Hacker: "Humphrey, are you saying Happy Christmas?" Sir Humphrey: "Yes Minister!" < - > Merry/Happy/Festive End-Of-The-Year to the subscribers of infowarrior-l! -rick -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 18:35:39 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Dec 2016 00:35:39 -0000 Subject: [Infowarrior] - =?utf-8?q?John_Deere_Really_Doesn=E2=80=99t_Want_?= =?utf-8?q?You_to_Own_That_Tractor?= Message-ID: <8C4A7629-48BE-48ED-A442-38B3A17DAC3E@infowarrior.org> December 20, 2016 | By Kit Walsh https://www.eff.org/deeplinks/2016/12/john-deere-really-doesnt-want-you-own-tractor John Deere Really Doesn?t Want You to Own That Tractor John Deere is at it again, trying to strip customers of the right to open up and repair their own property. In the new License Agreement for John Deere Embedded Software [PDF], customers are forbidden to exercise their repair rights or to even look at the software running the tractor or the signals it generates. The document purports to govern "any Software, data files, documentation, engine calibration tables, proprietary data messages, and controller area network (CAN) data messages that are in or communicated to or from any" covered product. Many of these items are numerical values that do not contain any copyrightable expression. The document forbids you to, among other things, "modify," "reverse engineer," or "reproduce" the covered information. These are necessary steps to understanding, repairing, and improving upon your equipment. Previously, John Deere argued that Section 1201 of the Digital Millennium Copyright Act gave it the power to veto independent repair, audits, and innovation. We, along with a coalition of public interest groups and interested members of the public, persuaded the Librarian of Congress that manufacturers like John Deere should not have such anticompetitive power over their customers, resulting in a temporary exemption to Section 1201 liability for vehicle repair and modification. The new License Agreement is John Deere?s attempt to write its own private law. It?s perfectly legal under copyright law to repair your own equipment, reverse engineer its software, and tinker with it to meet your needs. But where your rights interfere with manufacturers? ability to extract the most possible value from you, documents like the License Agreement are the go-to method for them to make your rights disappear. Often this happens without your knowledge ? what fraction of the software licenses in your life have you actually read? If it?s more than ?zero,? you?re in the minority. Even if you did read them, you would have no opportunity to negotiate and often no market alternative to accepting such one-sided terms. Companies should not be allowed to strip customers of fundamental rights via bogus contracts. Congress took its first step towards recognizing this principle when it passed the Consumer Review Fairness Act this year, protecting your right to post negative reviews even if the subject of the review got you to ?agree? that you wouldn?t via a form contract. We have also argued that existing doctrines of state contract law should protect fundamental rights ? like speech rights ? from surprising terms in bogus contracts such as clickwrap terms. Ownership of personal property isn?t just for big companies. We will continue to fight to ensure that when you buy something, you can use it, fix it, understand it, and even improve on it. In other words, that you can actually own it. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Dec 20 19:14:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Dec 2016 01:14:50 -0000 Subject: [Infowarrior] - House group punts on encryption fight Message-ID: <1A9675BE-CB93-4050-8AF1-59B168FBF6E1@infowarrior.org> (Meanwhile, in NYC, DA Vance is plotting his next crypto-tantrum.... -- rick) House group punts on encryption fight By Joe Uchill - 12/20/16 06:58 PM EST 12 http://thehill.com/policy/cybersecurity/311284-house-encryption-working-group-lets-learn-more-before-making-grave The House Working Group on Encryption released its year-end report Tuesday, with lawmakers calling for more research on what they said was a complicated issue. The report highlighted what lawmakers still hope to learn as they take up encryption next session. That list includes further exploring some peripheral issues connected to encryption such as law enforcement hacking, also known as lawful hacking. The report, though, critically remains neutral in the debate over whether tech companies should be mandated to build backdoors into their products to allow law enforcement to circumvent security measures. ?Congress should not weaken this vital technology because doing so works against the national interest. However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities,? reads the report. Law enforcement, especially FBI Director Jim Comey, has pushed hard for backdoors, saying that not being able to access encrypted data will hinder investigations. The security community disagrees, saying weakening encryption ? a central requirement for defending intellectual property, infrastructure, commerce and all secure internet traffic ? will cause more harm than good. The Working Group on Encryption is composed of House Judiciary Committee Chairman Bob Goodlatte (R-Va.), House Energy and Commerce Chairman Fred Upton (R-Mich.), Judiciary Ranking Member John Conyers (D-Mich.), Energy and Commerce Ranking Member Frank Pallone, Jr. (D-N.J.), and Reps. Jim Sensenbrenner (R-Wis.), Darrell Issa (R-Calif.), Zoe Lofgren (D-Calif.), Suzan DelBene (D-Wash.), Bill Johnson (R-Calif.), and Yvette D. Clarke (D-N.Y.). Most of the report deals with what the working group needs to research to move forward, including some surprising issues. Lawful hacking is seldom discussed in Congress, but it is an increasingly important tool to law enforcement. Lawful hacking ultimately resolved the San Bernardino case that pitted the FBI against Apple last year. The FBI eventually licensed a third-party vendor?s technique to hack into the iPhone. The government also invests its own resources into discovering and purchasing new security vulnerabilities. It is a process regulated only by executive fiat and fraught with its own controversy over whether the law enforcement benefits outweigh the harm if criminals discover the same flaws. The rules for deciding which vulnerabilities to keep, known as the vulnerabilities equity process (VEP), are an Obama administration invention that may change in future administrations. The prospect that Congress may discuss the VEP has earned the report some admirers. ?We are encouraged to see the report acknowledge the ?vital? role encryption plays in our national security and that weakening encryption makes America less safe. We also welcome the working group's willingness to work on issues beyond encryption on a bipartisan basis, such as the Vulnerabilities Equities Process,? the lobbying group the Internet Association said in a statement. The report also calls for more investigation into compelling suspects to give up passwords and the role of metadata in law enforcement. As it stands, police cannot compel a suspect to give up a text password to a device or computer ? it is considered by most courts a violation of a defendant?s right against self-incrimination. Police can, and do, force suspects to open phones with fingerprint-based security. Metadata, information collected by the phone company like who was called and how long, is often proposed as a suitable replacement for the data lost because of encryption. The report notes that, while there may be different types of data, it might not be fair to assume that any one type of evidence contains all the information another type of evidence contains. Fully comprehending all of the issues will not come quickly, the report notes, but the dangers of a knee-jerk decision on encryption could be devastating. ?This is a complex challenge that will take time, patience, and cooperation to resolve. The potential consequences of inaction?or overreaction?are too important to allow historical or ideological perspectives to stand in the way of progress,? concludes the report. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 1 18:27:16 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Dec 2016 00:27:16 -0000 Subject: [Infowarrior] - High school students open-source Shkreli's pricey HIV drug Message-ID: <98142728-603E-4529-8CCE-6318104DD95E@infowarrior.org> High school students open-source Shkreli's pricey HIV drug https://www.engadget.com/2016/12/01/high-school-students-open-source-shkrelis-pricey-hiv-drug/ Daraprim is a relatively simple compound and typically costs $12.99 AUD ($10) for fifty tablets in Australia. However, Shkreli's company, Turing Pharmaceuticals, has the exclusive rights to distribute the specific Daraprim formulation (it's known as Pyrimethamine elsewhere), even though the drug was developed in 1953, and is long out of patent. To get a new version approved, a company would have to compare it Turing's FDA-approved product with their permission, which isn't likely -- the company limits sales to doctors and pharmacies, making it difficult to reverse-engineer. Pharma companies would therefore need to go through an onerous approval process that probably wouldn't be worth it, considering that less than 10,000 Daraprim prescriptions are written in the US per year. (The US uses a "closed distribution" system which differs from most other countries.) @nedavanovac lol how is that showing anyone up? almost any drug can be made at small scale for a low price. glad it makes u feel good tho. ? Martin Shkreli (@MartinShkreli) December 1, 2016 Though the open source Daraprim literally debunks Shkreli's premise that the drug is "underpriced" (supply and demand aside), it probably won't directly help anyone. Shkreli himself dismissed the work with a tweet, saying, "how is that showing anyone up? Almost any drug can be made at small scale for a low price. Glad it makes u feel good tho [sic]." However, that doesn't mean that the exercise was useless. In fact, the students didn't just follow a recipe, they actually reverse-engineered the drug, checking their progress using spectral analysis on each new compound. They also posted the work on Github, letting experts from the Open Source Malaria Consortium (OSM) (endorsed by Bill Gates) provide some help. For instance, the process used to manufacture Daraprim would be dangerous for students to replicate in a small high school lab. "They had to change things as some reagents were nasty and dangerous so some invention was needed on their part," said Todd. After achieving a "beautiful" spectrograph, they finished with 3.7 grams of pure pyrimethamine, worth about $110,000 on the US market, and presented the results at a prestigious symposium. The OSM also posted a guide for making the drug that could help anyone else who wanted to try. That's quite an accomplishment for 16- and 17-year-old students, even if they can't actually sell it. And they sort of proved that as tempting as it is to hate Shkreli, he's merely profiting from a US system that's much friendlier to pharmaceutical companies than other countries. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 1 18:28:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Dec 2016 00:28:57 -0000 Subject: [Infowarrior] - Thanks To Months Of Doing Nothing, Senate Allows DOJ's Rule 41 Changes To Become Law Message-ID: <41973E6C-EE29-444B-8535-75C549CBCF86@infowarrior.org> Thanks To Months Of Doing Nothing, Senate Allows DOJ's Rule 41 Changes To Become Law from the do-nothing-lawmakers-manage-to-accomplish-something dept https://www.techdirt.com/articles/20161201/12214736168/thanks-to-months-doing-nothing-senate-allows-dojs-rule-41-changes-to-become-law.shtml The amendments to Rule 41 are now law, thanks to Sen. John Cornyn, who prevented bills opposing the immediate adoption of the changes from being debated. Sens. Ron Wyden (D-Ore.), Steve Daines (R-Mont.) and Chris Coons (D-Del) took to the floor and unsuccessfully asked for unanimous consent to either pass or formally vote on three bills to delay or prevent updates to the process used by law enforcement to get a warrant to hack suspects' computers. ?We simply can?t give unlimited power for unlimited hacking,? Daines argued. [...] But the bid to prevent the imminent changes to Rule 41 ended quickly. After Wyden spoke, Majority Whip John Cornyn (R-Texas) immediately objected to all three bills, without waiting to hear from Coons and Daines. But Cornyn alone can't be blamed for this outcome. A vast majority of senators did nothing to prevent the proposed changes from becoming law -- even though the decision has been in their hands since the Supreme Court's approval in April. The FBI and others will be able to take advantage of the removal of jurisdictional limits to search computers anywhere in the world using a single warrant issued by a magistrate judge. It will also be granted the same power for use in the disruption of botnets -- in essence, searches/seizures of devices owned by US citizens suspected of no wrongdoing. Cornyn, who prevented any debate over the "updates" to Rule 41, seems closely aligned with the DOJ's views -- that these changes will have "little effect" on civil liberties because the FBI, etc. "will still have to get a warrant." Sure, warrants are still involved, but the scope of what can be accessed with a single warrant has been expanded greatly. And the DOJ has yet to explain how it's going to prevent law enforcement agencies from shopping around for the most compliant magistrates, now that they're not required to perform searches in the issuing court's jurisdiction. The DOJ also hasn't adequately explained what sort of notification process it will use when performing its botnet cleanups. What it has done, however, is issue a statement saying the ends justify the means. In an effort to address concerns, U.S. Assistant Attorney General Leslie Caldwell wrote a blog post this week arguing that the benefits given to authorities from the rule changes outweighed any potential for "unintended harm." The DOJ wanted fewer restrictions, more power, and the opportunity to treat any appearance of anonymization software as an excuse to deploy these newly-granted powers. The Senate -- for the most part -- gave it everything it wanted by doing nothing at all to stop it. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Dec 1 20:08:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Dec 2016 02:08:01 -0000 Subject: [Infowarrior] - This is the most dangerous time for our planet | Stephen Hawking Message-ID: This is the most dangerous time for our planet | Stephen Hawking Stephen Hawking https://www.theguardian.com/commentisfree/2016/dec/01/stephen-hawking-dangerous-time-planet-inequality As a theoretical physicist based in Cambridge, I have lived my life in an extraordinarily privileged bubble. Cambridge is an unusual town, centred around one of the world?s great universities. Within that town, the scientific community that I became part of in my 20s is even more rarefied. And within that scientific community, the small group of international theoretical physicists with whom I have spent my working life might sometimes be tempted to regard themselves as the pinnacle. In addition to this, with the celebrity that has come with my books, and the isolation imposed by my illness, I feel as though my ivory tower is getting taller. So the recent apparent rejection of the elites in both America and Britain is surely aimed at me, as much as anyone. Whatever we might think about the decision by the British electorate to reject membership of the European Union and by the American public to embrace Donald Trump as their next president, there is no doubt in the minds of commentators that this was a cry of anger by people who felt they had been abandoned by their leaders. It was, everyone seems to agree, the moment when the forgotten spoke, finding their voices to reject the advice and guidance of experts and the elite everywhere. What matters now, far more than the victories by Brexit and Trump, is how the elites react I am no exception to this rule. I warned before the Brexit vote that it would damage scientific research in Britain, that a vote to leave would be a step backward, and the electorate ? or at least a sufficiently significant proportion of it ? took no more notice of me than any of the other political leaders, trade unionists, artists, scientists, businessmen and celebrities who all gave the same unheeded advice to the rest of the country. What matters now, far more than the choices made by these two electorates, is how the elites react. Should we, in turn, reject these votes as outpourings of crude populism that fail to take account of the facts, and attempt to circumvent or circumscribe the choices that they represent? I would argue that this would be a terrible mistake. Sign up to The Guardian Today and get the must-read stories delivered straight to your inbox each morning The concerns underlying these votes about the economic consequences of globalisation and accelerating technological change are absolutely understandable. The automation of factories has already decimated jobs in traditional manufacturing, and the rise of artificial intelligence is likely to extend this job destruction deep into the middle classes, with only the most caring, creative or supervisory roles remaining. This in turn will accelerate the already widening economic inequality around the world. The internet and the platforms that it makes possible allow very small groups of individuals to make enormous profits while employing very few people. This is inevitable, it is progress, but it is also socially destructive. We need to put this alongside the financial crash, which brought home to people that a very few individuals working in the financial sector can accrue huge rewards and that the rest of us underwrite that success and pick up the bill when their greed leads us astray. So taken together we are living in a world of widening, not diminishing, financial inequality, in which many people can see not just their standard of living, but their ability to earn a living at all, disappearing. It is no wonder then that they are searching for a new deal, which Trump and Brexit might have appeared to represent. ?In sub-Saharan Africa there are more people with a telephone than access to clean water.? Photograph: Andy Hall for the Observer It is also the case that another unintended consequence of the global spread of the internet and social media is that the stark nature of these inequalities is far more apparent than it has been in the past. For me, the ability to use technology to communicate has been a liberating and positive experience. Without it, I would not have been able to continue working these many years past. But it also means that the lives of the richest people in the most prosperous parts of the world are agonisingly visible to anyone, however poor, who has access to a phone. And since there are now more people with a telephone than access to clean water in sub-Saharan Africa, this will shortly mean nearly everyone on our increasingly crowded planet will not be able to escape the inequality. The consequences of this are plain to see: the rural poor flock to cities, to shanty towns, driven by hope. And then often, finding that the Instagram nirvana is not available there, they seek it overseas, joining the ever greater numbers of economic migrants in search of a better life. These migrants in turn place new demands on the infrastructures and economies of the countries in which they arrive, undermining tolerance and further fuelling political populism. For me, the really concerning aspect of this is that now, more than at any time in our history, our species needs to work together. We face awesome environmental challenges: climate change, food production, overpopulation, the decimation of other species, epidemic disease, acidification of the oceans. Together, they are a reminder that we are at the most dangerous moment in the development of humanity. We now have the technology to destroy the planet on which we live, but have not yet developed the ability to escape it. Perhaps in a few hundred years, we will have established human colonies amid the stars, but right now we only have one planet, and we need to work together to protect it. To do that, we need to break down, not build up, barriers within and between nations. If we are to stand a chance of doing that, the world?s leaders need to acknowledge that they have failed and are failing the many. With resources increasingly concentrated in the hands of a few, we are going to have to learn to share far more than at present. With not only jobs but entire industries disappearing, we must help people to retrain for a new world and support them financially while they do so. If communities and economies cannot cope with current levels of migration, we must do more to encourage global development, as that is the only way that the migratory millions will be persuaded to seek their future at home. We can do this, I am an enormous optimist for my species; but it will require the elites, from London to Harvard, from Cambridge to Hollywood, to learn the lessons of the past year. To learn above all a measure of humility. ? The writer launched www.unlimited.world earlier this year -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Dec 4 16:52:41 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Dec 2016 22:52:41 -0000 Subject: [Infowarrior] - Academic witch hunts are back: The new McCarthyism, a sign of the stupidity of the post-truth era Message-ID: <1D020BAD-E550-431A-8D93-E846031A095B@infowarrior.org> Academic witch hunts are back: The new McCarthyism, a sign of the stupidity of the post-truth era Sophia A. McClennen http://www.salon.com/2016/12/04/academic-witch-hunts-are-back-the-new-mccarthyism-a-sign-of-the-stupidity-of-the-post-truth-era/ In late November three blocks from the White House, a group of leaders from the so-called alt-right, who many consider to simply be white supremacists, gathered for an annual conference called the National Policy Institute. Their goal was to discuss and debate the opportunities offered by a Donald Trump presidency for their white nationalist plans. In the wake of a rise in hate crimes, the meeting sent a chill throughout the nation. But making America whiter ?again? is not the only thing we need to fear with a Trump administration. Only two days after the alt-right convention in D.C., Turning Point USA launched Professor Watchlist, a website designed to call out college professors who ?discriminate against conservative students and advance leftist propaganda in the classroom.? As Rebecca Schuman wrote for Slate, in other circumstances, these might be two unrelated events, but ?as the president-elect?s surrogates cite Japanese internment as a ?precedent? for what may come, any ?watch list? of any sort is worrying.? Trump?s inability to handle any sort of critique and his bullying of reporters and the media all suggest that we are about to enter an era of censorship, threats to free speech and other forms of suppressing dissent. When the ?liberal? media come under attack it generally isn?t long before the ?tenured radicals? come under fire, too. Turning Point?s founder and executive director Charlie Kirk wrote a blog to explain that the purpose of the list was to expose professors who are out of line: ?Throughout the next 120 days, Turning Point USA will be running ads to make sure students, faculty, and administrators see that these professors made the Professor Watchlist.? The 22-year-old closes his post with the chilling phrase: ?We believe these people need to be exposed.? Each listing on the site ? 200 professors so far ? includes a photo. Clearly the website is less about documenting issues and more about public shaming and potentially targeting. The watch list is a sign of the right?s new McCarthyism. But it?s also a sign of the amazing stupidity of the post-truth era. Today?s McCarthyism combines the red scare witch hunts of the 1950s with the 1980s attacks on multiculturalism of the culture wars and the post-9/11 loyalty tests. But Trump-era McCarthyism has further added the novelty of cyberbullying and a post-truth, fake news lack of connection to reality. Kirk, who himself did not attend college, has been heralded as a rising force on the right and he even spoke at the Republican National Convention. One of his goals is to educate ?students about the importance of fiscal responsibility, free markets, and limited government.? His other goal is to go after the so-called power of left professors on college campuses. Kirk?s list would just be a sad sign of what happens when a young, uneducated conservative pit bull decides to gain a name for himself by bolstering the myth of a dangerous left-wing professoriat poised to poison the minds of the young, if it weren?t so frightening. The problem with the list ? besides its more than obvious McCarthyist witch-hunt tactics ? is that it?s really stupid. It makes claims that have no basis in reality. It exaggerates. It creates crisis where there is none. And worst of all, it promises to increase conflict rather than improve it. In fact, one of the greatest ironies of the list is that it proves that Kirk really should consider going to college. Apparently he has taken some college-level courses, but they clearly haven?t taught him some really basic critical reasoning skills. If he had studied history, logic, evidence and reasoning, his list might be less idiotic. One of the professors on the list, Robert Jensen, joked that he wouldn?t assign the project ?a failing grade.? Instead he?d ?give the project an incomplete, with an opportunity to turn in better work in the future.? Even Bill O?Reilly schooled Kirk when he interviewed him on his show to discuss the list. Kirk squirmed as O?Reilly pressed him on the validity of the information on the list and finally ended the interview with ?as long as the facts are straight.? But here?s the thing: The facts are not straight. Kirk?s list is based on flimsy information that simply doesn?t support his claims that there is a problem of left-wing professors discriminating against conservative students. Let?s start with the easy one. In his interview with O?Reilly, Kirk claimed that the list was many years in the making and came as a response to the many stories he had heard of conservative students being bullied and harassed in classrooms. He explained that he felt the need to call attention to these outrages. And he told O?Reilly that such an effort ?hasn?t existed until right now.? Hmmm? No professor watch lists until now? Joerg Tiede of the American Association of University Professors wrote a piece this week about the first red scare watch list. In 1934 conservative political activist Elizabeth Dilling published ?The Red Network ? A Who?s Who and Handbook of Radicalism for Patriots.? And who could forget the blacklists of the McCarthy era? Attacks on leftist professors in that era had two phases,, according to Ellen Schrecker: ?In the first stage, the alleged subversives were identified, usually by an official body like HUAC or the FBI. In the second stage, they were punished, usually by the imposition of economic sanctions.? Some faculty, though, were fired. Kirk apparently can ignore this history, probably because he hasn?t studied it in college. But he even forgets the precedent set by his own sources. Much of his site directly references a number of the already existing resources that police liberal faculty. For instance, many of the faculty on Kirk?s list also appear on David Horowitz?s Discover the Networks. Horowitz leveraged the post-9/11 culture of fear to launch his ?Academic Bill of Rights? and claim that college students were indoctrinated by left-leaning faculty. He later published ?The Professors: The 101 Most Dangerous Professors,? which argued that many U.S. professors were anti-American. Kirk doesn?t only forget history and his sources. He also doesn?t seem to understand that there is a difference between what a faculty member does in the classroom and his or her extramural speech, social media posts and research. As Jensen explained in his piece about the list, much of the ?proof? offered of faculty bias does not come from classroom encounters. In fact very little of it does. Instead Kirk?s list cites tweets, essays, books, blogs, published op-eds and other off-campus activity as evidence of faculty discriminating against students in the classroom. And Kirk fails to appreciate the fact that faculty are citizens, too. They can tweet and post articles on Facebook and write op-eds. They can express political beliefs, rant about racism and express dismay at the election of Donald Trump on their own time. As the University of Illinois had to learn after it rescinded a job offer to Steven Salaita in response to some of his tweets, extramural speech can?t be taken to stand in for classroom behavior. There is no necessary correlation between classroom conduct and the actions of a private citizen. Most of the list?s examples have nothing whatsoever to do with a faculty member in the classroom. This makes it a perfect example of McCarthyism in the post-truth era. But the stupidity doesn?t end there. Kirk joins a long line of hysterical conservatives who freak out that faculty members are indoctrinating students, but there is no evidence to back up any of their worries. In fact all the research on student political beliefs and college show that faculty do not influence their students at all. A 2008 article in The Guardian ran down a series of studies, all of which concluded that faculty members are not indoctrinating anyone. Matthew Woessner, a conservative faculty member who has conducted some of this research explained, ?There is no evidence that a professor or lecturer?s views instigate political change among students.? Instead, the research shows that when students engage with faculty, their views moderate. If students lean more left or right over the course of college it is typically a result of student activities and peer interaction. In other research Woessner further found that Republicans and conservatives, while vastly outnumbered in academia, ?were, for the most part, successful, happy, and prosperous. Fewer than 2 percent of faculty (Republican or Democratic) reported being the victims of unfair treatment based on their politics.? While this data reflects faculty not student attitudes it does show that ideas of bias against conservatives in academia is also exaggerated. Other research shows that if there are political biases in the classroom, they come from students and are directed at professors. In a 2006 study by Woessner and his wife, they found ?that when students perceive a gap between their political views and those of their instructor, students express less interest in the material, are inclined to look less favorably on the course, and tend to offer the instructor a lower course evaluation.? Of course it is a great irony that the right champions the classroom concerns of conservative students. Most of the time, the mantra of the right is to disparage the whiny, coddled college student. In yet another sign of Trump-era hypocrisy, when the whining is about attacks on conservatism, it is legitimate. If it is in relation to Black Lives Matter, students apparently need to get over it. Needless to say, all campuses have protections for students who feel they are suffering bias or discrimination. As a Penn State spokeswoman interviewed about the watch list explained, ?If students in a classroom believe that an instructor has acted beyond the limits of academic freedom, there are policies and procedures in place for seeking a faculty conference and mediation.? The idea that students don?t have protections on campus is ludicrous as well. It is also clear that Kirk has never studied statistics because his list does not offer a statistically relevant sample. In 2013 there were 1.5 million faculty members at degree-granting postsecondary institutions. Kirk?s list has found a whopping 200 folks that purportedly are a threat to conservative students. Assuming that the 2013 number of faculty has mostly held steady, Kirk?s database represents .013 percent of all the faculty in the nation. It is a textbook example of a data size that is irrelevant. It literally proves the point that this is a nonissue. But in the land of post-truth hysteria one example is all it takes to freak everyone out. So Kirk?s list is a sad, pathetic and seriously stupid sign of the sorts of concerns that occupy the minds of the rising new right. It is easy to joke about it ? and many have. Shortly after the watch list was launched and Kirk called on students to submit tips, a new hashtag emerged on Twitter ? #TrollProfessorWatchlist ? and it included submissions of Harry Potter characters, a Trump University lecturer and Jesus Christ. The hashtag is a great way to push back on the inanity of the list, but it is a mistake to miss its dark, chilling side, too. What Kirk and others like him do is perpetuate a myth about the ?dangers? of higher education that facilitates attacks on the value and meaning of college education. Make no mistake: Behind Kirk?s vendetta is a desire to destroy public higher education and replace it with a neoliberal privatized model that looks a lot like Trump U. State funding for higher education is down about $10 billion since the recession. Today more than half of all faculty members are adjuncts, who often have to work multiple jobs to make ends meet. Some professors make less than 50 cents an hour and far too many find themselves on food stamps. As public funding has gone down, student tuition bills have gone up, leaving students carrying a debt burden of more $1 trillion. Nearly 4 out of 5 college students are working part-time while studying for their degrees, averaging 19 hours a week. That is the real scandal of higher education, not the trumped-up charges that faculty members are harassing conservative students. Maybe now that Kirk?s list has been outed as a baseless witch hunt, he will consider going back to school and learning from the very same professors he supposedly finds so frightening. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Dec 4 16:52:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Dec 2016 22:52:42 -0000 Subject: [Infowarrior] - Canada Wants Software Backdoors, Mandatory Decryption Capability And Records Storage Message-ID: <5628EC8C-D30E-4B99-B33C-CEDEAE72B519@infowarrior.org> Canada Wants Software Backdoors, Mandatory Decryption Capability And Records Storage by Lucian Armasu December 2, 2016 at 5:30 PM - Source: Public Safety Canada http://www.tomshardware.com/news/canada-software-encryption-backdoors-feedback,33131.html The new Canadian government is looking to further expand its surveillance powers by requiring decryption capabilities for all services, mandatory storage of both internet and phone records for service providers, backdoors that allow interception, and warrantless access to basic subscriber information. Bill C-51 Last year, under the previous conservative government, Canada passed a controversial ?anti-terrorism? law, called Bill C-51, which gave new powers to the country?s police and intelligence agencies with little oversight. The bill has been criticized for allowing the country?s domestic spy agency, the Canadian Security Intelligence Service (CSIS), to become a ?secret police? by extending its powers beyond simple information gathering. It also allows 17 agencies to share a wide range of information about Canadian citizens, including medical and financial records, with the Canadian intelligence agencies. Mandatory Decryption After mandatory decryption and encryption backdoors failed to pick up steam in the United States, but succeeded in the UK with the passing of the ?Snoopers? Charter,? Canada is looking to give this idea a try, too. The government is now asking for feedback on whether it should legally force individuals and organizations to decrypt material. This implies that either companies would have to forgo using end-to-end encryption that allows users to encrypt communications with their own keys, or they would need to have some kind of backdoor that would allow them to bypass the end-to-end encryption. Software Backdoors The government also complained about not being able to intercept some communications, and that it should be allowed to use intercept capability against some service providers. Unlike the phone networks, which have had built-in intercept capabilities for decades, many of the chat or email applications don?t (with some exceptions). That?s even more true for end-to-end encrypted services, where the companies themselves can?t see the private communications between users, which means law enforcement can?t either. If the government can?t outlaw end-to-end encryption and can?t require companies to use only encryption that can be decrypted, the next best thing is going to be some kind of software backdoor that disables and bypasses an application?s end-to-end encryption. Then the communications could pass through the company?s servers, where law enforcement could intercept it. The government could even get direct access to the backdoor, and then it could use it whenever it wants, with or without a warrant. However, if something like this passes as law, then it would become public, and more people may start avoiding services that have to abide by this Canadian law. This may be the reason why so many of the western democratic countries are trying to pass such laws almost in unison lately, to make it feel as if the people have no choice but to continue to use the backdoored services. Security experts have almost unanimously come out against the idea of software backdoors, because they represent a grave security risk. Once there?s a way to bypass encryption, it?s not just governments that can use it, but also other bad actors. Mandatory Records Storage The Canadian government is complaining that some services don?t store records long enough, asserting that this is a problem for law enforcement. It also complained that some internet services that are used by Canadians ?operate beyond the reach of Canadian law? simply because they have no local headquarters or servers, and thus Canadian law enforcement can?t legally request data from them. The government seems to be targeting privacy services companies such as VPN providers. Some VPN service providers keep no logs whatsoever, and they may not even have servers in Canada. That means the Canadian government can?t request user data or force them to install backdoors. The Canadian government seems to be considering a law where it could both mandate that all service providers, including VPN services, store customer records for a longer period of time, and that it should be able to request that data when needed. Basic Subscriber information The government argues that it should be allowed to get access to basic subscriber information without a warrant. It gives examples of situations such as as when a person is missing, when there is suspicion of a crime, to further investigate a lead, and so on. However, these situations could be addressed by a judge assigned for emergency cases. It?s also not clear which agencies would be able to access this information, but presumably the Canadian government would want to eliminate any sort of restrictions for any agency when it comes to accessing basic subscriber information. For now, it looks like the Canadian government is at least willing to hear people?s opinions on this, and people can submit their comments on these issues on the government?s Public Safety website. About the author Lucian Armasu @lucian_armasu Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 5 06:36:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Dec 2016 12:36:32 -0000 Subject: [Infowarrior] - A Warning for Americans From a Member of Pussy Riot Message-ID: <6BEEFC3B-746F-4519-B72A-1EBE3853FEFA@infowarrior.org> A Warning for Americans From a Member of Pussy Riot Jim Rutenberg http://www.nytimes.com/2016/12/04/business/rutenberg-lessons-in-free-speech-from-pussy-riot.html?_r=0 MIAMI BEACH ? On Tuesday, Donald J. Trump wrote on Twitter that people who burn the flag should be punished with ?perhaps loss of citizenship or year in jail!? Two days later, I went to a little cafe here to meet with Nadya Tolokonnikova of the Russian punk band and activist art collective Pussy Riot. The group?s 2012 guerrilla performance at the Cathedral of Christ the Savior in Moscow, which viciously mocked Vladimir Putin and the Russian Orthodox Church, resulted in a two-year prison sentence for Ms. Tolokonnikova and another of its members. I had been in South Florida for family reasons and when I saw that Ms. Tolokonnikova was swinging through Miami for Art Basel, I immediately reached out to her. I?d come to view her as an emissary from a dystopian political-media environment that seemed to be heading our way, with governmental threats against dissent, disinformation from the presidential level and increasingly assertive propagandists who stoke the perception that there can be no honest arbiter of truth. It?s what Ms. Tolokonnikova was protesting, and it?s what led to her brutal internment, which lasted more than 20 months and ended in 2013. Leading up to Ms. Tolokonnikova?s trial, Russian news reports carried suggestions that she and her bandmates were pawns of Hillary Clinton?s State Department or witches working with a global satanic conspiracy ? perhaps linked to the one that was behind the Sept. 11 attacks, as lawyers for one of their offended accusers put it. This is what we now call ?fake news.? Pussy Riot became an international symbol of Mr. Putin?s crackdown on free speech; of how his regime uses falsehood and deflection to sow confusion and undermine critics. Now that the political-media environment that we smugly thought to be ?over there? seems to be arriving over here, Ms. Tolokonnikova has a message: ?It?s important not to say to yourself, ?Oh, it?s O.K.,?? she told me. ?It?s important to remember that, for example, in Russia, for the first year of when Vladimir Putin came to power, everybody was thinking that it will be O.K.? She pointed to Russian oligarchs who helped engineer Mr. Putin?s rise to power at the end of 1999 but didn?t appreciate the threat he posed to them until they found themselves under arrest, forced into exile or forced into giving up their businesses ? especially if those businesses included independent media critical of Mr. Putin (see Berezovsky, Boris; Gusinsky, Vladimir). Of course, the United States has checks, balances and traditions that presumably preclude anything like that from happening, she acknowledged as we sat comfortably in sunny Miami Beach while it played host to a celebration of free expression (Art Basel). ?It is a common phrase right now that ?America has institutions,?? Ms. Tolokonnikova said. ?It does. But a president has power to change institutions and a president moreover has power to change public perception of what is normal, which could lead to changing institutions.? As if to make her point, later that day the informal Trump adviser Corey Lewandowski declared that The New York Times?s executive editor, Dean Baquet, ?should be in jail.? In October, The Times published an article about leaked pages from Mr. Trump?s 1995 state tax returns. If influential advisers to Mr. Trump continue to so loosely issue jail threats to journalists for doing their constitutionally protected work after Inauguration Day, well, that?s a big change to the institution of the presidency in my book, as well as in the one the founders wrote. None of it is all that shocking to Ms. Tolokonnikova, who at 27 has seen this music video before. When I met her, she was relaxed, wearing a white T-shirt emblazoned with the words ?Wild Feminist.? She was planning a lecture that night urging artists to become more engaged and pick up where the politically conscious punk bands like the The Dead Kennedys left off ? their messages largely lost in the music of corporate-label imitators who hardly said boo through the debates over two wars, the Great Recession and racially charged police shootings. In February 2014, riot police officers detained Nadya Tolokonnikova, center; her husband, Pyotr Verzilov, right; and a Pussy Riot member, Maria Alyokhina, left, during a protest in support of opposition activists in front of a Moscow court building. Sergei Chirikov/European Pressphoto Agency So it was that some of the most provocative musical statements of the presidential election came from the Russian women of Pussy Riot, whose work is about things much bigger than their own careers. They have been working on their English-language music with Dave Sitek of TV on the Radio and the producer Ricky Reed, Ms. Tolokonnikova said. The last video they released, in late October, was called ?Make America Great Again.? It showed fictional Trump agents in red armbands raping and torturing in a campaign against Muslims, Mexicans, women who have abortions, gays and lesbians. It was certain to offend. But it wasn?t illegal, at least not here ? at least not yet. And it was a modest Russia-in-America answer to the more voluminous pro-Trump propaganda Mr. Putin exported to the United States. Some arrived through his sophisticated state-financed news networks (one, Sputnik, featured #CrookedHillary hashtags on its Twitter feed). And if assessments by the United States intelligence community are correct, some came through state-supported internet skulduggery. Ms. Tolokonnikova said she became more involved here because the stakes were bigger than one country. ?What happens in one country makes huge influence on what?s going on in other countries,? she said. ?So, I didn?t want Donald Trump to be elected because it would obviously encourage authoritarian politicians around the world to be more authoritarian, and it did.? (To wit, President Rodrigo Duterte of the Philippines claiming without substantiation that Mr. Trump had endorsed his murderous drug crackdown.) Yet as the web enables Mr. Putin to spread propaganda that encourages nationalist movements to campaign for walls and isolation ? most recently, it is claimed, in Italy, where a referendum was held on Sunday ? it also breaks down the cultural barriers between countries. There are places in Russia where the internet provides a rare route to real news, given that Mr. Putin has effectively pressured so much of Russia?s independent journalism out of existence on television, on radio and in print. But truth cannot break through if people never find it or believe it when they do. And the problem in Russia is the same one we?re seeing here, Ms. Tolokonnikova told me. ?A lot of people are living really unwealthy lives so they have to work not one but two jobs, so they don?t have time to analyze and check facts, and you cannot blame them,? she said. And, after so many years in which the ?lift-all-boats? promises of globalization didn?t come to pass, she said, ?they don?t trust bureaucrats, they don?t trust politicians, and they don?t really trust media.? That?s why the top Russian propagandist Dmitry K. Kiselyov can assert that ?objectivity is a myth? and, here in the United States, the paid CNN Trump-supporting contributor Scottie Nell Hughes can declare: ?There?s no such thing, unfortunately, anymore, of facts.? When there is no truth, invasions are ?liberations? and internment camps are ?relocation centers.? But, as Ms. Tolokonnikova said, ?There is always a way if you really want to tell the truth.? Doing so, for her, has come at a cost, even after prison. Informal Cossack security forces beat her and other Pussy Riot members as they prepared to perform in Sochi during the 2014 Olympics. That same year, a youth gang attacked her with trash and a green antiseptic chemical in Nizhny Novgorod, where she was protesting prison conditions. The men were clearly identifiable but, she said, police made no arrests. Ms. Tolokonnikova has also co-founded a news site called Media Zona. She said it avoided opinion so that readers would accept it as a just-the-facts counter to disinformation. ?You are always in danger of being shut down,? she said. ?But it?s not the end of the story because we are prepared to fight.? Her counsel for United States journalists: You better be, too. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 5 06:37:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Dec 2016 12:37:18 -0000 Subject: [Infowarrior] - Encryption Survey Indicates Law Enforcement Feels It's Behind The Tech Curve; Is Willing To Create Backdoors To Catch Up Message-ID: <31C30901-AC2F-4A74-8927-B7D530E0DD94@infowarrior.org> Encryption Survey Indicates Law Enforcement Feels It's Behind The Tech Curve; Is Willing To Create Backdoors To Catch Up from the trading-brute-force-for-extra-keys dept To get a general feel for European law enforcement encryption sentiment (so to speak), the European Union sent questionnaires to member countries, asking for details on what forms of encryption are encountered most frequently and what these agencies feel would be the best approach to tackling encrypted data going forward. Surprisingly, the EU received several responses and most have been published in full. (The list of PDFs/HTML versions can be found near the bottom of this page.) They were issued in response to a public records request by Rejo Zenger of Dutch digital rights group, Bits of Freedom. Security researcher Lukasz Olejnik went through the posted documents to find the highlights/lowlights of the submissions. Several countries responded to the EU's questionnaire, but only twelve of those made their answers public. (And, in the case of the UK and the Czech Republic, some answers were redacted.) Most responding agencies in most countries are running into the same encryption issues. < - > https://www.techdirt.com/articles/20161127/18352736140/encryption-survey-indicates-law-enforcement-feels-behind-tech-curve-is-willing-to-create-backdoors-to-catch-up.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 5 06:38:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Dec 2016 12:38:00 -0000 Subject: [Infowarrior] - Implantable Cardiac Defibrillators Easily Hacked: Researchers Message-ID: Implantable Cardiac Defibrillators Easily Hacked: Researchers By Ionut Arghire on December 03, 2016 http://www.securityweek.com/implantable-cardiac-defibrillators-easily-hacked-researchers The communication protocol used by some of the latest generation of Implantable Cardioverter Defibrillators (ICDs) is weak enough to allow even attackers without advanced knowledge to reverse-engineer it and exploit vulnerabilities such as denial of service (DoS), security researchers have discovered. In a paper (PDF) titled On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them, a group of six researchers from Leuven, Belgium, and Birmingham, UK, explain that Implantable Medical Devices (IMDs) use proprietary protocols for communication, and that limited or no security features are employed for wireless communication. Because the protocols are used to carry out critical functions such as changing the IMD?s therapy or collecting telemetry data, an attacker capable of tapping into these communication protocols can perform privacy and Denial-of-Service (DoS) attacks. What?s more, the researchers explain that reverse-engineering the protocols is highly feasible even for attackers with limited knowledge and resources and without physical access to devices. The research was conducted on the latest generation of a widely used ICD, which uses a long-range RF channel (from two to five meters) for communication, using a black-box approach and inexpensive Commercial Off-The-Shelf (COTS) equipment. While analyzing the protocols, the security researchers discovered weaknesses in them and in their implementations, and they also managed to conduct several attacks against the vulnerable devices. These attacks, which include replay and spoofing, can put patients? safety at risk, especially since they can be performed without being in close proximity to the patient. The security researchers suggest that the discovered issues affect at least 10 types of ICDs currently on the market and say that manufacturers have been contacted before the publication of the paper. The researchers started their analysis with an attempt to intercept the wireless transmissions between the device programmer and the ICD, and focused on reverse-engineering the proprietary protocol used to communicate over the long-range channel. Next, they looked into ways to activate the ICD before carrying out attacks and discovered several ways to bypass the current activation procedure. After fully reverse-engineering the proprietary protocol, the researchers focused on discovering vulnerabilities that an attacker could exploit, and revealed that active and passive software radio-based attacks such as privacy, DoS, and spoofing and replay attacks are possible. They also say that adversaries might not even need to be in the proximity of the vulnerable devices because sophisticated equipment and directional antennas could allow them to extend the attack distance by several orders of magnitude. Some of the countermeasures that could mitigate or solve the discovered vulnerabilities include jamming the wireless channel when the ICD is in standby mode, sending a shutdown command so that the device would enter a sleep mode, and adding standard symmetric key authentication and encryption between the ICD and the programmer. ?We want to emphasize that reverse-engineering was possible by only using a black-box approach. Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs. Therefore, it is important for the medical industry to migrate from weak proprietary solutions to well-scrutinized security solutions and use them according to the guidelines,? the security researchers say. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Dec 5 07:01:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Dec 2016 13:01:18 -0000 Subject: [Infowarrior] - The city getting rich from fake news Message-ID: <4114CCB1-A7F5-4552-865B-E54CC092797F@infowarrior.org> The city getting rich from fake news By Emma Jane Kirby BBC News http://www.bbc.com/news/magazine-38168281 -- It's better to burn out than fade away.