From rforno at infowarrior.org Sat Jan 2 11:46:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:46:48 -0500 Subject: [Infowarrior] - When back doors backfire Message-ID: When back doors backfire Democracy in America | Dec 31st 2015, 16:26 When back doors backfire Jan 2nd 2016 | From the print edition http://www.economist.com/news/leaders/21684783-some-spy-agencies-favour-back-doors-encryption-software-who-will-use-them-when-back WITHOUT encryption, internet traffic might as well be written on postcards. So governments, bankers and retailers encipher their messages, as do terrorists and criminals. For spy agencies, cracking methods of encryption is therefore a priority. Using computational brute force is costly and slow, because making codes is far easier than breaking them. One alternative is to force companies to help the authorities crack their customers? encryption, the thrust of a new law just passed in China and a power that Western spy agencies also covet. Another option is to open ?back doors?: flaws in software or hardware which make it possible to guess or steal the encryption keys. Such back doors can be the result of programming mistakes, built by design (with the co-operation of the encryption provider) or created through unauthorised tinkering with software?or some combination of the three. The problem with back doors is that, though they make life easier for spooks, they also make the internet less secure for everyone else. Recent revelations involving Juniper, an American maker of networking hardware and software, vividly demonstrate how. Juniper disclosed in December that a back door, dating to 2012, let anyone with knowledge of it read traffic encrypted by its ?virtual private network? software, which is used by companies and government agencies worldwide to connect different offices via the public internet. It is unclear who is responsible, but the flaw may have arisen when one intelligence agency installed a back door which was then secretly modified by another. The back door involved a faulty random-number generator in an encryption standard championed by America?s National Security Agency (NSA); other clues point to Chinese or British intelligence agencies. Decrypting messages that involve one or more intelligence targets is clearly within a spy agency?s remit. And there are good reasons why governments should be able to snoop, in the interests of national security and within legal limits. The danger is that back doors introduced for snooping may also end up being used for nefarious ends by rogue spooks, enemy governments, or malefactors who wish to spy on the law-abiding. It is unclear who installed Juniper?s back door or used it and to what end. Intelligence agencies argue that back doors can be kept secret and are sufficiently complex that their unauthorised use is unlikely. But an outsider may stumble across a weakness or steal details of it. America, in particular, has a lamentable record when it comes to storing secrets safely. In the summer it became known that the Office of Personnel Management, which stores the sensitive personal data of more than 20m federal employees and others, had been breached?allegedly by the Chinese. Some call that the biggest disaster in American intelligence history. It is rivalled only by the data taken by Edward Snowden, a former NSA contractor now living in Moscow. (The authorities responsible for airport security also let slip the details of master keys that can open most commercially available luggage?a form of physical back door.) Push back against back doors Calls for the mandatory inclusion of back doors should therefore be resisted. Their potential use by criminals weakens overall internet security, on which billions of people rely for banking and payments. Their existence also undermines confidence in technology companies and makes it hard for Western governments to criticise authoritarian regimes for interfering with the internet. And their imposition would be futile in any case: high-powered encryption software, with no back doors, is available free online to anyone who wants it. Rather than weakening everyone?s encryption by exploiting back doors, spies should use other means. The attacks in Paris in November succeeded not because terrorists used computer wizardry, but because information about their activities was not shared. When necessary, the NSA and other agencies can usually worm their way into suspects? computers or phones. That is harder and slower than using a universal back door?but it is safer for everyone else. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 2 11:46:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:46:57 -0500 Subject: [Infowarrior] - =?utf-8?b?SW4g4oCYU3RhciBXYXJzLOKAmSBXYXMgdGhl?= =?utf-8?q?_Death_Star_Too_Big_to_Fail=3F?= Message-ID: In ?Star Wars,? Was the Death Star Too Big to Fail? Gray Matter By ZACHARY FEINSTEIN JAN. 1, 2016 http://www.nytimes.com/2016/01/03/opinion/in-star-wars-was-the-death-star-too-big-to-fail.html AT the end of ?Star Wars: Episode VI ? Return of the Jedi,? the heroic Rebel Alliance defeats the evil Galactic Empire, destroying the second Death Star, the empire?s central space station (and superweapon). Audiences typically respond to the destruction of the Death Star with triumphant cheers. But over the years, a number of perhaps more reflective fans have paused to question the consequences of this event. In his movie ?Clerks,? for example, the writer and director Kevin Smith has his protagonists debate the ethics of destroying the second Death Star, whose construction was still underway, given the collateral damage to the contractors (?plumbers, aluminum siders, roofers?) building it. As a financial engineer, I have another concern: the economic repercussions for the ?Star Wars? galaxy. In a recent working paper, I brought the analysis of financial systemic risk to bear on this question. I found that the resulting financial crisis would cause a serious galactic depression of astronomical proportions ? so large, in fact, that it suggests the rebel victory might have been a pyrrhic one. To perform my analysis, I had to make a number of assumptions about the economy in ?Star Wars? and comparisons to the real world in order to develop a model of the galactic financial system. For instance, I compared the cost of constructing the first Death Star ($193 quintillion) with that of building the U.S.S. Gerald Ford (about $17.5 billion), the most recent aircraft carrier in the United States Navy, a similar approach to that used by the White House in responding to a humorous 2012 petition to build a Death Star. To calibrate the size of the imperial economy ($4.6 sextillion per year), I assumed that the cost of building the first Death Star was comparable to the costs of the Manhattan Project (0.21 percent of gross domestic product per year). Following the destruction of the second Death Star (a much bigger version, at a cost of $419 quintillion) and the fall of the Galactic Empire, I presumed there would be an immediate default on imperial debt, a drop in asset valuations (comparable to equities after Sept. 11) and a potential for cascading defaults in the financial sector. Because the financial system in ?Star Wars? lacked any meaningful regulation, the resulting financial crisis was larger than I ever imagined. Without a financial bailout of 20 percent of the entire galactic economy, the victory of the Rebel Alliance would cause a galactic depression that would compare to the Great Depression, or worse. When the Rebel Alliance emerged victorious in ?Return of the Jedi? and, presumably, chose to repudiate the imperial debts from both Death Stars, there would have been a drop of nearly 8.5 percent in gross galactic product (G.G.P.), according to my analysis, an almost sure path to economic depression. In only 40 percent of my simulations, the financial system absorbed this shock to the banking sector. However, the other 60 percent of cases set off a systemic crisis that crippled the galactic economy. Did the Rebel Alliance foresee the economic consequences of destroying the second Death Star and take steps to mitigate an economic collapse? Without intelligent economic policy, a bailout of 15 percent to 20 percent of G.G.P. would have been necessary simply to limit the galactic economic fallout to something comparable to the gross domestic product decline at the heart of the Great Recession. Fortunately, ?Star Wars? is a work of fiction. Unfortunately, as we witnessed in 2008, financial systemic risk is a very real threat to the economic well-being of the United States and the world. As with a medical epidemic, understanding the causes, symptoms and progression of a contagious event is necessary to prevent economic illness. Financial contagion is the spreading of losses of individual institutions to other firms, and ultimately to the whole economy. That contagion can occur through local or global interactions: for example, locally through direct financial obligations, and globally to any bank through the impact on asset prices. BECAUSE of the large cost to society, it is important that we accurately model what occurs in a systemic crisis. This is why my model of the ?Star Wars? economy ? a system of mathematical equations ? is not entirely silly. Financial-contagion models provide a glimpse into how the financial sector can affect the health of the entire economy. Just as I made simplifying assumptions to price the Death Star, researchers construct mathematical models (in all fields) by looking at the world and translating what they observe into mathematical formulas. Over time, through the efforts of researchers worldwide, these formulas are refined, making the model more realistic but also more complicated. These mathematical models, as simplifications of the real world, reveal which properties are general and which are specific to the crisis at hand. If done properly, they can help inform decision makers on how to prevent or mitigate future systemic crises. I have found that the general lessons learned from studying financial risk do not always hold true during a systemic crisis. For the individual investor or bank, greater diversification is a prudent strategy to reduce risk. However, increasing diversification at all institutions might create new channels of contagion, which would exacerbate rather than mitigate a systemic crisis. With my simple model, I have also found that when banks (and the Trade Federation in ?Star Wars?) compete to maximize profits during a systemic crisis, they can unintentionally devalue financial assets to levels lower than necessary to reach a post-crisis equilibrium. As a consequence, this exacerbates the spread of the economic disease. Because of the tremendous costs associated with systemic crises, it is paramount that we continue to study how to model financial contagion and measure systemic risk. As ?Star Wars? proves, sometimes these crises can appear when and where we least expect them. Zachary Feinstein is an assistant professor in the department of electrical and systems engineering at Washington University. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 2 11:47:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:47:26 -0500 Subject: [Infowarrior] - Fwd: Switzerland signs deal to end banking secrecy References: <84443343-0961-43BE-BD9B-CE0C6C76B87F@well.com> Message-ID: > Begin forwarded message: > > From: Dan > > Dunno if you are interested since this has little to do with the general topics usually found on InfoWarrior-L, but it might fit. > > http://internationalbanker.com/banking/switzerland-signs-deal-to-end-banking-secrecy/ > > > Switzerland signs deal to end banking secrecy > ? Friday, January 01, 2016 > By John Manning > > Switzerland, in an effort to combat tax evasion and money laundering activities, has agreed to a deal with the Organisation for Economic Co-operation and Development (OECD) agreeing to exchange data with 60 other countries that will effectively end its banking secrecy. > > Switzerland is the world?s largest offshore wealth center, with an estimated $2.2 trillion in assets compared to a $632.2 billion GDP. > > The fight to open up Switzerland?s infamous banking system to assess tax evasion and illicit funds has been ongoing on for the past few years. It already has bilateral tax collection agreements with the UK and Austria. > > This tax agreement, was brought forward by the OECD and includes all G20 states and most European States. With the signing of this convention, the Swiss government can now ask large private banks like UBS AG, Julius Baer, and Credit Suisse Group AG to release information on their clients to tax auditors both locally and internationally. > > There was much resistance from the Swiss bankers, including the chairman of the Swiss Bankers Associated, Patrick Odier who does not think that this automatic release of information is compliant with international standards. > > Steps towards banking transparency had been attempted previously, but failed. A few months ago, the Swiss parliament refused to discuss a bill that would change legislation and comply with US Foreign Tax Compliance Act, a bilateral client information swap with the US. > > But under intense pressure from US, Germany, and France, the banks were signed on to the convention. With many politicians welcoming the change, Stefan Fluckiger, the Swiss ambassador to the OECD mentioned ?The signing of the convention confirms Switzerland?s commitment to the global fight against tax fraud,? in a statement. The deal still needs to be ratified in the parliament. > > However, the Swiss banking industry which has reached $8.5 trillion in offshore wealth will have to adapt to these changes. The secrecy was one of the most important attractions for depositors and foreign bank assets have decreased by $921 billion in the last four years as a result of fears that this secrecy would soon be compromised. > > The US has had a long standing problem with this secrecy since UBS, Switzerland?s biggest bank, in 2009, admitted that it had helped 52,000 Americans evade taxes. Since then, another bank, Wegelin & Co. has also admitted to helping clients hide money including $1.2 billion from American sources. The IRS and the US government are reported to be investigating over a dozen Swiss banks. > From rforno at infowarrior.org Sat Jan 2 11:48:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:48:11 -0500 Subject: [Infowarrior] - Fwd: referral: The Rapid Rise of Digital Assistants References: <20160101015322.2127FA06E1D@palinka.tinho.net> Message-ID: I wouldn't say 'stupid' (yet) but certainly dysfunctional, or unable to do for themselves.... -- It's better to burn out than fade away. > Begin forwarded message: > > From: dan at geer.org > Subject: referral: The Rapid Rise of Digital Assistants > Date: December 31, 2015 at 8:53:22 PM EST > To: rforno at infowarrior.org > Cc: dan at geer.org > > The Rapid Rise of Digital Assistants > https://www.linkedin.com/pulse/rapid-rise-digital-assistants-daniel-burrus > > or, you ain't seen stupid till you've got auto-everything > From rforno at infowarrior.org Sat Jan 2 11:52:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:52:07 -0500 Subject: [Infowarrior] - NSA Critics Gleefully Accuse Surveillance Hawks of Hypocrisy Message-ID: NSA Critics Gleefully Accuse Surveillance Hawks of Hypocrisy Steven Nelson http://www.usnews.com/news/articles/2015-12-31/nsa-critics-gleefully-accuse-surveillance-hawks-of-hypocrisy Privacy advocates are accusing politicians generally deferential to the government's mass surveillance programs of hypocrisy after leading hawks expressed concern about the possible collection of their own communications. Collection on members of Congress, revealed this week by The Wall Street Journal, was performed by the National Security Agency with a wink-and-nod from the White House, which was intent on countering Israeli Prime Minister Benjamin Netanyahu's bid to derail the Iran nuclear deal. According to the report, the congressional communications were "incidentally" collected. What exactly was done with those intercepts is unclear and the chairman of the House intelligence committee, historically a roadblock for privacy legislation, announced an investigation Wednesday as hawkish members of Congress squealed in disapproval of the surveillance. Ironically, a budget deal negotiated by the congressional leaders this month stripped language that would have banned searches of some "incidentally" collected communications of Americans, despite the measure passing the House with broad support. The amendment also passed last year, but then too was stripped from a leadership-negotiated deal. Privacy advocates were quick to gloat about their longtime adversaries' apparent double standard. "Confused intelligence committee opens investigation into surveillance it authorized," tweeted Jameel Jaffer, an American Civil Liberties Union attorney who has worked on the group's lawsuits against NSA phone and Internet surveillance. "Also BREAKING: Intel overseers who've hailed NSA minimization for 30 months discover it's inadequate for privacy," chirped journalist Marcy Wheeler, a prominent blogger who covers national security and civil liberties. Wheeler harshly critiqued Rep. Devin Nunes, R-Calif., the chairman of the House intelligence committee. "Devin Nunes? He's a raging hypocrite who should be called out as such," she wrote. In another tweet, she wrote he "has NEVER ONCE voted [against] incidentally collecting [on U.S. persons], now objects when he is collected." Glenn Greenwald, the journalist who exposed the vast breadth of NSA surveillance beginning in June 2013 using leaked documents from exiled whistleblower Edward Snowden, beamed in The Intercept that "[a]ll sorts of people who spent many years cheering for and defending the NSA and its programs of mass surveillance are suddenly indignant now that they know the eavesdropping included them and their American and Israeli friends rather than just ordinary people." Greenwald singled out former Rep. Pete Hoekstra -- a past chairman of the House intelligence committee who had tweeted "NSA and Obama officials need to be investigated and prosecuted if any truth to WSJ reports. NSA loses all credibility." "Now that he knows that it is his privacy and those of his comrades that has been invaded, he is no longer cavalier about it," the Pulitzer Prize-winning reporter wrote, recalling a debate he previously had with Hoekstra. Nunes told The Associated Press he received no notification of Iran deal surveillance affecting members of Congress. Sounding at least publicly detached, Nunes told the AP, "We're going to play this right down the middle and determine whether or not somebody did something wrong." Lawmakers in the past have been accused of having a double standard for surveillance that affects them and surveillance that broadly affects the public. Some privacy advocates dubbed it the "Merkel effect" after revelations that the German chancellor's phone conversations were recorded by the NSA. The so-called Merkel effect manifested last year when one of the NSA's most ardent allies, then-chairwoman of the Senate intelligence committee Sen. Dianne Feinstein, D-Calif., loudly denounced the CIA for surveilling the work of her committee staffers as they investigated the agency's alleged torture of detainees. Activists accused Feinstein of being "two-faced" on surveillance and visited her office to drive the point home for a crowd of reporters. One privacy advocate covered her face with a photo of the senator labeled "pro-spy Di-Fi." Another did so with the label "anti-spy Di-Fi." After putting on a poorly scripted political theater performance over the objection of Capitol Police, the activists left Feinstein a large pair of sunglasses that said "Stop Spying" and expressed hope she would one day wear them. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 2 11:58:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:58:19 -0500 Subject: [Infowarrior] - Stanford course: Surveillance Law Message-ID: <89F587F9-5545-4C24-AAFF-0AFE8BC93B0F@infowarrior.org> FYI, my Stanford CIS colleague (a securitylegalgeek rockstar) is offering a 6-week online course on surveillance law. Well worth checking out, if you're able and/or interested! -- rick Surveillance Law Learn how police and intelligence agencies can access your data, and how the law (might) protect you! Hackers, attorneys, and concerned citizens are all welcome. 6 weeks of study 1-3 hours/week English Jonathan Mayer / Stanford University It?s easy to be cynical about government surveillance. In recent years, a parade of Orwellian disclosures have been making headlines. The FBI, for example, is hacking into computers that run anonymizing software. The NSA is vacuuming up domestic phone records. Even local police departments are getting in on the act, tracking cellphone location history and intercepting signals in realtime. Perhaps 2014 is not quite 1984, though. This course explores how American law facilitates electronic surveillance?but also substantially constrains it. You will learn the legal procedures that police and intelligence agencies have at their disposal, as well as the security and privacy safeguards built into those procedures. The material also provides brief, not-too-geeky technical explanations of some common surveillance methods. Course Syllabus I. Introduction We will begin with a brief overview of how surveillance fits into the American legal system. We will also discuss how surveillance issues can be litigated. II. The Basics of Surveillance Law Next, we will review established police surveillance procedures. Using telephone technology as a simple starting point, we will work through various sorts of data that investigators might seek to access?and the constitutional and statutory safeguards on that data. III. Applying Surveillance Law to Information Technology Having learned the basics, we will turn to more modern technologies. We will discuss snooping on email, web browsing, and mobile phone location, as well as hacking into devices. IV. Compelled Assistance to Law Enforcement What happens when data is technically protected? In this section, we will talk about the government?s (limited) ability to mandate backdoors and to require decryption. V. The Structure of Foreign Intelligence Surveillance Law The law that applies to foreign intelligence activities runs parallel to the law that applies to police activities. We will compare the two systems of law and review key distinctions. The section places particular emphasis on Section 215 of the USA PATRIOT Act, Section 702 of the FISA Amendments Act, and Executive Order 12333. VI. Controversial NSA Programs In the final section, we will review the conduct and legality of controversial National Security Agency programs. We will discuss in detail the domestic phone metadata program, PRISM, and ?upstream? Internet monitoring. < - > https://www.coursera.org/course/surveillance -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 2 11:59:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 12:59:19 -0500 Subject: [Infowarrior] - The Website Obesity Crisis Message-ID: The Website Obesity Crisis Let me start by saying that beautiful websites come in all sizes and page weights. I love big websites packed with images. I love high-resolution video. I love sprawling Javascript experiments or well-designed web apps. This talk isn't about any of those. It's about mostly-text sites that, for unfathomable reasons, are growing bigger with every passing year. While I'll be using examples to keep the talk from getting too abstract, I?m not here to shame anyone, except some companies (Medium) that should know better and are intentionally breaking the web..... < - > http://idlewords.com/talks/website_obesity.htm -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 2 14:30:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2016 15:30:13 -0500 Subject: [Infowarrior] - DISREGARD - Re: Stanford course: Surveillance Law In-Reply-To: <89F587F9-5545-4C24-AAFF-0AFE8BC93B0F@infowarrior.org> References: <89F587F9-5545-4C24-AAFF-0AFE8BC93B0F@infowarrior.org> Message-ID: Ooops, my error. This was for LAST year. I saw "January" and thought it was for 2016. Please pardon the confusion! -- It's better to burn out than fade away. > On Jan 2, 2016, at 12:58 PM, Richard Forno wrote: > > FYI, my Stanford CIS colleague (a securitylegalgeek rockstar) is offering a 6-week online course on surveillance law. Well worth checking out, if you're able and/or interested! -- rick > > Surveillance Law > > Learn how police and intelligence agencies can access your data, and how the law (might) protect you! Hackers, attorneys, and concerned citizens are all welcome. > > 6 weeks of study > 1-3 hours/week > English > Jonathan Mayer / Stanford University > > It?s easy to be cynical about government surveillance. In recent years, a parade of Orwellian disclosures have been making headlines. The FBI, for example, is hacking into computers that run anonymizing software. The NSA is vacuuming up domestic phone records. Even local police departments are getting in on the act, tracking cellphone location history and intercepting signals in realtime. > > Perhaps 2014 is not quite 1984, though. This course explores how American law facilitates electronic surveillance?but also substantially constrains it. You will learn the legal procedures that police and intelligence agencies have at their disposal, as well as the security and privacy safeguards built into those procedures. The material also provides brief, not-too-geeky technical explanations of some common surveillance methods. > > Course Syllabus > > I. Introduction > We will begin with a brief overview of how surveillance fits into the American legal system. We will also discuss how surveillance issues can be litigated. > > II. The Basics of Surveillance Law > Next, we will review established police surveillance procedures. Using telephone technology as a simple starting point, we will work through various sorts of data that investigators might seek to access?and the constitutional and statutory safeguards on that data. > > III. Applying Surveillance Law to Information Technology > Having learned the basics, we will turn to more modern technologies. We will discuss snooping on email, web browsing, and mobile phone location, as well as hacking into devices. > > IV. Compelled Assistance to Law Enforcement > What happens when data is technically protected? In this section, we will talk about the government?s (limited) ability to mandate backdoors and to require decryption. > > V. The Structure of Foreign Intelligence Surveillance Law > The law that applies to foreign intelligence activities runs parallel to the law that applies to police activities. We will compare the two systems of law and review key distinctions. The section places particular emphasis on Section 215 of the USA PATRIOT Act, Section 702 of the FISA Amendments Act, and Executive Order 12333. > > VI. Controversial NSA Programs > In the final section, we will review the conduct and legality of controversial National Security Agency programs. We will discuss in detail the domestic phone metadata program, PRISM, and ?upstream? Internet monitoring. > > < - > > > https://www.coursera.org/course/surveillance > > -- > It's better to burn out than fade away. > From rforno at infowarrior.org Mon Jan 4 10:24:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2016 11:24:38 -0500 Subject: [Infowarrior] - =?utf-8?q?OT=3A_Why_aren=E2=80=99t_we_calling_the?= =?utf-8?b?IE9yZWdvbiBvY2N1cGllcnMg4oCYdGVycm9yaXN0cz/igJk=?= Message-ID: (Some are calling them radical Fringe YeeHawdis. -- rick) https://www.washingtonpost.com/news/the-fix/wp/2016/01/03/why-arent-we-calling-the-oregon-militia-terrorists/?hpid=hp_rhp-top-table-main_fixoregon-6am:homepage/story Why aren?t we calling the Oregon occupiers ?terrorists?? https://www.facebook.com/janell.ross.549 Ammon Bundy and a group of armed supporters, including his brother Ryan, took over the an Ore. wildlife refuge over the weekend. Here's a look at the Bundy family's history of anti-government actions. As of Sunday afternoon, The Washington Post called them "occupiers." The New York Times opted for "armed activists" and "militia men." And the Associated Press put the situation this way: "A family previously involved in a showdown with the federal government has occupied a building at a national wildlife refuge in Oregon and is asking militia members to join them." Not one seemed to lean toward terms such as "insurrection," "revolt," anti-government "insurgents" or, as some on social media were calling them, "terrorists." When a group of unknown size and unknown firepower has taken over any federal building with plans and possibly some equipment to aid a years-long occupation ? and when its representative tells reporters that they would prefer to avoid violence but are prepared to die ? the kind of almost-uniform delicacy and the limits on the language used to describe the people involved becomes noteworthy itself. It is hard to imagine that none of the words mentioned above ? particularly "insurrection" or "revolt" ? would be avoided if, for instance, a group of armed black Americans took possession of a federal or state courthouse to protest the police. Black Americans outraged about the death of a 12-year-old boy at the hands of police or concerned about the absence of a conviction in the George Zimmerman case have been frequently and inaccurately lumped in with criminals and looters, described as "thugs," or marauding wolf packs where drugs are, according to CNN's Don Lemon, "obviously" in use. Oregon's Malheur National Wildlife Headquarters was occupied Saturday, Jan. 2, by a group of activists protesting the federal prosecution of two ranchers, slated to report to prison Monday on arson charges. (Reuters) If a group of armed Muslims took possession of a federal building or even its lobby to protest calls to surveil the entire group, it's even more doubtful they could avoid harsher, more-alarming labels. In fairness to those assembled in Oregon, it is true that there have been no reports of actual violence, injury or anyone being held inside the Oregon building against their will. And in the interim, some may feel particularly inclined to take real care with the language used to describe the situation so as not to inflame it or offend people who, in some cases, have already been troubled by the decision to charge a father and son pair of ranchers with arson under the Antiterrorism and Effective Death Penalty Act of 1996. The charge not only carries what many of the rancher's supporters believe to be an unjust five-year jail term but; it brings the very same t-word into the mix. For those who know the father and son ? Dwight Hammond Jr. and his son, Steven Hammond ? personally, it is understandable that they would disagree vehemently with any government action that implies that the men they know as engaged members of the community are terrorists. But one really cannot help but wonder where similar outrage lives when, in the face of clear data indicating that black Americans are far more likely than white ones to face serious charges and jail time rather than misdemeanor penalties for resisting arrest. Where has the lock-step adherence to careful and delicate language been in all of 2015 when unarmed black Americans were disproportionately more likely to be killed by police than others? Beyond that seeming incongruity, the Hammonds are not among the occupiers. The man who has helped to organize the building occupation in Oregon is Ammon Bundy. Bundy is the son of Cliven Bundy, a Nevada rancher who engaged in a standoff in 2014 with the government over grazing rights. And the younger Bundy has, again, described the occupiers as "armed" and prepared to die. The armed occupation of a federal building might be what Bundy considers an assertion of rights and a mere gathering in a taxpayer-financed space. But it would seem to contain the real risk of violence, serious injury or even death. Deliberate language choices are always a wise and reasonable move. That is especially true when telling stories of conflict with government and political protests. But the incredibly limited and relatively soft range of words in wide use Sunday seems to extend beyond all of that. The descriptions of events in Oregon appear to reflect the usual shape of our collective assumptions about the relationship between race and guilt ? or religion and violent extremism ? in the United States. White Americans, their activities and ideas seem always to stem from a font of principled and committed individuals. As such, group suspicion and presumed guilt are readily perceived and described as unjust, unreasonable and unethical. You will note that while the group gathered in Oregon is almost assuredly all or nearly all white, that has scarcely been mentioned in any story. You will note that nothing even close to similar can be said about coverage of events in Missouri, Maryland, Illinois or any other place where questions about policing have given way to protests or actual riots. You will note the extended debate about whether admitted Charleston shooter Dylann Roof's apparently racially motivated shooting spree was an act of terrorism or even violent racism and the comparatively rapid way that more than one news organization began hinting at and then using terms such as Islamic extremism to describe the mass shooting in San Bernardino, Calif. The sometimes-coded but increasingly overt ways that some Americans are presumed guilty and violence-prone while others are assumed to be principled and peaceable unless and until provoked ? even when actually armed ? is remarkable. Janell Ross is a reporter for The Fix who writes about race, gender, immigration and inequality. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 4 10:28:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2016 11:28:56 -0500 Subject: [Infowarrior] - How 'Do Not Track' Ended Up Going Nowhere Message-ID: How 'Do Not Track' Ended Up Going Nowhere Dawn Chmielewski http://recode.net/2016/01/04/how-do-not-track-ended-up-going-nowhere/ Back in 2010, the Federal Trade Commission pledged to give Internet users the power to determine if or when websites were allowed to track their behavior. With just a few clicks, the FTC?s Do Not Track initiative promised to let consumers opt out of having any of their online data hoovered up by just about anyone on the Internet. It would be easy for consumers to find and use, be persistent (and not be overridden when consumers update their browsers), apply universally to anyone who tracks consumer activities online and be enforceable, according to former FTC Chairman Jon Leibowitz?s Senate Commerce Committee testimony in 2012. But five years out, the same agency whose Do Not Call initiative failed to stop unwanted telemarketing calls, once again has little to show for its efforts to control tracking on the Web. Last month, two members of Congress resurrected the plan. Sen. Ed Markey, D-Mass., and Sen. Richard Blumenthal, D-Conn.,filed a bill that seeks to finish what the FTC started ? giving consumers control over their personal information online and preventing companies from collecting data when users don?t want to be tracked. ?Consumers need this protection against invasive tracking ? companies that collect private, sensitive information with every online click,? Blumenthal said in a statement. ?The ?Do Not Track Act? prevents privacy abuse and gives back control over personal lives online. People deserve to be empowered to stop trackers who collect and store their personal, private information.? Alex Wong/Getty Images Former Federal Trade Commission Chairman Jon Leibowitz Good luck with that. We thought it would be instructive to review just how the best intentions of FTC?s Do Not Track initiative went so wrong. The industry group that set out to define how Do Not Track would work has yet to finalize a standard, despite years of meetings and thousands of emails. Meanwhile, key players ? including groups representing the online ad community and consumers ? have abandoned the effort. And the FTC, the government?s leading consumer privacy watchdog, seems to have lost interest altogether since Leibowitz resigned in 2013. ?Why did we bow out of standards setting? I just didn?t think we were getting anywhere,? said John Simpson, privacy director of the Santa Monica-based the nonprofit group Consumer Watchdog. In reaction to numerous media reports, and notably the Wall Street Journal?s ?What They Know? series, which exposed the sinister and largely invisible practice of tracking users online, the FTC leapt into action in 2010. But the strategy was flawed from the start. By tapping the World Wide Web Consortium, an organization that sets standards for the Web, to work out the details for implementing Do Not Track, the FTC relied on a group dominated by powerful Internet companies. These companies included Google, Facebook and Yahoo, whose businesses depend on online advertising, which require the precision tracking of users. To put it another way, that?s like Sony Pictures inviting the North Koreans to run vulnerability tests on its computer networks. It?s of little surprise, then, that the Consortium, which created a working group that initially involved representatives from technology, advertising and publishing ? found a way to make life difficult for everyone but the biggest Internet players. ?Incredibly, the same big players who hijacked the process could make this one-sided policy a de facto global standard. This gives them a data advantage through tricks and traps, not product innovation,? said David Wainberg, privacy counsel for AppNexus, an ad-tech company. The proposed a set of rules released last August for public comment allow Internet publishers with a direct relationship with consumers ? say, Facebook or Google ? to remember who you are, what you looked at and what you did while on their sites, so long as they don?t pass the information along to third parties. Third parties, such as independent ad networks, would be required to ?treat you as someone about whom they know nothing and remember nothing.? That brought immediate criticism from third-party ad tech companies like AppNexus, which said the Do Not Track standards put them at a competitive disadvantage, because they?ll be forced to abide by stricter privacy rules than giant rivals like Google or Facebook. ?The Do Not Track debate has put us in an uncomfortable position,? Wainberg said. ?In opposing the Do Not Track policy, people can characterize us as anti-privacy. What we do not want [are] policies that tilt the competitive playing field, especially without a commensurate privacy benefit for users.? Some members of the U.S. Congress agreed, writing the World Wide Web Consortium to criticize the proposed rules as giving unfair competitive advantage to some Internet players while failing to deliver on the promise of protecting consumer privacy. It urged the group in October to ?re-examine the proposal.? A spokesperson for the consortium did not respond to a request last week seeking comment. There were plenty of signs that Do Not Track was going off the rails long before Markey and Sen. Al Franken, D-Minn., weighed in. The Digital Advertising Alliance, a consortium of the biggest advertising firms and online ad tech companies, including Omnicom MediaGroup, BrightRoll and TubeMogul, withdrew from the process in frustration in September 2013. It said it would develop its own solution ? a system that would allow consumers to opt out of targeted advertising. ?After more than two years of good-faith effort and having contributed significant resources, the DAA no longer believes that the [working group] is capable of fostering the development of a workable ?do not track? solution,? wrote Lou Mastria of the Digital Advertising Alliance. The California-based advocacy group Consumer Watchdog similarly abandoned work on Do Not Track about a year and a half ago because the recommended standards would be voluntary ? so therefore, in its view, toothless. Online companies would have little incentive to honor a consumer?s Do Not Track request. ?The standard they?ve come up with I don?t think is strong enough, it?s loophole-laden and there?s nothing to make a company do it,? said Consumer Watchdog?s Simpson. The Electronic Frontier Foundation, which was also a member of the task force, took matters into its own hands. It released a final version of a free plugin called the Privacy Badger for Firefox and Chrome browsers in August. Whenever a user turns on Do Not Track within the browser setting, Privacy Badger acts as an enforcer ? it scans any website to determine if the publisher has agreed to honor this privacy request. If it can?t find a policy, it scans for third-party scripts that appear to be tracking ? and blocks them. ?At the core of our project is the protection of users? reading habits and browsing history,? the EFF wrote in introducing Privacy Badger. ?And a conviction that this is personal information that should not be accessed without consent.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 4 11:29:53 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2016 12:29:53 -0500 Subject: [Infowarrior] - =?utf-8?q?EFF_Confirms=3A_T-Mobile=E2=80=99s_Bing?= =?utf-8?q?e_On_Optimization_=3D_Throttling_All_Video?= Message-ID: <19508CFE-837A-4131-8A05-DD94EA579281@infowarrior.org> EFF Confirms: T-Mobile?s Binge On Optimization is Just Throttling, Applies Indiscriminately to All Video https://www.eff.org/deeplinks/2016/01/eff-confirms-t-mobiles-bingeon-optimization-just-throttling-applies -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 4 13:50:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2016 14:50:42 -0500 Subject: [Infowarrior] - Homeland Security Admits It Seized A Hip Hop Blog For Five Years Despite No Evidence Of Infringement; RIAA Celebrates Message-ID: <84F985ED-17AF-4797-BFB5-FB873DB80638@infowarrior.org> Homeland Security Admits It Seized A Hip Hop Blog For Five Years Despite No Evidence Of Infringement; RIAA Celebrates https://www.techdirt.com/articles/20160103/21353133232/homeland-security-admits-it-seized-hip-hop-blog-five-years-despite-no-evidence-infringement-riaa-celebrates.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 4 17:32:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2016 18:32:57 -0500 Subject: [Infowarrior] - =?utf-8?q?A_Redaction_Re-Visited=3A_NSA_Targeted_?= =?utf-8?q?=E2=80=9CThe_Two_Leading=E2=80=9D_Encryption_Chips?= Message-ID: <5D441AD1-9076-4B0E-9F2C-95E49DB18E07@infowarrior.org> A Redaction Re-Visited: NSA Targeted ?The Two Leading? Encryption Chips Glenn Greenwald Jan. 4 2016, 5:47 p.m. https://theintercept.com/2016/01/04/a-redaction-re-visited-nsa-targeted-the-two-leading-encryption-chips/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 5 12:54:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2016 13:54:40 -0500 Subject: [Infowarrior] - Data Security and Breach Notification Legislation: Selected Legal Issues Message-ID: <11F74A8E-EBF5-4339-8274-0824463E3361@infowarrior.org> Data Security and Breach Notification Legislation: Selected Legal Issues Alissa M. Dolan Legislative Attorney December 28, 2015 http://www.fas.org/sgp/crs/misc/R44326.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 6 07:27:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2016 08:27:01 -0500 Subject: [Infowarrior] - US Copyright Office Asks For Public Comments On DMCA's Notice And Takedown Message-ID: <18D4EC7C-B383-43E8-84F8-495971AD7228@infowarrior.org> US Copyright Office Asks For Public Comments On DMCA's Notice And Takedown from the well,-this-ought-to-be-interesting dept https://www.techdirt.com/articles/20151231/16544133215/us-copyright-office-asks-public-comments-dmcas-notice-takedown.shtml On New Year's Eve, the US Copyright Office dropped a bit of a surprise, asking for public comment on the DMCA's Section 512 safe harbor provisions -- which are probably better known as the "notice and takedown" provisions: The United States Copyright Office is undertaking a public study to evaluate the impact and effectiveness of the DMCA safe harbor provisions contained in 17 U.S.C. 512. Among other issues, the Office will consider the costs and burdens of the notice-and-takedown process on large- and small-scale copyright owners, online service providers, and the general public. The Office will also review how successfully section 512 addresses online infringement and protects against improper takedown notices. To aid in this effort, and to provide thorough assistance to Congress, the Office is seeking public input on a number of key questions. You can see the full Notice of Inquiry (also embedded below). What comes out of this may certainly be interesting, but it's not difficult to predict that there will be two huge piles of responses that are more or less diametrically opposed: a group of content creators who are obsessed with the fact that they have to send takedown notices and that their works still keep popping up will complain about all of this, and say that the notice and takedown process is too onerous for content creators, and that we should move instead to a world where platforms have to pro-actively monitor things, such as with a "notice and staydown" procedure. On the flip side, you'll have plenty of people and internet platforms talking about how onerous things are from the other side: platforms are inundated with piles of requests, many of which are completely bogus, but which companies often feel compelled to take down to avoid liability. And end users face tons of censorship due to bogus and abusive takedowns. The Copyright Office has historically come down on the side of copyright maximalists, so it wouldn't surprise me to see that the end result of this process is them suggesting more liability and responsibilities for internet platforms -- in part because they have absolutely no clue what a disaster that would be for content creators themselves. People who want to put more burdens on platforms think that this somehow helps content creators, but the opposite is true. It will mean fewer online platforms serving content creators, because the burdens will be too high. It will further entrench the large players and limit new upstarts, innovators and competitors. If you decide to submit your own comments -- and I suggest you do -- I would hope that you focus on these "unintended" consequences of mucking with the system in the direction of further burdening these services that seem to be doing a pretty good job serving most content creators and internet users. https://www.techdirt.com/articles/20151231/16544133215/us-copyright-office-asks-public-comments-dmcas-notice-takedown.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 6 09:35:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2016 10:35:09 -0500 Subject: [Infowarrior] - DoD Seeks FOIA Exemption for Military Doctrine Message-ID: <5853321B-306D-414B-9624-2F4BD3D546BA@infowarrior.org> DoD Seeks FOIA Exemption for Military Doctrine http://fas.org/blogs/secrecy/2016/01/dod-foia-doctrine/ The Department of Defense proposed a new exemption from the Freedom of Information Act last year for information on unclassified ?military tactics, techniques and procedures.? The measure was not adopted by Congress in the FY 2016 defense authorization act, but DoD is preparing to pursue it again this year. The proposal that was submitted to Congress last year would have exempted from disclosure military doctrine that ?could reasonably be expected to risk impairment of the effective operation of the armed forces? and that had not already been publicly disclosed. ?The effectiveness of any United States military operation is dependent upon the enemy not having knowledge of how U.S. military forces will be used,? DoD stated in its justification for the exemption. ?Commanders need to have all advantages at their disposal to be successful on the battlefield; if the enemy has knowledge of the tactics, techniques, or procedures that will be used, a crucial advantage is lost and success of the operation and the lives of U.S. military forces are seriously jeopardized.? DoD claimed that it would have been able to exercise this withholding authority until 2011, when a Supreme Court ruling in the case Milner v. Department of the Navy?significantly narrowed? the scope of FOIA Exemption 2. ?This proposal would reinstate that protection to ensure effective operation of U.S. military forces and to save lives.? The first thing to say about the proposed DoD FOIA exemption is that, given the realities of government information security today, any prudent military commander would have to assume that the adversary already possesses the unclassified military doctrine documents that the exemption would protect from public disclosure. The government has repeatedly been unable to protect many types of information of much higher sensitivity. If that were not the case, the proposed DoD exemption would make sense up to a point. But it stops making sense where DoD ?tactics, techniques and procedures? are themselves the focus of appropriate public attention. For example, U.S. techniques for the interrogation of detained persons have been the subject of intense public controversy as to whether they are illegal or inhumane. Likewise, offensive cyber operations involve important public policy questions that go beyond the tactical interests of the military. The DoD proposal does not appear to make allowance for mandatory FOIA disclosure in such compelling cases. In another even more ambitious proposed FOIA amendment, DoD last year sought to nullify the 2011 Supreme Court decision in Milner altogether, and to reinstate the pre-Milner status quo with its more expansive withholding authority. ?The effect of the decision in Milner is that it exposes for public release certain critical information previously interpreted as being exempt from disclosure under the ?High 2? exemption,? the DoD proposal explained. ?The Administration believes that, following the Supreme Court?s decision, there is a critical gap in the exemptions in the current FOIA statute. This proposal is designed to close that critical gap.? Both DoD FOIA proposals ? the specific exemption for unclassified tactics, techniques and procedures, and the broad nullification of the Milner decision ? were excluded by Congress from the FY 2016 defense authorization act ?due to jurisdictional concerns and process issues (but not content issues),? according to an internal DoD planning document. But both are expected to be presented again this year. DoD will advance its proposed FOIA exemption for military doctrine, while the proposed Milneramendment, with its government-wide implications, has been transferred to the Department of Justice for separate submission to Congress. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 6 17:00:04 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2016 18:00:04 -0500 Subject: [Infowarrior] - GQ And Forbes Go After Ad Blocker Users Message-ID: <128B9B10-C837-4E36-B44F-1C0F9C9C747A@infowarrior.org> GQ And Forbes Go After Ad Blocker Users Rather Than Their Own Shitty Advertising Inventory https://www.techdirt.com/articles/20151229/08111133184/gq-forbes-go-after-adblocker-users-rather-than-their-own-shitty-advertising-inventory.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 6 17:50:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2016 18:50:54 -0500 Subject: [Infowarrior] - Time Warner Cable Warns Some Customer Email Addresses, Passwords May Be Compromised Message-ID: <3FB83D51-D5D7-4B57-98A5-10C805A20497@infowarrior.org> Time Warner Cable Warns Some Customer Email Addresses, Passwords May Be Compromised January 6, 2016 4:29 PM http://newyork.cbslocal.com/2016/01/06/time-warner-cable-data/ NEW YORK (CBSNewYork) ? Time Warner Cable warned customers Wednesday that their personal information ? including account passwords ? may have been compromised. The cable operator was notified recently by the FBI that some customer email addresses and account passwords might have been compromised, according to a notice issued Wednesday afternoon. The compromise was not believed to be related to any Time Warner Cable systems or processes, and there was no evidence of a breach in Time Warner?s systems, the company said. Time Warner Cable believes the addresses were previously stolen from non-Time Warner Cable sources and might have been sold, along with email addresses for customers of other providers. Time Warner said it is working to reach out to the customers who might have been affected, and will advise them to change their passwords using a ?strong, unique alternative.? Approximately 320,000 customers throughout the markets that Time Warner serves could be impacted, Time Warner said. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 7 06:16:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2016 07:16:00 -0500 Subject: [Infowarrior] - FBI Turns 18-Year-Old With An IQ Of 51 Into A Terrorist Message-ID: FBI Turns 18-Year-Old With An IQ Of 51 Into A Terrorist; Dumps Case Into Laps Of Local Prosecutors from the truly,-the-A-bomb-drop-of-the-War-on-Terror dept Another would-be terrorist is in the hands of law enforcement, thanks to a joint effort by the FBI and the St. Clair (Alabama) Sheriff's Department. (h/t The Free Thought Project) An Alabama prosecutor says an 18-year-old has been charged with soliciting or providing support for an act of terrorism, though details of the case aren't being released. St. Clair County District Attorney Richard Minor said Tuesday that 18-year-old Peyton Pruitt of St. Clair County was arrested and charged Friday. County Judge Alan Furr set Pruitt's bail at $1 million and refused to lower it, despite evidence surfacing that the young man is developmentally-disabled (IQ estimated at 52-58, last tested at 51) and the total amount of "support" was "less than $1,000" -- a Class C felony, which normally results in much lower bail amounts. (The guidelines in the state's criminal procedure rules suggest a $5,000-$15,000 range, although judges are free to depart from this recommendation.) Judge Alan Furr must not like alleged terrorist sympathizers. Two accused murderers and a teacher charged with sexual misconduct involving a student who previously faced Judge Furr combined for less than half the amount set for Pruitt ($450,000). This is the dangerous terrorist now behind bars. Witnesses, friends and family members uniformly described Pruitt as a "child" - a teenager with an IQ of 51 who cannot tie his own shoes, soils his clothes, has little verbal skills and lacks the ability to distinguish reality from fantasy. The FBI, which has never shown any reluctance to trumpet its ability to push mentally-challenged people towards acts of terrorism, doesn't have much to say about this particular bust. It seems content to let local law enforcement run with this one, bringing state charges rather than federal. But it's still behind the elevation of Pruitt from a guy who needs assistance using the restroom to a guy who provides assistance to enemies of the United < - > https://www.techdirt.com/articles/20151229/14333133193/fbi-turns-18-year-old-with-iq-51-into-terrorist-dumps-case-into-laps-local-prosecutors.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 7 18:38:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2016 19:38:14 -0500 Subject: [Infowarrior] - White House, Silicon Valley to hold summit on militants' social media use Message-ID: White House, Silicon Valley to hold summit on militants' social media use By Dustin Volz and Mark Hosenball http://www.reuters.com/article/us-usa-security-tech-idUSKBN0UL2H320160107 WASHINGTON Senior White House officials and U.S. intelligence and law enforcement figures will meet with Silicon Valley executives on Friday to discuss how to counter the use of social media by militant groups, sources familiar with the meeting said on Thursday. In an escalation of pressure on technology firms to do more to combat online propaganda from groups such as Islamic State, the meeting follows attacks in Paris and San Bernardino, California, that underscored the role played by social media companies such as Twitter Inc, Alphabet Inc's YouTube and Facebook Inc. Invited participants include White House Chief of Staff Denis McDonough, presidential counterterrorism adviser Lisa Monaco, Attorney General Loretta Lynch, FBI Director James Comey, National Intelligence Director James Clapper and National Security Agency Director Mike Rogers, one of the sources said. A source familiar with the meeting said it would focus on social media content, not encrypted communications, another topic of discussion between Silicon Valley and the White House. Twitter, Apple Inc, Facebook and Google are attending, the companies said. Several other Internet firms, including Microsoft Corp and Dropbox, are expected to attend, according to those familiar with the meeting. Most companies are expected to send high-ranking executives, but not their chief executive officers. An administration announcement is expected following the conclusion of the summit, according to a source. Twitter last week updated its policies for policing its content to explicitly prohibit "hateful conduct." Other websites have similarly updated and clarified their abuse policies within the past 18 months. The meeting agenda covers how to make it harder for militants to recruit and mobilize followers on social media, as well as helping ordinary users create, publish and amplify content that can undercut groups like Islamic State. The meeting also will touch on how technology can be used to disrupt paths to violent radicalization and identify recruitment patterns, and how to make it easier for law enforcement and intelligence agencies to identify militant operatives. The Obama administration "has been clear about the importance of government and industry working together to confront terrorism, but we do not have any specific meetings to announce or preview at this time," a senior official said. Amid rising public concern about the potential for more attacks, President Barack Obama in a speech in December said, "I will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice." Tech firms have been increasingly cooperative, taking down content viewed as capable of inciting violence or recruiting militants. But those same firms are often reluctant to appear too cozy with government investigators, a concern that grew after Edward Snowden disclosed wide government surveillance. (Reporting by Dustin Volz and Mark Hosenball; Editing by Kevin Drawbaugh, Will Dunham and Lisa Shumaker) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 8 06:37:04 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2016 07:37:04 -0500 Subject: [Infowarrior] - USG meeting agenda for Silicon Valley today Message-ID: <3C283E7A-6A1B-4BA8-BBB2-2AEAD4D8AE97@infowarrior.org> Note III-d does not mention the controversial "e" word (encryption) but you know that's exactly what will be covered. --rick http://www.theguardian.com/technology/2016/jan/07/white-house-summit-silicon-valley-tech-summit-agenda-terrorism U.S. Government Meeting with Technology Executives on Counterterrorism I. Introductions II. Setting the stage a. Purpose of Meeting b. Unclassified background on terrorist use of technology, including encryption III. Core Discussion Areas a. How can we make it harder for terrorists to leveraging the internet to recruit, radicalize, and mobilize followers to violence? b. How can we help others to create, publish, and amplify alternative content that would undercut ISIL? c. In what ways can we use technology to help disrupt paths to radicalization to violence, identify recruitment patterns, and provide metrics to help measure our efforts to counter radicalization to violence? d. How can we make it harder for terrorists to use the internet to mobilize, facilitate, and operationalize attacks, and make it easier for law enforcement and the intelligence community to identify terrorist operatives and prevent attacks? IV. Questions or other issues raised by Technology Companies V. Next Steps -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 8 11:22:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2016 12:22:12 -0500 Subject: [Infowarrior] - IoT Overkill (Bluetooth pregnancy test) Message-ID: <8D5B72D8-2CE7-4FA6-991C-D4CFF0ACF357@infowarrior.org> (Wonder if v2 will integrate with Tinder, Twitter, and Facebook? That said, I'm also wondering how bad its ToS/privacy policy is! -- rick) First Response unveils Bluetooth pregnancy test Edward C. Baig, USA TODAY 12:48 p.m. EST January 6, 2016 LAS VEGAS ? For most women trying to conceive, taking a pregnancy test is an anxious and emotional experience. The same goes for women taking a test who don?t want to be pregnant. Church & Dwight?s First Response Pregnancy Pro Digital Test & App Access launching here at CES ? it?s billed at the first ever smart Bluetooth pregnancy test ? attempts to calm nerves and give a woman a personalized experience throughout the entire process. It's one of the many everyday household products that have smart, Internet-connected functions. The Internet of Things has shown explosive growth over the past year, and companies' forays into these Web-connected devices, from connected fridges to cars to beds, are on display at the huge electronics show in Las Vegas this year. This high-tech First Responder's test communicates via Bluetooth with a companion app on an iPhone or Android device. The app lets the woman know right off the bat if the test is working properly, and gives her instructions on how to proceed. The stick turns on when it is removed from its wrapper, though a woman will then have to tap a button to sync it up with the app. < - > http://www.usatoday.com/story/tech/news/2016/01/06/first-response-unveils-bluetooth-pregnancy-test/78359304/ From rforno at infowarrior.org Sat Jan 9 15:05:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jan 2016 16:05:08 -0500 Subject: [Infowarrior] - Pirates Fail to Prevent $38 Billion Box Office Record Message-ID: Pirates Fail to Prevent $38 Billion Box Office Record - TorrentFreak By Ernesto https://torrentfreak.com/pirates-fail-to-prevent-38-billion-box-office-record-160109/ Hollywood tends to leave no opportunity unused in its quest to show that online piracy is devastating the movie industry. However, this supposed devastation is not visible at the box office this year. In 2015 worldwide box office grosses surpassed $38 billion, while North American theaters raked in more that $11 billion for the first time in history. Today, watching pirated movies is arguably easier than it has ever been before. Pirates can choose from hundreds of torrent, streaming and direct download sites, and there are dedicated applications that allow people to stream the latest blockbusters without paying a cent. Movie industry insiders are doing whatever they can to contain piracy. This appears to be a near impossible task as many unauthorized sites and services are operated by anonymous owners. As a result the MPAA and other groups warn that hundreds of thousands of jobs are at stake, while the economy is losing billions due to piracy. Illegal downloads, they say, are slowly killing their creative industry. Interestingly, these stark warnings are not reflected in last year?s box office revenues. Recent numbers show that the movie industry just broke the magic $11 billion barrier, generating more revenue than ever before at the North American box office. The revenue for 2015 totals $11.3 billion, which is roughly a 9% change compared to last year. The worldwide grosses also reached an all-time record according to research from Rentrak, which estimates the global grosses at a staggering $38 billion based on data from 25,000 theaters across the globe. Another sign that business is going well, at least for some, is the increase in the number of tickets that were sold. In 2015 theaters increased their ticket sales by more than 5% in North America. Of course, the above doesn?t prove that illegal downloads have no effect at all. It could be that the movie industry would make even more money if all pirate sites disappeared overnight, as some studies suggest. Also, the movie industry isn?t by any means limited to the box office. DVD sales and various streaming platforms impact the bigger picture as well. That said, piracy has certainly not destroyed the movie business just yet. There are still plenty of people who are going to the movie theater to pay for their entertainment. Perhaps pirates should up their game? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 11 06:22:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2016 07:22:52 -0500 Subject: [Infowarrior] - How Mickey Mouse Evades Public Domain Message-ID: <2A0162D8-858C-4C2D-87A5-960BFB42B4D8@infowarrior.org> How Mickey Mouse Evades Public Domain by Barry Ritholtz - January 10th, 2016, 5:00pm http://www.ritholtz.com/blog/2016/01/how-mickey-mouse-evades-public-domain/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 11 06:35:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2016 07:35:50 -0500 Subject: [Infowarrior] - Map Shows Power Outages Caused by Cyber-Terrorist Squirrels Message-ID: The key question: Did Ted Koppel, that self-described enlightened SCADA/ICS cybersecurity expert[1], contact any squirrel experts, when penning his latest tome? -- rick This Map Shows Power Outages Caused by Cyber-Terrorist Squirrels http://gizmodo.com/this-map-shows-power-outages-caused-by-cyber-terrorist-1752196261 [1] https://www.techdirt.com/articles/20151117/07350332835/ted-koppel-writes-entire-book-about-how-hackers-will-take-down-our-electric-grid-never-spoke-to-any-experts.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 11 17:08:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2016 18:08:02 -0500 Subject: [Infowarrior] - =?utf-8?b?U2F5IOKAnEN5YmVy4oCdIGFnYWlu4oCUQXJz?= =?utf-8?q?_cringes_through_CSI=3A_Cyber?= Message-ID: <04DDC77D-5839-4982-9FE1-22E8EB640A2D@infowarrior.org> Say ?Cyber? again?Ars cringes through CSI: Cyber CBS endangered cyber-procedural: Plane hacking! Software defined radio! White noise! OMG! by Sean Gallagher - Jan 11, 2016 5:50pm EST < - > http://arstechnica.com/the-multiverse/2016/01/say-cyber-again-ars-cringes-through-csi-cyber/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 11 18:51:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2016 19:51:43 -0500 Subject: [Infowarrior] - T-Mobile's Legere apologizes to EFF Message-ID: (I figured he'd *have* to say something about this bruhaha. --rick) Open Letter to Consumers about Binge On John Legere President and Chief Executive Officer https://newsroom.t-mobile.com/issues-insights-blog/open-letter-to-consumers-about-binge-on.htm Wow. What a week it has been out there about Binge On! Many of you have been speaking out on the topic from a number of perspectives and I have been listening closely. I debated with myself about letting this topic drop completely so everyone, consumers and our customers, could catch their breath ? but the discussion has gotten so convoluted that I had to do some follow-up to help clarify a few things before we can move on. < - > Look, by now you know that I am a vocal, animated and sometimes foul mouthed CEO. I don?t filter myself and you know that no one at T-Mobile filters me either (no, they don?t even try). That means I will sometimes incite a bit of a ?social media riot?, but I?m not going to apologize for that. I will however apologize for offending EFF and its supporters. Just because we don?t completely agree on all aspects of Binge On doesn?t mean I don?t see how they fight for consumers. We both agree that it is important to protect consumers' rights and to give consumers value. We have that in common, so more power to them. As I mentioned last week, we look forward to sitting down and talking with the EFF and that is a step we will definitely take. Unfortunately, my color commentary from last week is now drowning out the real value of Binge On ? so hopefully this letter will help make that clear again. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 12 19:18:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2016 20:18:06 -0500 Subject: [Infowarrior] - DNI emails/phone hacked Message-ID: <12404AC4-7639-4CE3-9B27-AFD4318C8293@infowarrior.org> (I can see the kid at his court hearing: "Did you hack his account?" Kid: "Not wittingly." --rick) http://thehill.com/policy/national-security/265623-spy-chiefs-personal-accounts-hacked-by-teen Spy chief hacked by same group that struck CIA head Julian Hattem A hacker appears to have broken into personal accounts of the nation?s top spy chief. The reported teenager is part of the group that hacked into CIA Director John Brennan?s personal emails last year and is using the new access for pro-Palestinian activism. According to Vice Motherboard, which broke the news on Tuesday, the hacker claimed to have broken into a personal email and phone account of Director of National Intelligence James Clapper and his wife. The hacker, ?Cracka,? appears to have changed the settings on Clapper?s home phone to redirect all incoming calls to the Free Palestine Movement. The hacker also gave Vice a list of call logs to Clapper?s home number and what they claimed were screenshots from his wife?s email account. ?I just wanted the gov to know people aren?t fucking around, people know what they're doing and people don?t agree #FreePalestine,? Cracka told Vice. A spokesman for Clapper, Brian Hale, said that the spy office is ?aware of the incident and have reported it to the appropriate authorities.? Last year, hackers going by the name Crackas With Attitude or CWA broke into the personal AOL account of the CIA head, leading personally sensitive files such as his application for security clearance. The documents were posted on WikiLeaks, and contained personal information about Brennan and his family. Brennan was ?outraged? by the theft of information, he said in October. ?I certainly was concerned about what people might try to do with that information." -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 12 20:21:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2016 21:21:32 -0500 Subject: [Infowarrior] - =?utf-8?q?Apple=E2=80=99s_Tim_Cook_Lashes_Out_at_?= =?utf-8?q?White_House_Officials_for_Being_Wishy-Washy_on_Encryption?= Message-ID: <5048A776-698A-42A6-90FB-B05D51FD7C41@infowarrior.org> Apple?s Tim Cook Lashes Out at White House Officials for Being Wishy-Washy on Encryption Jenna McLaughlin Jan. 12 2016, 7:32 p.m. https://theintercept.com/2016/01/12/apples-tim-cook-lashes-out-at-white-house-officials-for-being-wishy-washy-on-encryption/ Apple CEO Tim Cook lashed out at the high-level delegation of Obama administration officials who came calling on tech leaders in San Jose last week, criticizing the White House for a lack of leadership and asking the administration to issue a strong public statement defending the use of unbreakable encryption. The White House should come out and say ?no backdoors,? Cook said. That would mean overruling repeated requests from FBI director James Comey and other administration officials that tech companies build some sort of special access for law enforcement into otherwise unbreakable encryption. Technologists agree that any such measure could be exploited by others. But Attorney General Loretta Lynch responded to Cook by speaking of the ?balance? necessary between privacy and national security ? a balance that continues to be debated within the administration. The exchange was described to The Intercept by two people who were briefed on the meeting, which the White House called to discuss a variety of counterterrorism issues with representatives from Apple, Facebook, Twitter, Cloudflare, Google, Drop Box, Microsoft, and LinkedIn. The Washington Post reported in September that the White House had decided not to pursue legislation against unbreakable encryption. But the intelligence community?s top lawyer was quoted in an email saying that that the administration should be ?keeping our options open?in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.? And Comey has been urging technology companies to voluntarily alter ?their business model? and stop offering end-to-end encryption by default. Despite the growing pressure tech companies are feeling from governments worldwide to stop letting terrorists take advantage of their services, Cook has continued to defend the importance of encryption in protecting all digital transactions?from text messages and e-mails to bank information and medical records. Cook has been outspoken in his opposition to the idea that we need to sacrifice privacy and digital security for the sake of public safety. During an episode of 60 Minutes on December 20, he said: ?We?re America, we should have both.? A White House briefing document for the meeting obtained by The Intercept noted that terrorists are using encrypted forms of communications ?where law enforcement cannot obtain the content of the communication even with court authorization.? The briefing asked if there might be ?high level principles? that Silicon Valley could agree on when it comes to terrorist use of encryption?and whether or not there are ?technologies? that ?could make it harder for terrorists to use the internet to mobilize, facilitate, and operationalize.? The document also asked how the government could better take advantage of ?unencrypted data? such as metadata?details about who is contacting who, when, and for how long?and whether or not there could be a good mechanism to ?preserve critical data? and hand it over the to law enforcement as quickly as possible?though it did not specify what that ?critical data? might be. Administration officials attending the meeting included White House Chief of Staff Denis McDonough, Lynch, Comey, Secretary of Homeland Security Jeh Johnson, NSA Director Michael Rogers, and Director of National Intelligence James Clapper. The Department of Justice and the FBI both declined to comment on the details of the meeting. The White House document distributed at the meeting offered ?classified briefings? to ?share additional information? about the way terrorists are using encryption?but it did not specify what those meetings would entail, or the terms of attending them, including any security clearances and non-disclosure agreements that would be necessary. The briefing document raised seemingly well-intentioned questions, such as whether or not there might be ?potential downsides or unintended consequences? of developing or altering existing technology to solve these problems. But technologists and cryptographers have been insisting for decades almost unanimously that trying to pierce impenetrable end-to-end encryption to provide the government with access would be more dangerous than beneficial. And you can?t put the genie back in the bottle. According to the Washington Post, Comey would only fly to San Jose to participate in the meeting if encryption was on the agenda. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 13 12:19:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2016 13:19:58 -0500 Subject: [Infowarrior] - White House poised to issue encryption policy Message-ID: <4388B334-E7A5-44E0-B72F-DF6A0CCCF798@infowarrior.org> White House poised to issue encryption policy By Cory Bennett - 01/13/16 06:00 AM EST http://thehill.com/policy/cybersecurity/265660-white-house-poised-to-issue-encryption-policy The Obama administration is poised to unveil its long-term policy vision on encryption amid a global debate sparked by the recent terror attacks in Paris and San Bernardino, Calif. Privacy advocates are urging the White House to take a strong stand in favor of encryption technologies, which protect online policy by preventing anyone ? including law enforcement ? from accessing private data. The FBI and other law enforcement agencies have called for guaranteed access to all encrypted communications. Without access, terrorists might freely be able to communicate, they have argued. It?s not clear where the administration will come down on the issue when it releases its policy statement, which is expected to explain what role the government should ? or shouldn?t ? play in regulating encryption. Publicly, the White House says it supports the use of strong encryption but understands the concerns raised by law enforcement. For the time being, officials have backed away from endorsing any legislative effort or mandate on tech companies. Whatever the administration decides in the coming weeks is likely to have a major effect on the decisions made by other governments. ?I think it?s enormously important because America does often set the standard in many areas,? said Rep. Ted Lieu (D-Calif.), one of Congress?s most prominent voices on encryption. ?I hope the White House will continue to push back against efforts for government to mandate backdoors into encryption systems.? Both sides have leaned on the White House to take a clear stance since the terror attacks in Paris and San Bernardino, which together claimed nearly 150 lives. The administration has been researching the topic, soliciting public comments and meeting with advocates on both sides of the debate. Law enforcement officials want companies to decrypt data upon request, a process the tech community claims would weaken encryption. A number of governments have sided with law enforcement. Britain, China, France and India have all either passed or are considering bills that critics say could restrict encryption. But privacy advocates and technologists are hoping the United States will follow the Netherlands, which last week took the world?s strongest stance in favor of robust encryption in recent years. The Dutch government announced it would reject any legislation that affected encryption, months after the country?s Parliament donated money to open-source encryption research. The move will let companies retain their ability to create devices with unbreakable encryption that locks out even law enforcement officials. No other government has gone as far as the Dutch. But experts say if the U.S. joins the Netherlands, it could shift global momentum on the issue. ?We do seem to be at a tipping point in the evolution of the Internet,? said Kevin Bankston, director of New America?s Open Technology Institute, who attended a December sit-down on encryption policy with top White House cybersecurity and technology officials. On Monday, hundreds of technologists, privacy advocates and industry groups appealed to governments worldwide to disavow any policy that could infringe on people?s ability to use robust encryption. ?Encryption tools, technologies and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access,? read an open letter signed by 195 experts, academics, organizations and companies in over 40 countries. Those behind the coalition view the Dutch government?s move last week as a possible turning point. The Netherlands could open the door for other governments to similarly reject any encryption-related legislation, they said. ?It?s actually really important how strong their statement was,? said Amie Stepanovich, U.S. policy manager at digital rights advocate Access, which helped organize Monday?s letter. ?It is possible this is the strongest government statement in favor of not interfering ? since the White House itself in 1999,? added Bankston, referencing the Clinton administration?s decision to drop any potential regulation of the export of strong encryption technology. Some believe the White House might join the Hague. They note that the White House recently dropped its proposals to mandate that law enforcement have access to encrypted devices. ?I hope this White House comes out and strongly says how encryption is important for our own national security and it?s important for our economy,? said Rep. Will Hurd (R-Texas), a former CIA agent specializing in cybersecurity operations who now chairs the House Oversight Committee?s subpanel on information technology. ?We need to be looking at ways to strengthen, not weaken it.? The world needs ?global leadership on this issue,? Bankston said, ?as we see more countries trying to move in the direction of trying to criminalize or otherwise interfere with encryption.? But the White House faces similar pressure from a number of other sides. Senate Intelligence Committee Chairman Richard Burr (R-N.C.) is leading a bipartisan charge for a bill that would require companies to maintain an encryption key that can unlock secure data when compelled by a warrant. House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) want to form a commission on technology challenges for law enforcement that would investigate other alternatives to help investigators access locked data. Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus with McCaul, would like to see the White House back the commission proposal. ?I think a commission at this point could be helpful in making sure that all the stakeholders have a seat at the table,? Langevin told The Hill. ?Maybe not everyone?s going to be 100 percent happy, but I know the status quo is not acceptable.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 14 10:33:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2016 11:33:47 -0500 Subject: [Infowarrior] - Rep Amash trying to repeal CISA Message-ID: <155B0582-195F-4751-B338-9C0CA11E98A4@infowarrior.org> Amash bill would repeal new cybersecurity law By Cory Bennett - 01/14/16 09:08 AM EST http://thehill.com/policy/cybersecurity/265852-amash-bill-would-repeal-new-cybersecurity-law Rep. Justin Amash (R-Mich.) on Wednesday introduced a bill to repeal a major cybersecurity bill signed into law just weeks ago. In a statement, the libertarian lawmaker called it ?the worst anti-privacy law since the USA Patriot Act.? Passed in December as part of the $1.1 trillion government spending bill, the Cybersecurity Act of 2015 gives businesses legal protections to encourage them to share more data on hacking threats with the government. Proponents ? including the White House ? argue the measure is needed to better understand and thwart the cyberattacks plaguing the public and private sectors. But privacy advocates and many tech companies say the bill will merely shuttle more private data on Americans to intelligence agencies. Detractors also take issue with the final negotiations that merged the House and Senate bills. Lawmakers combined the bills through unofficial meetings instead of the traditional conference process. Several House lawmakers have said they were forced into this process by senators who refused to appoint people to an official conference in an effort to stall the negotiations. ?The Cybersecurity Act was negotiated in secret by just a few members of Congress and added quietly to the 2,009-page omnibus to avoid scrutiny,? said Amash. ?Most representatives are probably unaware they even voted on this legislation.? ?We should repeal it as soon as possible,? he added. Joining Amash's effort is a bipartisan group of privacy-minded and civil liberties-focused co-sponsors including Reps. John Conyers Jr. (D-Mich.), Zoe Lofgren (D-Calif.), Thomas Massie (R-Ky.), Ted Poe (R-Texas) and Jared Polis (D-Colo.). -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 14 18:07:41 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2016 19:07:41 -0500 Subject: [Infowarrior] - Sanders' Campaign DMCAs Wikimedia For Hosting His Logos Message-ID: Bernie Sanders' Campaign DMCAs Wikimedia For Hosting His Logos from the wrong-on-so-many-levels dept https://www.techdirt.com/articles/20160114/15244433346/bernie-sanders-campaign-dmcas-wikimedia-hosting-his-logos.shtml What is it with political campaigns issuing totally bogus takedown notices? It happens all too frequently, especially with presidential campaigns. But the latest example may be the stupidest one we've seen to date. The folks at the Lumen Database (formerly Chilling Effects) alert us to the ridiculous news that Bernie Sanders' campain issued a bogus DMCA notice to the Wikimedia Foundation, because Wikimedia Commons has hosted some Sanders' logos. You can read the full takedown letter here, sent by a redacted lawyer at Garvey Schubert Barer, a firm that claims to have expertise in intellectual property law. If that's true, they sure don't show it in this letter. First of all, they're sending a DMCA notice, which only applies to copyright, but posting campaign logos is hardly copyright infringement. When you're talking about logos, at best you're talking trademark, but that's not an issue here either. Whether it's trademark or copyright, Wikimedia hosting campaign logos is clearly fair use. If they're really arguing copyright, then it's an easy fair use call. If it's trademark, there's no "use in commerce" on the Wikimedia side, and no likelihood of confusion. Either one is simply stupid to argue. Separately, these are campaign logos which are advertising for the campaign. What kind of clueless lawyer thinks the right move is to demand such things get taken down? And, then of course, there's the inevitable backlash over this. Presidential campaigns trying to censor people -- or worse, a site like Wikipedia -- is always going to backfire. It makes the campaign look thin-skinned, foolish and short-sighted. I'm guessing that if this makes enough news, the Sanders campaign will back down on this, and say it was an overzealous lawyer or some other such thing, but there's no reason such takedowns should ever be sent in the first place. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 14 18:10:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2016 19:10:23 -0500 Subject: [Infowarrior] - French Government Rejects Hardware Backdoor Amendment Message-ID: (Of course, many in DC here will continue to push for it, because of their FUD-dy and clueless views on technology, security, and risk. --rick) French Government Rejects Hardware Backdoor Amendment By Lucian ArmasuJanuary 14, 2016 3:50 PM - Source: Numerama | B 0 comment http://www.tomshardware.com/news/security-backdoor-amendment-rejected,31011.html#xtor=RSS-181 Axelle Lamaire, French Minister of Digital AffairsA few days ago an amendment to a proposed "Digital Republic" bill tried to ban strong encryption in France by forcing equipment manufacturers to build in decryption capability so that their devices could always be decrypted upon request. The amendment was written by a group of 18 politicians from the French Republican party, but it was rejected by the French government. Speaking on behalf of the government, Axelle Lemaire, who is the Minister for Digital Affairs and has also been promoting the main Digital Republic bill, said that the amendment would?ve brought "vulnerability by design" into products and everyone?s data would be less protected. The backdoor would allow other bad actors easier access to people?s data, even if the law enforcement?s intentions were good. She also argued that having to build these vulnerabilities into products would damage the companies? revenues as well as their credibility. Lemaire reminded everyone of the recent backdoor found in Juniper?s firewalls, which could only exist because the NSA backdoored a cryptographic standard a few years earlier -- one that Juniper ended up using. Lemaire said that allowing intelligence agencies to put vulnerabilities in products would lead to situations that are detrimental to the whole community. She also noted that Netherlands recently showed its commitment to encryption, implying that this is the direction France should go, too. The minister added that the Republicans were right to participate in the debate about the digital French republic, but their proposal is not the right solution. The Republicans? vice president withdrew the amendment but continued to defend the substance of the argument, that law enforcement needs access to encrypted devices. Lately, we?ve seen that some of the countries initially proposing backdoors and a ban of strong encryption or anonymity tools, including the U.S., France, and UK, have started to back down a little on this issue. However, it remains to be seen if the issue will be settled for good soon or whether they?ll keep asking for encryption backdoors whenever there?s a new opportunity to do so. Lucian Armasu is a Contributing Writer for Tom's Hardware. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 15 12:59:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2016 13:59:27 -0500 Subject: [Infowarrior] - =?utf-8?q?James_Comey=E2=80=99s_Default-Encryptio?= =?utf-8?q?n_Bogeyman?= Message-ID: <373BC7B2-5101-4C34-B8A8-1348C7231FA3@infowarrior.org> James Comey?s Default-Encryption Bogeyman By Riana Pfefferkorn Friday, January 15, 2016 at 12:15 PM https://www.justsecurity.org/28832/comeys-default-encryption-bogeyman/ FBI Director James Comey recently told the Senate Judiciary Committee that encryption routinely poses a problem for law enforcement. He stated that encryption has ?moved from being available [only] to the sophisticated bad guy to being the default. So it?s now affecting every criminal investigation that folks engage in.? This assertion may reflect a shift in the Director?s approach to trying to convince lawmakers to regulate the commercial availability of strong encryption. To date, the principal argument has been that encryption interferes with counterterrorism efforts. Federal officials asking for legislative intervention, or seeking to shame companies into maintaining security architectures that would not interfere with surveillance, generally invoke the fear of terrorist attacks. Such attacks, or the threat of them, can provoke cooperation or legislative action that would otherwise be difficult to effectuate. In August, for example, the intelligence community?s top lawyer suggested that a terror attack could be exploited to turn legislative opinion against strong encryption. And Comey?s testimony last month raised the specter of ISIL. He and other members of the intelligence community immediately mounted a full-court press against strong crypto following the tragedies in Paris and San Bernardino, even before investigators could conclude whether encrypted communications or devices played any role in either attack. Proponents of strong encryption have long been suspicious of the claim that encryption interferes with counterterrorism investigations. Terrorism is quite rare in the US and encryption has never yet been shown to have thwarted investigations into any terrorist attacks that have taken place on US soil. This includes the May 2015 shooting in Garland, Texas that Comey has invoked. Comey points to the fact that one shooter exchanged encrypted text messages with ?an overseas terrorist? shortly before the attack, but the FBI had already been monitoring one of the perpetrators for years and warned local authorities about him before the shooting. Plus, the FBI?s powerful ability to collect (unencrypted) metadata is the reason Comey knows the shooter sent those text messages. Comey may be starting to recognize that his rationale for weakening encryption needs to hit closer to home if he hopes to persuade lawmakers and the American public. To that end, it looks like he, along with Manhattan District Attorney Cyrus Vance, is ready to argue that regular criminals ? the kind more likely to predate on the general population ? are getting away because of encryption. What crimes, then, are law enforcement officials invoking in their latest calls for weakening encryption? If encryption affects ?every? criminal investigation as Comey claims, you?d think that law enforcement would encounter encryption in investigations of the crimes it spends the most time and money working on. If so, then the majority of cases in which law enforcement encounters encryption should be drug cases. Statistically, the War on Drugs, not the War on Terror, would likely be the principal context in which mandatory encryption access for law enforcement would be used. However, law enforcement?s anti-crypto advocacy hasn?t been focused on the War on Drugs. Much like Comey?s invocation of ISIL, other law enforcement leaders have asserted that the worst of the worst are the beneficiaries of strong security, focusing on murderers and sex offenders. Vance?s recent whitepaper, which calls for federal legislation mandating law enforcement access to encrypted devices, claims that iPhone device encryption using iOS 8 (which Apple cannot bypass) stymied the execution of around 111 search warrants in the space of a year. According to the report, those cases involved offenses including ?homicide, attempted murder, sexual abuse of a child, sex trafficking, assault, and robbery.? Vance?s list (which may or may not be comprehensive) is surprising. There is little overlap between the types of crimes where Vance claims Manhattan prosecutors encountered encryption, and the crimes which local and state law enforcement probably deal with most frequently. According to a newly-released FBI report, larceny, theft, assault, and drug offenses are the crimes most commonly reported by state and local law enforcement. Of those, only assault is on the Manhattan DA?s list. Drug crimes are not, even though drug arrests alone accounted for nearly a quarter of all arrests in Manhattan last year. By comparison, the other offenses on his list ? homicide, robbery, sex crimes, and trafficking offenses ? account for only a small fraction of reported crimes, according to the FBI report. Not only are drug crimes common in the state and local context, they dominate the federal courts. Drug defendants are often arrested by local police, but prosecuted federally (which might help account for the absence from Vance?s list). Drug offenses top the federal courts? most recent 12-month report on numbers of federal criminal defendants charged, by offense, which covers 17 offense categories. (The report doesn?t reflect investigations that are closed without a prosecution.) Similarly, the 2014 wiretap report, also issued by the federal courts, notes that a whopping 89 percent of all wiretaps (including 91 percent of federal wiretaps and 88 percent of state wiretaps) were for drug offenses. Homicide and assault (a combined category in the wiretap report) came in a distant second, at four percent. So one would expect that if there?s widespread use of encryption, it would proportionately impact drug crimes, and the homicide, assault, and other cases would be far behind. State and federal wiretap statistics, combined with federal prosecution statistics, demonstrate that drug offenses are very high on law enforcement?s agenda ? even as homicide clearance rates languish. And according to the FBI crime statistics report, drug offenses are one of the most commonly reported types of crime. As more and more people carry smartphones that are encrypted by default, encountering device encryption becomes more likely to affect investigations where the crime is both common and a top law enforcement priority. That means drug offenses ? and yet they are absent from Vance?s list. If you have concerns about the War on Drugs ? and many people do because it is expensive, ineffectual, and disproportionately affects minorities, among other reasons ? the War on Crypto is likely to make it worse. We need more information about the facts underpinning the Manhattan DA?s report before we can say whether Vance has established a pressing law enforcement need for legislation. The report said that the office ?was unable to execute? around 111 search warrants due to iOS 8 encryption. While 111 frustrated warrants may sound like a lot, that number doesn?t tell the full story. The report conspicuously fails to mention several important facts, such as whether prosecutors successfully pursued those cases using other evidence; the total number of search warrants issued for smartphones during the period cited; how many of those devices turned out to be encrypted; and of those, how many warrants were successfully executed nevertheless. If criminal investigations can succeed despite encryption, then device encryption?s detrimental impact on the public is marginal. That?s already true for encryption of communications. 2014?s statistics for judicially-authorized wiretaps (which collect the contents of unencrypted phone calls and text messages in transit) show almost no adverse impact from encryption. Officials encountered encryption in 22 state court wiretaps out of a total of 2,275 ? a sharp drop from 2013, when states came across 41 encrypted phones ? and were unable to decipher plaintext in only two of the 22. For federal wiretaps, investigators encountered encryption in three wiretaps out of 1,279 total, of which two could not be decrypted. When it comes to communications, Comey?s claim that encryption ?affects every criminal investigation? is plainly an exaggeration. He and his colleagues have yet to show that the situation for devices is any different. So long as encryption has a negligible effect on law enforcement?s ability to do their jobs, their proposals to regulate encryption amount to a ?solution? for a problem that doesn?t exist. In the end, it?s the War on Drugs and other routine criminal investigations, not counterterrorism or ?worst of the worst? criminal cases, that stand to benefit the most if Director Comey gets his wish for guaranteed access to the data on Americans? encrypted smartphones. Yet officials cannily highlight ISIL recruitment, sex trafficking, and murder to promote their demands for weaker crypto, obscuring the lack of evidence that strong crypto in fact poses a significant problem for them. This post draws a number of inferences from imperfect information, because comprehensive data about device encryption?s impact on law enforcement are simply not available. We don?t have the full picture of how law enforcement and intelligence agencies seek to compel or persuade tech companies to decrypt information for them (and on what legal authority), influence encryption standards, cooperate to share tools for bypassing crypto, or investigate crime by other means, including hacking tools. I?m researching these issues as part of the Stanford Center for Internet and Society?s Crypto Policy Project, and maybe they?ll also be considered by the crypto commission Congress plans to convene. As Director Comey himself recently said, ?without information, every single conversation in this country about policing and reform and justice is uninformed, and that is a very bad place to be.? Those words apply with equal force to the national conversation about encryption and law enforcement. Tags: back doors, Counterterrorism, Cy Vance, Encryption, FBI, Guest Post, James Comey, War on Drugs About the Author Riana Pfefferkorn is the Cryptography Fellow at the Stanford Center for Internet and Society. You can follow her on Twitter (@riana_crypto). -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 15 12:59:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2016 13:59:34 -0500 Subject: [Infowarrior] - Fixing Pre-Publication Review: What Should Be Done? Message-ID: <69487679-DF97-4FF8-AF30-5BF4436492E4@infowarrior.org> Fixing Pre-Publication Review: What Should Be Done? By Steven Aftergood Friday, January 15, 2016 at 9:15 AM Jack Goldsmith and Oona Hathaway called attention in several recent columns to the pre-publication review process (here, here, here, and here) that many current and former national security officials and other government employees must submit to before their work can be published. The process, they argued, has become dysfunctional, overstepping legitimate national security boundaries and infringing on freedom of speech as well as the public?s right to know. Their case is strong. < - > https://www.justsecurity.org/28827/fixing-pre-publication-review-done/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 18 15:48:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2016 16:48:23 -0500 Subject: [Infowarrior] - Court Grants Free Legal Assistance to Accused Movie Pirates Message-ID: <2578176F-71B5-4343-B5AF-DCB55BF5989C@infowarrior.org> Court Grants Free Legal Assistance to Accused Movie Pirates ? By Andy ? on January 18, 2016 https://torrentfreak.com/court-grants-free-legal-assistance-to-accused-movie-pirates-160118/? With up to $150,000 in damages available to plaintiffs in copyright infringement cases involving just a single movie, being a defendant can be a scary prospect. However, a judge in the United States has just thrown a small but significant lifetime to a number of assumed pirates, by granting them access to a panel of lawyers free of charge. As the phenomenon of chasing down alleged movie pirates continues around the world, so-called copyright trolls are continually honing their techniques in order to pin down individuals to force settlement. While those accused rarely get off lightly in any jurisdiction, in the United States the situation is particularly grim. Companies that pursue pirates have the luxury of huge statutory damages at their disposal, meaning that a failed defense of a willful infringement claim could mean that a defendant is on the hook for up to $150,000 in damages. While such large awards are rare, it does mean that companies are motivated to spend more time on a case than they would in other regions where statutory damages do not exist. To that end, when faced with accusations from copyright holders, people who merely pay the Internet bill at a residence sometimes face deposition. In these cases a deposition is a pre-trial hearing during which a witness answers questions under oath about the alleged offense. The idea is to find out what the witness knows but ultimately depositions allow plaintiffs to gain ammunition towards achieving their key aim ? cash settlement. At this stage the account holder might be the assumed (putative) defendant while remaining an unnamed ?John Doe? as far as the lawsuit goes. All that could change after the deposition of course, which is why people are advised to obtain legal advice before taking part in one. Sadly, people?s financial situations often dictate this is not possible. However, an interesting find by the troll-watchers at FightCopyrightTrolls reveals that putative defendants in Oregon won?t have to walk blindly into a potentially damaging deposition. In response to a wave of lawsuits filed by notorious troll lawyer Carl Crowell, Chief Judge Michael Mosman has decided that targets of settlement demands should have legal assistance, whether they can afford it or not. A recently drafted standing order details his offer. ?Plaintiffs have subpoenaed the Internet Service Provider (?ISP?) to obtain the identity of the party assigned the ISP account associated with the infringing activity, commonly called the subscriber. The subscriber may or may not be the same as the alleged infringer,? Judge Mosman writes. ?In order to find out whether the subscriber is an innocent third party and, if so, the identity of the alleged infringer, plaintiffs request the Court to enter Orders allowing them to take certain action, such as issuing a subpoena to the subscriber for a deposition.? The Judge notes that if Internet subscribers fail to respond, plaintiffs could ask the Court for a default judgment. It is therefore advisable for subscribers to receive legal advice. To that end, subscribers will now get that support regardless of whether they can afford it or not. ?The Court has established a panel of lawyers who are willing to provide assistance and advice to subscribers in these lawsuits at no charge for up to 3 hours,? Judge Mosman writes. The offer of support before deposition will be welcomed by subscribers while a case management order issued alongside should ensure that lawyers like Crowell are kept in line. The order mandates that multiple does can?t be filed in a single case and, crucially, subscribers must be informed of the free legal advice being made available. ?The ISP subpoena must include a copy of [the standing order] from the Court regarding the availability of pro bono counsel with any communications to the subscriber/account holder,? the order reads. The prospect of a deposition will be a scary one for Internet subscribers so the fact they have this support should certainly lighten the load, especially for those who simply pay the bill and have played no part in any infringement. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 18 15:48:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2016 16:48:35 -0500 Subject: [Infowarrior] - GM says it owns your car, not you Message-ID: <0E83F87C-49E7-4A29-B758-1A3D6651DAA9@infowarrior.org> GM: That Car You Bought? We?re Really The Ones Who Own It. By Kate Cox May 20, 2015 http://consumerist.com/2015/05/20/gm-that-car-you-bought-were-really-the-ones-who-own-it/ Congratulations! You just bought a new Chevy, GMC, or Cadillac. You really like driving it. And it?s purchased, not leased, and all paid off with no liens, so it?s all yours? isn?t it? Well, no, actually: according to GM, it?s still theirs. You just have a license to use it. At least, that?s what an attorney for GM said at a hearing this week, Autoblog reports. Specifically, attorney Harry Lightsey said, ?It is [GM?s] position the software in the vehicle is licensed by the owner of the vehicle.? GM?s claim is all about copyright and software code, and it?s the same claim John Deere is making about their tractors. The TL;DR version of the argument goes something like this: ? Cars work because software tells all the parts how to operate ? The software that tells all the parts to operate is customized code ? That code is subject to copyright ? GM owns the copyright on that code and that software ? A modern car cannot run without that software; it is integral to all systems ? Therefore, the purchase or use of that car is a licensing agreement ? And since it is subject to a licensing agreement, GM is the owner and can allow/disallow certain uses or access. The U.S. Copyright Office is currently holding a series of hearings on whether or not anyone other than the manufacturer of a car has a right to tinker with that car?s copyrighted software. And with the way modern design goes, that basically means with the car, at all. Folks who like to tinker with their cars, as well as independent (non-dealer) mechanics say they need the copyright exemption in order to be allowed to continue repairing their own cars, or keeping their businesses open. Manufacturers, like GM, say that it?s a safety issue: if people who aren?t authorized mess with any one piece of software, they could make the entire ecosystem of connected code unsafe. An attorney from the Electronic Frontier Foundation also testified at the hearing, telling the Copyright Office that restricting access to onboard computers in vehicles drives up costs, hurts competition, and stifles innovation. It also prevents third party researchers from conducting independent safety and security research without becoming lawbreakers. The first of the two sessions of hearings started yesterday in Los Angeles. The other will take place next week, in Washington, DC. The Copyright Office is expected to issue a ruling in July determining just what you can and can?t do with the things you thought you bought. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 19 10:36:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jan 2016 11:36:03 -0500 Subject: [Infowarrior] - Bitcoin Heist Steals Millions from Exchange Message-ID: (c/o DG) Bitcoin Heist Steals Millions from Exchange Mathew J. Schwartz Data Breach , Fraud Cryptocurrency exchange Cryptsy, which trades bitcoins as well as more than 100 types of "altcoins" such as litecoin and namecoin, disclosed Jan. 15 that it was robbed in 2014. As a result of the breach, the exchange has now suspended all trades and says it will file for bankruptcy unless the stolen bitcoins are returned. Florida-based Cryptsy says the attacker stole 13,000 bitcoins, worth $5 million today, as well as 300,000 litecoins, worth $970,000 today. The exchange says the theft was not related to the recent phishing and distributed denial-of-service attacks that it's suffered. It suspects that the most recent developer behind Lucky7Coin - LK7 - is the culprit behind the attacks, based on a backdoor that it found inside its network. "About a year and a half ago, we were alerted ... [to] a reduction in our safe/cold wallet balances of bitcoin and litecoin, as well as a couple other smaller cryptocurrencies," Cryptsy says in a blog post. It says its investigation ultimately found that the developer of the Lucky7Coin cryptocurrency "had placed an IRC backdoor into the code of [its] wallet, which allowed it to act as a sort of a Trojan, or command-and-control unit." The exchange adds: "This Trojan had likely been there for months before it was able to collect enough information to perform the attack," which was executed on July 29, 2014. A user of code-sharing site GitHub in March 2015 detailed that apparent backdoor in the Lucky7Coin IRC code, noting that it would give an attacker "the ability to run arbitrary commands on the victim's host." Cryptsy suspects that whoever originally developed Lucky7Coin isn't responsible for the backdoor, but rather someone named "Jack," who claimed to have taken over development of the cryptocurrency codebase and related code, and who contacted Cryptsy on May 22, 2014. "You're the only exchange for this coin and I hope you will let me take care of it. I'm responsible," Jack claimed. < - > http://www.databreachtoday.com/bitcoin-heist-steals-millions-from-exchange-a-8803 -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 19 12:17:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jan 2016 13:17:51 -0500 Subject: [Infowarrior] - IC IG: Clinton email server contained SAP info Message-ID: <40C03048-B935-4694-A279-2785C143BFD4@infowarrior.org> Inspector General: Clinton emails had intel from most secretive, classified programs By Catherine Herridge, Pamela Browne Published January 19, 2016 FoxNews.com http://www.foxnews.com/politics/2016/01/19/inspector-general-clinton-emails-had-intel-from-most-secretive-classified-programs.html EXCLUSIVE: Hillary Clinton's emails on her unsecured, homebrew server contained intelligence from the U.S. government's most secretive and highly classified programs, according to an unclassified letter from a top inspector general to senior lawmakers. Fox News exclusively obtained the text of the unclassified letter, sent Jan. 14 from Intelligence Community Inspector General I. Charles McCullough III. It laid out the findings of a recent comprehensive review by intelligence agencies that identified "several dozen" additional classified emails -- including specific intelligence known as "special access programs" (SAP). That indicates a level of classification beyond even ?top secret,? the label previously given to two emails found on her server, and brings even more scrutiny to the presidential candidate?s handling of the government?s closely held secrets. ?To date, I have received two sworn declarations from one [intelligence community] element. These declarations cover several dozen emails containing classified information determined by the IC element to be at the confidential, secret, and top secret/sap levels,? said the IG letter to lawmakers with oversight of the intelligence community and State Department. ?According to the declarant, these documents contain information derived from classified IC element sources.? Intelligence from a "special access program,? or SAP, is even more sensitive than that designated as "top secret" ? as were two emails identified last summer in a random sample pulled from Clinton's private server she used as secretary of state. Access to a SAP is restricted to those with a "need-to-know" because exposure of the intelligence would likely reveal the source, putting a method of intelligence collection -- or a human asset -- at risk. Currently, some 1,340 emails designated ?classified? have been found on Clinton?s server, though the Democratic presidential candidate insists the information was not classified at the time. ?There is absolutely no way that one could not recognize SAP material,? a former senior law enforcement with decades of experience investigating violations of SAP procedures told Fox News. ?It is the most sensitive of the sensitive.? Executive Order 13526 -- called "Classified National Security Information" and signed Dec. 29, 2009 -- sets out the legal framework for establishing special access programs. The order says the programs can only be authorized by the president, "the Secretaries of State, Defense, Energy, and Homeland Security, the Attorney General, and the Director of National Intelligence, or the principal deputy of each." The programs are created when "the vulnerability of, or threat to, specific information is exceptional,? and ?the number of persons who ordinarily will have access will be reasonably small and commensurate with the objective of providing enhanced protection for the information involved," it states. According to court documents, former CIA Director David Petraeus was prosecuted for sharing intelligence from special access programs with his biographer and mistress Paula Broadwell. At the heart of his prosecution was a non-disclosure agreement where Petraeus agreed to protect these closely held government programs, with the understanding ?unauthorized disclosure, unauthorized retention or negligent handling ? could cause irreparable injury to the United States or be used to advantage by a foreign nation.? Clinton signed an identical non-disclosure agreement Jan. 22, 2009. Fox News is told that the recent IG letter was sent to the leadership of the House and Senate intelligence committees and leaders of the Senate Foreign Relations Committee, as well as the Office of the Director of National Intelligence (ODNI) and State Department inspector general. Fox News has asked the committees to make the letter public because its findings are unclassified. Representatives for the ODNI and intelligence community inspector general had no comment, but did not dispute the findings. The intelligence community IG was responding in his message to a November letter from the Republican chairmen of the Senate intelligence and foreign relations committees that questioned the State Department email review process after it was wrongly reported the intelligence community was retreating from the ?top secret? designation. As Fox News first reported, those two emails were ?top secret? when they hit the server, and it is now considered a settled matter. The intelligence agencies now have their own reviewers embedded at the State Department as part of the Freedom of Information Act (FOIA) process. The reviewers are identifying intelligence of a potentially classified nature, and referring it to the relevant intelligence agency for further review. There is no formal appeals process for classification, and the agency that generates the intelligence has final say. The State Department only has control over the fraction of emails that pertain to their own intelligence. While the State Department and Clinton campaign have said the emails in questions were ?retroactively classified? or ?upgraded? ? to justify the more than 1,300 classified emails on her server ? those terms are meaningless under federal law. The former federal law enforcement official said the finding in the January IG letter represents a potential violation of USC 18 Section 793, ?gross negligence? in the handling of secure information under the Espionage Act. Catherine Herridge is an award-winning Chief Intelligence correspondent for FOX News Channel (FNC) based in Washington, D.C. She covers intelligence, the Justice Department and the Department of Homeland Security. Herridge joined FNC in 1996 as a London-based correspondent. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 19 17:43:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jan 2016 18:43:31 -0500 Subject: [Infowarrior] - UK Appeals Court: Journalism is not terrorism Message-ID: Journalism is not terrorism. Criticism of the government is not violence | Trevor Timm Trevor Timm http://www.theguardian.com/commentisfree/2016/jan/19/journalism-is-not-terrorism-criticism-of-the-government-is-not-violence In a huge win for press freedom, a UK court of appeal ruled that the detention of journalist Glenn Greenwald?s partner, David Miranda, under the Terrorism Act violated his human rights as a journalist. Perhaps more importantly, though, the court rebuked the government?s unprecedented and dangerous definition of ?terrorism? that would have encompassed all sorts of actions regularly made by law-abiding citizens. Miranda was detained and interrogated for almost nine hours without a lawyer at Heathrow airport in 2013 while returning to his home in Brazil after visiting Academy award-winning filmmaker Laura Poitras in Germany. He was assisting her and Greenwald?s reporting on the Snowden documents; Greenwald was working for the Guardian at the time. The court overruled a part of a prior ruling, making clear that ?the stop power [under the Terrorism Act], if used in respect of journalistic information or material is incompatible? with the European convention on human rights. As Greenwald has already said, the court ruling is ?an enormous victory, first and foremost for press freedoms, because what the court ruled is that the UK parliament can?t purport to allow its police to seize whatever they want to take from journalists by pretending it?s a terrorism investigation?. Officers have used measure to randomly stop and question as many as 85,000 travellers a year at UK ports and airports He?s exactly right: journalists, or anyone working on behalf of newspapers for that matter, should not be worried about being detained, interrogated and having their source material confiscated for doing their job in a democracy. But even more disturbing than the UK government?s willingness to detain a journalist in violation of his human rights is what they attempted to claim after Miranda?s detention to justify their actions. In arguing that they had every right to detain Miranda under the Terrorism Act in 2013, the government put forth a the radical and expansive definition of terrorism. Here is the government?s exact words from a court filing they made in November 2013: Additionally the disclosure [of NSA/GCHQ documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism... Think about the implications of that for a minute: terrorism was defined as publishing information designed to influence the government. That definition includes no mention of violence or even a threat of violence, which David Miranda never came anywhere near doing. In other words, any opinion or action the government does not like could potentially have been decreed as ?terrorism? under their warped definition. This type of sweeping authorization is the hallmark of authoritarian regimes, like Saudi Arabia and Russia, who regularly distort laws supposedly passed in the name of fighting terrorism to harass and detain journalists, human rights workers and dissidents. It?s also a practice that that the UK and US have spoken out repeatedly against in the last decade. (Back in 2013 the Guardian asked the US State Department to comment on the UK?s arrest of Miranda, but they declined, despite harshly criticizing other countries for using their terrorism laws in virtually the same way.) Thankfully, the appeals court wholly dismissed this dangerous definition of ?terrorism,? writing: ?The court of appeal ruling rejects the broad definition of terrorism advanced by government lawyers. The correct legal definition of terrorism, the court of appeal has now ruled, requires some intention to cause a serious threat to public safety such as endangering life?. This episode shines a light on how unjust the Terrorism Act is to everyone who travels through London?s airport. It should be noted that the UK government?s own independent reviewer of terrorism legislation made clear that, despite the Terrorism Act?s name, the government declares the ?power to stop and question [under the law] may be exercised without suspicion of involvement in terrorism?. We also know that thousands of innocent people have been subjected to similar types of detainment in the past with almost no recourse afterwards. Let?s hope that Miranda will re-ignite the debate about how pernicious and dangerous to human rights the Terrorism Act really is. [Ed. note: Trevor Timm is executive director of Freedom of the Press Foundation, where Glenn Greenwald, Laura Poitras, and Edward Snowden sit on the board of directors. ] -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 20 07:30:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jan 2016 08:30:47 -0500 Subject: [Infowarrior] - OT: Where's Rey? Message-ID: <75379A6C-05ED-4E09-A68C-D8DC95DD83EC@infowarrior.org> (c/o EP) Where's Rey? Sweatpants & Coffee by Michael Boehm http://sweatpantsandcoffee.com/what-we-love/sweatpants-pop-culture/rey/ Would your son want to play with an action figure of Rey, the central figure in the latest Star Wars film? Would your daughter? It?s too bad they don?t have the choice; Hasbro, among other toymakers, left out the one key female figure in their The Force Awakens game sets. Hasbro says it was to preserve plot secrets, but an industry insider said the choice was deliberate. The insider, who spoke to Sweatpants & Coffee on condition of anonymity, said the decision to exclude Rey was based on marketing assumptions and not for plot reasons. Manufacturers of products that tie into popular movies have been in the news in recent months for appearing to favor male characters over female ones. Products featuring popular science fiction, fantasy, and superhero movies have marginalized or completely excluded the female characters. The controversy has peaked in the past few weeks with Lucasfilm?s Star Wars: The Force Awakens film, released at Christmas. Buyers found that Rey, the protagonist of the film, was missing from a significant number of Star Wars-related products. Hasbro received criticism for their Star Wars Monopoly set, where player could take the part of four different characters, all male. Also, Hasbro?s ?Battle Action Millennium Falcon? playset features Finn, Chewbacca, and BB-8 characters, but not Rey, though, in the film, Rey was the pilot of the spaceship. Hasbro issued a statement to Entertainment Weekly Jan. 5 assuring fans that future versions of the Monopoly set would include Rey. ?The Star Wars: Monopoly game was released in September, months before the movie?s release, and Rey was not included to avoid revealing a key plot line that she takes on Kylo Ren and joins the Rebel Alliance,? according to the statement. ?Absolute rubbish,? said John Marcotte, founder of Heroic Girls, a non-profit organization dedicated to promoting positive strong role models for young women. ?Hasbro is merely trying to save face. Monopoly is a game about buying and selling properties. There is no plot to be given away by including the Rey character.? Jenna Busch, founder and editor-in-chief of Legion of Leia, a feminist sci-fi fansite, blogged, ?That?s not how Monopoly works. The top hat and the thimble weren?t plot points, either.? In January 2015, a number of toy and merchandise vendors descended on Lucasfilm?s Letterman Center in San Francisco. In a series of confidential meetings, the vendors presented their product ideas to tie in with the highly-anticipated new Star Wars film. Representatives presented, pitched, discussed, and agreed upon prototype products. The seeds of the controversies Lucasfilm is facing regarding the marketing and merchandising of The Force Awakens were sown in those meetings, according to the industry insider. The insider, who was at those meetings, described how initial versions of many of the products presented to Lucasfilm featured Rey prominently. At first, discussions were positive, but as the meetings wore on, one or more individuals raised concerns about the presence of female characters in the Star Wars products. Eventually, the product vendors were specifically directed to exclude the Rey character from all Star Wars-related merchandise, said the insider. ?We know what sells,? the industry insider was told. ?No boy wants to be given a product with a female character on it.? Lucasfilm did not respond to requests for comment by press time. The industry insider went on to describe how excluding female action characters has been a common yet frustrating trend over the past few years. ?Diminishing of girl characters is common in the industry. Power Rangers asked us to do it. Paw Patrol, too.? It is not uncommon for female action characters to be excluded from toy product tie-ins, Marcotte concurred. He highlighted the most recent Avengers movie as an example. ?There was a scene in which Black Widow drops out of the belly of a jet while riding a motorcycle. It was an iconic moment for the character. And yet, when the toy product from that scene was released, it came with several different characters from that movie?Captain America, Iron Man, Ultron?that you could use with that toy. All male. And no Black Widow. She was removed from her own best scene.? The industry insider confirmed that the Black Widow character is widely considered ?unusable? within the toy industry. ?She has a tight black outfit. Our main customer is concerned with ?family values,?? said the insider. At the same time, however, it?s increasingly apparent that marketers? perceptions are seriously out of touch with consumers? tastes. ?Princess toy sales are in freefall. Disney can?t give away princess toys anymore,? according to the insider. And yet, the insider said, the directive is there: Maintain the sharp boy/girl product division. Marginalize girl characters in items not specifically marketed as girl-oriented. The toy industry is more gender-divided now than at any time in the past 50 years, according to Elizabeth Sweet, a professor of sociology at the University of California at Davis. She?s a noted authority in the sociology of gender-based toy design and marketing. Analyses of historical toy catalogs show that in the 1970s more than half of toys were not designated as being specifically for one gender, whereas now, very few toys are marketed as gender-neutral, according to Sweet. Marcotte points back to the deregulation of the advertising industry in the 1980s under Pres. Ronald Reagan as the origination point for the gender-division trend. ?Once that happened, toy manufacturers realized they could increase sales by designing toys to be more narrowly targeted. Instead of having just a ball, you could make it pink and put a princess on it; or, paint it blue and put GI Joe on it. Now parents have to buy two sets of toys, one for their daughter and one for their son.? But that long-term trend has had significant sociological impacts. ?Girls and boys do not play together as much as they used to,? Marcotte said. ?These gender divisions are hard-coded into their toys and it informs their behavior in ways that has lasting results on their presumptions.? ?I?ve spoken with Disney people, and they were completely blindsided by the reaction to the new Star Wars characters,? Marcotte went on to say. ?They put a huge investment into marketing and merchandizing the Kylo Ren character. They presumed he would be the big breakout role from the film. They were completely surprised when it was Rey everyone identified with and wanted to see more of. Now they?re stuck with vast amounts of Kylo Ren product that is not moving, and a tidal wave of complaints about a lack of Rey items.? Angelique Hager, mother of the twins, says: ?Until Rey, my daughter Riley wanted to be Anakin. Not Padme, or even Leia. She wanted to be a Jedi. Then we discovered The Clone Wars and Ahsoka, but even then we couldn?t find a costume for her. Rey is revolutionary.? Rey isn?t totally absent from all products: The warrior is featured in several Hasbro games, including Hands Down, Guess Who, and chess. ?Fans will see more Rey product hitting store shelves this month, including 6-inch and 12-inch Rey action figures. We are thrilled with the popularity of this compelling character and will continue to look for ways to showcase Rey across all of our product lines,? the Hasbro statement concluded. Marcotte believes the Star Wars film may represent the watershed moment when the toy industry finally realizes they are out of step with consumers? desires. ?It?s up to the public now, to make it happen,? he said. ?It?s all about the carrot and stick of economics. If people buy products featuring strong, heroic female characters, it will happen.? Michael Boehm is a Bay Area native who reports on issues at the intersection of culture, commerce, and technology. He worked in healthcare for 10 years before having kids, who promptly set his head straight; whereupon he ditched the corporate life to focus on writing. Now he lives in Foster City and is the master of a burgeoning rodent family. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 21 12:38:36 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2016 13:38:36 -0500 Subject: [Infowarrior] - NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI Message-ID: <612AA0E0-4669-45ED-BDEE-AB0C73138500@infowarrior.org> NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI Jenna McLaughlin Jan. 21 2016, 1:01 p.m. https://theintercept.com/2016/01/21/nsa-chief-stakes-out-pro-encryption-position-in-contrast-to-fbi/ National Security Agency Director Adm. Mike Rogers said Thursday that ?encryption is foundational to the future,? and arguing about it is a waste of time. Speaking to the Atlantic Council, a Washington, D.C., think tank, Rogers stressed that the cybersecurity battles the U.S. is destined to fight call for more widespread use of encryption, not less. ?What you saw at OPM, you?re going to see a whole lot more of,? he said, referring to the massive hack of the Office of Personnel Management involving the personal data about 20 million people who have gotten background checks. ?So spending time arguing about ?hey, encryption is bad and we ought to do away with it? ? that?s a waste of time to me,? he said, shaking his head. ?So what we?ve got to ask ourselves is, with that foundation, what?s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?? Other government officials ? most notably FBI Director James Comey ? have been crusading for a way that law enforcement can get access to encrypted data. But technologists pretty much universally agree that creating some sort of special third-party access would weaken encryption to the point that it would threaten every internet transaction we make, from online banking to filling out our health records to emailing our friends and significant others. A hole in encryption for special FBI access would be a hole that criminals could sneak through, too. While there?s been a lot of talk about giving up some privacy for security, Rogers said both are paramount. ?Concerns about privacy have never been higher. Trying to get all those things right, to realize that ? it isn?t about one or the other,? he said. He does not think that ?security is the imperative and that ought to drive everything.? Nor should privacy, he continued. ?We?ve got to meet these two imperatives. We?ve got some challenging times ahead of us, folks.? Comey, who formerly advocated for a way to get law enforcement access without weakening encryption, recently switched tactics. Now he is pressuring companies to change their business models and simply not offer true end-to-end encryption to their customers. The White House has decided not to pursue legislation to outlaw unbreakable end-to-end encryption, following pressure from privacy advocates and scientists. But the intelligence community?s top lawyer, Bob Litt, privately advised the administration that a major terrorist attack could be an opportune moment to do so. And the White House has not issued a statement in defense of encryption, to the frustration of Apple CEO Tim Cook, among others. Meanwhile, Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., are reportedly planning their own proposed legislation to require law enforcement access. Rogers? comments could indicate a split on this issue between the intelligence community and domestic law enforcement. The previous NSA director, Michael Hayden, said in January that he thinks Comey is on the wrong side of this debate. ?I disagree with Jim Comey. I actually think end-to-end encryption is good for America,? he said. Hayden has also spoken about how U.S. intelligence agencies have figured out how to get the information they need without weakening encryption ? such as using metadata, which shows who is contacting whom. Another former NSA boss, Mike McConnell, has also spoken out against trying to install backdoors in encryption. Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too ? by hacking. Hacking allows law enforcement to plant malicious code on someone?s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they?ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade. Watch Rogers? talk here:.... https://theintercept.com/2016/01/21/nsa-chief-stakes-out-pro-encryption-position-in-contrast-to-fbi/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 21 15:11:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2016 16:11:35 -0500 Subject: [Infowarrior] - OT: How Wall Street Finds New Ways to Sell Old, Opaque Products to Retail Investors Message-ID: <780AD2A5-67E5-4331-A1D1-EC52C9E23FD6@infowarrior.org> How Wall Street Finds New Ways to Sell Old, Opaque Products to Retail Investors http://www.bloomberg.com/news/articles/2016-01-21/how-wall-street-finds-new-ways-to-sell-old-opaque-products-to-retail-investors -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 22 06:30:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2016 07:30:47 -0500 Subject: [Infowarrior] - Google Paid Apple $1 Billion to Keep Search Bar on IPhone Message-ID: <424CC676-49DF-47FB-9A8C-3B950F3053C2@infowarrior.org> Google Paid Apple $1 Billion to Keep Search Bar on IPhone Joel Rosenblatt Adam Satariano satariano January 21, 2016 ? 7:34 PM EST http://www.bloomberg.com/news/articles/2016-01-22/google-paid-apple-1-billion-to-keep-search-bar-on-iphone Google Inc. is paying Apple Inc. a hefty fee to keep its search bar on the iPhone. Apple received $1 billion from its rival in 2014, according to a transcript of court proceedings from Oracle Corp.?s copyright lawsuit against Google. The search engine giant has an agreement with Apple that gives the iPhone maker a percentage of the revenue Google generates through the Apple device, an attorney for Oracle said at a Jan. 14 hearing in federal court. Rumors about how much Google pays Apple to be on the iPhone have circulated for years, but the companies have never publicly disclosed it. tin Huguet, a spokeswoman for Apple, and Google spokesman Aaron Stein both declined to comment on the information disclosed in court. The revenue-sharing agreement reveals the lengths Google must go to keep people using its search tool on mobile devices. It also shows how Apple benefits financially from Google?s advertising-based business model that Chief Executive Officer Tim Cook has criticized as an intrusion of privacy. Oracle has been fighting Google since 2010 over claims that the search engine company used its Java software without paying for it to develop Android. The showdown has returned to U.S. District Judge William Alsup in San Francisco after a pit stop at the U.S. Supreme Court, where Google lost a bid to derail the case. The damages Oracle now seeks may exceed $1 billion since it expanded its claims to cover newer Android versions. 34 Percent Annette Hurst, the Oracle attorney who disclosed details of the Google-Apple agreement at last week?s court hearing, said a Google witness questioned during pretrial information said that ?at one point in time the revenue share was 34 percent.? It wasn?t clear from the transcript whether that percentage is the amount of revenue kept by Google or paid to Apple. An attorney for Google objected to the information being disclosed and attempted to have the judge strike the mention of 34 percent from the record. ?That percentage just stated, that should be sealed,? lawyer Robert Van Nest said, according to the transcript. ?We are talking hypotheticals here. That?s not a publicly known number.? The magistrate judge presiding over the hearing later refused Google?s request to block the sensitive information in the transcript from public review. Google then asked Alsup to seal and redact the transcript, saying the disclosure could severely affect its ability to negotiate similar agreements with other companies. Apple joined Google?s request in a separate filing. ?Highly Sensitive? ?The specific financial terms of Google?s agreement with Apple are highly sensitive to both Google and Apple,? Google said in its Jan. 20 filing. ?Both Apple and Google have always treated this information as extremely confidential.? The transcript vanished without a trace from electronic court records at about 3 p.m. Pacific standard time with no indication that the court ruled on Google?s request to seal it. The case is Oracle America Inc. v. Google Inc., 10-cv-03561, U.S. District Court, Northern District of California (San Francisco). -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 22 11:43:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2016 12:43:50 -0500 Subject: [Infowarrior] - California Legislator Says Encryption 'Threatens Our Freedoms' Message-ID: There is no limit to political stupid and fearmongering...... California Legislator Says Encryption 'Threatens Our Freedoms' Calls For Ban On Encrypted Cell Phones https://www.techdirt.com/articles/20160122/06200833403/california-legislator-says-encryption-threatens-our-freedoms-calls-ban-encrypted-cell-phones.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 22 12:00:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2016 13:00:10 -0500 Subject: [Infowarrior] - Overhaul Puts Pentagon in Charge of Protecting Federal Security Clearance Data Message-ID: <35170162-FD31-4904-BE6B-9DBF021A3718@infowarrior.org> Overhaul Puts Pentagon in Charge of Protecting Federal Security Clearance Data ? Damian Paletta http://blogs.wsj.com/washwire/2016/01/22/pentagon-to-protect-encrypt-federal-security-clearance-data/ WASHINGTON ? The White House Friday announced an overhaul of the government?s security clearance system, creating a new division to handle screenings and directing the Pentagon to protect the data. The creation of the National Background Investigations Bureau ? and its close partnership with the Department of Defense ? is the latest change to come after the sweeping cyber attack that hit the Office of Personnel Management last year. In that breach, which U.S. officials have said likely emanated from Chinese hackers, more than 20 million background check records and millions of fingerprint reports were stolen. Many lawmakers were astonished after the breach to find that none of the background check records were encrypted, making it much easier for thieves to potentially use the information. The NBIB will be a division of OPM, but the responsibility for protecting the information will shift to the Pentagon. The NBIB will incorporate an existing agency ? the Federal Investigative Service ? which already conducts background checks for more than 100 federal agencies. The NBIB?s chief will be appointed by the president and it?s expected to have a higher profile than its predecessor. Richard Hale, the Pentagon?s deputy chief information officer for cyber security, said Friday that ?we will use encryption everywhere that it?s appropriate? and will look closely at what information should remain online and what records will be essentially disconnected from this network. ?We intend to apply the best practices that we?ve been able to apply? at the Pentagon, said Marcel Lettre, the Defense Department?s under secretary for intelligence. The U.S. government conducts more than 600,000 security clearance checks each year for a wide range of agencies, including posts within the military and law enforcement. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 22 16:54:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2016 17:54:21 -0500 Subject: [Infowarrior] - The Academy Bullied CNN Into Including Trademark Icon For 'Oscars' On Its Crawl Message-ID: <8FF0A9DD-2C07-4014-9CB1-25381FBB4137@infowarrior.org> The Academy Bullied CNN Into Including Trademark Icon For 'Oscars' On Its Crawl For Some Reason from the and-the-award-for-dumbest-fight-goes-to... dept Usually when we talk about the Oscars behaving badly about intellectual property, it has to do with either its combat against film piracy or its rather stunning tradition of facilitating it. What's clear in most of those stories, though, is that when the Motion Picture Academy decides to sink its collective teeth into something, it is bulldog-ish in its unwillingness to let it go. It seems that this is the case on matters of trademark, as well. Unimaginably petty trademark matters. As CNN was covering a boycott by some actors of the Oscars ceremony, it appears someone in PR for the Academy had pestered CNN to the point that the news channel, contrary to how just about everyone else does it, agreed to include a trademark registration symbol when discussing the Oscars on its crawl. To get an idea of how jarring doing this is to the viewer, see the following screen-cap. < - > https://www.techdirt.com/articles/20160122/07350733406/academy-bullied-cnn-into-including-trademark-icon-oscars-crawl-some-reason.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 24 13:23:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2016 14:23:57 -0500 Subject: [Infowarrior] - Power Wars: How Obama justified, expanded Bush-era surveillance Message-ID: <9E8D0C32-7CA1-4ECA-AD19-87B7DF274578@infowarrior.org> Power Wars: How Obama justified, expanded Bush-era surveillance Review: Veteran national security reporter has inside scoop on Obama White House. by Cyrus Farivar - Jan 24, 2016 1:17pm EST < - > "[The Bush-Cheney Administration] puts forward a false choice between the liberties we cherish and the security we demand. I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorist without undermining our Constitution and our freedom." ?Senator Barack Obama, presidential campaign address on national security policy, August 1, 2007 "I think the American people understand that there are some trade-offs involved?I think it?s important to recognize that you can?t have a hundred percent security and also then have a hundred percent privacy and zero inconvenience. You know, we?re going to have to make some choices as a society." ?President Barack Obama, responding to the disclosure that the National Security Agency was systematically collecting records about Americans? domestic phone calls in bulk, June 7, 2013 < - > http://arstechnica.com/tech-policy/2016/01/power-wars-how-obama-justified-expanded-bush-era-surveillance/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 24 13:23:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2016 14:23:49 -0500 Subject: [Infowarrior] - Book Review: Why Do We Expose Ourselves? Message-ID: Why Do We Expose Ourselves? Astra Taylor https://theintercept.com/2016/01/23/surveillance-bernard-harcourt-why-do-we-expose-ourselves/ AMONG CRITICS OF TECHNOLOGICAL SURVEILLANCE, there are two allusions so commonplace they have crossed into the realm of clich?. One, as you have probably already guessed, is George Orwell?s Big Brother, from 1984. The other is Michel Foucault?s panopticon ? a vision, adapted from Jeremy Bentham, of a prison in which captives cannot tell if or when they are being watched. Today, both of these touchstones are considered chillingly prophetic. But in Exposed: Desire and Disobedience in the Digital Age, Bernard Harcourt has another suggestion: Both of them are insufficient. 1984, Harcourt acknowledges, was an astoundingly farsighted text, but Orwell failed to anticipate the role pleasure would come to play in our culture of surveillance ? specifically, the way it could be harnessed, as opposed to suppressed, by powerful interests. Oceania?s ?Hate Week? is nowhere to be found; instead, we live in a world of likes, favorites, and friending. Foucault?s panopticon, in turn, needs a similar update; mass incarceration aside, the panopticon ? for the rest of us ? has become participatory, more of an amusement park or shopping mall than a penal institution. Rather than being coerced to reveal secrets, today we seem to enjoy self-exposure, giving away ?our most intimate information and whereabouts so willingly and passionately ? so voluntarily.? Exposed is a welcome addition to the current spate of books about technology and surveillance. While it covers familiar ground ? it opens with brief accounts of Facebook?s methods of tracking users, USAID?s establishment of ZunZuneo (a Twitter-like social network) in Cuba, and Edward Snowden?s revelations of the NSA?s PRISM program ? Harcourt?s contribution is uniquely indebted to critical theory. Riffing on the work of another French philosopher, Gilles Deleuze, and his evocative 1992 fragment ?Postscript on the Societies of Control,? Harcourt settles upon the phrase ?Expository Society? to describe our current situation, one in which we ?have become dulled to the perils of digital transparence? and enamored of exposure. This new form of expository power, Harcourt explains, ?embeds punitive transparence into our hedonist indulgences and inserts the power to punish in our daily pleasures.? The expository society has been long in the making. Its roots are in ancient Greece and Rome, where the ?age of the spectacle? commenced and began its evolution. It is worth quoting Harcourt?s summary of this history at length: To render something public was expensive, and so the ancients would gather together, amass themselves to watch, to share, to partake in a public act of entertainment. There was no replay button, nor were there any video feeds and no mechanical arts of reproduction. The modern era of surveillance, on the other hand, gave proof of the cost of security. To render secure was expensive, and so the moderns discovered ways to surveil more efficiently, to see everyone from a single gaze, to turn the arena inside out, to imagine the panopticon. In the digital age today, publicity has become virtually costless and surveillance practically free of charge. And yet, while spectacles and surveillance may be ?costless? and ?practically free,? the expository society is fundamentally about profit. On the corporate side, the business models of companies like Facebook, Google, Twitter, Uber, and Amazon are based on the principle of user enjoyment. Social media, we all know from experience, is addictive; our pleasure is habit-forming by design. This is the first crux of Harcourt?s argument: The expository society exploits, rather than represses, our desires. The second crux is his observation that government and commercial surveillance infrastructures have wholly merged. One of the book?s more important chapters takes on the seemingly self-evident nature of the term ?surveillance state,? which Harcourt argues is misleading. What we have, instead, is an ?amalgam of the intelligence community, retailers, Silicon Valley, military interests, social media, the Inner Beltway, multinational corporations, midtown Manhattan, and Wall Street? that ?forms an oligarchic concentration that defies any such reductionism.? Citing Glenn Greenwald, he notes that 70 percent of the United States? national intelligence budget is spent on the private sector. ?Whatever it is that is surveilling us, then, is not simply ?the state,?? he writes. A more accurate image, he suggests, is a ?tenticular oligarchy? ? a ?large oligopolistic octopus? enveloping the world, neither fully public nor fully private but both. The expository society is indeed a paradoxical beast. Punishment and pleasure have fused, and commerce and surveillance are now one and the same (the convenience of GrubHub, Lyft, Paypal, Instagram, and AT&T is irresistible despite the troubling data-trails). Still, Exposed occasionally collapses categories and situations that are, despite their similarities, crucially distinct. For example, at multiple points Harcourt compares the Apple Watch to an ankle bracelet used for monitoring parolees: ?The Apple Watch begins to function as the ankle bracelet. All is seen, all can be seen, all can be monitored ? inside or out, where we are, free or supervised, we are permanently surveilled.? It may be true that these tracking devices exist on a data-collection continuum. But the experiences of their respective users could not be more different ? and this matters. A person wearing an Apple Watch may be transmitting information, including heart rate and location, that should give them pause, but they are not subjected to the same punitive gaze as a parolee or a prisoner under correctional supervision ? or, for that matter, a laborer whose every movement on the job is tracked, or a welfare recipient whose purchases are assessed by a prying social worker. ?Privacy,? Harcourt himself writes, ?has been privatized.? It is becoming a luxury good, available only to those who can afford it. Harcourt?s analysis hinges on desire: We want to participate, we are impelled to do so, and we like it. But it seems to me we are as much compelled as we are impelled. In my own work on new media, I have described this as a shift from the old model of ?manufacturing consent,? where traditional broadcasters molded public opinion from on high, to one of ?manufacturing compulsion,? where we are, at least superficially, in charge of our media destinies, clicking on whatever we choose. In reality things aren?t so simple: Recommendation algorithms, advertising, and addictive interfaces all chip away at our autonomy in different manners. What?s more, we are forced to participate in online life in myriad ways. Students are advised to manage their social media profiles so they can get into a good college; adults are compelled to groom their LinkedIn profiles in order to secure employment; journalists and other creative professionals are told they must join Twitter to promote their work; and so on. Credit scores are a prime example of this logic of compulsion. We don?t manage our scores for fun but under threat of penalty, in the form of higher interest rates or fees. With a bevy of start-ups innovating new modes of consumer scoring ? many of which use information from data brokers in ways that shrewdly bypass inadequate consumer protections ? we may soon be induced to adapt our online behavior to accommodate them (for example, by not being ?friends? with people the algorithms deem credit risks). Understanding the degree to which we are compelled to participate, as opposed to lamenting the degree to which we desire our own oppression, is important if we want to devise strategies for resistance. Movements derive more energy from tapping into people?s grievances than chastising them for complacency. The challenge ? and this brings us to the book?s concluding section ? is how the ?disobedience? of Harcourt?s subtitle can effectively push back against expository power. Exposed closes on a hopeful note, pointing to pockets of resistance and successful rebels, all people worth celebrating: Chelsea Manning and WikiLeaks, artists like Trevor Paglen and Laura Poitras, free software advocates such as Eben Moglen. But Harcourt?s proposed solutions are not entirely satisfying. He considers boycotting Facebook a radical act, and I disagree. If our goal is to build a robust movement capable of taking on the new power structure he describes, we will have to meet people, at least initially, where they are. More than 1 billion of them are on Facebook. A movement made up only of those savvy enough to congregate on more obscure and secure corners of the internet is destined to remain small. Mass mobilization is an important component of any serious strategy for social change. On the final page of the book, Harcourt praises Occupy Wall Street, not for its mission but for its supposedly leaderless form. (Some of us who were involved in Occupy might challenge that characterization.) The better lesson to take from Occupy is not its approach, which was imperfectly implemented and produced mixed results, but its willingness to challenge capitalism and inequality directly. Ultimately, the society of exposure that Harcourt criticizes is a symptom of the oligarchy?s escalating attack on democracy. The best solution may not be to combat surveillance directly, but to attack the disease: the arrangements that have allowed an unaccountable political and economic elite to emerge. It is true, as Harcourt writes, that the ?customary lines between politics, economics, and society are rapidly vanishing and melding into one?; it is true that the state has merged with corporate interests. But it is also true that the state remains one of the public?s most powerful weapons. If compelled by a powerful social movement, the state could aggressively enforce anti-trust regulations, pass a baseline cross-sector privacy law, enforce labor rights for employees of digital disruptors such as Uber, rein in the financial apparatus that has abetted the latest tech bubble with its massively inflated start-up valuations, and invest in public options such as municipal broadband (paid for, perhaps, with the taxes tech companies are currently dodging by sheltering assets overseas). Instead of merely hiding from the oligopolistic octopus, we should strive to free ourselves from its grip. This article was supported by the Economic Hardship Reporting Project. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 08:17:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 09:17:49 -0500 Subject: [Infowarrior] - =?utf-8?q?Amazon=E2=80=99s_customer_service_backd?= =?utf-8?q?oor?= Message-ID: <55EA6800-4EAF-43F9-8106-B5D9A0247E0A@infowarrior.org> Amazon?s customer service backdoor As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong. Because when someone has gone after me, it all goes for nothing. That?s because most systems come with a backdoor, customer support. In this post I?m going to focus on the most grievous offender: Amazon.com Amazon.com was one of the few companies I trusted with my personal information. After all, I shop there, I used to work as a Software Developer and I am a heavy AWS user (raking up well over $600/month) It all began with a rather innocuous email: < -- > After being the victim of these attacks for months, I?d like to make some recommendations for services: ? NEVER DO CUSTOMER SUPPORT UNLESS THE USER CAN LOG IN TO THEIR ACCOUNT. The only exception to this, would be if the user forgot the password, and there should be a very strict policy. The problem is, 9999 times out of 10000 support requests are legitimate, agents get trained to assume they?re legitimate. But in the 1 case they?re not, you can completely fuck someone over. ? Show support agents the ip address of the person connecting. Is it a usual one? Is it a VPN/tor one? etc. Give them a warning to be suspicious. ? Email services should allow me to easily create lots of aliases. Right now the best defense against social engineering seems to be my fastmail account which allows me to create 1 email address alias per service. This makes it incredibly difficult for an attacker when they can?t even figure out your email. ? Please make whois protection default. Mine leaked because a stupid domain I didn?t care about had its namecheap whois protection expire For users, be extremely careful with the information you share. Even big companies like Amazon can?t keep it safe, they?re far from the worst. https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.xorchqqof -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 08:19:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 09:19:54 -0500 Subject: [Infowarrior] - DOJ's New Restrictions On Surveilling Journalists Contain Exception For National Security Letters Message-ID: <3DDC26C8-A2E7-4317-A9F3-8D23C8D99152@infowarrior.org> (from the "of course they do" department -- because journalism can be considered terrorism if you interpret the law a certain way. The Brits just tried that, but got smacked down by their courts. --rick) DOJ's New Restrictions On Surveilling Journalists Contain Exception For National Security Letters https://www.techdirt.com/articles/20160121/07435233393/dojs-new-restrictions-surveilling-journalists-contain-exception-national-security-letters.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 10:59:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 11:59:14 -0500 Subject: [Infowarrior] - Oz food police want warrantless metadata access Message-ID: When You Crack Open The Surveillance Door, The Food Police Will Want Your Metadata https://www.techdirt.com/articles/20160120/07101033387/when-you-crack-open-surveillance-door-food-police-will-want-your-metadata.shtml < - > If you are in the business of selling lamb chops, make sure you are weighing them properly: the National Measurement Institute wants warrantless access to Australians? metadata to help them hunt down supermarkets skimping on portions. The NMI is one of 61 agencies that has applied to the attorney general, George Brandis, to be classed as a ?criminal law-enforcement agency? in order to gain warrantless access to telecommunications data. As part of the government?s assurances that there would be sufficient privacy safeguards, it reduced the number of agencies that could access the data. But agencies could reapply, with the permission of the attorney general, if they were involved in enforcing ?serious contraventions? of criminal laws. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 17:34:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 18:34:51 -0500 Subject: [Infowarrior] - Released Documents Show NSA Actually Surprised To Find Itself Portrayed Negatively In Popular Culture Message-ID: Released Documents Show NSA Actually Surprised To Find Itself Portrayed Negatively In Popular Culture from the we're-just-massive-dragnet-deployers,-not-murderous-goons! dept The NSA may know lots of stuff about lots of people, but it's still fairly clueless about how the world works. Documents obtained by Buzzfeed's Andrew Kaczynski show the NSA was shocked to find it hadn't been portrayed more favorably in a major motion picture. < - > https://www.techdirt.com/articles/20160121/08512833394/released-documents-show-nsa-actually-surprised-to-find-itself-portrayed-negatively-popular-culture.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 18:46:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 19:46:06 -0500 Subject: [Infowarrior] - Marvin Minsky, Pioneer in Artificial Intelligence, Dies at 88 Message-ID: <81E0A55B-F4A4-4570-86D7-344000210E54@infowarrior.org> Marvin Minsky, Pioneer in Artificial Intelligence, Dies at 88 Glenn Rifkin http://www.nytimes.com/2016/01/26/business/marvin-minsky-pioneer-in-artificial-intelligence-dies-at-88.html?_r=0 Marvin Minsky, who combined a scientist?s thirst for knowledge with a philosopher?s quest for truth as a pioneering explorer of artificial intelligence, work that helped inspire the creation of the personal computer and the Internet, died on Sunday night in Boston. He was 88. His family said the cause was a cerebral hemorrhage. Well before the advent of the microprocessor and the supercomputer, Professor Minsky, a revered computer science educator at M.I.T., laid the foundation for the field of artificial intelligence by demonstrating the possibilities of imparting common-sense reasoning to computers. ?Marvin was one of the very few people in computing whose visions and perspectives liberated the computer from being a glorified adding machine to start to realize its destiny as one of the most powerful amplifiers for human endeavors in history,? said Alan Kay, a computer scientist and a friend and colleague of Professor Minsky?s. Fascinated since his undergraduate days at Harvard by the mysteries of human intelligence and thinking, Professor Minsky saw no difference between the thinking processes of humans and those of machines. Beginning in the early 1950s, he worked on computational ideas to characterize human psychological processes and produced theories on how to endow machines with intelligence. Professor Minsky, in 1959, co-founded the M.I.T. Artificial Intelligence Project (later the Artificial Intelligence Laboratory) with his colleague John McCarthy, who is credited with coining the term ?artificial intelligence.? Beyond its artificial intelligence charter, however, the lab would have a profound impact on the modern computing industry, helping to impassion a culture of computer and software design. It planted the seed for the idea that digital information should be shared freely, a notion that would shape the so-called open-source software movement, and it was a part of the original ARPAnet, the forerunner to the Internet. Professor Minsky?s scientific accomplishments spanned a variety of disciplines. He designed and built some of the first visual scanners and mechanical hands with tactile sensors, advances that influenced modern robotics. In 1951 he built the first randomly wired neural network learning machine, which he called Snarc. And in 1956, while at Harvard, he invented and built the first confocal scanning microscope, an optical instrument with superior resolution and image quality still in wide use in the biological sciences. His own intellect was wide-ranging and his interests were eclectic. While earning a degree in mathematics at Harvard he also studied music, and as an accomplished pianist, he would later delight in sitting down at one and improvising complex baroque fugues. Marvin Minsky in an undated photo. Louis Fabian Bachrach Professor Minsky was lavished with many honors, notably, in 1970, the Turing Award, computer science?s highest prize. He went on to collaborate, in the early ?70s, with Seymour Papert, the renowned educator and computer scientist, on a theory they called ?The Society of Mind,? which combined insights from developmental child psychology and artificial intelligence research. Professor Minsky?s book ?The Society of Mind,? a seminal work published in 1985, proposed ?that intelligence is not the product of any singular mechanism but comes from the managed interaction of a diverse variety of resourceful agents,? as he wrote on his website. Underlying that hypothesis was his and Professor Papert?s belief that there is no real difference between humans and machines. Humans, they maintained, are actually machines of a kind whose brains are made up of many semiautonomous but unintelligent ?agents.? And different tasks, they said, ?require fundamentally different mechanisms.? Their theory revolutionized thinking about how the brain works and how people learn. ?Marvin was one of the people who defined what computing and computing research is all about,? Dr. Kay said. ?There were four or five supremely talented characters from back then who were early and comprehensive and put their personality and stamp on the field, and Marvin was among them.? Marvin Lee Minsky was born on Aug. 9, 1927, in New York City. The precocious son of Dr. Henry Minsky, an eye surgeon who was chief of ophthalmology at Mount Sinai Hospital, and Fannie Reiser, a social activist and Zionist. Fascinated by electronics and science, the young Mr. Minsky attended the Ethical Culture School in Manhattan, a progressive private school from which J. Robert Oppenheimer, who oversaw the creation of the first atomic bomb, had graduated. (Mr. Minsky later attended the affiliated Fieldston School in Riverdale.) He went on to attend the Bronx High School of Science and later Phillips Academy in Andover, Mass. After a stint in the Navy during World War II, he studied mathematics at Harvard and received a Ph.D. in math from Princeton, where he met John McCarthy, a fellow graduate student. Intellectually restless throughout his life, Professor Minsky sought to move on from mathematics once he had earned his doctorate. After ruling out genetics as interesting but not profound, and physics as mildly enticing, he chose to focus on intelligence itself. ?The problem of intelligence seemed hopelessly profound,? he told The New Yorker magazine when it profiled him in 1981. ?I can?t remember considering anything else worth doing.? To further those studies he reunited with Professor McCarthy, who had been awarded a fellowship to M.I.T. in 1956. Professor Minsky, who had been at Harvard by then, arrived at M.I.T. in 1958, joining the staff at its Lincoln Laboratory. A year later, he and Professor McCarthy founded M.I.T.?s AI Project, later to be known as the AI Lab. (Professor McCarthy left for Stanford in 1962.) Professor Minsky?s courses at M.I.T. ? he insisted on holding them in the evenings ? became a magnet for several generations of graduate students, many of whom went on to become computer science superstars themselves. Among them were Ray Kurzweil, the inventor and futurist; Gerald Sussman, a prominent A.I. researcher and professor of electrical engineering at M.I.T.; and Patrick Winston, who went on to run the AI Lab after Professor Minsky stepped aside. Another of his students, Danny Hillis, an inventor and entrepreneur, co-founded Thinking Machines, a supercomputer maker in the early 1990s. Mr. Hillis said he had so been taken by Professor Minsky?s intellect and charisma that he found a way to insinuate himself into the AI Lab and get a job there. He ended up living in the Minsky family basement in Brookline, Mass. ?Marvin taught me how to think,? Mr. Hillis said in an interview. ?He had a style and a playful curiosity that was a huge influence on me. He always challenged you to question the status quo. He loved it when you argued with him.? Professor Minsky?s prominence extended well beyond M.I.T. While preparing to make the 1968 science-fiction epic ?2001: A Space Odyssey,? the director Stanley Kubrick visited him seeking to learn about the state of computer graphics and whether Professor Minsky believed it would be plausible for computers to be able to speak articulately by 2001. Professor Minsky is survived by his wife, Gloria Rudisch, a physician; two daughters, Margaret and Juliana Minsky; a son, Henry; a sister, Ruth Amster; and four grandchildren. ?In some ways, he treated his children like his students,? Mr. Hillis recalled. ?They called him Marvin, and he challenged them and engaged them just as he did with his students.? In 1989, Professor Minsky joined M.I.T.?s fledgling Media Lab. ?He was an icon who attracted the best people,? said Nicholas Negroponte, the Media Lab?s founder and former director. For Dr. Kay, Professor Minsky?s legacy was his insatiable curiosity. ?He used to say, `You don?t really understand something if you only understand it one way,?? Dr. Kay said. ?He never thought he had anything completely done.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 18:50:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 19:50:22 -0500 Subject: [Infowarrior] - Justice official: Law needs access to encrypted communications Message-ID: <8E243B80-534F-400D-83CD-D539DDF3E7C6@infowarrior.org> Justice official: Law needs access to encrypted communications By Katie Bo Williams - 01/25/16 03:35 PM EST http://thehill.com/policy/cybersecurity/266937-caldwell-law-enforcement-must-be-able-to-access-encrypted-communications Assistant Attorney General Leslie Caldwell on Monday insisted that law enforcement must have a way to legally read encrypted communications as a solution to the so-called "going dark" problem. ?From gang activity to child abductions to national security threats, the ability to access electronic evidence in a timely manner is often essential to successfully conducting lawful investigations and preventing harm to potential victims,? Caldwell said at the annual State of the Net Internet Policy Conference in Washington, D.C. Although the Justice Department is ?completely committed to seeking and obtaining judicial authorization for electronic evidence collection in all appropriate circumstances,? Caldwell said, the agency must ?be able to act on it if we are to keep our communities safe and our country secure.? She invoked a recent anecdote from FBI Director James Comey, in which he recounted that one of the shooters who attacked a May contest to draw the Prophet Mohammed in the Garland, Texas, exchanged 109 encrypted messages with overseas terrorists. Caldwell quoted Comey?s remark: ?We have no idea what he said, because those messages were encrypted.? Law enforcement officials have continually argued for some form of guaranteed access to locked communications, while cryptologists and other tech experts insist that unbreakable encryption is critical to keeping the Internet?s infrastructure secure. They say what officials are asking for ? ?a way for law enforcement to retrieve critical information in cases where it?s necessary and authorized,? in Caldwell?s words ? is tantamount to the much-maligned ?back door? that tech experts say is technically infeasible. Caldwell insisted Monday that online security and ?the legal process that protects our values and our safety? are ?complementary, not competing priorities,? urging the tech community to cooperate to ?meet this public need together.? Her remarks come the day after a newly released video from the Islamic State in Iraq and Syria (ISIS) indicated those behind the Paris massacre last year were using encryption to hide their communications. Such reports have been circulating since the attack, fanning the flames of an already tense debate over acceptable encryption standards. Tech companies have been under fierce pressure to open up users? communications to law enforcement. Apple has argued it cannot comply with certain court orders because of how its encryption is designed. Lawmakers are working on several legislative solutions to help authorities get access to hidden communications. McCaul is set to introduce a bill with Sen. Mark Warner (D-Va.) that would establish a national commission to figure out how police can get at encrypted data without endangering Americans? privacy. The pair told reporters they expect the panel would produce some technological options, instead of legislative solutions. Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) want to move quicker and bypass such a commission. The top two lawmakers on the Senate Intelligence Committee are working on legislation that would force companies to comply with court orders requesting encrypted data. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jan 25 18:50:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2016 19:50:59 -0500 Subject: [Infowarrior] - Critics urge lawmakers to repeal recently passed cyber law Message-ID: <3B1050F1-9E30-48EE-B1AF-6BF5F249CF19@infowarrior.org> Critics urge lawmakers to repeal recently passed cyber law By Cory Bennett - 01/25/16 05:02 PM EST http://thehill.com/policy/cybersecurity/266956-cyber-bill-critics-urge-lawmakers-to-repeal-recently-passed-law The push to repeal a recently approved cybersecurity law gained momentum on Monday. A coalition of libertarian, civil liberties and digital privacy groups sent House members a letter urging them to support a bill that would undo the Cybersecurity Act of 2015, which President Obama signed into law in December. ?The Cybersecurity Act of 2015 included provisions unacceptable to the technology community, privacy and open-government advocates, as well as ordinary Americans,? the group?s letter says. The bill will offer companies legal incentives to share more data on cyber threats with the government. Supporters ? including many industry groups and most lawmakers ? say this heightened exchange of information is needed to better understand and thwart hackers. But many tech companies and privacy and civil liberties advocates believe the bill will simply shuttle more sensitive data on Americans to intelligence agencies. Earlier this month, Rep. Justin Amash (R-Mich.), a prominent libertarian voice on Capitol Hill, introduced a bill with Rep. John Conyers (D-Mich.) that would repeal the law. Amash called the new measure ?the worst anti-privacy law since the USA Patriot Act.? In its letter to lawmakers, the coalition echoed Amash?s criticisms. ?These provisions [in the cyber bill] are unlikely to increase the government?s ability to detect, intercept and thwart cyber attacks, yet they institute broad and undefined data-collection capabilities that are certain to undermine government accountability and further erode privacy protections,? it reads. The bill?s backers insist the law clearly defines what type of data the government can collect, and includes strict provisions to strip all datasets of personal information before the data is shared widely throughout the government. But the coalition ? which includes the American Civil Liberties Union, digital rights group the Center for Democracy and Technology, government transparency group Open the Government and the libertarian R Street Institute ? strongly disagrees. The bill, the group argues, contains ?no reasonable limits on the type of information that can be shared, such as individuals? personal online communications.? The detractors also take issue with the final negotiations that merged the House and Senate versions of the cyber bill. Lawmakers combined the bills through unofficial meetings instead of the traditional conference process. The final version of the legislation was then attached to the $1.1 trillion omnibus spending bill that was passed just before the late December recess. ?Questions of cybersecurity and privacy should be debated openly in a manner that allows legislators and the public to criticize and participate,? the letter reads. ?These questions should not be obscured by backroom deals that exclude critical perspectives and due process.? The coalition called on lawmakers to repeal the bill and restart the debate in a more transparent fashion. ?Measures to strengthen cybersecurity should not come at the expense of exposing law-abiding Americans? private information to government surveillance,? the letter says. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 26 13:22:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2016 14:22:23 -0500 Subject: [Infowarrior] - NY Times Files Ridiculous Copyright Lawsuit Over Book That Mocks NYT For Glamorizing War Message-ID: <96748244-E8FF-4960-B79F-3E1BA12A67CC@infowarrior.org> NY Times Files Ridiculous Copyright Lawsuit Over Book That Mocks NYT For Glamorizing War https://www.techdirt.com/articles/20160125/22005433418/ny-times-files-ridiculous-copyright-lawsuit-over-book-that-mocks-nyt-glamorizing-war.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 26 17:21:53 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2016 18:21:53 -0500 Subject: [Infowarrior] - If You Use An Adblocker You Hate Free Speech, Says Internet Ads Guy Message-ID: If You Use An Adblocker You Hate Free Speech, Says Internet Ads Guy https://www.techdirt.com/articles/20160126/07514833429/if-you-use-adblocker-you-hate-free-speech-says-internet-ads-guy.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jan 26 21:22:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2016 22:22:43 -0500 Subject: [Infowarrior] - FBI, DHS Share Lessons Learned from OPM Hack Message-ID: <683FDDBB-3181-460E-BE64-2524D4ACFA59@infowarrior.org> More "lessons learned" to be read and subsequently ignored until the next big incident, at which point, another set of identical "lessons learned" will be generated, read, and ignored. Lather, rinse, repeat. --rick FBI, DHS Share Lessons Learned from OPM Hack https://blog.opendns.com/2016/01/26/fbi-dhs-share-opm-security-lessons-learned/ The fallout from the epic hack on the Office of Personnel Management (OPM) continues. Since the congressional oversight hearings in June 2015, OPM Director Katherine Archuleta resigned; the government was hit with a number of lawsuits from ?victims?; OPM hired a cybersecurity advisor, Clifton Triplett, and increased its IT ?modernization? budget from $31 million to $87 million, with another $21 million scheduled for 2016; and the Obama administration announced Friday that OPM will no longer conduct background investigations. The FBI and Department of Homeland Security also released a ?cyber alert? outlining a collective analysis and lessons learned from the OPM hack. The memo was distributed only to cleared contractors by the Defense Security Service, and it includes a number of recommendations for security efforts going forward. While the memo does not name OPM specifically, according to an FCW article, the timing of its release and the recommendations included reportedly coincide with the OPM breach directly. At the forefront is the recommendation for a segmented identity management system, which, according to the memo, could have limited the severity of the OPM breach. From the FCW article: ?When an organization?s network is not segmented from others, this could mean hundreds of sub-networks are affected versus one,? the memo states. Privileged access controls ?would have helped detect the intrusion earlier and made it significantly more difficult for the actor to spread across the network.? While the entire memo could not be located, FCW did list a number of security recommendations from it, including: ? Enabling a personal firewall at agency workstations ? Monitoring users? online habits and blocking potentially malicious sites ? Employing encryption for data at rest and in transit ? and Investigating ?outbound network traffic observed over TCP port 53 that does not conform to the DNS protocol.? < -> https://blog.opendns.com/2016/01/26/fbi-dhs-share-opm-security-lessons-learned/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jan 27 18:23:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2016 19:23:48 -0500 Subject: [Infowarrior] - VMware Fusion, Workstation team culled in company restructure Message-ID: <2F074A55-1B4B-487E-ABB4-13B78A3DAE68@infowarrior.org> VMware Fusion, Workstation team culled in company restructure by Sean Gallagher - Jan 27, 2016 5:08pm EST http://arstechnica.com/information-technology/2016/01/vmware-fusion-workstation-team-culled-in-company-restructure/ Company says it's just "transitioning" as part of reorganization, products will be supported. Members of VMware's "Hosted UI" team?the developers responsible for the virtualization company's Workstation and Fusion desktop products?were apparently laid off on Monday as part of a restructuring of the company that was announced yesterday. The developers were just a part of a larger layoff as the company moved to cut costs and brought aboard a new chief financial officer. "VMware? announced a restructuring and realignment of approximately 800 roles," a company spokesperson said in a press release Monday, "and plans to take a GAAP charge estimated to be between $55 million and $65 million related to this action over the course of the first half of 2016. The company plans to reinvest the associated savings in field, technical and support resources associated with growth products." In a blog post, Christian Hammond, a former member of the Hosted UI team, reported the layoff, along with concerns about the future of the "award winning and profitable" desktop virtualization products. "VMware lost a lot of amazing people, and will be feeling that for some time to come, once they realize what they?ve done," Hammond wrote. "It?s a shame. As for our team, well, I think everyone will do just fine. Some of the best companies in the Silicon Valley are full of ex-VMware members, many former Hosted UI, who would probably welcome the chance to work with their teammates again." When contacted to comment, a VMware spokesman said that the company was committed to continuing development and support for Fusion and Workstation and that the company was "transitioning the Fusion and Workstation teams to co-locate" with the rest of the company as part of its reorganization. "Our commitment to Fusion and Workstation products is unchanged," he said. VMware was acquired by EMC in 2004, which offered 15 percent of VMware's stock in a 2007 initial public offering. EMC is in the process of being acquired by Dell, which would give Dell a majority stake in VMware (though the company will remain independent). Despite being profitable, VMware's stock valuation has fallen since the EMC acquisition was announced in October. Part of the fall might be attributed to the decision by VMware and EMC to spin off their joint cloud virtualization venture Virtustream as a separate company?and the fact that Dell might decide to sell off EMC's 80-percent stake in VMware to cover some of the cost of the acquisition. In other words, blame Michael Dell. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 28 07:01:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2016 08:01:10 -0500 Subject: [Infowarrior] - Navy's intel chief: no clearance for 2 years Message-ID: <989B136D-06C9-4E6B-A4CC-6A1512F3FAE0@infowarrior.org> The admiral in charge of Navy intelligence has not been allowed to see military secrets for years By Craig Whitlock For more than two years, the Navy?s intelligence chief has been stuck with a major handicap: He?s not allowed to know any secrets. Vice Adm. Ted ?Twig? Branch has been barred from reading, seeing or hearing classified information since November 2013, when the Navy learned from the Justice Department that his name had surfaced in a giant corruption investigation involving a foreign defense contractor and scores of Navy personnel. Worried that Branch was on the verge of being indicted, Navy leaders suspended his access to classified materials. They did the same to one of his deputies, Rear Adm. F. Loveless, the Navy?s director of intelligence operations. More than 800 days later, neither Branch nor Loveless has been charged. But neither has been cleared, either. Their access to classified information remains blocked. Although the Navy transferred Loveless to a slightly less sensitive post, it kept Branch in charge of its intelligence division. That has resulted in an awkward arrangement, akin to sending a warship into battle with its skipper stuck onshore. [Epic Navy bribery scandal shows how easy it can be to steal military secrets] Branch can?t meet with other senior U.S. intelligence leaders to discuss sensitive operations, or hear updates from his staff about secret missions or projects. It can be a chore just to set foot in colleagues? offices; in keeping with regulations, they must conduct a sweep beforehand to make sure any classified documents are locked up. Some critics have questioned how smart it is for the Navy to retain an intelligence chief with such limitations, for so long, especially at a time when the Pentagon is confronted by crises in the Middle East, the South China Sea, the Korean Peninsula and other hotspots. ?I have never heard of anything as asinine, bizarre or stupid in all my years,? Norman Polmar, a naval analyst and historian, said in an interview. < - > https://www.washingtonpost.com/news/checkpoint/wp/2016/01/27/the-admiral-in-charge-of-navy-intelligence-has-not-been-allowed-to-see-military-secrets-for-years/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 28 07:20:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2016 08:20:24 -0500 Subject: [Infowarrior] - Space Shuttle Challenger exploded 30 years ago today Message-ID: Middle school - earth science class, watching it live. And I remember being in a daze walking across the parking lot to my next class afterward. "Go with throttle up" was always a palpitation-inducing moment when watching future launches. One of the most potent childhood memories of my generation, I think. 30 years ago today. -- rick Space Shuttle Challenger exploded 30 years ago today By Deb Kiner | dkiner at pennlive.com on January 28, 2016 at 7:13 AM, updated January 28, 2016 at 7:23 AM http://www.pennlive.com/news/2016/01/space_shuttle_challenger_explo.html Do you remember where you were? As the whole world watched, on Jan. 28, 1986, the first teacher in space, Sharon Christa McAuliffe, and her fellow crew members of Space Shuttle Challenger, died when just 73 seconds into its mission, it exploded. The crew members were Francis R. Scobee, mission commander; Gregory Jarvis, payload specialist; Judith A. Resnik, mission specialist; Ronald E. McNair, mission specialist; Mike J. Smith, pilot; Ellison S. Onizuka, mission specialist; and McAuliffe, teacher in space and payload specialist. Challenger's launch had been delayed several times. Ultimately, its mission lasted just 1 minute and 13 seconds. It traveled 18 miles. Challenger disintegrated over the Altantic Ocean off the coast of Cape Canaveral, Fla. The explosion was blamed on a failed O-ring seal in the right rocket booster. The seal had become brittle because of the cold temperature that morning. Several crew members are known to have survived the initial breakup ? four "Personal Egress Air Packs" were found to have been activated. But, the impact of the crew cabin with the surface of the ocean was not survivable. Divers from the USS Preserver found the crew compartment on the ocean floor on March 7. The remains of the seven crew members were found in the compartment. The "Report of the Presidential Commission on the Space Shuttle Challenger Accident" on the cause of the accident said this, "The consensus of the Commission and participating investigative agencies is that the loss of the Space Shuttle Challenger was caused by a failure in the joint between the two lower segments of the right Solid Rocket Motor. The specific failure was the destruction of the seals that are intended to prevent hot gases from leaking through the joint during the propellant burn of the rocket motor. The evidence assembled by the Commission indicates that no other element of the Space Shuttle system contributed to this failure." The video below is from CNN's coverage. http://www.pennlive.com/news/2016/01/space_shuttle_challenger_explo.html -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jan 28 07:25:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2016 08:25:28 -0500 Subject: [Infowarrior] - more on ... Re: Space Shuttle Challenger exploded 30 years ago today In-Reply-To: References: Message-ID: <29C4DB8C-C7BE-4BD3-9F84-CC5C345959AE@infowarrior.org> Speaking of remembering Challenger, I encourage folks to watch 2013's "The Challenger Disaster" movie. Well-done drama that provides a good glimpse into how many government investigations are ... conducted. Dr. Richard Feynman's role is particularly noteworthy both IRL and the movie. http://www.imdb.com/title/tt2421662/ From rforno at infowarrior.org Thu Jan 28 12:06:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2016 13:06:18 -0500 Subject: [Infowarrior] - =?utf-8?q?Congressional_Hearings_on_Surveillance_?= =?utf-8?q?Programs_to_Kick_Off_=E2=80=94_in_Secret?= Message-ID: <71842E3C-920C-40FF-82F6-D0B10746DE64@infowarrior.org> (Annoying, but perhaps somewhat understandable and even acceptable. Maybe. --rick) Congressional Hearings on Surveillance Programs to Kick Off ? in Secret Jenna McLaughlin Jan. 28 2016, 10:14 a.m. https://theintercept.com/2016/01/28/congressional-hearings-on-surveillance-programs-to-kick-off-in-secret/ The House Judiciary Committee will hold its first hearing next week on two of the NSA spying programs revealed by whistleblower Edward Snowden that vacuum up domestic content despite being ostensibly targeted at foreigners: PRISM and Upstream. But, to the great consternation of 26 government accountability groups who wrote an angry letter to committee leaders on Wednesday, the public is not invited. The entire hearing is classified, and closed. Section 702 of the Foreign Intelligence Surveillance Amendments Act of 2008, which has been cited as the legal authority for those two programs, lapses next year. The debate over whether to reauthorize it is expected to be the most substantive public examination of the NSA?s surveillance regime since Congress?s decision to end NSA?s collection of bulk metadata of U.S. phone calls. Kicking off that debate with a closed hearing sets the wrong tone, groups including openthegovernment.org and the ACLU wrote in their letter. ?It continues the excessive secrecy that has contributed to the surveillance abuses we have seen in recent years and to their adverse effects upon both our civil liberties and economic growth.? The authors of the letter reminded the committee that discussions over the original passage of the FISA Amendments Act in 2008 ?happened largely in open session,? and that matters of national security are often discussed in open hearings, with classified briefings reserved for specific questions. Specifically, they wrote, ?In the case of Section 702 implementation oversight, a completely closed hearing is unnecessary to provide members with an adequate understanding of how the law is currently implemented by the executive branch and whether that exceeds Congress?s original intent.? The two programs that run under Section 702 vacuum up hundreds of millions of online messages and voice communications, including emails, Skype calls, and Facebook messages, that involve ?targeted? suspects overseas and the people they talk to. PRISM gets the data from companies like Google, Apple, and Yahoo. Upstream siphons it off from major internet cables owned by the big telecom companies. The programs accidentally sweep up American communications, too ? how many, we still don?t know. And once those communications are in the database, the NSA can search them without a warrant. ?Closed briefings are necessary for members of Congress to ask questions about classified information,? said Judiciary Committee member Jim Sensenbrenner, R-Wisc., in a statement to The Intercept. ?However, I would support a subsequent open hearing on Section 702 of the Foreign Intelligence Surveillance Act because transparency and public discussion are critical to the reform and reauthorization of Section 702.? Sensenbrenner was the original author of the USA Patriot Act, which was interpreted by the NSA as authorizing bulk collection of American telephone records. Since the Snowden revelations, Sensenbrenner has argued the law was never meant to sanction that kind of power. He has sponsored the Judicial Redress Act, which is aimed at providing foreigners the opportunity to sue in some cases where they claim their data is being improperly handled. Section 702 has basically no protections for foreign citizens? data ? despite President Barack Obama?s pledge to provide privacy protections to those overseas. Rep. Zoe Lofgren, D-Calif., a longtime privacy advocate, called for holding an open hearing soon. ?Reports indicate that FISA Section 702 authority has been used by the NSA to search Americans? photographs, emails, and other communications without warrant or probable cause,? she said in a statement emailed to The Intercept. ?The House has twice overwhelmingly voted to close the 702 loophole. During markup last year, Chairman [Bob] Goodlatte indicated his intent to deal with these problems before the 702 sunset date forces Congress to act hastily. While it is important to address some questions in a classified setting, open hearings on the aspects of 702 surveillance that are not classified are essential. I hope the committee will hold a public hearing in the coming weeks.? Closed sessions deprive not just the public of information, but other members of Congress as well. ?The warrantless surveillance conducted under Section 702 of the Foreign Intelligence Surveillance Act is arguably worse than the collection of records authorized by Section 215 of the Patriot Act,? Rep. Thomas Massie, R-Ky., said in a statement to The Intercept. ?Unfortunately, closed committee sessions and insufficient congressional oversight contributed to the evolution of our unconstitutional surveillance state. Moving forward, it is imperative that Congress approach Section 702 reform as openly as possible.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 29 06:10:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2016 07:10:14 -0500 Subject: [Infowarrior] - Intercept: NSA/GCHQ hacked Israeli drone feeds Message-ID: <24D77E51-19AA-4D79-8E12-3D36A4EB8B69@infowarrior.org> Spies in the Sky Cora Currier, Henrik Moltke Jan. 28 2016, 10:08 p.m. AMERICAN AND BRITISH INTELLIGENCE secretly tapped into live video feeds from Israeli drones and fighter jets, monitoring military operations in Gaza, watching for a potential strike against Iran, and keeping tabs on the drone technology Israel exports around the world. Under a classified program code-named ?Anarchist,? the U.K.?s Government Communications Headquarters, or GCHQ, working with the National Security Agency, systematically targeted Israeli drones from a mountaintop on the Mediterranean island of Cyprus. GCHQ files provided by former NSA contractor Edward Snowden include a series of ?Anarchist snapshots? ? thumbnail images from videos recorded by drone cameras. The files also show location data mapping the flight paths of the aircraft. In essence, U.S. and British agencies stole a bird?s-eye view from the drones. Several of the snapshots, a subset collected in 2009 and 2010, appear to show drones carrying missiles. Although they are not clear enough to be conclusive, the images offer rare visual evidence to support reports that Israel flies attack drones ? an open secret that the Israeli government won?t acknowledge. ?There?s a good chance that we are looking at the first images of an armed Israeli drone in the public domain,? said Chris Woods, author of Sudden Justice, a history of drone warfare. ?They?ve gone to extraordinary lengths to suppress information on weaponized drones.? < - > https://theintercept.com/2016/01/28/israeli-drone-feeds-hacked-by-british-and-american-intelligence/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 29 06:37:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2016 07:37:37 -0500 Subject: [Infowarrior] - Feds: DHS $6B Einstein not working too well Message-ID: <9AD07E6F-ED3D-4DC6-A9E1-C4E7D4309732@infowarrior.org> (Why does this not surprise me in the slightest? ---rick) US Homeland Security's $6B Firewall Has More Than a Few Frightening Blind Spots Aliya Sternstein 5:00 AM ET http://www.defenseone.com/technology/2016/01/us-homeland-securitys-6b-firewall-has-more-few-frightening-blind-spots/125528/ A firewall run by the Department of Homeland Security meant to detect and prevent nation-state hacks against the government functions ineffectively, according to a sanitized version of a secret federal audit. EINSTEIN relies on patterns of attacks, called signatures, to spot suspicious traffic, but it does not scan for 94 percent of commonly known vulnerabilities or check web traffic for malicious content. Those are two of the many failings uncovered in a damning public version of a ?for official use only? Government Accountability Office report. In addition, the prevention feature of the system is only deployed at five of the 23 major nondefense agencies. Lawmakers in November 2015 suggested the then-confidential audit of EINSTEIN, formally called the National Cybersecurity Protection System, or NCPS, would prove the hacker surveillance system is not governmentwide. The newly released audit corroborates their views and points out other misaligned objectives and technologies in a $6 billion project DHS cannot say helps combat hackers, according to auditors. ?Until NCPS? intended capabilities are more fully developed, DHS will be hampered in its abilities to provide effective cybersecurity-related support to federal agencies,? GAO director of information security issues, Gregory C. Wilshusen, and Nabajyoti Barkakati, director of the GAO Center for Technology and Engineering, said in the audit, which was released Thursday. The auditors focused their study on the departments of Energy and Veterans Affairs, as well as the General Services Administration, the National Science Foundation and the Nuclear Regulatory Commission. Does Not Cover Nation-State ?Advanced Persistent Threats? ?The overall intent of the system was to protect against nation-state level threat actors,? according to the audit, yet EINSTEIN missed so-called advanced persistent threats. Such attacks are a common tactic among foreign adversaries, in which a well-resourced group obtains a foothold in part of a target?s system and lingers invisibly for months at a time until achieving its mission. EINSTEIN ?did not possess intrusion detection signatures that fully addressed all the advanced persistent threats we reviewed,? the authors said. In response to a draft report, DHS officials said EINSTEIN is only one technology of many that each department uses to protect its sensitive data. It is the job of the individual agency to keep its IT and data safe, while Homeland Security?s role is confined to providing baseline protections and a big-picture perspective of security controls governmenwide, they said. EINSTEIN works by pushing out signatures of known attack patterns to 228 intrusion-detection sensors placed throughout the dot-gov network. The sensors analyze patterns in agency traffic flows to see if they match any of the signatures. EINSTEIN Doesn?t Know Common Security Vulnerabilities But the signatures ?do not address threats that exploit many common security vulnerabilities and thus may be less effective,? the auditors said. The quality of EINSTEIN hinges on the quality of its vulnerability signatures. ?However, the signatures supporting NCPS?s intrusion detection capability only identify a portion of vulnerabilities associated with common software applications,? the authors reported. Of five client applications reviewed ? Adobe Acrobat, Flash, Internet Explorer, Java and Microsoft Office ? the system was able to flag, to some extent, only 6 percent of all the security bugs tested. ? 29 out of 489 vulnerabilities. One reason for the blind spots, according to the auditors, is that EINSTEIN does not sync with the standard national database of security flaws maintained by the National Institute of Standards and Technology. Homeland Security officials said they weren?t required to link up the signatures with the vulnerability database when EINSTEIN was first developed. DHS ?has acknowledged this deficiency? and plans to address it in the future, according to the audit. No Way to Spot Unknown Zero Days until ?Announced? The espionage artists behind a background check hack at the Office of Personnel Management busted through EINSTEIN?s defenses with malware DHS admits the system cannot handle. The assailants, allegedly backed by China, wielded ?zero day? exploits that are not publicly known and certainly not published as signatures. ?Regarding zero day exploits,? Homeland Security officials stated ?there is no way to identify them until they are announced,? the report states. Once they are disclosed, DHS can mold a signature to the attack pattern and feed it into EINSTEIN. Sometimes, intelligence community partners will notify DHS about zero day exploits before they are publicly revealed, and those exploits are usually malware, according to the audit. DHS officials told the auditors that Homeland Security does not pay for zero days. EINSTEIN can prevent intrusions in almost-real time within certain data flows. Still, there are key network flows the system can?t see. For example, the system can block malicious ?domain name system? servers and filter emails, but ?there are other types of network traffic (e.g., web content), which are common vectors of attack not currently being analyzed for potentially malicious content,? the authors said. Information Sharing Is Often A Waste DHS is working to overcome technological and policy issues that have stymied activation of intrusion-prevention features at 5 of the 23 agencies, GAO officials said. The IT infrastructures at each agency differ and EINSTEIN must be tailored to each setup. In addition, not all agencies meet the security specifications for EINSTEIN to perform properly. In general, agencies are concerned about the system disrupting mission-critical applications, like email. Information sharing is another goal of EINSTEIN in need of attention, according to the review. ?DHS?s sharing of information with agencies has not always been effective, with disagreement among agencies about the number of notifications sent and received and their usefulness,? the GAO auditors said. The agencies reviewed did not receive 24 percent of the notifications Homeland Security said it had sent in fiscal 2014. The ones that did reach IT personnel often served no purpose, according to the audit. Of the 56 alerts communicated successfully, 31 were timely and useful, while the rest were too slow, useless, false alarms or unrelated to intrusion detection. Meanwhile, DHS has created a variety of metrics related to EINSTEIN. ?None provide insight into the value derived from the functions of the system,? the auditors said. Aliya Sternstein reports on cybersecurity and homeland security systems. She?s covered technology for more than a decade at such publications as National Journal's Technology Daily, Federal Computer Week and Forbes. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 29 14:53:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2016 15:53:02 -0500 Subject: [Infowarrior] - The Clinton email drama gets much worse Message-ID: <732BCD87-E97F-4510-8F38-7C37FCFC482B@infowarrior.org> (Yes, it's a political story, but there are blatant infosec ramifications here, too. Both politically and technically, this is a BAD situation imho. --rick) Official: Some Clinton emails 'too damaging' to release By Catherine Herridge, Pamela K. Browne Published January 29, 2016 http://www.foxnews.com/politics/2016/01/29/official-some-clinton-emails-too-damaging-to-release.html EXCLUSIVE: The intelligence community has now deemed some of Hillary Clinton?s emails ?too damaging" to national security to release under any circumstances, according to a U.S. government official close to the ongoing review. A second source, who was not authorized to speak on the record, backed up the finding. The decision to withhold the documents in full, and not provide even a partial release with redactions, further undercuts claims by the State Department and the Clinton campaign that none of the intelligence in the emails was classified when it hit Clinton's personal server. Fox News is told the emails include intelligence from "special access programs," or SAP, which is considered beyond ?Top Secret.? A Jan. 14 letter, first reported by Fox News, from intelligence community Inspector General Charles McCullough III notified senior intelligence and foreign relations committee leaders that "several dozen emails containing classified information? were determined to be ?at the CONFIDENTIAL, SECRET, AND TOP SECRET/SAP levels." The State Department is trying to finish its review and public release of thousands of Clinton emails, as the Democratic presidential primary contests get underway in early February. Under the Freedom of Information Act, or FOIA, there is an exemption that allows for highly sensitive, and in this case classified, material to be withheld in full -- which means nothing would be released in these cases, not even heavily redacted versions, which has been standard practice with the 1,340 such emails made public so far by the State Department. According to the Justice Department FOIA website, exemption ?B3? allows a carve-out for both the CIA and NSA to withhold "operational files." Similar provisions also apply to other agencies. Fox News reported Friday that at least one Clinton email contained information identified as "HCS-O," which is the code for intelligence from human spying. One source, not authorized to speak on the record, suggested the intelligence agencies are operating on the assumption there are more copies of the Clinton emails out there, and even releasing a partial email would provide enough clues to trace back to the original ? which could allow the identification of ?special access programs? intelligence. There was no comment to Fox News from the Office of the Director of National Intelligence, the Office of the Intelligence Community Inspector General, or the agency involved. Fox News has chosen not to identify the agency that provided sworn declarations that intelligence beyond Top Secret was found in the Clinton emails. Reached for comment by Fox News, a State Department official did not dispute that some emails will never be made public. ?We continue to process the next set of former Secretary Clinton?s emails for release under the FOIA process and will have more to say about it later,? the official said. ?As always, we take seriously our responsibilities to protect sensitive information.? The State Department was scheduled to release more Clinton emails Friday, while asking a D.C. federal court for an extension. FBI investigators looking into the emails are focused on the criminal code pertaining to ?gross negligence? in the handling and storage of classified information, and ?public corruption.? ?The documents alone in and of themselves set forth a set of compelling, articulable facts that statutes relating to espionage have been violated,? a former senior federal law enforcement officer said. The source said the ongoing investigation along the corruption track ?also stems from her tenure of secretary. These charges would be inseparable from the other charges in as much as there is potential for significant overlap and correlation." Based on federal regulations, once classified information is spilled onto a personal computer or device, as was the case with Clinton and her aides, the hardware is now considered classified at the highest classification level of the materials received. While criticized by the Clinton campaign, McCullough, an Obama administration appointee, was relaying the conclusion of two intelligence agencies in his letter to Congress that the information was classified when it hit Clinton?s server -- and not his own judgment. Joseph E. Schmitz, a former inspector general of the Department of Defense, called the attacks on McCullough a ?shoot the watchdog? tactic by Clinton?s campaign. The developments, taken together, show Clinton finding herself once again at the epicenter of a controversy over incomplete records. During her time as the first female partner at the Rose Law firm in Arkansas during the mid-1980s, she was known as one of the ?three amigos? and close with partners Webb Hubbell and Vince Foster. Hubbell ended up a convicted felon for his role in the failure of the corrupt Madison Guaranty, a savings and loan which cost taxpayers more than $65 million. Hubbell embezzled more than a half-million dollars from the firm. Foster killed himself in Washington, D.C., in July 1993. As Clinton?s partner in the Rose Law firm, he had followed the Clintons into the White House where he served as the Clintons? personal lawyer and a White House deputy counsel. Clinton?s missing Rose Law billing records for her work for Guaranty during the mid-1980s were the subject of three intense federal investigations over two years. Those records, in the form of a computerized printout of her work performed on behalf of Guaranty, were discovered under mysterious circumstances in the Book Room of the private White House living quarters. The discovery of those records was announced during a blizzard in January 1996 by attorney David , who still represents Hillary Clinton. After Clinton testified before a grand jury, prosecutors concluded there was insufficient evidence to prove beyond a reasonable doubt she committed perjury or obstruction of justice. Despite Clinton?s recent public statements about not knowing how the technology works, at least one email suggests she directed a subordinate to work around the rules. In a June 2011 email to aide Jake Sullivan, she instructed him to take what appeared to be classified talking points, and "turn into nonpaper w no identifying heading and send nonsecure." A State Department spokesman could not say whether such a fax was sent. Catherine Herridge is an award-winning Chief Intelligence correspondent for FOX News Channel (FNC) based in Washington, D.C. She covers intelligence, the Justice Department and the Department of Homeland Security. Herridge joined FNC in 1996 as a London-based correspondent. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jan 29 20:26:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2016 21:26:48 -0500 Subject: [Infowarrior] - White House denies clearance to tech researcher with links to Snowden Message-ID: <34B49E29-0C9F-4494-8FA4-50A59C82BEE9@infowarrior.org> White House denies clearance to tech researcher with links to Snowden Danny Yadron http://www.theguardian.com/technology/2016/jan/29/white-house-tech-researcher-denied-security-clearance-edward-snowden-nsa The White House has denied a security clearance to a member of its technology team who previously helped report on documents leaked by Edward Snowden. Ashkan Soltani, a Pulitzer prize-winning journalist and recent staffer at the Federal Trade Commission, recently began working with the White House on privacy, data ethics and technical outreach. The partnership raised eyebrows when it was announced in December because of Soltani?s previous work with the Washington Post, where he helped analyze and protect a cache of National Security Agency documents leaked by Snowden. His departure raises questions about the US government?s ability to partner with the broader tech community, where people come from a more diverse background than traditional government staffers. It also suggests that nearly three years later, the Snowden episode remains a highly charged issue inside the Obama administration. Recently some current and former administration officials said the former NSA contractor sparked a ?necessary debate? on surveillance, even if they disagreed with his tactics. It remains unclear exactly why the White House parted ways with Soltani. In December, Megan Smith, White House chief technology officer and a former Google executive, welcomed him to her team with an effusive post on Twitter that referenced Soltani?s account handle, @Ashk4n. Soltani since then has been on loan from the FTC to the White House. He was in the process of getting approved for a clearance to work in one of America?s most secured office buildings. Soltani said he passed his drug test and the Federal Bureau of Investigation hadn?t yet finished his background check, meaning it would have been too early for the bureau to weigh in on his employment. ?This is something that happens from time to time, and I won?t speculate on the reasons,? Soltani said in a statement provided to the Guardian. ?I am proud of my work, I passed the mandatory drug screening some time ago and the FBI background check was still underway. There was also no allegation that it was based on my integrity or the quality of my work.? A White House official said: ?Ashkan Soltani was on a detail to the Office of Science and Technology Policy from the Federal Trade Commission, and his detail has ended.? Christopher Soghoian, principal technologist with the American Civil Liberties Union, said he wouldn?t speculate on why Soltani was being denied a job, though he did note that he published many stories that likely irked America?s intelligence officials. ?My guess is there are people who are never going to forgive him for that,? said Soghoian, who lauded Soltani?s technical acumen. ?At a time when the government can?t get cybersecurity right they deeply need people like Ashkan in the White House,? he said. The move is a blow for Smith, the White House CTO, who has spent the past year trying to lure more pure-blood technologists to government. It can be a tough sell. Compared to Silicon Valley, the pay is less, the hours are longer and the cafeteria isn?t free. Soltani, 41 years old, has been drawn to working on public policy issues since spending years as a private security researcher. In addition to the Post, he has worked with the New York Times, the University of California Berkeley and the Wall Street Journal. In October of 2014 he joined the FTC as its chief technologist, where he worked on consumer protection issues. He, along with his Post colleagues and the Guardian, won a Pulitzer prize in 2014 for their coverage of the Snowden affair. So like many techies before him, Soltani said he now likely will leave Washington. ?I?m definitely ready to go back to the west coast for a bit,? said Soltani, an avid mountain biker. ?I just wish I hadn?t spent all my money on suits instead of bike parts.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 30 08:57:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2016 09:57:30 -0500 Subject: [Infowarrior] - Judge rules FBI unlawfully refused to comply with information act requests Message-ID: <21CB9142-9E49-42BB-87BC-042CB0F04CF3@infowarrior.org> Judge rules FBI unlawfully refused to comply with information act requests Sam Thielman http://www.theguardian.com/us-news/2016/jan/30/judge-rules-fbi-unlawfully-refused-answer-foia-requests The FBI unlawfully and systematically obscured and refused to answer legitimate requests for information about how well it was complying with the Freedom of Information Act (Foia), a Washington, DC court found last week. US district judge Randolph D Moss ruled in favor of MIT PhD student Ryan Shapiro, finding that the government was flouting Foia, a law intended to guarantee the public access to government records unless they fall into a protected category. Moss found that the FBI?s present policy is ?fundamentally at odds with the statute?. Shapiro has, with his attorney Jeffrey Light, provided documents obtained using Foia requests to the Guardian in the past. The bureau shot down requests for information so regularly and thoroughly ? sometimes saying that records were unavailable, sometimes that they didn?t exist, sometimes that it could neither confirm nor deny the existence of records ? that Shapiro and his co-plaintiffs asked for more information about the process by which they had been so often refused. And those requests for clarifying information were categorically denied on the grounds that any information about the FBI?s reasons for denying previous Foia requests were by their very nature secret. Shapiro and his fellow plaintiffs contended that the government often acts in bad faith and was trying to shield itself from scrutiny as broadly as possible. In doing so, they said, it had stretched the law to breaking point by including harmless documents in the broad categories of material it refuses to hand over or discuss. ?As the plaintiffs correctly observe, dissatisfied Foia requesters are often required to take the government at its word in Foia litigation, where the government has access to the disputed records and knowledge of how a search and response was conducted,? wrote Moss in a 63-page opinion. There are at least three categories of records the FBI simply refuses to part with: ? ?search slips?, which document the efforts of analysts to find files requested ? case evaluations of the analysts supposedly looking for the records in question, which could detail whether an individual analyst has a history of errors or overapplication of the nine Foia exemptions ? Case processing notes, which provide further detail of individual searches ?The FBI does nearly everything within its power to avoid compliance with the Freedom of Information Act,? Shapiro told the Guardian. ?This results in the outrageous state of affairs in which the leading federal law enforcement agency in the country is in routine and often flagrant violation of federal law.? The main argument the FBI made was that the documents detail law enforcement techniques and procedures that are not generally known to the public ? an established exemption from Foia. The plaintiffs provided examples of each kind of document obtained by Foia before the FBI adopted its policy of nondisclosure. Moss agreed that even if individual documents were protected by that Foia exemption, the entire categories of document the FBI withholds were emphatically not. ?[The FBI] concedes that the vast majority of [the records in question] are not protected at all,? he wrote. ?It is only arguing that by withholding all search slips, even those not protected by Foia, it can amass a haystack in which to hide the search slips that are protected [emphasis his].? ?[T]he FBI?s exercise of its statutory authority to exclude documents from Foia?s reach is not the kind of ?technique? or ?procedure?? to which the necessary exemption refers, wrote Moss. Shapiro and Light sued alongside Jeffrey Stein and nonprofit group Truthout, who were represented by Kel McClanahan of co-litigant group National Security Counselors. There is little love lost between Shapiro and the government. Shapiro boasts the unusual distinction among graduate students of having his dissertation work challenged in court on the creative grounds that it constitutes a dangerous ?mosaic? of individually legal parts that, were it released, could ?significantly and irreparably damage national security?, in the words of the FBI. It?s an argument that Shapiro finds interesting and would very much like to hear in detail, but he can?t. ?We can?t even read most of the FBI?s argument to support this contention, because the FBI submitted it in the form of an ex parte, in camera declaration,? Shapiro said. ?This is essentially a secret letter to the judge from the deputy assistant director of the FBI?s counterterrorism division.? Shapiro may be the single most prolific Foia requester in the history of that law, so when he says the FBI is particularly difficult to work with, it?s because he has worked with many government agencies. ?While Foia with some agencies can be akin to a protracted business meeting or an attempt to get telephone customer support from a telecom over a holiday weekend,? he said, ?Foia with the FBI is a street fight.? Despite multiple emails, the Justice Department did not respond with comment on the ruling by press time. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jan 30 20:37:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2016 21:37:47 -0500 Subject: [Infowarrior] - Air Force Firewall Now Designated a Weapons System Message-ID: <242CFE43-061E-423E-A21B-28798D264DE3@infowarrior.org> Airmen get computer 'weapon system' just in time for Colorado Springs symposium By: Tom Roeder http://gazette.com/airmen-get-computer-weapon-system-just-in-time-for-colorado-springs-symposium/article/1568823 Air Force Space Command has declared its first cyber "weapons system" operational as a conference of computer warfare experts gets ready to kick off in Colorado Springs. The weapon, deemed fully operational this month, is basically a big firewall designed to protect the Air Force's internal 1 million-user network from hackers. It will be a hot topic at the Rocky Mountain Cyber Symposium, which is expected to draw hundreds of computer experts to The Broadmoor for a four-day confab starting Monday. The Air Force has been upping its focus on computer warfare and the keynote speaker at the symposium is Space Command boss Gen. John Hyten, whose command oversees the service's efforts in cyberspace. One of Hyten's goals has been to get the tools used by computer warfare airmen designated as weapons - the same title given to planes, bombs guns and satellites. The biggest reason for the weaponization push is financial: When it comes to budget battles, weapons, even those with a keyboard and a mouse, get cash from Congress. "Designating something as a weapons system really does help us justify our funding," Col. Pamela Wooley, who commands the Alabama-based 26th Cyberspace Operations Group, which includes the new weapon. "It also helps us with our training because it helps us define better training systems. It is really pretty exciting for our airmen." The symposium, sponsored by the local chapter of the Armed Forces Communications and Electronics Association, has grown substantially in recent years as the military has awoken to computer-borne threats. Commanders say things like the new firewall "weapon" are crucial because enemies - jihadists, disgruntled teenagers and nation states - can attack U.S. interests online for the cost of a cheap laptop. Wooley's unit has joined a seven-year effort to make the Air Force's network more defensible. The service once had 100 entry points where its network intersected with the public Internet. That meant computer warfare airmen had 100 gates to defend. Now, Wooley said the Air Force just has 16 of those gates. Getting the tighter defenses and the weapons-system designation for Internet defense has also allowed the computer airmen time to join in wargames focused on thwarting hackers. "We are playing in some big exercises now," Wooley said. Troops under Wooley's command will be at The Broadmoor next week to pick up lessons from the civilian world. Speakers include Dale Zabriskie, the top technologist for computer security firm Symantec and John Stewart, head of security for network builder Cisco. There will be a big military component, too, with some sessions requiring a federal security clearance for attendees including a talk from Air Force cyberspace warfare leader Maj. Gen Ed Wilson. Contact Tom Roeder: 636-0240 Twitter: @xroederx -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 31 08:48:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Jan 2016 09:48:47 -0500 Subject: [Infowarrior] - Security Firm Norse Corp. Imploding Message-ID: <50C7043B-E270-4AE3-BFEF-0193F712B879@infowarrior.org> (c/o CW) Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff. Sources close to the matter say Norse CEO Sam Glines was asked to step down by the company?s board of directors, with board member Howard Bain stepping in as interim CEO. Those sources say the company?s investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do. Glines agreed earlier this month to an interview with KrebsOnSecurity but later canceled that engagement without explanation. Bain could not be immediately reached for comment. Two sources at Norse said the company?s assets will be merged with Irvine, Ca. based networking firm SolarFlare, which has some of the same investors and investment capital as Norse. Neither Norse nor SolarFlare would comment for this story. The pink slips that Norse issued just after New Years?s Day may have come as a shock to many employees, but perhaps the layoffs shouldn?t have been much of a surprise: A careful review of previous ventures launched by the company?s founders reveals a pattern of failed businesses, reverse mergers, shell companies and product promises that missed the mark by miles. < - > http://krebsonsecurity.com/2016/01/sources-security-firm-norse-corp-imploding/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jan 31 17:42:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Jan 2016 18:42:43 -0500 Subject: [Infowarrior] - =?utf-8?b?4oCYRXlld2FzaOKAmTogSG93IHRoZSBDSUEg?= =?utf-8?q?deceives_its_own_workforce_about_operations?= Message-ID: <55C5297B-9FFF-425E-A193-C8B9FA645101@infowarrior.org> ?Eyewash?: How the CIA deceives its own workforce about operations By Greg Miller and Adam Goldman January 31 at 4:44 PM Senior CIA officials have for years intentionally deceived parts of the agency workforce by transmitting internal memos that contain false information about operations and sources overseas, according to current and former U.S. officials who said the practice is known by the term ?eyewash.? Agency veterans described the tactic as an infrequent but important security measure, a means of protecting vital secrets by inserting fake communications into routine cable traffic while using separate channels to convey accurate information to cleared recipients. But others cited a significant potential for abuse. Beyond the internal distrust implied by the practice, officials said there is no clear mechanism for labeling eyewash cables or distinguishing them from legitimate records being examined by the CIA?s inspector general, turned over to Congress or declassified for historians. Senate investigators uncovered apparent cases of eyewashing as part of a multi-year probe of the CIA?s interrogation program, according to officials who said that the Senate Intelligence Committee found glaring inconsistencies in CIA communications about classified operations, including drone strikes. < - .> https://www.washingtonpost.com/world/national-security/eyewash-how-the-cia-deceives-its-own-workforce-about-operations/2016/01/31/c00f5a78-c53d-11e5-9693-933a4d31bcc8_story.html -- It's better to burn out than fade away.