From rforno at infowarrior.org Fri Jul 29 11:06:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2016 16:06:19 -0000 Subject: [Infowarrior] - Why Wikileaks Is Losing Its Friends Message-ID: <2D9499B8-B2E2-4231-AAB4-50E52557AC45@infowarrior.org> Why Wikileaks Is Losing Its Friends http://www.bloomberg.com/news/articles/2016-07-29/why-wikileaks-is-losing-its-friends In a week where Wikileaks's power has been on full display, the organization's simplified view of the world is making many of its allies uncomfortable. Joshua Brustein joshuabrustein July 29, 2016 ? 10:43 AM EDT It has been 10 years since Julian Assange founded Wikileaks, the website that has gone on to serve as the world?s most prominent digital repository of leaked government information. The organization has been celebrating a decade of existence over the last week by putting on display everything that makes its brand of radical transparency so powerful and problematic: ? On Sunday, Debbie Wasserman Schultz stepped down from her position as chair of the Democratic National Committee because Wikileaks obtained and published a trove of embarrassing emails from the organization. ? On Monday, an academic named Zeynep Tufekci wrote a scathing article about another recent Wikileaks data dump, which included 300,000 emails related to the Turkish government. In the article?entitled ?WikiLeaks Puts Women in Turkey in Danger, for No Reason??Tufekci argued that there was nothing newsworthy about the emails, but that Wikileaks had exposed massive databases containing private information about nearly every woman in the country. ? On Tuesday, American intelligence officials said that the Russian government was almost certainly responsible for the DNC hack, and the New York Times reported that Assange timed the release of the leak to maximize the political damage to Hillary Clinton. ? On Wednesday, Wikileaks released more information obtained from the DNC, this time a series of voicemails. ? On Thursday, Edward Snowden, who exposed the National Security Agency's surveillance program and a natural ally to Wikileaks if there?s ever been one, criticized the organization for its insistence on releasing all information it receives in completely raw form: Edward Snowden @Snowden Democratizing information has never been more vital, and @Wikileaks has helped. But their hostility to even modest curation is a mistake. Wikileaks, never one to pull a punch, went on the offensive. In its view, the Democrats were corrupt and desperate to distract, Tufekci was a shill for Turkish president Recep Tayyip Erdogan, the New York Times's story was "entirely false," and Snowden was maneuvering for a pardon from a future Clinton administration. Wikileaks has also recently used its Twitter account to post a seemingly anti-Semitic remark, and to pick a fight with Twitter's chief executive officer over the company's decision to shut down the account of a controversial right-wing commentator associated with online harassment. So it?s been a weird stretch. But Wikileaks has always been a weird phenomenon. Its prominence grew from the ability to accept and display leaked information online without either exposing its sources?s identities or succumbing to attempts by governments to censor its output. This was a seemingly simple task that required technical chops that most media companies lacked, according to Alex Howard, a senior analyst at the Sunlight Foundation, an advocacy group pushing for government transparency. ?It was hugely significant, the technical capacity to enable whistleblowing, and then to keep the documents in question online through distributed networks and mirroring. That continued to be Wikileaks?s contribution,? he said. The organization has been less sophisticated in figuring out what to do with this kind of information. There is a long-running tension between the positive impact of exposing things that powerful organizations want to keep secret, and the negative implications of making private personal data public. Wikileaks occupies the extreme end of this debate. The answer, in its eyes, is simple: the more the better. Even people who see Wikileaks's broader mission??We Open Governments??as admirable have long criticized the group as reckless. The censure of the past week mirrors arguments made years ago. Steven Aftergood, the director of the government secrecy project at the Federation of American Scientists, said in 2010 that the view of Wikileaks as a champion of free speech was misguided. ?The criticism of Wikileaks has been amply borne out since then,? he said. ?Fortunately more people now see the organization for what it is.? Wikileaks didn?t respond to an interview request. Even natural allies of Wikileaks say it's hurting their cause. Howard, of the Sunlight Foundation, worries that Wikileaks?s disregard for legitimate privacy concerns could have broader consequences for other advocates pushing for government transparency because it provides their political opponents with a boogeyman. Tufekci wrote that the Erdogan government has already stepped up its censorship campaign in Turkey. Critics of Wikileaks say that Russian intelligence has ?weaponized? the organization with the DNC hack, essentially drawing attention to documents by leveraging Wikileaks?s brand as a place for juicy documents. The perception is likely to lessen the organization?s impact over time, argues Paul Rosenzweig, a cybersecurity consultant who worked in the Department of Homeland Security under George W. Bush. ?It?s the difference between setting yourself up to take information from whistleblowers who may have a legitimate grievance, and making yourself an outlet for spies,? he said. Radical transparency loses its appeal once it becomes a tool for governments to use against one another. Wikileaks has to compete with other organizations for access to information. Over the last decade, other media organizations have picked up aspects of the unique appeal of its journalistic approach. The coverage of the biggest mass leak of the last year, the so-called Panama Papers, was handled by the International Consortium of Investigative Journalists, which coordinated over 100 media organizations to analyze the documents simultaneously over the course of a full year. Some of the underlying documents were released, but without personal information included. Future leakers may prefer this approach, especially if Wikileaks is seen as either a mouthpiece of specific governments or an irresponsible handler of leaked data, that could make whistleblowers look elsewhere. ?If you?re the next Snowden, do you go there, or do you go to a media organization that has a different approach, that has the capacity and ethical standards that says potential harms are addressed,? Howard said. This may be wishful thinking. While the criticism of Wikileaks has increased over the past week, it?s hard to argue that its impact is waning. Tufekci?s critique of the hack in Turkey was largely a complaint that Wikileaks?s documents were unimportant, but many reporters treated them as though they were significant simply because of their source. The DNC leak became one of the major stories of the convention. Clinton?s political opponents seemed more interested in what the emails said than the process through which they were exposed. On Thursday night, as she gave her acceptance speech in Philadelphia, a group of protesters in the audience unfurled a huge Wikileaks banner. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 29 12:21:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2016 17:21:51 -0000 Subject: [Infowarrior] - How vulnerable to hacking is the US election cyber infrastructure? Message-ID: <503CF5DF-4286-41DF-A306-A3974952D488@infowarrior.org> How vulnerable to hacking is the US election cyber infrastructure? July 29, 2016 12.58pm EDT Richard Forno https://theconversation.com/how-vulnerable-to-hacking-is-the-us-election-cyber-infrastructure-63241 -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 29 12:35:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2016 17:35:33 -0000 Subject: [Infowarrior] - =?utf-8?q?A_Famed_Hacker_Is_Grading_Thousands_of_?= =?utf-8?q?Programs_=E2=80=94_and_May_Revolutionize_Software_in_the_Proces?= =?utf-8?q?s_Kim_Zetter__July_29_2016=2C_10=3A00_a=2Em=2E?= Message-ID: <485BB6B2-5AF1-464B-A722-57BC02A9810B@infowarrior.org> A Famed Hacker Is Grading Thousands of Programs ? and May Revolutionize Software in the Process Kim Zetter July 29 2016, 10:00 a.m. https://theintercept.com/2016/07/29/a-famed-hacker-is-grading-thousands-of-programs-and-may-revolutionize-software-in-the-process/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 29 15:20:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2016 20:20:05 -0000 Subject: [Infowarrior] - Fwd: [IP] Lauren's Blog: "Confirmed and Unacceptable: Social Security Administration Cutting Off Users Who Can't Receive Text Messages" References: <0EE08BF9-D065-4F23-9864-B6F622E85236@gmail.com> Message-ID: -- It's better to burn out than fade away. > From: "Dave Farber" > > Begin forwarded message: > >> From: Lauren Weinstein > >> Date: July 29, 2016 at 2:35:40 PM EDT >> To: nnsquad at nnsquad.org >> Subject: [ NNSquad ] Lauren's Blog: "Confirmed and Unacceptable: Social Security Administration Cutting Off Users Who Can't Receive Text Messages" >> >> >> Confirmed and Unacceptable: Social Security Administration >> Cutting Off Users Who Can't Receive Text Messages >> >> https://lauren.vortex.com/2016/07/ssa-cutting-off-users-who-cant-receive-text-messages >> >> >> If you don't have a cell phone, or some other means to receive SMS >> text messages (and have them enabled, and know how to deal with them), >> you won't be able to access your Social Security Administration "My >> Social Security" online account starting next month. >> >> The SSA is currently sending out emails announcing that SSA online >> users MUST receive an SMS text message with a two-factor >> authentication code to access their accounts starting in August. >> >> According to Congressional testimony in May, SSA "expects" to make >> other two-factor methods available at some point in the future. >> >> While the "expectation" of additional two-factor options at some >> unspecified time down the line is interesting, the move to now block >> users who do not have cell phones, or text message capable cell >> phones, or do not have text messaging enabled, or do not know how to >> access and read text messages -- IS UNACCEPTABLE, especially on such >> short notice to SSA users. >> >> Two-factor authentication systems are very important, but keep in mind >> that SSA by definition is dealing mostly with older users who may have >> only recently become comfortable with online services at all, and may >> not make any use of text messaging. Many do not have cell phones or >> somebody to receive text messages for them. >> >> Additionally -- and ironically -- text messaging is considered to be a >> substandard means of receiving two-factor authentications. And -- get >> this boys and girls -- NIST (the USA's National Institute of Standards >> and Technology) -- just a few days ago officially declared that text >> messaging based two-factor should no longer be used at all -- it's >> simply not safe and secure. >> >> It appears that SSA has really mucked this one up. This isn't secure >> two-factor, it's a three-ring circus. And it's going to leave many SSA >> users out in the cold. >> >> --Lauren-- >> Lauren Weinstein -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sat Jul 30 16:11:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jul 2016 21:11:06 -0000 Subject: [Infowarrior] - If Russia Did Hack, How Should Obama Retaliate? Message-ID: If Russia Did Hack, How Should Obama Retaliate? David E. Sanger http://www.nytimes.com/2016/07/31/us/politics/us-wrestles-with-how-to-fight-back-against-cyberattacks.html ?When it is determined who is responsible for this,? Mr. Brennan said, choosing his words carefully to avoid any direct implication of Russia, there ?will be discussions at the highest levels of government about what the right course of action will be. Obviously interference in the U.S. election process is a very, very serious matter.? The Russia problem is thorny, and persistent. Just four months into his presidency in 2009, President Obama and his top national security advisers received a warning from American intelligence agencies: Of all the nations targeting America?s computer networks, Russia had the most ?robust, longstanding program that combines a patient, multidisciplinary approach to computer network operations with proven access and tradecraft.? Mr. Obama might have been a bit distracted at the time. While setting up his new administration, he was also learning the dark arts of cyberwar, descending into the Situation Room to oversee a complex American-Israeli offensive operation to disable Iran?s nuclear centrifuges. He expressed concern to his aides that the operation would help fuel the escalation of cyberattacks and counterattacks. The concern was justified. Since then, Iran has attacked Saudi Arabia, Russia has brought down a power grid in Ukraine, the North Koreans have attacked the South. The list gets longer every month. But deterrence has been spotty. In the D.N.C. case, two senior administration officials spoke on the condition of anonymity to discuss the options being considered by midlevel officials, ranging from counter cyberattacks on the F.S.B. and the G.R.U., two competing Russian spy agencies at the center of the current hacking, to economic, travel and other sanctions aimed at suspected perpetrators. But each approach has downsides: A counterattack, for example, one senior official said, ?brings us to their level, and their moral code.? At the same time, the cost of doing nothing could be high. As the United States and other nations move to more electronic voting systems, the opportunities for mischief rise exponentially. Imagine, for example, a vote as close as the 2000 presidential election between George W. Bush and Al Gore, but with accusations about impossible-to-trace foreign manipulation of the ballots or the vote count, leaving Americans wondering about the validity of the outcome. For Mr. Obama, the president who has done the most to raise alarms about the risks of cyberattacks and the most to build up the United States Cyber Command, this territory is fraught with politics, intelligence trade-offs and questions of American values. ?I think that the administration needs to be ironclad on the evidence here to convince the American people that this is about policy, not politics,? said Jason Healey, a scholar at Columbia University who specializes in cyberconflict between nations. ?This has got to be about defending a constitutional process, not a party.? Mr. Obama often says the world of cyberconflict is still ?the Wild West.? There are no treaties, no international laws, just a patchwork set of emerging ?norms? of what constitutes acceptable behavior. For example, Mr. Obama has pressed President Xi Jinping of China to work with the United States and other nations to develop rules about the theft of intellectual property, and about not interfering with a nation?s efforts to bring attacked systems back online. Attacking another nation?s power grid in peacetime is considered out of bounds. But every new case brings a new and imaginative way to weaponize cyberpower. Until November 2014, when North Korea hacked into the computers at Sony Pictures Entertainment in retaliation for a comedy that portrayed a C.I.A. plot to assassinate Kim Jong-un, the country?s leader, no one seriously considered a movie studio to be ?critical infrastructure.? Yet the attack on Sony ? which melted down 70 percent of its computing power ? was the only case that brought the president to the White House press room to accuse another nation of launching a deliberate cyberattack, and to promise retaliation. Mr. Obama said he was driven to go public by the fact that North Korea was trying to suppress free speech and intimidate Americans with threats if they went to the theater. It is unclear how the United States may have retaliated against the North in secret, if it even did so. But the public punishment, the announcement of some mild economic sanctions, seemed highly ineffective. They were lost in the sea of other sanctions imposed on the North since the signing of the armistice that halted, but did not end, the Korean War 63 years ago. Yet the decision to name North Korea ? a country with which the United States does no other real business ? was an outlier. China was never formally named in the theft of the security clearance files on more than 21 million Americans, revealing fingerprints, personal financial details and the personal data about family, friends and former lovers. To James R. Clapper Jr., the director of national intelligence, that wasn?t an ?attack,? it was just very good espionage. Given the chance, he said last year, ?we would have done the same thing.? Similarly, the administration decided not to call out Russia when the same intelligence agencies implicated in the D.N.C. attack were believed to be behind the siphoning of tens of thousands of unclassified emails from the systems of the State Department and the White House. There was also a more targeted cyberespionage operation, which investigators attributed to the same actors, aimed at the Joint Chiefs of Staff. But again, it was considered within the bounds of spy vs. spy. Speaking at the Aspen forum on Thursday, Mr. Clapper, while stepping around who had conducted the hack, said that in Mr. Putin?s mind, the United States had meddled in Russian politics, in Ukraine and Georgia ? all part of former Soviet territory. (Mr. Putin complained that Hillary Clinton, in 2011, helped spark protests over a Russian parliamentary election that the United States considered riddled with voter fraud.) ?Of course they see a U.S. conspiracy behind every bush and ascribe far more impact than we?re actually guilty of, but that?s their mind-set,? Mr. Clapper said. ?And so I think their approach is they believe we are trying to influence political developments in Russia, trying to effect change, and so their natural response is to retaliate and do unto us as they think we?ve done unto them.? He later described Mr. Putin as ?paranoid? and said ?he is less of a throwback to the Communist era, than to the czars.? He added later: ?He wants to be seen as the leader of a great power, coequal with the United States.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jul 31 08:42:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Jul 2016 13:42:54 -0000 Subject: [Infowarrior] - OT: Why Direct-to-Consumer Pharmaceutical Advertising Should be Banned Message-ID: <06D689DB-946F-4126-9D17-8BD7C29AD618@infowarrior.org> Why Direct-to-Consumer Pharmaceutical Advertising Should be Banned ? Jul 26, 2016 ? Article By: Amy Roger https://assetbuilder.com/knowledge-center/articles/why-direct-to-consumer-pharmaceutical-advertising-should-be-banned But when time is short, more time can seem attractive - more time to spend with loved ones, to see beautiful places, and enjoy favorite past-times. Sadly, those end-of-life experiences are often clouded by pain and disability. My mother had difficulty working in her garden. Even the oxygen tank we toted out there didn?t allow her to do much more than examine the blooms. We would have jumped at anything to give her more strength and more time. Pharmaceutical companies know this. They know that more than anything, people want to be strong and vital as they move through life. We want this whether we are at the end of life or have many years to live with chronic disease. This can be a good thing when it spurs solutions through research and development. But it can be a bad thing when the marketing team gets its hands on it. If you watch television, you?ve seen pharmaceutical ads. They show people out fishing or hiking through a National Park. But when you look at what the drugs are for, you realize that these drugs and the conditions they treat have no connection to what the people in the ad are doing. The commercial for cancer drug nivolumab stated it ?significantly increased the chance of living longer versus chemotherapy? in patients with squamous cell lung cancer. But they glossed over the fact that it prolonged life just 3.2 months. And that it is indicated for stage four cancer only after standard chemotherapy has failed. And they didn?t even mention that it costs $157,000 per year. Instead they mention a longer life and show relatively high-functioning people doing the things we all hope to do as the end of life approaches ? walking the dog by the water, playing with grandkids, going to the ballpark. Trust me, this is not the typical final three months for someone with stage four lung cancer on chemotherapy. This isn?t false advertising, necessarily. But it certainly isn?t grounded in truth. The U.S. and New Zealand are the only two countries in the world that allow direct-to-consumer (DTC) advertising for pharmaceuticals. Individuals in these two countries take about 50 percent more prescription drugs than comparable countries. In the U.S., drug companies spend about $4.5 billion each year on advertising. And the amount rises every year. Pharmaceutical companies know advertising works. At least once, it worked so well people died. After Vioxx was introduced in 2002, Merck went all out on the launch. They spent $160 million on DTC advertising for this pain medication that was easier on the stomach than most of the drugs out there like ibuprofen. Sales went through the roof. Then doctors started noticing people on Vioxx were having heart attacks and strokes. This in itself isn?t unusual. Sometimes drug side effects don?t show up in clinical trials. It isn?t until they are more widely used that more unusual issues arise. But it turns out that marketing of the drug drove demand. Patients were specifically seeking it from their doctors. This vastly expanded the pool of people exposed to the dangerous side effects of the drug. In 2004, the FDA pulled Vioxx from the market and decided DTC marketing was not okay for other drugs in the class. Which makes you wonder: If DTC marketing isn?t okay for those drugs, why is it okay for any drugs? Pharmaceutical companies are motivated by profit. Period. I?m sure they are happy when a drug actually benefits people. But let?s be honest ? nobody buys pharmaceutical stock because they want to help mankind. Stockholders want to make money. And the only reason drug companies engage in DTC marketing is because it helps them achieve that goal. DTC marketing benefits pharmaceutical stockholders. But it doesn?t benefit us. It drives up the cost of drugs. It pushes the use of drugs in inappropriate cases. And it promotes expensive brand names over perfectly acceptable generics. The American Medical Association has called for a ban on DTC advertising of pharmaceuticals. The Kaiser Family Foundation reported that pharmaceutical costs are the top healthcare concern in the U.S. In the end, DTC marketing costs us a lot of money and hurts our health. The best way to decide if a prescription makes sense is to discuss your options with your physician, whose goal is to help you get better. The worst way is to let the profit motives of others drive your decisions. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 16 21:41:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Jul 2016 02:41:59 -0000 Subject: [Infowarrior] - U.S. military has launched a new digital war against the Islamic State Message-ID: U.S. military has launched a new digital war against the Islamic State By Ellen Nakashima and Missy Ryan July 15 https://www.washingtonpost.com/world/national-security/us-militarys-digital-war-against-the-islamic-state-is-off-to-a-slow-start/2016/07/15/76a3fe82-3da3-11e6-a66f-aa6c1883b6b1_story.html An unprecedented Pentagon cyber-offensive against the Islamic State has gotten off to a slow start, officials said, frustrating Pentagon leaders and threatening to undermine efforts to counter the militant group?s sophisticated use of technology for recruiting, operations and propaganda. The U.S. military?s new cyberwar, which strikes across networks at its communications systems and other infrastructure, is the first major, publicly declared use by any nation?s military of digital weapons that are more commonly associated with covert actions by intelligence services. The debut effort is testing the ability of the military?s seven-year-old U.S. Cyber Command?s to conduct offensive operations against an enemy that has proved to be an adept user of technology to organize operations, recruit fighters and move money. But defense officials said the command is still working to put the right staff in place and has not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different than the nation-states Cybercom was created to fight. In an effort to accelerate the pace of digital operations against the Islamic State, the Cybercom commander, Adm. Michael S. Rogers, created a unit in May headed by Lt. Gen. Edward Cardon that is tasked with developing digital weapons ? fashioned from malware and other cyber-tools ? that can intensify efforts to damage and destroy the Islamic State?s networks, computers and cellphones. [Inside ISIS: Quietly preparing for the loss of the ?caliphate?] The group, called Joint Task Force Ares, is coordinating operations more closely with U.S. Central Command, which is leading the military fight, and working to sharpen offensive operations. Defense Secretary Ashton B. Carter has pressed Rogers repeatedly to pick up the pace of the nascent cyber-offensive, ensuring it plays a more active role in the overall campaign against the Islamic State. ?Cybercom has not been as effective as the Department would expect them to be, and they?re not as effective as they need to be,? said a senior defense official who, like other officials, spoke on the condition of anonymity to discuss internal conversations. ?They need to deliver results.? Although officials declined to detail current operations, they said that cyberattacks occurring under the new task force might, for instance, disrupt a payment system, identify a communications platform used by Islamic State members and knock it out, or bring down Dabiq, the Islamic State?s online magazine. It is not, however, part of the group?s mission to identify individuals to be targeted by American airstrikes, officials said. ?We want to take cyber out of the shadows, where people think we?re doing something malicious or spooky, and treat it like we do our operations in other domains,? said Aaron Hughes, a senior Pentagon official for cyber-policy. And officials hope the campaign is a significant step toward normalizing cyber as a tool of warfare, just like the use of airstrikes and artillery barrages. [Inside the surreal world of the Islamic State?s propaganda machine] The very nature of the Islamic State ? not a country or a government that would have vast institutions or infrastructure vulnerable to attack ? makes it a challenging target for cyberattacks. It is unlike more traditional foes such as Iran ? a country whose nuclear infrastructure was attacked in a joint U.S.-Israeli operation by a sophisticated piece of malware designed to infiltrate and damage the computers running an enrichment facility. ?The more dependent you are on technology, the more you are a target for cyberattack. And ISIS is less dependent,? said James Lewis, a cyber-policy expert at the Center for Strategic and International Studies, said, using an acronym for the Islamic State. ?It doesn?t mean you get no military advantage out of it. But scruffy insurgents aren?t the best target for high-tech weapons.? The simple fact that the Pentagon has ordered its first major cyber-offensive campaign, and has acknowledged it publicly, is a milestone. ?Here you?ve got a real first time where you have a state saying, ?We did this ? we?re using cyber on the battlefield,??? said Jason Healey, a senior research scholar in cyber-conflict at Columbia University and a former military cyber-operator. ?Without a doubt, this is the first time we?re seeing this in history.? Military cyber-specialists conducted tactical operations in Iraq and, to a lesser extent, in Afghanistan toward the end of the George W. Bush administration, but the communications environment has changed significantly, officials said. The techniques used then were simpler than those being planned today, they said. ?Terrorist organizations use the most modern comms,? the senior defense official said. ?They know that people are after them, and so they spend a lot of time protecting themselves? through the use of encryption, for example. Carter announced a cyber-strategy last year that for the first time addressed the use of cyber-weapons in combat and the need to be transparent about their use. But he was unhappy with the effectiveness of the early efforts against the Islamic State, leading to the creation of the dedicated unit led by Cardon. Cardon?s task force is headquartered at Fort Meade, Md., which is also the headquarters for Cybercom and the National Security Agency. The unit comprises about 100 people, including intelligence personnel and staff from across the military. One key aim of the group is to be more closely integrated with the overall military campaign against the Islamic State, officials said. This would allow Lt. Gen Sean MacFarland, who oversees operations in Iraq and Syria, to work cyberattacks into his battle plan, just as he uses airstrikes. At times, officials said, commanders may choose to use a cyberattack when it will reduce the odds of civilian casualties; an example of this is disabling a communications network by digital means rather than bombing it. Cardon said the fledgling unit is having some effect but that the militants were also resisting its efforts, switching servers and other hardware to stay ahead of the attacks. ?We?re definitely having an impact on them, but it?s a dynamic space,? the general said in an interview. The Obama administration said that the overall military campaign against the Islamic State has weakened the self-anointed caliphate. A senior administration official told Congress last month that the group had lost almost half the territory it once controlled in Iraq. In Syria, U.S.-backed fighters are battling for control of areas along the Turkish and Iraqi borders. The cyberwarfare campaign against the Islamic State has presented some challenges for the Pentagon. Whenever the military undertakes a cyber-operation to disrupt a network, the intelligence community may risk losing an opportunity to monitor communications on that network. So military cybersecurity officials have worked to better coordinate their target selection and operations with intelligence officials. The military is also grappling with the need to avoid harming civilian or noncombatant networks. Militants use the communications systems of commercial services, which the general population relies on. ?Think about any war zone,? Cardon said. ?You don?t have just the enemy side and the friendly side. You have all this gray. It?s the same thing in cyberspace.? Cybercom?s new offensive is limited primarily to Iraq and Syria and does not include Islamic State affiliates from North Africa to East Asia. But Pentagon officials said that future cyber operations could extend outside the two countries. ?As we move through additional phases of this operation, that fight will absolutely go global,? Hughes said. But Cardon cautioned that cyber is just one element of the larger struggle against the Islamic State. ?We?ll be a contributor,? he said. ?This war here is not going to be won in cyberspace.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jul 17 17:57:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Jul 2016 22:57:38 -0000 Subject: [Infowarrior] - CFP: Pew 2016 Future of the Internet Survey Message-ID: Welcome to the Pew Research Center 2016 Future of the Internet Survey Thank you for taking a few minutes to share your thoughts tied to five important questions about how internet trends might evolve in the next 10 years. You will be given the option to remain completely anonymous, or you can take credit by name for any or all of your answers. The questions will invite you to consider the likely future of: the tone of social discourse online, education innovation for future skills, the opportunities and challenges of the Internet of Things and algorithm-based everything, and trust in online interaction. There are also a few general demographic questions we gather to use only for statistical purposes. For all these questions, please give your best assessment of where you expect we will be in the next decade. This may not be the future you would prefer ? but please select the future you expect is most likely. You will be able to elaborate on your hopes for the future in your written answers. https://www.surveymonkey.com/r/PD6772K -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 20 08:47:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2016 13:47:51 -0000 Subject: [Infowarrior] - Twitter Bars Milo Yiannopoulos Message-ID: <8F5DE178-82C6-4871-B6FE-BBC82CD510F6@infowarrior.org> Twitter Bars Milo Yiannopoulos in Wake of Leslie Jones?s Reports of Abuse Mike Isaac http://www.nytimes.com/2016/07/20/technology/twitter-bars-milo-yiannopoulos-in-crackdown-on-abusive-comments.html SAN FRANCISCO ? For years, one of the main grievances among Twitter users has been the ability for anonymous trolls to send abusive comments to other people on the service. But on Tuesday, Twitter barred one of the most egregious and consistent offenders of its terms of service, Milo Yiannopoulos, in an attempt to show that it is cracking down on abuse. The ban against Mr. Yiannopoulos, a technology editor at the conservative news site Breitbart and known by his Twitter handle, @Nero, follows a campaign of prolonged abuse against Leslie Jones, a comedian and co-star of the recently released ?Ghostbusters? movie. The film and its stars have come under fire from various parts of the internet for months, after it was first revealed that the reboot of the 1984 film would feature an all-female cast. Ms. Jones in particular has borne the brunt of the online abuse in recent days, especially since the release of ?Ghostbusters? in the United States on Friday. Hundreds of anonymous Twitter commenters hurled racist and sexist remarks at the star?s Twitter account, rallied and directed by Mr. Yiannopoulos this week. The news media picked up on the abuse after Ms. Jones began retweeting screenshots of the litany of comments sent to her over the past few days. On Monday evening, Ms. Jones quit using Twitter with a final message of exasperation after days of near-nonstop abuse. ?I leave Twitter tonight with tears and a very sad heart,? Ms. Jones tweeted. ?All this cause I did a movie.? In a statement, a Twitter spokesman said: ?People should be able to express diverse opinions and beliefs on Twitter. But no one deserves to be subjected to targeted abuse online, and our rules prohibit inciting or engaging in the targeted abuse or harassment of others.? Twitter did not comment directly on Mr. Yiannopoulos?s account or actions of the past 48 hours, but the spokesman said over that period, ?We?ve seen an uptick in the number of accounts violating these policies and have taken enforcement actions against these accounts, ranging from warnings that also require the deletion of tweets violating our policies to permanent suspension.? In a brief interview on Tuesday evening, Mr. Yiannopoulos said, ?This is the beginning of the end for Twitter.? ?Some people are going to find this perfectly acceptable,? he said. ?Anyone who believes in free speech or is a conservative certainly will not.? The move stops short of providing Twitter?s 300-million-plus users with effective tools to combat trolls and abuse on a much larger scale, an issue that celebrities and everyday users alike deal with on a regular basis. In the past, Twitter, the San Francisco-based social media company, has faced criticism for its handling of the so-called GamerGate controversy, as women in the gaming community were increasingly harassed on Twitter ? often to the point of receiving death threats ? in the wake of a dispute in the online gaming community. Twitter has said that dealing with abuse and ?trust and safety? issues is one of its top priorities, though it has not detailed how it will handle the issues in the future. ?We know many people believe we have not done enough to curb this type of behavior on Twitter,? the company said in a statement. ?We agree.? Twitter said it is investing in improving its tools and enforcement systems, and is in the process of reviewing its hateful conduct policies ?to prohibit additional types of abusive behavior and allow more types of reporting, with the goal of reducing the burden on the person being targeted,? according to a statement. Twitter said it expected to detail more of that in the coming weeks. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 21 06:24:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jul 2016 11:24:29 -0000 Subject: [Infowarrior] - Can KAT Make a Comeback? Message-ID: <0A2C4494-F89F-485E-B588-AA6A069D79E8@infowarrior.org> Can KickassTorrents Make a Comeback? ? By Ernesto ? on July 21, 2016 Yesterday the U.S. Government delivered a massive blow to KickassTorrents. With its alleged founder arrested and pretty much the entire site's operation compromised, it's not obvious that there will be a Pirate Bay style comeback anytime soon. < - > https://torrentfreak.com/can-kickasstorrents-make-a-comeback-160721/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 21 15:08:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jul 2016 20:08:49 -0000 Subject: [Infowarrior] - Hackers reportedly selling leaked terrorism watchlist Message-ID: <47A26F33-2914-4865-8879-3637FD1539C7@infowarrior.org> Hackers reportedly selling leaked terrorism watchlist https://www.engadget.com/2016/07/21/hackers-reportedly-selling-leaked-terrorism-watchlist/ The database, colloquially known as "World-Check," is typically sold by Thomson Reuters to a wide variety of agencies in a bid to offer a screening tool to weed out those who might be involved in criminal organizations. The fact that it exists is strange enough, but the fact that it could be selling online to the general public is even more bizarre. The information comprising World-Check is taken from a vast amount of public data sources and even includes entries for figures who don't even appear to be charged with the "terrorism" they're listed with in the database. The leaks have occurred after last month when security researcher Chris Vickery stumbled upon a copy of the database, which Thomson Reuters then referred to as "outdated." It was supposedly "exposed by a third party," but by then Vickery hadn't been the only person to get to it. That honor belongs to "Bestbuy," an individual who supposedly accidentally found the database, and has sold it three times over for 10 bitcoin apiece. Thomson Reuters is aware of the latest leak of this information and has said in response to Motherboard that they're "engaging with the appropriate authorities" as far as the databases go. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 21 15:45:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jul 2016 20:45:17 -0000 Subject: [Infowarrior] - WSJ Reporter: Homeland Security Tried to Take My Phones at the Border Message-ID: <894973F0-BE5C-4BD9-803B-18C81A8F6C6E@infowarrior.org> WSJ Reporter: Homeland Security Tried to Take My Phones at the Border Written by Joseph Cox Contributor http://motherboard.vice.com/read/wsj-reporter-homeland-security-tried-to-take-my-phones-at-the-border On Thursday, a Wall Street Journal (WSJ) reporter claimed that the Department of Homeland Security demanded access to her mobile phones when she was crossing the border at the Los Angeles airport. The case highlights the powers that border agents purport to have, and how vulnerable sensitive information can be when taken through airports in particular. ?I wanted to share a troubling experience I had with the Department of Homeland Security (DHS), in the hopes it may help you protect your private information,? Maria Abi-Habib, a WSJ journalist focused on ISIS and Al Qaeda wrote in a post on Facebook. (Abi-Habib confirmed to Motherboard that the Facebook account was hers, but declined to comment further.) Abi-Habib says she had arrived in town for a wedding, when an immigration officer approached her, and took her aside from the main queue. This by itself was not unusual, Abi-Habib writes: because of her job, she has reportedly been put on a list that allows her to bypass the usual questioning someone with her travel profile may encounter. But things changed quickly, and Abi-Habib was escorted to another part of the airport. ?Another customs agent joined her at that point and they grilled me for an hour?asking me about the years I lived in the US, when I moved to Beirut and why, who lives at my in-laws' house in LA and numbers for the groom and bride whose wedding I was attending. I answered jovially, because I've had enough high-level security experiences to know that being annoyed or hostile will work against you,? she writes. "I assume they avoided seizing my phones forcefully because they knew we would make a stink about it and have a big name behind us." The first DHS agent then asked Abi-Habib for her two cell phones, in order ?to collect information,? Abi-Habib reports the officer as saying. ?And that is where I drew the line,? Abi-Habib writes. ?I told her I had First Amendment rights as a journalist she couldn't violate and I was protected under. I explained I had to protect my government and military sources?over the last month, I have broken two stories that deeply irked the US government, in addition to other stories before I went on maternity leave, including one in Kabul that sparked a Congressional investigation into US military corruption, all stories leaked by American officials speaking to me in confidence.? The agent passed over a document, which Abi-Habib later photographed and posted to Facebook, purportedly showing that the agent has the right to seize those devices. Abi-Habib instead said that the border agents would need to contact WSJ's lawyers. After some back and forth, the agent went to see her supervisor, and eventually said Abi-Habib is free to go. Abi-Habib said she reported the incident to a WSJ lawyer, encryption expert and the outlet?s in-house security. From those conversations, Abi-Habib says, ?My rights as a journalist or US citizen do not apply at the border, as explained above, since legislation was quietly passed in 2013 giving DHS very broad powers (I researched this since the incident). This legislation also circumvents the Fourth Amendment that protects Americans' privacy and prevents searches and seizures without a proper warrant.? Back in 2013, WIRED reported on those changes, writing ?The Department of Homeland Security?s civil rights watchdog has concluded that travelers along the nation?s borders may have their electronics seized and the contents of those devices examined for any reason whatsoever?all in the name of national security.? Abi-Habib continues, ?Why I was eventually spared, we do not know and we are writing a letter contesting DHS' treatment of me. I assume they avoided seizing my phones forcefully because they knew we would make a stink about it and have a big name behind us.? Abi-Habib closes with a series of security tips for those with sensitive information crossing the border, such as encrypting devices, but bearing in mind that information can be demanded from you. ?Travel "naked" as one encryption expert told me. If any government wants your information, they will get it no matter what,? she adds. The DHS did not immediately respond to a request for comment. The Wall Street Journal sent a statement from Editor in Chief Gerard Baker: "We are disturbed by the serious incident involving WSJ reporter Maria Abi-Habib, a citizen of the United States and Lebanon." "We have been working to learn more about these events, but the notion that Customs and Border Protection agents would stop and question one of our journalists in connection with her reporting and seek to search her cell phones is unacceptable." The document scanned by Abi-Habib.... http://motherboard.vice.com/read/wsj-reporter-homeland-security-tried-to-take-my-phones-at-the-border -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 22 05:54:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2016 10:54:14 -0000 Subject: [Infowarrior] - KickassTorrents Mirrors and Imposters Spring into Action Message-ID: <4DA0837B-32BA-4D23-8404-FBEF14371E37@infowarrior.org> KickassTorrents Mirrors and Imposters Spring into Action - TorrentFreak By Ernesto https://torrentfreak.com/kickasstorrents-mirrors-and-imposters-spring-into-action-160722/ It has been just over a day since KickassTorrents (KAT) was shut down by the U.S. Government, following the arrest of the site's alleged owner. While the official site is still offline mirrors and copies are being launched left and right, with some misleadingly claiming to be an "official" resurrection of KAT. With an active community and millions of regular visitors, KickassTorrents has been the most used torrent site for quite some time. This ended abruptly earlier this week, following the arrest of its alleged founder in Poland. A criminal complaint from the U.S. Government revealed that entire operation had been compromised by the Department of Homeland Security. Starting a few hours ago, the first Kickass domain was signed over to the U.S. authorities. Others are expected to follow during the days to come. Kickass.to now displays a seizure notice, which means that the associated domain registry was quick to respond to the U.S. warrant. People who visit the Kickass.to address today will see the following banner, specifically tailored for KAT. KAT?s seizure banner As expected, the U.S. authorities are not the only ones to ?lift? KAT?s logo, many others are doing the same, but for a different reason. Shortly after KAT went offline dozens of people began promoting mirrors and copies of the site. Some are just trying to keep lost files accessible, but there?s also a group trying to take over the brand, similar to the efforts seen following YIFY?s demise. For example, the operator of Kickass.la sent an email to several reporters promoting a new KAT address. In a follow-up, we were told that the site is an ?official backup,? and that a copy of the database is in their possession. However, the site appears to be little more than a partial copy and the person behind it later admitted that they are not related to KAT. Only adding to the confusion are the many other copies and alternatives claiming to be the official resurrection of KAT. Some even advertise themselves as such, but most have been available for a longer time as proxy/mirror sites. Kickasstorrents.to, for example, has been around for a long time, hosting cached pages of the original site. The latter is also true for others, such as Dxtorrent.com. But in any case, there is no true backup with freshly added content available. Another mirror that has been widely discussed is kickasstorrents.website (which is NOT a project of Isohunt.to, as some reports suggest). Unlike others, the people behind this site are very clear about the fact that they are not related to the original KAT team. Their copy currently lists torrent files from the past one and a half years, but like other mirrors it doesn?t have a working forum or upload functionality. ?It?s not perfect but if users need to save and archive something it?s time. We don?t know how long it can last, but at least it?s something,? the site?s operator told TorrentFreak. The people behind the site, who describe themselves as a group of individuals who stand for freedom of the Internet, also launched a petition on Change.org calling for the release of KAT?s alleged owner Artem Vaulin. ?We are protesting against violent attack on our right to share information and arrest of Kat.cr founder Artem Vaulin. Our freedom to share is the human right which Artem Vaulin has been providing to millions of users from all over the world,? they say. While a notable effort, the banner promoting the cause appears to show a photo of an entirely different Artem Vaulin. The image was removed from the petition after we pointed this out, but it?s still present in the manifesto at the time of writing and being shared in news articles and on social media. What is clear is that former KAT users are grasping at straws to get their old community back. While mirrors and copies do look like their old home, without a working forum and new content they don?t provide much of an alternative. For now, people are probably better off not trusting any ?KAT resurrection? claims. The chance of getting your password stolen is higher than finding a site with a true backup of the user database. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 22 06:56:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2016 11:56:18 -0000 Subject: [Infowarrior] - OT: The fascist infomercial Message-ID: <42BC4940-CA72-4F9A-9D83-836FE563A58C@infowarrior.org> (Note: I am not a fan of *either* mainstram character being presented in November. --rick) Donald Trump?s creepy fascist infomercial By Alexandra Petri July 22 at 1:58 AM https://www.washingtonpost.com/blogs/compost/wp/2016/07/22/donald-trumps-creepy-fascist-infomercial/ CLEVELAND ? We have always been at war with Eurasia. Snowball the Pig is responsible for everything that is wrong on the farm. How fortunate we are to have Donald Trump. Donald Trump is the miracle product that will fix everything that is wrong in your home. He is also your father figure (put your little hand in his), who will be your preacher, teacher (everything you had in mind). He?ll be your dream, your wish, your fantasy, your hope, your love, everything that you need. Truly, madly, deeply, he loves you. He is the way, the truth and the life. None shall be saved except through him. He will protect you. He will fix your aching bones and your bad hearing and when you walk home at night you will know that nothing can harm you, because Trump is there. You will get a good-paying job. The thing in the shadows that frightens you will melt away as if it were never real to begin with. (And perhaps it wasn?t.) Praise Trump from whom all blessings flow. Believe him. He will also build a wall. It will be as tall as you want it to be. If you want the moon (Newt Gingrich does!) he will throw a lasso around it and pull it down for you. He will solve all your problems. Why should you believe that he will do this? Listen, you?re awful nosy, aren?t you? Isn?t the word of Donald Trump?s children enough for you? (I would say, ?And the words of his wife, Melania,? but those turned out not to be her words.) They have spent the last four days praising him to the skies. Say what you will about dictators, royalty, mafia dons, supervillains and Trumps, they have a well-defined aesthetic. You get an immense, Wonderful Wizard of Oz-scale picture of your head, some flags, and then you stand in front of it with your well-groomed family, and they say that if only people knew the real you, they would admit that you were great. Thus, Thursday night kicked off with a long, rambling speech from someone who had once seen Donald Trump write a nice note to a young boy in the middle of a Mike Tyson fight. (This was the nicest story that anyone who was not literally related to Donald Trump could come up with.) His daughter Ivanka introduced her father, saying that he had been extremely kind to and supportive her. (If there is one thing we learned this week, it is that Donald Trump is very nice to his children. But hear me out: What if Donald Trump maybe treats his children differently than he does most people? Could that be it? In general, if the only people willing to recommend you for a position are literally members of your family, it?s a sign that something is wrong.) And then Donald Trump began to do what he has meant to do this whole time: talk about Donald Trump. If Barack Obama was supposed to be your new bicycle, then Donald Trump is your new miracle juicer. He looks better on TV than he actually is. He is mostly plastic and he probably won?t work when you get him home. But the commercial makes him sound like the solution to everything that ails you. In this case, he went on for 76 (such a patriotic number!) minutes, advertising himself. ?I love you,? Donald Trump said. ?I am your voice,? Donald Trump said. ?Believe me,? Donald Trump said. ?We will never ever make bad deals,? Donald Trump said. ?Nobody knows the system better than me,? Donald Trump said, ?which is why I alone can fix it.? How? There is no how. All that has to happen for a thing to be so is for Donald Trump to say it. This is certainly how all his statistics work. Clear your mind of questions. See, Donald Trump is always right. If he says that Hillary is damaging our prestige in the world by leading from behind, then the problem is that Hillary is damaging our prestige in the world by leading from behind. If he says that America needs to stop upholding its obligations to NATO, then the problem is that NATO is taking advantage of us and we need to stop being had. He will bring back law and order and end lawlessness, but also he will decrease regulations. We need more law and order, but also we need fewer laws and more freedom. Whatever is wrong, Donald Trump will fix it, even if it contradicts the thing he just fixed. Believe him. The system is broken, and Donald Trump will fix it, by winning. He will make only good deals. This idea has never occurred to America before, to make only good deals. Donald Trump will try it, for once. The truths of religion are not the same as the truths of daily life. Faith has to get you through the day with the promise that things will improve. It does not have to withstand strict logical scrutiny. It can be an article of faith that something is two contradictory things at once. There is a hidden logic to its incoherency. It coheres because it offers a single system for fixing everything that ails you. It answers all your woes. It fits all complaints. Just like Donald Trump. Everything he touches with his hands ? which are the correct size ? he cures, or at least turns to gold-colored brass. Donald Trump is selling America a miracle juicer. The juicer is Donald Trump. It is orange and it will never let you down. If you order now, Donald Trump will send you another one free. Donald Trump will make America great again. ?Great? is a vague word. It means whatever you want it to mean. Donald Trump will make America that place you see when you close your eyes. And the crowd cheered, ?Yes you will!? You love Donald Trump. He will be a dear, dear leader. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 22 10:10:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2016 15:10:46 -0000 Subject: [Infowarrior] - Pentagon revises its rules to clarify protections for journalists Message-ID: <6FC6C19C-D20D-4949-8D7B-BB153FFF8B89@infowarrior.org> Pentagon revises its rules to clarify protections for journalists https://www.theguardian.com/us-news/2016/jul/22/pentagon-journalists-revises-law-of-war-manual The Pentagon has revised its Law of War guidelines to remove wording that could permit US military commanders to treat war correspondents as ?unprivileged belligerents? if they think the journalists are sympathizing or cooperating with enemy forces. The amended manual, published on Friday, also drops wording that equated journalism with spying. These and other changes were made in response to complaints by news organizations, including the Associated Press, which expressed concern to defense department lawyers and other officials that updates to the manual published last summer contained vaguely worded provisions that commanders could interpret as allowing them to detain journalists for any number of perceived offenses. ?The manual was restructured to make it more clear and up front that journalists are civilians and are to be protected as such,? Charles A Allen, the Pentagon?s deputy general counsel, said in a conference call with reporters on Thursday. The revised manual more explicitly states that engaging in journalism does not constitute taking a direct part in hostilities. ?Where possible, efforts should be made to distinguish between the activities of journalists and the activities of enemy forces, so that journalists? activities [such as] meetings or other contacts with enemy personnel for journalistic purposes do not result in a mistaken conclusion that a journalist is part of enemy forces,? the revised manual says. Jennifer O?Connor, the Pentagon?s top lawyer, said in a statement that consultations with news organizations over the past year ?helped us improve the manual and communicate more clearly the department?s support for the protection of journalists under the law of war?. Open letter from Reporters Without Borders calls on US defense secretary to revise manual containing ?disturbing? language on treating reporters like spies ?It is always a challenge for journalists to work in war zones, but it is particularly tricky when embedding with military forces because the missions are different,? said Kathleen Carroll, executive editor of the AP. ?It is important that the Law of War manual recognize that the roles of each are different ? each important but distinctly different.? The manual?s earlier version, published in 2015, said that while journalists ?in general? are civilians, they ?may be members of the armed forces, persons authorized to accompany the armed forces, or unprivileged belligerents?. In the view of experts in military law and journalism, that wording could be interpreted as allowing commanders to detain journalists for perceived offenses. A person deemed to be an ?unprivileged belligerent? is not entitled to the rights afforded by the Geneva Conventions, so a commander could restrict such a reporter from certain coverage areas or even hold the reporter indefinitely without charges. Pentagon officials had said the 2015 manual?s reference to ?unprivileged belligerents? was intended to point out that terrorists or spies could be masquerading as reporters. The revised version makes this explicit by citing the example of ?non-state armed groups?, of which al-Qaida would be an example, that use members for propaganda or other media activities, such as those who work for al-Qaida?s Inspire magazine to encourage or recruit militants to join their cause. The new manual also says journalists should not take action ?adversely affecting their status as civilians? if they want to retain protection as a civilian. ?For example, relaying target coordinates with the specific purpose of directing an artillery strike against opposing forces would constitute taking a direct part in hostilities,? it says, and in such a case the person would forfeit protection. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 22 17:15:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2016 22:15:49 -0000 Subject: [Infowarrior] - Cue the Olympics IP bullying, 2016 edition Message-ID: <9C29AA52-E5D1-4BF2-9783-73E48AC90644@infowarrior.org> US Olympic committee bullying unofficial sponsors who use hashtags Olivia Solon https://www.theguardian.com/sport/2016/jul/22/us-olympic-committee-bullying-unofficial-sponsors-hashtags The United States Olympic Committee (USOC) has been using legal bullying tactics to try and prevent companies that aren?t official sponsors of the Games from using ?official? Twitter hashtags such as #TeamUSA and #Rio2016. Over the last few weeks, the USOC has sent letters to companies that sponsor athletes but don?t have a commercial relationship with the USOC or the International Olympic Committee, warning them against stealing intellectual property. One of these letters, written by USOC chief marketing officer Lisa Baird and obtained by ESPN, states: ?Commercial entities may not post about the Trials or Games on their corporate social media accounts. This restriction includes the use of USOC?s trademarks in hashtags such as #Rio2016 or #TeamUSA.? The mean-spirited approach is designed to protect the cash-cow sponsors ? such as Coca Cola, McDonald?s, GE, P&G, Visa and Samsung ? who fork out for marketing presence at the event. It?s been possible to trademark hashtags in the US since 2013, but intellectual property lawyers like Mark Terry say that the USOC is wrong to try to apply the law to those tweeting hashtags. ?The USOC is alleging that commercial entities are using these hashtags and that?s trademark infringement,? Terry told the Guardian. ?I think it?s completely bogus.? ?Trademark infringement occurs when another party uses a trademark and confuses the public as to the source of a product or service that?s being used in commerce. That?s not what happens when you use a hashtag. I?m not selling a product or service, I?m just making statements on an open forum. How else do you indicate you are talking about the Rio 2016 Olympics without saying #Rio2016?? The USOC could have a trademark case if a company was pretending to be a headline sponsor when it fact it wasn?t, but most uses of these hashtags appear to be companies wishing athletes luck on Twitter. The same letter sent by the USOC reminds companies (except for those involved in news media) that they can?t reference any Olympic results or share or repost anything from the official Olympic account. This is where the USOC is wrong. As Timothy Geigner at Techdirt points out, there is no applicable part of trademark law that applies to facts such as sporting results. Furthermore, the restrictions on retweeting make absolutely no sense in the context of social media which is designed to be, you know, social. Much of this silliness comes down to Rule 40 of the Olympic Charter. In previous Olympics, the rule barred athletes from tweeting about non-official sponsors for a month around the Games. And non-sponsors weren?t allowed to feature Olympic athletes that they had sponsorship deals with in their ads during that time. In 2015, Rule 40 was relaxed ever-so-slightly to allow athletes to appear in generic advertising that doesn?t explicitly mention the games or use any Olympic IP, which includes terms such as ?Rio?, ?medal?, ?performance?, ?victory? and ?gold?. Sportswear brand Oiselle was contacted by the USOC when it used a photo of athlete Kate Grace, who the company sponsors, after she won the 800 metres at Olympic trials. Oiselle CEO Sally Bergen told ESPN that the heavy-handed brand policing was ?ridiculous? and that the rules hurt athletes. Companies like Oiselle can?t afford to sponsor athletes if they can?t leverage the relationship in their communications. The USOC did not respond to a request for comment. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 23 10:11:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Jul 2016 15:11:46 -0000 Subject: [Infowarrior] - Yes, The Democratic National Committee Flat Out Lied In Claiming No Donor Financial Info Leaked Message-ID: Yes, The Democratic National Committee Flat Out Lied In Claiming No Donor Financial Info Leaked from the it-leaked-like-a-seive dept https://www.techdirt.com/articles/20160722/16592935045/yes-democratic-national-committee-flat-out-lied-claiming-no-donor-financial-info-leaked.shtml You may recall, from last month, that a hacker (who many have accused of working for the Russian government) got into the Democratic National Committee's computers and copied a ton of stuff. All of the emails that were obtained (a little over 19,000, from seven top DNC officials) are now searchable on Wikileaks, so there are tons of stories popping up covering what's been found. The Intercept, for example, appears to be having a field day exposing sketchy behavior by the DNC. But one point that hasn't received as much attention: the DNC appears to have flat out lied right after the hack happened. In its statement on the hack, the DNC had insisted that no personal donor info got out: "The hackers had access to the information for approximately one year, but that access was wiped clean last weekend, The Washington Post reported, noting that the DNC said that no personal, financial or donor information had been accessed or taken." Except, well, no. There had been reports, driven by the hacker, that the files absolutely did include personal donor info, and now you can see some of that for yourself. For example, it took me all of about 5 minutes to find a list of donors and their email addresses, which I won't be sharing here, but I'm sure others can find as well. And, then, of course, you can find things like this discussion about a potential donor, Niranjan Shah, with "ties" to disgraced and convicted former Illinois Governor Rod Blagojevich, noting that there were "pay to play" accusations associated with him. The DNC noted that they "could be ok" with Shah donating to the DNC, but that the administration might not want him to show up at their events. And, of course, there are emails detailing specific donations by specific people. There are claims that some emails contain credit card data, though I haven't seen that myself. Either way, it certainly appears that in the rush to "nothing to see here" the leak of the info, the DNC simply lied about what was leaked. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 23 17:42:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Jul 2016 22:42:56 -0000 Subject: [Infowarrior] - =?utf-8?q?Officials_Like_to_Compare_Cyberweapons_?= =?utf-8?q?to_Nuclear_Weapons=2E_They=E2=80=99re_Dangerously_Wrong=2E?= Message-ID: <34941D15-529C-4DE1-9CCC-9E8CFFE0EB94@infowarrior.org> Officials Like to Compare Cyberweapons to Nuclear Weapons. They?re Dangerously Wrong. By Patrick Cirenza Officials around the world like to compare the two?but the metaphor is incorrect, and dangerous. ?If Internet security cannot be controlled, it?s not an exaggeration to say the effects could be no less than a nuclear bomb,? said Gen. Fang Fenghui, chief of general staff of the People?s Liberation Army of China, in April 2013. Fang is not alone in drawing comparisons between nuclear weapons and cyberweapons during the past few years. Secretary of State John Kerry responded to a cybersecurity question during his confirmation hearings in January 2013 by saying, ?I guess I would call it the 21st century nuclear weapons equivalent.? That same year, Russian Deputy Prime Minister Dmitry Rogozin praised cyberweapons for their ?first strike? capability. Since 2013, a number of leaders in the U.S. national security establishment?including former National Security Adviser Brent Scowcroft in January 2015, Adm. Michael Rogers of Cyber Command in March 2015, and Director of National Intelligence James Clapper in February of this year?have stated that the threat posed by cyberweapons is comparable to, or greater than, that of nuclear weapons. The list of high-ranking officials who have made an analogy between the fundamentally different nuclear and cyberweapons systems, and are using this flawed analogy as a basis for policy, is a long one. On the surface, the analogy is compelling. Like nuclear weapons, the most powerful cyberweapons?malware capable of permanently damaging critical infrastructure and other key assets of society?are potentially catastrophically destructive, have short delivery times across vast distances, and are nearly impossible to defend against. Moreover, only the most technically competent of states appear capable of wielding cyberweapons to strategic effect right now, creating the temporary illusion of an exclusive cyber club. To some leaders who matured during the nuclear age, these tempting similarities and the pressing nature of the strategic cyberthreat provide firm justification to use nuclear deterrence strategies in cyberspace. Indeed, Cold War?style cyberdeterrence is one of the foundational cornerstones of the 2015 U.S. Department of Defense Cyber Strategy. However, dive a little deeper and the analogy becomes decidedly less convincing. At the present time, strategic cyberweapons simply do not share the three main deterrent characteristics of nuclear weapons: the sheer destructiveness of a single weapon, the assuredness of that destruction, and a broad debate over the use of such weapons..... <, - > http://www.slate.com/articles/technology/future_tense/2016/03/cyberweapons_are_not_like_nuclear_weapons.html -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 25 06:58:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2016 11:58:55 -0000 Subject: [Infowarrior] - =?utf-8?q?Fwd=3A_Donald_Trump_Doesn=E2=80=99t_Und?= =?utf-8?q?erstand_Cyberwar?= References: <277675518.3961785.1469447492372.JavaMail.yahoo@mail.yahoo.com> Message-ID: <205586A6-E4CE-4DA3-ABDB-6CBBBD69756E@infowarrior.org> (c/o MM) -- It's better to burn out than fade away. > Donald Trump Doesn?t Understand Cyberwar > By Kaveh Waddell // Kaveh Waddell is an associate editor at The Atlantic. > July 22, 2016 > http://www.defenseone.com/technology/2016/07/donald-trump-doesnt-understand-cyberwar/130143/ > In late March, Donald Trump sat down with a few reporters from The New York Times for a rare, in-depth interview about his foreign policy ideas. The conversation careened from Middle East alliances to nuclear weapons to trade pacts, touching briefly on the ever-more pressing topic of cyberwar. Trump said the U.S. lagged behind other world powers, and that the ?inconceivable power of cyber? should figure ?very strongly in our thought process.? > At the time , I called Trump?s responses half-baked. Now, far from being cooked through, his thoughts on cybersecurity and cyberwar seem to have deflated even further. At the Republican National Convention this week, the Times? Maggie Haberman and David Sanger checked up on the ideas of the man who?s now the Republican nominee for president. Here?s what he had to say: > David Sanger: You?ve seen several of those countries come under cyberattack, things that are short of war, clearly appear to be coming from Russia. > Donald Trump: Well, we?re under cyberattack. > Sanger: We?re under regular cyberattack. Would you use cyberweapons before you used military force? > Trump: Cyber is absolutely a thing of the future and the present. Look, we?re under cyberattack, forget about them. And we don?t even know where it?s coming from. > Sanger: Some days we do, and some days we don?t. > Trump: Because we?re obsolete. Right now, Russia and China in particular and other places. > Sanger: Would you support the United States? not only developing as we are but fielding cyberweapons as an alternative? > Trump: Yes. I am a fan of the future, and cyber is the future. > At that point, Sanger gave up and moved on to a new line of questioning. > In March, Trump was wrong about several aspects of cyberwar. This time, he stuck to statements so anodyne that they?re nearly impossible to fact check. > Like before, Trump appears particularly worried about the difficulty of tracking down the perpetrators of cyberattacks. That?s certainly one of the things that makes cyberwar trickier than a conventional conflict: A missile might be easy to track through the sky, but a virus can come from anywhere, and skilled hackers generally cover their digital tracks assiduously. > See also: Tech Hates Trump. What Does That Mean For the Pentagon? > And How Trump?s Supporters Understand His National Security Views > As well as When It Comes to Terrorism, Federal Workers Prefer Trump, New Poll?Shows > But the U.S. is getting good at identifying attackers. Officials attributed a massive attack on Sony Pictures Entertainment to North Korea, and privately pointed fingers at China for data breaches at the Office of Personnel Management, and at Russia for attempts to get into email systems at the State Department at the White House. > Trump also repeated his earlier claim that the United States is ?obsolete? in cyberwar. It?s true that state-sponsored hackers have repeatedly poked holes in the defenses of American corporations and governments. But American offensive capabilities are likely unmatched . > This year, the Defense Department launched into full-on cyberwar against the Islamic State, promising to disrupt the group?s propaganda, internal communications, and basic functions like payroll. The campaign marks the first time the Pentagon has publicly announced that it?s using its own cyberweapons to go after an adversary?previous attacks, like the Stuxnet worm that targeted Iranian nuclear centrifuges, were conducted in secrecy. But as reported by The Washington Post, the operation, which would support the U.S.-led coalition?s airstrike campaign, has gotten off to a slow start , as the Pentagon hires up for the effort and stockpiles weapons to use against the group. > Of course, this is a whole lot more detail than Trump was ready or willing to take on in his interview this week. Political analysts, security experts, and even the nominee?s own ghostwriter are wringing their hands over the thought of the lasting, catastrophic damage Trump could inflict with access to the U.S. nuclear arsenal. The potential that he?d misuse the government?s secretive stockpile of viruses and malware is only slightly less worrisome. > If Trump is to live up to his self-proclaimed title?a ?fan of the future??he?d do well to brush up on his cyberwar talking points before the first presidential debate in September. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Mon Jul 25 07:15:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2016 12:15:29 -0000 Subject: [Infowarrior] - OT: Amazing Job Opportunity: Be Hillary's Security Engineer! Message-ID: <09E4BF77-AA56-4876-8742-C5381808E372@infowarrior.org> (preferably not of Russian descent, but that is negotiable for the right candidate I'm sure. --rick) Amazing Job Opportunity: Be Hillary's Security Engineer! http://gizmodo.com/amazing-job-opportunity-be-hillarys-security-engineer-1784229238 -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 25 13:51:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2016 18:51:18 -0000 Subject: [Infowarrior] - Iraq Finally Bans Fake Bomb Detectors After July 3 Blast Message-ID: Iraq Finally Bans Fake Bomb Detectors After July 3 Blast ? By hamza hendawi, associated press BAGHDAD ? Jul 25, 2016, 2:16 AM ET http://abcnews.go.com/International/wireStory/iraq-finally-bans-fake-bomb-detectors-july-blast-40845249 For nearly a decade, anyone driving through one of Baghdad's many checkpoints was subjected to a search by a soldier pointing a security wand at their vehicle and watching the device intently to see if its antenna moved. If it pointed at the car, it had supposedly detected a possible bomb. The wands were completely bogus. It had been proven years ago, even before 2013 when two British men were convicted in separate trials on fraud charges for selling the detectors. The devices, sold under various names for thousands of dollars each, apparently were based on a product that sold for about $20 and claimed to find golf balls. Yet the Iraqi government continued to use the devices, spending nearly $60 million on them despite warnings by U.S. military commanders and the wands' proven failure to stop near-daily bombings in Baghdad. It took a massive suicide bombing that killed almost 300 people in Baghdad on July 3 ? the deadliest single attack in the capital in 13 years of war ? for Prime Minister Haider al-Abadi to finally ban their use. The reason it took so long is likely the widespread corruption in the government. Iraqis mocked the device from the start, joking that too much aftershave could set off the antenna. Now there are accusations that plans to start using newly imported explosives-detecting scanners were intentionally held up as part of the political wrangling over which faction ? the military or the police ? will control security in Baghdad. Since the wands were banned, soldiers at Baghdad checkpoints largely wave motorists through, occasionally asking for vehicle registrations and driver's licenses and taking a quick look inside. Plainclothes intelligence agents scrutinize drivers and passengers. Police dogs have been used at some checkpoints, but that has proven to be time-consuming and contributing to traffic congestion. In some places, the wands are still being used ? at some checkpoints in Baghdad and in the southern port city of Basra, Iraq's third-largest city ? nearly two weeks after the Baghdad bombing. They also were used across the holy city of Najaf south of Baghdad for at least a week after al-Abadi's order before they were finally recalled. "The withdrawal of the device is continuing, but it's still in use here and there, for now," Brig. Gen. Saad Maan, the Interior Ministry's chief spokesman, told The Associated Press. He said the new vehicles equipped with scanners have been deployed at checkpoints on major roads leading to the capital. "All this will have a positive impact on Baghdad's security," he said. Officials say the explosives-laden minibus used in the July 3 attack in Baghdad's central Karradah district started its journey in Diyala province, traveling 50 kilometers (31 miles) to the capital. The vehicle, a type used as communal taxis in Iraq, would have encountered at least half a dozen checkpoints, most of which likely used the wand. Investigators say the vehicle carried a 250-kilogram (550-pound) bomb. Four days after the Karradah bombing, three suicide bombers struck a Shiite shrine in Balad, north of Baghdad, killing 37 people. A series of small bombings also rocked the capital, killing about two dozen people. When Iraqi security forces first began using the ADE-651 wands, U.S. and British military commanders in Iraq dismissed the devices as useless and counseled the government to stop using them. Faced with mounting criticism, former Prime Minister Nouri al-Maliki ordered an investigation into the effectiveness of the devices in 2010. The outcome was inconclusive, and they continued to be used. The head of the Interior Ministry's bomb squad department, Jihad al-Jabri, was convicted in 2012 and sentenced to four years in prison for accepting a bribe from the British manufacturers. But the case against him did not address whether the wands were effective. Many Iraqis believe he was a scapegoat to protect more senior Iraqi officials from prosecution. Politics also may have played a role. After the July 3 blast, al-Abadi fired the military officer in charge of Baghdad's security and accepted the resignation of Interior Minister Mohammed Salem al-Ghabban, who was in charge of police. Al-Abadi also ordered an investigation into why nearly 70 vehicles equipped with explosives-detecting scanners that were imported last year were left in Interior Ministry garages and had not been deployed. Al-Ghabban had been demanding for months that his ministry be given complete control over security in Baghdad. Al-Abadi had resisted, however, keeping the military in charge. Since al-Ghabban is close to one of the most powerful Shiite militias, his opponents feared his demand aimed to give militias control over Baghdad. Speaking to the AP, the chairman of parliament's security and defense committee accused al-Ghabban of intentionally failing to deploy the scanner vehicles as a political ploy. "It's due to the minister's demands that security control of Baghdad be given to the ministry," said Hakim al-Zamli. "If it were given to him, he would use them (the vehicles). If not, he won't use them." Al-Ghabban, in turn, has said he was stymied in attempts to protect Baghdad. After his dismissal, he said al-Abadi repeatedly ignored his proposals for bolstering security. He complained that too many security and intelligence agencies were involved in protecting Baghdad. "I wanted the entire security file to be left in the hands of the Interior Ministry so it can be fully accountable," he said. "My job was emptied of genuine tasks, tools and powers, and became ceremonial." Qais Adil Faraj, the father of one of the Karradah victims, blames "corruption" and "treason" among the security forces for the bombing. He said he has no faith in the new security measures in the capital. "More and more bombings will follow the one in Karradah," he said. "This government will never maintain security nationwide or even just in Baghdad." ??? Associated Press writers Qassim Abdul-Zahra, Sinan Salaheddin and Ali Abdul-Hassan contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 25 13:54:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2016 18:54:40 -0000 Subject: [Infowarrior] - Wikileaks threatening journalists? Message-ID: <20334C37-54A2-4767-8816-DCFAF12A8D48@infowarrior.org> WikiLeaks fires off warning to MSNBC host http://thehill.com/blogs/blog-briefing-room/news/289084-wikileaks-fires-off-warning-to-msnbc-host -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 25 14:00:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2016 19:00:51 -0000 Subject: [Infowarrior] - EFF sues US government, saying copyright rules on DRM are unconstitutional Message-ID: <82BE9D5B-9B6B-472D-BA93-088BADB680FF@infowarrior.org> EFF sues US government, saying copyright rules on DRM are unconstitutional Joe Mullin - 7/22/2016, 9:50 AM Law & Disorder ? DMCA's "anti-circumvention" rule has rankled hackers and scholars for a long time. http://arstechnica.com/tech-policy/2016/07/eff-sues-us-government-saying-copyright-rules-on-drm-are-unconstitutional/ Since the Digital Millennium Copyright Act (DMCA) became law in 1998, it has been a federal crime to copy a DVD or do anything else that subverts digital copy-protection schemes. Soon, government lawyers will have to show up in court to defend those rules. Yesterday, the Electronic Frontier Foundation filed a lawsuit (PDF) claiming the parts of the Digital Millennium Copyright Act that deal with copy protection and digital locks are unconstitutional. Under the DMCA, any hacking or breaking of digital locks, often referred to as digital rights management or DRM, is a criminal act. That means modding a game console, hacking a car's software, and copying a DVD are all acts that violate the law, no matter what the purpose. Those rules are encapsulated in Section 1201 of the DMCA, which was lobbied for by the entertainment industry and some large tech companies. Users can lobby for "exceptions" to the DMCA's rules through a rule-making process that takes place every three years through the Librarian of Congress. But EFF's lawsuit says that doesn't alleviate the basic problems with the law and claims "the rulemaking itself is an unconstitutional speech-licensing regime." The Librarian of Congress exceptions have been haphazard, at best. Last year, LoC allowed hackers who want to circumvent copy protection to revive defunct games to do so?unless the games involve a central server. Unlocking your cell phone was made legal in 2006, then banned again in 2012, before being legalized by Congress. In the most recent 1201 rulemaking, the Library of Congress denied petitions requesting permission to copy portions of movies for "narrative" filmmaking, noncommercial filmmaking using more than short clips, and educational uses for K-12 students. "As a result, it may be unlawful to circumvent in order to create a running critical commentary on a large portion of a political debate, sporting event, or movie, when where such activity would be a noninfringing fair use," states EFF. Finally, the DMCA also includes an "anti-trafficking" provision, which can't be voided through the exemption process. That provision bans distributing tools that would help with circumvention. In other words, even if the Librarian of Congress were to pass an exemption to allow DVDs to be hacked for a specific purpose?say, letting teachers make clips for high school students in a media studies class?it would still be illegal to distribute software to help with that task. The speech we don't see One of EFF's clients in the case is Matthew Green, a computer science professor and researcher at Johns Hopkins University, who wants to include information in an upcoming book about how to circumvent security systems. Green's work includes investigating the security of encryption devices, and he has a grant from the National Science Foundation to investigate whether medical record systems are secure. Yet, he has avoided certain investigations and research because of concerns about litigation based on Section 1201. "Instead of welcoming vulnerability reports, companies routinely threaten good-faith security researchers with civil action, or even criminal prosecution," Green wrote in a blog post explaining his decision to participate in the lawsuit. "Companies use the courts to silence researchers who have embarrassing things to say about their products, or who uncover too many of those products' internal details." Another client is Andrew "bunnie" Huang, an electrical engineer and hacker who runs several small businesses. One of those businesses is Alphamax, which creates NeTVCR devices for editing HD television. In order to do that, he has to circumvent the "lock" on HDMI signals, even though Intel has threatened to sue anyone who does so. Huang's NeTVCR technology could enable new types of non-infringing speech, if it was legal. For instance, a video gamer could post an image of herself playing a game, along with commentary; two films could be compared side-by-side on the same screen; a live presidential debate could be combined with the text of a commentator's live blog. Before Section 1201 was passed, "we had the right to tinker with gadgets that we bought, we had the right to record TV shows on our VCRs, and we had the right to remix songs," Huang wrote on his blog. "Section 1201 is a draconian and unnecessary restriction on speech and the time has come to set it aside," writes EFF staff attorney Kit Walsh in a blog post announcing the lawsuit. "The future of cultural participation and software-related research depends on it." "[C]opyright law shouldn?t be casting a legal shadow over activities as basic as popping the hood of your own car, offering commentary on a shared piece of culture (and helping others do so), and testing security infrastructure," writes EFF's Parker Higgins, in a separate post explaining the effects that Section 1201 has on scholars, artists, and activists. "It?s time for the courts to revisit Section 1201, and fix Congress?s constitutional mistake." -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 25 17:24:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2016 22:24:57 -0000 Subject: [Infowarrior] - Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions Message-ID: (The group reportedly attacked Zeynep for pointing this out. --rick) Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions from the whoo-boy dept Last week, we (like many others) reported on the news that Turkey was blocking access to Wikileaks, after the site released approximately 300,000 emails, supposedly from the Turkish government. We've long been defenders of Wikileaks as a media organization, and its right to publish various leaks that it gets. However, Zeynep Tufekci, who has long been a vocal critic of the Turkish government (and deeply engaged in issues involving the internet as a platform for speech) is noting that the leak wasn't quite what Wikileaks claimed it was -- and, in fact appears to have revealed a ton of private info on Turkish citizens. < - > https://www.techdirt.com/articles/20160725/11391635062/wikileaks-leak-turkish-emails-reveals-private-details-raises-ethical-questions.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 26 07:20:39 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jul 2016 12:20:39 -0000 Subject: [Infowarrior] - In a major cyber hack, who do you call? The White House spells it out. Message-ID: <53695D14-3357-42DB-AD40-7285A98D22A1@infowarrior.org> In a major cyber hack, who do you call? The White House spells it out. By Ellen Nakashima July 26 at 6:00 AM https://www.washingtonpost.com/world/national-security/in-a-major-cyber-hack-who-do-you-call-the-white-house-spells-it-out/2016/07/26/08b3287e-52db-11e6-bbf5-957ad17b4385_story.html NEW YORK ? President Obama has approved a new directive that spells out for the first time in writing how the government handles significant cyber incidents. The directive, to be announced Tuesday, lets the public know which agency handles what, answering an oft-heard question after a breach: Who do I call for help? The administration also for the first time reveals how it grades the severity of an event ? and how it determines what is significant. The directive comes as the administration is grappling with its latest major cyber incident ? the Russian hack of the Democratic National Committee?s computers and the suspected release by the Russians of the embarrassing DNC emails that appeared Friday on the anti-secrecy site WikiLeaks, days before the Democratic National Convention was to begin in Philadelphia. This incident will certainly test the new directive, as officials are still weighing how severe the breach is. To be considered significant, an incident must be likely to result in at least a ?demonstrable impact? to public health or safety, national security, economic security, foreign relations, civil liberties or public confidence. The implications of the hack ? and the administration has not publicly blamed it on Moscow ? are still unfolding. Officials have not yet determined, for instance, if Russia is truly behind the WikiLeaks release. Democratic officials have accused Moscow of trying to influence the outcome of the U.S. election. Such an operation would represent a novel threat for Washington. But White House officials have noted the evolving challenge of cyberthreats, be they from foreign governments, hacktivists, criminals or terrorists. ?We are in the midst of a revolution of the cyberthreat ? one that is growing more persistent, more diverse, more frequent and more dangerous every day,? said Lisa Monaco, Obama?s adviser for homeland security, in remarks she is expected to deliver Tuesday at a conference at Fordham University here. In announcing the directive, Monaco will also say that the scale of the government?s response will be based on an assessment of the risks posed by an incident. ?How might it affect our national security or economy? Does it threaten the life or liberties of American people?? The directive has been in the works for at least two years, but reflects the experience of almost eight years of dealing with increasingly complex and challenging cyber incidents. The last four have been particularly trying. Last year, officials discovered that the Chinese had breached computers at the Office of Personnel Management, exposing the data of 22 million current and former federal employees and their families. The year before that, North Korean hackers disrupted the network of Sony Pictures Entertainment, deleting files and disabling computers, uploading unreleased films to the Internet and leaking embarrassing emails. It was all an apparent effort to dissuade the studio from releasing a satirical film depicting the assassination of the country?s supreme leader, Kim Jong Un. These two incidents certainly would be considered significant, though OPM ?moved up the scale? when, as a result of the breach, it became difficult to process employees? security clearances, said a senior administration official, who spoke under ground rules of anonymity. The White House has come up with a severity scheme ranging from Level 0 for an inconsequential event to Level 5 for an emergency ? or an attack that poses an ?imminent threat? to critical systems such as the power grid, federal government stability or people?s lives. Level 2 is reserved for an incident that may affect public safety or national security. Level 3 moves into the realm of significant, for high severity events that are likely to have a ?demonstrable? impact on public safety or national security. There has been no known incident that would be considered a 5, senior officials said. The suspected Russian cyberattack on Ukraine?s electric grid in December that caused widespread power outages probably would have been a Level 4 ? a ?severe? event that likely would result in ?significant? harm to public safety or national security ? if it had happened in the United States, the official said. An example of an incident that was high-profile but probably would not have risen to significant was the 2013 breach of Target, which affected the debit and credit card data of 40 million customers, officials said. ?If you?re the Target CEO, that was probably very high on your scale,? the senior official said. ?But from a national security perspective, we did not need to spin up a huge amount of government machinery to handle that incident.? The directive does not discuss how the government should respond to a significant event ? whether it should impose sanctions, pursue indictments or even just publicly blame another country, for instance. Each case is fact-specific and responses depend on a range of factors, including geopolitics. But having the scheme helps them ?calibrate? whether they are giving an incident due attention, the official said. For businesses, government agencies and other governments that are often unsure of whom to call in a cyber incident, the White House also has simplified the organization chart. The FBI is the lead federal agency for investigating criminal and national security hacks. The Department of Homeland Security has the baton in helping breached organizations reduce the impact of an event and prevent its spread. The Cyber Threat Intelligence Integration Center, or CTIIC, pools intelligence to help identify who directed an intrusion or attack. The Defense Department is not mentioned in the PPD as it does not play a primary role in domestic cybersecurity. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 26 14:56:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jul 2016 19:56:35 -0000 Subject: [Infowarrior] - Attn, Motorola phone users.... Message-ID: <81B584BD-6C11-4929-A1C7-16F19562B720@infowarrior.org> Motorola confirms that it will not commit to monthly security patches Motorola says it is "more efficient" to bundle security updates into fewer releases. http://arstechnica.com/gadgets/2016/07/motorola-confirms-that-it-will-not-commit-to-monthly-security-patches/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 26 15:34:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jul 2016 20:34:38 -0000 Subject: [Infowarrior] - Rainbow-Brite Alert Scheme Announced for Cyber Message-ID: <5A324932-09D9-49E0-8C2A-61BB1D719196@infowarrior.org> Obama Created a Color-Coded Cyber Threat 'Schema? After the DNC Hack Written by Jason Koebler July 26, 2016 // 01:59 PM EST < - > The Cyber Incident Severity Schema ranges from white (an ?unsubstantiated or inconsequential event?) to black (a hack that ?poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons?), with green, yellow, orange, and red falling in between. Any hack or threat of a hack rated at orange or above is a ?significant cyber incident? that will trigger what the Obama administration is calling a ?coordinated? response from government agencies. < - > https://motherboard.vice.com/read/obama-created-a-color-coded-cyber-threat-schema-after-the-dnc-hack -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 26 17:06:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jul 2016 22:06:51 -0000 Subject: [Infowarrior] - Official who oversees whistleblower complaints files one of his own Message-ID: <9D07108E-7521-4CAA-834F-7522EF910943@infowarrior.org> Official who oversees whistleblower complaints files one of his own By Marisa Taylormtaylor at mcclatchydc.com The Obama administration?s top official overseeing how intelligence agencies handle whistleblower retaliation claims has lodged his own complaint, alleging he was punished for disclosing ?public corruption.? Daniel Meyer, who previously oversaw the Defense Department?s decisions on whistleblowing cases, also says he was targeted for being gay, according to records obtained by McClatchy. Meyer made the allegations in a complaint before the Merit Systems Protection Board, an administrative panel that handles employment grievances from federal employees, after another agency rejected his claims. Meyer?s claims add to a barrage of allegations that the federal government?s handling of defense and intelligence whistleblower cases is flawed. In the complaint, Meyer, who once worked for the Pentagon?s inspector general?s office, accused his former Defense Department bosses of ?manipulation of a final report to curry favor? with then-Defense Secretary Leon Panetta. < - > http://www.mcclatchydc.com/news/nation-world/national/national-security/article91949562.html -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 06:55:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 11:55:17 -0000 Subject: [Infowarrior] - =?utf-8?q?Pok=C3=A9mon_Go!_A_Sneak_Peek_at_Forens?= =?utf-8?q?ic_Artifacts?= Message-ID: <79F2762C-052E-4F94-896F-D6BBEEC0757D@infowarrior.org> (c/o DM) Oh, No ? Pok?mon Go! A Sneak Peek at Forensic Artifacts https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 06:59:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 11:59:13 -0000 Subject: [Infowarrior] - Fwd: Russian censor bans Comodo, its own certificate provider References: Message-ID: <3F409893-1DD6-4DFD-B3DC-219E7BB829F3@infowarrior.org> How do you say "oopsie!" in Russian? -- It's better to burn out than fade away. > Begin forwarded message: > > From: Dan > > https://www.techdirt.com/articles/20160723/15535635050/russian-censor-bans-comodo-doesnt-realize-own-security-certificate-is-comodo.shtml > > Russian Censor Bans Comodo... Doesn't Realize Its Own Security Certificate Is From Comodo > > The Russian government's state censorship organization, Roskomnadzor (technically its telecom regulator) has been especially busy lately as the government has continued to crack down on websites it doesn't like. However, as pointed out by Fight Copyright Trolls, it appears that Roskomnadzor may have gone a bit overboard recently, in response to a court ruling that had a massive list of sites to be banned (over a thousand pages). Apparently, as part of that, various sites associated with Comodo were all banned. That's pretty bad for a variety of reasons, starting with the fact that Comodo remains one of the most popular issuers of secure certificates for HTTPS. > > In fact, as many quickly noted, Roskomnadzor's own website happens to be secured with a certificate from... Comodo: > > > > It's not entirely clear the impact of this, but the Rublacklist site appears to be implying (via my attempt at understanding Google translate's translation...) that this also means that sites that rely on Roskomnadzor's registry of sites to block... may be blocked from accessing the list. Because its own site is effectively blocked by the list. Oops. > From rforno at infowarrior.org Wed Jul 27 08:14:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 13:14:14 -0000 Subject: [Infowarrior] - WikiLeaks Has Officially Lost the Moral High Ground Message-ID: WikiLeaks Has Officially Lost the Moral High Ground Author: Emma Grey Ellis https://www.wired.com/2016/07/wikileaks-officially-lost-moral-high-ground/ What the heck is going on at WikiLeaks? In the last two weeks, the font of digital secrets has doxed millions of Turkish women, leaked Democratic National Committee emails that made Hillary Clinton?s presidential campaign look bad but also suggested the site was colluding with the Russian government, and fired off some seriously anti-Semitic tweets. It?s?weird. WikiLeaks is always going to be releasing information some people don?t like. That is the point of them. But lately the timing of and tone surrounding their leaks have felt a little off, and in cases like the DNC leak, more than a little biased. At times, they haven?t looked so much like a group speaking truth to power as an alt-right subreddit, right down to their defense of Milo Yiannopoulos, a (let?s be honest, kind of trollish) writer at Breitbart. But the way WikiLeaks behaves on the Internet means a lot more than some basement-dwelling MRA activist. ?WikiLeaks? initial self-presentation was as merely a conduit, simply neutral, like any technology,? says Mark Fenster, a lawyer at the University of Florida?s Levin College of Law. ?As a conduit, it made a lot of sense, and had a lot of influence, immediately. The problem is, WikiLeaks is not just a technology. It?s humans too.? WikiLeaks has endangered individuals before, but their release of the so-called Erdogan Emails was particularly egregious. The organization said that the infodump would expose the machinations of Turkish president TKName Erdogan immediately after the attempted coup against him, but instead turned out to be mostly correspondence and personal information from everyday Turkish citizens. Worse, it included the home addresses, phone numbers, party affiliations, and political activity levels of millions of female Turkish voters. That?s irresponsible any time, and disastrous in the week of a coup. The incident exposed gross negligence, though it?s true that lots of publications (including WIRED) made things worse by failing to vet the leak?s content and linking to the documents in their coverage. Zeynep Tufekci, a sociologist at the University of North Carolina at Chapel Hill (herself of Turkish descent), wrote an essay criticizing WikiLeaks and Western media outlets for endangering Turkish citizens, and WikiLeaks and their supporters turned on her, hard. ?Within five minutes they called me an Erdogan apologist, which speaks volumes to their lack of research,? Tufekci says. ?And then they blocked me. So much for hearing something they don?t like.? The provenance and truth of the DNC emails looks more solid?but those sketchy ties to Russia make the whole thing seem like a foreign government trying to influence the US presidential election. It?s a little weird (tinfoil hat alert) that Julian Assange, WikiLeaks? founder, has a show on RT, a Russian government-funded (read: propaganda) television network. And a little off that the DNC leak whodunnit seems to point to a pair of Russian hackers thought to be affiliated with the Russian intelligence agencies FSB and GRU, respectively. And then, inexplicably, the WikiLeaks official Twitter account also dove straight for naked anti-Semitism. First they denied the tweet was anti-Semitic at all. Then they deleted it, and defended the deletion like this: Which as rebuttals go, is about as convincing as ?I know you are, but what am I?? But that?s not what?s really important here. WikiLeaks and Assange say they have no responsibility for the content they leak, and that no one has evidence that the sources of the DNC leak are Russian. But these leaks and tweets damage WikiLeaks? credibility. If they?re not scrutinizing their own leaks on the base level of their content, it?s not hard to imagine that WikiLeaks could unwittingly become part of someone else?s agenda (like, say, a Russian one). ?If you are a legitimate leaker, why go with WikiLeaks? You go with The Intercept or the New York Times, like they did with the Panama Papers? says Nicholas Weaver, a computer scientist at UC Berkeley who studies the organization. ?Wikileaks is a pastebin for spooks, and they?re happy to be used that way.? WikiLeaks isn?t necessarily the big bad here?if the FSB wants to leak some DNC emails as part of an effort to install Trump as a ?Siberian Candidate,? (don?t look at us; that?s the New York Times? joke) they?re going to do it. But WikiLeaks? actions could have effects that run counter to their own ideals. ?This has done more damage to the fight for free and open internet than anything Erdogan could do,? says Tufekci. ?If you expose people?s private information, and then the Western media publicizes it, they are going to withdraw from the internet.? Fundamentally, WikiLeaks was supposed to be better. Assange openly said he hoped the DNC leak damaged the Clinton campaign. ?There was the hope that in the wake of WikiLeaks? emergence, a thousand WikiLeaks would bloom, in the same way that the Arab Spring was a really romantic ideal of the effect that digital communication can have on geopolitics,? says Fenster. ?But the ideal of WikiLeaks as an information conduit that is stateless and can serve as a neutral technology isn?t working. States fight back.? WikiLeaks? moral high ground depends on its ability to act as an honest conduit. Right now it?s acting like a damaged filter. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 09:27:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 14:27:50 -0000 Subject: [Infowarrior] - =?utf-8?q?Florida_judge=3A_Bitcoins_aren=E2=80=99?= =?utf-8?q?t_currency=2C_so_state_money_laws_don=E2=80=99t_apply?= Message-ID: Florida judge: Bitcoins aren?t currency, so state money laws don?t apply Cyrus Farivar - 7/27/2016, 9:40 AM http://arstechnica.com/tech-policy/2016/07/florida-judge-bitcoins-arent-currency-so-state-money-laws-dont-apply/ A Florida judge has decided in favor of a bitcoin vendor charged with violating local money-laundering laws, because, she found, the cryptocurrency is not money as defined under state law. ?The Florida Legislature may choose to adopt statutes regulating virtual currency in the future,? Miami-Dade Circuit Judge Teresa Mary Pooler wrote in her Monday opinion. ?At this time, however, attempting to fit the sale of bitcoin into a statutory scheme regulating money services businesses is like fitting a square peg in a round hole.? According to her eight-page opinion, a Miami police detective began investigating local bitcoin sales in the area in 2013 after learning more about it from a local and federal task force led by the Secret Service. Detective Ricardo Arias then started looking at postings on localbitcoins.com, a website where people can arrange in-person bitcoin sales for cash, often anonymously. One vendor, ?Michelhack,? offered 24-hour availability and only wanted to meet in public places, which Arias thought might be suspicious. On December 4, 2013, Arias, working undercover, arranged to meet ?Michelhack,? who turned out to be a man named Michell Espinoza, at a Miami caf?. Espinoza sold him 0.4 bitcoins for $500 cash. A month later, Arias again arranged a second deal, buying 1 bitcoin for $1,000. According to the judge?s summary, at this meeting Arias, working still undercover, told the vendor that he was interested in buying ?stolen credit card numbers from Russians? and would be using the bitcoins to pay for them. Arias asked Espinoza if he?d accept stolen credit card numbers as payment, and Espinoza said he would ?think about it.? Then, after arranging a third transaction, Arias tried to set up a large buy of $30,000 worth of bitcoins. Meeting in a hotel room wired for surveillance, Arias produced a ?flash roll? of hundreds as a way to convince Espinoza. The vendor inspected it and told Arias that he thought it might be counterfeit. Arias arrested Espinoza before he took possession of the large quantity of cash, charging him with three counts of unlawfully being a money transmitter and two counts of money laundering. Espinoza and his lawyer have been challenging the case ever since. A spokesman for the Miami-Dade State Attorney?s Office told the Miami Herald: ?We are presently reviewing the court order to determine whether we will be appealing this decision.? As it is a state case, the ruling has no legal bearing outside of Florida. In March 2013, a US federal agency, the Financial Crimes Enforcement Network (FinCEN), published new guidelines stipulating that bitcoin-related businesses should be considered Money Services Businesses under US law. Later that year, in August 2013, a federal judge in Texas found that bitcoins are ?a currency or form of money," and are therefore subject to relevant US laws. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 11:18:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 16:18:52 -0000 Subject: [Infowarrior] - NYT: Trump wants Russia to hack Hillary's email Message-ID: <54A30C72-2D90-494C-9D0A-14CFCB5A3160@infowarrior.org> Donald Trump Challenges Russia to Find Hillary Clinton?s Missing Emails Ashley Parker http://www.nytimes.com/2016/07/28/us/politics/donald-trump-russia-clinton-emails.html Donald J. Trump at a news conference in Doral, Fla. on Wednesday. Todd Heisler/The New York Times DORAL, Fla. ? Donald J. Trump said Wednesday that he hoped Russia had hacked Hillary Clinton?s email, essentially sanctioning a foreign power?s cyberspying of a secretary of state?s correspondence. ?Russia, if you?re listening, I hope you?re able to find the 30,000 emails that are missing,? Mr. Trump said, staring directly into the cameras. ?I think you will probably be rewarded mightily by our press.? Mr. Trump?s call was an extraordinary moment at a time when Russia is being accused of meddling in the U.S. presidential election. His comments came amid questions about the hacking of the Democratic National Committee?s computer servers, which researchers have concluded was likely the work of two Russian intelligence agencies. Later in the news conference, when asked if he was really urging a foreign nation to hack into the private email server of Mrs. Clinton, or at least meddle in the nation?s elections, he dismissed the question. ?That?s up to the president,? Mr. Trump said, before finally telling the female questioner to ?be quiet ? let the president talk to them.? Mr. Trump has largely dismissed assertions that Russia was behind the Democratic committee breach as conspiracy theories ? a view he reiterated again when he said the hack ?is probably not Russia.? But at the news conference at one of his Florida golf courses, as the third day of the Democratic National Convention was set to begin in Philadelphia, the Republican presidential nominee refused to unequivocally call on Vladimir V. Putin, Russia?s president, to not meddle in the United States? presidential election. ?I?m not going to tell Putin what to do,? Mr. Trump said. ?Why should I tell Putin what to do?? He added that if Russia, or any foreign government, is, in fact, behind the hack, it simply shows just how little respect other nations have for the current administration. ?President Trump would be so much better for U.S. relations? than a President Clinton, Mr. Trump said. ?I don?t think he respects Clinton.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 11:55:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 16:55:28 -0000 Subject: [Infowarrior] - more on ... Re: NYT: Trump wants Russia to hack Hillary's email In-Reply-To: <54A30C72-2D90-494C-9D0A-14CFCB5A3160@infowarrior.org> References: <54A30C72-2D90-494C-9D0A-14CFCB5A3160@infowarrior.org> Message-ID: From a friend.... "At what point does soliciting a cyber attack - from a foreign power - on ones' opponent in a presidential election become a near-criminal act?" Interesting question, indeed. And one nobody would ever think would come up..... -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 16:13:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 21:13:32 -0000 Subject: [Infowarrior] - New York DA Wants Apple, Google to Roll Back Encryption Message-ID: <11701DBC-48D7-48C5-B81D-21E51F4315B5@infowarrior.org> (I think this guy needs a bottle, binky and time-out to calm down on this issue. -- rick) New York DA Wants Apple, Google to Roll Back Encryption http://www.tomsguide.com/us/vance-phone-decrypt-iccs,news-23050.html -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 27 18:30:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2016 23:30:15 -0000 Subject: [Infowarrior] - Security experts have cloned all seven TSA master keys Message-ID: Security experts have cloned all seven TSA master keys https://techcrunch.com/2016/07/27/security-experts-have-cloned-all-seven-tsa-master-keys/?ncid=rss Posted 45 minutes ago by John Biggs (@johnbiggs) Key escrow ? the process of keeping a set of keys for yourself ?just in case? ? has always been the U.S. government?s modus operandi when it comes to security. From the disastrous Clipper chip to today, the government has always wanted a back door into encryption and security. That plan backfired for the TSA. The TSA, as you?ll remember, offers a set of screener-friendly locks. These locks use one of seven master keys that only the TSA can use ? until 2014. In an article in The Washington Post, a reporter included a shot of all seven keys on a desk. It wasn?t long before nearly all the keys were made available for 3D printing and, last week, security researchers released the final key. At last week?s HOPE Conference in New York, hackers calling themselves DarkSim905, Johnny Xmas, and Nite 0wl explained how ? and why ? they cracked the TSA keys. ?This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It?s a great metaphor for how weak encryption mechanisms are broken ? gather enough data, find the pattern, then just ?math? out a universal key (or set of keys),? said Johnny Xmas. ?What we?re doing here is literally cracking physical encryption, and I fear that metaphor isn?t going to be properly delivered to the public.? The keys, should you be interested, are here and can be printed on a 3D printer. The TSA, for their part, doesn?t care, telling The Intercept that ?The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security. These consumer products are ?peace of mind? devices, not part of TSA?s aviation security regime.? In other words, you might as well not use locks at all. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 1 15:01:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Jul 2016 20:01:45 -0000 Subject: [Infowarrior] - Apple patents technology enabling police to prevent iPhones from filming police abuse Message-ID: Posted on July 1, 2016 by Rick Falkvinge Apple patents technology enabling police to prevent iPhones from filming police abuse https://www.privateinternetaccess.com/blog/2016/07/apple-patents-technology-enabling-police-prevent-filming-abuse/ Apple has been awarded a patent for making your camera refuse to record what it?s seeing if it also sees something akin to an infrared strobe light. The intention is to prevent recording concerts, but once the technology exists, it will also be used by authorities who don?t want police violence and abuse of power documented by members of the public. It's fascinating how some industry players keep eroding the property rights that are not just vital to the economy, but to the notion of running the software we want, in the way we want, on the hardware we own. If it weren't for owning hardware, free software ? including cryptography and anonymization ? would not work, as Hollywood would own your hardware, something they have tried for decades. We would not have VPNs, we would not have Tor, we would not have strong encryption. We would basically just have pay-as-you-go Disney Channel. It's this game Apple is playing with its latest invention, which uses something akin to an infrared strobe light ? apparently, not unlike the devices that give emergency vehicles green lights at intersections ? to prevent a mobile phone from recording what it sees. The idea is to prevent people from recording concerts ? from using their own hardware to run the software they want on it, in violation of the Zeroeth Principle of Free Software. However, it doesn?t take a rocket scientist to realize that there are a lot of legitimate uses for filming with a mobile camera where the subject does not want to be filmed. Most of them have to do with accountability of some kind. And now, if this technology is implemented, Apple is giving all those people a way to prevent being documented abusing their power ? sometimes abusing their power violently. Journalism, by definition, is publishing something that somebody doesn?t want to be published. Everything else is just PR. It?s going to take at most three months before Chinese-manufactured belt-clip devices would be available that mimicked this infrared strobery, and therefore shut down any and all cameras seeing them in frame. At this point, police officers who do not want to be filmed by the public ? as police unions have argued time and again they don?t want to be filmed ? will have a way to override cameras pointed at them, merely by wearing a discreet device on their belt. This is a step twenty years backward in accountability and freedom of information. As a final note, it is fascinating how the copyright industry always and consistently finds itself arguing for the same ways and means as do dictatorships and tyrannies. The copyright industry argued strongly in favor of European data retention and mass surveillance, in favor of private access to mass surveillance data, in favor of censorship, et cetera ? and now, the needs of the copyright industry are used to justify creating something that prevents holding authorities accountable for violent abuse. Why is the copyright industry always, consistently, on the side opposing human liberty and favoring governmental oppression? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 1 16:38:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Jul 2016 21:38:10 -0000 Subject: [Infowarrior] - Security researcher gets threats over Amazon review Message-ID: <816265A6-28FF-4180-AD6C-302432DE1985@infowarrior.org> Security researcher gets threats over Amazon review Kate Conger https://techcrunch.com/2016/07/01/security-researcher-gets-threats-over-amazon-review/ For the average Amazon shopper, reviews are just a casual part of the experience. You might pay attention to a pun-filled review by George Takei or spend half an hour laughing at the parody reviews for ?Fresh Whole Rabbit,? but you probably don?t thoroughly examine every review before buying a product. But for sellers, reviews are no laughing matter. Amazon retailers sometimes go to extreme lengths to guarantee good reviews, as security developer Matthew Garrett recently discovered when he wrote a one-star review of an internet-connected electric socket. When Garrett politely pointed out that the socket in question was woefully insecure, he received emails from the manufacturer claiming that the review would get employees fired and that other reviewers were campaigning to get Garrett?s review taken down. The socket in question is the AuYou Wi-Fi Switch, a $30 device that lets you turn the power from a wall outlet on and off using your phone. It?s a nice way to turn your lights on and off if you don?t want to invest in smart bulbs, or to turn other plugged-in devices on and off. The AuYou Switch works whether or not you?re home ? so you can switch your lights on in your apartment while you?re still in your office. But like so many Internet of Things devices, the AuYou switch seems to have a serious security flaw. As Garrett explains in his review, if your phone is connected to your home Wi-Fi, it sends the on/off command to the socket directly. But if you?re not home, your phone sends the command to a server in China, which then passes the command along to the socket. ?The command packets look like they?re encrypted, but in reality there?s no real cryptography here at all,? Garrett explained in his review. The result is that the unique network ID of your socket is transported in an unencrypted form to the Chinese server ? and anyone who gets their hands on the ID can then control the socket. The only way Garrett could prevent his socket from being compromised was to block the server, which would keep anyone, including him, from controlling the socket remotely. ?If anybody knows the MAC address of one of your sockets, they can control it from anywhere in the world. You can?t set a password to stop them, and a normal home router configuration won?t block this. You need to explicitly firewall off the server (it?s 115.28.45.50) in order to protect yourself. Again, this is completely unrealistic to expect for a home user, and if you do this then you?ll also entirely lose the ability to control the device from outside your home,? Garrett explained in the review. Getting your internet-connected socket taken over by an intruder isn?t exactly a cybersecurity nightmare ? at worst, you might end up with a hacker treating you to a strobe light party as they switch all your lights on and off. There?s also a slight possibility that repeatedly cutting the power to one of your devices might damage it. But this isn?t the end of the world; it?s just a sort of dumb security flaw. This makes the manufacturer?s outsized reaction all the more unusual. Garrett sent me a few of the emails he received from the company. ?Just now my boss has blamed me, and he said if I do not remove this bad review, he will quit me. Please help me,? the representative wrote. ?Could you please change your bad review into good?? Garrett responded that he would update the review if the manufacturer fixed the flaw. The AuYou representative insisted she would be fired if the review was not updated. A week later, she followed up again, asking Garrett to take down the review. The representative then said that she would report Garrett to Amazon if he didn?t take down the review, and that other Amazon reviewers had written in to complain about it. Garrett says he leaves a lot of security based reviews on Amazon and this has never happened to him. Of course, no one needs to lose their job over a single Amazon review. Garrett says he?s not sure if he?s being manipulated or if someone?s job is really on the line. ?If I thought that there was a realistic chance that people were going to lose their jobs over something I was writing, that?s something that would make me reconsider,? he says. ?On the other hand, the attitude that many companies have of not giving any indication of caring about the security of the people they?re selling to is horrifying in its own way. That is important ? to make people aware when choosing these devices.? Garrett has a point: security researchers do a public service when they let customers know about security vulnerabilities in popular IoT products. Amazon is a natural clearinghouse for these sorts of notices, and researchers shouldn?t face threats for posting honest security reviews. TechCrunch reached out to Amazon to ask how it mediates disagreements between reviewers and sellers, but Amazon declined to comment, citing consumer privacy. Amazon has a history of cracking down on sellers for trying to buy or fake reviews, and has suspended sellers who sue reviewers over negative reviews. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 1 16:40:36 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Jul 2016 21:40:36 -0000 Subject: [Infowarrior] - Michael Bloomberg Comes Down On The Wrong Side Of The Crypto Wars: Supports Backdooring Encryption Message-ID: <4772DA4E-408D-4273-A9A3-2396580798BB@infowarrior.org> Michael Bloomberg Comes Down On The Wrong Side Of The Crypto Wars: Supports Backdooring Encryption https://www.techdirt.com/articles/20160630/17571934873/michael-bloomberg-comes-down-wrong-side-crypto-wars-supports-backdooring-encryption.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 4 11:33:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Jul 2016 16:33:38 -0000 Subject: [Infowarrior] - The diva demands of the IOC Message-ID: <8C048709-85D0-4AB2-8273-CDB2965AB830@infowarrior.org> The IOC Demands That Helped Push Norway Out of Winter Olympic Bidding Are Hilarious By Ben Mathis-Lilley http://www.slate.com/blogs/the_slatest/2014/10/02/ioc_demands_oslo_drops_bid_after_over_the_top_list_of_requirements.html Oslo is dropping out of bidding for the 2022 Winter Olympics, leaving Almaty, Kazakhstan and Beijing as the only remaining cities seeking to host the event. Why? One reason is that people are starting to realize that spending mega-money to build sporting venues that may not ever be used again doesn't make economic sense. Another is that the International Olympic Committee is a notoriously ridiculous organization run by grifters and hereditary aristocrats. Norwegian citizens were particularly amused/outraged (amuseraged) by the IOC's diva-like demands for luxury treatment during the hypothetical Games. Here's a piece in the Norwegian media about the controversy, with translation provided by a generous Norwegian reader named Mats Silberg: ? They demand to meet the king prior to the opening ceremony. Afterwards, there shall be a cocktail reception. Drinks shall be paid for by the Royal Palace or the local organizing committee. ? Separate lanes should be created on all roads where IOC members will travel, which are not to be used by regular people or public transportation. ? A welcome greeting from the local Olympic boss and the hotel manager should be presented in IOC members' rooms, along with fruit and cakes of the season. (Seasonal fruit in Oslo in February is a challenge ...) ? The hotel bar at their hotel should extend its hours ?extra late? and the minibars must stock Coke products. ? The IOC president shall be welcomed ceremoniously on the runway when he arrives. ? The IOC members should have separate entrances and exits to and from the airport. ? During the opening and closing ceremonies a fully stocked bar shall be available. During competition days, wine and beer will do at the stadium lounge. ? IOC members shall be greeted with a smile when arriving at their hotel. ? Meeting rooms shall be kept at exactly 20 degrees Celsius at all times. ? The hot food offered in the lounges at venues should be replaced at regular intervals, as IOC members might ?risk? having to eat several meals at the same lounge during the Olympics. The IOC issued a statement responding to Oslo's decision: This is a missed opportunity for the City of Oslo and for all the people of Norway who are known world-wide for being huge fans of winter sports. And it is mostly a missed opportunity for the outstanding Norwegian athletes who will not be able to reach new Olympic heights in their home country." Sad. Very sad. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 4 11:33:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Jul 2016 16:33:38 -0000 Subject: [Infowarrior] - =?utf-8?q?Google=E2=80=99s_Private_=28Meta=29Data?= =?utf-8?q?_Retention?= Message-ID: <45FB979B-AC7F-4FB2-8618-9A01608C3A5E@infowarrior.org> Google?s Private Data Retention re:publica, CC BY-NC 2.0 https://mobilsicher.de/uncategorized/googles-private-data-retention Google apparently stores phone numbers, calling-party numbers, duration of calls, and many other telephony metadata when people place and receive calls using Android phones. Peter Schaar, former German federal commissioner for data security, has severe doubts that this practice is legal and asks for the EU commission to step in immediately Yesterday, we reported (German language article only) that Google in its privacy policy informs Android users that ?When you use our services or view content provided by Google, we automatically collect and store certain information in server logs. This includes: [?] telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.? What specific data Google stores is not clear since it is encrypted on the Android device. We did find out though that immediately after a call was made the phone established a connection to Google?s servers and transmitted data. A spokesperson for Google Germany did not answer questions concerning which data the company collects and why. He did claim that Google has the right to store the data based on the consent given by Android users, who need to accept Google?s privacy policy to be able to use Android. Peter Schaar, former German federal commissioner for data security and chairman of the ARTICLE 29 Data Protection Working Party of the EU, says this is not the case and Google?s practices may even violate fundamental rights. mobilsicher.de: Mr Schaar, Google says it stores ?telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls? when making phone calls using an Android device. Data protection rules allow users to agree with informed consent to data storage and processing by private companies. Fair enough? Schaar: Not at all. Companies need either a legal authority or consent if they want to process personal data. In this case, I do not see a legal basis for the comprehensive processing of the data concerned. Data may be used if it is necessary to establish a connection. To do this, it needs not be transferred to a Google server. At the same time I see no valid consent to a general transmission of the data to Google. Firstly, most users do not expect that all of their personal data and that of the calling-party is stored by Google. This absence of clarity means that a general transmission of data cannot be justified. Additionally, consent means a ?freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.? We can hardly assume this consent here if the alternative to consent is that you cannot use your phone to make calls in case you don?t agree that all this data ends up on Google?s servers. mobilsicher.de: What about the fact that Google says it stores the data of people calling Android phones, not using Android phones themselves? Schaar: If that is really the case, it?s just another reason why this alleged agreement cannot be effective. We?re talking about third-party data here. It is evident that I cannot effectively consent to Google storing data of a third party, say someone who calls me or someone I call from an Android phone. mobilsicher.de: So if we cannot assume effective consent, what then? Schaar: That depends on which data is collected and processed. Do you know what Google collects? mobilsicher.de: No, we could not yet find out, because the data is encrypted on the device. Data is being transferred, but we do not know which. When asked what data they collect, Google declined to answer. Schaar: If Google really collects all the traffic data generated by a call this would violate privacy regulations. It might even be a criminal offense. It must be examined to what extent Google is bound to the secrecy of telecommunications, given that the company is party to providing telecommunications services. In that case the data processing without a legal basis could be a criminal offense. In addition, it needs to be clarified if data is illegally processed for commercial purposes without the knowledge of the data subject. That could constitute a criminal privacy violation under German law. mobilsicher.de: What does all this mean for users? Schaar: Google has an obligation to immediately tell us what data it stores, for what purpose, for how long it stores the data, where it is stored and how it is used. This is the only way the company can counter accusations that this ? again ? is an enormous breach of users? trust. Using piecemeal tactics, conceding only what can no longer be denied, as it has been the case in the covert acquisition of wireless data as part of the Street View programme, would be unbearable. The issue here has a new, much larger dimension. We?re talking about the secrecy of telecommunications here, not ? as in the Wi-Fi scan case ? about signals that everyone could have collected in the streets. If it turns out Google actually learns about who calls whom when and for how long, this would have further consequences. German law provides for privileged communications of certain professions that are bound to secrecy: doctors, employees of addiction counselling centres, lawyers and social workers. They would be liable to prosecution if they disclose protected information without authorization to third parties. So if Google should learn about the communication between a patient and a doctor because the doctor uses an Android phone, the doctor can be accused of committing an unlawful disclosure. Lawyers, doctors, priests and journalists could not legally use Android phones any more. mobilsicher.de: So who needs to step up now? Schaar: This is an issue for the data protection authorities ? not just in Germany. We have to find out which data has actually been processed. If it is true what you suspect, based on the available information, this would entail a dimension that also needs the EU Commission to step up. Google has a very strong, possibly dominant position in the smartphone market with its Android operating system. This is the reason why European Commission is investigating Google in an antitrust case. If Android is used to collect confidential data of European citizens and transmit it to the US, then this could constitute a violation of fundamental rights. We also need to take into account the on-going discussion about Safe Harbor and Privacy Shield, regulating the transmission of data to the US. The EU Commission must get a clear picture of what is happening here as soon as possible. Moreover, US authorities need to get into the game, the Federal Trade Commission in particular. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 5 07:21:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Jul 2016 12:21:57 -0000 Subject: [Infowarrior] - NatGeo: How We Spot Altered Pictures Message-ID: <3871E6B0-FE32-4B86-AFCB-7139FA786497@infowarrior.org> (Good to know, esp. since they became part of the Murdoch empire last year. --rick) http://www.nationalgeographic.com/magazine/2016/07/editors-note-images-and-ethics/ How We Spot Altered Pictures By Susan Goldberg, Editor in Chief From the Editor National Geographic?s top editors explain how to keep photography honest in the era of Photoshop?and why they?ll never move the pyramids again. This story appears in the July 2016 issue of National Geographic magazine. In the digital age, when it?s easy to manipulate a photo, it?s harder than ever to ensure that the images we publish, whether on paper or on a screen, reflect the reality of what a photographer saw through his or her viewfinder. At National Geographic, where visual storytelling is part of our DNA, making sure you see real images is just as important as making sure you read true words. I?ll explain how we strive to keep covertly manipulated images out of our publications?but first an admission about a time when we didn?t. Longtime readers may remember. In February 1982 the magazine?s cover showed a camel train in front of the Pyramids at Giza. The image produced by the photographer was horizontal; here at headquarters we altered the photo to fit our vertical cover. That change visually moved the pyramids closer together than they really are. A deserved firestorm ensued??National Geographic moves the pyramids!? came the outcry. We learned our lesson. At National Geographic it?s never OK to alter a photo. We?ve made it part of our mission to ensure our photos are real. I went to our expert to explain how we do this. Sarah Leen is director of photography at National Geographic and has been here for 30 years. A few decades ago it was easier to spot photo manipulation because the results were a lot cruder. Now, she says, ?you can?t always tell if a photo is fake, at least not without a lot of forensic digging.? Even our experts can be fooled, as in 2010 when we published what we later learned was a doctored photo from a contributor to Your Shot. We work with the most admired photographers in the world, but just like we require our writers to provide their notes, we require photographers on assignment to submit ?raw? files of their images, which contain pixel information straight from the digital camera?s sensor. We request the same for Your Shot photos sent in by members of the public or stock images we buy. If a raw file isn?t available, we ask detailed questions about the photo. And, yes, sometimes what we learn leads us to reject it. Still, reasonable people can disagree: One of our photographers recently entered a photo in a contest. It was rejected as being overprocessed; our editors, on the other hand, saw the same photo and thought it was OK. We published it. Were we right, or were the contest judges right? That?s a subject we can continue to discuss. ?We ask ourselves, ?Is this photo a good representation of what the photographer saw??? Leen says. For us as journalists, that answer always must be yes. Thank you for reading National Geographic. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 6 06:01:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Jul 2016 11:01:56 -0000 Subject: [Infowarrior] - Sir John Chilcot reports on Iraq Inquiry Message-ID: <0858C6EB-F99A-4775-A1C9-DC83D9368DF7@infowarrior.org> http://www.bbc.com/news/uk-politics-36721645 Chilcot report: Findings at a glance Sir John Chilcot has outlined his findings on the UK's involvement in the 2003 Iraq War and the lessons to be learned from it. The report spans almost a decade of UK government policy decisions between 2001 and 2009. It covers the background to the decision to go to war, whether troops were properly prepared, how the conflict was conducted and what planning there was for its aftermath, a period in which there was intense sectarian violence. The main points are: ? The UK chose to join the invasion of Iraq before the peaceful options for disarmament had been exhausted. Military action at that time was not a last resort. ? The judgements about the severity of threat posed by Iraq's weapons of mass destruction - known as WMD - were presented with a certainty that was not justified. ? Intelligence had "not established beyond doubt" that Saddam Hussein had continued to produce chemical and biological weapons. ? Policy on Iraq was made on the basis of flawed intelligence assessments. It was not challenged, and should have been. ? The circumstances in which it was decided that there was a legal basis for UK military action were "far from satisfactory". ? There was "little time" to properly prepare three military brigades for deployment in Iraq. The risks were neither "properly identified nor fully exposed" to ministers, resulting in "equipment shortfalls". ? Despite explicit warnings, the consequences of the invasion were underestimated. The planning and preparations for Iraq after Saddam Hussein were "wholly inadequate". ? The Government failed to achieve the stated objectives it had set itself in Iraq. More than 200 British citizens died as a result of the conflict. Iraqi people suffered greatly. By July 2009, at least 150,000 Iraqis had died, probably many more. More than 1m were displaced. ? The report sets out lessons to be learned: It found former prime minister Tony Blair overestimated his ability to influence US decisions on Iraq; and the UK's relationship with the US does not require unconditional support. ? It said ministerial discussion which encourages frank and informed debate and challenge is important. As is ensuring civilian and military arms of government are properly equipped. ? In future, all aspects of any intervention need to be calculated, debated and challenged with rigour. Decisions need to be fully implemented. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 6 06:33:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Jul 2016 11:33:23 -0000 Subject: [Infowarrior] - Greenwald on HRC email fiasco Message-ID: <2DB07648-AF98-4817-BB77-5F84EC871D60@infowarrior.org> (As usual, he's saying what many of us are thinking. -- rick) Washington Has Been Obsessed With Punishing Secrecy Violations ? until Hillary Clinton Glenn Greenwald July 5 2016, 3:58 p.m. https://theintercept.com/2016/07/05/washington-has-been-obsessed-with-punishing-secrecy-violations-until-hillary-clinton/ Secrecy is a virtual religion in Washington. Those who violate its dogma have been punished in the harshest and most excessive manner ? at least when they possess little political power or influence. As has been widely noted, the Obama administration has prosecuted more leakers under the 1917 Espionage Act than all prior administrations combined. Secrecy in DC is so revered that even the most banal documents are reflexively marked classified, making their disclosure or mishandling a felony. As former CIA and NSA Director Michael Hayden said back in 2000, ?Everything?s secret. I mean, I got an email saying ?Merry Christmas.? It carried a top secret NSA classification marking.? People who leak to media outlets for the selfless purpose of informing the public ? Daniel Ellsberg, Tom Drake, Chelsea Manning, Edward Snowden ? face decades in prison. Those who leak for more ignoble and self-serving ends ? such as enabling hagiography (Leon Panetta, David Petreaus) or ingratiating oneself to one?s mistress (Petraeus) ? face career destruction, though they are usually spared if they are sufficiently Important-in-DC. For low-level, powerless Nobodies-in-DC, even the mere mishandling of classified information ? without any intent to leak but merely to, say, work from home ? has resulted in criminal prosecution, career destruction and the permanent loss of security clearance. This extreme, unforgiving, unreasonable, excessive posture toward classified information came to an instant halt in Washington today ? just in time to save Hillary Clinton?s presidential aspirations. FBI Director James Comey, an Obama appointee who served in the Bush DOJ, held a press conference earlier this afternoon in which he condemned Clinton on the ground that she and her colleagues were ?extremely careless in their handling of very sensitive, highly classified information,? including Top Secret material. Comey also detailed that her key public statements defending her conduct ? i.e., she never sent classified information over her personal email account and that she had turned over all ?work-related? emails to the State Department ? were utterly false; insisted ?that any reasonable person in Secretary Clinton?s position . . . should have known that an unclassified system was no place for that conversation?; and argued that she endangered national security because of the possibility ?that hostile actors gained access to Secretary Clinton?s personal e-mail account.? Comey also noted that others who have done what Clinton did ?are often subject to security or administrative sanctions? ? such as demotion, career harm, or loss of security clearance. Despite all of these highly incriminating findings, Comey explained, the FBI is recommending to the Justice Department that Clinton not be charged with any crime. ?Although there is evidence of potential violations of the statutes regarding the handling of classified information,? he said, ?our judgment is that no reasonable prosecutor would bring such a case.? To justify this claim, Comey cited ?the context of a person?s actions? and her ?intent.? In other words, there is evidence that she did exactly what the criminal law prohibits, but it was more negligent and careless than malicious and deliberate. Looked at in isolation, I have no particular objection to this decision. In fact, I agree with it: I don?t think what Clinton did rose to the level of criminality, and if I were in the Justice Department, I would not want to see her prosecuted for it. I do think there was malignant intent: using a personal email account and installing a home server always seemed to be designed, at least in part, to control her communications and hide them from FOIA and similar disclosure obligations. As The New York Times noted in May about a highly incriminating report from the State Department?s own Auditor General: ?emails disclosed in the report made it clear that she worried that personal emails could be publicly released under the Freedom of Information Act.? Moreover, Comey expressly found that ? contrary to her repeated statements ? ?the FBI also discovered several thousand work-related e-mails that were not in the group of 30,000 that were returned by Secretary Clinton to State in 2014.? The Inspector General?s report similarly, in the words of the NYT, ?undermined some of Mrs. Clinton?s previous statements defending her use of the server.? Still, charging someone with a felony requires more than lying or unethical motives; it should require a clear intent to break the law along with substantial intended harm, none of which is sufficiently present here. But this case does not exist in isolation. It exists in a political climate where secrecy is regarded as the highest end, where people have their lives destroyed for the most trivial ? or, worse, the most well-intentioned ? violations of secrecy laws, even in the absence of any evidence of harm or malignant intent. And these are injustices that Hillary Clinton and most of her stalwart Democratic followers have never once opposed ? but rather enthusiastically cheered. In 2011, Army Private Chelsea Manning was charged with multiple felonies and faced decades in prison for leaking documents that she firmly believed the public had the right to see; unlike the documents Clinton recklessly mishandled, none of those was Top Secret. Nonetheless, this is what then-Secretary Clinton said in justifying her prosecution: I think that in an age where so much information is flying through cyberspace, we all have to be aware of the fact that some information which is sensitive, which does affect the security of individuals and relationships, deserves to be protected and we will continue to take necessary steps to do so. Comey?s announcement also takes place in a society that imprisons more of its citizens than any other in the world by far, for more trivial offenses than any western nation ? overwhelmingly when they are poor or otherwise marginalized due to their race or ethnicity. The sort of leniency and mercy and prosecutorial restraint Comey extended today to Hillary Clinton is simply unavailable for most Americans. What happened here is glaringly obvious. It is the tawdry by-product of a criminal justice mentality in which ? as I documented in my 2011 book With Liberty and Justice for Some ? those who wield the greatest political and economic power are virtually exempt from the rule of law even when they commit the most egregious crimes, while only those who are powerless and marginalized are harshly punished, often for the most trivial transgressions. Had someone who was obscure and unimportant and powerless done what Hillary Clinton did ? recklessly and secretly install a shoddy home server and worked with Top Secret information on it, then outright lied to the public about it when they were caught ? they would have been criminally charged long ago, with little fuss or objection. But Hillary Clinton is the opposite of unimportant. She?s the multi-millionaire former First Lady, Senator from New York, and Secretary of State, supported by virtually the entire political, financial and media establishment to be the next President, arguably the only person standing between Donald Trump and the White House. Like the Wall Street tycoons whose systemic fraud triggered the 2008 global financial crisis, and like the military and political officials who instituted a worldwide regime of torture, Hillary Clinton is too important to be treated the same as everyone else under the law. ?Felony charges appear to be reserved for people of the lowest ranks. Everyone else who does it either doesn?t get charged or gets charged with a misdemeanor,? Virginia defense attorney Edward MacMahon told Politico last year about secrecy prosecutions. Washington defense attorney Abbe Lowell has similarly denounced the ?profound double standard? governing how the Obama DOJ prosecutes secrecy cases: ?lower-level employees are prosecuted . . . because they are easy targets and lack the resources and political connections to fight back.? The fact that Clinton is who she is undoubtedly what caused the FBI to accord her the massive benefit of the doubt when assessing her motives, when finding nothing that was ? in the words of Comey ? ?clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice.? But a system that accords treatment based on who someone is, rather than what they?ve done, is the opposite of one conducted under the rule of law. It is, instead, one of systemic privilege. As Thomas Jefferson put it in a 1784 letter to George Washington, the ultimate foundation of any constitutional order is ?the denial of every preeminence.? Hillary Clinton has long been the beneficiary of this systemic privilege in so many ways, and today, she received her biggest gift from it yet. The Obama-appointed FBI Director gave a press conference showing that she recklessly handled Top Secret information, engaged in conduct prohibited by law, and lied about it repeatedly to the public. But she won?t be prosecuted or imprisoned for any of that, so Democrats are celebrating. But if there is to be anything positive that can come from this lowly affair, perhaps Democrats might start demanding the same reasonable leniency and prosecutorial restraint for everyone else who isn?t Hillary Clinton. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 6 06:51:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Jul 2016 11:51:22 -0000 Subject: [Infowarrior] - Tesla waited 9 days to inform regulators of autopilot crash Message-ID: Wed Jul 6, 2016 12:26am EDT Related: U.S., Tech, Aerospace & Defense, Global Energy News http://www.reuters.com/article/us-tesla-autopilot-disclosure-idUSKCN0ZL2UC Tesla told regulators about Autopilot crash nine days after accident SAN FRANCISCO/DETROIT | By Alexandria Sage and Paul Lienert Tesla Motors (TSLA.O) alerted regulators to a fatality in one of its electric cars in partial self-driving Autopilot mode nine days after it crashed, the company said on Tuesday, defending its decision not to make the accident public before a federal investigation was announced. Tesla learned about the crash of the Model S sedan in Florida "shortly" after the May 7 crash, and on May 16 it disclosed the incident to the government. The National Highway Traffic Safety Administration (NHTSA) on June 30 announced a probe. The news comes as the company faces pressure on several fronts. Its bid to buy rooftop solar power company SolarCity has been questioned by investors, and over the U.S. July 4 holiday weekend, it disclosed that second-quarter vehicle production missed company targets. Autopilot is one of the most advanced and most promoted Tesla technologies and is still in beta or test mode. That has spurred questions - including in an article by Fortune magazine - over whether the company and regulators should have informed the public earlier of the fatality. On Tuesday, Chief Executive Elon Musk tweeted in response to the article about the timing of the disclosure that the May fatality "wasn't material" to Tesla. Tesla raised at least $1.46 billion from investors on May 18-19 with a stock offering, as the Autopilot investigation was unfolding. The company knew of the crash by the time of the capital raising. But its own investigation was not yet complete and it had not yet been informed by the government of its probe, according to a timeline described by a Tesla spokeswoman. The windshield was ripped off the Model S after it plowed into the side of a truck on a divided highway, and the damage meant the car was unable to transmit data to Tesla. Tesla learned of the accident "shortly thereafter" from local authorities, the spokeswoman said. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 6 07:01:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Jul 2016 12:01:01 -0000 Subject: [Infowarrior] - Silent Circle nixes warrant canary Message-ID: <6B9BA19E-0076-4FB6-9999-24F0BCED93FD@infowarrior.org> (c/o DM) Any decision can be defended as a "business decision." It's not that hard to offer a canary, and doesn't cost anything to do so ... so one does have to wonder what factors led to that 'business' decision. Also, an interesting quote from their GC: "The decision was a business decision and not related to any warrant for user data which we have not received.? .... they did NOT receive? So did they receive one? Or a threat of one? Theories abound here. --rick Silent Circle silently snuffs out its warrant canary ? but claims it?s a ?business decision? Natasha Lomas https://techcrunch.com/2016/07/05/silent-circle-silently-snuffs-out-its-warrant-canary-but-claims-its-a-business-decision/ Silent Circle, the maker of encrypted messaging apps and a security hardened Android smartphone, called Blackphone, has discontinued its warrant canary. Attempting to reach the page where it was previously hosted results in the following notification: Warrant canaries became popular in the wake of the 2013 Snowden disclosures revealing the extent of government surveillance programs, as a tacit route to signify to users when a service might have been compromised by a government request for user data. Canaries act as a workaround for U.S. gag orders which prevent companies publicly disclosing warrants for user requests by publishing an explicit statement that they have not received any warrants for user data to date ? allowing for the reverse to be signaled if a canary is removed or not updated. TechCrunch was tipped to Silent Circle?s dead canary by a reader, however the company claims it discontinued the canary as a ?business decision? ? not because it has received ?any warrant?. ?We have not received a warrant for user data,? Matt Neiderman, Silent Circle?s General Counsel told TechCrunch. ?As part of our focus on delivering enterprise software platform we discontinued our warrant canary some time ago. The decision was a business decision and not related to any warrant for user data which we have not received.? The company has run into problems with its warrant canary before, including in March last year when it missed out a statement in an update, which they subsequently added. So it has something of a checkered history here already. At the time of some of the previous problem Neiderman claimed the company had not received warrants ?of any type?. But his denial in the latest instance is arguably a little less explicitly worded. We?ve asked him to confirm whether Silent Circle has received a warrant of any type to date and will update this post with any response. Although it?s also worth noting the company is not headquartered in the US ? previously moving its HQ from the Caribbean to Switzerland on account of what it said were ?world best? constitutional privacy protections in the European country. (However other non-US based encrypted comms companies, such as Germany?s Tutanota, do continue to maintain a warrant canary for transparency and good practice purposes, despite not being subject to legal gag orders in the country where they are based.) Discussing Silent Circle?s decision to discontinue its warrant canary, UK based security commentator Graham Cluley suggested the move does look odd. It seems an odd business decision to make. ?I would think a company like Silent Circle would have enough nous knowing that if it was to discontinue its warrant canary plenty of people would be concerned. So the sensible thing to have done ? if it had been some sort of business decision, and I can?t imagine it?s really that much work maintaining a warrant canary ? would have been to have been quite public and open and transparent about it,? he said. ?But to silently kill it off seems odd. ?If this really was a business decision why not be open about it? Especially for a company which works in those sort of circles? You would [also] expect that discontinuing something like this could be bad for their business. Could raise concern among their customers. So it seems an odd business decision to make.? Andy Yen, co-founder of Swiss-based encrypted email service ProtonMail, also finds it hard to believe that Silent Circle would not have received any warrants to date. ?ProtonMail has received about 30 warrants already with over 10 coming in the last quarter alone. We are now getting several per month. For Silent Circle to claim they have never been served with a warrant for user data beggars belief,? he tells TechCrunch. ProtonMail maintains a transparency report listing the total number of user data access and retention requests, and breaking out how many requests have been granted, how many were denied and how many are legally binding. ?Transparency to users should be a core pillar of any security company, especially one that deals with sensitive personal data. I understand that ?business decisions? sometimes need to be taken, but we strongly disagree with Silent Circle?s stance of removing transparency for the sake of business. We are also a Swiss based company and I cannot think of any business justification for this move,? adds Yen. ?The claim that they have not received any warrants is highly suspect. Either nobody is using Blackphone, or they aren?t being entirely truthful.? The same tipster who pointed TechCrunch to the dead canary also claimed that a recent Silent OS update to Blackphone?s default apps requires increased security permissions, such as access to the camera, which can no longer be disabled by users. Silent OS 3.0 was released towards the end of June, and is billed as including various security fixes and features, such as a new Privacy Meter integrated into the Security Center which notifies the user when a security/privacy threat is present and indicates the severity and potential actions to mitigate it, and a CIDS (Cellular Intrusion Detection System), to warn of potential threats in the cellular network interface, such as weak encryption and device tracking via silent SMS. It?s based on the latest release of Google?s mobile platform, Android Marshmallow 6.0.1, and also brings various UX changes to Silent OS? platform. There?s no explicit mention of increased permissions in Silent Circle?s blog post about the major platform update. We?ve asked Silent Circle to confirm whether it has increased permissions for its apps in Silent OS and if so, for what purpose, and will update this post with any response. Cluley told TechCrunch that increased app permissions might be needed to support new features on the platform but again said the onus would be on such an apparently security-focused company to be very clear about its intentions here. ?You would hope if they?re changing their permissions they?ve got some sort of explanation as to why they would need to access your camera, for instance. Maybe it?s to scan in QR codes, maybe it?s for some sort of facial recognition biometric going forward,? he said. ?We do have to be careful about apps and the chance of new permissions creeping in stealthily if you like, and people not realizing that they are granting more permissions than when they initially installed an app. So I think some transparency?s called for.? ?In that kind of climate, wouldn?t a warrant canary be a good thing?? he added. Adding to the uncertainty here, Silent Circle has undergone some significant employee shifts in recent months, losing two key co-founders: veteran crypto expert Jon Callas and its chief scientist Javier Ag?era. We?ve also heard reports of wider staff cuts, although it is not clear whether the co-founders? departures were voluntary or not (Callas has since taken up a role at Apple). In addition, a lawsuit filed against Silent Circle by a business partner last month in a New York state court claims the company, which has raised $80 million to date from investors (most recently taking in $50M in February 2015), has failed to pay a $5M debt, according to a report on the Law360 website. The suit further claims it is considering bankruptcy after several major distribution deals fell through. We?ve asked Silent Circle for comment on the lawsuit and will update this post with any response. This article was updated with additional comment -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 6 14:48:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Jul 2016 19:48:00 -0000 Subject: [Infowarrior] - Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Stop Bad People From Using Tor Message-ID: <096555A4-73F9-430C-810E-6CF3B39E8769@infowarrior.org> Uh huh, okay........good luck. --rick Senate Funding Bill For State Dept. Asks It To Figure Out Ways To Stop Bad People From Using Tor https://www.techdirt.com/articles/20160701/18073734878/senate-funding-bill-state-dept-asks-it-to-figure-out-ways-to-stop-bad-people-using-tor.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 7 06:27:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Jul 2016 11:27:13 -0000 Subject: [Infowarrior] - Your Smart Watch Can Steal Your ATM PIN Message-ID: <0B513D73-82EB-4D53-8A72-6D6F14E951B0@infowarrior.org> http://spectrum.ieee.org/tech-talk/consumer-electronics/gadgets/your-smart-watch-can-spy-on-your-pin Your Smart Watch Can Steal Your ATM PIN By Megan Scudellari Posted 5 Jul 2016 | 18:54 GMT Mobile systems and cyber security expert Yan Wang doesn?t wear a smart watch. ?It knows too much,? says Wang, an assistant professor of computer science at Binghamton University in Upstate New York. ?If you are using a smart watch, you need to be cautious.? He would know. Wearable devices can give away your PIN number, according to research he and colleagues presented in June at the 11th annual Association for Computing Machinery Asia Conference on Computer and Communications Security (ASIACCS) in Xi?an, China. By combining smart watch sensor data with an algorithm to infer key entry sequences from even the smallest of hand movements, the team was able to crack private ATM PINs with 80 percent accuracy on the first try and more than 90 percent accuracy after three tries. ?I have to admit, at the beginning, I thought this would be science fiction,? says Wang. ?But it can actually be done. There are just so many sensors on these wearable devices. It provides sufficient information of your hand movements.? There has long been concern over the security of smart watches, fitness trackers, and other internet-connected wearables that gather sensitive information, such as what time of day a user leaves their home. To infer user inputs on keyboards, past cyber security studies have used cameras to observe how a hand moves over a keypad or machine-based learning techniques to train a program to detect user movements. Now, spying on a PIN just got way easier, thanks to sensors that measure acceleration, orientation and direction in our wrist devices. Led by Chen Wang and Yingying Chen at the Stevens Institute of Technology in Hoboken, New Jersey, the researchers conducted 5,000 key-entry tests on three different keypads?a detachable ATM pad, a keypad on ATM machine, and a QWERTY keyboard. Twenty adults performed the tests wearing one of three different devices: the LG W150 or Moto360 smart watches or the Invensense MPU-9150, a nine-axis motion tracking device. The team downloaded sensor data from the tests, which recorded hand movements down to the millimeter. Using an algorithm they called the ?Backward PIN-sequence Inference Algorithm,? the team was able to break the codes with alarming accuracy. The most challenging part of the process was eliminating errors that emerge when trying to calculate distance moved based on acceleration, says Wang. The team found the best way to minimize those errors was to work backwards: Most people end a PIN entry by pressing ?Enter?, so the team started with the Enter key, then traced backwards to each preceding key?a hacker?s version of connect-the-dots. The method does not require an attacker to be anywhere near an ATM or other key-entry pad (such as an electronic door lock or computer keyboard). Instead, data can be stolen by either a wireless sniffer placed close to a keypad to capture Bluetooth packets sent by the wearable to a smartphone, or by installing malware on the wearable or smartphone to eavesdrop on the data and send it to the attacker?s server. Wang is unaware of anyone currently stealing PIN numbers in this way, but he says it would not be a stretch. To eliminate this security breach, wearable manufacturers could better secure the data, or even just add noise so it is not so easily translated into physical hand movements. Until then, you can mask your own data by moving your hand randomly between key clicks when entering a PIN number. ?It may look weird, but it helps,? says Wang. ?If you?re just moving from key to key, we can track that.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 7 09:08:41 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Jul 2016 14:08:41 -0000 Subject: [Infowarrior] - Verizon 'Competes' With T-Mobile By Raising Prices, Then Denying It's A Price Hike Message-ID: (I'm still on TMobile and loving it. --rick) Verizon 'Competes' With T-Mobile By Raising Prices, Then Denying It's A Price Hike https://www.techdirt.com/blog/wireless/articles/20160706/10533334905/verizon-competes-with-t-mobile-raising-prices-then-denying-price-hike.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 7 09:14:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Jul 2016 14:14:33 -0000 Subject: [Infowarrior] - =?utf-8?q?NatSec_lawyers_considering_the_?= =?utf-8?q?=E2=80=98Hillary_defense=E2=80=99_technique?= Message-ID: Clinton email decision seen as lifeline for those facing similar charges Recommendation to let Hillary Clinton off the hook may reverberate, lawyers say ?Hypocrisy? exists between treatment of senior and lower-level officials, some say One lawyer says he?ll be using a ?Hillary defense? By Tim Johnson and Marisa Taylor McClatchy Washington Bureau WASHINGTON http://www.mcclatchydc.com/news/nation-world/national/article88042162.html The FBI recommendation not to prosecute Hillary Clinton and her staff on charges of mishandling classified information will give those accused of flouting national security rules a new line of defense even as it highlights a dual standard in how senior government officials are treated, several experts said Wednesday. FBI Director James Comey recommended Tuesday that no charges be filed against Clinton or her team for their handling of classified information while she was secretary of state, even though she was ?extremely careless? in using a private email address and servers. Attorney General Loretta Lynch announced Wednesday that she agreed with Comey?s assessment. Lawyers who specialize in representing government and military officials who?ve had security clearances revoked said Comey?s recommendation offered them a new tactic in seeking to rehabilitate their clients, especially if Clinton is elected president in November. ?I intend to use the Hillary defense,? said Sean M. Bigley, a lawyer whose firm handles dozens of cases a year involving national security clearances. ?I really question how any agency can say someone is a security risk if the president of the United States did something similar.? He added, ?We?ve had people lose 20-year careers for doing less than what she did.? Mark F. Riley, a former military intelligence officer who became a lawyer defending those accused of national security violations, said he, too, would invoke the Clinton recommendation. We have the Petraeus ceiling and the Clinton floor. We have a new standard as to what comprises intent with respect to criminal cases. lawyer Mark Zaid ?I?m going to use it every chance I get, particularly in oral arguments. I?m going to bring it up over and over and over,? Riley said, adding that he thinks Clinton and her team engaged in ?an egregious, egregious security violation.? ?Any other person would have had their security clearance revoked,? he said. Comey will testify Thursday on Capitol Hill about the FBI?s investigation into Clinton?s email usage in the latest indication that Republicans will attempt to keep the controversy alive through November?s election. National security lawyers, however, said the recommendation on Clinton?s email use was likely to affect far more than the election, including possibly the behavior of those with security clearances. ?A lot of people will think, ?She?s getting away with it. I?ll chance it,? ? Riley said. ?We?re going to have more problems.? Leslie McAdoo Gordon, Riley?s colleague in the Security Clearance Lawyers Association, a legal group in the Washington area, was more skeptical: ?People know if they decide to be a little slipshod that they?ll lose their job and their career.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 7 13:26:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Jul 2016 18:26:21 -0000 Subject: [Infowarrior] - FBI Vacuums Up Local Law Enforcement Documents To Block Open Records Requests About Orlando Shooting Message-ID: FBI Vacuums Up Local Law Enforcement Documents To Block Open Records Requests About Orlando Shooting https://www.techdirt.com/articles/20160705/07552234894/fbi-vacuums-up-local-law-enforcement-documents-to-block-open-records-requests-about-orlando-shooting.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 8 05:48:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 08 Jul 2016 10:48:44 -0000 Subject: [Infowarrior] - Megaupload 2.0 to Launch With Original Megaupload User Database - TorrentFreak Message-ID: <23971D66-2506-45C3-B49C-495D2C1F4645@infowarrior.org> Megaupload 2.0 to Launch With Original Megaupload User Database - TorrentFreak By Andy https://torrentfreak.com/megaupload-2-0-to-launch-with-original-megaupload-user-database-160708/ Following the news earlier this week that Kim Dotcom intends to relaunch Megaupload, the entrepreneur has just delivered a new surprise. Rather than a cold start, Megaupload 2.0 will hit the ground running by deploying the original Megaupload user database. Following a few hints earlier this week, it is now fully confirmed. Kim Dotcom will be launching a brand new file-sharing site with a familiar name. Megaupload 2.0 is pencilled in for a January 2017 launch, an event that will coincide with the 2012 closure of the original Megaupload and the massive police raid on its operators. Having successfully avoided the clutches of a hungry United States government for half a decade, this five-year anniversary is an important one for Dotcom, and it?s becoming clear he hopes to celebrate it with another poke in the eye for the Obama administration. Details are few at this stage, but here?s what we know. Megaupload 2.0 will have 100gb of free storage. It will allow users to sync all of their devices and there will be no data transfer limits. On-the-fly encryption will be baked-in. But while site features are important, what the original Megaupload had going for it was millions of loyal users. They were all made homeless and scattered when the site was shut down but according to Dotcom, there will be a future grand reunion. Intriguingly, the serial entrepreneur says that Megaupload 2.0 will get a fantastic start in life. Rather than simply relying on word-of-mouth advertising to get going, his new venture will launch with the original Megaupload user database intact. How Dotcom managed to preserve a copy of this data isn?t clear, but he says that each user account held within will get a foot up. ?Most Megaupload accounts will be reinstated with Premium privileges on the new Megaupload,? Dotcom announced this morning. If every one of those former Megaupload users hit the site on day one, that?s 100 million people needing attention. It?s unlikely that anywhere near that will come aboard, but just one or two percent would be a tremendous start. But hosting files isn?t the only thing on Dotcom?s mind. His censorship-resistant MegaNet project is still in development and although it?s not going to be ready until 2018 at the earliest, Dotcom says that Megaupload 2.0 will be a crucial component of that network. ?Megaupload 2.0 will be the launch platform for MegaNet. Let?s make sure that we have critical mass first. #100MillionUsers,? he said this morning. Dotcom clearly has much work to do and even flat-out will struggle to meet his January deadline. Still, he doesn?t intend to do it alone. ?To former Megaupload and current Mega employees. We welcome you with open arms. Mega App developers, we have a great deal for you. Ping me,? he wrote a few hours ago. So how will former Megaupload users know if they can use their old credentials to access the new site? ?Expect an email,? Dotcom concludes. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 8 06:02:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 08 Jul 2016 11:02:02 -0000 Subject: [Infowarrior] - Thank the 'Patriot' Act for this. Message-ID: <32D69B08-4359-4DC0-A4C1-B1F82FE9E89C@infowarrior.org> The full article is worth reading, but relevant extract shown below. 'Circumstances' So 'Exigent' Narcotics Agents Could Have Watched 'Gone With The Wind' And Had Time To Spare https://www.techdirt.com/articles/20160704/17363034890/circumstances-so-exigent-narcotics-agents-could-have-watched-gone-with-wind-had-time-to-spare.shtml < - > Also of note is how little it takes to attract law enforcement attention by purchasing OTC pseudoephedrine. LCNA agents confirmed that appellant was the renter of the apartment. They looked him up in the National Precursor Log Exchange (?NPLEx?) which showed that appellant had purchased pseudoephedrine nine times over the past three and a half months including a purchase that day from a local pharmacy. That's a little over one purchase every two weeks. Depending on the number of people using pseudoephedrine products in the same house, that's hardly meth lab-supporting frequency. What's shown here doesn't necessarily indicate the system flags purchasers who acquire pseudoephedrine this frequently, but it does imply that if law enforcement officers are looking for a reason to search a vehicle/house, this level of activity is considered suspicious. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 8 06:09:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 08 Jul 2016 11:09:45 -0000 Subject: [Infowarrior] - =?utf-8?q?Google_reveals_plans_to_put_=E2=80=98ey?= =?utf-8?q?es_in_machines=E2=80=99_as_digital_surveillance_fears_reach_boi?= =?utf-8?q?ling_point?= Message-ID: <0BE06C31-E596-42E0-A610-063CFD4BF713@infowarrior.org> Google reveals plans to put ?eyes in machines? as digital surveillance fears reach boiling point by Jasper Hamill https://www.thesun.co.uk/news/1404903/google-reveals-plans-to-put-eyes-in-machines-as-digital-surveillance-fears-reach-boiling-point/ Google is planning to put ?eyes in machines? and boost computers? ability to automatically recognise people, places or objects. The tech giant has just revealed plans to purchase a French firm called Moodstocks which builds software capable of working out what?s happening in a photo ? a trick called image recognition. This buyout is likely to conclude within weeks, although it?s not known exactly how much Google paid to buy the company. ?Ever since we started Moodstocks, our dream has been to give eyes to machines by turning cameras into smart sensors able to make sense of their surroundings,? the French firm wrote. Google said it would use this system to help identity pictures so they can be easily found through a search engine. But the development is likely to stoke privacy fears, as many people are concerned that allowing computers to ?see? like humans will one day enable the construction of a surveillance state in which our every move can be monitored by governments, cops or corporations. The news comes just weeks after it was revealed that Facebook founder, Mark Zuckerberg, tapes over his MacBook camera and microphone. These fears are now bubbling over into the real world. Earlier this week, a man allegedly threw Molotov cocktails at Google Street View cars parked outside its California headquarters. IRONY ALERT Mark Zuckerberg has revealed something unexpected about his attitude to modern life In an affadvit, police officers said the man later told them ?he felt Google was watching him and that made him upset?. Renate Samson, president of the campaign group Big Brother Watch, said people should be aware of the surveillance potential of their computers. ?All connected devices now have a camera and microphone in them, often these can be turned off and on without us knowing,? she told The Sun. ?Making these eyes intelligent will be great for identifying random objects and helping our smart devices to become even smarter, but not so good for keeping your personal life personal. CCTV cameras may soon be able to recognise people using facial recognition technology ?Many people will find the ability for a machine to see everything we see creepy. Covering the camera on your phone, computer or connected device with some dark tape may be one of the few things we can do to keep ourselves safe from prying eyes in the future.? Google said its purchase of Moodstocks would make its services ?simpler and more useful?. Vincent Simonet, head of Google?s French research and development centre, wrote: ?We have made great strides in terms of visual recognition: now you can search in Google Pictures such as ?party? or ?beach? and the application will offer you good pictures without you n ? have never needed to categorize them manually. ?But there is still much to do in this area. And it is here that Moodstocks intervenes.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 9 13:07:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 09 Jul 2016 18:07:20 -0000 Subject: [Infowarrior] - OT: The Star Wars Theme Played on Floppy Drives is Glorious Message-ID: The Star Wars Theme Played on Floppy Drives is Glorious http://io9.gizmodo.com/floppy-disks-make-such-sweet-star-wars-music-1783393206 -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 9 13:08:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 09 Jul 2016 18:08:14 -0000 Subject: [Infowarrior] - Ashley Madison admits using fembots to lure men into spending money Message-ID: <1DD62C43-52A2-47E1-932B-B846F2C58518@infowarrior.org> Ashley Madison admits using fembots to lure men into spending money The hookup site for cheaters admits its mistakes and tries to rebrand. by Annalee Newitz - Jul 8, 2016 12:27pm EDT After nearly a year of radio silence, the infidelity hookup site Ashley Madison has finally released a statement about what's next for the company. Among other things, the company's new executive team admits that it used fembots to lure men into paying to join the site, which promised the men discreet affairs with willing women. In fall 2015, Ashley Madison made headlines when a hacker or hackers known as Impact Team released massive data dumps from the company's source code, member databases, and then-CEO Noel Biderman's e-mail. The member database contained the names of 34 thousand people trying to have extra-marital affairs, and the revelations induced at least one man to commit suicide. In the wake of the data breach, a number of people have filed lawsuits against the company, and the company is currently under investigation by the US Federal Trade Commission. Last year, as part of an investigation into the data dump, I published a series of articles at Gizmodo exposing how the company used female chatbots called "hosts" or "engagers" to trick men into paying for Ashley Madison's services. The scam was simple: when a man signed up for a free account, he almost immediately got a chat or private message from a "woman" whose profile showed a few sexy pictures. To reply to his new lady friend, the man had to pay for an account. In reality, that lady was a few lines of PHP code. In internal e-mails, company executives shared documents that showed more than three-quarters of all paying customers had been converted by a fembot, referred to as a "host." There were more than 70 thousand of these fembot accounts, created in dozens of languages by data entry workers. The workers were told to populate these accounts with fake information and real photos posted by women who had shut down their accounts on Ashley Madison or other properties owned by Ashley Madison's parent company, Avid Life Media. < - > http://arstechnica.com/tech-policy/2016/07/ashley-madison-admits-using-fembots-to-lure-men-into-spending-money/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 11 09:49:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2016 14:49:22 -0000 Subject: [Infowarrior] - Privacy Shield deal lets US tech firms transfer European customers' data again Message-ID: Privacy Shield deal lets US tech firms transfer European customers' data again Jemima Kiss https://www.theguardian.com/technology/2016/jul/08/privacy-shield-data-transfer-us-european-union Governments across the European Union have finally given the green light to a new deal on how consumer data must be transferred with the United States, ending months of delay caused by concern over US surveillance. Privacy Shield, the new commercial data transfer pact, was provisionally agreed by the EU and the US in February and will come into effect on Tuesday. The EU?s top court had struck down the previous data transfer agreement, Safe Harbour, on concerns about intrusive US surveillance ? leaving companies, including Google, Facebook and MasterCard, in legal limbo. Representatives of European Union member states mostly voted in favour of the EU-US Privacy Shield, but there were abstentions from Austria, Slovenia, Bulgaria and Croatia, sources said. Austria and Slovenia have voiced concerns that the pact does not go far enough to secure their citizens? privacy. The new framework will underpin over $250bn of transatlantic trade in digital services annually by facilitating cross-border data transfers that are crucial to international business. ?Today member states have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,? Commission vice-president Andrus Ansip and justice commissioner Vera Jourova said in a statement. The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to US servers by giving EU citizens greater means to seek redress in case of disputes. For 15 years Safe Harbour allowed both US and European firms to bypass tough EU data transferral rules by stating they complied with European privacy standards when storing information on US servers. Cross-border data transfers by businesses include payroll and human resources information as well as lucrative data used for targeted online advertising, which is of particular importance to technology companies. Industry group DIGITALEUROPE which represents Apple, Google, IBM and others, expressed relief at Friday?s vote, saying it would restore trust in data transfers between the EU and United States. ?Our members are ready to implement the new framework and meet the compliance challenge that the strengthened provisions demand from companies,? said John Higgins, director general of the group. TechUK, which represents 900 firms in the UK, described Privacy Shield as a ?restoring a stable legal footing?. ?The coming months will see much discussion on future options for the UK?s data environment in a post-Brexit world, today?s agreement underlines the importance of data flows to transatlantic trade,? said Charlotte Holloway, the group?s associate director of policy. ?We urge policymakers to continue to keep front of mind that data and trade go hand in hand in today?s global economy.? ?Groundbreaking? changes strengthen EU privacy protections, enshrine right to be forgotten and give regulators wide-reaching powers Brussels and Washington intensified negotiations to hammer out a replacement for Safe Harbour after the Court of Justice of the European Union in October declared it invalid because it did not sufficiently protect Europeans? data from US snooping. Revelations three years ago from former US intelligence contractor Edward Snowden of mass US surveillance practices caused political outrage in Europe and stoked mistrust of big US tech companies. ?It (the Privacy Shield) is fundamentally different from the old Safe Harbour: it imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice,? Ansip and Jourova said. The United States will create an ombudsman within the state department to field complaints from EU citizens about US spying and has ruled out indiscriminate mass surveillance of Europeans? data. EU data protection authorities in April demanded that the framework be improved, citing concerns with the leeway they said it left for the United States to collect data in bulk. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jul 11 16:18:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2016 21:18:27 -0000 Subject: [Infowarrior] - =?utf-8?q?Concerns_Arise_Over_Pok=C3=A9mon_Go_Gra?= =?utf-8?q?nting_Full_Access_to_Players=27_Google_Accounts?= Message-ID: Concerns Arise Over Pok?mon Go Granting Full Access to Players' Google Accounts http://www.macrumors.com/2016/07/11/pokemon-go-full-google-account-access/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 12 14:50:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jul 2016 19:50:55 -0000 Subject: [Infowarrior] - After Dallas Shootings, Police Arrest People for Criticizing Cops on Facebook and Twitter Message-ID: <873CF344-A28C-4A96-B1F6-A378667A4CD8@infowarrior.org> After Dallas Shootings, Police Arrest People for Criticizing Cops on Facebook and Twitter https://theintercept.com/2016/07/12/after-dallas-shootings-police-arrest-people-for-criticizing-cops-on-facebook-and-twitter/ Naomi LaChance July 12 2016, 3:26 p.m. Four men in Detroit were arrested over the past week for posts on social media that the police chief called threatening. One tweet that led to an arrest said that Micah Johnson, the man who shot police officers in Dallas last week, was a hero. None of the men have been named, nor have they been charged. ?I know this is a new issue, but I want these people charged with crimes,? said Detroit Police Chief James Craig. ?I?ve directed my officers to prepare warrants for these four individuals, and we?ll see which venue is the best to pursue charges,? he said. Five police officers were killed in the Dallas shootings, the most since September 11. And as a result, law enforcement officials everywhere are suddenly much more sensitive to threats against their lives. But one result has been that several police departments across the country have arrested individuals for posts on social media accounts, often from citizen tips ? raising concerns among free speech advocates. ?Arresting people for speech is something we should be very careful about,? Bruce Schneier of the Berkman Klein Center for Internet & Society at Harvard University, told The Intercept. In Connecticut, police last weekend arrested Kurt Vanzuuk after a tip for posts on Facebook that identified Johnson as a hero and called for police to be killed. He was charged with inciting injury to persons or property. An Illinois woman, Jenesis Reynolds, was arrested for writing in a Facebook post that she would shoot an officer who would pull her over. ?I have no problem shooting a cop for simple traffic stop cuz they?d have no problem doing it to me,? she wrote, according to the police investigation. She was charged with disorderly conduct. In New Jersey, Rolando Medina was arrested and charged with cyber harassment. He allegedly posted on an unidentified form of social media that he would destroy local police headquarters. In Louisiana, Kemonte Gilmore was arrested for an online video where he allegedly threatened a police officer. He was charged with public intimidation. ?Certainly, posting that kind of thing on social media is a bad thought,? professor Larry Dubin of the University of Detroit Mercy School of Law told the Detroit News. ?But having a bad thought isn?t necessarily a crime.? The policing of online threats is hardly a new issue. The Supreme Court set a precedent last year when it ruled that prosecutors pursuing a charge of communicating threats need to prove both that reasonable people would view the statement as a threat and that the intent was to threaten. Elonis v. United States dealt with a man who had posted violent rap lyrics about his estranged wife; the court reversed his conviction. After Dallas, threats may seem more threatening to police officers around the country, said Daniel Medwed, professor of law at Northeastern University. ?We might be seeing more arrests right now because the police will interpret that they have probable cause to make the arrest,? he said. ?But that doesn?t mean in the end that this will result in convictions,? he added. Schneier urged that law enforcement use caution.?This is complicated,? he said. ?We don?t know how to do this ? we?re doing it pretty badly and we should to it better.? But he said it was a sign of the times. These days, almost all communications are recorded in some capacity. ?This new world where things aren?t forgotten is going to be different,? Schneier said. ?And you?re seeing one manifestation of it in casual comments that are resulting in arrest.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jul 12 15:27:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jul 2016 20:27:54 -0000 Subject: [Infowarrior] - House uprising thwarts change to Patriot Act Message-ID: House uprising thwarts change to Patriot Act http://thehill.com/blogs/floor-action/house/287304-house-rejects-bill-to-expand-patriot-act-information-sharing The House failed to pass legislation on Monday to enhance a provision of the Patriot Act that encourages banks to tip off federal authorities to suspected cases of terrorist financing. Many libertarians warned of potential privacy violations if the measure went into effect, which helped prevent it from reaching the necessary two-thirds majority to pass through the fast-track process under which it was considered. While the bill won a simple majority of 229-177, it didn?t clear the supermajority bar needed for passage. The procedure is typically used for noncontroversial bills that pass easily. Section 314 of the Patriot Act, which Congress enacted in the aftermath of the 9/11 terrorist attacks, encourages financial institutions and the federal government to share information with each other about transactions connected to terrorism. Rep. Robert Pittenger (R-N.C.), who authored the bill with Rep. Maxine Waters (Calif.) the top Democrat on the House Financial Services Committee, said it would help clarify the intent of the law so that financial institutions can file reports of suspicious activity without fear of civil litigation. ?We must work to ensure that private financial institutions are not penalized for working with the federal government to combat terrorism financing,? Pittenger said during floor debate. The House Liberty Caucus, chaired by Rep. Justin AmashJustin AmashHouse uprising thwarts change to Patriot Act GOP angst grows over Trump Ryan faces GOP defections on gun proposal MORE (R-Mich.), said the bill should have been considered in committee and warned it could allow the government to access Americans? financial information based on what appears to be suspicious activity. The caucus also panned the decision to consider the bill, which was introduced two weeks ago, under the fast-track procedure which also prohibits amendments. ?The Patriot Act should not be casually expanded,? the caucus said in a statement. ?In short, if the regulations issued under the bill are consistent with current regulations, H.R. 5606 will permit the government to demand information on any American from any financial institution merely upon reasonable suspicion.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jul 13 12:42:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2016 17:42:58 -0000 Subject: [Infowarrior] - American Medical Association Claims False Copyright Over President Obama's Journal Article Message-ID: <8A235D32-D541-4C1D-AA3A-FCF41495D2E0@infowarrior.org> American Medical Association Claims False Copyright Over President Obama's Journal Article https://www.techdirt.com/articles/20160712/17381634952/american-medical-association-claims-false-copyright-over-president-obamas-journal-article.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 14 13:58:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2016 18:58:59 -0000 Subject: [Infowarrior] - Putin: Let's decrypt the Internet Message-ID: (c/o AP) Good luck w/that, Vlad!!! --rick Putin gives federal security agents two weeks to produce ?encryption keys? for the Internet President of Russia 09:28, 7 july 2016 https://meduza.io/en/news/2016/07/07/putin-gives-federal-security-agents-two-weeks-to-produce-encryption-keys-for-the-internet After signing controversial anti-terrorist legislation earlier today, President Putin ordered the Federal Security Service (the FSB, the post-Soviet successor to the KGB) to produce encryption keys to decrypt all data on the Internet. According to the executive order, the FSB has two weeks to do it. Responsibility for carrying out Putin's instructions falls on Alexander Bortnikov, the head of the FSB. The new ?anti-terrorist? laws require all ?organizers of information distribution? that add ?additional coding? to transmitted electronic messages to provide the FSB with any information necessary to decrypt those messages. It's still unclear what information exactly online resources are expected to turn over, given that all data on the Internet is encoded, one way or another, and in many instances encryption keys for encrypted information simply don't exist. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jul 14 16:09:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2016 21:09:46 -0000 Subject: [Infowarrior] - Microsoft wins landmark appeal over seizure of foreign emails Message-ID: reuters.com Microsoft wins landmark appeal over seizure of foreign emails By Jonathan Stempel http://www.reuters.com/article/us-microsoft-usa-warrant-idUSKCN0ZU1RJ NEW YORK A federal appeals court on Thursday said the U.S. government cannot force Microsoft Corp and other companies to turn over customer emails stored on servers outside the United States. The 3-0 decision by the 2nd U.S. Circuit Court of Appeals in Manhattan is a defeat for the U.S. Department of Justice, and a victory for privacy advocates and for technology companies offering cloud computing and other services around the world. Circuit Judge Susan Carney said communications held by U.S. service providers on servers located outside the United States are beyond the reach of domestic search warrants issued under the Stored Communications Act, a 1986 federal law. "Congress did not intend the SCA's warrant provisions to apply extraterritorially," she wrote. "The focus of those provisions is protection of a user's privacy interests." Microsoft had been challenging a warrant seeking emails stored on a server in Dublin, Ireland, in a narcotics case. It was believed to be the first U.S. company to challenge a domestic search warrant seeking data held outside the country. Thursday's decision reversed a July 2014 ruling by then-Chief Judge Loretta Preska of the U.S. District Court in Manhattan requiring Microsoft to turn over the emails. It also voided a contempt finding against the company. Peter Carr, a Justice Department spokesman, said the agency was disappointed in the decision and was reviewing its legal options. Microsoft did not respond to requests for comment. The case has attracted strong interest from the technology and media sectors, amid concern that giving prosecutors expansive power to collect data outside the country could make it harder for U.S. companies to compete there. Dozens of companies, organizations and individuals filed briefs supporting Microsoft's appeal, including the U.S. Chamber of Commerce, Amazon.com Inc, Apple Inc, Cisco Systems Inc, CNN, Fox News Network, Gannett Co and Verizon Communications Inc. Had the court gone the other way, "it would have been like the Wild West, with no clear, stable legal rules applying," Greg Nojeim, senior counsel with the nonprofit Center for Democracy & Technology in Washington, D.C., said in an interview. "FREE-FOR-ALL" WAS FEARED Microsoft had said the warrant could not reach emails on the Dublin server because U.S. law did not apply there. The Redmond, Washington-based company also said enforcing the warrant could spark a global "free-for-all," where law enforcement authorities elsewhere might seize emails belonging to Americans and stored in the United States. MORE HEADACHES FOR TESLA: Influential consumer magazine urges Tesla to disable Autopilot steering Federal prosecutors countered that quashing warrants such as Microsoft's would impede their own law enforcement efforts. But Judge Carney said limiting the reach of warrants serves "the interest of comity" that normally governs cross-border criminal investigations. She said that comity is also reflected in treaties between the United States and all European Union countries, including Ireland, to assist each other in such probes. Some law enforcement officials have said obtaining such assistance can, nonetheless, be cumbersome and time-consuming. Circuit Judge Gerard Lynch concurred in the judgment, and urged Congress to update the "badly outdated" 1986 law to strike a better balance between current law enforcement needs and users' privacy interests and expectations. He said the law as it stands lets Microsoft thwart an otherwise justified demand to turn over emails by the "simple expedient" of choosing to store them outside the United States. "I concur in the result, but without any illusion that the result should even be regarded as a rational policy outcome, let alone celebrated as a milestone in protecting privacy," he wrote. The case is In re: Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp, 2ndU.S. Circuit Court of Appeals, No. 14-2985. (Reporting by Nate Raymond and Jonathan Stempel in New York, and Diane Bartz and Dustin Volz in Washington, D.C.; Editing by Jonathan Oatis) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 15 08:07:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2016 13:07:19 -0000 Subject: [Infowarrior] - Treaty For The Blind Comes Into Force... But US Refuses To Ratify Because Publishers Association Hates Any User Rights Message-ID: Treaty For The Blind Comes Into Force... But US Refuses To Ratify Because Publishers Association Hates Any User Rights https://www.techdirt.com/articles/20160712/23374034954/treaty-blind-comes-into-force-us-refuses-to-ratify-because-publishers-association-hates-any-user-rights.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 15 10:19:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2016 15:19:26 -0000 Subject: [Infowarrior] - UK gov says new Home Sec will have powers to ban end-to-end encryption Message-ID: <08B84EC7-58AF-4589-9473-92C8AF50EF46@infowarrior.org> UK gov says new Home Sec will have powers to ban end-to-end encryption 14 Jul 2016 at 11:05, http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/ IPBill During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption. Earl Howe, a minister of state for defence and the British government's deputy leader in the House of Lords, gave the first explicit admission that the new legislation would provide the government with the ability to force CSPs to ?develop and maintain a technical capability to remove encryption that has been applied to communications or data?. This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for energy and climate change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter. Present at the House of Lords debate, the Liberal Democrat member Lord Strasburger complained that ?the implication of what [the government] is saying is that no one may develop end-to-end encryption. One feature of end-to-end encryption is that the provider cannot break it; encryption is private between the users at both ends. He seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would in theory become illegal. I think that there is quite a lot of work to be done on this.? Earl Howe responded: ?I was certainly not implying that the Government wished to ban end-to-end encryption; in fact, we do not seek to ban any kind of encryption. However, there will be circumstances where it is reasonably practicable for a company to build in a facility to de-encrypt the contents of communication.? As Labour member Baroness Hayter attempted to explain: ?There will be times when state security undoubtedly needs access to encrypted information for a specific investigation. This is not the problem. The problem is whether the Government would ever require a company to engineer such access, enforcing the company to create a model which, if then followed by other nations with perhaps less security than ours, would lead to a lowering of standards.? Earl Howe stated that the government?s central point was that it did ?not think that companies should provide safe spaces to terrorists and other criminals in which to communicate. They should maintain the ability when presented with an authorisation under UK law to access those communications?. The admission follows Theresa May?s confession last November that, since the turn of the millennium, secretaries of state have been issuing secret directions under section 94 of the Telecommunications Act 1984, without any judicial authorisation. The first glimpse of oversight these received was published in a report by the Interception of Communications Commissioner?s Office last week, which revealed that at least 23 directions were currently in effect on national security grounds. Under the Investigatory Powers Bill, section 94 of the Telecommunications Act will be repealed, but secretaries of state will have the new power to issue national security and technical capability notices to much the same effect. Section 94, as Howe admitted, ?has been used for a range of purposes, including for the acquisition of communications data in bulk? though these are now being codified in statute. The oversight being introduced for these powers is an obvious improvement on the complete lack of oversight before through the new Investigatory Powers Commissioner, and in a recent amendment to the bill the government added the need for a Judicial Commission to approve both national security and technical capability notices. Not all parties are completely satisfied, however, with IOCCO continuing to recommend ? as explained in its evidence to the bill?s Joint Committee (PDF) ? that an Investigatory Powers Commission, rather than just a commissioner, would be necessary for the purpose of providing a ?clear legal mandate for the oversight body". IOCCO explained that: ?The reality is that the Judicial Commissioners will only be performing a very narrow part of the oversight ? the prior authorisation of some of the more intrusive investigatory powers. The bulk of the oversight will actually be carried out by inspectors and staff within the Commission who need a clear legal mandate to require information from public authorities, to launch and undertake audits, inspections, inquiries, investigations and react in real time when non-compliance or contraventions of the legislation are discovered during an inspection.? Speaking to The Register shortly before the debate, Lord Strasburger said: ?It?s a tragedy that proper scrutiny and improvement of the Investigatory Powers Bill is not happening because politicians and the public are totally distracted by Brexit and the machinations of the two main parties.? The bill, noted Strasburger, was ?what David Cameron described as one of the most important bills of the entire parliament, but it?s progressing with not much attention from anybody. It is not receive the scrutiny and attention that it absolutely deserves, apart from the Liberal Democrats and a few cross-benchers in the House of Lords.? ? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 15 13:20:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2016 18:20:38 -0000 Subject: [Infowarrior] - redacted "28 pages" of 9/11 report released Message-ID: <1A8C6CB0-A6B1-461B-A10E-1389AC558C77@infowarrior.org> (Interesting - I'd have expected it to have been dumped this evening. --rick) July 15, 2016, 02:05 pm Congress publishes redacted 28 pages from 9/11 report By Harper Neidig The House Intelligence Committee on Friday released 28 previously classified pages from a 2002 congressional investigation into the Sept. 11, 2001, terror attacks. Some suspected the document contains information linking Saudi Arabia to the attackers. The Saudi Ambassador to the U.S. Abdullah Al-Saud said he welcomed the release of the redacted pages. ?Saudi Arabia has long called for the release of the classified ?28 Pages,? We hope the release of these pages will clear up, once and for all, any lingering questions or suspicions about Saudi Arabia?s actions, intentions, or long-term friendship with the United States," he said in a statement. ?Saudi Arabia is working closely with the United States and other allies to eradicate terrorism and destroy terrorist organizations," he added. Read the 28 pages below .... < -- > http://thehill.com/blogs/ballot-box/287947-congress-publishes-redacted-28-pages-from-9-11-report -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 15 14:33:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2016 19:33:52 -0000 Subject: [Infowarrior] - Fox News commentator who feds say faked a CIA career sentenced to 33 months in prison Message-ID: <1A18613B-45AA-4069-8679-62FB4CBA2832@infowarrior.org> Fox News commentator who feds say faked a CIA career sentenced to 33 months in prison http://www.facebook.com/rachel.elise.weiner Wayne Simmons was a professional football player, a drug trafficker, an Iranian nightclub doorman, a Fox News guest analyst and an intelligence adviser in Afghanistan. What Simmons , 62, was not, according to all available evidence, was a CIA agent. In federal court in Virginia Friday, just before he was sentenced to 33 months in prison, he apologized for lying about his security clearance, his criminal history and his finances. ?There is not a day that goes by that I am not haunted by these mistakes,? Simmons said. ?I stand before you a shameful and broken man.? But Simmons, who wore a blue suit and an American flag lapel pin, did not back down on his claims that he spent 27 years as an agency operative doing work so dangerous and secretive that it went entirely unrecorded. He said Friday that he lied his way into military contractor work to make use of a ?special skill set? he implied was acquired undercover. Judge T.S. Ellis III was unconvinced. < - > https://www.washingtonpost.com/local/public-safety/fox-news-analyst-still-wont-admit-he-was-not-in-cia/2016/07/14/eb61b5e4-478e-11e6-bdb9-701687974517_story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jul 15 19:36:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2016 00:36:51 -0000 Subject: [Infowarrior] - U.S. to Allow Foreigners to Serve Warrants on U.S. Internet Firms Message-ID: <71786A8D-6430-498E-BFE6-9E77DF43E46C@infowarrior.org> wsj.com U.S. to Allow Foreigners to Serve Warrants on U.S. Internet Firms Devlin Barrett and Jay Greene Updated July 15, 2016 8:00 p.m. ET http://www.wsj.com/articles/obama-administration-negotiating-international-data-sharing-agreements-1468619305 The Obama administration is working on a series of agreements with foreign governments that would allow them for the first time to serve U.S. technology companies with warrants for email searches and wiretaps?a move that is already stirring debates over privacy, security, crime and terrorism. Brad Wiegmann, a senior official at the Justice Department, discussed the administration?s efforts during a public forum on Friday at a congressional office building in Washington, D.C. The first such agreement is being assembled with the U.K., he said. Word of the plans came one day after a federal appeals court ruled that federal warrants couldn?t be used to search data held overseas by Microsoft Corp. MSFT -0.07 % , dealing the agency a major legal defeat. The court?s decision in favor of Microsoft could prove to be a major barrier to the Obama administration?s proposed new rules to share data with other nations in criminal and terrorism probes, which would be sharply at odds with the ruling. It might lead some companies to reconfigure their networks to route customer data away from the U.S., putting it out of the reach of federal investigators if the administration?s plan fails. The Justice Department has indicated it is considering appealing the Microsoft ruling to the Supreme Court. Meanwhile, Justice Department officials are pressing ahead with their own plan for cross-border data searches. Under the proposed agreements described by Mr. Wiegmann, foreign investigators would be able to serve a warrant directly on a U.S. firm to see a suspect?s stored emails or intercept their messages in real time, as long as the surveillance didn?t involve U.S. citizens or residents. Such deals would also give U.S. investigators reciprocal authority to search data in other countries. ?They wouldn?t be going to the U.S. government, they?d be going directly to the providers,?? said Mr. Wiegmann. Any such arrangement would require that Congress pass new legislation, and lawmakers have been slow to update electronic privacy laws. That U.K. agreement, which must be approved by the legislatures of both countries, could become a template for similar deals with other countries, U.S. officials said. Mr. Wiegmann said the U.S. would strike such deals only with nations that have clear civil liberties protections to ensure that the search orders aren?t abused. ?These agreements will not be for everyone. There will be countries that don?t meet the standards,?? he said. Greg Nojeim, a privacy advocate at the Center for Democracy and Technology, criticized the plan. He said it would be ?swapping out the U.S. law for foreign law?? and argued that U.K. search warrants have less stringent judicial protections than U.S. law. British diplomat Kevin Adams disputed that, saying the proposal calls for careful judicial scrutiny of such warrants. Privacy concerns over creating new legal authorities are overblown, he added. ?What is really unprecedented is that law enforcement is not able to access the data they need,?? Mr. Adams said. The ability to monitor a suspect?s communications in real time ?is really an absolutely vital tool to protect the public.?? While Thursday?s court decision represented a victory for Microsoft, which strives to keep data physically near its customers, it may not be viewed as a positive development for all internet companies, said University of Kentucky law professor Andrew Woods. Yahoo Inc., YHOO -0.63 % Facebook Inc. FB -0.37 % and Alphabet Inc. GOOGL -0.02 % ?s Google operate more centralized systems. They didn?t file briefs in support of Microsoft?s position in the case, he noted. Mr. Woods warned that increased localization of data could have the unintended consequence of encouraging governments to become more intrusive. ?If you erect barriers needlessly to states getting data in which they have a legitimate interest, you make this problem worse,?? he said. ?You increase the pressure that states feel to introduce backdoors into encryption.? Microsoft President and Chief Legal Officer Brad Smith said the company shares concerns about the ?unintended consequences? of excessive data localization requirements. ?But rather than worry about the problem, we should simply solve it? through legislation, Mr. Smith said. Microsoft supports the proposed International Communications Privacy Act. That legislation would, among other provisions, create a framework for law enforcement to obtain data from U.S. citizens, regardless of where the person or data was located. Companies and governments generally agree that the current legal framework for cross-border data searches is far too slow and cumbersome. Though major tech firms don?t always agree on the particular changes they would like to see, the industry has long sought to get clearer rules from the U.S. and other governments about what their legal obligations are. A coalition of the country?s largest tech companies, including Microsoft, Facebook and Google, created a group called Reform Government Surveillance that is pushing for updating data-protection laws. The group has said it was ?encouraged by discussions between the U.S. and the U.K.? Thursday?s ruling could lead some Microsoft rivals that offer email, document storage, and other data storage services, but which haven?t designed systems to store data locally, to alter their networks, said Michael Overly, a technology lawyer at Foley & Lardner in Los Angeles. Google, for example, stores user data across data centers around the world, with attention on efficiency and security rather than where the data is physically stored. A given email message, for instance, may be stored in several data centers far from the user?s location, and an attachment to the message could be stored in several other data centers. The locations of the message, the attachment and copies of the files may change from day to day. ?[Internet companies] themselves can?t tell where the data is minute from minute because it?s moving dynamically,? Mr. Overly said. The ruling could encourage tech companies to redesign their systems so that the data, as it courses through networks, never hits America servers. A person familiar with Google?s networks said that such a move wouldn?t be easy for the company. ?Jack Nicas contributed to this article. Write to Devlin Barrett at devlin.barrett at wsj.com and Jay Greene at Jay.Greene at wsj.com -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 16 08:02:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2016 13:02:33 -0000 Subject: [Infowarrior] - NBC's 'Most Live Olympics Ever' Will Have A One Hour Broadcast Delay For The Opening Ceremony Message-ID: <4966C3FC-AC2F-4D7A-A4B3-1363B4DB9E1E@infowarrior.org> (Not that I plan to watch, but the commentary is spot-on. --rick) NBC's 'Most Live Olympics Ever' Will Have A One Hour Broadcast Delay For The Opening Ceremony https://www.techdirt.com/articles/20160713/06492834958/nbcs-most-live-olympics-ever-will-have-one-hour-broadcast-delay-opening-ceremony.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 16 14:19:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2016 19:19:10 -0000 Subject: [Infowarrior] - Justice department 'uses aged computer system to frustrate Foia requests' Message-ID: <59976631-9F6F-4E8F-B975-9F3BF2108915@infowarrior.org> Justice department 'uses aged computer system to frustrate Foia requests' Sam Thielman in New York Saturday 16 July 2016 08.00 EDT Last modified on Saturday 16 July 2016 08.01 EDT http://www.theguardian.com/politics/2016/jul/16/justice-department-freedom-of-information-computer-system A new lawsuit alleges that the US Department of Justice (DoJ) intentionally conducts inadequate searches of its records using a decades-old computer system when queried by citizens looking for records that should be available to the public. Freedom of Information Act (Foia) researcher Ryan Shapiro alleges ?failure by design? in the DoJ?s protocols for responding to public requests. The Foia law states that agencies must ?make reasonable efforts to search for the records in electronic form or format?. In an effort to demonstrate that the DoJ does not comply with this provision, Shapiro requested records of his own requests and ran up against the same roadblocks that stymied his progress in previous inquiries. A judge ruled in January that the FBI had acted in a manner ?fundamentally at odds with the statute?. Now, armed with that ruling, Shapiro hopes to change policy across the entire department. Shapiro filed his suit on the 50th anniversary of Foia?s passage this month. Foia requests to the FBI are processed by searching the Automated Case Support system (ACS), a software program that celebrates its 21st birthday this year. Not only are the records indexed by ACS allegedly inadequate, Shapiro told the Guardian, but the FBI refuses to search the full text of those records as a matter of policy. When few or no records are returned, Shapiro said, the FBI effectively responds ?sorry, we tried? without making use of the much more sophisticated search tools at the disposal of internal requestors. ?The FBI?s assertion is akin to suggesting that a search of a limited and arbitrarily produced card catalogue at a vast library is as likely to locate book pages containing a specified search term as a full text search of database containing digitized versions of all the books in that library,? Shapiro said. The DoJ has contended to Shapiro and others that only one of ACS?s three search functions, the Universal Name Index (Uni), is necessary to fulfill the law. The Uni search does not include the text of the files in the ACS, merely search terms entered ? or not ? by the FBI agent handling the case in question. Shapiro told the Guardian that the reason the DoJ gave for refusing to use its $425m Sentinel software to process Foia requests after ACS had failed to recover records was that a Sentinel search ?would be needlessly duplicative of the FBI?s default ACS UNI index-based searches and wasteful of Bureau resources?. To Shapiro, this is both disingenuous and evidence of the well-documented resistance to this law at the DoJ. A PhD candidate at MIT, Shapiro is at work on a dissertation dealing with the conflict between perceived national security concerns and animal rights. The Department of Justice has chafed under Foia requirements for even longer than it has used ACS. In 1981, the then FBI director, William H Webster, told the American Bar Association that the DoJ was ?working with Congress to determine what corrective measures will be taken? regarding what it saw as a danger to the security of its investigations from Foia. The department never got its Foia exemption. The FBI?s chief technology officer during the second George W Bush administration, Jack Israel, said he was unimpressed with the system in a Q&A cited in Shapiro?s complaint with the now-defunct site FierceGovernmentIT. ?ACS ? the Automated Case Support system ? is based on old technology,? Israel said four years ago. ?It?s based on an IBM mainframe with legacy database and programming technology, and I would say one of the main things that strikes you as a user of ACS is that you?re dealing with the old IBM green screens. You?re not dealing with a web-based environment, which everyone is used to from the internet.? Not only is the interface archaic, but the way that you search data, the way you input data, all of those are archaic, wrote Shapiro in his complaint. Indeed, in 2012 a DoJ commission headed by Webster himself investigating the 2009 Fort Hood shooting called ACS ?the FBI?s most outdated system?, noting that ?[i]t is being phased out in favor of an impressive Web-based successor, Sentinel?. More recently, the FBI?s own investigation into the September 11 attacks found that ?[o]n September 11, 2001, the Bureau?s information technology was inadequate to support its counterterrorism mission?, noting further that ?[t]he FBI?s legacy investigative information system, the Automated Case Support (ACS), was not very effective in identifying information or supporting investigations?. A DoJ spokesman declined to comment for this article. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jul 16 16:07:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2016 21:07:30 -0000 Subject: [Infowarrior] - Sandia Labs Researchers Build DNA-Based Encrypted Storage Message-ID: <1D91AEE6-2E48-4BEB-99C4-2D531E3FBE68@infowarrior.org> Sandia Labs Researchers Build DNA-Based Encrypted Storage http://www.darkreading.com/vulnerabilities---threats/sandia-labs-researchers-build-dna-based-encrypted-storage-/d/d-id/1326267 Husband and wife team George and Marlene Bachand are biological engineers with a remarkable vision of the future. The researchers at the Sandia National Laboratories Center for Integrated Nanotechnologies foresee a time when a speck of DNA on a piece of paper the size of a millimeter could securely store the entire anthology of Shakespeare?s works. George Bachand says the first practical applications for DNA-based storage are for long-term archival purposes. Potentially, such a product could securely store records for the National Archives, government personnel records, research findings at the national labs, or other sensitive classified information. ?Historically, the national laboratories and the US government have a lot of highly secure information that they need to store long-term,? Bachand explains. ?I see this as a potentially robust way of storing classified information in the future to preserve it for multiple generations.? Crypto, Synthetic DNA, and The Bard The Bachands' project, Synthetic DNA for Highly Secure Information Storage and Transmission, was inspired when researchers at the European Bioinformatics Institute recorded all of Shakespeare?s sonnets into 2.5 million base pairs of DNA ? about half the genome of the tiny E. coli bacterium. Bachand says using this method, the researchers could theoretically store 2.2 petabytes of information in one gram of DNA. That?s 200 times the printed material at the Library of Congress. Bachand adds that unlike digital forms of storage, DNA never becomes obsolete. ?Hard drives fail and very often the data can?t be recovered,? explains Bachand. ?With DNA, it?s possible to recover strands that are 10,000 to 20,000 years old.? There?s another reason why DNA is more secure. DNA consists of four chemically different building blocks, or bases, commonly referred to by their one-letter abbreviations: A, C, G, and T. All life on Earth stores genetic information in DNA, which is read in groups of three making 64 possible triplet codons, or sequences (think 4 to the 3rd power). So given that spaces make up on average 15- to 20% of the characters in a text document, instead of using AAA for a ?space? in the text, an encryption key could specify that TAG, TAA and TGA is the code for a space while GAA and CTC could be code for the ?Letter E.? By reducing the amount of repetition--in other words, reducing the AAA?s--it makes DNA synthesizing run more smoothly. As an added bonus, reducing the repetition also makes brute-force hacking much more difficult. The team?s first test came about 18 months ago with a 180-word tweet. The goal was to turn text to DNA, encrypt it using a unique translation key, and then turn the DNA back to text. How-To Here?s how it?s done: Using a computer algorithm, the team encrypts a message into a sequence of DNA. They then chemically synthesize the DNA. The DNA is read via DNA sequencing and translated and decoded using the same computer algorithm. Upon succeeding with the tweet, last fall the team encoded an abridged version of a letter written by former President Harry Truman into DNA. They then spotted the DNA onto a Sandia Labs letterhead and mailed it, along with a conventional letter, around the country. After the letter?s cross-country trip, the Bachands extracted the DNA out of the paper, sequenced the DNA and decoded the message in about 24 hours at a cost of $45. Therein lies the rub. While storage costs are cheap and there are many new biotech companies doing DNA sequencing, it can take four to six weeks to make a DNA sequence. Bachand says synthesizing just 3,000 characters can cost up to $5,000. But its potential is dramatic: Instead of needing a 15,000 square-foot building to store 35,000 boxes of inactive records and archival documents, Sandia National Laboratories can potentially store information on much less paper, in powder form, in test tubes or petri dishes, or even as a bacterial cell. ?It sounds funny, but even if someone sneezes and the powder is lost, it?s possible to recover all the information by just recovering one DNA molecule,? Bachand explains. -- It's better to burn out than fade away.