From rforno at infowarrior.org Wed Jun 1 20:39:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Jun 2016 21:39:08 -0400 Subject: [Infowarrior] - Universal cancer vaccine on horizon after genetic breakthrough Message-ID: (c/o EP) Universal cancer vaccine on horizon after genetic breakthrough Sarah Knapton, Science Editor 1 June 2016 ? 8:10pm http://www.telegraph.co.uk/science/2016/06/01/universal-cancer-vaccine-on-horizon-after-genetic-breakthrough/ The team focussed on a class of immune cells call dendritic cells which are constantly on the look-out for foreign invaders in the body. Once a dendritic cell spots a rogue cell like cancer, it captures molecules from the surface and presents it to killer T-cells to instruct it to begin fighting the disease. However cancer cells look very similar to normal cells and so the immune system often avoids them. The new technology involves placing a small piece of genetic code in a nanoparticle and giving it a slightly negative charge so it is drawn to dendritic immune cells in the spleen, lymph nodes and bone marrow. Once there it orders the creation of a cancer molecule ? known as an antigen ? which is then used as a biological mugshot so that immune cells know what to look out for. The authors proved that it triggers a strong T-cell response and starts fighting tumours. Dr Aine McCarthy, Cancer Research UK?s senior science information officer: ?By combining laboratory-based studies with results from an early-phase clinical trial, this research shows that a new type of treatment vaccine could be used to treat patients with melanoma by boosting the effects of their immune systems. ?Because the vaccine was only tested in three patients, larger clinical trials are needed to confirm it works and is safe, while more research will determine if it could be used to treat other types of cancer. The research was published in the journal Nature. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 2 06:24:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jun 2016 07:24:07 -0400 Subject: [Infowarrior] - US International Trade Commission Predicts Negligible Economic Benefits From TPP Message-ID: US International Trade Commission Predicts Negligible Economic Benefits From TPP https://www.techdirt.com/articles/20160525/08131834543/official-us-international-trade-commission-predicts-negligible-economic-benefits-tpp.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 2 17:15:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jun 2016 18:15:12 -0400 Subject: [Infowarrior] - FBI Kept Demanding Email Records Despite DOJ Saying It Needed a Warrant Message-ID: FBI Kept Demanding Email Records Despite DOJ Saying It Needed a Warrant Jenna McLaughlin June 2 2016, 5:22 p.m. https://theintercept.com/2016/06/02/fbi-kept-demanding-email-records-despite-doj-saying-it-needed-a-warrant/ The secret government requests for customer information Yahoo made public Wednesday reveal that the FBI is still demanding email records from companies without a warrant, despite being told by Justice Department lawyers in 2008 that it doesn?t have the lawful authority to do so. That comes as a particular surprise given that FBI Director James Comey has said that one of his top legislative priorities this year is to get the right to acquire precisely such records with those warrantless secret requests, called national security letters, or NSLs. ?We need it very much,? Comey told Sen. Tom Cotton, R-Ark., during a congressional hearing in February. At issue is whether the national security letters empower the FBI to demand what are called ?electronic communication transactions records,? or ECTRs. Such records can include email header information ? not their content ? and browsing histories. In 2008, the Justice Department?s Office of Legal Counsel concluded that the FBI was only entitled to get the name, address, length of service, and toll billing records from companies without a warrant. Opinions issued by the OLC are generally treated as binding and final within the executive branch. The FBI has said it disagrees with that conclusion, and interprets the opinion differently, according to a 2014 inspector general report. It sees the question as more of an ?impasse? than an actual legal barrier. But activists, members of Congress, and academics think the DOJ opinion was pretty clear. ?The Justice Department told FBI officials that if they want to demand Americans? email records, they need a court order,? Senator Ron Wyden, D-Ore., said in a statement emailed to The Intercept. ?It is very troubling that the FBI has apparently not been adhering to that guidance.? ?It seems that the FBI has again crossed the line when it comes to ECTRs, even after being explicitly told ? under the Bush administration, no less ? that they were not legally authorized to demand these personal records absent a court order,? Robyn Greene, policy counsel for the Open Technology Institute, wrote in a message to The Intercept. ?The last thing Congress should be doing right now is giving the FBI more leeway to abuse its NSL authorities.? The FBI declined to comment. But one of the letters Yahoo released ? after being released from a gag order ? started as follows: Under the authority of Executive order 12333, dated July 30, 2008, and pursuant to Title 18 of the United States Code (U.S.C.), 2709 (201 of the Electronic Communications Privacy Act of 1986) (as amended), you are hereby directed to provide to the Federal Bureau of Investigation (FBI) the names, addresses, and length of service and electronic communications transactional records, to include existing transaction/activity logs and all electronic mail (e-mail) header information, for the below-listed email/IP address holder(s). Major service providers know the FBI doesn?t have the authority to make all those demands. In fact, Yahoo did not turn over the electronic communication transactions records, including ?activity logs and all e-mail header information.? ?We disclosed [the records] as authorized by law,? wrote Chris Madsen, head of Yahoo?s global law enforcement, security, and safety team, in a blog post. Chris Soghoian, chief technologist at the American Civil Liberties Union, said FBI agents might be hoping at least some recipients don?t know they lack the authority they claim to have. ?Essentially, the FBI believes they can ask for the sun, the moon and the stars in an NSL, while knowing that tech companies don?t have to turn over anything more than name, address and length of service,? he wrote in an email. ?The FBI asks for so much, because it is banking that some companies won?t know the law and will disclose more than they have to. ? The FBI is preying on small companies who don?t have the resources to hire national security law experts,? he argued. Facebook officials drafted and made public their law enforcement guidelines in 2012, in the hopes of clarifying what they believed technology companies are required to turn over. ?We interpret the national security letter provision as applied to Facebook to require the production of only two categories of information: name and length of service,? read the guidelines. Technology companies rarely talk about NSLs because of the accompanying gag orders. But one technology company official told The Intercept on background that ?it is our general understanding that other companies also comply narrowly (in line with the DOJ OLC Opinion).? The FBI issued nearly 13,000 national security letters in 2015 alone, for information about almost 50,000 different people. They go to internet, technology, social media, and communications companies of all sizes, as well as banks. Only now are some of the gags being lifted, nearly two and a half years after President Obama announced that he was ordering the Justice Department to terminate gag orders ?within a fixed time unless the government demonstrates a real need for further secrecy.? The debate over how much power an NSL grants started 10 years ago, when two unidentified technology companies refused to provide information beyond the most basic subscriber data. (In NSLs of that era and before, that have since been disclosed, the FBI?s demands sometimes included web browsing records as well as email metadata.) The companies argued that the law cited in the NSLs didn?t obligate them to turn over anything more ? and President George W. Bush?s Department of Justice agreed. The FBI has repeatedly asked Congress to give it the explicit power to get email and browsing data through NSLs, with no success. Right now, there are provisions in two separate bills that would do so. Privacy advocates have fought tooth and nail against such a move, considering it a huge expansion of the FBI?s warrantless surveillance capabilities. Comey described the change during a congressional hearing in February. ?It?s necessary because what I believe is a typo in the 1993 statue that has led to some companies interpreting it in a way I don?t believe Congress ever intended,? he said. ?So it?s ordinary, but it affects our work in a very, very big and practical way.? Privacy advocates say that?s disingenuous?and they are even more infuriated that the FBI is apparently asking for that information anyway. ?This should send up a huge red flag for Congress about the real potential for abuse,? OTI?s Robyn Greene concluded. Contact the author: Jenna McLaughlin?jenna.mclaughlin@?theintercept.comt at JennaMC_Laugh -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 3 12:57:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Jun 2016 13:57:00 -0400 Subject: [Infowarrior] - =?utf-8?q?EU=E2=80=99s_forthcoming_Net_Neutrality?= =?utf-8?q?_rules_Leaked?= Message-ID: <80A00558-4A93-48E7-8F30-EA82DDE9453E@infowarrior.org> EU?s forthcoming Net Neutrality rules Leaked: Here?s The Good, the Bad and the Ugly von Thomas Lohninger am 03. Juni 2016, 13:51 in Netzneutralit?t / 1 Kommentar A draft version of the EU regulators? guidelines on net neutrality has been leaked . The good news: they?re not terrible. The bad news: they contain huge loopholes on all essential points. This post explains what this means for Europe?s upcoming net neutrality reform. https://netzpolitik.org/2016/leak-eus-forthcoming-net-neutrality-rules-heres-the-good-the-bad-and-the-ugly/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 3 12:59:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Jun 2016 13:59:20 -0400 Subject: [Infowarrior] - UK Gov't Creating Secret Mega Database On Citizens Without Informing Parliament Message-ID: UK Home Office is creating mega database by stitching together ALL its gov records 3 Jun 2016 at 11:41, http://www.theregister.co.uk/2016/06/03/home_office_mega_database/ Exclusive The UK Home Office is secretly creating a centralised database on the good folk of Britain without presenting the capability increases to the public or subjecting them to Parliamentary scrutiny. The Register can reveal the project, which was described as simply a ?replatforming? of the department's aging IT infrastructure, has already begun to roll out, with the ?first wave? of changes being delivered in what it is calling the Technology Platforms for Tomorrow (TPT) programme. TPT will lay the foundations for this mega database by ushering in ?core infrastructure, compute platforms and Live Service capability? changes, primarily using Hadoop, the open source software framework for centralising databases and allowing batch queries and analyses to be run across them in bulk. While this data on the population is currently stored in ?siloed? and disparate databases, connecting it could make it possible to automatically follow individuals' records across all of the Home Office's many directorates, from the two years' worth of car journeys logged in the ANPR data centre, to the passports database, the police databases, and many others. After laying off over a third of its old IT staff, the Home Office has recently been attempting to recruit Hadoop specialists to help it build and maintain this new ?single platform?, with a presentation and talk seemingly doing the rounds around the user circuit until the Home Office got spooked by The Register. According to one of these presentations, which your correspondent attended, the department will be using HDFS, the Hadoop File System, ?for storing all the data? that its various directorates are imbibing, which ?could be image, it could be video, it could be anything?. Among the aims in using this data, according to consultant Stephen Deakin delivering a presentation at a Hadoop Use Group UK (HUGUK) meeting earlier this year, was ?to create interactive applications for the border force at the border control points, also for police officers actually in their cars?. The applications would ?run on hand-held devices as well, as well as interactive applications potentially for other Home Office departments and also being able to produce transaction applications so we can run analytics we can run all sorts of various algorithms around there, including machine learning,? added Deakin. Despite this increased capability to automate digital tracking of the population and the intention to run machine learning algorithms on the public's information, there has been no presentation of these details to Parliament and there will be no additional scrutiny or oversight mechanisms applied to it. The plans were criticised by the leader of the Liberal Democrats, Tim Farron MP, who told The Register: ?Trying to get away with a substantial change simply by labelling it as IT replatforming is simply unacceptable. With measures such as the request filter being pushed in the investigatory powers bill centralising databases will essentially allow Government to build up a full profile of every single person in the country.? Farron added: ?Trying to bypass Parliament is not an option and the Home Secretary must come clean about her real intentions.? The number of databases that the Home Office directorates hold is unknown and has not been clarified by the department. The other speaker at the HUGUK meeting, the head of strategy and architecture, Simon Bond, recognised this and offered a slide suggesting the scale of those databases. ?Deliberately [the slide below is] a slide you can't read, and we won't be sending these out,? said Bond, ?but what this [would] actually [be] saying if it was bigger, is how [do] we think about the Home Office in a way which isn't siloed, and start thinking about it in a way which we think about 'What are the capabilities that everyone needs?'? The aforementioned slide from Bond's presentation. Photo Alexander J Martin for The Register When asked about the intentions regarding new regulation of all of this data, a Home Office spokesperson told The Register that the storage and querying of data is currently ?protected by the Data Protection Act, the Protection of Freedoms Act and the Official Secrets Act? and that the department's current approach to data would remain in place. However, the spokesperson added: ?As new modes of data integration and analytics emerge, we continue to review the adequacy of these policy and legislative frameworks and introduce additional controls as necessary.? The TPT's ?crucial work?, as a Home Office spokesperson described it, included ?taking greater direct control over the design, delivery and operation of technology systems; standardising, integrating and reusing solutions across services and developing a broader supplier base, including niche expert suppliers.? Such niche expert suppliers are likely to include San Jose-based Hortonworks. The Register understands that roughly two years ago the government department started looking at using Hadoop as a means of cutting the costs of its Oracle-dominated workloads. At that time Hortonworks was the only accredited Hadoop support company listed on the government's procurement platform G-Cloud and so the contract was awarded to them without the contract tender for a proof-of-concept going public. The contract, which lasted around three months, included 30-odd days of consulting work, but how this was carried out is unclear: The Register has learned that it was deemed to affect information of such sensitivity that the Home Office refused to allow Hortonworks' employees to co-locate with its own staff, and as such the department rented the business separate offices to work from. It is unclear what current involvement Hortonworks has with the project, as the Home Office has provided no public estimates regarding its complete delivery. Acknowledging that the department had ?made some big mistakes with technology over the last few decades,? Bond said in his presentation that the moving away from those decades of outsourcing by building the open source ?single platform? in the Home Office itself would help the department meet its 30 per cent budgeted funding cut until the next election. El Reg has repeatedly contacted Hortonworks for comment but did not receive answers on this subject when we asked. We will update if we hear more. ? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jun 4 16:06:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Jun 2016 17:06:43 -0400 Subject: [Infowarrior] - VICE: Snowden Tried to Tell NSA About Surveillance Concerns, Documents Reveal Message-ID: Exclusive: Snowden Tried to Tell NSA About Surveillance Concerns, Documents Reveal By Jason Leopold, Marcy Wheeler, and Ky Henderson June 4, 2016 | 1:35 pm On the morning of May 29, 2014, an overcast Thursday in Washington, DC, the general counsel of the Office of the Director of National Intelligence (ODNI), Robert Litt, wrote an email to high-level officials at the National Security Agency and the White House. The topic: what to do about Edward Snowden. Snowden's leaks had first come to light the previous June, when the Guardian's Glenn Greenwald and the Washington Post's Barton Gellman published stories based on highly classified documents provided to them by the former NSA contractor. Now Snowden, who had been demonized by the NSA and the Obama administration for the past year, was publicly claiming something that set off alarm bells at the agency: Before he leaked the documents, Snowden said, he had repeatedly attempted to raise his concerns inside the NSA about its surveillance of US citizens ? and the agency had done nothing. Some on the email thread, such as Rajesh De, the NSA's general counsel, advocated for the public release of a Snowden email from April 2013 in which the former NSA contractor asked questions about the "interpretation of legal authorities" related to the agency's surveillance programs. It was the only evidence the agency found that even came close to verifying Snowden's assertions, and De believed it was weak enough to call Snowden's credibility into question and put the NSA in the clear. Litt disagreed. "I'm not sure that releasing the email will necessarily prove him a liar," Litt wrote to Caitlin Hayden, then the White House National Security Council spokesperson, along with De and other officials. "It is, I could argue, technically true that [Snowden's] email... 'rais[ed] concerns about the NSA's interpretation of its legal authorities.' As I recall, the email essentially questions a document that Snowden interpreted as claiming that Executive Orders were on a par with statutes. While that is surely not raising the kind of questions that Snowden is trying to suggest he raised, neither does it seem to me that that email is a home run refutation." Within two hours, however, Litt reversed his position, and later that day, the email was released, accompanied by comment from NSA spokesperson Marci Green Miller: "The email did not raise allegations or concerns about wrongdoing or abuse." Five days later, another email was sent ? this one addressed to NSA director Mike Rogers and copied to 31 other people and one listserv. In it, a senior NSA official apologized to Rogers for not providing him and others with all the details about Snowden's communications with NSA officials regarding his concerns over surveillance. The NSA, it seemed, had not told the public the whole story about Snowden's contacts with oversight authorities before he became the most celebrated and vilified whistleblower in US history. Hundreds of internal NSA documents, declassified and released to VICE News in response to our long-running Freedom of Information Act (FOIA) lawsuit, reveal now for the first time that not only was the truth about the "single email" more complex and nuanced than the NSA disclosed to the public, but that Snowden had a face-to-face interaction with one of the people involved in responding to that email. The documents, made up of emails, talking points, and various records ? many of them heavily redacted ? contain insight into the NSA's interaction with the media, new details about Snowden's work, and an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden. The trove of more than 800 pages [pdf at the end of this story], along with several interviews conducted by VICE News, offer unprecedented insight into the NSA during this time of crisis within the agency. And they call into question aspects of the US government's long-running narrative about Snowden's time at the NSA. ( Big Snip ) https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 7 18:01:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Jun 2016 19:01:33 -0400 Subject: [Infowarrior] - Facebook and Google battle latest FBI attempt to expand surveillance Message-ID: Facebook and Google battle latest FBI attempt to expand surveillance Danny Yadron http://www.theguardian.com/world/2016/jun/07/fbi-silicon-valley-fight-surveillance-web-browsing The FBI and Silicon Valley are in a fight over whether web browsing records are the same as telephone bill records. The latest surveillance battle gripping the technology industry is focused on a rewrite of US surveillance law that would mean the justice department would be able to access a citizen?s web browsing history, location data and some email records without approval from a judge using a so-called ?national security letters? (NSLs). The FBI contends that such data is covered implicitly under current statute, which was written years ago and only explicitly covers data normally associated with telephone records. Director James Comey now is lobbying Congress to make clear it also applies to the digital equivalent. Late on Monday, major technology companies including Google, Facebook and Yahoo sent a letter warning Congress that they would oppose any efforts to rewrite law in the FBI?s favor. ?This expansion of the NSL statute has been characterized by some government officials as merely fixing a ?typo? in the law,? the companies wrote. ?In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users? online activities without court oversight.? It marks another battle over a small clause in federal law that could dramatically affect how the US conducts terrorism investigations. For years, the bureau has relied on the controversial national security letters to obtain certain types of data quickly from technology companies. These letters don?t require a warrant and often come with a gag order prohibiting the recipients from discussing them. Technology companies complain the FBI has become too reliant on them, but the FBI complains that cases are getting slowed down because some companies have stopped cooperating. It?s not so much that technology companies don?t want to give any user data to the government. Rather, their legal teams have problems with the growth of national security letters because the accompanying gag orders prevent companies from telling users much about how they help the government. This can create mistrust and, as happened after the Edward Snowden leaks, eventual embarrassment if the details are disclosed. Companies also argue NSLs are problematic because of the lack of judicial oversight. They give too much power to one branch of government, they argue, and make it hard to predict what the government may ask for next. Comey has said expanding NSL rules is one of his agencies top legislative priorities. US senators are exploring multiple ways to pass the law tweak this year. Technology and legal experts also dispute Comey?s argument that he effectively is asking Congress to correct a typo. In 2008, the justice department?s office of legal counsel said explicitly that the agency can only issue national security letters for ?name, address, length of service, and local and long distance toll billing records?. At the time, the government had asked DoJ?s lawyer if those four types of data are ?exhaustive or merely illustrative of the information that the FBI may request and a provider may turn over?. To which the office of legal counsel responded: ?We conclude that the list ... is exhaustive.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 9 11:25:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jun 2016 12:25:54 -0400 Subject: [Infowarrior] - Obama administration approves transition of Internet domain system Message-ID: <6A070232-D2CB-4130-8EA5-514BCCB77B0F@infowarrior.org> Obama administration approves transition of Internet domain system David McCabe http://thehill.com/policy/technology/282860-commerce-approves-domain-name-transition The Department of Commerce gave its approval Thursday to a hotly debated plan to transition away from United States control of the domain name system. ?The Internet?s multistakeholder community has risen to the challenge we gave them to develop a transition proposal that would ensure the Internet?s domain name system will continue to operate as seamlessly as it currently does,? Larry Strickling, who heads the agency?s National Telecommunications and Information Administration (NTIA), said in a statement. The domain name system helps direct users easily around the web by connecting numerical addresses with the names ? like Google.com ? consumers associate with websites. Strickling told reporters that ?we have determined that the proposal in meeting our criteria has broad support from the Internet stakeholders, it will support and enhance the multistakeholder model, it will maintain the security, stability and resiliency of the domain name system, it will meet the needs and expectations of the global customers and partners of the IANA functions and it maintains the openness of the Internet.? ?And most importantly, the proposal meets another key condition and that is it does not replace NTIA?s role with a governmental or intergovernmental solution.? For years, the United States has controlled the domain name system through a contract it has with a nonprofit, the Internet Corporation for Assigned Names and Numbers (ICANN). The Obama administration initiated steps in 2014 to hand over control to an international group of stakeholders. Now that the Department of Commerce has signed off on the plan, provided to the agency in March, ICANN has until August to address some issues raised by its review. The contract expires at the end of September, and Strickling said the agency would consider in ?early August" whether it needs to be extended. It?s a critical step in a transition that has been a source of significant controversy. Several tech groups support the proposal. But conservative critics of the transition say that it stands to be handled poorly or place control of a key part of the Internet in the hands of unfriendly governments. Sen. Ted CruzTed CruzObama administration approves transition of Internet domain system Kasich: 'Hard to say' whether I'll support Trump What happens to Ryan after Trump loses? MORE (R-Texas), who recently dropped out of the presidential race, introduced a bill on Wednesday that would prohibit the government from handing over control over the domain name system without Congress?s authorization. Another, less strict, bill was gaining ground last year before Cruz put a hold on it. Lawmakers have also placed a funding restriction on the transition, but Strickling said that will only matter if the restriction extends into the next financial year. ?The transition would not take place prior to the end of this fiscal year, and so we will see what the situation will be for 2017,? he said. ?As of now the contract would expire on its own terms at the end of September,? he added. ?That doesn?t require any affirmative action on our part but we are working with Congress and want to get them comfortable with our assessment of this plan and hopefully that won?t be an issue when we get to the end of September, provided ICANN?s done its work and is ready to go.? ?This story was updated at 11:49 a.m. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 9 12:11:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jun 2016 13:11:09 -0400 Subject: [Infowarrior] - =?utf-8?q?Fwd=3A_Card_Readers_Allow_Oklahoma_High?= =?utf-8?q?way_Patrol_To_Seize_Suspects=E2=80=99_Money?= References: <18AA6F45-7545-49F0-8090-9A76E0C63694@gizmopartners.com> Message-ID: <1D0F4230-6252-4668-8BAF-E682E4CC99B0@infowarrior.org> > Begin forwarded message: > > From: Chris > > http://www.popsci.com/card-reader-allow-oklahoma-cops-to-seize-suspects-money > > State police in Oklahoma have begun using a device that can seize money on prepaid cards. Electronic Recovery and Access to Data (ERAD) card readers can also document and check the balance on credit, debit, or prepaid cards, and freeze funds. > > Developed in 2012, the card readers have allowed state and local police to seize more than $1 million during field tests, the Department of Homeland Security said in a report last year. The devices have now been moved to the commercial market. > > If you are suspected of criminal activity, the Oklahoma Highway Patrol can use ERAD to scan your cards and take money from prepaid cards without a warrant or arrest. The state police began using 16 of the readers last month. > > "If you can prove that you have a legitimate reason to have that money it will be given back to you,? Oklahoma Highway Patrol Lieutenant John Vincent told News9.com. > > Oklahoma State Senator Kyle Loveless opposes the use. News 9 reports that he is planning to introduce legislation to combat civil asset forfeiture, the practice under which assets can be seized without a conviction. > > [via News9.com] > From rforno at infowarrior.org Fri Jun 10 06:38:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jun 2016 07:38:56 -0400 Subject: [Infowarrior] - =?utf-8?q?FBI_claimed_Petraeus_shared_=E2=80=98to?= =?utf-8?q?p_secret=E2=80=99_info_with_reporters?= Message-ID: <826030C5-5EEA-44EB-8099-93C7437A4880@infowarrior.org> FBI claimed Petraeus shared ?top secret? info with reporters https://www.techdirt.com/articles/20160609/09071034664/gen-petraeus-leaked-classified-info-to-journalists-sent-sensitive-documents-to-non-secure-email-accounts.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 10 07:08:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jun 2016 08:08:42 -0400 Subject: [Infowarrior] - Tesla Accused Of Ordering Owners Not To Talk About Their Repairs Message-ID: <96CD6712-D698-460F-9884-F78E01C04F0C@infowarrior.org> Tesla Accused Of Ordering Owners Not To Talk About Their Repairs America?s auto safety watchdog, the National Highway Traffic Safety Administration, slammed Tesla Motors today for apparently asking customers to sign nondisclosure agreements after repairs that seemingly bar them from discussing potentially serious safety issues with regulators, Automotive News reported. The report says NHTSA has warned Tesla about the company?s NDAs, which appear to include language asking customers to refrain from mentioning repairs to NHTSA in exchange for lower out-of-warranty repair costs. < - > http://jalopnik.com/tesla-accused-of-ordering-owners-not-to-talk-about-thei-1781634791 -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 10 10:05:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jun 2016 11:05:00 -0400 Subject: [Infowarrior] - New York Times Says Fair Use Of 300 Words Will Run You About $1800 Message-ID: <35647F2E-15A5-4963-9993-C49B92C9734E@infowarrior.org> New York Times Says Fair Use Of 300 Words Will Run You About $1800 https://www.techdirt.com/articles/20160609/14210334670/new-york-times-says-fair-use-300-words-will-run-you-about-1800.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 10 17:14:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jun 2016 18:14:23 -0400 Subject: [Infowarrior] - Semi-OT: Hillary's Memory Hole, continued Message-ID: <72001858-BF79-4EB8-97A3-7FECCABAB810@infowarrior.org> Hillary deletes more than emails as the latest edition of her memoir removes all her cheerleading for controversial Trans-Pacific Partnership trade deal http://www.dailymail.co.uk/news/article-3635981/Hillary-deletes-emails-latest-edition-memoir-removes-cheerleading-controversial-Trans-Pacific-Partnership-trade-deal.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 10 17:16:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jun 2016 18:16:45 -0400 Subject: [Infowarrior] - Prenda lawyers lose key appeal, will pay $230k sanction Message-ID: <2464C086-2972-4BE1-A3D1-04A1CE2ABA44@infowarrior.org> Prenda lawyers lose key appeal, will pay $230k sanction "Courts started catching on to plaintiffs? real business of copyright trolling." by Joe Mullin - Jun 10, 2016 3:58pm EDT http://arstechnica.com/tech-policy/2016/06/appeals-court-upholds-sanctions-against-prenda-law-copyright-scheme/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jun 11 09:50:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Jun 2016 10:50:57 -0400 Subject: [Infowarrior] - Google Announces Support of the Controversial TPP Message-ID: <3B430931-7C66-4B34-B298-0017F141D551@infowarrior.org> Google Announces Support of the Controversial TPP https://yro.slashdot.org/story/16/06/11/0219238/google-announces-support-of-the-controversial-tpp -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jun 12 10:46:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Jun 2016 11:46:18 -0400 Subject: [Infowarrior] - SSCI Bill Adopts Fundamental Classification Review Message-ID: <4C56E4AC-FD8B-45B3-B41F-F08D07CB52F2@infowarrior.org> SSCI Bill Adopts Fundamental Classification Review Posted on Jun.10, 2016 in classification, Congress, Intelligence by Steven Aftergood http://fas.org/blogs/secrecy/2016/06/ssci-fcgr/ The Fundamental Classification Guidance Review (FCGR) that was launched by President Obama?s 2009 executive order 13526 would be written into statute by the Senate Select Committee on Intelligence in its version of the FY intelligence authorization act (S. 3017), released this week. The FCGR has become the primary mechanism for systematically updating agency classification rules and deleting obsolete secrecy requirements. Performed every five years, it entails the review of thousands of individual classification guides. After the first FCGR in 2012, hundreds of such guides were eliminated. ?A reasonable outcome of the review overall, though not necessarily in the case of each program or guide, is to expect a reduction in classification activity across government,? wrote William Cira, acting director of the Information Security Oversight Office, in a March 17 memo to agencies initiating the second FCGR, which is to conclude by June 2017. The FCGR can advance ?our shared goals for greater openness and reduced classification activity while protecting legitimate national security interests,? wrote DNI James Clapper in a March 23 addendum, embracing the FCGR and adding some new requirements to it. The Senate bill (section 809) does not modify the existing FCGR process, but would enshrine it in statute. The new bill includes several other reporting requirements that appear uncommonly assertive, if not intrusive. For example, the Committee would expect the Privacy and Civil Liberties Oversight Board to keep it informed of all the Board?s activities, ?including any significant anticipated activities.? The Committee would require submission of copies of all memoranda of understanding between U.S. intelligence agencies. And the Committee would require notification of all classified and unclassified presidential directives to intelligence agencies, and their implementation. In short, the bill would reset the terms of the congressional intelligence oversight relationship, seemingly dispensing with comity and imposing mandatory disclosure to Congress of various categories of records. Executive branch resistance may be anticipated. For the first time in living memory, the SSCI bill was reported out of Committee on June 6 without a written report to publicly explain and expand upon its provisions. It did, however, include a classified annex. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 13 05:47:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jun 2016 06:47:30 -0400 Subject: [Infowarrior] - Regarding the FBI's expertise/success in investigating 'terrorists'.... Message-ID: Before Nightclub Shooting, FBI Pursued Questionable Florida ?Terror? Suspects Trevor Aaronson https://theintercept.com/2016/06/12/before-nightclub-shooting-fbi-pursued-questionable-florida-terror-suspects/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 13 06:25:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jun 2016 07:25:44 -0400 Subject: [Infowarrior] - Fwd: a new challenge to government secrecy References: <1116388182.1714263.1465816876929.JavaMail.yahoo@mail.yahoo.com> Message-ID: -- It's better to burn out than fade away. > Begin forwarded message: > > From: Mark M > > 45 years after the Pentagon Papers, a new challenge to government secrecy > By Sanford J. Ungar June 12 at 8:17 PM > > > https://www.washingtonpost.com/opinions/45-years-after-the-pentagon-papers-a-new-challenge-to-government-secrecy/2016/06/12/dbbaad20-2ce6-11e6-b5db-e9bc84a2c8e4_story.html > > Sanford J. Ungar, author of ?The Papers & the Papers: An Account of the Legal and Political Battle over the Pentagon Papers,? is a Lumina Foundation fellow and teaches seminars on free speech at Harvard and Georgetown universities. > > Nothing is more important to the health and sustainability of a modern democracy than its citizens? awareness of, and confidence in, what their government is doing. Excessive government secrecy ? inherent, instinctive, utterly unnecessary and often bureaucratically self-protective ? is poison to the well-being of civil society. > > It is useful to remember this simple precept Monday, the 45th anniversary of the 1971 publication by the New York Times of the Pentagon Papers, a classified government history of decades of U.S. involvement in Southeast Asia and the untruths the public was told about it. > > For the 17 days that followed, the Nixon administration and the press, already at odds, duked it out in the federal courts while the Times, The Post and other media withheld the information under judicial orders. Although the Supreme Court ruled, 6 to 3, on June 30 that the administration had not justified its demand for prior restraint on further publication, the legacy of the case has been a subject of argument ever since. > > Because the subsequent criminal charges against Daniel Ellsberg for leaking the documents ended in a mistrial, the right of current or former government officials to reveal foreign policy misconduct has never been convincingly established. In the digital age, the boundaries, if any, of press freedom in the United States are more difficult to define. Whether the more recent secret-document dumps by Chelsea Manning and Edward Snowden were in the public interest remains unclear. > > But one thing is certain: Government secrecy, especially in matters of foreign policy and national security, is worse than ever, and the over-classification of information increases by the day. > > As a member of the Public Interest Declassification Board (PIDB), based at the National Archives, I have come to appreciate the mind-boggling dimensions of this problem: > > The volume of the federal government?s classified ?digital information assets? is growing at an astonishing pace. The Clinton Presidential Library has about four terabytes? worth to be processed, and the George W. Bush Library 10 times as much. There is no official estimate of the amount generated during the Obama administration. > > According to the Archives, as of 2012, ?the Presidential Libraries alone [held] the equivalent of at least 5 billion pages of digital information in need of review. Lining the pages end-to-end would stretch over 631,313 miles .?.?. enough to circle the Earth more than 25 times.? > > This fantastical tally does not include the uncountable classified electronic records held outside the presidential libraries, or the hundreds of millions of paper records going back decades and still being created. The Archives is, in a word, out of space to store the paper records and cannot possibly review them fast enough to make room for all the new ones. > > ?Review? here is a euphemism for an often-tortuous process in which overtaxed declassification experts from various federal agencies painstakingly go over documents line by line to determine what can be made public without posing a national security risk. > > In a classic instance of good intentions leading to problematic consequences, reforms requiring intelligence agencies to share more information with each other have created a new genre of secret documents ? in which distinct parts of the bureaucracy all have their own interests to protect. Hence, much of the material must be circulated for repeated examinations before it can be released. Frequently, different agencies redact different portions of documents, and a further adjudication process may ensue. > > Two current concepts offer a glimmer of hope. One, pressed by the PIDB, is to allow the National Declassification Center at the Archives to replace what its director calls the ?factory? approach to document review (which often results in the declassification of routine information of little public interest) with a system of prioritization. > > This would involve developing a consensus among interested parties, including Congress, historians and journalists, on an annual list of big-ticket topics on which declassified documents (even some not ordinarily due for review for 25?years) might shed particularly useful light ? policy deliberations leading to the wars in Afghanistan and Iraq, for example. Arriving at each year?s list of issues for priority attention, naturally, could be extremely difficult. > > More radical is the push to introduce widespread use of electronic declassification of sensitive documents, an effort sponsored, to the surprise of many, by the CIA, along with the Archives. > > Research conducted by the Center for Content Understanding (CCU) at the University of Texas in Austin has shown that sophisticated computers can be taught the analytical ability to understand natural language and concepts as humans do, in order to provide ?decision support? technology for classification and declassification alike. > > Cheryl Martin, director of the CCU, held a briefing last month for officials from Cabinet departments, intelligence agencies and others, including PIDB representatives; she demonstrated that when reviewing small samples of classified material, the computers achieved 98 percent accuracy ? a better record than human reviewers. > > Members of the intelligence community, who reflexively classify far too much information in the first place, worry about the grave risks that could arise from the 2 percent of mistakes the computers might make. You could see this on their faces at Martin?s briefing. (Of course, you cannot prosecute a computer for endangering national security, but how about its programmer or minder?) > > But change, be it gradual or rapid, must come, and soon. The alternative is to continue relying on manual processes that can only be compared to trying to bail the water out of a sinking ship that?s about to get hit by a tsunami. And to expect periodic crises over leaks, orchestrated by people who think drastic measures are justified to let the public in on more of its own vital business. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Mon Jun 13 07:50:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jun 2016 08:50:35 -0400 Subject: [Infowarrior] - Microsoft to buy LinkedIn for $26.2 billion; Message-ID: <65079F19-E6DA-40DA-B2C1-9B1C6FB315E0@infowarrior.org> Microsoft to buy LinkedIn for $26.2 billion; LNKD shares jump 48 pct Kate Rooney | @Kr00ney http://www.cnbc.com/2016/06/13/microsoft-to-buy-linkedin.html This story is developing. Please check back for further updates. Microsoft announced a deal to acquire professional social platform LinkedIn for $196 per share Monday. The all-cash deal is valued at $26.2 billion. Shares of LinkedIn surged 48 percent in pre-market trading after the announcement. Jeff Weiner will stay on as CEO of LinkedIn and will report to Microsoft CEO Satya Nadella. The deal is expected to close by the end of the calendar year. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 14 12:08:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jun 2016 13:08:40 -0400 Subject: [Infowarrior] - Russian government hackers penetrated DNC, stole opposition research on Trump Message-ID: Russian government hackers penetrated DNC, stole opposition research on Trump Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach. The intruders so thoroughly compromised the DNC?s system that they also were able to read all email and chat traffic, said DNC officials and the security experts. The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available. A Russian Embassy spokesman said he had no knowledge of such intrusions. Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer cleanup campaign, the committee officials and experts said. The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers. The intrusions are an example of Russia?s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president ? much as American spies gather similar information on foreign candidates and leaders. The depth of the penetration reflects the skill and determination of the United States? top cyber adversary as Russia goes after strategic targets, from the White House and State Department to political campaign organizations. ?It?s the job of every foreign intelligence service to collect intelligence against their adversaries,? said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI?s cyber division. He noted that it is extremely difficult for a civilian organization to protect itself from a skilled and determined state such as Russia. ?We?re perceived as an adversary of Russia,? he said. ?Their job when they wake up every day is to gather intelligence against the policies, practices and strategies of the U.S. government. There are a variety of ways. [Hacking] is one of the more valuable because it gives you a treasure trove of information.? < - > https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 14 16:01:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jun 2016 17:01:59 -0400 Subject: [Infowarrior] - OT: The right response to Donald Trump? A media blackout. Message-ID: <69DBDCE5-99EF-4E91-9C30-85FB428C95F7@infowarrior.org> (Indeed -- the media enabled this pathetic situation in its quest for viewers and ratings. They got played -- er, used -- perfectly. -- rick) The right response to Donald Trump? A media blackout. By Dana Milbank Opinion writer June 14 at 3:42 PM https://www.washingtonpost.com/opinions/the-right-response-to-donald-trump-a-media-blackout/2016/06/14/2868a0e0-3256-11e6-8758-d58e76e11b12_story.html Donald Trump?s ban of Post journalists has left other news outlets with a stark choice: your ratings or your responsibility as journalists in a free society? Trump?s announcement that he is barring Post journalists from his events follows similar bans he put on reporters from Politico, Huffington Post, BuzzFeed, Gawker, Foreign Policy, Fusion, Univision, Mother Jones, the New Hampshire Union Leader, the Des Moines Register and the Daily Beast. Trump goons have been known to kick out undesirable reporters at Trump events. For those journalists and media executives who still don?t share the view of Post Executive Editor Martin Baron that Trump?s action ?is nothing less than a repudiation of the role of a free and independent press,? it won?t be long before Trump comes for you, too. Earlier this year, Trump said he would ?open up? libel laws ? in other words, dispense with the First Amendment ? to make it easier for him to sue news outlets. He has suggested that, if president, he would use antitrust laws to harass Amazon founder Jeff Bezos, who owns The Post. And longtime Trump adviser Roger Stone has proposed that a President Trump seek retribution against CNN: ?Turn off their FCC license.? This goes beyond even Nixonian hostility. Before Trump events, all journalists ? blacklisted or not ? must apply for permission to attend. They are then notified if their applications have been approved. But there is, happily, a just and appropriate response to Trump?s blacklist: a Trump blackout. I don?t mean an outright ban of Trump coverage. That would be shirking our civic responsibility. But I suggest an end to the uncritical, free publicity that propelled him to the GOP nomination in the first place: ? No more live, wall-to-wall coverage of Trump?s rallies and events; this sort of ?coverage,? particularly by cable news outlets, has been a huge in-kind contribution to Trump. ? No more Trump call-ins to TV shows; this enables him to plant falsehoods with little risk of follow-up. ? Rigorous use of real-time fact-checking, pointing out Trump?s falsehoods in the stories in which they?re reported. That?s not injecting opinion ? it?s stating fact. Beyond that, news organizations should demand that the Republican National Committee, at next month?s convention, reinstate and credential all media outlets that Trump has banned. Does the RNC want to join Trump in opposing a free press? Politicians have long tried to freeze out critical reporters and news organizations by refusing to return phone calls or denying them questions at news conferences; I got that treatment covering George W. Bush?s White House. But this is fundamentally different: If Trump were to behave this way in office, he could choose which journalists and outlets would be admitted to the White House briefing room, participate in the press pool or join presidential events. A push-back against Trump?s authoritarian actions could work, because Trump relies almost entirely on free media attention. He lacks a traditional campaign apparatus with the ability to target and mobilize voters with advertising and field organizing. Trump won the nomination using what the British call the ?dead cat? tactic: Throw a dead cat on the table, and that?s what people will talk about. Trump kept hurling cats, thereby staying a step ahead of the media watchdogs. In a report out Monday, Harvard University?s Shorenstein Center found that eight top news outlets gave Trump the equivalent of $55 million of free advertising last year, and about two-thirds of Trump coverage was positive. Taking the news media as a whole, the center said the claim that Trump?s media coverage was worth $2 billion in ads ?might well be correct.? Shorenstein?s Thomas Patterson suggests a ?corrective? response by the media to Trump?s blacklist. ?Too many journalists are hung up on the old balance of ?he said, she said? and are silent about putting their finger on the scale and saying which viewpoint has the larger weight? of truth, he told me. ?One would hope that would change.? That has begun to change in the past month. The focus has shifted from Trump?s dead cats to serious probing of Trump?s past, falsehoods and racial politics. Nobody has done this better than my colleagues at The Post ? which is the real reason for Trump?s blacklisting. Covering Trump will be more difficult if Post reporters are denied seats on the Trump press charter and news conferences and access to Trump rallies. But their coverage will be as vigorous as before. The question is whether other news organizations will recognize that Trump?s ban is not just an attack on The Post but a call to conscience for all who believe in a free press. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 14 16:47:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jun 2016 17:47:23 -0400 Subject: [Infowarrior] - Feds sue Seattle to keep FBI surveillance camera program secret Message-ID: <2CA5A5AE-C246-417B-9863-0266E6709EB8@infowarrior.org> Feds sue Seattle to keep FBI surveillance camera program secret By LEVI PULKKINEN, SEATTLEPI.COM STAFF Federal prosecutors claim City Light records would expose investigations Published 2:03 pm, Monday, June 13, 2016 http://www.seattlepi.com/local/crime/article/Feds-sue-Seattle-to-keep-FBI-surveillance-camera-8107443.php The Justice Department has sued the city of Seattle in an effort to hide details of FBI surveillance efforts in the city. Attorneys for the federal government are seeking a court order preventing the city from releasing Seattle City Light documents related to FBI-operated surveillance cameras installed on power poles. In a lawsuit filed Monday, the U.S. Attorney?s Office contends the information requested through Washington?s Public Records Act would expose the covert video surveillance effort. At issue are a series of records requests from KIRO/7?s Graham Johnson and others related to the FBI effort. Court records show Johnson filed a public disclosure request on Aug. 6 seeking ?all records related to the installation of law enforcement surveillance cameras on Seattle City Light poles and property.? Writing in Monday?s legal action, assistant U.S. Attorney Peter Winn claimed the documents are exempt from disclosure because they were provided to the city ?in furtherance of the FBI?s criminal and national security missions pursuant to an express agreement that the information would be held in confidence and not used or disclosed for any other purpose without the permission of the FBI.? Winn went on to describe a long-running effort by the FBI?s technical surveillance section meant to secretly record and track subjects identified by the FBI. Winn contended the FBI is permitted to install video cameras on power poles if doing so is ?reasonably likely to achieve investigative objectives.? Unlike more general surveillance efforts, the FBI usually uses surveillance cameras to pursue a particular person or group of people, Winn said. The cameras are installed close to locations where the subject is known to be. ?Disclosure of the location of an FBI surveillance camera nearly always can reasonably be expected to reveal the location of the subject of the investigation,? the federal prosecutor told the court. The FBI began sharing information about the cameras with City Light in 2013, according to the legal action. It did so to keep City Light workers from removing or destroying the cameras. The city released some information about the program in November over objections from the FBI. When additional requests were filed in January, the city agreed to delay release so the Justice Department could seek an injunction, as it did Monday. Records provided by the federal government as part of the legal action describe the locations of 23 surveillance cameras installed around the city by the Seattle Police Department and other law enforcement agencies. The FBI appears to have been operating nine cameras in Seattle. The FBI has cut off communication with City Light, and Winn claims FBI personnel and equipment has been put at risk. U.S. District Judge Richard Jones issued a temporary restraining order preventing the city from disclosing information about the program prior to a full hearing on the matter. An initial hearing date has not yet been set. Seattlepi.com reporter Levi Pulkkinen can be reached at 206-448-8348 or levipulkkinen at seattlepi.com. Follow Levi on Twitter at twitter.com/levipulk. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 14 18:18:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jun 2016 19:18:25 -0400 Subject: [Infowarrior] - Appeals Court upholds FCC net neutrality rules Message-ID: <7E994B2B-2802-4601-B45D-03EE6991446E@infowarrior.org> washingtonpost.com Cable and telecom companies just lost a huge court battle on net neutrality https://www.washingtonpost.com/news/the-switch/wp/2016/06/14/the-fcc-just-won-a-sweeping-victory-on-net-neutrality-in-federal-court Post tech reporter Hayley Tsukayama explains the idea of net neutrality and why its future could affect every Internet user. (Davin Coburn/The Washington Post) A federal appeals court has voted to uphold a series of strict new rules for Internet providers, handing a major victory to regulators in the fight over net neutrality and ensuring that one of the most sweeping changes to hit the industry in recent years will likely remain on the books. The 2-1 court ruling Tuesday forces Internet providers such as Verizon and Comcast to obey federal regulations that ban the blocking or slowing of Internet traffic to consumers. The regulations from the Federal Communications Commission also forbid carriers from selectively speeding up websites that agree to pay the providers a fee ? a tactic critics have said could unfairly tilt the commercial playing field against startups and innovators who may not be able to afford it. [How net neutrality went to court in the first place] More broadly, the decision affirms Washington's ability to regulate Internet providers like legacy telephone companies. Approved in a bitterly partisan vote last year, the move by the FCC to "reclassify" Internet providers significantly expanded the agency's role in overseeing the industry. It opened up Internet providers to all-new obligations they were not subject to before, such as privacy requirements that all telecom companies currently follow in order to protect consumers' personal data. Tuesday's opinion from the U.S. Court of Appeals for the D.C. Circuit comes months after a group of industry leaders, including AT&T and the nation's top cable association, sued the FCC in hopes of overturning the rules. They argued that the agency overstepped its congressionally granted authority in applying telecom-style rules to Internet providers, a class of industry that had been only lightly regulated during the Bush administration. The court verdict puts to rest ? for now ? a key question: Whether the Internet represents a vital communications platform that deserves to be regulated with the same scrutiny as the common networks of the past, such as the telephone system. Writing for the court, Judges David Tatel and Sri Srinivasan held that despite advances in technology, the underlying importance of the Internet to everyday communications and commerce makes it more similar to the phone system than not. Today, for example, consumers are accustomed to using not just the email accounts that their broadband provider gave them, but also using third-party services such as Gmail as well as Netflix, Amazon and Uber. "Given the tremendous impact third-party internet content has had on our society, it would be hard to deny its dominance in the broadband experience," the judges wrote. "Over the past two decades, this content has transformed nearly every aspect of our lives, from profound actions like choosing a leader, building a career, and falling in love to more quotidian ones like hailing a cab and watching a movie." [What the heck is net neutrality?] The industry had claimed that certain services they offered as part of the Internet bundle, such as email, were one reason it deserved to be lightly regulated as "information services" under the FCC's rules, rather than as "telecommunications services," which are policed more strictly. The court's lone dissenting voter, Judge Stephen Williams, said that while he agreed that the FCC could legally classify broadband companies as telecommunications carriers, the agency did not do enough to prove that today's information ecosystem has changed sufficiently to justify the move. Federal regulators and consumer advocates hailed the landmark ruling ? marking the third time the FCC had gone to court to defend its net neutrality rules ? as a decisive outcome in a years-long battle over the future of the Internet. "Today?s ruling is a victory for consumers and innovators who deserve unfettered access to the entire web, and it ensures the internet remains a platform for unparalleled innovation, free expression and economic growth," FCC chairman Tom Wheeler said in a statement. "This is a slam-dunk win," said Gene Kimmelman, president of the advocacy group Public Knowledge. "It's just a huge win for the open Internet order and for the FCC." Industry officials must now mull whether to escalate the court battle. The National Cable and Telecommunications Association, the top cable trade group that also challenged the FCC rules, said it was considering its options in light of the decision. "This is unlikely the last step in this decade-long debate over Internet regulation," it said. Broadband providers could next request a re-hearing at the D.C. Circuit ? but some carriers hinted at going further. ?We have always expected this issue to be decided by the Supreme Court, and we look forward to participating in that appeal,? said AT&T general counsel David McAtee. Even as Internet providers weigh an appeal, Tuesday's ruling sets the stage for a new set of debates over the future of the Web. Now the FCC must decide how to implement many of the regulations it laid out in its net neutrality policy. Internet providers now face expectations they once could safely ignore because they were not considered telecommunications carriers. For instance, phone companies currently must obtain consumers' explicit consent before sharing their names, phone numbers, addresses or other personal information with marketers. Internet providers do not, but a pending proposal at the FCC would seek to extend a similar set of expectations to broadband companies. The FCC has also held recent meetings with companies to discuss an increasingly common practice known as "zero rating," where carriers allow subscribers to use certain partner services without counting that usage against data caps. While zero-rating gives users virtually unlimited access to popular online content, critics say it could give large, established companies an advantage over smaller ones. With the D.C. Circuit's approval, the FCC can now move more decisively toward implementing and enforcing rules such as these. Read the full court opinion here (PDF). -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 06:41:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 07:41:42 -0400 Subject: [Infowarrior] - NATO adds cyber to operation areas Message-ID: <638D49A2-64B3-4EDF-A49B-BBCB460AD156@infowarrior.org> NATO Declares Cyber A Domain; Nato SecGen Waves Off Trump By Colin Clark on June 14, 2016 at 2:54 PM http://breakingdefense.com/2016/06/nato-declares-cyber-a-domain-nato-secgen-waves-off-trump/ NATO HQ: It?s taken a while, but NATO Secretary General Jens Stoltenberg announced here that the 28-member alliance has agreed to declare cyber an operational domain, much as the sea, air and land are. The really important result of this is that, for the first time, a cyber attack could trigger Article 5, the core NATO language that mandates an attack on one country is an attack on all. This clarifies some strategic ambiguity and assuages a major concern of allies like Estonia, victim of Russian cyberattacks in 2007, who feared Russia could bring them to their knees electronically while the rest of NATO stood by. No more: ?We have decided that a cyber attack can trigger Article 5,? Stoltenberg told reporters in an end-of-day press conference. Declaring cyber a domain will mean NATO ?will coordinate and organize our efforts to protect against cyber attacks in more efficient and effective way. It also will help defend individual nations defend their networks.? The secretary general also said the alliance will work closely with the European Union on cyber defense and related issues. Given how intertwined domestic and military networks can be, that certainly makes sense. In other news, the Norwegian largely ignored a question about US presidential candidate Donald Tump?s attacks on the alliance, which he has called ?obsolete.? ?We have many other concerns than the US election, OK? I leave it to the voters of the United States to decide their who is going to be their next president,? Stoltenberg told a colleague. ?We have proven by our decision today that we are as relevant as ever and that we are capable of adapting to changes in the security environment.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 06:44:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 07:44:34 -0400 Subject: [Infowarrior] - Take that, FBI: Apple goes all in on encryption Message-ID: <9EE2D510-D11A-4886-A4F2-E4879A76BC8C@infowarrior.org> Take that, FBI: Apple goes all in on encryption Nathaniel Mott https://www.theguardian.com/technology/2016/jun/15/apple-fbi-file-encryption-wwdc Apple revealed a slew of new software features for iPhone, iPad, Apple Watch and desktop computers on Monday ? yet omitted an important new technology that will better protect customers? private data stored on Apple devices. Apple File System, or APFS, is a new version of the technology Apple?s products use to save and retrieve information, and improves the way information is organized and protected to make it faster and more secure. The new feature is just the latest move towards more widespread encryption in consumer technology products following Apple?s standoff with the FBI earlier in 2016, in which it refused to help the agency weaken its own security processes to access information on an iPhone belonging to a terrorist. Facebook and Google both pledged support for Apple during the fight, and both are subsequently reported to be planning encrypted versions of their messaging apps. WhatsApp went first, opting to fully encrypt all conversations by default. As part of the new system, developers building software for Apple?s devices will be able to opt for users? information to have no encryption, single-key encryption, or multi-key encryption ?with per-file keys for file data and a separate key for sensitive metadata? ? comparable to leaving a door unlocked, using one key, or using two keys. In its documentation of APFS, Apple explains that full disk encryption has been available on OS X since version 10.7 Lion. APFS differs in that it encrypts files individually rather than as a one unit, similar to other encryption mechanisms Apple introduced to its iOS platform in 2010. It also encrypts related metadata ? the basic summary attached to each file ? and will keen data secure even when the device has been physically hacked. Since its battle with the FBI, Apple has made a number of important changes to increase security and tighten encryption. Apple itself couldn?t decrypt information the agency demanded, but the company did have the keys to access information stored in the shooter?s iCloud account. The company is now reportedly considering a system that wouldn?t allow it to access iCloud data. Demonstrators display iPads with messages against FBI?s proposals to weaken data security on their screens, outside an Apple store in Boston in February 2016. Photograph: Steven Senne/AP Many of the features announced at WWDC expand security of user data, something Apple has been keen to promote as ?protecting user privacy?. Safeguards include running artificial intelligence on the device itself, rather thanin the cloud, and using a technology called ?differential privacy,? which anonymizes data Apple does collect from its customers. Those features focus on protecting data in transit, yet APFS is more like a bank vault on a device that secures information even if someone gains physical access to their computer, phone, tablet, watch or Apple TV. Apple declined to comment on the new feature. ACLU staff technologist Daniel Kahn Gillmor said that the expansion of AFPS is likely to have been prioritised after Apple?s spat with the FBI. ?Protecting the privacy of user data is one of the critical tasks of modern computing hardware and software. If Apple didn?t offer powerful encryption features for their filesystems, they?d be remiss.? When Amazon removed full-disk encryption from the Fire OS software used by its Kindle Fire tablets, one security analyst described how the company was ?chastised by the marketplace?. Encrypting data is resource-intensive, and Amazon had apparently decided to ditch encryption in favour of improving speed and memory. It later backtracked and reinstated encryption. Apple seems intent on avoiding similar controversy. Yet Gillmor says encryption should be switched on by default, rather than being optional, in newer versions of Apple?s macOS desktop software. ?Most people don?t deviate from the vendor-supplied defaults,? he says. Gillmor also cautions that APFS hasn?t been finalised and he isn?t sure Apple has any plans to make underlying code available for public scrutiny, a practice common among the security community. There are good reasons to care about the impact of APFS. Stronger encryption doesn?t just keep information from law enforcement agencies ? it also protects people from hackers who might try to grab their data by breaking into a device, whether by stealing it or by poking around a carelessly discarded hard drive. That might not be as exciting as the ability to finally remove the Stocks app from your home screen, but it?s still something. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 07:10:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 08:10:17 -0400 Subject: [Infowarrior] - Peter Thiel's gone nuts.... Message-ID: Now Peter Thiel?s Lawyer Wants to Silence Reporting on Trump?s Hair [Updated] http://gawker.com/now-peter-thiels-lawyer-wants-to-silence-reporting-on-t-1781918385 -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 07:37:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 08:37:22 -0400 Subject: [Infowarrior] - DoD plans to bring CAC cards to an end Message-ID: DoD plans to bring CAC cards to an end By Jason Miller | @jmillerWFED June 15, 2016 4:45 am The Common Access Card has driven the Defense Department?s cybersecurity posture for much of the past 15 years. But the end of the CAC card may be near. DoD Chief Information Officer Terry Halvorsen said June 14 that he plans to phase out the secure identity card over the next two years. ?We will not eliminate public-key infrastructure. We will not eliminate high security. But frankly, CAC cards are not agile enough to do what we want,? Halvorsen said at the FedForum 2016 sponsored by Brocade in Washington. ?We may still use them to get into a building or something, but we will not use them on our information systems. We will use true multi-factor that actually does a couple of things for me ? gets me more agile because there is an overhead for CAC cards, not just cost overhead, but a time overhead and in my business it?s a location overhead. It?s really hard to issue a CAC card when people are dropping mortar shells on you and you need to get into your systems. It just doesn?t work well.? Halvorsen said he?d like to move to a behavior-based approach for network authentication. ?If I structure it right, I could build the behavior pattern of that person?s identity. We can like it or not, but one of the best ways for me to check security is to see if their behavior pattern has deviated. That might not be you anymore,? he said. ?So we are looking at maybe, not giving an answer, but some of the things we are thinking about is some combination of behavioral, probably biometric and maybe some personal data information that is set for individuals. There are other thoughts like iris scans. All of those are doable today.? DoD began issuing CAC cards in 2001, and over the last 15 years the smart identity cards have become the de facto, governmentwide standard for network and system security access control. The Defense Manpower Data Center says it issued 2.8 million CAC cards last year to uniformed service members, civilian employees and contractors. Over the last 15 years, DoD has issued more than 20 million CAC cards. DoD has struggled over the last decade to find the best way to integrate the smart identity cards with mobile devices. But this was the first time a senior official has publicly said it?s time to move off the CAC cards for network access. Since DoD mandated logical access control in 2006, the Pentagon?s networks have been better protected against typical attacks by hackers, including phishing and other attempts to steal credentials. < -- > http://federalnewsradio.com/defense/2016/06/dod-plans-bring-cac-cards-end/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 15:00:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 16:00:08 -0400 Subject: [Infowarrior] - HPSCI chair lying to Congress about crypto backdoors Message-ID: <588D9EF4-0F1B-440B-AF34-140D05FA0C22@infowarrior.org> House Intel Boss, Rep. Devin Nunes, Lying To Congress About Attempt To Stop Encryption Backdoors There are some in Congress who apparently have no problem deceiving both their colleagues and the American public in the pursuit of making Americans less safe and putting our country, economy and infrastructure at risk. This time, it's House Intelligence Committee chair Rep. Devin Nunes, along with Rep. Lynn Westmoreland, who chairs the NSA subcommittee. They've been sending around a letter that blatantly misrepresents a proposal designed to better protect Americans' privacy and security. < - > This is no way to legislate. To blatantly mislead their Congressional colleagues in order to protect programs that harm Americans' privacy and security is a pretty cowardly approach to handling these issues. It's fine to debate the relative merits (or lack of merits) of the Section 702 program or other surveillance techniques, but flat out lying to colleagues to block an amendment that they've overwhelmingly supported for the past two years just seems... dishonest and sleazy. https://www.techdirt.com/articles/20160615/10302834720/house-intel-boss-rep-devin-nunes-lying-to-congress-about-attempt-to-stop-encryption-backdoors.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 15:01:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 16:01:57 -0400 Subject: [Infowarrior] - GAO Report: FBI Can Access Hundreds of Millions of Face Recognition Photos Message-ID: <26452FB5-8081-474A-8D06-6D55F89756D9@infowarrior.org> New Report: FBI Can Access Hundreds of Millions of Face Recognition Photos Today the federal Government Accountability Office (GAO) finally published its exhaustive report on the FBI?s face recognition capabilities. The takeaway: FBI has access to hundreds of millions more photos than we ever thought. And the Bureau has been hiding this fact from the public?in flagrant violation of federal law and agency policy?for years. According to the GAO Report, FBI?s Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to FBI?s Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, it also has access to the State Department?s Visa and Passport databases, the Defense Department?s biometric database, and the drivers license databases of at least 16 states. Totaling 411.9 million images, this is an unprecedented number of photographs, most of which are of Americans and foreigners who have committed no crimes. The FBI has done little to make sure that its search results (which the Bureau calls ?investigative leads?) do not include photos of innocent people, according to the report. The FBI has conducted only very limited testing to ensure the accuracy of NGI's face recognition capabilities. And it has not taken any steps to determine whether the face recognition systems of its external partners?states and other federal agencies?are sufficiently accurate to prevent innocent people from being identified as criminal suspects. As we know from previous research, face recognition is notoriously inaccurate across the board and may also misidentify African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively. https://www.eff.org/deeplinks/2016/06/fbi-can-search-400-million-face-recognition-photos -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 14:50:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 15:50:44 -0400 Subject: [Infowarrior] - Meeting of the Commission on Enhancing National Cybersecurity Message-ID: <4FAC7F04-D32A-42B3-B4A0-200A9272652A@infowarrior.org> Meeting of the Commission on Enhancing National Cybersecurity https://cltc.berkeley.edu/commission-meeting/ The Commission on Enhancing National Cybersecurity will meet Tuesday, June 21, 2016, from 8:30 a.m. until 5:00 p.m. Pacific Time at the University of California, Berkeley, at the Chevron Auditorium at the International House, 2299 Piedmont Ave, Berkeley CA 94720. The primary purpose of the meeting is to discuss the opportunities for and challenges to innovation and collaboration to strengthen cybersecurity in the digital economy. The meeting will support detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, local, tribal and territorial governments and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices. All sessions will be open to the public. RSVP here if you would like to attend this event. This event is part of the Department of Commerce?s work convening the Commission on Enhancing National Cybersecurity. The Commission is hosting five public meetings around the country to solicit input on various themes for their final report to the President later this year. The non-partisan Commission on Enhancing National Cybersecurity is made up of leading thinkers from business, technology, and academia. The Commission?s members are: ? Tom Donilon, former Assistant to the President and National Security Advisor (Chair) ? Sam Palmisano, former CEO, IBM (Vice Chair) ? General Keith Alexander, CEO, IronNet Cybersecurity; former Director, National Security Agency; and former Commander, U.S. Cyber Command ? Annie Ant?n, Professor and Chair, School of Interactive Computing at Georgia Tech ? Ajay Banga, President and CEO, MasterCard ? Steven Chabinsky, General Counsel and Chief Risk Officer, CrowdStrike ? Patrick Gallagher, Chancellor, University of Pittsburgh;former Director, National Institute of Standards and Technology ? Peter Lee, Corporate Vice President, Microsoft Research ? Herbert Lin, Senior Research Scholar for Cyber Policy and Security, Stanford Center for International Security and Cooperation; Research Fellow, Hoover Institution ? Heather Murren, former member, Financial Crisis Inquiry Commission; co-founder, Nevada Cancer Institute ? Joe Sullivan, Chief Security Officer, Uber; former Chief Security Officer, Facebook ? Maggie Wilderotter, Executive Chairman, Frontier Communications As described in an announcement from the White House, ?The Commission is tasked with making detailed recommendations on actions that can be taken over the next decade to enhance cybersecurity awareness and protections throughout the private sector and at all levels of Government, to protect privacy, to ensure public safety and economic and national security, and to empower Americans to take better control of their digital security.? RSVP here if you would like to attend this event. Agenda The agenda is expected to include: ? Introductions ? Panel discussions on addressing cybersecurity challenges to the digital economy ? Panel discussions on innovating and collaborating to secure the digital economy ? Conclusion The final agenda will be posted on http://www.nist.gov/cybercommission. Seating will be available for the public and media. RSVP here if you would like to attend this event, or use the button below. https://cltc.berkeley.edu/commission-meeting/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 11:05:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 12:05:47 -0400 Subject: [Infowarrior] - Europe Is About To Create A Link Tax Message-ID: Europe Is About To Create A Link Tax: Time To Speak Out Against It We've written plenty of times about ridiculous European plans to create a so-called "snippet tax" which is more officially referred to as "ancillary rights" (and is really just about creating a tax on Google). The basic concept is that some old school newspapers are so lazy and have so failed to adapt to the internet -- and so want to blame Google for their own failures -- that they want to tax any aggregator (e.g., Google) that links to their works with a snippet, that doesn't pay for the privilege of sending those publishers traffic. As you may remember, Germany has been pushing for such a thing for many, many years, and Austria has been exploring it as well. But perhaps the most attention grabbing move was the one in Spain, which not only included a snippet tax, but made it mandatory. That is, even if you wanted Google News to link to you for free, you couldn't get that. In response, Google took the nuclear option and shut down Google News in Spain. A study showed that this law has actually done much to harm Spanish publishers, but the EU pushes on, ridiculously. As discussed a year ago, some in the EU Commission are all for creating an EU-wide snippet tax, and as ridiculous and counterproductive as that is, the Commission is about to make a decision on it, and the public consultation on the issue is about to close (it ends tomorrow). Thankfully, many, many different groups have set up nice and easy systems to understand and respond to the consultation -- which you should do. Here are just a few options: < - > https://www.techdirt.com/articles/20160614/00545434700/europe-is-about-to-create-link-tax-time-to-speak-out-against-it.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 15 10:02:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jun 2016 11:02:58 -0400 Subject: [Infowarrior] - Americans Lose Confidence in TV News Message-ID: <8DFD4C93-BEEC-4B82-AED1-179C4611BEA6@infowarrior.org> Americans Lose Confidence in TV News By Mark Joyella on Jun. 15, 2016 - 10:26 AM1 Comment http://www.adweek.com/tvnewser/americans-lose-confidence-in-tv-news/296226 Americans have lost confidence in key institutions, with television news suffering significant losses?dropping 10 percent over the last decade to just 21 percent saying they have ?a great deal? or ?quite a lot? of confidence in the institution. The only institutions Americans have less confidence in than TV news were newspapers, big business and Congress. Only two institutions gained confidence over the same period, with the presidency gaining the most?up 3 percent. The research was done by Gallup, which surveyed 1,027 adults in all 50 states between June 1 and June 5. The margin of error is ?4 percentage points. ?Americans clearly lack confidence in the institutions that affect their daily lives: the schools responsible for educating the nation?s children; the houses of worship that are expected to provide spiritual guidance; the banks that are supposed to protect Americans? earnings; the U.S. Congress elected to represent the nation?s interests; and the news media that claims it exists to keep them informed,? the report?s summary says. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 16 16:25:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jun 2016 17:25:08 -0400 Subject: [Infowarrior] - House defeats privacy measure in wake of Orlando shootings Message-ID: <8592A2B6-A8F3-44F7-8C6C-5B908127B0AE@infowarrior.org> House defeats privacy measure in wake of Orlando shootings By Mason Adams http://www.politico.com/story/2016/06/house-encryption-amendment-blocked-224444 The House on Thursday blocked an amendment that opponents said would have taken away critical intelligence tools just four days after the worst mass shooting in U.S. history. The 198-222 vote is a blow for privacy advocates who have spent years building support for the amendment, which would have barred the government from forcing companies to weaken their encryption for law enforcement. The provision passed the House twice in 2014 and 2015 by wide margins, before being stripped each time during conferences with the Senate. But Sunday?s deadly assault in Orlando, in which suspected Islamic State supporter Omar Mateen shot and killed 49 people at a gay nightclub, caused a drastic erosion in support for the language. Opponents cited the attack as the main reason Congress couldn?t approve the amendment. ?This amendment prohibits the government from searching data already in its possession collected lawfully ? to determine whether Omar Mateen was in contact [with terrorists overseas],? said House Judiciary Committee Chairman Bob Goodlatte (R-Va.) during the extended debate over the fiscal 2017 defense appropriations bill. Investigators have said they?re trying to determine whether Mateen communicated with any terrorist groups at home or abroad ? a task that would be made more difficult if he used encryption to shield data on his phone or computer. Privacy advocates accused Goodlatte and other detractors of using ?fear tactics? to reduce support for what has been a widely supported House amendment for two years running. ?It?s unfortunate my colleagues would take advantage of that situation,? said Rep. Thomas Massie (R-Ky.), who co-sponsored the amendment with Rep. Zoe Lofgren (D-Calif.). The language ?does not take any tools away from those that want to investigate what happened in Orlando,? Massie insisted. Advocates argue that the provision merely prevents the NSA or the CIA from requiring anyone to alter their products to allow digital snooping. They say this would preserve the encryption that protects the nation?s power grid, air traffic control system and all smartphones. ?Our government should strengthen the technology,? Lofgren said, ?not take advantage of it.? ?The Massie-Lofgren amendment will make America safer,? she added. But national security-focused lawmakers worry that fully encrypted devices, such as the latest iPhones, and a growing array of encrypted apps are preventing authorities from reading digital communications even when they have a lawfully issued warrant. The dispute came to the fore following December?s mass shooting in San Bernardino, Calif., when the FBI took Apple to court in an attempt to force the tech giant to help the Bureau crack into an iPhone used by shooter Syed Rizwan Farook. The Justice Department dropped the San Bernardino case after the FBI said an unidentified third party helped it unlock Farook?s phone, leaving the larger legal question unresolved. The Manhattan district attorney?s office alone has said it has more than 270 iPhones that it?s been unable to crack. ?Sunday?s deadly attack proves once again that the terror threat has not dissipated,? Goodlatte said. ?Now is not the time to block a critical investigative tool.? Thursday?s vote represents a shift in congressional priorities since former government contractor Edward Snowden in 2013 revealed the extent of the government?s clandestine surveillance apparatus. In the wake of those disclosures, liberal Democrats and libertarian Republicans came together to press for surveillance reform. Eventually, the bipartisan coalition pushed through the USA Freedom Act, the first major rollback of the NSA?s spying authorities in a generation. The House also got the Massie-Lofgren amendment approved 293-123 in 2014 and 255-174 the next year as part of two annual spending bills. But following major terror attacks both at home ? in San Bernardino and Orlando ? and abroad ? in Paris and Brussels ? hawkish lawmakers have moved to retain or expand government surveillance authorities. Numerous hawkish lawmakers have introduced bills to either delay surveillance reforms or strengthen the government?s ability to collect data. A widely supported email privacy bill ? which would require law enforcement to seek a warrant before accessing stored email ? is even being held up in the Senate over an amendment that would let the FBI use national security letters to obtain email and Internet metadata. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 16 19:42:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jun 2016 20:42:09 -0400 Subject: [Infowarrior] - Experimental Firefox feature lets you use multiple identities while surfing the web Message-ID: <12520CFE-8F26-4E7B-AA51-FCDCCE28428F@infowarrior.org> Experimental Firefox feature lets you use multiple identities while surfing the web Posted 6 hours ago by Frederic Lardinois (@fredericl) https://techcrunch.com/2016/06/16/experimental-firefox-feature-lets-you-use-multiple-identities-while-surfing-the-web/ Mozilla?s Firefox browser is getting a new experimental feature today that aims to help you segregate your online identities and allow you to sign in into multiple mail or social media accounts side-by-side without having to use multiple browsers. This new ?container tab? feature, which is now available in the unstable Nightly Firefox release channel, provides you with four default identities (personal, work, shopping and banking) with their own stores for cookies, IndexedDB data store, local storage and caches. In practice, this means you can surf Amazon without ads for products you may have looked at following you around the web when you switch over to your work persona. As the Firefox team notes, the idea behind this feature isn?t new, but nobody has figured out how to best present this new tool to users. ?How will users know what context they are operating in?,? the team asks. ?What if the user makes a mistake and uses the wrong context; can the user recover? Can the browser assist by automatically assigning websites to Containers so that users don?t have to manage their identities by themselves? What heuristics would the browser use for such assignments?? Mozilla acknowledges that it doesn?t have the answers to this, but hopes that adding this feature to the Nightly releases will allow it to do more research and gather feedback. In its current implementation, Firefox lets you switch between the different personas and the highlights which one you are using in both the URL form and by presenting tabs in the respective colors of the persona that is using them. The different identities still share the same browsing history, bookmarks, saved password, search and form data, but as far as the sites you visit are concerned, there is no easy way to tie together simultaneous visits from different browser personas, even if they are coming from the same machine. ?This is because the site doesn?t have access to the user?s locally stored History,? Mozilla notes. ?We only segregate data that a site has access to, not data that the user has access to. The Containers feature was designed for a single user who has the need to portray themselves to the web in different ways depending on the context in which they are operating.? Mozilla notes that ad trackers could still fingerprint your browser (that is, use your IP address and the individual attributes of your browser and operating system to identify your device as you move between sites), even if you use different personas. ?Containers are meant to help you separate your identities and reduce naive tracking by things like cookies,? the team says and acknowledges that this feature can?t replace Tor Browser or similar tools. For the time being, this feature remains somewhat hidden and it?s too easy to forget what persona you are currently using and then unwittingly click on a bookmark related to another. It?d probably be good if you could also set different bookmarks for the different personas. That way, you?re less tempted to click on a news site when you are done with your banking or shopping session, for example. Still, simply being able to log into two Twitter accounts at the same time or being able to shop without ads then following you around for years without having to use an incognito browsing session is worth the price of admission. Firefox?s current implementation of profiles, after all, is somewhat clumsy and most users probably don?t even know this feature exists. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 17 06:28:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jun 2016 07:28:29 -0400 Subject: [Infowarrior] - OT: Goldman Sachs' email keyword list Message-ID: <245E3801-3C5B-4186-A4DD-20989C84E184@infowarrior.org> (Some NSFW wording appears.) You won't believe what gets an email flagged at Goldman: CNBC has the list Eamon Javers | @EamonJavers Thursday, 16 Jun 2016 | 7:00 AM ET http://www.cnbc.com/2016/06/15/you-wont-believe-what-gets-an-email-flagged-at-goldman-cnbc-has-the-list.html -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 17 09:42:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jun 2016 10:42:29 -0400 Subject: [Infowarrior] - BS: Non-US encryption is 'theoretical, ' claims CIA chief in backdoor debate Message-ID: Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate 17 Jun 2016 at 00:36 http://www.theregister.co.uk/2016/06/17/non_us_encryption_is_theoretical_claims_cia/ CIA director John Brennan told US senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use US-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical." Thus, the choice is American-built-and-backdoored or nothing, apparently. The spymaster made the remarks at a congressional hearing on Thursday after Senator Ron Wyden (D-OR) questioned the CIA's support for weakening cryptography to allow g-men to peek at people's private communications and data. Brennan said this was needed to counter the ability of terrorists to coordinate their actions using encrypted communications. The director denied that forcing American companies to backdoor their security systems would cause any commercial problems. "US companies dominate the international market as far as encryption technologies that are available through these various apps, and I think we will continue to dominate them," Brennan said. "So although you are right that there's the theoretical ability of foreign companies to have those encryption capabilities available to others, I do believe that this country and its private sector are integral to addressing these issues." We don't think the CIA man has been paying attention, to put it generously. A study in February found there are 865 encryption products in use around the world supplied by developers in 55 countries. About a third of these packages came from the US, with Germany, the UK and Canada the next biggest suppliers. Nevertheless, Brennan is right that the bulk of commercial encryption products in use by enterprises are supplied by American firms. The word he missed is "now." If US firms are mandated to install backdoors, sales of encryption products are going to change very quickly. Very few overseas companies are going to buy a broken encryption system that can be read by US intelligence, and a fair few US companies aren't going to be wild about doing so either. "It is clearly inaccurate to say that foreign encryption is a 'theoretical' capability," said Senator Wyden. "Requiring companies to build backdoors in their products to weaken strong encryption will put the personal safety of Americans at risk at a dangerous time and ? I want to make this clear ? I will fight such a policy with everything I have." Interestingly, Brennan didn't mention legislation proposed by Senators Richard Burr (R?NC) and Dianne Feinstein (D?CA) which would mandate backdoors. The proposed bill has little support and instead Brennan indicated he supported an alternative legislative push. Instead, Brennan spoke supportively of a bill introduced by Senators Mark Warner (D-VA) and House Committee on Homeland Security Chairman Michael McCaul (R-TX) which would set up a congressional committee to explore the encryption issue. Not that we should be worried about the CIA snooping, Brennan said. In the past three weeks, the CIA has appointed a privacy and civil liberties officer as a full member of senior staff. The person will review all CIA activities to ensure they are legal, Brennan said. So that's all right then. ? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Jun 17 15:14:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jun 2016 16:14:54 -0400 Subject: [Infowarrior] - Ex-White House Officials Criticize Vague Rules Around Disclosure of Hacking Tools Message-ID: Ex-White House Officials Criticize Vague Rules Around Disclosure of Hacking Tools Jenna McLaughlin June 17 2016, 3:55 p.m. https://theintercept.com/2016/06/17/ex-white-house-officials-criticize-vague-rules-around-disclosure-of-hacking-tools/ When U.S. government officials discover a new vulnerability they can use to hack into people?s computers, they have a decision to make: Should they keep it to themselves? Or should they warn the world? Exactly how they make that decision is a mystery. Now, two top former White House cybersecurity officials are recommending in a report that the administration be more transparent about how it deals with those vulnerabilities when it discovers them or buys tools to exploit them from the private sector. ?The principles guiding these decisions, as well as a high-level map of the process that will be used to make such decisions, can and should be public,? wrote Ari Schwartz and Robert Knake in a new report for Harvard?s Belfer Center for Science and International Affairs. Members of the Intelligence Community have an obvious incentive to hold on to undiscovered cyber flaws so they can keep using them to hack their targets. But failing to tell a company about a flaw in its product ? so it can be fixed, puts users at risk from other hackers. The White House?s continued refusal to explain how it balances the priorities of intelligence versus cybersecurity for Americans is leading to a lack of public trust, the authors suggest. In 2015, White House officials begrudgingly released heavily redacted guidelines for disclosing cyber threats, which they call the Vulnerabilities Equities Process, to the Electronic Frontier Foundation. They also issued a vague White House blog post. But as the public becomes more aware of the government?s ability to go on the technological offensive?hacking against adversaries?consumer advocates are asking how that capability is regulated. The FBI?s very public battle with Apple earlier this year ended when the Bureau bought a software vulnerability that gave it access to the San Bernardino killer?s iPhone. But the Bureau didn?t disclose any details about the vulnerability, leading to questions about whether the government?s process is really weighted towards disclosure, as officials have insisted in the past. At a privacy conference in April, I asked FBI general counsel Jim Baker whether or not the Vulnerabilities Equities Process protects those software exploits the government doesn?t necessarily ?discover,? but purchases. The redacted description of the Vulnerabilities Equities process says that vulnerabilities ?identified? though government sponsored research or purchased by the government through a third party ?need not be put through the process.? It?s a pretty big red flag suggesting anything bought won?t be disclosed. ?It?s a legitimate thing to ask about,? Baker said. ?Maybe we need to do a better job of articulating that to the public, especially in light of this current discussion. Let me take that back.? I later asked his office for an answer, but was directed to the White House. Mark Stroh, deputy spokesperson for the National Security Council, wrote me that he would ?decline comment on the specifics of any alleged internal documents.? In the Harvard report, Schwartz and Knake include specific recommendations like prohibiting the government from signing a nondisclosure agreement when it purchases an exploit from a third party. They also recommend President Obama issue an executive order ?to formalize? the process. Right now, the Vulnerabilities Equities Process is more of a general set of guidelines without much legal weight. They suggest the government should make the process public, and should provide a system for oversight and review, as well as produce an annual report. They also questioned the role of the NSA in decisionmaking, because the inherent conflict between its two missions ? to protect cybersecurity and gather intelligence ? ?throws into question whether [it] can serve as a neutral manager of the process.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Jun 18 13:50:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jun 2016 14:50:09 -0400 Subject: [Infowarrior] - (Innovative) IEX Group Gains Approval for Stock Exchange Message-ID: <9ED9DFD7-80D0-4A4A-AB2B-A70E824B6374@infowarrior.org> IEX Group Gains Approval for Stock Exchange By NATHANIEL POPPERJUNE 17, 2016 http://www.nytimes.com/2016/06/18/business/dealbook/iex-group-gains-approval-for-stock-exchange.html After months of delays and a brutal lobbying battle that divided Wall Street, the IEX Group won approval on Friday from the Securities and Exchange Commission to become the nation?s 13th official stock exchange. IEX is run by the people at the center of the Michael Lewis book, ?Flash Boys: A Wall Street Revolt,? which profiles the early efforts of the IEX team to create a trading exchange that would be somewhat shielded from high-frequency traders. Other exchanges and trading firms had urged the S.E.C. to reject the IEX application to become an exchange. Opponents of IEX, including the other stock exchanges, have argued that the structure of the new exchange will add unnecessary new complexities into an already complex stock market, and potentially end up hurting small investors. But the three S.E.C. commissioners all voted on Friday to approve the IEX exchange, with one commissioner, Michael S. Piwowar, a Republican, dissenting on a few points. ?Today?s actions promote competition and innovation, which our equity markets depend on to continue to deliver robust, efficient service to both retail and institutional investors,? Mary Jo White, the S.E.C. chairwoman, said in a statement. The most novel and controversial feature of the IEX exchange is a so-called speed bump that would slow down trading slightly to throw off traders that rely only on speed. The speed bump slows trades down by only 350 microseconds ? or millionths of a second ? but that is an eternity in a stock exchange universe in which computers can buy and sell stocks in nanoseconds ? or billionths of a second. The Nasdaq, and other existing exchanges, have said that the IEX?s speed bump would violate rules mandating that exchanges make their prices available to all parties at the same time. IEX?s critics have also said that the speed bump could add new complications into a stock market infrastructure that is already criticized for its complexity. In a statement, the S.E.C. said that the commissioners ?determined that a small delay will not prevent investors from accessing stock prices in a fair and efficient manner.? The S.E.C. did say, though, that within two years it will do a study to examine whether the delays lead to problems in the markets. If nothing else, the approval of the exchange will provide an opportunity to test the many competing theories about what impact the IEX?s speed bump will have on the pattern of trading. The IEX has been a flash point in the broader debate over technological changes that have altered the basic functioning of the American stock markets over the last two decades. IEX won support ? and financial backing ? from several large mutual fund companies, which said that the exchange would help them trade more cheaply and efficiently, as well as from hundreds of small investors, many of whom read ?Flash Boys? and wrote in to the S.E.C. Brad Katsuyama, the chief executive of IEX, said on Friday night that the company was ?grateful and humbled by the support we?ve received from the investor community, without it, we may have faced a different result.? In addition to the speed bump, the IEX has said it will not offer the same fees or rebates that other exchanges do to attract traders, a common practice at other exchanges that has been criticized for distorting trading incentives. The IEX also offers fewer complicated ways to enter trades than other exchanges, in an effort to simplify trading. Mr. Katsuyama has argued throughout the application process that IEX would provide a market-based solution to the problems created by high frequency trading rather than requiring the S.E.C. to change the rules governing the markets. The other exchanges have complained that the IEX was essentially asking to be exempt from rules that governed them. In a letter written in May, Nasdaq?s lawyers suggested that the S.E.C. could face a lawsuit if it approved the IEX application. A spokesman for Nasdaq said on Friday that the exchange company had no comment on the S.E.C.?s decision. Larry Tabb, a market analyst with the Tabb Group, said the IEX speed bump could end up benefiting more sophisticated traders, like high frequency traders, who can find ways to take advantage of the small delays. ?It hurts the broad middle who may not have access to the best tools,? Mr. Tabb said. The hedge fund and trading firm Citadel has been one of the most outspoken critics of the IEX application. On Friday, a spokeswoman for Citadel said that the S.E.C.?s decision ?will test and potentially reverse the gains in fairness, efficiency and transparency that have been made to our markets over the last decade. We must be vigilant to identify unintended consequences.? Another relatively new American stock exchange company, BATS Global Markets, initially supported the IEX application, but earlier this year withdrew its support, pointing to ?gross omissions of fact? by IEX. BATS wrote that the problems ?call into question the applicant?s professional judgment.? On Friday, a BATS spokesman, Randy Williams, said that the company ?congratulates IEX and appreciates the significant changes they made to their application to address industry concerns.? IEX has already been operating as a private trading pool and has recently been attracting about 1.6 percent of all daily trading volume. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jun 19 13:44:52 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Jun 2016 14:44:52 -0400 Subject: [Infowarrior] - Judge Blocks Seattle From Disclosing FBI Surveillance Info Message-ID: <1D6FD4E5-1125-4222-A9DD-6276A3482A59@infowarrior.org> Judge Blocks Seattle From Disclosing FBI Surveillance Info By gene johnson, associated press SEATTLE ? Jun 13, 2016, 8:38 PM ET http://abcnews.go.com/US/wireStory/feds-sue-seattle-block-disclosures-fbi-surveillance-39830053 A federal judge on Monday blocked Seattle from releasing information about surveillance cameras the FBI has placed in the city, after the agency said the disclosure could jeopardize ongoing investigations. U.S. District Judge Richard Jones issued the temporary restraining order after the Justice Department sued, seeking to prevent officials from releasing documents about where the FBI has placed hidden surveillance cameras on utility poles. The city had already released some documents, and the Justice Department said it filed the lawsuit to prevent further disclosures. The city said it had planned to release the information pursuant to public records requests by news reporters and a privacy activist. The state Public Records Act typically exempts "specific intelligence information" from disclosure if its release would compromise effective law enforcement. Kimberly Mills, a spokeswoman for the City Attorney's Office, said she had no information about why city lawyers deemed the documents public, but that the city would abide by the federal court's decision on whether they should be released. She knew of six cameras at issue, Mills said. The Justice Department said that if the locations of the cameras are made public, the information could tip off investigation subjects that they are being monitored. The FBI had provided information about its use of the cameras to the city's public utility, Seattle City Light, since 2013 under a promise of confidentiality, but only to prevent the cameras from being removed or destroyed by utility workers, the Justice Department said. The FBI has ceased sharing that information with the utility because of possibility the city will make the information public, the Justice Department wrote. "The FBI's use of the pole camera technique is a powerful tool in FBI investigations of criminal violations and national security threats," the Justice Department's lawsuit said. "Disclosure of even minor details about them may cause jeopardy to important federal interests because, much like a jigsaw puzzle, each detail may aid adversaries in piecing together information about the capabilities, limitations, and circumstances of (the) equipment's use, and would allow law enforcement subjects, or national security adversaries, to accumulate information and draw conclusions about the FBI's use of this technology, in order to evade effective, lawful investigation by the FBI." Seattle is a liberal bastion with a long history of concerns about government surveillance. A city law passed in the 1970s barred police from collecting information about people based on their political views or exercise of constitutional rights. In 2013, after the Seattle Police Department prompted an outcry by acquiring two drones, the City Council unanimously passed an ordinance requiring any city department intending to acquire surveillance equipment to get council approval first. The police department returned its two drones to the company that sold them. But even that law has an exception that allows agencies to temporarily acquire or use surveillance equipment for a criminal investigation supported by reasonable suspicion, with a search warrant or under emergency circumstances. Phil Mocek, a privacy activist who filed records requests for information about the pole cameras, said he was concerned that Seattle City Light may have attempted to sidestep that law. Emails he received earlier suggested that Seattle police and other local and federal agencies were aware that City Light was cooperating with federal agencies, he said. "It appears a security manager at Seattle City Light has been running a rogue surveillance camera scheme, allowing federal agencies to install surveillance cameras and personally maintaining an inventory of those cameras," Mocek said. "If that's what's happening, the public should know about it." A spokesman for City Light directed questions to the City Attorney's Office. In issuing the restraining order Monday, the judge said the Justice Department had shown a strong likelihood of winning its case. The release of the documents appeared to be prohibited by the state's Public Records Act, the FBI's confidentiality agreement with the city and federal law enforcement privileges. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Jun 19 14:01:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Jun 2016 15:01:35 -0400 Subject: [Infowarrior] - W3C DRM working group chairman vetoes work on protecting security researchers and competition Message-ID: W3C DRM working group chairman vetoes work on protecting security researchers and competition Cory Doctorow / 7:18 pm Sat Jun 18, 2016 http://boingboing.net/2016/06/18/w3c-drm-working-group-chairman.html -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 20 07:13:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jun 2016 08:13:23 -0400 Subject: [Infowarrior] - Blockchain 'smart contracts' to disrupt lawyers Message-ID: <20DD2336-265F-40BB-B2E2-8D94AF69AD79@infowarrior.org> afr.com Blockchain 'smart contracts' to disrupt lawyers 1 hr ago Among the blockchain cognoscenti, everyone is talking about Ethereum. A rival blockchain and virtual currency to bitcoin, Ethereum allows for the programming of "smart contracts", or computer code which facilitates or enforces a set of rules. Ethereum was first described by the programmer Vitalik Buterin in late 2013; the first full public version of the platform was released in February. Commercial lawyers are watching the arrival of Ethereum closely given the potential for smart contracts in the future to disintermediate their highly lucrative role in drafting and exchanging paper contracts. Smart contracts are currently being used to digitise business rules, but may soon move to codify legal agreements. The innovation has been made possible because Ethereum provides developers with a more liberal "scripting language" than bitcoin. This is allowing companies to create their own private blockchains and build applications. Already, apps for music distribution, sports betting and a new type of financial auditing are being tested. Some of the world's largest technology companies, from Microsoft to IBM, are lining up to work with Ethereum, while the R3 CEV banking consortium has also been trialling its technology as it tests blockchain-style applications for the banking industry including trading commercial paper. Banks are interested in blockchain because distributed ledgers can remove intermediaries and speed up transactions, thereby reducing costs. But if banks move business to blockchains in the future, financial services lawyers will need to begin re-drafting into digital form the banking contracts that underpin the capital markets. The global director of IBM Blockchain Labs, Nitin Gaur, who was in Sydney last week, says he is a "huge fan" of Ethereum, pointing to its "rich ecosystem of developers". He predicts law to be among the industries disrupted by the technology. < - > http://www.afr.com/technology/blockchain-smart-contracts-to-disrupt-lawyers-20160529-gp6f5e -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 20 07:15:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jun 2016 08:15:10 -0400 Subject: [Infowarrior] - Tor Is Teaming Up With Researchers To Protect Users From FBI Hacking Message-ID: Tor Is Teaming Up With Researchers To Protect Users From FBI Hacking June 19, 2016 // 03:28 PM EST http://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 20 13:28:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jun 2016 14:28:29 -0400 Subject: [Infowarrior] - =?utf-8?q?DOJ_Thinks_Releasing_Omar_Mateen?= =?utf-8?q?=E2=80=99s_ISIS_Allegiance_Claims_It_Released_Last_Week_Will_Re?= =?utf-8?q?victimize_the_Victims?= Message-ID: <8CBB678A-1883-42BC-B0E4-88C32684B741@infowarrior.org> DOJ Thinks Releasing Omar Mateen?s ISIS Allegiance Claims It Released Last Week Will Revictimize the Victims https://www.emptywheel.net/2016/06/19/doj-now-thinks-releasing-omar-mateens-isis-allegiance-will-revictimize-the-victims-it-apparently-already-victimized/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 20 14:25:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jun 2016 15:25:35 -0400 Subject: [Infowarrior] - Supreme Court Knocks A Little More Off The 4th Amendment; Gives Cops Another Way To Salvage Illegal Searches Message-ID: <02FE9514-2141-4A84-B7F4-BFE90036B32C@infowarrior.org> Supreme Court Knocks A Little More Off The 4th Amendment; Gives Cops Another Way To Salvage Illegal Searches https://www.techdirt.com/articles/20160620/08435234763/supreme-court-knocks-little-more-off-4th-amendment-gives-cops-another-way-to-salvage-illegal-searches.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 20 20:08:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jun 2016 21:08:46 -0400 Subject: [Infowarrior] - Smartphone Users Are Paying for Their Own Surveillance Message-ID: <83346BA8-E7CC-442A-B536-61AAE0046757@infowarrior.org> truth-out.org Smartphone Users Are Paying for Their Own Surveillance Bill Blunden http://www.truth-out.org/news/item/36492-smartphone-users-are-paying-for-their-own-surveillance In the movie Sneakers, a motley gang of security experts chase after a little black box that can crack any form of encryption. Though the idea of a digital skeleton key may seem like the stuff of Hollywood thrillers, there are researchers at the University of Michigan who've recently created just that. They've built a stealthy hardware back door that can be inserted into the blueprints of a computer chip to give intruders complete access to a system after executing an obscure series of commands. Consider the implications: This kind of low-level attack is extremely difficult to detect and even more challenging to defend against. If a small group of university professors can successfully cook up their own little black box, imagine what an intelligence service with federal backing can do. William Binney, the National Security Agency's (NSA) former technical leader for intelligence, claims that with the NSA's budget of over $10 billion a year, "they have more resources to acquire your data than you can ever hope to defend against." But it's not just the government that's watching us. IBM recently filed a patent for "monitoring individuals using distributed data sources," a stark reminder that much of what people do with their mobile devices is scooped up and stored in corporate data silos for later analysis. It's an inconvenient fact that Silicon Valley prefers to drown out with marketing pitches. A Misplaced Faith in Markets Thanks to whistleblower Edward Snowden, we know that NSA spies think of smartphone users as "zombies" who pay for their own surveillance. Hence, in the aftermath of the Snowden revelations, corporate leaders in Silicon Valley have focused intently on linking technical innovation with cybersecurity. It's an approach that aligns the average user's desire for better privacy with the business interests of large tech companies. NSA spies think of smartphone users as "zombies" who pay for their own surveillance. The basic narrative is fairly straightforward: To protect oneself against prying eyes, simply get the latest mobile gadget. Ostensibly, even the FBI will be hard-pressed to access its data. But how, exactly, is the public supposed to believe that clandestine agreements between intelligence directors and CEOs are strictly a thing of the past? Glenn Greenwald asserts that market incentives will take care of this problem. In a recent interview, he explained that, "consumers are now demanding that privacy be safeguarded and refusing to use companies that won't do that." Can market forces really save us? Those who recall what happened in 2008 have their doubts. There is evidence that suggests that Greenwald's faith in Silicon Valley and the marketplace is misplaced. The public record reveals that US intelligence services, with plenty of help from the tech industry, succeeded in making commercial products "exploitable" as part of "an aggressive, multi-pronged effort to break widely used internet encryption technologies." The campaign to secretly alter technology has been going on for a long time. For instance, more than two decades ago, an anonymous source in the CIA disclosed that spies were actively tampering with chips used in weapons systems bought by other countries. The more adamantly vendors offer assurances about protection, the more skeptical people should become. If the past is any guide, the more adamantly vendors offer assurances about protection, the more skeptical people should become. Recall how bold public displays of rebellion in the early 1990s were staged on behalf of shareholder value while the executives colluded secretly with spies behind closed doors. There are reasons for this collusion. Major corporate players recognize the role that intelligence services play in terms of opening up markets and providing access to global resources. Extreme pressure can be placed on those who don't fall into line. World leaders who fall out of favor with the US establishment have sometimes been forced into "early retirement" by covert operations. Entire countries have been lit on fire through US-sponsored destabilization. US policy makers send an unspoken message conveyed through raw force: "Don't forget who owns all of those megaton nuclear intercontinental ballistic missiles." Lower-Tech Devices Are More Secure Genuine security is the result of a disciplined process. It arises from a set of policies and standards that are carefully implemented and maintained, not a gadget that's purchased off the shelf. Moreover, higher levels of security often entail sacrificing convenience and connectivity in the name of confidentiality. The Russian Federal Guard Service, for instance, has switched over to typewriters in light of the NSA's apparent mastery of computer espionage. German intelligence services have considered doing likewise. There's definitely something to be said for old school methods. They worked just fine pre-internet and they can still work. In fact, old school tradecraft may turn out to be the Achilles heel for security services as they've become heavily reliant on signal intelligence to function. It's a numbers game. Think about it: Gathering human intelligence is resource-intensive and introduces any number of additional risks. FBI agents have estimated that tailing a single suspect around the clock can require somewhere in the neighborhood of 30 to 40 operatives. For security services, this puts a modest upper bound on the number of 24x7 surveillance operations, something like a few dozen targets. Compounding this issue, taking away sources of data can rob spies of their signal intelligence advantage. It forces them to employ black bag groups like the CIA's Special Collection Service, which are so expensive that they're primarily focused on a tiny set of high priority targets. Even if a phone call is encrypted, the very act of making a call provides a wealth of data to spies. In this sense, non-smartphones can be viewed as superior to smartphones as they generate a smaller data footprint. Going a step further, a pager can be viewed as superior to a non-smartphone because communication on the user's end is further constrained, as well as not anchored to a particular phone line. Unfortunately, there are still effective countermeasures to be concerned about, like voice recognition software, radio tower spoofing (e.g. "stingrays") and the steady proliferation of telescreens throughout urban areas. Even if a phone call is encrypted, the very act of making a call provides a wealth of data to spies. The metadata is the message, my friends. Some operators have responded by deploying small sets of phones that only call each other, establishing a closed circuit of cellphones. In the extreme case, there are only two phones talking to each other, a practice that's known as "mirroring." The downside of this approach is that it's conspicuous. Any intelligence agency sorting through aggregated phone records will easily spot a closed circuit and presumably take interest. Perhaps, in certain cases, the best solution is to follow the lead of Russian spymasters and simply opt out. The threat of centralized monitoring explains why larger groups, which have access to the necessary resources, have gone out-of-band. They've developed their own dispersed communication networks built on top of their own dedicated physical infrastructure. Granted, while this strategy isn't perfect, it does drive up the cost of interception and analysis. For example, the Los Zetas cartel in Mexico developed an encrypted radio network. Likewise, the Hezbollah militia in Lebanon went so far as to set up its own fiber optic network that reached across the country. Given the NSA's widespread technical mastery, safeguarding oneself against surveillance may entail swallowing a bitter pill. One must face the prospect that technology is more often a tool of control rather than an antidote against surveillance, despite what the executives in Silicon Valley tell you. And perhaps, in certain cases, the best solution is to follow the lead of Russian spymasters and simply opt out. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 21 06:41:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jun 2016 07:41:56 -0400 Subject: [Infowarrior] - Proposals to curb online speech viewed as threat to open internet Message-ID: <47FF75F5-AE7A-482B-9025-8CAE372F6033@infowarrior.org> Proposals to curb online speech viewed as threat to open internet Tuesday, June 21, 2016 5:14 a.m. CDT By Yasmeen Abutaleb and Alastair Sharp http://kfgo.com/news/articles/2016/jun/21/proposals-to-curb-online-speech-viewed-as-threat-to-open-internet/ SAN FRANCISCO/ TORONTO (Reuters) - At least a dozen countries are considering or have enacted laws restricting online speech, a trend that is alarming policymakers and others who see the internet as a valuable medium for debate and expression. Such curbs are called out as a threat to the open internet in a report on internet governance set to be released today at an Organization for Economic Cooperation and Development meeting in Cancun, Mexico. The report, reviewed by Reuters, warns of dangers for the global internet, including intrusive surveillance, rising cybercrime and fragmentation as governments exert control of online content. It was prepared by the London-based Chatham House think tank and the Centre for International Governance Innovation, founded by former BlackBerry Ltd co-chief Jim Balsillie. China and Iran long have restricted online speech. Now limitations are under discussion in countries that have had a more open approach to speech, including Brazil, Malaysia, Pakistan, Bolivia, Kenya and Nigeria. Advocates said some of the proposals would criminalize conversations online that otherwise would be protected under the countries' constitutions. Some use broad language to outlaw online postings that "disturb the public order" or "convey false statements" - formulations that could enable crackdowns on political speech, critics said. "Free expression is one of the foundational elements of the internet," said Michael Chertoff, former U.S. secretary of Homeland Security and a co-author of the internet governance report. "It shouldn't be protecting the political interests of the ruling party or something of that sort." Turkey and Thailand also have cracked down on online speech, and a number of developing world countries have unplugged social media sites altogether during elections and other sensitive moments. In the U.S. as well, some have called for restrictions on Internet communications. Speech limitations create business and ethical conflicts for companies like Facebook Inc, Twitter Inc and Alphabet Inc's Google, platforms for debate and political organizing. "This is the next evolution of political suppression," said Richard Forno, assistant director of the University of Maryland, Baltimore County Center for Cybersecurity. "Technology facilitates freedom of expression, and politicians don't like that." "FIGHTING DELINQUENCY" Tanzania and Ethiopia have passed laws restricting online speech. In others, including Pakistan, Brazil, Bolivia and Kenya, proposals are under discussion or under legislative consideration, according to a review of laws by Reuters and reports by Internet activist groups. In Bolivia, President Evo Morales earlier this year said that the country needs to "regulate the social networks." A bill has been drafted and is ready for introduction in the legislature, said Leonardo Loza, head of one of Bolivia's coca growers unions, a supporter of the proposal. "It is aimed at educating and disciplining people, particularly young Bolivians, and fighting delinquency on social networks," Loza said. "Freedom of expression can't be lying to the people or insulting citizens and politicians." A bill in Pakistan would allow the government to block internet content to protect the "integrity, security or defense" of the state. The legislation, which has passed a vote in Pakistan's lower house of parliament, is supposed to target terrorism, but critics said the language is broad. It comes after Pakistan blocked YouTube in 2012 when a video it deemed inflammatory sparked protests across the country and much of the Muslim world. Earlier this year, YouTube, which is owned by Google, agreed to launch a local version of its site in the country. But now, the internet report said, the Pakistan Telecommunications Authority can ask the company to remove any material it finds offensive. COMPANIES IN THE CROSSFIRE U.S. internet companies have faced mounting pressure in recent years to restrict content. Companies' terms of service lay out what users can and cannot post, and they said they apply a single standard globally. They aim to comply with local laws, but often confront demands to remove even legal content. The new laws threaten to raise a whole new set of compliance and enforcement issues. "There's a technical question, which is, could you comply if you wanted to, and then the bigger meta question is why would you want to cooperate with this politicized drive to suppress freedom of expression," said Andrew McLaughlin, Google's former director of global policy and now leading content organization at Medium. Facebook, Twitter and Google declined to comment for this story. (Reporting By Yasmeen Abutaleb and Alastair Sharp; Additional reporting by Daniel Ramos in La Paz, Bolivia; Editing by Jonathan Weber and Lisa Girion) -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 21 07:01:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jun 2016 08:01:28 -0400 Subject: [Infowarrior] - Baltimore PD nuttery over camera footage Message-ID: Baltimore Transit Officials Won't Release Footage Of Freddie Gray Protests Because Everything Is Always About 'Terrorism' https://www.techdirt.com/articles/20160619/19122834750/baltimore-transit-officials-wont-release-footage-freddie-gray-protests-because-everything-is-always-about-terrorism.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 21 07:38:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jun 2016 08:38:10 -0400 Subject: [Infowarrior] - McConnell pushes measure to expand surveillance tools Message-ID: (note this is done "late [on Monday] evening" -- as with many such ideas over the years, snuck in under the guise of darkness. --- rick) McConnell pushes measure to expand surveillance tools By Julian Hattem - 06/20/16 10:02 PM EDT http://thehill.com/policy/national-security/284209-mcconnell-pushes-measure-to-expand-surveillance-tools Senate Majority Leader Mitch McConnell is pushing for an expansion of federal surveillance powers by introducing an amendment to an annual funding bill late on Monday evening. The proposal from the Kentucky Republican would allow the FBI to use tools known as ?national security letters? to obtain people?s internet browsing history and other information without a warrant in the course of terrorism and federal intelligence investigations. It would also permanently extend a provision of the Patriot Act that was renewed until 2019 last summer, which is meant to monitor ?lone wolf? extremists who are not known to have any ties to a recognized foreign terrorist group. Both measures have been criticized by privacy and civil liberties advocates, who have fought the proposals on multiple fronts in recent months. Critics claim that giving the FBI additional powers would violate Americans? privacy rights, and they note that the lone wolf provision of the Patriot Act has never been used. But the FBI had advocated vigorously for the ability to collect people?s browsing history and other electronic data, which it has characterized as closing a loophole in current law. ?There is essentially a typo in the law that was passed a number of years ago that requires us to get records ? ordinary transaction records that we can get in most contexts with a non-court order, because it doesn?t involve content of any kind ? to go to the [Foreign Intelligence Surveillance Act] Court to get a court order to get these records,? FBI Director James Comey told the Senate Judiciary Committee last year. ?It would save us a tremendous amount of work hours if we could fix that, without any compromise to anyone?s civil liberties or civil rights.? The measure would not allow the government to obtain the content of people?s communications or read their webpages without a warrant. The powers would only apply to so-called metadata, including the list of websites they visit and internet protocol addresses. A procedural vote on the measure, which McConnell is trying to attach to a bill funding the Commerce and Justice Departments, among other areas, is expected on Wednesday. Senate lawmakers have tried to attach similar measures to an annual intelligence policy bill and legislation updating a 1986 email privacy law. Controversy over the amendment to the email privacy law has temporarily stymied the legislation, which passed unanimously through the House in April. ? Jordain Carney contributed -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 21 13:48:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jun 2016 14:48:37 -0400 Subject: [Infowarrior] - Seeing Opportunity, Congress Tries To Rush Through Its Plan To Legalize FBI Abuses Citing 'Orlando!' Message-ID: Seeing Opportunity, Congress Tries To Rush Through Its Plan To Legalize FBI Abuses Citing 'Orlando!' https://www.techdirt.com/articles/20160621/06502334769/seeing-opportunity-congress-tries-to-rush-through-plan-to-legalize-fbi-abuses-citing-orlando.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 22 06:38:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jun 2016 07:38:14 -0400 Subject: [Infowarrior] - Stop Rule 41 changes and FBI abuses of NSLs! Message-ID: <0F2634E1-C8EA-4E07-BFE7-CB71F2A665C5@infowarrior.org> June 21, 2016 | By Elliot Harmon We Made the Message Loud and Clear: Stop the Rule 41 Updates It's Not Too Late to Write to Congress About the Disastrous Rule Change https://www.eff.org/deeplinks/2016/06/we-made-message-loud-and-clear-stop-rule-41-updates What happens when you try to push a dangerous policy through without the Internet noticing? The Internet fights back. A few days ago, we warned of an impending rule change that would dramatically increase law enforcement?s authority to hack into computers. We encouraged people, organizations, and companies to add a special banner to their websites for one day, calling on Congress to stop the updates to Rule 41 of the Federal Rules of Criminal Procedure. Today, the Internet has come out in full force. Dozens of websites are running the ?Reject the Rule 41 Proposal? banner. Over 50 organizations and companies have joined EFF in signing a letter to Congress (PDF), including Tor, the Open Technology Institute, R Street Institute, DuckDuckGo, Google, PayPal, and many others. Most importantly, thousands of you have already spoken out to Congress, urging lawmakers to take action before it?s too late. Tell Congress: Stop the changes to Rule 41. If Congress does nothing, then the rule change will automatically go into effect on December 1, dramatically expanding law enforcement?s authority to hack computers both inside and outside the United States. A bipartisan group of senators has introduced the Stopping Mass Hacking Act (S. 2952), which will keep the rule change from taking effect. Sen. Ron Wyden, the bill?s sponsor, posted a video message on Twitter explaining why it?s essential that Congress pass the Stopping Mass Hacking Act. If the updates to Rule 41 take effect, this massive expansion of power will affect Internet users all over the world. If you haven?t already, we encourage you to write to Congress today or sign our petition if you live outside of the United States. Dozens of fellow users? rights organizations are also speaking out today against the Rule 41 changes. Here are just a few of them. ? Access Now: What is this ?Rule 41? and why am I hearing so much about it? ? ACLU: Take Action to Stop FBI Mass Hacking ? Demand Progress: The DOJ and FBI want permission to hack into computers all over the world. Only Congress can stop it. ? Government Accountability Project: GAP Joins Coalition to Oppose Changing ?Rule 41? to Safeguard Americans? Privacy Rights ? National Association of Criminal Defense Lawyers: Congress should stop government hacking and protect the Fourth Amendment ? Niskanen Center: A Day of Action in Opposition to Rule 41 ? Open Technology Institute: OTI Joins Over 45 Groups & Companies for Day of Action to Say No to Rule 41 Changes -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 22 06:47:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jun 2016 07:47:30 -0400 Subject: [Infowarrior] - Senate likely to pass FBI spying bill after Orlando shooting Message-ID: <55E8FE5D-A7CC-4A5B-A35C-EA3C31DD8558@infowarrior.org> reuters.com Senate likely to pass FBI spying bill after Orlando shooting By Dustin Volz http://www.reuters.com/article/us-cyber-fbi-emails-idUSKCN0Z8160 WASHINGTON The U.S. Senate on Wednesday is likely to pass a Republican-backed proposal to expand the Federal Bureau of Investigation's secretive surveillance powers after the mass shooting at an Orlando gay nightclub last week. The spying bill is the Republican response to the massacre after a push for gun-control measures sponsored by both major U.S. parties failed earlier this week. The legislation would broaden the type of telephone and internet records the FBI could request from companies like Alphabet Inc and Verizon without a warrant. The proposal met opposition from critics who said it threatened civil liberties and did little to improve national security. The bill, which the Obama administration has sought for years, ?will allow the FBI to collect the dots so they can connect the dots, and that?s been the biggest problem that they?ve had in identifying these homegrown, radicalized terrorists,?? Senator John Cornyn, the chamber?s No. 2 Republican, said Tuesday. The vote also represents a bi-partisan drift away from policy positions that favored digital privacy, which had taken hold in the three years since former National Security Agency contractor Edward Snowden revealed the breadth of government surveillance programs. The post-Snowden moves included the most substantial reforms to the U.S. intelligence community since the Sept. 11, 2001, attacks, and a refusal to heed the FBI?s call for laws that would undermine encryption. It is unclear if the House would pass the Senate proposal, given its alliance between libertarian-leaning Republicans and tech-friendly Democrats that has blocked past efforts to expand surveillance. The legislation before the Senate Wednesday, filed as an amendment to a criminal justice funding bill, would widen the FBI?s authority to use so-called National Security Letters, which do not require a warrant and whose very existence is usually a secret. Such letters can currently compel a company to hand over a user's phone billing records. Under the Senate's change they could demand electronic communications transaction records such as time stamps of emails and the emails' senders and recipients, in addition to some information about websites a person visits. The legislation would also make permanent a provision of the USA Patriot Act that allows the intelligence community to conduct surveillance on ?lone wolf? suspects who do not have confirmed ties to a foreign terrorist group. That provision, which the Justice Department said last year had never been used, is currently set to expire in December 2019. 'KNEE-JERK SOLUTIONS? Privacy groups and civil liberties advocates accused Republicans this week of exploiting the Orlando shooting to build support for unrelated legislation. Senator Ron Wyden, an Oregon Democrat, criticized Senate Republicans for ?pushing fake, knee-jerk solutions that will do nothing to prevent mass shootings or terrorist attacks.? Though Republicans invoked the Orlando shooting in support of the bill, FBI Director James Comey has said Mateen?s transactional records were fully reviewed by authorities who investigated him twice for possible extremist ties. Comey said there was ?no indication? Mateen belonged to any extremist group and that it was unlikely authorities could have done anything differently to prevent the attack. (Reporting by Dustin Volz; Editing by Jonathan Weber and Andrew Hay) -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 22 07:23:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jun 2016 08:23:26 -0400 Subject: [Infowarrior] - The Pentagon Is About to Launch A Big Database for Screening National Security Workers Message-ID: (c/o MM) The Pentagon Is About to Launch A Big Database for Screening National Security Workers By Aliya Sternstein June 21, 2016 http://www.defenseone.com/technology/2016/06/pentagon-about-launch-big-database-screening-national-security-workers/129256/ The new DISS will merge two tools as part of the effort to reform the security clearance process. The Pentagon next month is slated to launch one mega database for investigating the trustworthiness of personnel who could have access to federal facilities and computer systems. The Defense Information System for Security, or DISS, will consolidate two existing tools used for vetting employees and job applicants. The reboot represents a reform spawned by leaks of classified data and shootings on military bases, Defense Department officials say. DISS will provide ?a common, comprehensive medium to request, record, document and identify personnel security actions,? Aaron Siegel, alternate defense Federal Register liaison officer, said in a notification about the addition of the new system of records. An older background check-management tool, the Joint Personnel Adjudication System, will move into DISS and take on a different acronym JVS, or the Joint Verification System. The current Case Adjudication Tracking system, or CATS, which shares completed investigations with other agencies, also will sit inside the application bundle. The musical chairs is ?part of the effort to reform the security clearance process within the federal government,? according to the Defense Personnel and Security Research Center website. DISS will track decisions about an individual?s eligibility to handle classified materials and fitness for employment, as well as suitability to enter government buildings and computer networks, Siegel says. The system also will aid with the ?support of continuous evaluation and insider threat detection, prevention and mitigation activities,? he says. Continuous evaluation relies on automated data checks, rather than the traditional method of re-investigating employees every five years. If all goes according to plan, DISS should interface with a new, massive information-sharing hub designed to flag potential traitors and other ?insider threats.? Both systems are key to continuous evaluation. DISS is expected to ping the hub for threat monitoring, a practice that exploits, among other profiling techniques, cybervetting. The research center considers that term to mean checking blogs, social media sites, and other Internet-based sources. An agency or contractor that has hired a security-clearance holder can keep an eye on the employee?s activities using DISS, Siegel explains in the notification. The White House also can take a peek to assess potential administration appointees. In addition, U.S. Citizenship and Immigration Services can look inside for ?use in alien admission and naturalization inquiries,? Siegel says. And records in the database can be searched during authorized counterintelligence activities to enforce laws that protect U.S. national security. DISS is expected to go online July 16, pending a comment period that ends July 15. Last summer, the Pentagon temporarily unplugged JPAS as a precaution, after a historic breach of 21.5 million background check records. A vulnerability in an Office of Personnel Management tool that links to the system was discovered during a probe of the hack. From rforno at infowarrior.org Wed Jun 22 12:18:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jun 2016 13:18:30 -0400 Subject: [Infowarrior] - Senate postpones FBI NSL expansion vote Message-ID: https://www.eff.org/deeplinks/2016/06/eff-urges-senate-not-expand-fbis-controversial-national-security-letter-authority Update June 22, 2016: The Senate failed to pass an amendment to expand the FBI's National Security Letter powers and to make the "lone wolf" provision of the Patriot Act permanent; however, the amendment will probably be voted on again soon. Senate Majority Leader Mitch McConnell switched his vote to "No" at the last minute so that he may be able to bring up the amendment during future debate. The amendment was included as part of the Commerce, Justice, Science and Related Agencies Appropriations Act, which will have a final vote on the Senate floor later this week. Tell your Senators to Vote NO on the amendment. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 22 15:03:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jun 2016 16:03:26 -0400 Subject: [Infowarrior] - GOP cuts off US House cameras, so Democrats Periscope gun control sit-in Message-ID: GOP cuts off US House cameras, so Democrats Periscope gun control sit-in Rep. Scott Peters turns to social media to broadcast protest. by David Kravets - Jun 22, 2016 3:33pm EDT http://arstechnica.com/tech-policy/2016/06/gop-cuts-off-us-house-cameras-so-democrats-periscope-gun-control-sit-in/ If there's anything that members of Congress can agree on, it's that they can't agree on anything. So on Wednesday, Democrats took to the House floor to stage a sit-in and protest their GOP counterparts' refusal to consider gun control legislation in the wake of the recent Orlando mass shooting. The GOP's response was to cut the C-SPAN feed of the floor protest. House Speaker Paul Ryan, who controls the House C-SPAN feed, decided censorship was the proper route. But the C-Span feed was quickly restored via Twitter-owned Periscope from Rep. Scott Peters, a Democrat from California. Here is Peters' feed. The video is spotty. The Democrats are urging gun legislation to land on the House floor. Hopefully Peters' mobile phone has a big battery, as about 40 House Democrats vowed "to occupy the floor of the House until there is action." The protest started about 11:30am ET and was continuing at the time this post was published. Later in the day, Facebook live was also being used to broadcast the feed to C-SPAN. The move comes days after the Senate brushed aside four gun control measures. Now Democrats in the House are demanding that the full body consider gun control measures. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Jun 22 15:04:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jun 2016 16:04:42 -0400 Subject: [Infowarrior] - DOJ Insists That Rule 41 Change Is Not Important, Nothing To See Here, Move On Annoying Privacy Activist People Message-ID: <7B6273C0-FC6D-4215-98E5-77292ECA1B2B@infowarrior.org> DOJ Insists That Rule 41 Change Is Not Important, Nothing To See Here, Move On Annoying Privacy Activist People from the try-that-one-again? dept We've been talking a lot about Rule 41 lately around here. As we've discussed, the DOJ had pushed for an update to the rule, basically granting the FBI much greater powers to hack into lots of computers, including those abroad (possibly creating diplomatic issues). We've been discussing the problems with the DOJ's proposed change for years, and we haven't been alone. Civil liberties groups and tech companies have both blasted the plans, but to no avail. Back in March, a judicial panel approved the DOJ's proposed changes, and the Supreme Court gave its blessing a month later. The rule changes are set to go into effect on December 1st if they're not stopped. Senators Ron Wyden and Rand Paul have introduced a bill to block them, while the EFF, Tor and friends have kicked off a big No Global Warrants campaign, encouraging Congress to block this change. The DOJ is being fairly proactive in trying to brush aside concerns about the Rule 41 change, and earlier this week put up a blog post insisting that there's nothing to see here at all, and everyone who's worried should just move along already. < - > https://www.techdirt.com/articles/20160621/17440334778/doj-insists-that-rule-41-change-is-not-important-nothing-to-see-here-move-annoying-privacy-activist-people.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 23 07:33:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jun 2016 08:33:51 -0400 Subject: [Infowarrior] - =?utf-8?q?How_technology_made_us_hyper-capable_?= =?utf-8?q?=E2=80=93_and_helpless?= Message-ID: theguardian.com How technology made us hyper-capable ? and helpless | Jonathan Coopersmith Jonathan Coopersmith https://www.theguardian.com/commentisfree/2016/jun/23/technology-us-navy-sextants-navigate The smartphone in your hand enables you to record a video, edit it and send it around the world. With your phone, you can navigate in cities, buy a car, track your vital signs and accomplish thousands of other tasks. And so? Each of those activities used to demand learning specific skills and acquiring the necessary resources to do them. Making a film? First, get a movie camera and the supporting technologies (film, lights, editing equipment). Second, learn how to use them and hire a crew. Third, shoot the movie. Fourth, develop and edit the film. Fifth, make copies and distribute them. Now all of those tasks are solved by technology. We need no longer learn the intricate details when the smartphone programmers have taken care of so much. But film-makers are now freer to focus on their craft, and it is easier than ever to become a film-maker. Historically, technology has made us individually dumber and individually smarter ? and collectively smarter. Technology has made us able to do more while understanding less about what we are doing, and has increased our dependence on others. These are not recent trends, but part of the history of technology since the first humans began to farm. In recent decades, three major changes have accelerated the process, starting with the increasing pace of humans specializing in particular skills. In addition, we outsource more skills to technological tools, like a movie-making app on a smartphone, that relieve us of the challenge of learning large amounts of technical knowledge. And many more people have access to technology than in the past, allowing them to use these tools much more readily. Specialization enables us to become very good at some activities, but that investment in learning ? for example, how to be an ER nurse or computer coder ? comes at the expense of other skills like how to grow your own food or build your own shelter. As Adam Smith noted in his 1776 Wealth of Nations, specialization enables people to become more efficient and productive at one set of tasks, but with a trade-off of increased dependence on others for additional needs. In theory, everyone benefits. Specialization has moral and pragmatic consequences. Skilled workers are more likely to be employed and earn more than their unskilled counterparts. One reason the United States won the second world war was that draft boards kept some trained workers, engineers and scientists working on the home front instead of sending them to fight. A skilled machine tool operator or oil-rig roustabout contributed more to winning the war by staying at home and sticking to a specialized role than by heading to the front with a rifle. It also meant other men (and some women) donned uniforms and had a much greater chance of dying. Incorporating human skills into a machine ? called ?blackboxing? because it makes the operations invisible to the user ? allows more people to, for example, take a blood pressure measurement without investing the time, resources and effort into learning the skills previously needed to use a blood pressure cuff. Putting the expertise in the machine lowers the barriers to entry for doing something because the person does not need to know as much. For example, contrast learning to drive a car with a manual versus an automatic transmission. Mass production of blackboxed technologies enables their widespread use. Smartphones and automated blood pressure monitors would be far less effective if only thousands instead of tens of millions of people could use them. Less happily, producing tens of millions of automatic rifles like AK-47s means individuals can kill far more people far more easily compared with more primitive weapons like knives. More practically, we depend on others to do what we cannot do at all or as well. City dwellers in particular depend on vast, mostly invisible structures to provide their power, remove their waste and ensure food and tens of thousands of other items are available. A major downside of increased dependence on technologies is the increased consequences if those technologies break or disappear. Lewis Dartnell?s The Knowledge offers a delightful (and frightening) exploration of how survivors of a humanity-devastating apocalypse could salvage and maintain 21st-century technologies. Just one example of many is that the US Naval Academy just resumed training officers to navigate by sextants. Historically the only way to determine a ship?s location at sea, this technique is being taught again both as a backup in case cyber-attackers interfere with GPS signals and to give navigators a better feel of what their computers are doing. How do people survive and prosper in this world of increasing dependence and change? It?s impossible to be truly self-reliant, but it is possible to learn more about the technologies we use, to learn basic skills of repairing and fixing them (hint: always check the connections and read the manual) and to find people who know more about particular topics. In this way the internet?s vast wealth of information can not only increase our dependence but also decrease it (of course, skepticism about online information is never a bad idea). Thinking about what happens if something goes wrong can be a useful exercise in planning or a descent into obsessive worrying. Individually, we depend more on our technologies than ever before ? but we can do more than ever before. Collectively, technology has made us smarter, more capable and more productive. What technology has not done is make us wiser. This piece originally appeared on The Conversation -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 23 15:16:41 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jun 2016 16:16:41 -0400 Subject: [Infowarrior] - Federal Court: The Fourth Amendment Does Not Protect Your Home Computer Message-ID: https://www.eff.org/deeplinks/2016/06/federal-court-fourth-amendment-does-not-protect-your-home-computer June 23, 2016 | By Mark Rumold Federal Court: The Fourth Amendment Does Not Protect Your Home Computer In a dangerously flawed decision unsealed today, a federal district court in Virginia ruled that a criminal defendant has no ?reasonable expectation of privacy? in his personal computer, located inside his home. According to the court, the federal government does not need a warrant to hack into an individual's computer. This decision is the latest in, and perhaps the culmination of, a series of troubling decisions in prosecutions stemming from the FBI?s investigation of Playpen?a Tor hidden services site hosting child pornography. The FBI seized the server hosting the site in 2014, but continued to operate the site and serve malware to thousands of visitors that logged into the site. The malware located certain identifying information (e.g., MAC address, operating system, the computer?s ?Host name?; etc) on the attacked computer and sent that information back to the FBI. There are hundreds of prosecutions, pending across the country, stemming from this investigation. Courts overseeing these cases have struggled to apply traditional rules of criminal procedure and constitutional law to the technology at issue. Recognizing this, we've been participating as amicus to educate judges on the significant legal issues these cases present. In fact, EFF filed an amicus brief in this very case, arguing that the FBI?s investigation ran afoul of the Fourth Amendment. The brief, unfortunately, did not have the intended effect. The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights. As hundreds of these cases work their way through the federal court system, we'll be keeping a careful eye on these decisions, developing resources to help educate the defense bar, and doing all we can to ensure that the Fourth Amendment's protections for our electronic devices aren't eroded further. We'll be writing more about these cases in the upcoming days, too, so be sure to check back in for an in-depth look at the of the legal issues in these cases, and the problems with the way the FBI handled its investigation. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 27 05:55:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jun 2016 06:55:14 -0400 Subject: [Infowarrior] - FBI moves to keep its Tor hacking tool secret Message-ID: <260F4A9C-254B-46C9-805C-3AA04F66D8AA@infowarrior.org> engadget.com FBI moves to keep its Tor hacking tool secret https://www.engadget.com/2016/06/24/fbi-moves-to-keep-its-tor-hacking-tool-secret/ "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," the government's attorneys wrote in a filing made in response to one of the defendants earlier this month. As Motherboard points out, the FBI originally wanted to classify their reasons for not handing over the exploit, rather than the exploit itself. That filing has been amended and is simply waiting on a signature from the FBI Original Classification Authority to confirm it will be hidden from public view. While experts believe the national security excuse is tenuous, the Department of Justice does have a recorded history of classifying inappropriate information. A 2013 report from the DOJ's own office of the Inspector General revealed several documents in which "unclassified information was inappropriately identified as being classified." If the FBI is successful in classifying their exploit tool, it would make it difficult to verify that their evidence, which affects over 1,500 related cases, was obtained through legal means. On the other hand, a legal loophole set in place by the Classified Information Procedures Act could allow the defense teams in these cases to review certain classified materials, although that's not guaranteed. As for the Tor Project, the problems here are clear: how can an open, yet unknown, security flaw endanger the lives or human rights of those around the world who legitimately rely on a browser built for privacy and security? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 27 05:55:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jun 2016 06:55:19 -0400 Subject: [Infowarrior] - New proposal would ask foreign travelers for social media info Message-ID: New proposal would ask foreign travelers for social media info By Mario Trujillo - 06/24/16 09:04 AM EDT http://thehill.com/policy/technology/284757-new-proposal-would-ask-foreign-travelers-for-social-media-information Foreigners traveling to the United States without a visa would be asked to provide the government with their social media handles under a new proposal from the U.S. Customs and Border Protection. The optional question on arrival and departure forms would ask about a traveler?s ?social media identifier," but not passwords. People could leave it blank. The extra information would be used for vetting and contact information, according to the proposal. ?Collecting social media data will enhance the existing investigative process and provide [The Department of Homeland Security] greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case,? according to the proposal. The proposed change was published in the Federal Register on Thursday, giving the public 60 days to write in about whether it is a good idea or not. The change would apply to arrival and departure forms that most foreigners traveling to the United States without a visa must have. The change would also apply to immigrants traveling through the visa waiver program, which was recently updated after terror attacks last year in Paris. The visa waiver program allows citizens from about 40 other countries to travel to the United States for business or vacation for up to 90 days without first getting a visa. It was recently updated to bar people from using the expedited program if they recently traveled to countries like Libya, Somalia, Yemen, Iraq, Sudan or Syria. There are some limited exceptions. In recent years, the government has keyed in on social media as a valuable tool and has partially blamed it for the spread and recruitment of the Islamic State in Iraq and Syria. Realizing social media holds a cache of important information, the government has begun incorporating social media during background checks of employees looking to obtain security clearance. At the moment, the government does not require employees to hand over their social media handles during security clearance reviews, because officials say it could skirt the line of civil liberties. Some lawmakers have questioned that. ?What would be the negative of just asking, hey, do you post online under any type of pseudonym?? asked Rep. Ron Desantis (R-Fla.) during a hearing last month. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 27 12:43:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jun 2016 13:43:56 -0400 Subject: [Infowarrior] - MPAA Boss: Actually Being Good To Consumers Would Be Horrible For Hollywood Message-ID: <10E4036B-9729-41CE-9B81-5B100C07ABF7@infowarrior.org> MPAA Boss: Actually Being Good To Consumers Would Be Horrible For Hollywood https://www.techdirt.com/articles/20160624/07132034810/mpaa-boss-actually-being-good-to-consumers-would-be-horrible-hollywood.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 27 15:35:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jun 2016 16:35:31 -0400 Subject: [Infowarrior] - Culturally Constructed Ignorance Wins the Day Message-ID: <7A8E775A-1117-4FE5-A62B-56B4137C9F1A@infowarrior.org> Culturally Constructed Ignorance Wins the Day June 27, 2016 2:06 PM EDT Barry Ritholtz http://www.bloomberg.com/view/articles/2016-06-27/culturally-constructed-ignorance-wins-the-day I spend much of my time shrugging off breathless news events. Ebola (now Zika), employment reports, Federal Reserve rate changes, government shutdowns, peak earnings and so on. Much of what passes for earth-shaking news turns out to be, with the benefit of hindsight, something in between idle gossip and fear-mongering. The genuine, not well-anticipated, actual market-moving news -- such as the U.K.'s vote to leave the European Union -- is a relatively rare thing. However, there is a disconcerting trend that has gained strength: agnotology. It's a term worth knowing, since it is going global. The word was coined by Stanford University professor Robert N. Proctor, who described it as ?culturally constructed ignorance, created by special interest groups to create confusion and suppress the truth in a societally important issue.? It is especially useful to sow seeds of doubt in complex scientific issues by publicizing inaccurate or misleading data. Culturally constructed ignorance played a major role in the Brexit vote, as we shall see after a bit of explanation. Perhaps the best-known example of agnotology is found in the tobacco industry?s claims for many years that the evidence that smoking cigarettes causes cancer was ?not yet in.? The position of the industry and its executives was that the hazards of cigarette smoking were an open question. Of course, this was a huge lie, as the industry had scientific evidence that proved that smoking caused cancer, emphysema, heart and lung disease. As Proctor observed "The tobacco industry is famous for having seen itself as a manufacturer of two different products: tobacco and doubt." That doubt, however, allowed cigarette sales to continue for decades before the inescapable truth came to light. And it forestalled broader regulatory oversight by the states and the federal government for years. But the truth can only be held back for so long, and eventually tobacco sales in the U.S. fell off a cliff. But it was too late to save millions of people who became sick and died due to smoking. Current agnotology campaigns seem to be having similarly desired effects. We see the results in a variety of public-policy issues where one side has manufactured enough doubt through false statements, inflammatory rhetoric and data from dubious sources that they can mislead public opinion in a significant way, at least for a time. The backers of each of these public issues have used the technique of culturally constructed ignorance to affect public opinion, direct government policy and alter regulatory oversight. Here a just a few examples: ? Iraq has weapons of mass destruction ? Genetically modified crops are dangerous ? Global warming is a scientific hoax ? Vaccines cause autism ? Tax cuts pay for themselves ? Poor people caused the financial crisis Each of these is, of course, wrong and lacking in any factual basis. Nevertheless, they have a following. Now, you can add Brexit to the list. Watching from across the Atlantic, it was a wonder to see the stream of claims that failed to stand up to even the slightest scrutiny. Perhaps the biggest was the assertion by Nigel Farage, the loudest advocate for Brexit and leader of the U.K. Independence Party, that leaving would free up 350 million pounds ($460 million) a week that now goes to the EU for use by Britain?s financially stretched National Health Service. Farage was forced to backtrack on this claim almost immediately. He was successful at frightening people with claims about immigration that he also was forced to ?row back.? In the aftermath of the Brexit vote, there is evidence that people didn't fully understand what they were voting for. Some didn?t think their protest vote would matter, or misunderstood what they were voting for, or what the EU actually was. There seems to be a rise in voters? remorse the days after. Many blamed the tabloids in the UK. The misstatements and myths which were being pressed by the leave campaign about the EU were so rampant and absurd that the European Commission had to put out repeated corrections and maintain a blog to rebut the nonsense. Democracy is based on the concept of a market place of ideas. Supreme Court Justice Oliver Wendell Holmes described the ?free trade in ideas? within ?the competition of the market.? By the time voters head to the polls, the participants will have chewed over the finer points, the details will be well known to all and, for the most part, everyone more or less understands what's at stake. Or not. The assumption underlying policy debates -- their true purpose in a democracy -- is to engage in a principled argument in order to reach a discernible truth. It isn't, as we have seen more and more often, to win a short-term victory at any and all costs . Jonathan Swift once wrote, ?Falsehood flies, and the Truth comes limping after it.? That was never truer than today, when falsehoods and Facebook hoaxes can travel around the world at the click of a mouse. Hyperbole and exaggeration is one thing, creating an alternative universe is something else entirely. This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners. To contact the author of this story: Barry Ritholtz at britholtz3 at bloomberg.net To contact the editor responsible for this story: James Greiff at jgreiff at bloomberg.net -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 27 15:35:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jun 2016 16:35:31 -0400 Subject: [Infowarrior] - Culturally Constructed Ignorance Wins the Day Message-ID: <7A8E775A-1117-4FE5-A62B-56B4137C9F1A@infowarrior.org> Culturally Constructed Ignorance Wins the Day June 27, 2016 2:06 PM EDT Barry Ritholtz http://www.bloomberg.com/view/articles/2016-06-27/culturally-constructed-ignorance-wins-the-day I spend much of my time shrugging off breathless news events. Ebola (now Zika), employment reports, Federal Reserve rate changes, government shutdowns, peak earnings and so on. Much of what passes for earth-shaking news turns out to be, with the benefit of hindsight, something in between idle gossip and fear-mongering. The genuine, not well-anticipated, actual market-moving news -- such as the U.K.'s vote to leave the European Union -- is a relatively rare thing. However, there is a disconcerting trend that has gained strength: agnotology. It's a term worth knowing, since it is going global. The word was coined by Stanford University professor Robert N. Proctor, who described it as ?culturally constructed ignorance, created by special interest groups to create confusion and suppress the truth in a societally important issue.? It is especially useful to sow seeds of doubt in complex scientific issues by publicizing inaccurate or misleading data. Culturally constructed ignorance played a major role in the Brexit vote, as we shall see after a bit of explanation. Perhaps the best-known example of agnotology is found in the tobacco industry?s claims for many years that the evidence that smoking cigarettes causes cancer was ?not yet in.? The position of the industry and its executives was that the hazards of cigarette smoking were an open question. Of course, this was a huge lie, as the industry had scientific evidence that proved that smoking caused cancer, emphysema, heart and lung disease. As Proctor observed "The tobacco industry is famous for having seen itself as a manufacturer of two different products: tobacco and doubt." That doubt, however, allowed cigarette sales to continue for decades before the inescapable truth came to light. And it forestalled broader regulatory oversight by the states and the federal government for years. But the truth can only be held back for so long, and eventually tobacco sales in the U.S. fell off a cliff. But it was too late to save millions of people who became sick and died due to smoking. Current agnotology campaigns seem to be having similarly desired effects. We see the results in a variety of public-policy issues where one side has manufactured enough doubt through false statements, inflammatory rhetoric and data from dubious sources that they can mislead public opinion in a significant way, at least for a time. The backers of each of these public issues have used the technique of culturally constructed ignorance to affect public opinion, direct government policy and alter regulatory oversight. Here a just a few examples: ? Iraq has weapons of mass destruction ? Genetically modified crops are dangerous ? Global warming is a scientific hoax ? Vaccines cause autism ? Tax cuts pay for themselves ? Poor people caused the financial crisis Each of these is, of course, wrong and lacking in any factual basis. Nevertheless, they have a following. Now, you can add Brexit to the list. Watching from across the Atlantic, it was a wonder to see the stream of claims that failed to stand up to even the slightest scrutiny. Perhaps the biggest was the assertion by Nigel Farage, the loudest advocate for Brexit and leader of the U.K. Independence Party, that leaving would free up 350 million pounds ($460 million) a week that now goes to the EU for use by Britain?s financially stretched National Health Service. Farage was forced to backtrack on this claim almost immediately. He was successful at frightening people with claims about immigration that he also was forced to ?row back.? In the aftermath of the Brexit vote, there is evidence that people didn't fully understand what they were voting for. Some didn?t think their protest vote would matter, or misunderstood what they were voting for, or what the EU actually was. There seems to be a rise in voters? remorse the days after. Many blamed the tabloids in the UK. The misstatements and myths which were being pressed by the leave campaign about the EU were so rampant and absurd that the European Commission had to put out repeated corrections and maintain a blog to rebut the nonsense. Democracy is based on the concept of a market place of ideas. Supreme Court Justice Oliver Wendell Holmes described the ?free trade in ideas? within ?the competition of the market.? By the time voters head to the polls, the participants will have chewed over the finer points, the details will be well known to all and, for the most part, everyone more or less understands what's at stake. Or not. The assumption underlying policy debates -- their true purpose in a democracy -- is to engage in a principled argument in order to reach a discernible truth. It isn't, as we have seen more and more often, to win a short-term victory at any and all costs . Jonathan Swift once wrote, ?Falsehood flies, and the Truth comes limping after it.? That was never truer than today, when falsehoods and Facebook hoaxes can travel around the world at the click of a mouse. Hyperbole and exaggeration is one thing, creating an alternative universe is something else entirely. This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners. To contact the author of this story: Barry Ritholtz at britholtz3 at bloomberg.net To contact the editor responsible for this story: James Greiff at jgreiff at bloomberg.net -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Jun 27 15:35:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jun 2016 16:35:31 -0400 Subject: [Infowarrior] - Culturally Constructed Ignorance Wins the Day Message-ID: <7A8E775A-1117-4FE5-A62B-56B4137C9F1A@infowarrior.org> Culturally Constructed Ignorance Wins the Day June 27, 2016 2:06 PM EDT Barry Ritholtz http://www.bloomberg.com/view/articles/2016-06-27/culturally-constructed-ignorance-wins-the-day I spend much of my time shrugging off breathless news events. Ebola (now Zika), employment reports, Federal Reserve rate changes, government shutdowns, peak earnings and so on. Much of what passes for earth-shaking news turns out to be, with the benefit of hindsight, something in between idle gossip and fear-mongering. The genuine, not well-anticipated, actual market-moving news -- such as the U.K.'s vote to leave the European Union -- is a relatively rare thing. However, there is a disconcerting trend that has gained strength: agnotology. It's a term worth knowing, since it is going global. The word was coined by Stanford University professor Robert N. Proctor, who described it as ?culturally constructed ignorance, created by special interest groups to create confusion and suppress the truth in a societally important issue.? It is especially useful to sow seeds of doubt in complex scientific issues by publicizing inaccurate or misleading data. Culturally constructed ignorance played a major role in the Brexit vote, as we shall see after a bit of explanation. Perhaps the best-known example of agnotology is found in the tobacco industry?s claims for many years that the evidence that smoking cigarettes causes cancer was ?not yet in.? The position of the industry and its executives was that the hazards of cigarette smoking were an open question. Of course, this was a huge lie, as the industry had scientific evidence that proved that smoking caused cancer, emphysema, heart and lung disease. As Proctor observed "The tobacco industry is famous for having seen itself as a manufacturer of two different products: tobacco and doubt." That doubt, however, allowed cigarette sales to continue for decades before the inescapable truth came to light. And it forestalled broader regulatory oversight by the states and the federal government for years. But the truth can only be held back for so long, and eventually tobacco sales in the U.S. fell off a cliff. But it was too late to save millions of people who became sick and died due to smoking. Current agnotology campaigns seem to be having similarly desired effects. We see the results in a variety of public-policy issues where one side has manufactured enough doubt through false statements, inflammatory rhetoric and data from dubious sources that they can mislead public opinion in a significant way, at least for a time. The backers of each of these public issues have used the technique of culturally constructed ignorance to affect public opinion, direct government policy and alter regulatory oversight. Here a just a few examples: ? Iraq has weapons of mass destruction ? Genetically modified crops are dangerous ? Global warming is a scientific hoax ? Vaccines cause autism ? Tax cuts pay for themselves ? Poor people caused the financial crisis Each of these is, of course, wrong and lacking in any factual basis. Nevertheless, they have a following. Now, you can add Brexit to the list. Watching from across the Atlantic, it was a wonder to see the stream of claims that failed to stand up to even the slightest scrutiny. Perhaps the biggest was the assertion by Nigel Farage, the loudest advocate for Brexit and leader of the U.K. Independence Party, that leaving would free up 350 million pounds ($460 million) a week that now goes to the EU for use by Britain?s financially stretched National Health Service. Farage was forced to backtrack on this claim almost immediately. He was successful at frightening people with claims about immigration that he also was forced to ?row back.? In the aftermath of the Brexit vote, there is evidence that people didn't fully understand what they were voting for. Some didn?t think their protest vote would matter, or misunderstood what they were voting for, or what the EU actually was. There seems to be a rise in voters? remorse the days after. Many blamed the tabloids in the UK. The misstatements and myths which were being pressed by the leave campaign about the EU were so rampant and absurd that the European Commission had to put out repeated corrections and maintain a blog to rebut the nonsense. Democracy is based on the concept of a market place of ideas. Supreme Court Justice Oliver Wendell Holmes described the ?free trade in ideas? within ?the competition of the market.? By the time voters head to the polls, the participants will have chewed over the finer points, the details will be well known to all and, for the most part, everyone more or less understands what's at stake. Or not. The assumption underlying policy debates -- their true purpose in a democracy -- is to engage in a principled argument in order to reach a discernible truth. It isn't, as we have seen more and more often, to win a short-term victory at any and all costs . Jonathan Swift once wrote, ?Falsehood flies, and the Truth comes limping after it.? That was never truer than today, when falsehoods and Facebook hoaxes can travel around the world at the click of a mouse. Hyperbole and exaggeration is one thing, creating an alternative universe is something else entirely. This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners. To contact the author of this story: Barry Ritholtz at britholtz3 at bloomberg.net To contact the editor responsible for this story: James Greiff at jgreiff at bloomberg.net -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 28 09:38:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 14:38:00 -0000 Subject: [Infowarrior] - Intel's Position on Encryption Policy - Policy@Intel References: Message-ID: (via IP) -- It's better to burn out than fade away. > Begin forwarded message: > > ---------- Forwarded message ---------- > From: Hoffman, David Legal > > Date: Tuesday, June 28, 2016 > Subject: Intel's Position on Encryption Policy - Policy at Intel > To: Dave Farber > > > > Dave- > > For distribution to IP, if you see fit. > > Best regards- > > David Hoffman > Associate General Counsel and Global Privacy Officer > > > http://blogs.intel.com/policy/2016/06/27/intels-position-encryption-policy/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Tue Jun 28 09:38:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 14:38:00 -0000 Subject: [Infowarrior] - Intel's Position on Encryption Policy - Policy@Intel References: Message-ID: (via IP) -- It's better to burn out than fade away. > Begin forwarded message: > > ---------- Forwarded message ---------- > From: Hoffman, David Legal > > Date: Tuesday, June 28, 2016 > Subject: Intel's Position on Encryption Policy - Policy at Intel > To: Dave Farber > > > > Dave- > > For distribution to IP, if you see fit. > > Best regards- > > David Hoffman > Associate General Counsel and Global Privacy Officer > > > http://blogs.intel.com/policy/2016/06/27/intels-position-encryption-policy/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Tue Jun 28 09:38:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 14:38:00 -0000 Subject: [Infowarrior] - Intel's Position on Encryption Policy - Policy@Intel References: Message-ID: (via IP) -- It's better to burn out than fade away. > Begin forwarded message: > > ---------- Forwarded message ---------- > From: Hoffman, David Legal > > Date: Tuesday, June 28, 2016 > Subject: Intel's Position on Encryption Policy - Policy at Intel > To: Dave Farber > > > > Dave- > > For distribution to IP, if you see fit. > > Best regards- > > David Hoffman > Associate General Counsel and Global Privacy Officer > > > http://blogs.intel.com/policy/2016/06/27/intels-position-encryption-policy/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Tue Jun 28 12:13:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 17:13:26 -0000 Subject: [Infowarrior] - How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law Message-ID: <18663866-C995-4FB8-8AB5-2A07B4EF6178@infowarrior.org> How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law Written by Jason Koebler http://motherboard.vice.com/read/warranty-void-if-removed-stickers-are-illegal -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 28 12:13:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 17:13:26 -0000 Subject: [Infowarrior] - How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law Message-ID: <18663866-C995-4FB8-8AB5-2A07B4EF6178@infowarrior.org> How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law Written by Jason Koebler http://motherboard.vice.com/read/warranty-void-if-removed-stickers-are-illegal -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Jun 28 12:13:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 17:13:26 -0000 Subject: [Infowarrior] - How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law Message-ID: <18663866-C995-4FB8-8AB5-2A07B4EF6178@infowarrior.org> How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law Written by Jason Koebler http://motherboard.vice.com/read/warranty-void-if-removed-stickers-are-illegal -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 30 06:41:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jun 2016 11:41:51 -0000 Subject: [Infowarrior] - =?utf-8?q?Alvin_Toffler=2C_Author_of_=E2=80=98Fut?= =?utf-8?q?ure_Shock=2C=E2=80=99_Dies_at_87?= Message-ID: <8D3EFD59-CA63-4681-B1D6-89D95C68084F@infowarrior.org> Alvin Toffler, Author of ?Future Shock,? Dies at 87 Keith Schneider http://www.nytimes.com/2016/06/30/books/alvin-toffler-author-of-future-shock-dies-at-87.html Mr. Toffler popularized the phrase ?information overload.? His warnings could be bleak, cautioning that people and institutions that failed to keep pace with change would face ruin. But he was generally optimistic. He was among the first authors to recognize that knowledge, not labor and raw materials, would become the most important economic resource of advanced societies. Critics were not sure what to make of Mr. Toffler?s literary style or scholarship. The mechanical engineering scholar and systems theorist Richard W. Longman wrote in The New York Times that Mr. Toffler ?sends flocks of facts and speculation whirling past like birds in a tornado.? In Time magazine, the reviewer R. Z. Sheppard wrote, ?Toffler?s redundant delivery and overheated prose turned kernels of truth into puffed generalities.? Mr. Toffler?s work nevertheless found an eager readership among the general public, on college campuses, in corporate suites and in national governments. Newt Gingrich, the former Republican speaker of the House, met the Tofflers in the 1970s and became close to them. He said ?The Third Wave? had immensely influenced his own thinking and was ?one of the great seminal works of our time.? Prime Minister Zhao Ziyang of China convened conferences to discuss ?The Third Wave? in the early 1980s, and in 1985 the book was the No. 2 best seller in China. Only the speeches of the Chinese leader Deng Xiaoping sold more copies. Mr. Toffler was born in New York on Oct. 4, 1928, and raised in Brooklyn, the only son and elder of two children of Sam and Rose Toffler, immigrants from Poland. His father was a furrier. Alvin began to write poetry and stories soon after learning to read and aspired to be a writer from the time he was 7 years old, he told interviewers. His inspiration, he said, came from an uncle and aunt ? Phil Album, an editor, and Ruth Album, a poet ? who lived with the Tofflers. ?They were Depression-era literary intellectuals,? Mr. Toffler said in an interview for this obituary in 2006, ?and they always talked about exciting ideas.? Mr. Toffler enrolled in New York University in 1946 and, by his account, spent the next four years only mildly interested in his academic work. He was far more engaged in political activism. In the fall of 1948, during a brief trip home from helping to register black voters in North Carolina, he met Adelaide Elizabeth Farrell, known as Heidi. ?I went to Washington Square,? he said, ?and as I walked across the park, I saw a girl in one of my classes. And next to her was a gorgeous blonde. We have been inseparable since.? Where Mr. Toffler was voluble and visionary, Ms. Toffler was cleareyed and direct. Early in 1950, before they were married, she persuaded him to finish his course work at N.Y.U. and graduate with a degree in English. ?I barely made it,? he recalled. ?I paid no attention to credits. In my youthful view I thought, ?Who needs ceremony?? Heidi is far more practical.? Both shared expansive intellects and the passion to make their lives matter. Like the writers he most admired, Mr. Toffler wanted experiences to report on. ?Steinbeck went to pick grapes,? he said. ?Jack London sailed ships.? The couple decided to move to Cleveland, then at the very center of industrial America. They were married there on April 29, 1950, by a justice of the peace whom Mr. Toffler described as a ?roaring drunk.? They lived on the city?s west side and took production jobs in separate factories. Mr. Toffler learned to weld and repair machinery and came to understand in the most personal way the toll that physical labor can have on industrial workers. He broke a vertebra when a steel beam he was helping to unload twisted unexpectedly and fell on him. At night, Mr. Toffler wrote poetry and fiction and discovered he was proficient in neither. But he still aspired to be a writer. In 1954, soon after the birth of the couple?s only child, Karen, he persuaded the editor of Industry and Welding, a national trade magazine published in Cleveland, to hire him as a reporter. Mr. Toffler recalled: ?The editor told me, ?You?re getting this job because you know how to weld. Now, show me you know how to write.?? Mr. Toffler soon landed a job as a reporter for Labor?s Daily, a national trade newspaper published in Charleston, W.Va., by the International Typographical Union. It sent him to Washington to cover labor news there in 1957. Two years later, he sent Fortune magazine a proposal to write an article about the economics of the growing mainstream interest in the arts. Fortune rejected the idea but invited Mr. Toffler to New York for an interview and hired him as its labor editor and columnist. He left Fortune in 1962 and, with his wife as editor and adviser, began a freelance-writing career covering politics, technology and social science for scholarly journals and writing long interviews for Playboy magazine. His 1964 Playboy interview with the Russian novelist Vladimir Nabokov was considered one of the magazine?s best. Besides his wife, Mr. Toffler is survived by a sister, Caroline Sitter. The Tofflers? daughter died in 2000. Mr. Toffler published 13 books and won numerous honors, including a career achievement award in 2005 from the American Society of Journalists and Authors. He and his wife formed Toffler Associates, a global forecasting and consulting company, originally based in Manchester, Mass., in 1996. In recent years, benefiting from hindsight, some critics said Mr. Toffler had gotten much wrong. Shel Israel, an author and commentator who writes about social media for Forbes, took issue with Mr. Toffler in 2012 for painting ?a picture of people who were isolated and depressed, cut off from human intimacy by a relentless fire hose of messages and data barraging us.? But, he added: ?We are not isolated by it. And when the information overloads us, most people are still wise enough to use the power of the ?Off? button to gain some peace.? In writing ?Future Shock? 46 years ago, Mr. Toffler acknowledged that the future he saw coming might ultimately differ in the details from what actually came to pass. ?No serious futurist deals in ?predictions,?? he wrote in the book?s introduction. ?These are left for television oracles and newspaper astrologers.? He advised readers to ?concern themselves more and more with general theme, rather than detail.? That theme, he emphasized, was that ?the rate of change has implications quite apart from, and sometimes more important than, the directions of change.? He added, ?We who explore the future are like those ancient mapmakers, and it is in this spirit that the concept of future shock and the theory of the adaptive range are presented here ? not as final word, but as a first approximation of the new realities, filled with danger and promise, created by the accelerative thrust.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 30 17:49:41 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jun 2016 22:49:41 -0000 Subject: [Infowarrior] - Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists Message-ID: <27AB2927-D7C4-4AEB-B810-DB7CC420C8EC@infowarrior.org> Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists Cora Currier https://theintercept.com/2016/06/30/secret-rules-make-it-pretty-easy-for-the-fbi-to-spy-on-journalists/ Secret FBI rules allow agents to obtain journalists? phone records with approval from two internal officials ? far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI?s use of National Security Letters, which allow the bureau to obtain information about journalists? calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists? information. The rules stipulate that obtaining a journalist?s records with a National Security Letter (or NSL) requires the sign-off of the FBI?s general counsel and the executive assistant director of the bureau?s National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is ?relevant? to a national security investigation. There is an extra step under the rules if the NSL targets a journalist in order ?to identify confidential news media sources.? In that case, the general counsel and the executive assistant director must first consult with the assistant attorney general for the Justice Department?s National Security Division. But if the NSL is trying to identify a leaker by targeting the records of the potential source, and not the journalist, the Justice Department doesn?t need to be involved. The guidelines also specify that the extra oversight layers do not apply if the journalist is believed to be a spy or is part of a news organization ?associated with a foreign intelligence service? or ?otherwise acting on behalf of a foreign power.? Unless, again, the purpose is to identify a leak, in which case, the general counsel and executive assistant director must approve the request. ?These supposed rules are incredibly weak and almost nonexistent ? as long as they have that second sign-off they?re basically good to go,? said Trevor Timm, executive director of the Freedom of the Press Foundation, which has sued the Justice Department for the release of these rules. ?The FBI is entirely able to go after journalists and with only one extra hoop they have to jump through.? A spokesperson for the FBI, Christopher Allen, declined to comment on the rules or say if they had been changed since 2013, except to say that they are ?very clear? that ?the FBI cannot predicate investigative activity solely on the exercise of First Amendment rights.? The Obama administration has come under criticism for bringing a record number of leak prosecutions, and aggressively targeting journalists in the process. In 2013, after it came out that the Justice Department had secretly seized records from phone lines at the Associated Press and surveilled Fox News reporter James Rosen, then-Attorney General Eric Holder tightened the rules for when prosecutors could go after journalists. The new policies emphasized that reporters would not be prosecuted for ?newsgathering activities,? and that the government would ?seek evidence from or involving the news media? as a ?last resort? and an ?extraordinary measure.? The FBI could not label reporters as co-conspirators in order to try to identify their sources ? as had happened with Rosen ? and it became more difficult to get journalists? phone records without notifying the news organization first. Yet these changes did not apply to NSLs. Those are governed by a separate set of rules, laid out in a classified annex to the FBI?s operating manual, known as the Domestic Investigations and Operations Guide, or DIOG. The full version of that guide, including the classified annex, was last made public in redacted form in 2011. The section of the annex on NSLs obtained by The Intercept dates from October 2013 and is marked ?last updated October 2011.? It is classified as secret with an additional restriction against distribution to any non-U.S. citizens. Emails from FBI lawyers in 2015, which were released earlier this year to the Freedom of the Press Foundation, reference an update to this portion of the DIOG, but it is not clear from the heavily redacted emails what changes were actually made. In a January 2015 email to a number of FBI employee lists, James Baker, the general counsel of the FBI, attached the new attorney general?s policy and wrote that ?with the increased focus on media issues,? the FBI and Justice Department would ?continue to review the DIOG and other internal policy guides to determine if additional changes or requirements are necessary.? ?Please be mindful of these media issues,? he continued, and advised consulting with the general counsel?s office ?prior to implementing any techniques targeting the media.? But the email also explicitly notes that the new guidelines do not apply to ?national security tools.? Allen, the FBI spokesperson, told The Intercept in an emailed statement that ?the FBI periodically reviews and updates the DIOG as needed? and that ?certainly the FBI?s DIOG remains consistent with all [Attorney General] Guidelines.? Bruce Brown, executive director of the Reporters Committee for Freedom of the Press, said that the ?use of NSLs as a way around the protections in the guidelines is a serious concern for news organizations.? Last week, the Reporters Committee filed a brief in support of the Freedom of the Press Foundation?s lawsuit for the FBI?s NSL rules and other documents on behalf of 37 news organizations including The Intercept?s publisher, First Look Media. (First Look also provides funding to both the Reporters Committee and the Freedom of the Press Foundation, and several Intercept staffers serve on the foundation?s board.) Seeing the rules in their un-censored form, Timm, of the Freedom of the Press Foundation, said that the FBI should not have kept them classified. ?Redacting the fact that they need a little extra sign-off from supervisors doesn?t come close to protecting state secrets,? he said. The FBI issues thousands of NSLs each year, including nearly 13,000 in 2015. Over the years, a series of Inspector General reports found significant problems with their use, yet the FBI is currently pushing to expand the types of information it can demand with an NSL. The scope of NSLs has long been limited to basic subscriber information and toll billing information ? which number called which, when, and for how long ? as well as some financial and banking records. But the FBI had made a habit of asking companies to hand over more revealing data on internet usage, which could include email header information (though not the subject lines or content of emails) and browsing history. The 2013 NSL rules for the media only mention telephone toll records. Another controversial aspect of NSLs is that they come with a gag order preventing companies from disclosing even the fact that they?ve received one. Court challenges and legislative changes have loosened that restriction a bit, allowing companies to disclose how many NSLs they receive, in broad ranges, and in a few cases, to describe the materials the FBI had demanded of them in more detail. Earlier this month, Yahoo became the first company to release three NSLs it had received in recent years. It?s unclear how often the FBI has used NSLs to get journalists? records. Barton Gellman, of the Washington Post, has said that he was told his phone records had been obtained via an NSL. The FBI could also potentially demand journalists? information through an application to the Foreign Intelligence Surveillance Court (or FISA court), which, like NSLs, would also not be covered by the Justice Department policy. The rules for that process are still obscure. The emails about revisions to the FBI guidelines reference a ?FISA portion,? but most of the discussion is redacted. For Brown, of the Reporters Committee, the disclosure of the rules ?only confirms that we need information about the actual frequency and context of NSL practice relating to newsgathering and journalists? records to assess the effectiveness of the new guidelines.? From rforno at infowarrior.org Tue Jun 28 16:13:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jun 2016 21:13:25 -0000 Subject: [Infowarrior] - Security Analysis of TSA PreCheck Message-ID: <03A83EC5-2758-4FCF-B5D2-966EF89BFAFA@infowarrior.org> Security Analysis of TSA PreCheck https://www.schneier.com/blog/archives/2016/06/security_analys_5.html Interesting research: Mark G. Stewart and John Mueller, "Risk-based passenger screening: risk and economic assessment of TSA PreCheck increased security at reduced cost?" Executive Summary: The Transportation Security Administration's PreCheck program is risk-based screening that allows passengers assessed as low risk to be directed to expedited, or PreCheck, screening. We begin by modelling the overall system of aviation security by considering all layers of security designed to deter or disrupt a terrorist plot to down an airliner with a passenger-borne bomb. Our analysis suggests that these measures reduce the risk of such an attack by at least 98%. Assuming that the accuracy of Secure Flight may be less than 100% when identifying low and high risk passengers, we then assess the effect of enhanced and expedited (or regular and PreCheck) screening on deterrence and disruption rates. We also evaluate programs that randomly redirect passengers from the PreCheck to the regular lines (random exclusion) and ones that redirect some passengers from regular to PreCheck lines (managed inclusion). We find that, if 50% of passengers are cleared for PreCheck, the additional risk reduction (benefit) due to PreCheck is 0.021% for attacks by lone wolves, and 0.056% for ones by terrorist organisations. If 75% of passengers rather than 50% go through PreCheck, these numbers are 0.017% and 0.044%, still providing a benefit in risk reduction. Under most realistic combinations of parameter values PreCheck actually increases risk reduction, perhaps up to 1%, while under the worst assumptions, it lowers risk reduction only by some 0.1%. Extensive sensitivity analyses suggests that, overall, PreCheck is most likely to have an increase in overall benefit. The report also finds that adding random exclusion and managed inclusion to the PreCheck program has little effect on the risk reducing capability of PreCheck one way or the other. For example, if 10% of non-PreCheck passengers are randomly sent to the PreCheck line, the program still is delivers a benefit in risk reduction, and provides an additional savings for TSA of $11 million per year by reducing screening costs -- while at the same time improving security outcomes. There are also other co-benefits, and these are very substantial. Reducing checkpoint queuing times improves in the passenger experience, which would lead to higher airline revenues, can exceed several billion dollars per year. TSA PreCheck thus seems likely to bring considerable efficiencies to the screening process and great benefits to passengers, airports, and airlines while actually enhancing security a bit. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Jun 30 06:41:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jun 2016 11:41:51 -0000 Subject: [Infowarrior] - Congressional Report Is the Latest to Slam a Bad Crypto Bill Message-ID: (Tomorrow is July 1, not April 1st, right? ---rick) Congressional Report Is the Latest to Slam a Bad Crypto Bill Author: Andy Greenberg https://www.wired.com/2016/06/congressional-report-latest-slam-bad-crypto-bill/ Since Senators Richard Burr and Diane Feinstein released their long-awaited legislation to address the conflict between encryption software makers and law enforcement last April, it?s made about as much progress as a TI-82 calculator trying to crack a 2048-bit PGP key. The bill, which required all crypto tools to offer some way for a warrant-holding FBI agent to access encrypted information, was roundly reviled by the technology and privacy communities, and quickly lost momentum in DC, too. Now the Burr-Feinstein proposal has received its most definitive rejection yet, and this time the call is coming from inside the House. On Wednesday the House Subcommittee on Homeland Security released a research paper with the findings of its own investigation into the ongoing crypto debate. The paper, which took into account more than a hundred meetings the researchers had with privacy advocates, cryptographers, technologists, and law enforcement officials, doesn?t offer a definitive way forward on encryption legislation. But it does unequivocally state that no current bills?very clearly including the Burr-Feinstein effort?represent the right approach to solving the problem. ?Any legislative solutions yet proposed come with significant trade-offs, and provide little guarantee of successfully addressing the issue,? the paper reads. ?Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix.? The committee?s researchers are far from the first to criticize the Senate encryption bill. Privacy advocates were immediately incensed at its heavy-handed approach, which was essentially to ban the encryption already present in everything from an iPhone to Whatsapp to a web browser. New America Foundation director Kevin Bankston told WIRED it was ?easily the most ludicrous, dangerous, technically illiterate proposal I?ve ever seen.? The White House also held off on any endorsement of the bill, giving it little chance of advancing this year. But the House Homeland Security report may signal that Congress itself also harbors strong reservations about any law that would restrict widespread encryption technology. In fact, the committee?s research report takes an approach to the encryption issue that at times sounds more like the arguments of the privacy community than those posed previously by the government. It acknowledges, for instance, that the depiction of the crypto debate as one of ?privacy versus security? mischaracterizes it; that encryption is itself a form of necessary security for everything from smartphones to online retail to medical records. ?Thus, what we are really dealing with is not so much a question of ?privacy versus security,? but a question of ?security versus security,'? the paper states. Rather than coming to any definitive conclusion on the crypto debate, the report instead calls for a so-called National Commission on Security and Technology Challenges to hammer out a more nuanced approach to the issue?the same proposal put forward in a bill late last year from Michael McCaul, who not so coincidentally chairs the House Homeland Security Committee. That commission would, in theory, allow ?impacted parties themselves??i.e. Silicon Valley, cryptographers, and the intelligence and law enforcement agents whose surveillance techniques are blocked their encryption??to directly engage one another in an honest and in-depth conversation in order to develop the factual foundation needed to support sustainable solutions.? After years of ongoing debate, however, that call for more discussion feels like a ?stalling tactic,? says Susan Hennessey, a former NSA general counsel and current fellow at the Brookings Institution. ?It?s a nice punt, by which no one has to take a controversial position,? she says. ?The challenge is understanding what this commission is going to produce that isn?t in this report.? Hennessey argues that Congress needs to instead acknowledge that there may be no solution that pleases both sides, and that legislators need to grapple with the substantive details of the debate: Questions like the interpretation of the All Writs? Act that the FBI used to try to compel Apple to help bypass the iPhone?s encryption, or the ?technical assistance? provision of the Wiretap Act that could force companies to rewrite their code on behalf of law enforcement. ?These questions will be answered in modest, moderate ways,? she says. ?What we really need is for Congress to start engaging on those issues.? But merely the recognition from Congress that it needs to learn more before making any decision on the thorny topic of encryption represents progress, says privacy-focused Cato Institute fellow Julian Sanchez. ?That may be the most hopeful sign. The dangerous thing is to be? too ignorant to recognize your own ignorance,? he says. Now, he says, ?there seems to be willingness to learn, rather than an insistence on getting to what they ?know? is the right outcome.? -- It's better to burn out than fade away.