From rforno at infowarrior.org Mon May 2 08:20:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 May 2016 09:20:24 -0400 Subject: [Infowarrior] - FBI Chooses Secrecy Over Locking Up Criminals Message-ID: FBI Chooses Secrecy Over Locking Up Criminals Jenna McLaughlin May 2 2016, 8:14 a.m. https://theintercept.com/2016/05/02/fbi-chooses-secrecy-over-locking-up-criminals/ The Federal Bureau of Investigation?s refusal to discuss even the broad strokes of some of its secret investigative methods, such as implanting malware and tracking cellphones with Stingrays, is backfiring ? if the goal is to actually enforce the law. In the most recent example, the FBI may be forced to drop its case against a Washington State school administrator charged with possessing child porn because it doesn?t want to tell the court or the defense how it got its evidence?even in the judge?s chambers. The FBI reportedly used a bug in an older version of the free anonymity software Tor to insert malware on the computers of people who accessed a child-porn website it had seized. The malware gave agents the ability to see visitors? real Internet addresses and track them down. Defense lawyers for Jay Michaud of Vancouver, Wash., argued they had the right to review the malware in order to pursue their argument that the government compromised the security of Michaud?s computer, leading to the illicit material ending up there unintentionally. U.S. District Court Judge Robert Bryan in Tacoma agreed. ?The consequences are straightforward: the prosecution must now choose between complying with the Court?s discovery order and dismissing the case,? Michaud?s defense attorneys wrote in a brief filed last week. The FBI?s lawyers took what they described as the ?unusual step? in late March of asking the judge to reconsider his order, repeating earlier arguments that revealing the full details of the technique would be ?harmful to the public interest.? The information might damage future investigations by allowing potential targets to learn about the FBI?s tactics, its attorneys argued, and might ?discourage cooperation from third parties and other governmental agencies who rely on these techniques in critical situations.? The bureau sometimes pays third parties for exploitable security flaws, which lose their market value when they are made public and get fixed. FBI officials declined to comment to The Intercept about their legal strategy. In their frequent public arguments against unbreakable encryption, FBI officials have been arguing that public safety takes precedence over personal privacy. But if this case gets dropped, the ?defendant walks because the Government has decided that its secrecy trumps someone else?s becoming a victim of Crime Everyone Hates,? Scott Greenfield, criminal defense lawyer, wrote in his blog Simple Justice. ?The FBI would rather let a criminal go free than actually follow a court order designed to ensure a fair defense? even though revealing the bug ?would almost certainly not help the defense,? tweeted Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California. And this isn?t the first time FBI has expressed ?its preference for secrecy over public safety,? tweeted Amie Stepanovich, U.S. policy manager for digital rights group Access Now. Indeed, the FBI?s insistence on keeping certain surveillance tools secret ?particularly the Stingray, or IMSI catcher, which imitates a cellphone tower to secretly grab up data about nearby phones ? is letting criminals go free. In Baltimore, 2,000 convictions may be overturned because of evidence that the police and the FBI purposefully withheld and then lied about the capabilities of the technology. And last week, a city judge in Baltimore reluctantly tossed out key murder evidence gathered after the use of a cell site simulator because the police, who had been concealing use of the device as part of a nondisclosure agreement with the FBI, used it without getting a search warrant. She called it an ?unconstitutional search.? Journalists have also reported on cases in New York and Florida where the FBI instructed prosecutors to offer a deal or drop the case entirely to hide details about the technology. In Milwaukee, the FBI simply tried to hide its use entirely from the record. At least 20 local agencies have signed non-disclosure agreements when they purchase Stingrays, according to privacy advocate Mike Katz-Lacabe who keeps track. The American Civil Liberties Union and other groups have chronicled federal and local law enforcement use of Stingrays in at least 23 states. ?We still don?t know all of the law enforcement agencies that actually have StingRay/HailStorm/DRTbox devices,? Katz-Lacabe wrote in an email to The Intercept. ?With a few exceptions, we don?t know how they are used by each agency or how frequently. We don?t know their full range of impact on nearby phones as we don?t know the technical capabilities of the amplifiers and antennas that are used with the devices. We don?t know which agencies are using equipment that can actually intercept calls instead of just track them. I think that more cases will be thrown out as defense attorneys, judges, and the public learn about the technology that law enforcement has tried to keep secret,? he wrote. Nathan Wessler, an attorney with the ACLU?s Speech, Privacy, and Technology Project, says the FBI?s openness about Stingrays seems to have gotten a little better since the DOJ updated its Stingray policy in September 2015 to increase privacy protections and legal requirements. ?It looks like the DOJ policy has had an effect at least on what the FBI is telling judges when it seeks judicial authorization. The FBI should have exercised at least this level of candor with judges starting years ago, but at least there?s evidence that they?re doing so now,? he wrote in an email to The Intercept. And yet, he wrote: ?The biggest continuing problem involving FBI secrecy about Stingrays is at the state and local level, where the FBI?s non-disclosure agreement has kept judges, defense attorneys, and the public in the dark.? When it comes to hacking tools, the FBI?s secrecy is ?still intense,? Wessler concluded. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 2 09:39:04 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 May 2016 10:39:04 -0400 Subject: [Infowarrior] - =?utf-8?q?Your_phone=E2=80=99s_biggest_vulnerabil?= =?utf-8?q?ity_is_your_fingerprint?= Message-ID: <544F8277-EEEA-4490-B158-900D8E19ADC7@infowarrior.org> Your phone?s biggest vulnerability is your fingerprint http://www.theverge.com/2016/5/2/11540962/iphone-samsung-fingerprint-duplicate-hack-security -- It's better to burn out than fade away. From rforno at infowarrior.org Wed May 4 13:10:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 May 2016 14:10:11 -0400 Subject: [Infowarrior] - Elsevier Complaint Shuts Down Sci-Hub Domain Name Message-ID: <9486F487-A333-4BC1-A798-A9293111398C@infowarrior.org> Elsevier Complaint Shuts Down Sci-Hub Domain Name - TorrentFreak By Ernesto https://torrentfreak.com/elsevier-complaint-shuts-down-sci-hub-domain-name-160504/ Sci-Hub is facing millions of dollars in damages in a lawsuit filed by Elsevier, one of the largest academic publishers. As a result of the legal battle the site just lost one of its latest domain names. However, the site has no intentions of backing down, and will continue its fight to keep access to scientific knowledge free and open. Hoping to stop the unauthorized distribution of millions of academic papers, academic publisher Elsevier filed a complaint against Sci-Hub and several related sites last year. While Sci-Hub is nothing like the average pirate site, it is just as illegal according to Elsevier?s legal team, which obtained a preliminary injunction from a New York District Court last fall. The injunction ordered Sci-Hub?s operator to quit offering access to any Elsevier content, but this didn?t happen. Instead of taking Sci-Hub down, the lawsuit and the associated media attention only helped the site grow. However, as part of the injunction Elsevier is able to request domain name registrars to suspend Sci-Hub?s domain names. This happened to the original .org domain earlier, and a few days ago the Chinese registrar Now.cn appears to have done the same for Sci-hub.io. The domain name has stopped resolving and is now listed as ?reserved? according to the latest WHOIS info. TorrentFreak reached out to Sci-Hub founder Alexandra Elbakyan, who informed us that the registrar sent her a notice referring to a complaint from Elsevier. Message from the registrar Elbakyan was also quick to add that several ?backup? domain names are still in play, including Sci-Hub.bz and Sci-Hub.cc. This means that the site remains accessible to those who update their bookmarks. In addition to the alternative domain names users can access the site directly through the IP-address 31.184.194.81, or its domain on the Tor-network, which is pretty much immune to any takedown efforts. The Ukraine-born Elbakyan has no intention of throwing in the towel and believes that what she does is helping millions of less privileged researchers to do their work properly by providing free access to research results. Authorized or not, there is definitely plenty of interest in Sci-Hub?s service. The site currently hosts more than 51 million academic papers and receives millions of visitors per month. Many visits come from countries where access to academic journals is limited, such as Iran, Russia or China. But even in countries where access is more common, many researchers visit the site, an analysis from Science magazine revealed last week. Elsevier says it is still deliberating what steps to take next. The publisher recently informed the New York District Court that it?s researching what ?potential additional remedies? it can take against Sci-Hub and its operator. Meanwhile, academic pirates continue to flood to Sci-Hub, domain seizure or not. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu May 5 08:15:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 May 2016 09:15:07 -0400 Subject: [Infowarrior] - FBI Wants to Exempt Its Massive Biometric Database from Some Federal Privacy Rules Message-ID: FBI Wants to Exempt Its Massive Biometric Database from Some Federal Privacy Rules By Mohana Ravindranath http://www.nextgov.com/emerging-tech/2016/05/fbi-wants-exempt-its-massive-biometric-database-federal-privacy-rules/128051/ The FBI wants to block individuals from knowing if their information is in a massive repository of biometric records, which includes fingerprints and facial scans, if the release of information would "compromise" a law enforcement investigation. The FBI?s biometric database, known as the ?Next Generation Identification System,? gathers a wide scope of information, including palm prints, fingerprints, iris scans, facial and tattoo photographs, and biographies for millions of people. On Thursday, the Justice Department Agency plans to propose that the database be exempt from several provisions of the Privacy Act -- legislation that requires federal agencies to share information about the records they collect with the individual subject of those records, allowing them to verify and correct them if needed. Aside from criminals, suspects, and detainees, the system includes data from people fingerprinted for jobs, licenses, military or volunteer service, background checks, security clearances, and naturalization, among other government processes. Letting individuals view their own records, or even the accounting of those records, could compromise criminal investigations or "national security efforts," potentially revealing a ?sensitive investigative technique? or information that could help a subject ?avoid detection or apprehension,? the draft posting said. Another clause requires agencies to keep the records they collect to assure individuals that any determination made about them was made fairly. Arguing for an exemption, the FBI posting claimed that it is ?impossible to know in advance what information is accurate, relevant, timely and complete? for ?authorized law enforcement purposes.? ?With time, seemingly irrelevant or untimely information may acquire new significance when new details are brought to light," the posting said. Information contained in the database could help with ?establishing patterns of activity and providing criminal lead.? The proposal, open for public comment for a month after it?s officially posted, would set a worrying precedent in which law enforcement has significant leeway to decide what information to collect without informing the subject, according to Jeramie Scott, a National Security Counsel at the Electronic Privacy Information Center, a research group advocating for digital civil liberties. In 2014, EPIC won a lawsuit against the FBI arguing that the contracts and technical requirements supporting the Next Generation Identification database be published. The proposal?s suggestion that data could be used to establish ?patterns of activity? was particularly troubling, Scott said. ?We don?t know exactly what that means,? Scott told Nextgov in an interview. ?If you have no ability to access the record the FBI has on you, even when you?re not part of an investigation or under investigation, and lo and behold inaccurate information forms a ?pattern of activity? that then subjects you to [be] the focus of the FBI, then that?s a problem.? It?s unclear how many individuals are covered in the database. FBI documents obtained by privacy rights group the Electronic Frontier Foundation in 2014 suggested that the FBI?s facial recognition component was on track to contain 52 million images by 2015. FBI did not respond to Nextgov?s request for comment. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 6 10:07:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 May 2016 11:07:24 -0400 Subject: [Infowarrior] - Panama Papers source breaks silence over 'scale of injustices' Message-ID: <90AB593F-AB58-45E8-BCDC-5E44BDE4D4F4@infowarrior.org> Panama Papers source breaks silence over 'scale of injustices' http://www.theguardian.com/news/2016/may/06/panama-papers-source-breaks-silence-over-scale-of-injustices -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 6 18:04:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 May 2016 19:04:33 -0400 Subject: [Infowarrior] - =?utf-8?q?Inside_Palantir=2C_Silicon_Valley?= =?utf-8?q?=E2=80=99s_Most_Secretive_Company?= Message-ID: Inside Palantir, Silicon Valley?s Most Secretive Company https://www.buzzfeed.com/williamalden/inside-palantir-silicon-valleys-most-secretive-company -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 6 21:13:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 May 2016 22:13:13 -0400 Subject: [Infowarrior] - OT: Teens React to (Original 1993) Doom and I Feel Old Now Message-ID: <222C5293-A50A-4175-BF96-3E34ECC398E9@infowarrior.org> Ahhhh, memories! (And props to the one girl who knew her way around the game.) --rick Teens React to (Original 1993) Doom and I Feel Old Now https://www.geeksaresexy.net/2016/05/06/teens-react-original-1993-doom/ I know there is a real split reaction in society and social media about ?reaction? videos. Some love them and some hate them (and yes, two people just tried to copyright and monopolize the word REACT, but the less we speak of that, the better). And as far as my contributions to this site, I don?t EVER choose to share ?kids react? or reaction videos on here because they are just so plastered everywhere about everything. If I want to watch someone react to something, I will put on the Red Wedding at a family get together during the holidays. BUTTTTTT?I know I am not the only ?grown up? geek in his 30?s, and I won?t lie to you, being a fan of the original Doom (like, drooling fan back in the day), this video made me feel really old. So here you go, feel old with me so I don?t feel so badly about it. And please get those DAMN KIDS OFF MY LAWN! *Stands outside in robe and shakes cane vigorously -- It's better to burn out than fade away. From rforno at infowarrior.org Sat May 7 10:30:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 May 2016 11:30:14 -0400 Subject: [Infowarrior] - WTF. "See Something Say Something" goes to the next level of fail Message-ID: Ivy League economist ethnically profiled, interrogated for doing math on American Airlines flight https://www.facebook.com/crampell https://www.washingtonpost.com/news/rampage/wp/2016/05/07/ivy-league-economist-interrogated-for-doing-math-on-american-airlines-flight On Thursday evening, a 40-year-old man ? with dark, curly hair, olive skin and an exotic foreign accent ? boarded a plane. It was a regional jet making a short, uneventful hop from Philadelphia to nearby Syracuse. Or so dozens of unsuspecting passengers thought. The curly-haired man tried to keep to himself, intently if inscrutably scribbling on a notepad he?d brought aboard. His seatmate, a blond-haired, 30-something woman sporting flip-flops and a red tote bag, looked him over. He was wearing navy Diesel jeans and a red Lacoste sweater ? a look he would later describe as ?simple elegance? ? but something about him didn?t seem right to her. She decided to try out some small talk. Is Syracuse home? She asked. No, he replied curtly. He similarly deflected further questions. He appeared laser-focused ? perhaps too laser-focused ? on the task at hand, those strange scribblings. Rebuffed, the woman began reading her book. Or pretending to read, anyway. Shortly after boarding had finished, she flagged down a flight attendant and handed that crew-member a note of her own. Then the passengers waited, and waited, and waited for the flight to take off. After they?d sat on the tarmac for about half an hour, the flight attendant approached the female passenger again and asked if she now felt okay to fly, or if she was ?too sick.? I?m OK to fly, the woman responded. She must not have sounded convincing, though; American Airlines flight 3950 remained grounded. Then, for unknown reasons, the plane turned around and headed back to the gate. The woman was soon escorted off the plane. On the intercom a crew member announced that there was paperwork to fill out, or fuel to refill, or some other flimsy excuse; the curly-haired passenger could not later recall exactly what it was. The wait continued. Finally the pilot came by, and approached the real culprit behind the delay: that darkly-complected foreign man. He was now escorted off the plane, too, and taken to meet some sort of agent, though he wasn?t entirely sure of the agent?s affiliation, he would later say. What do know about your seatmate? The agent asked the foreign-sounding man. Well, she acted a bit funny, he replied, but she didn?t seem visibly ill. Maybe, he thought, they wanted his help in piecing together what was wrong with her. And then the big reveal: The woman wasn?t really sick at all! Instead this quick-thinking traveler had Seen Something, and so she had Said Something. That Something she?d seen had been her seatmate?s cryptic notes, scrawled in a script she didn?t recognize. Maybe it was code, or some foreign lettering, possibly the details of a plot to destroy the dozens of innocent lives aboard American Airlines Flight 3950. She may have felt it her duty to alert the authorities just to be safe. The curly-haired man was, the agent informed him politely, suspected of terrorism. The curly-haired man laughed. He laughed because those scribbles weren?t Arabic, or some other terrorist code. They were math. Yes, math. A differential equation, to be exact. Had the crew or security members perhaps quickly googled this good-natured, bespectacled passenger before waylaying everyone for several hours, they might have learned that he ? Guido Menzio ? is a young but decorated Ivy League economist. And that he?s best known for his relatively technical work on search theory, which helped earn him a tenured associate professorship at the University of Pennsylvania as well as stints at Princeton and Stanford?s Hoover Institution. They might even have discovered that last year he was awarded the prestigious Carlo Alberto Medal, given to the best Italian economist under 40. That?s right: He?s Italian, not Middle Eastern, or whatever heritage usually gets ethnically profiled on flights these days. Menzio had been on the first leg of a connecting flight to Ontario, where he would give a talk at Queen?s University on a working paper he co-authored about menu costs and price dispersion. His nosy neighbor had spied him trying to work out some properties of the model of price-setting he was about to present. Perhaps she couldn?t differentiate between differential equations and Arabic. Menzio showed the authorities his calculations and was allowed to return to his seat, he told me by email. He said the pilot seemed embarrassed. Soon after, the flight finally took off, more than two hours after its scheduled departure time for what would be just a 41-minute trip in the air, according to flight-tracking data. The woman never reboarded to the flight. Casey Norton, a spokesman for American Airlines (whose regional partner Air Wisconsin had operated the flight), said the woman had indeed initially told the crew she was sick, but when she deplaned she disclosed that the reason she was feeling ill was her concern about the behavior of her seatmate. At that time, she requested to be rebooked on another flight. The crew then called for security personnel, who interviewed Menzio and determined him not to be a ?credible threat.? Norton did not know whether the woman was ever notified that Menzio was cleared. (He said he was not allowed to give out her name for privacy reasons, and since Menzio did not know it either, I have not been able to contact the woman for comment.) Whenever there are conflicts between passengers, Norton said, ?we try to work with them peacefully to resolve it,? whether that means changing seat assignments or switching someone to take a different flight. When asked how often customers raise similar suspicions about fellow passengers that turn out to be unfounded, he said it happens ?from time to time? but declined to provide details about frequency. Menzio for his part says he was ?treated respectfully throughout,? though he remains baffled and frustrated by a ?broken system that does not collect information efficiently.? He is troubled by the ignorance of his fellow passenger, as well as ?A security protocol that is too rigid?in the sense that once the whistle is blown everything stops without checks?and relies on the input of people who may be completely clueless. ? Rising xenophobia stoked by the presidential campaign, he suggested, may soon make things worse for people who happen to look a little other-ish. ?What might prevent an epidemic of paranoia? It is hard not to recognize in this incident, the ethos of [Donald] Trump?s voting base,? he wrote. In this true parable of 2016 I see another worrisome lesson, albeit one also possibly relevant to Trump?s appeal: That in America today, the only thing more terrifying than foreigners is?math. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat May 7 11:59:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 May 2016 12:59:15 -0400 Subject: [Infowarrior] - Hacker-zine Phrack returns Message-ID: <7FEED9C6-4557-4B38-BCCF-720094E92750@infowarrior.org> After a 4 year hiatus, a new issue and apparently new life ... http://phrack.org/issues/69/1.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sun May 8 18:29:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 May 2016 19:29:11 -0400 Subject: [Infowarrior] - Judge asks: Are US Courts Going Dark? Message-ID: Are US Courts Going Dark? Stephen Wm. Smith is a US Magistrate Judge sitting in Houston, Texas. https://www.justsecurity.org/30920/courts-going-dark/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 9 06:50:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 07:50:44 -0400 Subject: [Infowarrior] - Police and Tech Giants Wrangle Over Encryption on Capitol Hill Message-ID: (DA Cyrus Vance's repeated whinings about "going dark" is making him sound more like the legal community's version of Mrs. Lovejoy from the 'Simpsons.' --rick) Police and Tech Giants Wrangle Over Encryption on Capitol Hill Cecilia Kang http://www.nytimes.com/2016/05/09/technology/police-and-tech-giants-wrangle-over-encryption-on-capitol-hill.html ?This is an escalating fight,? said Robert D. Atkinson, president of the Information Technology and Innovation Foundation, a research firm based in Washington that is funded by tech companies including Google and Microsoft. ?It?s become the focus now in Washington, with hearings and legislative activity.? Law enforcement officials blame tech companies for creating the impasse. ?There?s no question our relationship with the tech industry has gotten worse, and now it seems like the tech industry is taking every opportunity they have to put up obstacles in our way, including trying to derail legislative efforts that would give law enforcement what they need to keep people safe,? said Terrence Cunningham, president of the International Association of Chiefs of Police. Facebook, Google and Microsoft declined to comment on their lobbying activity. An Apple spokesman said the company has met regularly with members of Congress on encryption and other issues. A reporter took a photo of encrypted smartphones held as evidence by the New York City Police Department. Bryan R. Smith for The New York Times The amount of lobbying on the encryption bill is unusual at this early stage of a bill?s life, showing the stakes involved. Tech companies are reluctant to give access to encrypted information from their users, for privacy reasons and because it may affect their businesses. Law enforcement officials say their efforts to prevent and solve crime are hampered if they cannot see digital data on phones, messaging services and other technology services. ?Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order,? Senator Feinstein said in a statement about the draft bill. ?We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.? The rhetoric in Washington around encryption has grown increasingly sharp. Last month, when the contents of the draft encryption bill were leaked, the president of the Consumer Technology Association, a trade group that counts Apple, Google, Facebook and Amazon among its 4,000 members, spoke to an audience filled with government officials at a lunch hosted by the Media Institute. The bill is ?dangerously overreaching and technically unsophisticated,? said Gary Shapiro, president of the association. ?This bill would essentially make effective cybersecurity illegal in the United States, pushing companies that take cybersecurity seriously offshore.? Other tech trade groups, including Reform Government Surveillance and the Business Software Alliance, have also waded into the fray, sending critical letters and meeting with senators to warn of the dangers of the bill. And Silicon Valley executives have, in increasing numbers, made the trek to Washington to make their cases directly. Bob Lord, chief information security officer at Yahoo, visited several members of Congress in late April to talk about the technology behind encryption and to warn of the ?unintended consequences? of legislation that could weaken security. While he did not specifically mention the Burr-Feinstein bill, he emphasized how consumers and human rights activists worldwide depend on encrypted technology for their safety and privacy. ?The notion that we would weaken encryption or provide back doors, those suggestions will have unintended consequences,? Mr. Lord said. Law enforcement officials, in turn, have frequently met with the same lawmakers in the Senate and House intelligence, judiciary and commerce committees who are being targeted by the tech companies, according to congressional staff members. Chief Cunningham and other members of the police chiefs? group have talked with Mr. Burr and Ms. Feinstein, given opinions during the drafting of the legislation and hosted panels on encryption for House and Senate lawmakers. Tech companies have turned to certain politicians to champion their cause, such as Senator Ron Wyden, a Democrat from Oregon. On the day the draft encryption bill was introduced, Mr. Wyden, who voted against the 2012 copyright bills known as the Stop Online Piracy Act and the Protect Intellectual Property Act, which were also opposed by the tech industry, said he had been flooded with calls from tech companies wanting to know what he would do. Mr. Wyden said he intended to filibuster the proposal. He has since met with Intelligence Committee members to persuade them to kill the bill. ?I have not filibustered many issues, but I think the stakes are enormous,? Mr. Wyden said in an interview. ?The bill as written is a lose-lose, because it will create less security, American families will be less safe, and your liberty and privacy will be damaged.? For all the lobbying, few lawmakers have expressed their views on the encryption bill. ?I?m reserving judgment,? said Senator King, who met with Mr. Vance last month. ?The issues are so complex, it?s like trying to nail Jell-O to the wall.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 9 06:55:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 07:55:40 -0400 Subject: [Infowarrior] - Trump in Line to Receive Top U.S. Intelligence Secrets Message-ID: <72BB94B7-7880-4FE3-B19D-DA3673837E9D@infowarrior.org> http://www.bloomberg.com/politics/articles/2016-05-09/talkative-trump-in-line-to-receive-top-u-s-intelligence-secrets Talkative Trump in Line to Receive Top U.S. Intelligence Secrets Chris Strohm cstrohm May 9, 2016 ? 5:00 AM EDT Donald Trump, the most voluble U.S. presidential candidate in memory, will soon be entitled to regular briefings on some of the nation?s most sensitive intelligence secrets. Once Trump, known for his off-the-cuff speeches and constant tweets, becomes the Republican nominee for the White House in July, he?ll be entitled to updates based on the President?s Daily Brief, a compilation of top-level classified intelligence about global events. It?s a prospect giving pause to some officials, who wonder how Trump will react to the information and whether he might inadvertently let some sensitive information slip out, according to several who asked not to be identified because they don?t want to be seen as taking sides in the political campaign. ?We will absolutely have no problem keeping it private. Nobody can hold information better than Mr. Trump,? Hope Hicks, a spokeswoman for Trump?s campaign, said when asked about the briefings. ?We look forward to asking questions.? While every Republican and Democratic nominee since the 1950s has received such briefings, providing them to Trump is going to be a unique experience for intelligence professionals, said Michael Hayden, who served as director of the CIA from 2006 to 2009 and participated in the sessions for Democrat Barack Obama and his Republican challenger, Senator John McCain, in 2008. Foreign Policy Consensus ?My life experience had me brief, or see others brief, candidates who are familiar with and accepting of the post-World War II American foreign policy consensus,? Hayden, who is now with the Chertoff Group in Washington, said in an interview. ?None of that appears to apply to Mr. Trump. This is going to make this series of briefings particularly challenging and exciting." During the Republican primary season, Trump has at times questioned the U.S. role in NATO, called Russian President Vladimir Putin ?a strong leader,? and said he?s ?in that camp? that believes torture yields valuable information from detainees. Hayden declined to speculate whether Trump can be trusted but said he would expect the Obama administration to give the Republican nominee the same briefings as his Democratic opponent. The Democratic front-runner, former Secretary of State Hillary Clinton, is a veteran recipient of government secrets, although Republicans contend she broke the law because classified information was included in messages on her private e-mail system. The FBI is investigating the matter. In addition to giving the presidential nominees top-level security clearances, Hayden said some of their top aides also would be cleared to receive the briefings. President Obama gets to decide what kind of classified information, and how much of it, the presidential candidates will receive, Hayden said. White House Press Secretary Josh Earnest indicated that the responsibility has been delegated to Director of National Intelligence James Clapper. Intelligence Professionals "This decision to provide that classified information will be made by the intelligence community," Earnest told reporters on May 5. "It will be made by the professionals there and they will do the right thing for the country, and they?ll do that without any political influence from the White House." Earnest said the administration has confidence that Clinton can protect classified information, but he wouldn?t say the same for Trump. "We?ll have to see what decision the director of national intelligence makes," Earnest said. "I guess I can?t offer my own assessment." Clapper told reporters last month that his office has already created a team, led by an official who isn?t a political appointee, to conduct the briefings. Both candidates will get the same information, and the officials briefing them will take steps to protect sources and methods, Clapper said at an event in Washington hosted by the Christian Science Monitor. A spokesman for Clapper declined further comment. The initial briefings are likely to be limited in scope and content, mainly because the candidates won?t have much time, Hayden said. After the November election, the new president-elect and key aides will receive the full President?s Daily Brief, with the possible exception of active covert operations, Hayden said. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 9 06:59:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 07:59:09 -0400 Subject: [Infowarrior] - European Parliament Orders MEP To Take Down A Video About His Attempt To Visit The 'Reading Room' For Trade Documents Message-ID: <4A67AC3E-1B42-4B3B-9BED-99021497B415@infowarrior.org> European Parliament Orders MEP To Take Down A Video About His Attempt To Visit The 'Reading Room' For Trade Documents https://www.techdirt.com/articles/20160506/17281834365/european-parliament-orders-mep-to-take-down-video-about-his-attempt-to-visit-reading-room-trade-documents.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 9 07:00:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 08:00:37 -0400 Subject: [Infowarrior] - Fwd: referral: blocking ads increases just drives them deeper in References: <20160509115901.7F82FA06D62@palinka.tinho.net> Message-ID: <133A399E-48A7-4A3A-8616-B2A18D70888A@infowarrior.org> -- It's better to burn out than fade away. > Begin forwarded message: > > From: dan > > [antibiotic-driven disease resistance in another form] > > http://www.nytimes.com/2016/05/09/business/media/ads-evolve-into-new-forms-as-media-landscape-shifts.html > > Ads Evolve Into New Forms as Media Landscape Shifts > > By SYDNEY EMBERMAY 8, 2016 > > Peter Naylor, head of advertising sales at Hulu, stood on a stage > before a roomful of advertising executives who were there to see > what the popular streaming service had in store for the year. > After trumpeting Hulu's new interactive ads, Mr. Naylor made > another pitch. "We offer you the opportunity to become part of > the creative process with us," he said. > > Meaning what, exactly? > > "Goose Island IPA has signed on to sponsor our hit series `Casual' > and integrate into the show," Mr. Naylor said. And in the current > season of "The Mindy Project," he added, "not only does Mindy > fall in love with her new Microsoft Surface Book, but she also > gets to escape the city in her newly designed Lexus RX." > > This kind of advertising through product placement is certainly > not new. But Mr. Naylor's announcement -- made during last week's > Digital Content NewFronts, an annual sales event where companies > like Hulu compete for digital advertising dollars -- underscored > a broader question running through the advertising industry: > What exactly constitutes an ad these days? > > For decades, 30-second television commercials were the gold > standard, and as online video proliferated, many digital ads > were essentially repurposed from TV. But in the last several > years, advertisers have become more sophisticated, creating > digital ads that were divorced from traditional campaigns and > were better suited to the many platforms that have become > available, including Facebook, Twitter, YouTube and Snapchat. > Now, online ads interrupt nearly everything. > > This explosion of online ads, however, has led to the rising use > of ad blockers and turned "advertising" into something of a dirty > word. So advertisers and publishers are now looking for ways to > make online ads less like ads. Many in the industry are even > changing the way they talk about ads. > > During the NewFronts, Hulu and many other companies, often using > a rhetorical sleight of hand, put forth the idea that ads are > the products of symbiotic relationships, rather than frustrating > invaders. Jennifer L. Wong, president of digital for Time Inc., > told advertisers the company was "helping brands develop original > content" and added, "Working with us is easy." Lisa Valentino, > head of ad sales for Cond Nast, urged the audience to "take a > look at the results when Cond Nast tells your story." Ze Frank, > president of BuzzFeed Motion Pictures, said the company worked > "with brands and agencies to develop original content." > > Many companies ran flashy videos that showcased examples of these > partnerships, much like ad agencies pitching clients. BuzzFeed, > for instance, promoted its Tasty channel as a successful example > of how it could work with brands like Oster, which makes grills > and other appliances. > > Publishers are "no longer content to be the place where ads go," > said Ben Winkler, chief investment officer for the agency OMD > United States. "What we're hearing at this NewFronts more than > ever is this can be a two-way exchange." > > The rhetorical gymnastics, however, also signal a deeper trend > in the ad business. As companies seek to remove clutter from > their sites while also bolstering their ad revenue, many are > turning to so-called branded content, a widely used but vague > industry term that generally means ads that look more like things > people actually want to read or watch. > > Many publishers, including Vice and The New York Times, have > formed what are essentially internal agencies that create ads > for brands. And many already boast of success, or at least the > promise of it. > > "We believe branded content and native solutions is a large-scale > opportunity for Time Inc.," Joseph A. Ripp, chief executive of > Time Inc., said on an earnings call last week. "We are increasingly > hearing from C.M.O.s that they want to speak to their customers > in the same way that Time Inc. talks to its audiences," he added > in a reference to chief marketing officers. > > Branded content is not the only technique advertisers are trying. > They are also creating emojis, posting on Twitter, creating > Instagram videos and dabbling in virtual reality platforms. On > the traditional advertising side, some networks are showing fewer > commercials and offering advertisers the opportunity to sponsor > programming. > > NBC, for example, announced last month that it was planning to > cut about 30 percent of the ads from episodes of "Saturday Night > Live" next season and allow advertisers to create original > segments. Turner, which is part of Time Warner, and Viacom, which > owns MTV and Comedy Central, have also said they plan to reduce > the amount of commercials on their cable networks. > > Underpinning all of this rethinking are big changes in how people > are consuming media -- and in how advertisers are allocating > their money. Consumption habits have become increasingly > fragmented, with more people watching programming, including > television shows and live sports, on different online platforms. > As a result, traditional television, with its 30-second commercials, > is losing its commanding share of advertising dollars. Digital > media is expected to pass TV as the biggest advertising category > in the United States this year, with roughly $68 billion in ad > sales compared with $66 billion for TV, according to the Interpublic > Group's Magna Global. > > With online ad spending growing, finding ways to stand out among > the onslaught of other online ads has become more important for > advertisers. And therein lies a possible conundrum: Advertisers > want their ads to look less like ads even as they are fighting > harder for attention. > > As Caty Burgess, senior vice president for media strategies at > the CW television network, said, "Is the question, `What is an > ad?' or `What isn't an ad?'" > > From rforno at infowarrior.org Mon May 9 07:51:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 08:51:20 -0400 Subject: [Infowarrior] - Twitter Bars Intelligence Agencies From Using Analytics Service Message-ID: wsj.com Twitter Bars Intelligence Agencies From Using Analytics Service Christopher S. Stewart and Mark Maremont May 8, 2016 7:54 p.m. ET http://www.wsj.com/articles/twitter-bars-intelligence-agencies-from-using-analytics-service-1462751682 Twitter Inc. cut off U.S. intelligence agencies from access to a service that sifts through the entire output of its social-media postings, the latest example of tension between Silicon Valley and the federal government over terrorism and privacy. The move, which hasn't been publicly announced, was confirmed by a senior U.S. intelligence official and other people familiar with the matter. The service -- which sends out alerts of unfolding terror attacks, political unrest and other potentially important events -- isn't directly provided by Twitter, but instead by Dataminr Inc., a private company that mines public Twitter feeds for clients. Twitter owns about a 5% stake in Dataminr, the only company it authorizes both to access its entire real-time stream of public tweets and sell it to clients. Dataminr executives recently told intelligence agencies that Twitter didn't want the company to continue providing the service to them, according to a person familiar with the matter. The senior intelligence official said Twitter appeared to be worried about the "optics" of seeming too close to American intelligence services. Twitter said it has a long-standing policy barring third parties, including Dataminr, from selling its data to a government agency for surveillance purposes. The company wouldn't comment on how Dataminr -- a close business partner -- was able to provide its service to the government for two years, or why that arrangement came to an end. The move doesn't affect Dataminr's service to financial industry, news media or other clients outside the intelligence community. The Wall Street Journal is involved in a trial of Dataminr's news product. Dataminr's software detects patterns in hundreds of millions of daily tweets, traffic data, news wires and other sources. It matches the data with market information and geographic data, among other things, to determine what information is credible or potentially actionable. For instance, Dataminr gave the U.S. intelligence community an alert about the Paris terror attacks shortly after they began to unfold last November. That type of information makes it "an extremely valuable tool" to detect events in real time, the intelligence official said. In March, the company says it first notified clients about the Brussels attacks 10 minutes ahead of news media, and has provided alerts on ISIS attacks on the Libya oil sector, the Brazilian political crisis, and other sudden upheaval in the world. U.S. government agencies that used the Dataminr service are unhappy about the decision and are hoping the companies will reconsider, according to the intelligence official. "If Twitter continues to sell this [data] to the private sector, but denies the government, that's hypocritical," said John C. Inglis, a former deputy director of the National Security Agency who left in 2014. "I think it's a bad sign of a lack of appropriate cooperation between a private-sector organization and the government." Analysis of Twitter and other social-media services has become increasingly important to intelligence and law-enforcement agencies tracking terror groups. Islamic State posts everything from battlefield positions to propaganda and threats over Twitter. San Francisco-based Twitter deletes thousands of accounts a month for violating its antiterror policies, but Islamic State supporters create new accounts almost as quickly. "The volume of the group's activity on Twitter yields a vast amount of data that is a crucial tool for counterterrorism practitioners working to manage threats," said Michael S. Smith II, chief operating officer of the security consulting firm Kronos Advisory. "Twitter's decision could have grave consequences." In a speech last September, David S. Cohen, a deputy director of the Central Intelligence Agency, discussed the importance of "open source" social-media data gathered by the CIA, saying Islamic State's "tweets and other social-media messages publicizing their activities often produce information that, especially in the aggregate, provides real intelligence value." Silicon Valley and the U.S. government have been locked in intensifying conflicts over cooperation since the revelations by former National Security contractor Edward Snowden about government surveillance of electronic communication. Most recently, Apple Inc. and the Justice Department were embroiled in a legal showdown over demands by the Federal Bureau of Investigation to unlock an iPhone used by one of the killers in the San Bernardino, Calif., attack in December. That fight -- which unlike the Dataminr product involved the release of private data -- ended in March when the FBI found another way to access the phone. In-Q-Tel, a venture-capital arm of the U.S. intelligence community, has been investing in data-mining companies to beef up the government's ability to sort through massive amounts of information. In-Q-Tel, for example, has invested in data-mining firms Palantir Technologies Inc. and Recorded Future Inc. U.S. intelligence agencies gained access to Dataminr's service after an In-Q-Tel investment in the firm, according to a person familiar with the matter. When a pilot program arranged by In-Q-Tel ended recently, Twitter told Dataminr it didn't want to continue the relationship with intelligence agencies, this person said. "Post-Snowden, American-based information technology companies don't want to be seen as an arm of the U.S. intelligence community," said Peter Swire, a Georgia Institute of Technology law professor and expert on data privacy. Dataminr, based in New York, was launched seven years ago by three former Yale University roommates. A financing round early last year valued it at $700 million, according to Dow Jones VentureSource. Its product goes beyond what a typical Twitter user could find in the jumble of daily tweets, employing sophisticated algorithms and geolocation tools to unearth relevant patterns. Dataminr has a separate, $255,000 contract to provide its breaking news-alert service to the Department of Homeland Security, which is still in force. Yoree Koh contributed to this article. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 9 10:41:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 11:41:59 -0400 Subject: [Infowarrior] - Email mishap leaks Google staff data Message-ID: Security Email mishap leaks Google staff data Alice MacGregor Mon 9 May 2016 2.41pm https://thestack.com/security/2016/05/09/email-mishap-leaks-google-staff-data/ Search giant Google has suffered a data breach which compromised the security of its employees, after the company?s staff benefits vendor mistakenly sent an email containing sensitive data to the wrong recipient. Google has today sent a formal apology to an undisclosed number of affected employees, viewable [PDF] on the Californian Attorney General?s website. The letter notifies of the data breach and advises staff to register for free identity protection checks and credit monitoring for the next two years. The document explains how the third-party company, which provides Google with benefits management services, sent the personal information to a benefits manager at another firm by accident. The data included staff names and social security numbers, among other sensitive details. Luckily for Google, the person who received it immediately recognised it as incorrectly directed private information, deleted the contents and notified Google?s vendor of the issue. Google is now conducting further investigation to ?determine the facts? and is working with the third-party provider to ensure that a similar incident doesn?t happen again. ?We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted,? Google reassured its employees. It continued: ?The benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.? Last month it was reported by the Herald that the UK Ministry of Defence made a similar administrative blunder, accidentally sending a restricted NATO report containing codewords, coordinates, radio frequencies and other critical data on military exercises to local fishing and ferry operators at the end of March. The Herald cited Scottish National Party defence spokesman Brendan O?Hara:?The careless circulation of this document represents a leak of highly sensitive information. This could compromise the safety and security of the whole exercise. The MoD must investigate this breach and review their communications procedures around exercises as soon as possible.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 9 15:49:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2016 16:49:54 -0400 Subject: [Infowarrior] - OT: If "The Empire Strikes Back" was a James Bond film, this would be the opening credits Message-ID: <77A5E5DC-25A0-4252-AEB0-D3519A5374D8@infowarrior.org> If "The Empire Strikes Back" was a James Bond film, this would be the opening credits http://boingboing.net/2016/05/09/if-the-empire-strikes-back.html -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 10 12:04:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 May 2016 13:04:33 -0400 Subject: [Infowarrior] - IBM and UMBC Collaborate to Advance Cognitive Cybersecurity Message-ID: <27195DE8-DE15-4B52-8459-16137A88DC9F@infowarrior.org> (XPosted a few ways --- I don't often post stuff about my university/department here, but some things warrant announcing. --rick) IBM and UMBC Collaborate to Advance Cognitive Cybersecurity http://www-03.ibm.com/press/us/en/pressrelease/49684.wss New Lab to Tackle National Cybersecurity Needs through Cognitive and Accelerated Computing YORKTOWN HEIGHTS, N.Y. and BALTIMORE, M.D. - 10 May 2016: IBM Research (NYSE: IBM) and the University of Maryland, Baltimore County (UMBC) today announced plans for a multi-year collaboration to create the Accelerated Cognitive Cybersecurity Laboratory (ACCL), which will be housed within the College of Engineering and Information Technology at UMBC. Opening in the fall of 2016, the lab will work to advance scientific frontiers in the application of cognitive computing to cybersecurity via analytics and machine learning, while also exploring specialized computer power optimized for these new intensive computing workloads. Cybersecurity threats are growing in both volume and sophistication. This issue is compounded by a growing shortage of security professionals, expected to reach 1.5 million unfilled positions by 20201. With the ACCL, IBM and UMBC will explore new ways to apply cognitive technologies ? which are able to digest, learn from, and reason over vast amounts of structured and unstructured data ? to help cybersecurity professionals gain an advantage in the battle against cybercrime. ?There is a massive amount of security data that exists for human consumption, which cannot be processed by traditional security systems,? said J.R. Rao, Director, Security Research, IBM. ?By exploring the intersection of cybersecurity and cognitive technology, we can leverage that untapped pool of data and evolve the way security professionals and technologies work together to help overcome cyber threats.? The ACCL will be headed by Anupam Joshi, director of UMBC?s Center for Cybersecurity and chair of computer science and electrical engineering at UMBC. He will be joined by a team of faculty members, graduate and undergraduate students, and software engineers, who will bring together strong expertise in cognitive computing, accelerated and high performance computing, and cybersecurity. UMBC researchers will collaborate with IBM scientists to push the frontiers of research and develop innovative technology that will be able to, with a human analyst in the loop, detect, analyze and mitigate sophisticated threats quickly. ?UMBC faculty, and students in the College of Engineering and Information Technology are excited to expand our work on global scientific and cybersecurity challenges in collaboration with world class partners like IBM,? said Julie Ross, dean of the UMBC?s College of Engineering and Information Technology. The ACCL research will be conducted on IBM and OpenPOWER technology. The IBM Power Systems being implemented in the ACCL at UMBC are infused with acceleration technology from the OpenPOWER Foundation, making them ideally suited for cognitive and advanced analytics workloads, critical to the cyber security work the researchers will be conducting. In addition, researchers will receive technical development and support from IBM Systems Group. This collaboration is part of IBM?s ongoing academic initiatives that help students develop skills and understanding of cognitive computing to meet the increasing demand for high-skilled technology professionals. UMBC is one of eight leading universities in North America working to train IBM's Watson for application in the cybersecurity space. Watson uses natural language processing to understand the vague and imprecise nature of human language in unstructured data. It can provide insights into emerging threats, as well as recommendations on how to stop them, increasing the speed and capabilities of security professionals. About IBM Research For more than seven decades, IBM Research has defined the future of information technology with more than 3,000 researchers in 12 labs located across six continents. Scientists from IBM Research have produced six Nobel Laureates, 10 U.S. National Medals of Technology, five U.S. National Medals of Science, six Turing Awards, 19 inductees in the National Academy of Sciences and 20 inductees into the U.S. National Inventors Hall of Fame. For more information about IBM Research, visit www.ibm.com/research. About University of Maryland, Baltimore County UMBC is a leading public research university known for innovative teaching, relevant research across disciplines, and a supportive community that empowers and inspires inquisitive minds. UMBC serves 14,000 undergraduate and graduate students, and combines the learning opportunities of a liberal arts college with the creative intensity of a leading research university. At the same time, UMBC is one of the country?s most inclusive education communities. UMBC also contributes to Maryland through strong government and industry partnerships that advance K?16 education, entrepreneurship, workforce training, and technology commercialization. Through academic and research leadership, UMBC's Center for Cybersecurity encourages collaboration and innovation from faculty and students to further UMBC?s position as a leader in cybersecurity disciplines, in Maryland and across the nation. For more information about the College of Engineering and Information Technology at UMBC, please visit coeit.umbc.edu/. For more information about the University of Maryland, Baltimore County, please visit umbc.edu -- It's better to burn out than fade away. From rforno at infowarrior.org Wed May 11 06:13:49 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2016 07:13:49 -0400 Subject: [Infowarrior] - America is 'dropping cyberbombs' -- but how do they work? Message-ID: <6413B64C-E3D0-4898-AA7A-6A6C55778849@infowarrior.org> America is 'dropping cyberbombs' -- but how do they work? Richard Forno / Anupam Joshi UMBC https://theconversation.com/america-is-dropping-cyberbombs-but-how-do-they-work-58476 Recently, United States Deputy Defense Secretary Robert Work publicly confirmed that the Pentagon?s Cyber Command was ?dropping cyberbombs,? taking its ongoing battle against the Islamic State group into the online world. Other American officials, including President Barack Obama, have discussed offensive cyber activities, too. The American public has only glimpsed the country?s alleged cyberattack abilities. In 2012 The New York Times revealed the first digital weapon, the Stuxnet attack against Iran?s nuclear program. In 2013, former NSA contractor Edward Snowden released a classified presidential directive outlining America?s approach to conducting Internet-based warfare. The terms ?cyberbomb? and ?cyberweapon? create a simplistic, if not also sensational, frame of reference for the public. Real military or intelligence cyber activities are less exaggerated but much more complex. The most basic types are off-the-shelf commercial products used by companies and security consultants to test system and network security. The most advanced are specialized proprietary systems made for exclusive ? and often classified ? use by the defense, intelligence and law enforcement communities. So what exactly are these ?cyberbombs? America is ?dropping? in the Middle East? The country?s actual cyber capabilities are classified; we, as researchers, are limited by what has been made public. Monitoring books, reports, news events and congressional testimony is not enough to separate fact from fiction. However, we can analyze the underlying technologies and look at the global strategic considerations of those seeking to wage cyber warfare. That work allows us to offer ideas about cyber weapons and how they might be used. A collection of capabilities A ?cyberbomb? is not a single weapon. Rather, cyberweapons are collections of computer hardware and software, with the knowledge of their potential uses against online threats. Although frequently used against Internet targets such as websites and forums, these tools can have real-world effects, too. Cyberattacks have disrupted cellphone networks and tricked computers controlling nuclear centrifuges into functioning differently from how they report their status to human operators. A simulated attack has shown how an enemy can remotely disrupt electric power generators. The process of identifying potential targets, selecting them and planning ?cyberbomb? attacks includes not only technological experts but military strategists, researchers, policy analysts, lawyers and others across the military-industrial complex. These groups constantly analyze technology to develop the latest cyber weapons and tactics. They also must ensure the use of a given ?cyberbomb? aligns with national interests, and follows national and international laws and treaties. For example, as part of their counterterrorism efforts, electronic intelligence services (such as the American NSA and British GCHQ) routinely collect items like real names, user IDs, network addresses, Internet server names, online discussion histories and text messages from across the Internet. Gathering and analyzing these data could use both classified and unclassified methods. The agencies could also conduct advanced Google searches or mine The Internet Archive?s Wayback Machine. This information can be linked with other data to help identify physical locations of target computers or people. Analysts can also observe interconnections between people and infer the types and strengths of those relationships. This information can clue intelligence analysts in to the existence of previously undiscovered potential Internet targets. These can include virtual meeting places, methods of secure communications, types of phones or computers favored by the enemy, preferred network providers or vulnerabilities in their IT infrastructures. In some cases, cyberattacks need to be coordinated with spies or covert agents who must carry out physical aspects of the plan, especially when the electronic target of a ?cyberbomb? is hard to reach ? such as the computers inside the Iranian nuclear facility targeted by the Stuxnet worm. Cyberattack purposes can vary widely. Sometimes, a government entity wants to simply monitor activity on a specific computer system in hopes of gaining additional intelligence. Other times, the goal is to place a hidden ?backdoor? allowing the agency to secretly take control of a system. In some cases, a target computer will be attacked with the intent of disabling it or preventing future use by adversaries. When considering that kind of activity, planners must decide whether it?s better to leave a site functional so future intelligence can be collected over the long term, or to shut it down and prevent an adversary from using it in the near term. Although not strictly a ?cyber? attack, ?cyberbombing? also might entail the use of decades-old electronic warfare techniques that broadcast electromagnetic energy to (among other things) disrupt an adversary?s wireless communications capabilities or computer controls. Other ?cyberbombing? techniques include modifying or creating false images on an enemy?s radar screens ahead of an air attack, such as how Israel compromised Syria?s air defense systems in 2007. These may be done on their own or to support more traditional military operations. Finally, using an electromagnetic pulse (EMP) weapon to disrupt and/or disable all electronic circuits over a wide area ? such as a city ? could be considered the ?Mother of All Cyber Bombs.? As such, its effect would be felt both by enemy forces and local (likely) noncombatant citizens, all of whom suddenly would be unable to obtain fresh water and electricity, and find their local hospitals, banks and electronic items ranging from cars to coffee pots unable to function. Depending on the heat and blast from the bomb?s detonation, some people might not notice ? though those dependent on electronic medical devices like pacemakers probably would feel effects immediately. EMP is commonly associated with nuclear weapons, but even using nonnuclear EMP devices in a populated area would presumably cause enough ?collateral damage? that it would violate international laws. Fighting against nongovernment groups In addition to the above techniques, and particularly when fighting opponents that are not foreign governments ? such as ISIS ? a unique type of ?cyberbombing? seeks to target the online personas of terror group leaders. In this type of attack, one goal may be to tarnish their online reputations, such as publishing manipulated images that would embarrass them. Or, cyber weaponry may be used to gain access to systems that could be used to issue conflicting statements or incorrect orders to the enemy. These types of ?cyberbombs? can create psychological damage and distress in terrorist networks and help disrupt them over time. The United Kingdom?s JTRIG (Joint Threat Research Intelligence Group) within GCHQ specializes in these tactics. Presumably similar capabilities exist in other countries. Making cyberwar public Until recently, few nations publicly admitted planning or even thinking about waging offensive warfare on the Internet. For those that do, the exact process of planning a digital warfare campaign remains a highly guarded military and diplomatic secret. The only people announcing their cyberattacks were assorted hacktivist groups such as Anonymous and the self-proclaimed ?Cyber-Caliphate? supporting ISIS. By contrast, the most prominent cyber-attack waged by a nation-state (2011?s Stuxnet) ? allegedly attributed to the United States and Israel ? was never officially acknowledged by those governments. Cyber weapons and the policies governing their use likely will remain shrouded in secrecy. However, the recent public mentions of cyber warfare by national leaders suggest that these capabilities are, and will remain, prominent and evolving ways to support intelligence and military operations when needed. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed May 11 07:39:36 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2016 08:39:36 -0400 Subject: [Infowarrior] - Fwd: France to forbid non-work-hours work-email References: <20160511115745.24864A06D71@palinka.tinho.net> Message-ID: <409F5CEC-BB27-4DA5-B574-55D6744ECFAA@infowarrior.org> -- It's better to burn out than fade away. > Begin forwarded message: > > From: dan > http://www.bbc.co.uk/news/magazine-36249647 > > The plan to ban work emails out of hours > > By Hugh Schofield BBC News, Paris > * 11 May 2016 > * From the section [59]Magazine > > Should governments step in to regulate work emails and so rescue > harassed staff from the perils of digital burnout? The answer > in France appears to be "Yes". President Francois Hollande's > Socialist Party is about to vote through a measure that will > give employees for the first time a "right to disconnect". > > Companies of more than 50 people will be obliged to draw up a > charter of good conduct, setting out the hours - normally in the > evening and at the weekend - when staff are not supposed to send > or answer emails. > > Much mockery was made in the foreign press when the proposal was > first mooted, with images of hawk-eyed work inspectors snooping > on the industrious. > > But the French government says the problem of permanent connection > is universal and growing - and that intervention is needed. > > "All the studies show there is far more work-related stress today > than there used to be, and that the stress is constant," Socialist > MP Benoit Hamon tells me. > > You're at home but you're not at home, and that poses a real > threat to relationshipsLinh Le, management consultant > > "Employees physically leave the office, but they do not leave > their work. They remain attached by a kind of electronic leash > - like a dog. The texts, the messages, the emails - they colonise > the life of the individual to the point where he or she eventually > breaks down." > > The measure is part of a labour law - named after Labour Minister > Maryam El Khomri - many of whose other provisions have sparked > weeks of protests in France. The "disconnection" clause is about > the only part on which there is consensus. Image copyright Getty > Images Image caption A protester holds a placard reading 'heinous > labour bill' on the Place de la Republique in Paris > > Few - in France or elsewhere - would disagree that work-home > encroachment is a troubling by-product of the digital revolution. > > "At home the workspace can be the kitchen or the bathroom or the > bedroom. We shift from a work email to a personal WhatsApp to a > Facebook picture to a professional text - all on the same tool," > says Linh Le, a partner at Elia management consultants in Paris. > > "You're at home but you're not at home, and that poses a real > threat to relationships," she says. > > Le says the businesses she advises are increasingly aware of the > dangers to staff. The most extreme threat is so-called burnout > which she describes as "physical, psychological and emotional > distress caused by a total inability to rest". Image copyright > iStock > > But apart from wishing to spare their suffering, companies also > need employees to be creative. And this is less likely, says Le, > without regular downtime. > > She applauds a US insurance company that has given workers sleep > monitors and pays them a bonus if they get 20 consecutive nights > of good sleep. > > "It shows how good companies recognise the importance of not > harassing workers at home. > > "Here in France we speak of the two types of time, as defined > by the Greeks: chronos and keiros. Chronos is regular, divisible > time. Keiros is unconscious time... creative time. > > "Keiros is essential for productive thinking, and good employers > know they need to protect it." > > But will the law work? Many have doubts. > > At PriceMinister - an online marketplace run from central Paris > - chief executive Olivier Mathiot has instituted "no-email > Fridays", to encourage employees to resort less to digital > messaging. > > Sales manager Tiphanie Schmitt says this idea is fine - it helps > to get people to talk - but she would resist any government > interference in the way she does her job. > > In my company we compete with Indian, Chinese, American > developers - we need to talk to people around the world late > into the nightGregory, software writer > > "I do sales. I like doing sales. It means I use email late into > the evening, and at the weekend. I don't want my company preventing > me from using my mail box just because of some law," she says. > > Similar views can be heard expressed at the Bowler pub near the > Champs-Elysees, a hang-out for financial and computer workers. > > "I think [the right to disconnect] is wonderful for improving > the human condition but totally inapplicable," says software > writer Gregory. > > "In my company we compete with Indian, Chinese, American developers. > We need to talk to people around the world late into the night. > Our competitors don't have the same restrictions. > > "If we obeyed this law we would just be shooting ourselves in > the foot." > > Olivier Mathiot of PriceMinister says the issue should be addressed > by education rather than legislation. > > "In France we are champions at passing laws, but they are not > always very helpful when what we need is greater flexibility in > the workplace," he says. > > And according to Linh Le at Elia Consulting, the law will be > very quickly made irrelevant. "In a few years' time emails will > have ceased to exist," she predicts. "We'll have moved on to > something else." > > Even cheerleaders such as the MP Benoit Hamon admit that the > impact of the law will only go so far - as presently drafted > there is no penalty for violating it. Companies are expected to > comply voluntarily. > > But almost everyone in France agrees that the subject of > communications overload is one that needs to be on every employer's > agenda. > From rforno at infowarrior.org Wed May 11 15:22:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2016 16:22:57 -0400 Subject: [Infowarrior] - Save Firefox! Message-ID: <6A6876FF-261C-4DD1-956B-360F7EE193D6@infowarrior.org> May 11, 2016 | By Cory Doctorow Save Firefox! https://www.eff.org/deeplinks/2016/04/save-firefox Once upon a time, there were two major browsers that virtually everyone used: Netscape and Internet Explorer, locked in a death-battle for the future of the Web. They went to enormous lengths to tempt Web publishers to optimize their sites to work best inside their windows, and hoped that users would follow. Then, a game-changer: the open, nonprofit Mozilla browser spun out of Netscape, with the mission of putting users, not publishers, in charge. Mozilla defaulted to blocking pop-up ads, the scourge of the early Web. It was a step none of the major browsers could afford to take, because publishers were convinced they would go broke without them, and any company whose browser blocked pop-ups by default would alienate the publishers, who'd throw their lot in with the competition. A little over a decade later, and the world of browsers is unrecognizable: Mozilla turned into Firefox; Internet Explorer turned into Edge, Apple launched Safari, and Google launched Chrome. Every one of them blocks pop-ups by default! Literally none of the dominant browsers from a decade ago are in widespread use today. Which is not to say that there isn't competition. There is, and its as fierce as ever, and as ever, it's a strategic fight to please both publishers and users, whose interests are not always the same. Publishers want to gather more information on users; users want to keep their information private. Publishers want to control users' browsing and viewing experience; users want to sit in the driver's seat. We need competition; we also need diversity. We need the possibility that young, game-changing market entrants might come along. We need that idea to be kept alive, to make sure that all the browsers don't shift from keeping users happy to just keeping a few giant corporations that dominate the Web happy. Because there's always pressure to do that, and if all the browsers end up playing that same old game, the users will always lose. We need more Firefoxes. We need more browsers that treat their users, rather than publishers, as their customers. It's the natural cycle of concentration-disruption-renewal that has kept the Web vibrant for nearly 20 years (eons, in web-years). We may never get another one, though. The World Wide Web Consortium (W3C), once the force for open standards that kept browsers from locking publishers to their proprietary capabilities, has changed its mission. Since 2013, the organization has provided a forum where today's dominant browser companies and the dominant entertainment companies can collaborate on a system to let our browsers control our behavior, rather than the other way. This system, "Encrypted Media Extensions" (EME) uses standards-defined code to funnel video into a proprietary container called a "Content Decryption Module." For a new browser to support this new video streaming standard -- which major studios and cable operators are pushing for -- it would have to convince those entertainment companies or one of their partners to let them have a CDM, or this part of the "open" Web would not display in their new browser. This is the opposite of every W3C standard to date: once, all you needed to do to render content sent by a server was follow the standard, not get permission. If browsers had needed permission to render a page at the launch of Mozilla, the publishers would have frozen out this new, pop-up-blocking upstart. Kiss Firefox goodbye, in other words. The W3C didn't have to do this. No copyright law says that making a video gives you the right to tell people who legally watch it how they must configure their equipment. But because of the design of EME, copyright holders will be able to use the law to shut down any new browser that tries to render the video without their permission. That's because EME is designed to trigger liability under section 1201 of the Digital Millennium Copyright Act (DMCA), which says that removing a digital lock that controls access to a copyrighted work without permission is an offense, even if the person removing the lock has the right to the content it restricts. In other words, once a video is sent with EME, a new company that unlocks it for its users can be sued, even if the users do nothing illegal with that video. We proposed that the W3C could protect new browsers by making their members promise not to use the DMCA to attack new entrants in the market, an idea supported by a diverse group of W3C members, but the W3C executive overruled us saying the work would go forward with no safeguards for future competition. It's even worse than at first glance. The DMCA isn't limited to the USA: the US Trade Representative has spread DMCA-like rules to virtually every country that does business with America. Worse still: the DMCA is also routinely used by companies to threaten and silence security researchers who reveal embarrassing defects in their products. The W3C also declined to require its members to protect security researchers who discover flaws in EME, leaving every Web user vulnerable to vulnerabilities whose disclosure can only safely take place if the affected company decides to permit it. The W3C needs credibility with people who care about the open Web and innovation in order to be viable. They are sensitive to this kind of criticism. We empathize. There are lots of good people working there, people who genuinely, passionately want the Web to stay open to everyone, and to be safe for its users. But the organization made a terrible decision when it opted to provide a home for EME, and an even worse one when it overruled its own members and declined protection for security research and new competitors. It needs to hear from you now. Please share this post, and spread the word. Help the W3C be the organization it is meant to be. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu May 12 08:49:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2016 09:49:51 -0400 Subject: [Infowarrior] - FBI head expects more gov't litigation over locked phones Message-ID: <42462DBB-9797-4C89-A4B9-3FFA50B0C7B2@infowarrior.org> (I call BS on Comey's claim they didn't seek to avoid transparency in the VE process. Maybe not directly, but it's coincidentally a handy 'benefit' of the route they chose. --rick) FBI head expects more gov't litigation over locked phones http://thehill.com/policy/cybersecurity/279646-comey-expects-more-government-litigation-over-locked-phones By Katie Bo Williams - 05/12/16 09:00 AM EDT FBI Director James Comey says he expects the U.S. government to seek more lawsuits over access to encrypted communications. The debate over whether the federal government can compel private companies to unlock personal devices for national security purposes is far from over, Comey told reporters on Wednesday, according to reports. Citing the recent decision by Facebook?s WhatsApp to offer end-to-end encryption to all of its customers ? over 1 billion ? Comey said that the move is "affecting the criminal work [of the FBI] in huge ways.? ?In that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house,? Comey said. Although he does not currently have any plans to bring a legal case against the company, Comey said, ?Whether there will be litigation down the road, I don?t know.? Comey?s remarks come in the wake of the agency?s high-profile dispute with Apple over San Bernardino shooter Syed Rizwan Farook?s iPhone. Apple refused to comply with a court order ordering it to help the agency unlock the device, arguing that it would have to write a ?backdoor? into the operating system that would put its other customers at risk of a security breach. The FBI eventually dropped the case when it purchased a ?tool? from a third party that allowed it to hack into the device. The agency has seized about 500 phones it cannot unlock in criminal investigations, Comey said Wednesday. But none of those 500 phones are the same combination of model and operating system as Farook?s phone, which was running iOS 9 ? limiting the hacking tool?s usefulness. The FBI has come under fire for failing to disclose the vulnerability that it used to hack into the device, so that Apple can patch the flaw. Comey said Wednesday that the agency did not deliberately avoid a White House review process that might have led to the disclosure of the hole, according to The Washington Post. He said the agency only purchased the hacking tool ? not the rights to the underlying flaw that the tool exploits. He suggested that to purchase the rights would have cost much more money. ?We bought what was necessary to get into that phone, and we tried not to spend more money than we needed to spend,? he said. ?We did not in any form or fashion structure the transaction .?.?. with an eye toward avoiding? the White House review, he said. The FBI has said it cannot participate in the so-called Vulnerabilities Equities Process because it doesn?t know enough about the tool it purchased for the review to make sense. In fact, the details of the deal have been kept so secret that even Comey doesn?t know the identity of the third party that assisted the agency, Reuters reported last week. Comey said he had a ?good sense? of the contractor?s identity, but he ?couldn't give you people's names,? according to Reuters. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu May 12 09:00:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2016 10:00:48 -0400 Subject: [Infowarrior] - Yahoo Mail Is So Bad That Congress Just Banned It Message-ID: <20395073-5EF4-4F51-91A4-BE106C98DD53@infowarrior.org> YahooMail Is So Bad That Congress Just Banned It http://gizmodo.com/cyberattack-leads-to-a-yahoomail-ban-on-capitol-hill-1775851542 -- It's better to burn out than fade away. From rforno at infowarrior.org Thu May 12 17:33:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2016 18:33:33 -0400 Subject: [Infowarrior] - FBI Admits It Told Local Police To Hide Evidence Of Phone Surveillance Message-ID: <9C512BA1-FDB1-46F4-A5E1-041C516CB7E2@infowarrior.org> FBI Admits It Told Local Police To Hide Evidence Of Phone Surveillance By Kevin Collier http://www.vocativ.com/317708/fbi-local-police-stingrays/ Your local police may use a controversial piece of technology?ominously dubbed a stingray?to track your phone. But, the FBI is taking pains to make sure you never find out. The agency encourages police to find additional evidence so that stingray technology never comes up in court, according to a new memo. It?s no secret that law enforcement agencies scattered around the country use such devices?known as IMSCI catchers, or colloquially ?stingrays??which mimic cellphone towers and collect data, like phone numbers and location, from everyone in their vicinity. But that?s not because the FBI isn?t trying to hide that fact. The agency is so keen on keeping the devices from the public that it asks local police departments to sign nondisclosure agreements about their stingrays?leading to some cops trying withdrawing cases that rely on stingrays for evidence. But thanks to an open records request from the investigative journalism nonprofit Oklahoma Watch, there?s finally evidence that?s the FBI?s specific plan. In a 2014 memo from FBI Special Agent in Charge James Finch to Oklahoma City Police Department Chief William Citty, the bureau issued very specific guidelines. ?Information obtained through use of this equipment is for LEAD PURPOSES ONLY, and may not be used as primary evidence in any affidavits, hearings or trials. This equipment provides general location information about a cellular device, and your agency understands it is required to use additional and independent investigative means and methods, such as historical cellular analysis, that would be admissible at trial to corroborate information concerning the location of the target obtained through use of this equipment.? The memo reflects the controversial practice known as parallel construction, in which a law enforcement agency collects evidence on a suspect without first bothering with a warrant, as that evidence likely wouldn?t be admissible as evidence in court. Armed with that information, agents or officers build a strong enough case with legally admissible evidence that they don?t need to ever tell the court about that earlier information. A 2013 Reuters report on the practice, for example, found that the U.S. Drug Enforcement Agency routinely receives intelligence from various intelligence services, including the NSA, about where to find a suspected criminal, and that the DEA would then be expected to work backwards from there. ?You?d be told only, ?Be at a certain truck stop at a certain time and look for a certain vehicle.? And so we?d alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it,? one DEA agent said. ?This is the first time I have seen language this explicitly calling for parallel construction to conceal evidence derived from Stingray use,? Nate Wessler, a staff attorney at the ACLU who specializes in stingray use, told Vocativ. ?[T]his goes the outrageous extra step of ordering police to actually engage in evidence laundering,? he said. ?As a result, defendants are denied their right to challenge potentially unconstitutional surveillance and courts are deprived of an opportunity to curb law enforcement abuses.? Though stingray use in the U.S. has largely existed without much public knowledge, that scenario is quickly changing. In March, an appellate court ruled for the first time that it?s illegal for police to use stingrays without first getting a warrant. The FBI didn?t respond to request for comment. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 13 07:24:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2016 08:24:27 -0400 Subject: [Infowarrior] - =?utf-8?q?U=2ES=2E_should_immunize_big_data_trans?= =?utf-8?q?fers_during_disasters=2C_attacks_=E2=80=94_report?= Message-ID: <7DD91D8F-424A-4FF8-8B3D-B23F699FE396@infowarrior.org> U.S. should immunize big data transfers during disasters, attacks ? report By Shaun Waterman May 11, 2016 2:00 PM http://fedscoop.com/us-should-immunize-big-data-transfers-during-disasters-report The telecom industry proposal to track terrorists through big data echoes the controversial Pentagon effort known as Total Information Awareness. Companies that share customers' personal data with federal agencies during a natural disaster or major cyber or terror attack would get legal immunity under a "good Samaritan framework," called for in a draft report to the Obama administration. The National Security Telecommunications Advisory Committee, a telecom industry body, said, "The framework should afford standard agreed upon protections to entities sharing data in good faith" during such a major incident. "The framework should pre-establish general rules between the Government and the participating private sector organizations to define the appropriate use of [such shared] data" states the report, titled NSTAC Report to the President on Big Data Analytics. Specifically, the framework ought to "clarify rules regarding the protection of privacy, data use, ownership, storage, retention, accidental disclosure, and deletion." NSTAC's 21 members are meeting Wednesday in Palo Alto, California, to approve the draft, which will then be formally submitted to the White House. The committee, meeting in Silicon Valley for the first time, will be briefed by Cabinet-level officials including Commerce Secretary Penny Pritzker, Homeland Security Secretary Jeh Johnson and Defense Secretary Ash Carter ? all part of the administration's effort to cross-fertilize some of the valley's legendary innovation into the sometimes creaky edifice of the federal government. Addressing the huge volumes of data now available through online devices, the report notes that many newer smartphones and tablets feature "advanced sensors such as high definition microphones, text, cameras, accelerometers, barometers, and more. "In the future ? depending on data agreements between the State government, local law enforcement, and mobile phone carriers ? some jurisdictions may have the ability to enable callers to share situational data with [911] operators when a user places an emergency call." This "data exhaust" could be crucial to authorities seeking to assess a major incident. "To have the full potential of these technological advancements, it is critical to develop the needed frameworks for data sharing," the report states. Big data analysis, or BDA, might also be able to thwart terrorist planning and preparation for an attack in the homeland, the report states, echoing the intent of the controversial Pentagon project in the aftermath of Sept. 11 dubbed Total Information Awareness. In their hypothetical "use case," the reports authors envisage that the terrorist planners sometimes use oblique or coded, though unencrypted, messaging ? including through social media. By the time the planners are ready to launch their attack, "there is a significant amount of disjointed information contained in a variety of data sources that point to an eminent [sic] threat ... This is the first pivotal point for BDA to play a substantial role in preventing the event." By the time the day of the attack arrives, "BDA processes have identified a potential threat and collection of meaningful data intensifies. Correlation of travel itineraries, car rentals and credit card purchases can possibly pinpoint the targeted locations and the individuals that have been dispatched to each location." Contact the reporter on this story via email Shaun.Waterman at FedScoop.com, or follow him on Twitter @WatermanReports. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 13 07:37:53 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2016 08:37:53 -0400 Subject: [Infowarrior] - The James Comey whine-a-thon continues Message-ID: <0A4C7115-8B3B-49EC-BA3B-328C4FA23C06@infowarrior.org> Encryption is ?essential tradecraft? of terrorists, FBI director says http://arstechnica.com/tech-policy/2016/05/encryption-is-essential-tradecraft-of-terrorists-fbi-director-says/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 13 12:56:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2016 13:56:31 -0400 Subject: [Infowarrior] - DNI issues policy on social media + background checks Message-ID: <39C95D25-D1A4-4183-9619-B34762DAAB60@infowarrior.org> Social media policy for government-issued background investigations The government has released a first-ever social media policy for background investigations, which will scan what applicants have posted on Facebook, Twitter and other sites to determine their trustworthiness. https://www.washingtonpost.com/apps/g/page/politics/social-media-policy-for-government-issued-background-investigations/2029 -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 13 15:49:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2016 16:49:58 -0400 Subject: [Infowarrior] - Where the candidates stand on cyber issues Message-ID: <6A134CD5-F0BD-4D66-A0FC-B503AB5D71E9@infowarrior.org> Where the candidates stand on cyber issues By Violet Blue It's a little difficult to nail down the US presidential candidates on cybersecurity. That's probably because none of the candidates actually has a cybersecurity plan. What little the presidential candidates have said about cybersecurity is as bizarre as the entire reality-TV election process spectacle itself. They each think cybersecurity means one, or possibly two things. Bernie Sanders is obsessed with the NSA. Donald Trump said that Edward Snowden should be executed and wants to hack-attack China. Hillary Clinton just seems unsure about what exactly she should say. With so much ado over her email server, its security, and the concerns over her email handling of classified information, it would certainly be in her benefit to do the opposite -- get deeply engaged, and steer conversations on all things cybersecurity. And her opponents could benefit even more from beating Clinton to it. But as you're about to see, they're all guilty of this one offense: Clinton, Sanders, and Trump all believe the word "cybersecurity" only means narrow federal threats. Worryingly, each one has their own idea of what that threat translates to, or means. None of those things reflect the truly urgent cybersecurity issues we're facing. The US is being gutted by all-time-high incidences of breaches, identity theft, and ransomware in hospitals, homes and businesses. Between the OPM and the IRS, the government can't seem to secure itself. Data dealers and too-powerful social networks are playing fast and loose with private information and rhetoric, before our privacy laws catch up with them. State-sponsored hacking has emerged as a potential act of war on the global stage -- a WW III size issue, which should overshadow the apparently simple joys of blaming China for everything. With all this, you'd think that cyber would be a very popular subject with any wanna-be leader-of-the-free-world types. How will our new leader react when cybersecurity issues take them by surprise during the next four years? We've put together a cheat sheet (in alphabetical order, below). < - > http://www.engadget.com/2016/05/13/where-the-candidates-stand-on-cyber-issues/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 13 18:05:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2016 19:05:50 -0400 Subject: [Infowarrior] - =?utf-8?q?Contractor_Working_on_OPM=E2=80=99s_Cyb?= =?utf-8?q?er_Upgrades_Suddenly_Quits=2C_Citing_=27Financial_Distress=27?= Message-ID: <501C3FDD-642D-46EF-A0CE-609E2778EE52@infowarrior.org> (c/o MM) Contractor Working on OPM?s Cyber Upgrades Suddenly Quits, Citing 'Financial Distress' By Jack Moore http://www.nextgov.com/cybersecurity/2016/05/contractor-working-opms-cyber-upgrades-suddenly-quits-citing-financial-distress/128301/ The contractor responsible for the hacked Office of Personnel Management?s major IT overhaul is now in financial disarray and no longer working on the project. OPM awarded the Arlington, Virginia-based Imperatis Corporation a sole-source contract in June 2014 as part of an initial $20 million effort to harden OPM?s cyber defenses, after agency officials discovered an intrusion into the agency?s network. In the past week, however, Imperatis ceased operations on the contract, citing ?financial distress,? an OPM spokesman confirmed to Nextgov. After Imperatis employees failed to show up for work May 9, OPM terminated Imperatis? contract for nonperformance and defaulting on its contract. ?DHS and OPM are currently assessing the operational effect of the situation and expect there to be very little impact on current OPM operations,? OPM spokesman Sam Schumach said in a statement to Nextgov. Schumach said OPM had been planning for performance on the contract to end in June 2016. Work on the contract went toward developing a more secure IT environment, dubbed ?the shell,? in which to house sensitive files. Last summer, after work on the contract had already started, OPM announced a much larger breach of personnel records and background investigations forms affecting more than 21.5 million. Officials pledged to accelerate work on the IT upgrade plan. Claire McCaskill, the ranking Democrat on the Homeland Security and Governmental Affairs? investigations subcommittee, wrote to OPM and the Homeland Security Department, which also holds contracts with the company. In the May 13 letter, McCaskill, D-Mo., said she is ?concerned that Imperatis? default may now delay OPM?s much-needed IT infrastructure and security fixes,? and requested OPM describe its contingency plans for the critical technology upgrades in a briefing with the senator?s staff. A spokeswoman for the Imperatis Corporation did not return phone calls or emails from Nextgov. The voicemail box for the company?s CEO, Mastin M. Robeson, was full and no longer accepting messages Friday afternoon. The ?Leadership? page of the Imperatis website, which once listed company executives, is now blank. In the wake of the OPM hack last summer, lawmakers questioned the agency?s decision to rush work to Imperatis without competition from other companies. In a ?flash audit? issued last summer, OPM?s former inspector general raised several concerns about the agency?s overall IT upgrade plans, including the use of the sole-source contract and unreliable cost estimates for the overhaul. OPM?s sole-source contract with Imperatis only covered the initial planning phases of the contract, agency officials testified under oath during a congressional hearing last summer. However, officials later acknowledged Imperatis was working on later phases of the contract, according to a follow-up IG report. The IG contended "any involvement" by the contractor "violates federal acquisition regulations,? and stressed that ?conflicting statements from OPM officials regarding this contract are extremely concerning.? Current acting OPM Director Beth Cobert, in a Sept. 3 letter, told the IG Imperatis assistance is needed because of "the expertise and knowledge they have developed during the design and implementation" of the project. OPM has already spent more than $67 million on the IT upgrade plan, Cobert told lawmakers during a House hearing in March. In its fiscal 2017 budget request, the agency is seeking $37 million in additional funding for the project. This isn?t the first time Imperatis Corporation has come under scrutiny. Under a previous name, Jorge Scientific, the company held nearly $1 billion in contracts with the Army when employees were recorded in cellphone videos reportedly drinking on the job and injecting drugs. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun May 15 16:36:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 May 2016 17:36:38 -0400 Subject: [Infowarrior] - Everything We Know About How the FBI Hacks People Message-ID: <7531BBFC-0CEE-4DDB-8B65-087B4A682E96@infowarrior.org> Everything We Know About How the FBI Hacks People https://www.wired.com/2016/05/history-fbis-hacking/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sun May 15 18:01:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 May 2016 19:01:29 -0400 Subject: [Infowarrior] - Big Festival Brother? What summer music festivals are doing with your personal data Message-ID: Big Festival Brother? What summer music festivals are doing with your personal data Gianluca Mezzofiore http://mashable.com/2016/05/14/music-festivals-personal-data-privacy/#rosmsAHSVSqI LONDON ? It's May and the sun is finally out after a long British winter. For many that means one thing: festival season. It's a good occasion to disconnect from technology, go off the grid and enjoy a few days of carefree excitement. Or not. Along with booze, music and mud ? a lot of mud ? British festivals may have another feature: mass surveillance. Last year, Leicestershire police scanned the faces of 90,000 festival-goers at Download Festival, checking them against a list of wanted criminals across the country. It was the first time anywhere in the UK that facial recognition technology ? NeoFace ? was used at a public outdoor event. Privacy campaigners ? and Muse frontman Matt Bellamy ? expressed their fury at authorities after they casually mentioned the use of the surveillance project on Police Oracle, a police news and information website. Police didn't use any other method to warn festival-goers about the controversial initiative. Digital footprints It's not yet clear whether UK authorities will use facial technology at music festivals this year. Leicestershire Police told Mashable: "There are no plans to use live time facial recognition technologies during music festivals or other events in the next few months." But they added that NeoFace will continue to be used by the force to identify suspects. Glastonbury Festival told Mashable facial recognition won't be used at its event while Download and Reading/Leeds did not respond to our request for comment. What is facial recognition? Facial recognition is similar to obtaining an individual's fingerprints. Authorities told Mashable facial recognition technology is "speeding up investigations," and results over the past few months "have been very promising. "The force has demonstrated how the NeoFace system can also save officers hours, even days by cutting out the need to go through its database of detained people?s photographs one by one," Leicestershire police said. The software can compare dozens of measurements between key facial features on the subject's face from CCTV or police body cameras images against the 120,000 photos on the Leicestershire force's database of people it's has arrested and held in custody over the past few years. Police told Mashable there is "absolutely nothing to concern privacy campaigners." "Since we began using the system in May 2013, the force has been as open and as transparent as it can and recognises legitimate concerns." However, campaigners say its accuracy remains questionable, besides other issues around lack of consent and lack of understanding about how the data is processed, shared and stored. Biometrics commissioner Alastair MacGregor, an independent advisor to the British government, has warned that image databases and face recognition could be used to track people's movements by "combining widespread CCTV and access to a huge searchable database of facial images." "The concept of facial recognition is moving towards a Blade Runner-type future. The question is: did I really give informed and explicit consent to this? Where's the transparency?" Raj Samani, CTO at Intel Security, told Mashable. "In the case of festivals, it raises a lot of questions around what is done with our data once the event is over," he says. In order for facial recognition to be of use, the data has to be stored. But it's unclear how the data is stored and protected or for how long it remains and when it's deleted. It's nearly impossible to find out who the dataset is shared with or cross-referenced against, Christopher Weatherhead, technology officer at Privacy International, told Mashable. "For example is the imagery being compared to law enforcement databases, medical databases, or social media profiles?" he said. "Festival-goers should not be treated like suspects just because they wish to enjoy an event." Privacy risks from apps Many of the larger British music festivals are non-transferable, ticketed events, requiring a photograph ? meaning there's a clear link between the ticket and the reveller purchasing it. Weatherhead says it means festival organisers "have a large dataset" of unique and personally identifiable information before the attendee even arrives at the event. The dataset includes contact and account information, payment and billing, information posted online or on a third-party social media site, personal preferences about products and so on. Then, at the event, credit card transactions, open Wi-Fi access, and mobile apps can all leak private information. Apps can be susceptible to exploitation because unlike web browsing they offer no guarantees that secure communication is taking place. Browsers are also risky as password and private information can be easily hacked by authorities and criminals from the open Wi-Fi, Weatherhead said. "The organisers and their various partners are potentially able to access attendees? data footprint, which can be huge and highly revealing," says Weatherhead. With official apps, organisers can collect information about the user's GPS location, the device's unique identifier, the type of device or version of the operating system used; they can look at how often the app is used and where it was downloaded; they can also scan the music library in order to send information about events in the area. Not every festival app is set up to collect all this information. When you download the Download Festival official app, a series of requests to access the user's accounts, profile data, calendar, location, photos, files and Wi-Fi info shows up. Organisers of festivals such as Download, Isle of Wight, British Summer Time, Latitude say in their privacy statements that private data may be shared with parent companies, event partners, selected third parties, service providers, police and government agencies. In some cases, the information-sharing includes the transfer of data to other countries, even outside the European Union, with laws that may not protect privacy rights as extensively as those in the UK. "The digital footprint we generate at festivals creates a picture of our tastes, our interests, our friends, and our habits," Sara Ogilvie, Policy officer at Liberty told Mashable. "Recent attacks by hackers on major companies like TalkTalk show just how easy it is for criminals to get hold of such highly valuable information too. Festivals are supposed to be relaxing, but getting back to work to discover you have to change your passwords isn?t fun." Generally speaking, British people aged 18-24 are slightly less concerned about privacy when using the Internet when compared with the general population, according to polling of 52,000 people by YouGov. The least worried are the so-called "Selfie-stylers," a term coined by YouGov to indicate individuals who keep up with web trends. While just 36% agree with the statement, "I don't worry too much about privacy when using Internet," that figure rises to 46% among "Selfie-stylers." What can festival revellers do to avoid having their privacy breached? Not much, according to experts. "Digital data is like a tattoo, it's difficult to erase," said Samani. "Once you give up your data, it's out there and as the case of Ashley Madison shows, it's not easy to delete it. "What are they going to do with my data? That's the question you should ask yourself before buying your festival ticket. And make sure you're comfortable to whom you give information with." As the festival season approaches, it's something you might want to consider, along with the weather forecast. Have something to add to this story? Share it in the comments. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 16 13:22:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2016 14:22:03 -0400 Subject: [Infowarrior] - =?utf-8?q?The_Intercept_Is_Broadening_Access_to_t?= =?utf-8?q?he_Snowden_Archive=2E_Here=E2=80=99s_Why?= Message-ID: The Intercept Is Broadening Access to the Snowden Archive. Here?s Why https://theintercept.com/2016/05/16/the-intercept-is-broadening-access-to-the-snowden-archive-heres-why/ Glenn Greenwald May 16 2016, 11:37 a.m. From the time we began reporting on the archive provided to us in Hong Kong by NSA whistleblower Edward Snowden, we sought to fulfill his two principal requests for how the materials should be handled: that they be released in conjunction with careful reporting that puts the documents in context and makes them digestible to the public, and that the welfare and reputations of innocent people be safeguarded. As time has gone on, The Intercept has sought out new ways to get documents from the archive into the hands of the public, consistent with the public interest as originally conceived. Today, The Intercept is announcing two innovations in how we report on and publish these materials. Both measures are designed to ensure that reporting on the archive continues in as expeditious and informative a manner as possible, in accordance with the agreements we entered into with our source about how these materials would be disclosed, a framework that he, and we, have publicly described on numerous occasions. The first measure involves the publication of large batches of documents. We are, beginning today, publishing in installments the NSA?s internal SIDtoday newsletters, which span more than a decade beginning after 9/11. We are starting with the oldest SIDtoday articles, from 2003, and working our way through the most recent in our archive, from 2012. Our first release today contains 166 documents, all from 2003, and we will periodically release batches until we have made public the entire set. The documents are available on a special section of The Intercept. The SIDtoday documents run a wide gamut: from serious, detailed reports on top secret NSA surveillance programs to breezy, trivial meanderings of analysts? trips and vacations, with much in between. Many are self-serving and boastful, designed to justify budgets or impress supervisors. Others contain obvious errors or mindless parroting of public source material. But some SIDtoday articles have been the basis of significant revelations from the archive. Accompanying the release of these documents are summaries of the content of each, along with a story about NSA?s role in Guant?namo interrogations, a lengthy roundup of other intriguing information gleaned from these files, and a profile of SIDtoday. We encourage other journalists, researchers, and interested parties to comb through these documents, along with future published batches, to find additional material of interest. Others may well find stories, or clues that lead to stories, that we did not. (To contact us about such finds, see the instructions here.) A primary objective of these batch releases is to make that kind of exploration possible. Consistent with the requirements of our agreement with our source, our editors and reporters have carefully examined each document, redacted names of low-level functionaries and other information that could impose serious harm on innocent individuals, and given the NSA an opportunity to comment on the documents to be published (the NSA?s comments resulted in no redactions other than two names of relatively low-level employees that we agreed, consistent with our long-standing policy, to redact). Further information about how we prepared the documents for publication is available in a separate article. We believe these releases will enhance public understanding of these extremely powerful and secretive surveillance agencies. The other innovation is our ability to invite outside journalists, including from foreign media outlets, to work with us to explore the full Snowden archive. From the start of our reporting on the archive, a major component of our approach has been to partner with foreign (and other American) media outlets rather than try to keep all the material for ourselves. We have collectively shared documents with more than two dozen media outlets, and teams of journalists in numerous countries have thus worked with and reported on Snowden documents (that?s independent of the other media outlets which have long possessed large portions of the Snowden archive ? the Washington Post, the New York Times, The Guardian, ProPublica). This partnership approach has greatly expedited the reporting, and also ensured that stories that most affect specific countries are reported by the journalists who best understand those countries. But allowing other journalists full access to the archive presented security and legal challenges that took time and resources to resolve. We now feel comfortable that we can do so consistent with the responsibility demanded by these materials and our agreement with our source. We have begun to provide archive access to journalists from Le Monde and other media outlets in collaboration with The Intercept?s editorial, research, legal, and technology teams. We are excited by the reporting this new arrangement will generate. There are still many documents of legitimate interest to the public that can and should be disclosed. There are also documents in the archive that we do not believe should be published because of the severe harm they would cause innocent people (e.g., private communications intercepted by NSA, the disclosure of which would destroy privacy rights; and documents containing government speculation about bad acts committed by private individuals (typically from marginalized communities), the disclosure of which would permanently destroy reputations). An archive of this significance and size obviously presents complicated questions about how best to report on it. There is rarely one easy, obvious answer how to do it. Different leaks may require different approaches. I?ve always believed that WikiLeaks? reporting on and disclosure of the materials provided by Chelsea Manning and other sources have been superb. But that does not mean that it is the only viable framework, or the optimal tactical approach, for all leaks. Moreover, different whistleblowers have their own conditions and demands for how the material can be disclosed, which any ethical journalist must obviously honor in full. We have navigated these difficult and sometimes conflicting values in deciding how best to report on this massive archive. These two new approaches will, we believe, facilitate reporting and disclosure while fulfilling our obligations to the public and to our source. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 16 14:25:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2016 15:25:40 -0400 Subject: [Infowarrior] - CIA IG Claims It Accidentally Deleted CIA Torture Report After Being Asked To Retain It Message-ID: CIA Inspector General Claims It Accidentally Deleted CIA Torture Report After Being Asked To Retain It https://www.techdirt.com/articles/20160516/11213834453/cia-inspector-general-claims-it-accidentally-deleted-cia-torture-report-after-being-asked-to-retain-it.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 16 19:39:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2016 20:39:17 -0400 Subject: [Infowarrior] - Even basic phone logs can reveal deeply personal information, researchers find Message-ID: <26D16B29-2FBE-4125-A861-26550024FBE3@infowarrior.org> Even basic phone logs can reveal deeply personal information, researchers find Stanford study shows how details gleaned from telephone ?metadata? by National Security Agency pose a threat to privacy of ordinary citizens Ian Sample Science editor @iansample Monday 16 May 2016 15.00 EDT Last modified on Monday 16 May 2016 17.00 EDT https://www.theguardian.com/science/2016/may/16/even-basic-phone-logs-can-reveal-deeply-personal-information-researchers-find The mass collection of telephone records by government surveillance programs poses a clear threat to the personal privacy of ordinary citizens, according to US researchers who used basic phone logs to identify people and uncover confidential information about their lives. Armed with anonymous ?metadata? on people?s calls and texts, but not the contents of the communications, two scientists at Stanford University worked out individuals? names, where they lived and the names of their partners. But that was not all. The same data led them to uncover potentially sensitive information about some individuals. One man was found to own a rifle, while another had recently been diagnosed with an irregular heartbeat. Other data pointed to a new pregnancy, a person with multiple sclerosis, and an individual who was gearing up to grow cannabis. The results highlight the extraordinary power of telephone metadata ? the number called, when, and for how long ? particularly when it is paired with public information available from services such as Google, Yelp and Facebook. The value of the data, which is not subject to the same legal protections as the content of people?s communications, has long been recognised by the security services. As Stewart Baker, the former general counsel at the US National Security Agency put it in the aftermath of Edward Snowden?s revelations: ?Metadata absolutely tells you everything about somebody?s life.? Patrick Mutchler, a computer security researcher at Stanford, said that while the power of metadata was understood by those gathering the information, the public was largely in the dark because so few published studies have revealed how rich the data are. ?That makes it difficult for people with strong opinions about these programs to fight them. Now we have hard evidence we can point to that didn?t exist in the past,? he said. For the study, the researchers signed up 823 people who agreed to have metadata collected from their phones through an Android app. The app also received information from their Facebook accounts, which the scientists used to check the accuracy of their results. In all, the researchers gathered metadata on more than 250,000 calls and over 1.2m texts. Analysts who logged into the NSA?s metadata gathering system were initially allowed to examine data up to three hops away from an individual. A call from the target individual?s phone to another number was one hop. From that phone to another was two hops. And so on. The records available to analysts stretched back for five years. The collection window has now been restricted to two hops and 18 months at most. The Stanford study found that armed with one phone number to start from, the NSA program would initially have given analysts access to telephone metadata for tens of millions of people. Once restrictions came into place, that number fell dramatically, but it still meant that armed with a single phone number, an NSA analyst could retrieve metadata on 25,000 people. Writing in the journal Proceedings of the National Academy of Sciences, Mutchler describes how on a shoestring budget, he and fellow graduate student, Jonathan Mayer, uncovered a wealth of personal information, some of it sensitive, about people who took part in the study. Through automatic and manual searches, they identified 82% of people?s names. The same technique gave them the names of businesses the people had called. When these were plotted on a map, they revealed clusters of local businesses, which the scientists speculated surrounded the person?s home address. In this way, they named the city people lived in 57% of the time, and were nearly 90% accurate in placing people within 50 miles of their home. Mutchler believes some of the misses came from people not updating their Facebook page when they moved out of their parents? home, for example, to go to college. The scientists next delved into more personal territory. Using a simple computer program to analyse people?s call patterns, they inferred who among the study volunteers was in a relationship. Once they knew the owner of a particular number had a partner, identifying the significant other was trivial, they report. For the final part of the study, the researchers delved even deeper, to see what sensitive information they could glean from telephone metadata. They gathered details on calls made to and from a list of organisations, including hospitals, pharmacies, religious groups, legal services, firearms retailers and repair firms, marijuana dispensaries, and sex establishments. From these, they pieced together some extraordinary vignettes from people?s lives. The metadata from one person in the study showed they had a long call from a cardiology centre; spoke briefly with a medical laboratory; answered a number of short calls from a local pharmacy, and then made calls to a hotline for abnormal heart-rate monitoring devices. Another participant made frequent calls to a local gun supplier that specialised in semi-automatic rifles, and later placed a number of long calls to the customer support hotline run by a major gun manufacturer that produced the rifles. Another still placed calls to a hardware store, a locksmiths, a hydroponics supplier and a head shop in the space of three weeks. The metadata from two others suggested one had multiple sclerosis and the other had just become pregnant. ?All of this should be taken as an indication of what is possible with two graduate students and limited resources,? said Mutchler, who argues that the findings should make policymakers think twice before authorising mass surveillance programs. ?Large-scale metadata surveillance programs, like the NSA?s, will necessarily expose highly confidential information about ordinary citizens,? the scientists write, adding: ?To strike an appropriate balance between national security and civil liberties, future policymaking must be informed by input from relevant sciences.? Ross Anderson, professor of security engineering at Cambridge University, said the study provided numbers that discussions can now be based on. ?With the right analytics running over nation-scale comms data you can infer huge amounts of sensitive information on everyone. We always suspected that of course, but here?s the data.? -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 17 16:48:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 May 2016 17:48:37 -0400 Subject: [Infowarrior] - =?utf-8?q?_Anti-piracy_firm_Rightscorp=E2=80=99s_?= =?utf-8?q?Q1_financials_read_like_an_obituary?= Message-ID: <31C7D829-7E86-42C4-9693-411E3CE2EBE9@infowarrior.org> good riddance.... Anti-piracy firm Rightscorp?s Q1 financials read like an obituary http://arstechnica.com/tech-policy/2016/05/anti-piracy-firm-rightscorps-q1-financials-read-like-an-obituary/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 17 17:00:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 May 2016 18:00:12 -0400 Subject: [Infowarrior] - SSRN has been captured by the enemy of open knowledge. Message-ID: SSRN has been captured by the enemy of open knowledge. https://medium.com/@PaulGowder/ssrn-has-been-captured-by-the-enemy-of-open-knowledge-b3e5bca6751d#.3ruad4eco -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 17 18:31:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 May 2016 19:31:54 -0400 Subject: [Infowarrior] - Fwd: why not to use Facebook or a camera References: <20160517225340.7A1C4A06D87@palinka.tinho.net> Message-ID: -- It's better to burn out than fade away. > Begin forwarded message: > > From: dan > > http://www.techspot.com/news/64857-nightmare-russian-facial-recognition-app-one-step-closer.html > > Nightmare Russian facial recognition app is one step closer to the > end of privacy > > By Rob Thubron on May 17, 2016, 12:00 PM > > While facial recognition technology has a number of positive > uses, such as finding missing people, an alternative form of ID, > and even tagging friends on Facebook, it does have worrying > implications when it comes to privacy. > > In Russia, a new face recognition app is becoming so popular > that it could result in the end of public anonymity, according > to a report in The Guardian. > > FindFace, which launched two months ago, lets users take a photo > of a crowd and work out individuals' identities with 70 percent > reliability. It does this by using image recognition technology > to compare faces against profile pictures on Vkontakte, a > Facebook-style social media site that has 200 million users. > > The app already boasts 500,000 users and has performed nearly 3 > million searches. Though currently limited to Russia, the app's > creators, Artem Kukharenko and Alexander Kabakov, imagine a world > where the app is used by everyone to examine strangers' social > network profiles just by taking a photo of them on the street. > > Kabakov has suggested that the app could have applications when > it comes to 'dating'. "If you see someone you like, you can > photograph them, find their identity, and then send them a friend > request," he said. "It also looks for similar people. So you > could just upload a photo of a movie star you like, or your ex, > and then find 10 girls who look similar to her and send them > messages." It sounds like creepy stalkers everywhere will soon > have a reason to rejoice. > > Other than tracking down Scarlett Johansson lookalikes and > harassing random women you find attractive, the app's already > found other uses. The creators are about to sign a deal with > the Moscow city government to implement the technology into > 150,000 CCTV cameras. Should a crime be committed, the faces of > everyone in the area will be checked against photos from various > records, including social media sites, to determine if they're > a possible suspect. > > FindFace's Orwellian nightmare scenario is already rearing its > head. Recently, the app was used to find the profiles of Russian > sex workers and porn actresses so trolls could harass them and > send messages to their friends and families. And the fact it's > so popular in Russia, a country not known for respecting the > privacy rights of its citizens, is a big concern. > > Kabakov also envisions the technology being used in the retail > sector. He talks about a shop CCTV camera capturing a person > looking at a product, such as a laptop, and then the retailer > identifying the individual and bombarding them with adverts for > laptops - probably until they go out and buy one. > > As for the big question of whether the app can access Facebook's > image database: no, it can't. Not right now, at least. The > creators say the US site stores photos in a way that is harder > to access than Vkontakte, so lets hope things stay this way. > > In addressing people's privacy fears, Kabakov goes with the `it's > just the way things are, so get used to it' argument: "In today's > world we are surrounded by gadgets. Our phones, televisions, > fridges, everything around us is sending real-time information > about us. Already we have full data on people's movements, their > interests and so on. A person should understand that in the > modern world he is under the spotlight of technology. You just > have to live with that." > > To discover more about FindFace, check out the video below, which > somehow manages to be as sinister as the app itself. > > https://www.youtube.com/embed/VZnWnbFUJqQ > > From rforno at infowarrior.org Tue May 17 19:39:51 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 May 2016 20:39:51 -0400 Subject: [Infowarrior] - Here's Why the TSA Is So Terrible Message-ID: <021A92D4-338A-47B8-8E80-08A8AABF2D23@infowarrior.org> Here's Why the TSA Is So Terrible May 17, 2016 3:24 PM EDT Megan McArdle http://www.bloomberg.com/view/articles/2016-05-17/here-s-why-the-tsa-is-so-terrible This weekend, I flew to Chicago for my 15th (!!!) business school reunion. I will not tire you with tales of the drinking and hijinks that ensued, mostly because this being our 15th, the activities were more along the lines of swapping child photos and nursing a third beer. It was on the way home that the events of columnizing interest occurred: I found myself in the middle of what I thought was a confused crowd, and turned out to be the line for security. Said line was, according to reports from classmates, running at least 90 minutes. Dozens of people were stranded overnight when the long security lines caused people to miss their flights. Nor is this an anomaly. The problem is occurring all around the country at busy airports. The TSA is blaming inadequate staffing, but government bureaucrats always blame inadequate staffing, since agency headcount is generally a good proxy for ?importance of the boss of said agency.? As far as I was able to tell from where I stood, all the scanners seemed to be operating, making me wonder what, exactly, extra people would have done, since no matter how many staffers you assign, only one person can pass through each checkpoint at a time. Besides, the number of passengers is not actually up at O?Hare airport that much, according to the latest numbers I could find. So I tend to place more credence on the second explanation: The TSA has slowed down screening after last summer?s humiliating failure to detect almost any of the contraband in a security audit. I was fortunate enough to have enrolled in TSA Precheck, which had a blessedly short line. Nonetheless, I spent more than 20 minutes waiting to get through. There was a confused fellow who must have gone through the metal detector half a dozen times before he finally realized he needed to shuck his belt, and two passengers who seemed to speak almost no English. Then, with the line still backing up, the TSA person made the woman ahead of me stop and go back through because she had jokingly danced back and forward. And made me go through again because ? I walked through with my hands in my pockets, having jammed them there while I stood around watching the show. I have spent a day and a half struggling to figure out how moving backwards and then forwards at walking speed, could defeat a metal detector. Either the magnetic circuit detects metal or it doesn?t. The TSA agents didn?t seem to know either; they just threatened the woman that she could be kept off her flight for playing around. Apparently, issuing absurd threats to American citizens over harmless behavior is something that requires a complement of two TSA officers. No wonder they?re understaffed. But this is the essential logic of bureaucracy. The TSA will suffer terribly if a terrorist slips through with a bomb -- or even if the auditors make it through with a fake bomb. On the other hand, what happens to them if there are long lines? Not much. They?ve got to be there for eight hours, so why should they care if we are too? This is why government agencies tend to be much more attuned to remote risks than the real and persistent costs they impose on the rest of us. This is also the essential problem of American security theater. Thorough screening is very expensive and time consuming, particularly because most of our airports weren?t built for this level of screening. At Reagan, my preferred airport, there?s pretty much nowhere to put another security line. The easiest way to keep the lines moving is to screen less carefully. All screening faces an inherent tradeoff between false positives and false negatives; you eliminate one by accepting more of the other. When the TSA decides to crack down on the false negatives (the threats they missed), that means they get more false positives, as every person with an oddly bulging body, a forgotten bottle of water, or a penchant for impromptu dance performances, has to go through the checkpoint again. And that takes up a lot of time, during which the lines grow and grow. A rational cost-benefit analysis might well dictate that it?s better to accept some higher risk of threats than to accept the lines. O?Hare runs something in the vicinity of 150,000 domestic passengers a day through its domestic operations. Even valuing the time of all those passengers at minimum wage, a 90-minute line costs more than $1.5 million in lost value. Now, OK, some of those people didn?t wait that long, but call it $1 million. Call it $500,000. Then multiply that times many days, many years. Even with an absurdly low value on the time of the passengers, that?s hundreds of millions in costs -- at just one of our nation?s many airports. But that?s not how political and bureaucratic logic works. If the TSA loosens up its screening procedures to the point where almost everything gets through, the lines move -- but then there?s not really any point in having the TSA. Which is a conversation worth having. This security theater since Sept. 11, 2001, has probably done less to deter terrorists than the reinforced cockpit doors and passengers' new awareness that a hijacking could end in fiery death rather than, as security expert Bruce Schneier likes to say, ?a week in Havana.? There?s a reason that the shoe bomber and the underwear bomber were subdued by their fellow passengers. Moreover, even if the TSA does help us perfectly harden airplanes against attack -- well, as Paris demonstrated, you don?t need to get on an airplane to kill a lot of people. Terror attacks can always shift to softer targets -- like, for example, vast airport security lines where hundreds of people are forced to stand crammed into a very small space. It would be a much better use of our money and time to invest in catching terrorists before they get to their target. But in the history of the world, few indeed are the managers or bureaucrats who have said: ?Yup, what we?re doing is useless, you should probably fire me and all my staff.? It?s pretty much inevitable that the TSA, having flunked its audit, is going to choose to impose huge burdens on airline passengers, rather than admit that it?s not actually doing all that much to keep us safe. I?d bet that in the next six months, the TSA will be rewarded for the longer lines by having its budget and headcount increased. If that doesn?t fix the problem, I?d guess the TSA's next step will be to make it look as if it did -- by relaxing the screening standards once again and thereby speeding up the lines. The end result of this cycle: a bigger, more expensive agency that still doesn?t do much to keep us safe. As the nice lady said to me when I finally deplaned, ?Welcome to Washington.? This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners. To contact the author of this story: Megan McArdle at mmcardle3 at bloomberg.net To contact the editor responsible for this story: Philip Gray at philipgray at bloomberg.net -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 20 07:46:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 May 2016 08:46:30 -0400 Subject: [Infowarrior] - FBI Plots Its Next Move in the Encryption Battle Message-ID: <8BDE9E4A-F7A5-4662-889D-C06E21AA7B5E@infowarrior.org> FBI Plots Its Next Move in the Encryption Battle Chris Strohm cstrohm May 20, 2016 ? 5:00 AM EDT http://www.bloomberg.com/news/articles/2016-05-20/hacking-terrorist-s-iphone-was-easy-compared-to-next-fbi-hurdle The next frontier in the battle between the FBI and technology companies over encrypted communications will be more legally complicated -- and messy -- than trying to get into the iPhone of a dead terrorist. Messaging tools like Facebook Inc.?s WhatsApp and Internet services that automatically encrypt the content of texts, phone calls and other data while they?re being sent are increasingly becoming a problem for national security and criminal investigations, according to the Federal Bureau of Investigation. Capturing that data while it?s in transit is essential, the agency says. Not so fast, say privacy advocates. Not even possible, say the companies. "We?re kind of all waiting for the next big test case," said Andrew Crocker, a staff attorney with the Electronic Frontier Foundation in San Francisco, which is suing the Justice Department over whether the government has ever used secret court orders to force technology companies to decrypt the private communications of their customers. And while legal strategies are plotted in the U.S., the threat of encrypted applications isn?t theoretical. Supporters of Islamic State and al-Qaeda in the Arabian Peninsula have already found alternatives to U.S.-based apps, potentially limiting intelligence gathering on terrorist plots after a year in which scores were killed in attacks in Paris, Brussels and San Bernardino, California. ?New Frontier? Although the FBI found workarounds for two high-profile cases involving data on locked iPhones, law enforcement agencies confront unique legal challenges to compel companies to provide access to encrypted communications, including laws written more than two decades ago when the Internet was just emerging. And as players in the debate stake out their positions, the results of new cases are likely to define the rules for digital rights for several decades. "This is the new frontier and it is a much more expansive frontier in terms of its effect on law enforcement investigations," said Edward McAndrew, a former federal prosecutor who?s now a partner with the law firm Ballard Spahr LLP. Court Orders While the FBI and other law enforcement agencies can seek court orders compelling companies to comply with wiretap orders, at least two issues make it harder for agencies to get the data they?re seeking in cases that are likely to come: ? Investigators say they have been left behind by rapid advances in technology. In order to intercept the content of communications being sent in real-time, investigators have to use laws that limit their reach, such as the 1994 Communications Assistance for Law Enforcement Act. ? The ability to protect information with encryption, which scrambles data using a secret code that can be unlocked only with a special key known solely to the user, means companies may not even be able to provide law enforcement the data sent on their networks or through their applications. WhatsApp?s Encryption WhatsApp on April 5 finished giving its users encryption by default as well as complete control over the keys for all its messaging services, including photos, phone calls and group chats, said spokesman Matt Steinfeld. Apple Inc. said it began offering full end-to-end encryption for its iMessage platform and FaceTime video service about five years ago. WhatsApp?s encryption arose as an issue in Brazil this month, when a judge shut down the service for a day for not making data available to law enforcement. Facebook Chief Executive Officer Mark Zuckerberg called the move against WhatsApp, which has more than 1 billion subscribers worldwide, frightening. ?The idea that everyone in Brazil can be denied the freedom to communicate the way they want is very scary in a democracy,? Zuckerberg said in a May 3 blog post. In the U.S., the FBI showed its willingness to bring a legal case over encryption when it served Apple with a court order in February compelling the company to help access the data stored on an iPhone used by Syed Rizwan Farook, who with his wife carried out a deadly December attack in San Bernardino, California. The bureau ultimately backed down in March when it bought a hacking tool to get into the phone without Apple?s help. The government has a weaker legal argument when it comes to requiring a company to provide access to encrypted ?data in motion? as it travels over the Internet than it does in demanding ?data at rest? stored on a device, said Marc Zwillinger, a former federal cybercrime prosecutor. The Communications Assistance for Law Enforcement Act doesn?t cover many Internet services and expressly states that a telecommunications provider can?t be responsible for decrypting any communication if it doesn?t possess the information necessary to do so, said Zwillinger, a managing member of ZwillGen Pllc who often represents technology companies, including Apple in the San Bernardino case. Even if the government succeeded in getting a company to break encryption, users could move to another encrypted messaging service located outside the U.S., said Peter Toren, a former federal computer crimes prosecutor and now a partner with the law firm Weisbrod Matteis & Copley Pllc. ?No Jurisdiction? "The FBI certainly has no jurisdiction, nor ability, to extract information from providers that are outside the United States," Toren said. "Technology is changing the game." One such application is Telegram, which lets users build message groups of as many as 200 people and has been favored by Islamic State and al-Qaeda in the Arabian Peninsula, according to a report by the Middle East Media Research Institute. While Telegram has blocked public message channels used by Islamic State, it has said it won?t limit encrypted private messages, which can self-destruct on a timer. Sometimes the only way to obtain the content of communications is when it?s in transit because companies don?t retain it on their servers, according to the FBI. Courts? Limits In a limited number of cases, even encrypted information can be useful to the bureau. The agency might find a way to decrypt it at a later time, or combine it by using other investigative techniques to pursue a case. But the agency says there?s no substitute for having the content of communications. "As you see WhatsApp, Viber and others moving to what they?re calling end-to-end encryption for messaging, that all but guarantees the government, at least through its criminal investigative authorities, would not be able to intercept that content," said McAndrew. If the FBI concludes it needs access to such data, ?the court system is not going to be the proper place to resolve it," Zwillinger said. Toren and McAndrew said the best solution would be for Congress to update laws governing wiretaps and access to data. ?Easy-to-Use? Encryption Amid the impasse, the problems for law enforcement keep mounting. From July to December last year, law enforcement agencies requested information for 5,192 Apple accounts, according to the company?s latest transparency report. The company said it provided some data in response to 82 percent of government requests. The report doesn?t specify how many of the requests were wiretap orders. U.S. officials fear more companies will "develop and market easy-to-use, seamless, end-to-end encryption," the Office of the Director of National Intelligence said in a May 5 letter to Senator Ron Wyden, an Oregon Democrat. "This means that law enforcement and national security personnel are losing access to the one area that we care about the most -- the content of communications of violent criminals and terrorists," according to the letter from Deirdre Walsh, the intelligence office?s director of legislative affairs. Groups such as the Electronic Frontier Foundation say they worry, however, that agencies might try to use the secretive Foreign Intelligence Surveillance Court that oversees spying in an effort to compel a company to decrypt data in motion without the public knowing. "The real worry from the privacy and advocacy community is that it would be happening behind closed doors, under seal and in secret," Crocker said. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun May 22 21:07:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 May 2016 22:07:10 -0400 Subject: [Infowarrior] - Here's Why Lawyers Suggest You Stop Using Your Finger to Unlock Your Phone Message-ID: <410432B2-6B86-45E4-A618-D44C87343217@infowarrior.org> (c/o EP) Here's Why Lawyers Suggest You Stop Using Your Finger to Unlock Your Phone You are protected against revealing passwords under the Fifth Amendment's right against self-incrimination, but your biometrics are not. By Will Yakowicz Staff writer, Inc. http://www.inc.com/will-yakowicz/why-biometrics-are-bad-for-your-constitutional-rights.html?platform=hootsuite Biometrics might be cool and convenient, but the technology could potentially undermine your legal rights under the Fifth Amendment, which prohibits the government from compelling a witness to testify against herself. A court or police officer could legally compel you to press your finger onto your smartphone to unlock it, but if your phone is locked with a passcode, no one can legally compel you to open it, says William J. Cook, an attorney and partner at law firm Reed Smith in Chicago, who specializes in information technology, privacy, and data security. Cook explains that the difference between a password and a biometric identifier is great under the law--you have a right not to reveal the contents of your mind, which includes things like a password, but your fingerprints are a part of who you are and you expose them to the public every day. This is why when a person gets arrested, he or she must consent to fingerprinted while retaining the right to remain silent. Thoughts are protected, biometric identifiers (fingerprints, face, hair) are not. Ever since Apple introduced Touch ID in 2013, privacy law experts have been sounding the alarm about the way biometrics can whittle away at your right against self-incrimination. "The Fifth Amendment protects individuals against saying anything, testimony or statements, that could incriminate them," says Paul Bond, who is also a partner at Reed Smith. "While it protects information, it does not shield physical things in the world available for production. Making the key to your information a physical key or biometric identifier is putting it in the realm of police power to produce." The unlocking of smartphones and computers has become a legal niche, but this niche will soon grow to become a big part of many cases, Cook says. The FBI uses search warrants based on probable cause (the Fourth Amendment) to compel companies like Apple to unlock the phones belonging to alleged criminals to find evidence of crimes, but authorities are also gaining access to devices that use biometric identification systems, like Apple's Touch ID, by obtaining search warrants to force people to press a finger onto a mobile phone, Cook says. Recently in Los Angeles, a federal judge signed a warrant to allow the FBI to force a 29-year-old woman to press her finger on an iPhone cops had seized from her boyfriend's home, an alleged gang member, the Los Angeles Times reported last week. This marked the first time a suspect had been forced to unlock an iPhone via Touch ID in a federal case. More criminal investigations will involve accessing personal devices like smartphones, and biometric authentication technology is spreading to more devices. As even more employees download work-related information and data onto their personal phones, these three factors are conspiring to make company data a potential casualty of biometric technology's legal protection problem, Bond says. "If all it takes is a fingerprint swipe by an employee, at that point the control of the information is out of the hands of the company," Bond says. Published on: May 10, 2016 -- It's better to burn out than fade away. From rforno at infowarrior.org Sun May 22 21:07:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 May 2016 22:07:18 -0400 Subject: [Infowarrior] - On Airport Security, America Should Take a Lesson from Israel Message-ID: <65598F35-D5BB-4C46-A56A-4FDE091EDA63@infowarrior.org> On Airport Security, America Should Take a Lesson from Israel Jay MichaelsonMay 21, 2016 http://forward.com/articles/341053/on-airport-security-america-should-take-a-lesson-from-israel/ Airport security is back in the news this year, with passengers and the Transportation Security Administration alike anticipating longer lines than ever as the summer travel season begins. Yet for all the handwringing and occasional proposing of solutions, few are addressing the central issue: that the system itself is ineffective, inefficient and just plain dumb. This year?s anticipated crisis is the result of two primary factors: first, the good news that the economy is largely recovered and people are traveling more, and second, the bad news that while Republicans in Congress love to demand more law enforcement, they hate to pay for it, and their budget cuts have produced a shortage of TSA employees that won?t be remedied by this summer. (There are also problems with TSA itself, though many Republicans want to see TSA fail so that the system can be privatized, so it?s hard to get an accurate read.) Homeland Security Secretary Jeh Johnson recently announced some Band-Aids: more overtime, faster hiring procedures and more dogs. But these tweaks ignore the fact that our airport security process is hopelessly broken, and has been from its inception. Unlike, for example, Israel?s extremely effective systems, which have been tested and refined over decades, the American system doesn?t work at rooting out actual threats, and produces needless, costly delays. It is, experts agree, a kind of ?security theater?: a pageant to convey the message that you?re safe while actually doing simultaneously too much and too little. Too much: The whole world is laughing at us as we pointlessly take off our shoes based on one (failed) terrorism attempt years ago. Why is shoes-on safe enough for Israel but not safe enough for America? Why do we take air hijackings so seriously when cockpits are now locked, and nobody has seriously tried to hijack an American plane in years? And too little: A recent audit showed that TSA screeners failed to detect weapons 95% of the time . Ninety-five percent wrong! That?s not just a failing grade, that?s a grade of nearly zero. (Given how many weapons TSA does find , it makes you wonder how many get through.) No wonder TSA whistleblowers are reassigned or shushed up; the whole system is a lie. It?s not even a noble lie. Does forcing grandmothers to get out of their wheelchairs really make anyone feel safe? To the extent anyone believes the security theater, it probably just makes them feel more afraid ? or angry with the ?terrorists? whom we have allowed to destroy our way of life. More likely, spectacles like this, which take place every day at 400 airports across the country, look like a kind of visual political correctness. The long lines at security checkpoints humiliate the innocent and fail to catch the guilty. Everyone knows that sealed water bottles, toothpaste and cream cheese don?t pose a security threat. Yet just like listening to the idiotic, rote instructions about how to buckle your seatbelt on the airplane, we have to go through the motions, cogs in a broken machine. The difference is that this system is a gigantic waste of time and money. Not only the government?s money, but also our own. Let?s do some math. There are about 1.73 million passengers every day. If each spends just half an hour in line, that?s roughly 860,000 hours. And at an average wage of $16.75, which already accounts for the unemployed, that?s $14.4 million dollars every day, or $5.2 billion per year, in lost productivity. And for that, we get a system that?s 95% ineffective. The problem is that, when it comes to aviation security, the government has lost its mind. TSA?s mandate doesn?t balance risks and costs, as agencies do in health, environmental and safety regulations; it is focused on attaining zero risk, regardless of the cost in time, money, inconvenience or dehumanization. That is ridiculous ? and it doesn?t work. It?s also tragic. We now know that the Bush administration manipulated the color-coded ?threat levels? (remember those?) for political reasons; Donald Trump is hardly the first politician to observe that fear is an excellent motivator. And while TSA policies are (I assume) not deliberately designed to increase fear, the fact that they do so erodes our democracy, terrifies our populace and turns us into a nation of ninnies. Once more, one need only look to the Jewish state to see a study in contrast. Remember a year and a half ago, when empty threats from North Korea sent movie theater chains into a panic, and stopped them from showing ?The Interview?? I wrote at the time that ?Israel has long recognized that to cower in fear is to hand terrorists precisely the victory they are seeking. It has also learned to sift credible threats from bluster.? American conservatism talks tough precisely because its adherents are scared stiff. And this leads to bad policy, whether on immigration, the ?war on terror? or aviation security. Now, the United States cannot and should not adopt Israeli policies wholesale. In large part, Israeli security is efficient because it relies on racial profiling; ask any ?Arab-looking? person how ?efficient? his experience at Ben-Gurion was. Whatever the Israeli cost-benefit analysis of this approach, it runs counter to American values ? at least unless Trump wins the election. That grandmother is getting out of her wheelchair so the dark-skinned man isn?t treated differently from her, and that?s how it should be. But the Israeli system does strike a more sensible balance between screening people and screening things. It doesn?t waste time with far-fetched scenarios like a shoe bomb, and does include more of the human element. The American system ? screening things ? is a policy choice that has led directly to the two-hour waits at airports. It would not be difficult to adopt some of Israel?s people-centric policies without sliding into racial profiling. For example, the system could select people for the current level of screening neither at random (as our system supposedly does now) nor based on racial characteristics, but based on how they answer a couple of simple questions (no need for El Al?s interrogation; just a quick screen would do), or how they are acting, or other triggering but non-racial characteristics, like traveling alone. Most people would speed through a quicker line, while some would undergo the level of screening we all endure now. Of course, this holds the potential for profiling and abuse, but so does our current system, as many people know all too well. Most important, we should be adopting some Israeli attitudes. Americans, especially conservative ones , are rapidly becoming a nation of scared little children, terrified of Muslims, Mexicans, Ebola (remember that?), Zika, the Islamic State group, whatever. Yes, the world is a dangerous place ? even though, by most measures, it?s the safest it?s ever been . But let?s grow up. Let?s face threats where they are real and not imagined, and stop yearning for a strongman ? or a body scan ? to protect us from our fears. The problem with aviation security isn?t about human resources; it?s about the human spirit. We can do better. Jay Michaelson is a contributing editor to the Forward. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 23 18:25:45 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 May 2016 19:25:45 -0400 Subject: [Infowarrior] - Head of security for TSA removed Message-ID: <8F4AD28A-C0EC-4C55-9211-6A31915EC4C1@infowarrior.org> World | Mon May 23, 2016 7:15pm EDT Related: U.S. Head of security for TSA removed from post: House panel http://www.reuters.com/article/us-usa-security-tsa-idUSKCN0YE2R1 The head of security for the U.S. Transportation Security Administration has been removed from his position, the U.S. House of Representatives Oversight Committee said on Monday on Twitter. The House panel, which held a hearing May 12 on long lines at airport security checkpoints, did not give a reason for Kelly Hoggan's dismissal as TSA assistant administrator for security operations. Members of the committee criticized the TSA for awarding over $90,000 in bonuses and awards to Hoggan over a 13-month period. TSA did not immediately respond to a request for comment. (Corrects hearing date in second paragraph to May 12 from last week.) (Reporting by Eric Beech; Editing by Eric Walsh) -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 24 15:43:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2016 16:43:13 -0400 Subject: [Infowarrior] - Apple hires leading security expert amid encryption fight Message-ID: <22A24C84-4D76-4D4F-8A0C-9F15858BBAE1@infowarrior.org> Apple hires leading security expert amid encryption fight Katie Bo Williams http://thehill.com/policy/cybersecurity/281088-apple-hires-leading-security-expert-amidst-ongoing-encryption-fight Apple has rehired the cryptography expert behind the secure communications platforms Silent Circle, PGP Corp and Blackphone to boost the security features on its devices, Reuters reported Tuesday. Jon Callas, who worked at Apple in the 1990s and again between 2009 and 2011, rejoined the tech giant in May, a spokesperson said. The company declined to elaborate on Callas? role, but the move fits with repeated company assertions that it will continue to strengthen the security protections on its devices. Apple?s robust encryption algorithms have been at the heart of the high-profile dispute between the law enforcement community and Silicon Valley over the degree of access that authorities should have into secure communications. Apple earlier this year refused to help the FBI unlock the iPhone of one of the San Bernardino shooters, kicking off a bitter feud that was resolved only when the agency purchased a third-party tool to hack into the device. Security experts and privacy advocates insist that to provide any guaranteed access for law enforcement is tantamount to a ?back door? that will undermine the safety and privacy of everyday users of Apple?s devices. Strong encryption, technologists say, is necessary to stay a step ahead of the onslaught of digital attacks from hackers consumers face everyday. But authorities argue they have struggled to execute search warrants as end-to-end encryption ? which allows only the sender and the recipient to read a message ? becomes more readily available in the consumer market. While the fight over the San Bernardino shooter's phone was shelved, the larger debate continues apace on Capitol Hill, where several bills attempting to resolve the tension are circulating both chambers. One, from Sens. Richard BurrRichard BurrApple hires leading security expert amid encryption fight GOP senators: Obama bathroom guidance is 'not appropriate' Dem slams GOP for skipping vote on 'back doors' in devices MORE (R-N.C.) and Dianne FeinsteinDianne FeinsteinApple hires leading security expert amid encryption fight Dem slams GOP for skipping vote on 'back doors' in devices Morley Safer of '60 Minutes' dies at 84 MORE (D-Calif.), would require providers to provide "technical assistance" to investigators seeking access to locked devices. Throughout the dispute with the FBI, Apple said repeatedly that it will continue to bolster the digital defenses of its products, even in the face of pushback from the Department of Justice. ?We will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,? Apple said in March. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 24 19:22:19 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2016 20:22:19 -0400 Subject: [Infowarrior] - =?utf-8?q?What=E2=80=99s_driving_Silicon_Valley_t?= =?utf-8?b?byBiZWNvbWUg4oCYcmFkaWNhbGl6ZWTigJk=?= Message-ID: <7286F1FA-BA7D-4C37-ABB4-9CE8B1ED56DD@infowarrior.org> What?s driving Silicon Valley to become ?radicalized? By Elizabeth Dwoskin May 24 at 5:00 PM SAN FRANCISCO ? Like many Silicon Valley start-ups, Larry Gadea?s company collects heaps of sensitive data from his customers. Recently, he decided to do something with that data trove that was long considered unthinkable: He is getting rid of it. The reason? Gadea fears that one day the FBI might do to him what it did to Apple in their recent legal battle: demand that he give the agency access to his encrypted data. Rather than make what he considers a Faustian bargain, he?s building a system that he hopes will avoid the situation entirely. ?We have to keep as little [information] as possible so that even if the government or some other entity wanted access to it, we?d be able to say that we don?t have it,? said Gadea, founder and chief executive of Envoy. The 30-person company enables businesses to register visitors using iPads instead of handwritten visitor logs. The technology tracks who works at a firm, who visits the firm, and their contact information. In Silicon Valley, there?s a new emphasis on putting up barriers to government requests for data. The Apple-FBI case and its aftermath have tech firms racing to employ a variety of tools that would place customer information beyond the reach of a government-ordered search. The trend is a striking reversal of a long-standing article of faith in the data-hungry tech industry, where companies including Google and the latest start-ups have predicated success on the ability to hoover up as much information as possible about consumers. Now, some large tech firms are increasingly offering services to consumers that rely far less on collecting data. The sea change is even becoming evident among early-stage companies that see holding so much data as more of a liability than an asset, given the risk that cybercriminals or government investigators might come knocking. Start-ups that once hesitated to invest in security are now repurposing limited resources to build technical systems to shed data, even if it hinders immediate growth. ?Engineers are not inherently anti-government, but they are becoming radicalized, because they believe that the FBI, in particular, and the U.S. government, more broadly, wants to outlaw encryption,? said prominent venture capitalist Marc Andreessen in a recent interview. Andreessen?s firm, Andreessen Horowitz, is an investor in Envoy. The government abandoned its effort to force Apple to help unlock the iPhone of one of the San Bernardino terrorists and paid professional hackers to crack the phone instead. But experts say that the issue is far from settled, and will probably be the subject of court and legislative battles. Start-ups are particularly wary, Andreessen said, of legislation proposed recently by Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) that would compel tech companies to build technical methods to share customers? encrypted data, at a court?s request. ?They believe there?s this window of opportunity that if we build strong encryption now, we can make it a fait accompli. But if we let five years pass, it may never happen,? Andreessen said. < - > https://www.washingtonpost.com/news/the-switch/wp/2016/05/24/what-is-driving-silicon-valley-to-become-radicalized/ -- It's better to burn out than fade away. From rforno at infowarrior.org Wed May 25 15:09:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2016 16:09:05 -0400 Subject: [Infowarrior] - Senate bill would let FBI read your emails without a court order Message-ID: <32E4CE93-09B9-4C62-8BA2-9FE0A5728E11@infowarrior.org> Senate bill would let FBI read your emails without a court order http://www.cnet.com/news/senate-bill-would-let-fbi-read-your-emails-without-a-court-order/ The 2017 Intelligence Authorization Act would deal a blow to privacy by making government surveillance easier. May 25, 201612:52 PM PDT by Shara Tibken @sharatibken Better watch what you put in email. The Senate Intelligence Committee on Tuesday approved a bill that would make it easier for the government to read what you're writing online. The 2017 Intelligence Authorization Act, if enacted into law, would let the FBI obtain email records without a court order. All the agency would need is a National Security Letter, which lets the FBI get information from companies about their customers without alerting the person being investigated. Currently, the FBI can access phone records that way, but not emails. The bill is the latest move by the federal government to shore up its powers when it comes to surveilling citizens. The government has been battling Apple and other tech companies for more access to data stored on devices. Law enforcement argues it can't fight crimes unless it has access to information on mobile gadgets. Technology companies and rights groups argue that features like strong encryption, which scrambles data so it can be read only by the intended recipient, are needed to keep people safe and protect privacy. Senate Intelligence Committee Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-Calif.) said Tuesday in a joint statement that the 2017 Intelligence Authorization Act makes it easier for the government to keep Americans safe. "The threat of terrorism remains high, so it's vital that we provide intelligence agencies with all the resources they need to prevent attacks both at home and abroad," Feinstein said. But Sen. Ron Wyden (D-Ore.), the lone dissenting voice on the 15-member Senate committee, vowed to work on reversing the "dangerous provisions." "This bill takes a hatchet to important protections for Americans' liberty," he said in a statement. "This bill would mean more government surveillance of Americans, less due process and less independent oversight of US intelligence agencies. Worse, neither the intelligence agencies, nor the bill's sponsors have shown any evidence that these changes would do anything to make Americans more secure." Now that the bill has passed in the Intelligence Committee, it next will be considered by the full Senate. From rforno at infowarrior.org Thu May 26 05:59:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2016 06:59:59 -0400 Subject: [Infowarrior] - fwd: Obama promised transparency. But his administration is one of the most secretive References: <689e10a8-f9a4-da00-777b-7532173eeebf@inetassoc.com> Message-ID: <0E887C44-2086-4E5B-A27E-1D697C7BA148@infowarrior.org> > Begin forwarded message: > > From: Duane > > https://www.washingtonpost.com/lifestyle/style/obama-promised-transparency-but-his-administration-is-one-of-the-most-secretive/2016/05/24/5a46caba-21c1-11e6-9e7f-57890b612299_story.html > > Obama promised transparency. But his administration is one of the most secretive > By Margaret Sullivan, Media Columnist > May 24 2016 > > Some things just aren?t cool. One of those, according to our no-drama president, is ignorance. > > ?It?s not cool to not know what you?re talking about,? President Obama said during his recent Rutgers University commencement address. It was a swipe clearly intended for he-who-didn?t-need-to-be-named: Donald Trump, the likely Republican nominee for president. > > Okay, no argument there. > > But the Obama administration itself has been part of a different know-nothing problem. It has kept the news media ? and therefore the public ? in the dark far too much over the past 7 1/2 years. > > After early promises to be the most transparent administration in history, this has been one of the most secretive. And in certain ways, one of the most elusive. It?s also been one of the most punitive toward whistleblowers and leakers who want to bring light to wrongdoing they have observed from inside powerful institutions. > > That?s why I?m skeptical about the notion that Americans will soon know what they need to know about drone strikes ? the targeted killings that have become a major part of the administration?s anti-terrorism effort in Pakistan, Yemen, Somalia and Libya. > > How many of the dead were terrorists or militants? How many were civilians, killed as collateral damage? The administration?s accounting ? promised three years ago ? will arrive when it hardly matters anymore for holding this administration accountable. But, as The Washington Post reported on Monday, it?s also going to be incomplete, omitting what has happened in Pakistan, where hundreds of strikes have taken place. > > Jennifer Gibson, a lawyer for the international human rights organization known as Reprieve, made this pointed statement: ?Excluding the vast majority of drone strikes from this assessment means that it will hardly be worth the paper it is printed on.? Reprieve and another British organization, the Bureau of Investigative Journalism, have long challenged the administration?s accounting of drone deaths, using their own research to insist that there are far more fatalities, and a higher percentage of civilian deaths, than the U.S. government admits. > > Meanwhile, the most transparent administration in history continues doing transparency its own way. > > Call it Transparency Lite. On Monday, during a visit to Vietnam, the president spent some quality time with the media ? in the form of Anthony Bourdain, the celebrity chef. A couple of years ago, he did a heavily publicized interview with the comedian Zach Galifianakis on the faux talk show ?Between Two Ferns,? and last year he made a visit to podcaster Marc Maron?s garage for a chat about fatherhood and overcoming fear. > > But his on-the-record interviews with hard-news, government reporters have been relatively rare ? and, rather than being wide-ranging, often limited to a single subject, such as the economy. > > Remarkably, Post news reporters haven?t been able to interview the president since late 2009. Think about that. The Post is, after all, perhaps the leading news outlet on national government and politics, with no in-depth, on-the-record access to the president of the United States for almost all of his two terms. > > I couldn?t get anyone in the White House press office to address this, despite repeated attempts by phone and email ? which possibly proves my point. > > But a thorough study from Martha Joynt Kumar, a retired Towson University professor, describes the administration?s strategy. The president does plenty of interviews, she writes ? far more than any other president in recent history. But these interviews are tightly controlled and targeted toward specific topics, and, it seems to me, often granted to soft questioners. (All of this is a major shift from a time when news conferences and short question-and-answer sessions allowed reporters to pursue news topics aggressively and in real time.) > > More interviews, less accountability. Feet kept safe from the fire. > > Meanwhile, on media rights generally, the Obama administration hasn?t walked its talk. It has set new records for stonewalling or rejecting Freedom of Information requests. And it has used an obscure federal act to prosecute leakers. It continued the punishing treatment of a National Security Agency whistleblower, Thomas Drake (dismaying new details have emerged recently in book excerpts by John Crane, a former Pentagon investigator), and threatened to send the New York Times investigative reporter James Risen to jail for his good-faith insistence on protecting his confidential source. > > Promising transparency and criticizing ignorance, but delivering secrecy and opacity? That doesn?t serve the public or the democracy. And that?s deeply uncool. > From rforno at infowarrior.org Thu May 26 15:37:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2016 16:37:03 -0400 Subject: [Infowarrior] - Google victory over Oracle in Android copyright case Message-ID: <8D9D8DCB-55D2-4A6D-AE1E-5454CA7B4787@infowarrior.org> Jury sides with Alphabet's Google in copyright lawsuit against Oracle CNBC http://www.cnbc.com/2016/05/26/jury-rules-for-google-on-fair-use-in-oracle-fight.html A U.S. jury handed Alphabet's Google a major victory on Thursday in a long-running copyright lawsuit against Oracle, saying the law allowed Google's use of Oracle's software to create its Android smartphone operating system. Shares of Oracle were down about 1 percent after hours. Alphabet stock was up slightly after the announcement. The jury unanimously upheld claims by Google that its use of Oracle's Java development platform was protected under the fair-use provision of copyright law, bringing trial to a close without Oracle winning any damages. After the ruling, Dorian Daley, general counsel for Oracle said that "We strongly believe that Google developed Android by illegally copying core Java technology to rush into the mobile device market." "Oracle brought this lawsuit to put a stop to Google's illegal behavior. We believe there are numerous grounds for appeal and we plan to bring this case back to the Federal Circuit on appeal," Daley said. On the heels of the announcement, Google said: "Today's verdict that Android makes fair use of Java APIs represents a win for the Android ecosystem, for the Java programming community, and for software developers who rely on open and free programming languages to build innovative consumer products." In a retrial at U.S. District Court in San Francisco, Oracle claimed Google's Android operating system violated its copyright on parts of Java, a development platform. Alphabet's Google unit said it should be able to use Java without paying a fee under fair use. A trial in 2012 ended in a deadlocked jury. The trial was closely watched by software developers, who feared an Oracle victory could spur more software copyright lawsuits. However, investors saw little risk for Google. ? CNBC.com contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 27 06:49:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2016 07:49:58 -0400 Subject: [Infowarrior] - James Comey's latest digital wet dream Message-ID: Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records Jenna McLaughlin May 26 2016, 3:31 p.m. https://theintercept.com/2016/05/26/secret-text-in-senate-bill-would-give-fbi-warrantless-access-to-email-records/ A provision snuck into the still-secret text of the Senate?s annual intelligence authorization would give the FBI the ability to demand individuals? email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy. If passed, the change would expand the reach of the FBI?s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs ? most commonly, information about the name, address, and call data associated with a phone number or details about a bank account. Since a 2008 Justice Department legal opinion, the FBI has not been allowed to use NSLs to demand ?electronic communication transactional records,? such as email subject lines and other metadata, or URLs visited. The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill?s provisions ?would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.? Wyden did not disclose exactly what the provision would allow, but his spokesperson suggested it might go beyond email records to things like web-surfing histories and other information about online behavior. ?Senator Wyden is concerned it could be read that way,? Keith Chu said. It?s unclear how or when the provision was added, although Sens. Richard Burr, R-N.C., ? the committee?s chairman ? and Tom Cotton, R-Ark., have both offered bills in the past that would address what the FBI calls a gap and privacy advocates consider a serious threat to civil liberties. ?At this point, it should go without saying that the information the FBI wants to include in the statue is extremely revealing ? URLs, for example, may reveal the content of a website that users have visited, their location, and so on,? Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote in an email to The Intercept. ?And it?s particularly sneaky because this bill is debated behind closed doors,? Robyn Greene, policy counsel at the Open Technology Institute, said in an interview. In February, FBI Director James Comey testified during a Senate Intelligence Committee hearing on worldwide threats that the FBI?s inability to get email records with NSLs was a ?typo? ? and that fixing it was one of the FBI?s top legislative priorities. Greene warned at the time: ?Unless we push back against Comey now, before you know it, the long slow push for an [electronic communication transactional records] fix may just be unstoppable.? The FBI used to think that it was, in fact, allowed to get email records with NSLs, and did so routinely until the Justice Department under George W. Bush told the bureau that it had interpreted its powers overly broadly. Ever since, the FBI has tried to get that power and has been rejected, including during negotiations over the USA Freedom Act. The FBI?s power to issue NSLs is actually derived from the Electronic Communications Privacy Act ? a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications ? not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week. Sen. John Cornyn, R-Texas, is expected to offer an amendment that would mirror the provision in the intelligence bill. Privacy advocates warn that adding it to the broadly supported reform effort would backfire. ?If [the provision] is added to ECPA, it?ll kill the bill,? Gabe Rottman, deputy director of the Center for Democracy and Technology?s freedom, security, and technology project, wrote in an email to The Intercept. ?If it passes independently, it?ll create a gaping loophole. Either way, it?s a big problem and a massive expansion of government surveillance authority.? NSLs have a particularly controversial history. In 2008, Justice Department Inspector General Glenn Fine blasted the FBI for using NSLs supported by weak evidence and documentation to collect information on Americans, some of which ?implicated the target?s First Amendment rights.? ?NSLs have a sordid history. They?ve been abused in a number of ways, including ? targeting of journalists and ? use to collect an essentially unbounded amount of information,? Crocker wrote. One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters? existence to anyone, much less the public. Update: May 26, 2016 This story has been updated to provide a comment from Wyden?s office. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 27 08:54:17 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2016 09:54:17 -0400 Subject: [Infowarrior] - Push for encryption law falters despite Apple case spotlight Message-ID: <34F3FF7A-8DC4-4AFD-8C81-3E2DB2C6A35D@infowarrior.org> (Nice, but I'm waiting for the other shoe to drop .... most likely behind closed doors, such as via the intel committees. --rick) Push for encryption law falters despite Apple case spotlight By Dustin Volz, Mark Hosenball and Joseph Menn http://www.reuters.com/article/us-usa-encryption-legislation-idUSKCN0YI0EM WASHINGTON/ SAN FRANCISCO After a rampage that left 14 people dead in San Bernardino, key U.S. lawmakers pledged to seek a law requiring technology companies to give law enforcement agencies a "back door" to encrypted communications and electronic devices, such as the iPhone used by one of the shooters. Now, only months later, much of the support is gone, and the push for legislation dead, according to sources in congressional offices, the administration and the tech sector. Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said. Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone, according to Congressional and Obama Administration officials and outside observers. "They've dropped anchor and taken down the sail," former NSA and CIA director Michael Hayden said. For years, the Justice Department lobbied unsuccessfully for a way to unmask suspects who "go dark," or evade detection through coded communications in locked devices. When the Federal Bureau of Investigation took Apple to court in February to try to open the iPhone in its investigation of the San Bernardino slayings, the cause gained traction in Washington. The political landscape had shifted - or so it seemed. The short life of the push for legislation illustrates the intractable nature of the debate over digital surveillance and encryption, which has been raging in one form or another since the 1990s. Tech companies, backed by civil liberties groups, insist that building law enforcement access into phones and other devices would undermine security for everyone-including the U.S. government itself. Law enforcement agencies maintain they need a way to monitor phone calls, emails and text messages, along with access to encrypted data. Polls show the public is split on whether the government should have access to all digital data. The legal battle between the FBI and Apple briefly united many around the idea that Congress - not the courts - should decide the issue. But the consensus was fleeting. Feinstein's Democratic colleagues on the Intelligence Committee - along with some key Republicans - backed away. The House never got on board. The CIA and NSA were ambivalent, according to several current and former intelligence officials, in part because officials in the agencies feared any new law would interfere with their own encryption efforts. Even supporters worried that if a bill were introduced but failed, it would give Apple and other tech companies another weapon to use in future court battles. Burr had said repeatedly that legislation was imminent. But last week, he and Feinstein told Reuters there was no timeline for the bill. Feinstein said she planned to talk to more tech stakeholders, and Burr said, ?be patient.? In the meantime, tech companies have accelerated encryption efforts in the wake of the Apple case. The court showdown ended with a whimper when the FBI said it had found a way to get into the phone, and subsequently conceded privately it had found nothing of value. THE FBI GOES TO BATTLE A week after the San Bernardino attack, Burr told Reuters passing encryption legislation was urgent because "if we don't, we will be reading about terrorist attacks on a more frequent basis." FBI Director James Comey told the Senate Intelligence Committee soon after that encryption was ?overwhelmingly affecting" the investigation of murders, drug trafficking and child pornography. A week later, the Justice Department persuaded a judge to issue a sweeping order demanding Apple write software to open an iPhone used by San Bernardino suspect Sayeed Farook, who died in a shootout with law enforcement. Apple fought back, arguing, among other things, that only Congressional legislation could authorize what the court was demanding. Many saw the Justice Department's move as a way to bring pressure on Congress to act. President Obama appeared to tacitly support Comey's court fight and the idea that there should be limits on criminal suspects' ability to hide behind encryption. But even as the drive for legislation seemed to be gaining momentum, consensus was dissipating. Senator Lindsey Graham, an influential Republican, withdrew support in a sudden about-face. ?I was all with you until I actually started getting briefed by the people in the intel community,? Graham told Attorney General Loretta Lynch during a hearing in March. ?I?m a person that?s been moved by the arguments of the precedent we set and the damage we may be doing to our own national security.? On the Democratic side, Senator Ron Wyden vowed to filibuster what he called a "dangerous proposal," that "would leave Americans more vulnerable to stalkers, identity thieves, foreign hackers and criminals." Senator Mark Warner advanced a competing bill to form a commission to study the issue. A half dozen people familiar with the White House deliberations said they were hamstrung by a long-standing split within the Obama Administration, pitting Comey and the DOJ against technology advisors and other agencies including the Commerce and State Departments.[L2N16C1UC] They also said there was reluctance to take on the tech industry in an election year. (Reporting by Dustin Volz and Mark Hosenball in Washington and Joseph Menn in San Francisco; Editing by Jonathan Weber and Lisa Girion) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 27 09:44:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2016 10:44:37 -0400 Subject: [Infowarrior] - Semi-OT: The man who seduced the 7th Fleet Message-ID: <6B1E385D-BCE4-41FD-B152-CB53F0E2C3B1@infowarrior.org> You can't make this stuff up. ---rick The man who seduced the 7th Fleet http://www.washingtonpost.com/sf/investigative/wp/2016/05/27/fat-leonard/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 27 13:07:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2016 14:07:25 -0400 Subject: [Infowarrior] - How Piracy Became a Cause Celebre in the World of Academics Message-ID: <7DAEB23A-4102-49D5-8EFA-8F4B841CAD8A@infowarrior.org> How Piracy Became a Cause Celebre in the World of Academics Written by Liam O'Donoghue In October 2008, two of the big names in academic publishing, Elsevier and Thieme, celebrated victory against an "international piracy scheme involving the unlawful copying, sale, and distribution of scientific journals.? In the defeated scheme, a Vietnamese entrepreneur had used throwaway email accounts to pose as a salesman. He contacted academics, offering discounted access to subscription journals. The unsuspecting marks made payment through fake websites that mimicked the publishers?, and received paper printouts of the journals in the mail. Now, another international piracy scheme commands the attention of Elsevier?but this one looks more like a Silicon Valley startup than a black market... < - > http://motherboard.vice.com/read/academic-piracy-elsevier-sci-hub -- It's better to burn out than fade away. From rforno at infowarrior.org Fri May 27 14:55:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2016 15:55:20 -0400 Subject: [Infowarrior] - Armed FBI agents raid home of researcher who found unsecured patient data Message-ID: <4867F30C-58DA-4F43-BCC3-3B0EC1B9F87B@infowarrior.org> Armed FBI agents raid home of researcher who found unsecured patient data Prosecutors allegedly say he exceeded authorization in viewing unsecured FTP server. by Dan Goodin - May 27, 2016 2:30pm EDT http://arstechnica.com/security/2016/05/armed-fbi-agents-raid-home-of-researcher-who-found-unsecured-patent-data/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sat May 28 10:11:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 May 2016 11:11:33 -0400 Subject: [Infowarrior] - NSA's Guide To The Internet Message-ID: NSA's Guide To The Internet https://www.techdirt.com/articles/20160527/13145434568/nsas-guide-to-internet-is-weirdest-thing-youll-read-today.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sat May 28 10:11:29 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 May 2016 11:11:29 -0400 Subject: [Infowarrior] - OpEd: The fantasy of cost-free conflict Message-ID: <29473390-82E6-407A-9ED1-8B1535798630@infowarrior.org> (Good article, and no, it's not all about Trump. --rick) Endless war: Trump and the fantasy of cost-free conflict As America marks Memorial Day, politicians should spare us the saber-rattling and reserve some space for silence by Ben Fountain http://www.theguardian.com/us-news/2016/may/28/donald-trump-endless-war-memorial-day -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 30 07:13:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 May 2016 08:13:11 -0400 Subject: [Infowarrior] - Someone's trying to gut America's strongest biometric privacy law Message-ID: <8E8BAF8B-9EE1-4695-9551-FDA8A674C3D8@infowarrior.org> Someone's trying to gut America's strongest biometric privacy law Russell Brandom http://www.theverge.com/2016/5/27/11794512/facial-recognition-law-illinois-facebook-google-snapchat For years, the Illinois Biometric Information Privacy Act has been a headache for any tech company working with facial recognition. It's a simple law, requiring a person's explicit consent before a company can make a biometric scan of their body. In the eight years since the law was first passed, those scans have become a central part of products like Google Photos, Snapchat filters, and Facebook's photo-tagging system. All three companies are currently facing lawsuits for allegedly violating the Illinois law, producing biometric face prints without notifying Illinois citizens. Now, Illinois' law is facing sudden and quiet changes that would dramatically reduce its power. Yesterday, Illinois State Senator Terry Link quietly proposed a revision to the biometrics act, attached to a long-delayed bill concerning unclaimed property procedures. Under Link's revisions, the bill would be limited to "data resulting from an in-person process whereby a part of the body is traversed by a detector or an electronic beam." That conveniently rules out scans from preexisting photography, and ? if the revisions become law ? would end all three lawsuits in a single stroke. "We believe that Facebook is a lobbyist that is a part of this." The property bill has been working its way through the legislature since February, and it's unclear why the biometric amendment was added now ? but the timing has led many observers to be suspicious. Today is the last full session before the legislature goes into recess for Memorial Day, and many legislators may already be understaffed as a result. It's the ideal time to rush through legislation. Many of the plaintiffs suspect Google or Facebook to be behind the last-minute proposal to change the law. "We believe that Facebook is a lobbyist that is a part of this," said Chris Dore, an Edelson partner who is working on the lawsuit against Facebook's photo-tagging system. "The changes that have been proposed certainly mirror the arguments that have been made in our case." Facebook's most recent motion to dismiss confirms this impression, devoting an entire section to the argument that the Illinois law does not apply to information derived from photographs. In a statement to The Verge, Facebook applauded the amendment, pointing out that State Senator Link originally introduced the Biometric Information Privacy Act in 2008. "We appreciate Sen. Link?s effort to clarify the scope of the law he authored," a Facebook representative said. Google did not respond to a request for comment. The proposed separation between photographs and biometric scans is increasingly out of sync with modern technology. Fingerprints and iris prints can both be extracted from sufficiently high-resolution photographs. In recent years, that technology has led to a rise in contactless fingerprint scanners, some of which read prints through the embedded camera in a mobile phone. It's unclear if those systems would count as a "detector or an electronic beam" under the proposed language. The bill still has a number of hurdles to clear within the legislature, and it may well fall short of becoming law. Still, the last-minute proposal has raised real concerns about companies' level of influence in state-level legislatures. "Companies have come in and said, we don?t actually want to have to follow this law, so we?re going to change it," says Dore. 9:41AM ET: Updated with Facebook comment. For years, the Illinois Biometric Information Privacy Act has been a headache for any tech company working with facial recognition. It's a simple law, requiring a person's explicit consent before a company can make a biometric scan of their body. In the eight years since the law was first passed, those scans have become a central part of products like Google Photos, Snapchat filters, and Facebook's photo-tagging system. All three companies are currently facing lawsuits for allegedly violating the Illinois law, producing biometric face prints without notifying Illinois citizens. Now, Illinois' law is facing sudden and quiet changes that would dramatically reduce its power. Yesterday, Illinois State Senator Terry Link quietly proposed a revision to the biometrics act, attached to a long-delayed bill concerning unclaimed property procedures. Under Link's revisions, the bill would be limited to "data resulting from an in-person process whereby a part of the body is traversed by a detector or an electronic beam." That conveniently rules out scans from preexisting photography, and ? if the revisions become law ? would end all three lawsuits in a single stroke. "We believe that Facebook is a lobbyist that is a part of this." The property bill has been working its way through the legislature since February, and it's unclear why the biometric amendment was added now ? but the timing has led many observers to be suspicious. Today is the last full session before the legislature goes into recess for Memorial Day, and many legislators may already be understaffed as a result. It's the ideal time to rush through legislation. Many of the plaintiffs suspect Google or Facebook to be behind the last-minute proposal to change the law. "We believe that Facebook is a lobbyist that is a part of this," said Chris Dore, an Edelson partner who is working on the lawsuit against Facebook's photo-tagging system. "The changes that have been proposed certainly mirror the arguments that have been made in our case." Facebook's most recent motion to dismiss confirms this impression, devoting an entire section to the argument that the Illinois law does not apply to information derived from photographs. In a statement to The Verge, Facebook applauded the amendment, pointing out that State Senator Link originally introduced the Biometric Information Privacy Act in 2008. "We appreciate Sen. Link?s effort to clarify the scope of the law he authored," a Facebook representative said. Google did not respond to a request for comment. The proposed separation between photographs and biometric scans is increasingly out of sync with modern technology. Fingerprints and iris prints can both be extracted from sufficiently high-resolution photographs. In recent years, that technology has led to a rise in contactless fingerprint scanners, some of which read prints through the embedded camera in a mobile phone. It's unclear if those systems would count as a "detector or an electronic beam" under the proposed language. The bill still has a number of hurdles to clear within the legislature, and it may well fall short of becoming law. Still, the last-minute proposal has raised real concerns about companies' level of influence in state-level legislatures. "Companies have come in and said, we don?t actually want to have to follow this law, so we?re going to change it," says Dore. 9:41AM ET: Updated with Facebook comment. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon May 30 13:53:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 May 2016 14:53:37 -0400 Subject: [Infowarrior] - Eric Holder now says Edward Snowden performed 'public service' Message-ID: Eric Holder now says Edward Snowden performed 'public service' - CNNPolitics.com http://www.cnn.com/2016/05/30/politics/axe-files-axelrod-eric-holder/index.html The Axe Files, featuring David Axelrod, is a podcast distributed by CNN and produced at the University of Chicago Institute of Politics. The author works at the institute. Chicago (CNN)Former U.S. Attorney General Eric Holder says Edward Snowdenperformed a "public service" by triggering a debate over surveillance techniques, but still must pay a penalty for illegally leaking a trove of classified intelligence documents. "We can certainly argue about the way in which Snowden did what he did, but I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made," Holder told David Axelrod on "The Axe Files," a podcast produced by CNN and the University of Chicago Institute of Politics. "Now I would say that doing what he did -- and the way he did it -- was inappropriate and illegal," Holder added. Holder said Snowden jeopardized America's security interests by leaking classified information while working as a contractor for the National Security Agency in 2013. "He harmed American interests," said Holder, who was at the helm of the Justice Department when Snowden leaked U.S. surveillance secrets. "I know there are ways in which certain of our agents were put at risk, relationships with other countries were harmed, our ability to keep the American people safe was compromised. There were all kinds of re-dos that had to be put in place as a result of what he did, and while those things were being done we were blind in certain really critical areas. So what he did was not without consequence." Snowden, who has spent the last few years in exile in Russia, should return to the U.S. to deal with the consequences, Holder noted. "I think that he's got to make a decision. He's broken the law in my view. He needs to get lawyers, come on back, and decide, see what he wants to do: Go to trial, try to cut a deal. I think there has to be a consequence for what he has done." "But," Holder emphasized, "I think in deciding what an appropriate sentence should be, I think a judge could take into account the usefulness of having had that national debate." At a University of Chicago Institute of Politics event earlier this month, Snowden -- appearing via videoconference from Russia -- said he would return to the U.S. if he could receive a fair trial. "I've already said from the very first moment that if the government was willing to provide a fair trial, if I had access to public interest defenses and other things like that, I would want to come home and make my case to the jury," Snowden told University of Chicago Law Prof. Geoffrey Stone. "But, as I think you're quite familiar, the Espionage Act does not permit a public interest defense. You're not allowed to speak the word 'whistleblower' at trial." During the hour-long conversation with Axelrod, Holder -- the country's first African-American attorney general -- also accused presumptive Republican nomineeDonald Trump of playing the race card in his campaign. "I don't think there's any question about that," Holder told Axelrod. "The fact that he questioned the legitimacy of President Obama by questioning where he was born, what he's said about Mexicans...I think there's a race-based component to his campaign. I think he appeals too often to the worst side of us as Americans." To hear the whole conversation with Holder, which also touched on his childhood in New York City, his tenure at the Justice Department, and more, click on http://podcast.cnn.com. To get "The Axe Files" podcast every week, subscribe at http://itunes.com/theaxefiles. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 31 07:03:41 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2016 08:03:41 -0400 Subject: [Infowarrior] - =?utf-8?q?10_Years_Ago_Hollywood_Awoke_The_Pirate?= =?utf-8?b?IEJheSDigJhCZWFzdOKAmQ==?= Message-ID: 10 Years Ago Hollywood Awoke The Pirate Bay ?Beast? ? By Ernesto ? on May 31, 2016 https://torrentfreak.com/10-years-ago-hollywood-awoke-the-pirate-bay-beast-160531/ Ten years ago today The Pirate Bay was raided by the Swedish police. While the entertainment industries hoped that this would shut the site down once and for all, they inadvertently helped to create one of the most resilient websites on the Internet. Most of the site?s current users are probably unaware that without a few essential keystrokes in the site?s early years, The Pirate Bay may have not been here today. May 31, 2006, less than three years after The Pirate Bay was founded, 65 Swedish police officers entered a datacenter in Stockholm. The policemen had instructions to shut down the Pirate Bay?s servers, which were already seen as a major threat to the entertainment industry. At the time The Pirate Bay wasn?t the giant it is today though. And ironically, the raid only made the site bigger, stronger and more resilient. While the police were about to enter the datacenter, Pirate Bay founders Gottfrid and Fredrik got wind that something was up. In the months before the raid they were already being watched by private investigators day and night, but this time something was about to happen to their trackers. At around 10am in the morning Gottfrid told Fredrik that there were police officers at their office, and asked him to get down to the co-location facility and get rid of the ?incriminating evidence,? although none of it, whatever it was, was related to The Pirate Bay. As Fredrik was leaving, he suddenly realized that the problems might be linked to their tracker. He therefore decided to make a full backup of the site, just in case. When he later arrived at the co-location facility the concerns turned out to be justified. There were dozens of policemen floating around taking away dozens of servers, most of which belonged to clients unrelated to The Pirate Bay. Footage from The Pirate Bay raid In the days that followed it became clear that Fredrik?s decision to start a backup of the site was probably the most pivotal moment in the site?s history. Because of this backup Fredrik and the rest of the Pirate Bay team managed to resurrect the site within three days. Of course, the entire situation was handled with the mockery TPB had become known for. Unimpressed, the site?s operators renamed the site ?The Police Bay? complete with a new logo shooting cannon balls at Hollywood. A few days later this logo was replaced by a Phoenix, a reference to the site rising from its digital ashes. Instead of shutting it down the raid brought the site into the mainstream press, not least due to its swift resurrection. All the publicity also triggered a huge traffic spike for TPB, exactly the opposite effect Hollywood had hoped for. Despite a criminal investigation leading to convictions for the site?s founders, The Pirate Bay kept growing and growing in the years that followed. The site?s assets, meanwhile, were reportedly transferred to the Seychelles-based company Reservella. Under new ownership several major technical changes occurred. In the fall of 2009 the infamous BitTorrent tracker was taken offline, turning The Pirate Bay into a torrent indexing site. Early 2012 The Pirate Bay went even further when it decided to cease offering torrent files for well-seeded content. The site?s operators moved to magnet links instead, allowing them to save resources while making it easier for third-party sites to run proxies. These proxies turned out to be much-needed, as The Pirate Bay is now the most broadly censored website on the Internet. In recent years ISPs all around the world have been ordered by courts to block subscriber access to the torrent site. While TPB swiftly recovered from the ?original? raid, it did suffer nearly two months of downtime late 2014 when another raid took place. Initially it was believed that some of the site?s crucial servers were taken by the police, but the TPB team later said that it was barely hit and that they took the site offline as a precaution. While the first raid make The Pirate Bay stronger, the two-month stint of downtime was a big hit. While the site still has millions of visitors per day, it is no longer the most dominant player, and is still suffering from regular outages. That said, The Pirate Bay is expected to live on and on. To celebrate its turbulent past the site?s operators declared May 31 to be Pirate Independence Day a few years ago. ?Let today be the pirates? Independence Day! Today we celebrate the victories we?ve had and the victories that will come. Today we celebrate that we?re united in our efforts. Keep on seeding!? the TPB team said at the time. But remember, if there hadn?t been a recent backup back in 2006, things may have turned out quite differently. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 31 07:03:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2016 08:03:50 -0400 Subject: [Infowarrior] - Thai Internet laws a time-bomb Message-ID: Internet laws a time-bomb Bangkok Post Editorial ? Published: 30/05/2016 at 04:20 AM ? Writer: Editorial http://m.bangkokpost.com/opinion/993937 The military regime continues to create deeper digital confusion. It refuses to jettison its campaign for a single internet gateway that would out-firewall the "great firewall of China". Now it seeks official authorisation to legally and secretly intercept all internet traffic. This amendment to the military's poorly conceived Computer Crime Act (CCA) is sailing through the appointed National Legislative Assembly (NLA). The revelation about this bill is a huge disappointment, and not just to those who are intensely focused on civil rights. The proposed changes to the CCA are important on several levels: they will authorise any state security agency to gather details like the login and password of every citizen who does online banking. It will allow them to intercept the business dealings of every company with an online presence, even their in-house emails. The planned amendments, slated to become law next month, do not stop there. They specifically require ISPs to allow the state security apparatus full access to the internet traffic of their clients. Further, the ISPs will be gagged, with heavy penalties for any who blow the whistle on the state's prying. Even if an ISP knows that state officials are intercepting highly personal details, such as online ATM transactions or business secrets, they are forbidden from revealing this rights abuse. All of this -- and much more -- was dug up and publicised last week by the Thai Netizen Network. This NGO was also instrumental in exposing plans to reduce international internet traffic to a single gateway, for easier state monitoring. The network explained this major security change was part of a plan contained within the CCA amendments to authorise "man in the middle" attacks. This would completely break the internet's encrypted web traffic, noted within browsers by the prefix "https". This is the only step that makes online banking secure. In its secret documents unearthed by the network, it is clear the military government wants to break "https" encryption to get inside anti-monarchy websites. Even by itself, this is a highly questionable misuse of authority. But the much greater danger is that the state, and corrupt state agencies, will misuse and abuse their authority for wider and far more sinister purposes beyond even outright theft and blackmail. The reality of this potential threat is horrendous. It continues the debasement of the desired and so-far actual image of Thailand. The government is boosting its so-called "Thailand 4.0" policy of support for digital development. Good and expanding internet access is a key. But so is confidence. If the NLA passes these Computer Security Act amendments into law next month, the country's reputation will have only one way to go. As with the single-gateway policy, currently tabled and lurking ominously in the background, Thailand will take a massive hit from these proposed "wiretap" provisions. Businesses will have no confidence that their online transactions -- even email -- are confidential. Every person who does online banking -- a rapidly growing number -- will labour under the suspicion that their accounts are not only insecure, but may even be tampered with. The NLA may be military-appointed, but it is sworn to work in the national interest. Its members must knock back these computer-security bills. It is time for the public to be informed of just what is in and behind these laws. The military's original Computer Crime Act of 2007 was a mess, but with proper work under the public spotlight, the NLA can repair the damage and promote real computer security. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 31 10:45:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2016 11:45:21 -0400 Subject: [Infowarrior] - Split appeals court allows warrantless cell-site tracking Message-ID: <2DDC7C31-23C0-4F3D-B041-4A131BB817E8@infowarrior.org> Split appeals court allows warrantless cell-site tracking By Josh Gerstein 05/31/16 10:57 AM EDT http://www.politico.com/blogs/under-the-radar/2016/05/warrantless-cell-site-tracking-ruling-223728 A federal appeals court ruled Tuesday that law enforcement does not need a search warrant before obtaining "cell site" information on the location of a suspect's mobile phone. The full bench of the 4th U.S. Circuit Court of Appeals voted, 12-3, that investigators can get the information under the legal theory that it has been disclosed to third parties ? in such instances, telephone companies. "The Supreme Court may in the future limit, or even eliminate, the third-party doctrine. Congress may act to require a warrant for CSLI [cell site location information.] But without a change in controlling law, we cannot conclude that the Government violated the Fourth Amendment in this case," Judge Diana Motz wrote in the court's majority opinion. Motz rejected claims from two defendants in an armed robbery case that the prosecution violated their rights by getting the cell data with a court order that does not require the level of proof needed for a search warrant: probable cause. "Defendants? preferred holding lacks support from all relevant authority and would place us in conflict with the Supreme Court and every other federal appellate court to consider the question," she wrote. In an opinion amounting to a dissent, Judge James Wynn said cell-site data was different from data in earlier cases because there was little indication that it had been "voluntarily conveyed" to the phone company. "There is no reason to think that a cell phone user is aware of his CSLI, or that he is conveying it. He does not write it down on a piece of paper, like the dollar amount on a deposit slip, or enter it into a device, as he does a phone number before placing a call. Nor does CSLI subsequently appear on a cell phone customer?s statement," Wynn wrote in an opinion joined by Judges Henry Floyd and Stephanie Thacker. Wynn also noted that while phone users usually know what number they're calling, they may be unaware of what cell-site they're using. "Even if cell phone customers have a vague awareness that their location affects the number of 'bars? on their phone...they surely do not know which cell phone tower their call will be routed through, a fact even the government concedes," Wynn wrote, rejecting the majority's view that individuals don't have privacy interests in knowledge they don't possess. "I suppose we can also expect no privacy in data transmitted by networked devices such as the 'Fitbit' bracelet, which 'can track the steps you take in a day, calories burned, and minutes asleep'; the 'Scanadu Scout,' which can 'measure your temperature, heart rate, and hemoglobin levels'; or the 'Mimo Baby Monitor "onesie" shirt,' which can 'monitor your baby's sleep habits, temperature, and breathing patterns,'" the judge added. The defendants could seek review of the 4th Circuit decision in the Supreme Court. However, without a split in the circuits on the issue, the justices may be unwilling to take it up. Josh Gerstein is a senior reporter for POLITICO. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 31 17:32:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2016 18:32:56 -0400 Subject: [Infowarrior] - MPAA Lobbyist / SOPA Sponsor to Draft Democratic Party Platform Message-ID: <01115D09-FE14-4500-BA4C-E54CC565384D@infowarrior.org> MPAA Lobbyist / SOPA Sponsor to Draft Democratic Party Platform - TorrentFreak By Andy https://torrentfreak.com/mpaa-lobbyist-sopa-sponsor-to-draft-democratic-party-platform-160531 The Democratic Party has appointed a committee tasked with drafting the party?s platform. The 15-member panel includes MPAA lobbyist Howard L Berman, an attorney and former U.S. Representative who not only co-sponsored SOPA and tried to enshrine P2P network sabotage in law, but has also been funded by Hollywood throughout his career. Last week Hillary Clinton, Bernie Sanders and Democratic National Committee Chair Rep. Debbie Wasserman Schultz chose a panel of individuals to draft the party?s platform. As previously reported, 15 were selected, with six chosen by Clinton, five chosen by Bernie Sanders and four chosen by Wasserman Schultz. While other publications will certainly pick over the bones of the rest of the committee, one in particular stands out as interesting to TF readers. Howard L Berman is an attorney and former U.S. Representative. He?s employed at Covington & Burling as a lobbyist and represents the MPAA on matters including ?Intellectual property issues in trade agreements, bilateral investment treaties, copyright, and related legislation.? It will come as no surprise then that the major studios have been donors throughout Berman?s political career. As shown in the image below, the top five contributors are all major movie companies. Born in 1941, Berman?s work with the film industry earned him the nickname ?the congressman from Hollywood? and over the years he?s been at the root of some of the most heated debates over the protection of intellectual property. In 2007 and as later confirmed by Wikileaks, Berman was one of the main proponents of ACTA, the Anti-Counterfeiting Trade Agreement. Just five short years later Berman was at the heart of perhaps the biggest copyright controversy the world has ever seen when he became a co-sponsor of the Stop Online Piracy Act (SOPA). ?The theft of American Intellectual Property not only robs those in the creative chain of adequate compensation, but it also stunts potential for economic growth, cheats our communities out of good paying jobs, and threatens future American innovation,? Berman said in the run-up to SOPA. While these kinds of soundbites are somewhat common, it?s interesting to note that Berman showed particular aggression towards Google during hearings focusing on SOPA. On November 16, 2011, Berman challenged the search giant over its indexing of The Pirate Bay. Insisting that there ?is no contradiction between intellectual property rights protection and enforcement ensuring freedom of expression on the Internet,? Berman said that Google?s refusal to delist the entire site was unacceptable. ?All right. Well, explain to me this one,? Berman demanded of Google policy counsel Katherine Oyama. ?The Pirate Bay is a notorious pirate site, a fact that its founders proudly proclaim in the name of the site itself. In fact, the site?s operators have been criminally convicted in Europe. And yet?..U.S.-Google continues to send U.S. consumers to the site by linking to the site in your search results. Why does Google refuse to de-index the site in your search results?? he said. Oyama tried to answer, noting that Google invests tens of millions of dollars into the problem. ?We have hundreds of people around the world that work on it,? she said. ?When it comes to copyright?.? Berman didn?t allow her to finish, repeating his question about delisting the whole site, again and again. Before Berman?s time ran out, Oyama was interrupted several more times while trying to explain that the DMCA requires takedowns of specific links, not entire domains. Instead, Berman suggested that Oyama should ?infuse herself? with the notion that Google wanted to stop ?digital theft.? ?[T]he DMCA is not doing the job. That is so obvious,? he said. ?[Y]ou cannot look at what is going on since the passage of the DMCA and say Congress got it just right. Maintain the status quo.? These arguments continue today in the ?takedown, staydown? debate surrounding the ongoing review of the DMCA, with Hollywood lining up on one side and Google being held responsible for the actions of others on the other. But simply complaining about the DMCA is a little moderate for Berman. Almost one and a half decades ago in the wake of Napster and before the rise of BitTorrent, Berman had a dream of dealing with peer-to-peer file-sharing by force. In 2002 he proposed the Peer To Peer Piracy Prevention Act, which would have allowed copyright holders to take extraordinary technical measures against file-sharers in order to stop the unauthorized distribution of their content. H.R.5211 sought to amend Federal copyright law to protect a copyright owner from liability in any criminal or civil action ?for impairing, with appropriate technology, the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network.? The bill didn?t deal in specifics, but ?impairing? was widely believed to be a euphemism for DDoS and poisoning attacks on individual file-sharers in order to make sharing impossible from their computers. At the time ?shared-folder? type sharing apps were still popular so bombarding networks with fake and badly named files would also have been fair game, although distributing viruses and malware were not on the table. Eventually, however, the bill died. Berman, on the other hand, appears to be very much alive and will be soon helping to draft the Democratic Party platform. On past experience his input might not be too difficult to spot. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue May 31 18:54:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2016 19:54:37 -0400 Subject: [Infowarrior] - Fwd: All your disk image are belong to us, says appeals court References: <7f14c371-1467-4218-256f-2f5fd1da268b@inetassoc.com> Message-ID: <0FD430D3-A3F3-4724-AF60-52E2DE92A4E2@infowarrior.org> > Begin forwarded message: > > From: Duane > > http://arstechnica.com/tech-policy/2016/05/feds-can-keep-your-hard-drives-indefinitely-and-search-them-too/ > > All your disk image are belong to us, says appeals court > Court says your files are ripe for seizure?Fourth Amendment doesn't apply. > by David Kravets - May 31, 2016 10:36am EDT > > The government can prosecute and imprison people for crimes based on evidence obtained from their computers?even evidence retained for years that was outside the scope of an original probable-cause search warrant, a US federal appeals court has said in a 100-page opinion paired with a blistering dissent. > > The 2nd US Circuit Court of Appeals ruled (http://www.ca2.uscourts.gov/decisions/isysquery/d1aa55fc-fb04-4abd-a9c6-f19955449fc9/1/doc/12-240petcomb_opn.pdf#xml=http://www.ca2.uscourts.gov/decisions/isysquery/d1aa55fc-fb04-4abd-a9c6-f19955449fc9/1/hilite/) that there was no constitutional violation because the authorities acted in good faith when they initially obtained a search warrant, held on to the files for years, and built a case unrelated to the original search. > > The case posed a vexing question?how long may the authorities keep somebody's computer files that were obtained during a search but were not germane to that search? The convicted accountant said that only the computer files pertaining to his client?who was being investigated as part of an Army overbilling scandal?should have been retained by the government during a 2003 search. All of his personal files, which eventually led to his own tax-evasion conviction, should have been purged, he argued. > > But the appeals court said the authorities' behavior was acceptable and didn't reach the constitutional question of whether the Fourth Amendment rights were breached for accountant Stavros Ganias, who was sentenced to two years in prison. That's because three years after the original search of the accountant's files in connection to the Army scandal, Connecticut authorities got another search warrant for Ganias' own tax files that were already in the government's possession, the appeals court ruled in a 12-1 decision Friday written by Judges Debra Ann Livingston and Gerard Lynch. Ganias had subsequently deleted those files from his hard drives after the government had imaged them, according to court records: > > >>> > Defendant-Appellant Stavros Ganias appeals from a judgment of the United States District Court for the District of Connecticut (Thompson, J.) convicting him, after a jury trial, of two counts of tax evasion in violation of 26 U.S.C. ? 7201. He challenges his conviction on the ground that the Government violated his Fourth Amendment rights when, after lawfully copying three of his hard drives for off-site review pursuant to a 2003 search warrant, it retained these full forensic copies (or ?mirrors?), which included data both responsive and non-responsive to the 2003 warrant, while its investigation continued, and ultimately searched the non-responsive data pursuant to a second warrant in 2006. Ganias contends that the Government had successfully sorted the data on the mirrors responsive to the 2003 warrant from the non-responsive data by January 2005, and that the retention of the mirrors thereafter (and, by extension, the 2006 search, which would not have been possible but for that retention) violated the Fourth Amendment. He argues that evidence obtained in executing the 2006 search warrant should therefore have been suppressed. > > We conclude that the Government relied in good faith on the 2006 warrant, and that this reliance was objectively reasonable. Accordingly, we need not decide whether retention of the forensic mirrors violated the Fourth Amendment, and we AFFIRM the judgment of the district court. > <<<< > > The case is clearly nuanced, but it has huge ramifications for the public because many people keep all of their papers and effects co-mingled on their hard drives. > > In his 40-page dissent, Judge Denny Chin blasted the majority opinion and said the authorities wrongly seized files from Ganias that were unrelated to the Army overbilling investigation. "The government did precisely what the Fourth Amendment forbids: it entered Ganias' premises with a warrant to seize certain papers and indiscriminately seized?and retained?all papers instead," Chin wrote. > > This is not the first time the appeals court entertained the case. Last year, the court sided (http://www.gpo.gov/fdsys/pkg/USCOURTS-ca2-12-00240/pdf/USCOURTS-ca2-12-00240-0.pdf) with Ganias in a 2-1 ruling. But the government asked for the full appeals court to rehear the case en banc, and the court agreed to do so with all 13 judges. The court's original ruling for Ganias said investigators had a right to image Ganias' three hard drives at the center of the Army overbilling dispute. But the majority concluded that the law did not allow "officials executing a warrant for the seizure of particular data on a computer to seize and indefinitely retain every file on a computer for use in future criminal proceedings." > > Ganias' lawyer, Stanley Twardy, urged the government to set aside his client's conviction. > > "The seizure and two-and-a-half year retention of every file on Ganias' computers violated the Fourth Amendment," Twardy wrote (http://cdn.arstechnica.net/wp-content/uploads/2015/09/twardy.pdf). He told the New York-based appeals court that "at a minimum the Fourth Amendment requires prompt completion of an off-site review and return of files outside the warrant's scope." > > The government countered, "Consistent with the Fourth Amendment, the government may obtain a search warrant for nearly any person, place, or thing if the government establishes probable cause for the search and did not engage in an illegal seizure of the item to be searched," Assistant US Attorney Sandra Glover wrote in the government's filing (http://cdn.arstechnica.net/wp-content/uploads/2015/09/fedsganiasbrief.pdf). >