From rforno at infowarrior.org Fri Oct 7 15:52:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Oct 2016 20:52:48 -0000 Subject: [Infowarrior] - US blames Russia for hacking political sites Message-ID: <5B4A1323-00BA-4D61-8416-C69288A8DA8E@infowarrior.org> (x-posted) US blames Russia for hacking political sites By DEB RIECHMANN October 7, 2016 4:17 pm http://wtop.com/elections/2016/10/us-accuses-russia-of-hacking-political-sites/ WASHINGTON (AP) ? The U.S. on Friday blamed the Russian government for the hacking of political sites and accused Moscow of trying to interfere with the upcoming presidential election. Pressure has been mounting on the Obama administration to call out Russia for the hacking of U.S. political sites and email accounts. The hacking claim Friday was another setback in already strained U.S.-Russia relations. The White House declined to say whether the formal attribution would trigger sanctions against Russia. A senior Obama administration official said the U.S. would respond ?at a time and place of our choosing,? but any retaliation may not take place in the open. The official said the public won?t necessarily know what actions the U.S. has already taken or will take in the future against Russia in cyberspace. The official wasn?t authorized to comment by name and requested anonymity. Federal officials are investigating cyberattacks at the Democratic National Committee and the Democratic Congressional Campaign Committee. Election data systems in at least two states also have been breached. We believe, based on the scope and sensitivity of these efforts, that only Russia?s senior-most officials could have authorized these activities,? the Office of the Director of National Intelligence said in a joint statement with the Department of Homeland Security. The statement said recent disclosures of alleged hacked emails on websites like DCLeaks.com and WikiLeaks, and by the Guccifer 2.0 online persona, are consistent with the methods and motivations of efforts directed by Russia, which has denied involvement. ?These thefts and disclosures are intended to interfere with the U.S. election process,? the statement said. ?Such activity is not new to Moscow. The Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there.? A phone message and email left with the Embassy of the Russian Federation were not immediately returned Friday afternoon. California Rep. Adam Schiff, the ranking member of the House intelligence committee, applauded the administration?s decision to publicly name Russia as the source of the hacking. ?We should now work with our European allies who have been the victim of similar and even more malicious cyber interference by Russia to develop a concerted response that protects our institutions and deters further meddling,? Schiff said. Intelligence officials say some states have experienced scanning or probing of their election systems, which in most cases originated from servers operated by a Russian company. They stopped short, though, in attributing this activity to the Russian government. And administration officials say it would be difficult to alter the results of the election because of the decentralized nature of the American electoral process. ___ Associated Press writer Josh Lederman contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Oct 8 07:57:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Oct 2016 12:57:06 -0000 Subject: [Infowarrior] - Reuters: Yahoo email scanning done with a Linux kernel module Message-ID: <324EC6B1-FD3C-4E1B-B13C-2DE90DC1C960@infowarrior.org> Reuters: Yahoo email scanning done with a Linux kernel module https://www.engadget.com/2016/10/08/reuters-yahoo-email-scanning-done-using-a-linux-kernel-module/ In the ever evolving saga of Yahoo's email servers and who could peek into them, the latest nugget comes from a Reuters report that the scanning program operated at a deeper level than mail filters for porn or spam. Citing three former employees, it now says the scanning was done via a module attached to the Linux kernel itself. While the more technically-minded wondered why this method would've been employed at all, others like Senator Ron Wyden called for the government to release the FISA order apparently ordering the surveillance..... https://www.engadget.com/2016/10/08/reuters-yahoo-email-scanning-done-using-a-linux-kernel-module/ -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Oct 10 05:53:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Oct 2016 10:53:22 -0000 Subject: [Infowarrior] - =?utf-8?q?=E2=80=98Because_You=27d_Be_in_Jail?= =?utf-8?b?4oCZ?= Message-ID: That such a threat would be made during an American presidential debate .... beyond belief. I'm reminded of Sinclair Lewis' 1935 "It Can't Happen Here". ?Because You'd Be in Jail? By Will Wilkinson Comment 2016-10-09T22:51:32-04:00 10:51 PM ET http://www.nytimes.com/interactive/projects/cp/opinion/clinton-trump-second-debate-election-2016/because-youd-be-in-jail About 20 minutes into the debate, Donald Trump delivered a menacing threat to Hillary Clinton. ?If I win,? he warned, ?I?m going to instruct my attorney general to get a special prosecutor to look into your situation, because there?s never been so many lies, so much deception.? Mr. Trump?s promising on national television to use the power of the president?s office to prosecute his chief political rival, to her face, was chilling enough. But when Mrs. Clinton responded, Mr. Trump dropped the threat of an official investigation and any veneer of the rule of law. ?It?s just awfully good that someone with the temperament of Donald Trump is not in charge of the law in our country,? Mrs. Clinton observed. ?Because,? Mr. Trump replied ?you?d be in jail.? It?s hard to think of anything Mr. Trump could have said to more powerfully underscore the truth of Mrs. Clinton?s point. He said, in a widely watched televised presidential debate, that if he became president, he would put political opponents in cages. That?s dictator talk. But it?s not Mr. Trump?s open contempt for the norms of liberal democracy that made my blood run cold. It was the applause that came after. It is the fact that it?s no longer assured that you automatically lose a presidential debate in which you promise to jail your political rival. Will Wilkinson is the vice president for policy at the Niskanen Center and a columnist at Vox. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Oct 10 06:00:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Oct 2016 11:00:07 -0000 Subject: [Infowarrior] - Machine logic: our lives are ruled by big tech's 'decisions by data' Message-ID: (c/o DG) Machine logic: our lives are ruled by big tech's 'decisions by data' https://www.theguardian.com/technology/2016/oct/08/algorithms-big-tech-data-decisions -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 11 07:22:16 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Oct 2016 12:22:16 -0000 Subject: [Infowarrior] - Backdooring Diffie-Hellman Message-ID: <24E9A8A6-A237-4179-BCB0-274FC2EE1DE9@infowarrior.org> NSA could put undetectable ?trapdoors? in millions of crypto keys Technique allows attackers to passively decrypt Diffie-Hellman protected data. Dan Goodin - 10/11/2016, 7:30 AM http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 14 15:17:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2016 20:17:55 -0000 Subject: [Infowarrior] - Cyber Europe 2016 exercise Message-ID: <88EEBEE7-0FF1-4D5B-A7AC-79E5CF976F89@infowarrior.org> (c/o dg) Cyber Europe 2016: the pan-European exercise to protect EU Infrastructures against coordinated cyber-attack Safeguarding Europe?s Digital Market through cyber security Published on October 13, 2016 https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2016/ The European ICT Industry is one of the most advanced in the world. Making the EU's single market fit for the digital age could contribute ?415 billion per year to our economy and create hundreds of thousands of new jobs[1]. The pervasiveness of high-speed connectivity and the richness and quality of online services in the European Union are among the best globally. Such advantages have considerably increased the dependability of European citizens on ICT services. These two elements, quality of services and customer base, make this industry particularly appealing to global business. What if this important piece of the global economy becomes a target? Computer security attacks are increasingly used to perform industrial reconnaissance, lead disinformation campaigns, manipulate stock markets, leak sensitive information, tamper with customer data, sabotage critical infrastructures. In Cyber Europe 2016, Member State cybersecurity authorities and cybersecurity experts from the public and private sectors, are called to react to a series of unprecedented, coordinated cyber-attacks. This is a summary of the Cyber Europe 2016 scenario. Today marks the climax of this realistic scenario which thousands of experts from all 28 EU Member States, Switzerland and Norway are facing in Cyber Europe 2016 ? a flagship activity organised every two years by ENISA, the EU Agency for Network and Information Security. Cyber Europe 2016 (CE2016) is the largest and most comprehensive EU cyber-security exercise to date. This large-scale distributed technical and operational exercise started in April 2016, offering the opportunity for cybersecurity professionals across Europe to analyse complex, innovative and realistic cybersecurity incidents. On 13th and 14th of October ICT and IT security industry experts from more than 300 organisations, including but not limited to: national and governmental cybersecurity agencies, ministries, EU institutions as well as internet and cloud service providers and cybersecurity software and service providers will be called upon to mitigate the apex of this six-month long cyber crisis, to ensure business continuity and, ultimately, to safeguard the European Digital Single Market[2].Cyber Europe 2016 paints a very dark scenario, inspired by events such as the blackout in an European Country over Christmas period and the dependence on technologies manufactured outside the jurisdiction of the European Union. It also features the Internet of Things, drones, cloud computing, innovative exfiltration vectors, mobile malware, ransomware, etc. The exercise will focus on political and economic policies closely related to cybersecurity. This also takes into account new processes and cooperation mechanisms contained in the Network and Information Security (NIS) Directive. For the first time, a full scenario was developed with actors, media coverage, simulated companies and social media, bringing in the public affairs dimension associated with cyber crises, so as to increase realism to a level never seen before in cybersecurity exercises. The Cyber Europe motto is ?stronger together?. Cooperation at all levels is key to the successful mitigation of major, borderless cyber incidents. ENISA plays a key role in EU cyber preparedness The NIS Directive[3] is a major step forward the EU's abilities to deal with large cross border incidents that can lead to such crises. The CSIRT Network established by the Directive, along with work done so far for the EU Cyber Europe cycle, are key in providing decision makers with an overview of the situation and ultimately to respond to such complex threats. G?nther H. Oettinger, European Commissioner for the Digital Economy and Society said: ?In our connected societies, cyber-security concerns us all: we are only as strong as our weakest link. This is why our Directive on Network and Information Security promotes cooperation between EU Member States. With the help of our security agency ENISA, we are running ?Cyber Europe? exercises. ?Cyber Europe 2016? provides a unique opportunity for Member States, public and private partners to enhance cyber contingency plans and pan-European cooperation." Udo Helmbrecht, Executive Director of ENISA, said: ?The role of ENISA in assisting the EU Member States for cyber crises is essential, both by organising exercises and by bringing together key stakeholders. Six years have passed since our first cyber crisis simulation and in that time the maturity level and response capability on complex cyber issues has increased. We are better prepared than we were, but that does not mean we have done enough and the work must continue. Cyber-attacks are more sophisticated than before. Cybersecurity is not a state, it is a process.? ENISA, the European Commission and the Member States are investing in strengthening of an EU-wide cybersecurity crisis cooperation. The future of cyber crisis management in Europe - currently planned by the European Commission, concerns the drafting of a cyber crisis cooperation plan and the development of a cyber crisis management platform. ENISA?s exercises provide a unique opportunity to test new developments, prepare for the future and develop further the sense of cooperation in the EU. Next steps The outcomes of Cyber Europe 2016 will be analysed by ENISA and the Member States. Detailed lessons learned will be shared with the participants to the exercise in order to establish a list of actions to improve cybersecurity in Europe. It is expected that many of the findings of the exercise are useful for the implementation of the NIS Directive and the work of the CSIRT Network, and the European cyber cooperation platform. An after action report will be published with the main findings which will be made publically available early in 2017. Cyber Europe will follow up in 2018, while a number smaller scale exercises are planned in between. Notes to editors: Cyber Europe 2016 Exercise Q&A Audio-visual material for Cyber Europe 2016: Logo (ENISA Cyber Europe and Cyber Europe 2016) Cyber Europe 2016 video trailer and promo video Cyber Europe 2016 poster 1 (A4, web) Cyber Europe 2016 Exercise images Cyber Europe website Cyber Exercise Series After Action report Cyber Europe 2014 Cyber crisis cooperation For more information: Cyber Crisis Cooperation and Exercises Team, email: c3 at enisa.europa.eu For press and media interviews: please email press at enisa.europa.eu Tel. +30 2814 409 576 [1] https://ec.europa.eu/priorities/digital-single-market_en [2] https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/enisa2019s-role-in-the-european-digital-single-market-dsm [3] https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 14 15:17:57 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2016 20:17:57 -0000 Subject: [Infowarrior] - How the U.S. Government Can Make the Internet Safer Message-ID: How the U.S. Government Can Make the Internet Safer Bruce Schneier http://time.com/4525957/2016-election-internet-security/ Schneier is a security expert and the author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World On today?s Internet, too much power is concentrated in too few hands. In the early days of the Internet, individuals were empowered. Now governments and corporations hold the balance of power. If we are to leave a better Internet for the next generations, governments need to rebalance Internet power more towards the individual. This means several things. First, less surveillance. Surveillance has become the business model of the Internet, and an aspect that is appealing to governments worldwide. While computers make it easier to collect data, and networks to aggregate it, governments should do more to ensure that any surveillance is exceptional, transparent, regulated and targeted. It?s a tall order; governments such as that of the U.S. need to overcome their own mass-surveillance desires, and at the same time implement regulations to fetter the ability of Internet companies to do the same. Second, less censorship. The early days of the Internet were free of censorship, but no more. Many countries censor their Internet for a variety of political and moral reasons, and many large social-networking platforms do the same thing for business reasons. Turkey censors anti-government political speech; many countries censor pornography. Facebook has censored both nudity and videos of police brutality. Governments need to commit to the free-flow of information, and to make it harder for others to censor. Third, less propaganda. One of the side-effects of free speech is erroneous speech. This naturally corrects itself when everybody can speak, but an Internet with centralized power is one that invites propaganda. For example, both China and Russia actively use propagandists to influence public opinion on social media The more governments can do to counter propaganda in all forms, the better we all are. And fourth, less use control. Governments need to ensure that our Internet systems are open and not closed, that neither totalitarian governments nor large corporations can limit what we do on them. This includes limits on what apps you can run on your smartphone, or what you can do with the digital files you purchase or are collected by the digital devices you own. Controls inhibit innovation: technical, business, and social. Solutions require both corporate regulation and international cooperation. They require Internet governance to remain in the hands of the global community of engineers, companies, civil society groups, and Internet users. They require governments to be agile in the face of an ever-evolving Internet. And they?ll result in more power and control to the individual and less to powerful institutions. That?s how we built an Internet that enshrined the best of our societies, and that?s how we?ll keep it that way for future generations. Schneier is a security expert and the author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 14 15:38:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2016 20:38:32 -0000 Subject: [Infowarrior] - Freed From Gag Order, Google Reveals It Received Secret FBI Subpoena Message-ID: Freed From Gag Order, Google Reveals It Received Secret FBI Subpoena Jenna McLaughlin 2016-10-14T19:57:39+00:00 https://theintercept.com/2016/10/14/freed-from-gag-order-google-reveals-it-received-secret-fbi-subpoena/ Google revealed Wednesday it had been released from an FBI gag order that came with a secret demand for its customers? personal information. The FBI secret subpoena, known as a national security letter, does not require a court approval. Investigators simply need to clear a low internal bar demonstrating that the information is ?relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.? The national security letter issued to Google was mentioned without fanfare in Google?s latest bi-annual transparency report, which includes information on government requests for data the company received from around the world in the first half of 2016. Google received the secret subpoena in first half of 2015, according to the report. An accompanying blog post titled ?Building on Surveillance Reform,? also identified new countries that made requests ? Algeria, Belarus, and Saudi Arabia among them ? and reveals that Google saw an increase in requests made under the Foreign Intelligence Surveillance Act. Though the Department of Justice and FBI are required by law, following the passage of the USA Freedom Act, to ?periodically review? national security letters to determine if a gag order is still necessary ? lifting it either once an investigation has concluded or three years after it?s been put in place ? only a handful of the hundreds of thousands of letters issued each year have been revealed. That Google can now speak freely about the 2015 national security letter is a result of those changes. Government watchdogs have criticized the FBI for abusing national security letters multiple times over the years ? for restricting First Amendment protected speech, failing to provide enough evidence to make the requests, and targeting a massive number of Americans without notifying them or giving them the chance for redress. The provisions in the Freedom Act were meant to address some concerns ? including what many have argued are unconstitutionally lengthy gag orders. But Google in its short blog post did not publish the contents of the actual letter the way other companies, including Yahoo, have done in recent months. Asked about plans to release the national security letter, a Google spokesperson told The Intercept it will release it, though it wouldn?t say when or in what form it will do so. Google hasn?t previously published any national security letters, though it?s possible gag orders for prior demands are still in place. It?s also unclear why Google wouldn?t immediately publish the document ? unless the gag is only partially lifted, or the company is involved in ongoing litigation to challenge the order, neither of which were cited as reasons for holding it back ?I think the question is really a great and important one for Google,? Brett Max Kaufman, a national security staff attorney for the American Civil Liberties Union wrote in an email to The Intercept. Kaufman recently worked with Open Whisper Systems, the creators of end-to-end encrypted messaging application Signal, to successfully challenge a gag order on a criminal subpoena ? though the company had almost no information to turn over, based on the way the application is designed. ?If the gag is really gone in its entirety ? maybe it?s not ? it?s hard to imagine why they couldn?t publish a redacted version of it that would still protect the target?s privacy,? Kaufman continued. ?From here it seems like a policy choice not to release it, and a strange one at that.? Contact the author: Jenna McLaughlin?jenna.mclaughlin@?theintercept.comt at JennaMC_Laugh -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 14 15:57:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2016 20:57:35 -0000 Subject: [Infowarrior] - DOJ challenges landmark Microsoft warrant case Message-ID: <2A741FB6-E405-4609-A127-53AE76CF0B95@infowarrior.org> DOJ challenges landmark Microsoft warrant case By Joe Uchill - 10/14/16 01:29 PM EDT http://thehill.com/policy/cybersecurity/301055-doj-challenges-microsofts-landmark-irish-email-case The Department of Justice (DOJ) is appealing a landmark court decision that requires information stored on a server in a foreign country to be obtained in accordance with that nation's laws. In July, a panel of three federal judges ruled that a United States warrant could not compel Microsoft to retrieve emails stored on a server located in Ireland. Traditionally, countries request cooperation from one another in accordance with negotiated treaties to obtain evidence abroad. The DOJ has filed for a new hearing in front of the full appeals court for the Southern District of New York, arguing that the previous ruling will hamper investigations. ?In the best cases, the Government may be able to obtain this information via the costly, cumbersome and time-consuming process of seeking legal assistance from foreign authorities pursuant to treaties, where available; but in many cases the Government will have no means of obtaining the information at all,? reads the DOJ filing. ?This effect is already harming important investigations, and it has potentially far-reaching consequences.? Civil libertarians and technology activists celebrated the Microsoft ruling because it added a separate government to serve additional check on authorities' power to collect evidence. Internationally, the ruling was also popular for reaffirming the sovereignty of foreign nations. The DOJ argues in its filing that since Microsoft can transfer the information at will, without leaving the U.S., the evidence should be covered by a U.S. warrant. And it says that responding to the warrant would not circumvent the privacy of users, because they have no way to know, or control, where their data is stored. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 14 16:33:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2016 21:33:18 -0000 Subject: [Infowarrior] - Trump refusal to accept government assessments on Russian hacks dismays former officials Message-ID: <2ED1F110-4668-4096-8424-071BFF83A44E@infowarrior.org> Trump refusal to accept government assessments on Russian hacks dismays former officials By Dana Priest and Tom Hamburger October 14 at 3:48 PM https://www.washingtonpost.com/politics/trump-refusal-to-accept-government-assessments-on-russian-hacks-dismays-former-officials/2016/10/14/6d1c7f60-8fc4-11e6-9c52-0b10449e33c4_story.html Former senior U.S. national security officials are dismayed at Republican presidential candidate Donald Trump?s repeated refusal to accept the judgment of intelligence professionals that Russia stole files from the Democratic National Committee computers in an effort to influence the U.S. election. The former officials, who have served presidents in both parties, say they were bewildered when Trump cast doubt on Russia?s role after receiving a classified briefing on the subject and again after an unusually blunt statement from U.S. agencies saying they were ?confident? that Moscow had orchestrated the attacks. ?It defies logic,? retired Gen. Michael V. Hayden, former director of the CIA and the National Security Agency, said of Trump?s pronouncements. Trump has assured supporters that, if elected, he would surround himself with experts on defense and foreign affairs, where he has little experience. But when it comes to Russia, he has made it clear that he is not listening to intelligence officials, the former officials said. ?He seems to ignore their advice,? Hayden said. ?Why would you assume this would change when he is in office?? Russian president Vladimir Putin says the scandal that has erupted in the United States over allegations Russia hacked Democratic Party emails has not been in Moscow's interests and that both sides in the U.S. election campaign are just using Russia to score points. (Reuters) The Trump campaign did not respond to requests for comment. Several former intelligence officials interviewed this week believe that Trump is either willfully disputing intelligence assessments, has a blind spot on Russia, or perhaps doesn?t understand the nonpartisan traditions and approach of intelligence professionals. In the first debate, after intelligence and congressional officials were quoted saying that Russia almost certainly broke into the DNC computers, Trump said: ?I don?t think anybody knows it was Russia that broke into the DNC. I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, okay?? During the second presidential debate, Trump ignored what a U.S. government official said the candidate learned in a private intelligence briefing: that government officials were certain Russia hacked the DNC. That conclusion was followed by a public and unequivocal announcement by the Office of the Director of National Intelligence and the Department of Homeland Security that Russia was to blame. ?Maybe there is no hacking,? Trump said during that debate. ?I don?t recall a previous candidate saying they didn?t believe? the information from an intelligence briefing, said John Rizzo, a former CIA lawyer who served under seven presidents and became the agency?s acting general counsel. ?These are career people. They aren?t administration officials. What does that do to their morale and credibility?? Former acting CIA director John MacLaughlin said all previous candidates took the briefings to heart. ?In my experience, candidates have taken into the account the information they have received and modulated their comments,? he said. Trump, on the other hand, ?is playing politics. He?s trying to diminish the impression people have that [a Russian hack of the DNC] somehow helps his cause.? On Thursday, the ranking Democrat on the Senate Intelligence Committee, Sen. Dianne Feinstein (Calif.), said information she received has led her to conclude that Russia is attempting ?to fix this election.? She called on Trump and elected officials from both parties ?to vocally and forcefully reject these efforts.? Trump has consistently adopted positions likely to find favor with the Kremlin. He has, for instance, criticized NATO allies for not paying their fair share and defended Russian President Vladi?mir Putin?s human rights record. Local Politics Alerts Breaking news about local government in D.C., Md., Va. Please provide a valid email address. ?It?s remarkable that he?s refused to say an unkind syllable about Vladimir Putin,? Hayden said. ?He contorts himself not to criticize Putin.? Trump?s running mate, Indiana Gov. Mike Pence, said in the vice-presidential debate last week that the United States should ?use military force? against the Syrian leader Bashar al-Assad. Trump disagreed. Rather than challenge Assad and his Russian ally, Trump said in the second debate, the United States should be working with them against the Islamic State. ?Assad is killing ISIS. Russia is killing ISIS. Iran is killing ISIS,? he said, using an acronym for the Islamic State. Russia and Syria have mostly been targeting opposition groups as well as civilians trapped in Aleppo ? not the Islamic State. ?That?s the Syrian, Russia, Iranian narrative,? Hayden said of Trump?s assertion. Greg Miller contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 14 17:55:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2016 22:55:48 -0000 Subject: [Infowarrior] - =?utf-8?q?Hillary_Clinton=E2=80=99s_Encryption_Pr?= =?utf-8?q?oposal_Was_=E2=80=9CImpossible=2C=E2=80=9D_Said_Top_Adviser?= Message-ID: <91A1B086-81D1-4C38-9F1C-A5E8496D10B9@infowarrior.org> Hillary Clinton?s Encryption Proposal Was ?Impossible,? Said Top Adviser Alex Emmons 2016-10-14T21:10:33+00:00 https://theintercept.com/2016/10/14/hillary-clintons-encryption-proposal-was-impossible-said-top-adviser/ Hillary Clinton?s advisers recognized that her policy position on encryption was problematic, with one writing that it was tantamount to insisting that there was ??some way? to do the impossible.? Instead, according to campaign emails released by Wikileaks, they suggested that the campaign signal its willingness to use ?malware? or ?super code breaking by the NSA? to get around encryption. In the wake of the Paris attacks in November, Clinton called for ?Silicon Valley not to view government as its adversary,? and called for ?our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy.? When asked during a debate in December whether she would legally compel companies to build a backdoor into their products to give law enforcement access to unencrypted communications, Clinton responded ?I would not want to go to that point.? But she then called for a ?Manhattan-like project? to develop secure communication while allowing the government to read messages. Cryptography experts overwhelmingly agree that backdoors inevitably undermine the security of strong encryption, making the two essentially incompatible. The day after the debate, Sara Solow, domestic policy adviser for the Clinton campaign, called Clinton?s position ?impossible? in an email with Teddy Goff, the campaign?s chief digital strategist. ?[S]he?s certainly NOT calling for the backdoor now,? Solow said, ?although she does then appear to believe there is ?some way? to do the impossible.? Goff had written that he thought Clinton?s reply was a ?solid B/B+,? and suggested that she ?thread the needle? and ?quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people.? Goff also said that the Manhattan project analogy was something which Clinton should ?truly, truly should not make ever again ? can we work on pressing that point somehow?? Solow?s suggestion was that the campaign quietly signal to Silicon Valley ? a major source of donations for the campaign ? that Clinton would support government hacking to circumvent encryption. ?Couldn?t we tell tech [companies] off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se?? The FBI has in fact used targeted hacking to get around encryption tools, quietly and effectively. In 2007, for example, FBI agents caught a teenager who was sending online bomb threats to a high school in Lacey, Washington, by sending him a link that installed malware on his computer. The Clinton campaign had previously struggled to answer inquiries about the candidate?s position on encryption. ?This is going to be a challenge,? Clinton foreign policy adviser Jake Sullivan said in a November exchange about how to respond to a press inquiry. ?I think we should give a comment on the anonymizing tools and punt on backdoors.? During Clinton?s tenure as secretary of state, the State Department aggressively funded the development of encryption and anonymous web browsing tools. In Solow?s email, she asked whether there was any actual evidence of terrorists using the technologies the State Department funded. ?Is there evidence,? asked Solow, ?that bad guys ? not just dissidents but terrorists or whatever ? have also benefitted from the technologies supported by the [State Department?s] Internet freedom agenda?? In response to terror attacks, Clinton has repeatedly called for an ?intelligence surge,? but has provided little clarification about what she means. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Oct 16 16:32:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Oct 2016 21:32:12 -0000 Subject: [Infowarrior] - Feds Walk Into A Building. Demand Everyone's Fingerprints To Open Phones Message-ID: <5795CE0E-A690-4E3D-ACE2-F82D567D0239@infowarrior.org> Feds Walk Into A Building. Demand Everyone's Fingerprints To Open Phones Oct 16, 2016 @ 12:30 PM http://www.forbes.com/sites/thomasbrewster/2016/10/16/doj-demands-mass-fingerprint-seizure-to-open-iphones/ Apple phones are just one target of the DoJ?s numerous attempts to force suspects to open devices with their fingerprints. (AP Photo/Kiichiro Sato) In what?s believed to be an unprecedented attempt to bypass the security of Apple iPhones, or any smartphone that uses fingerprints to unlock, California?s top cops asked to enter a residence and force anyone inside to use their biometric information to open their mobile devices. FORBES found a court filing, dated May 9 2016, in which the Department of Justice sought to search a Lancaster, California, property. But there was a more remarkable aspect of the search, as pointed out in the memorandum: ?authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.? The warrant was not available to the public, nor were other documents related to the case. According to the memorandum, signed off by U.S. attorney for the Central District of California Eileen Decker, the government asked for even more than just fingerprints: ?While the government does not know ahead of time the identity of every digital device or fingerprint (or indeed, every other piece of evidence) that it will find in the search, it has demonstrated probable cause that evidence may exist at the search location, and needs the ability to gain access to those devices and maintain that access to search them. For that reason, the warrant authorizes the seizure of ?passwords, encryption keys, and other access devices that may be necessary to access the device,?? the document read. Legal experts were shocked at the government?s request. ?They want the ability to get a warrant on the assumption that they will learn more after they have a warrant,? said Marina Medvin of Medvin Law. ?Essentially, they are seeking to have the ability to convince people to comply by providing their fingerprints to law enforcement under the color of law ? because of the fact that they already have a warrant. They want to leverage this warrant to induce compliance by people they decide are suspects later on. This would be an unbelievably audacious abuse of power if it were permitted.? Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation (EFF), added: ?It?s not enough for a government to just say we have a warrant to search this house and therefore this person should unlock their phone. The government needs to say specifically what information they expect to find on the phone, how that relates to criminal activity and I would argue they need to set up a way to access only the information that is relevant to the investigation. ?The warrant has to be particular in how it describes the place to be searched and the thing to be seized and limited in scope. That?s why if a government suspects criminal activity to be happening on a property and there are 50 apartments in that property they have to specify which apartment and why and what they expect to find there.? Whilst the DoJ declined to comment, FORBES was able to contact a resident at the property in question, but they refused to provide details on the investigation. They did, however, indicate the warrant was served. ?They should have never come to my house,? the person said. (In an attempt to protect the residents? privacy, FORBES has chosen to censor the address from the memorandum posted below and concealed their name. But the document is public ? search hard enough and you?ll find it). ?I did not know about it till it was served? my family and I are trying to let this pass over because it was embarrassing to us and should?ve never happened.? They said neither they nor any relatives living at the address had ever been accused of being part of any crime, but declined to offer more information. ?We?ve never seen anything like this,? Lynch added. Indeed, the memorandum has revealed the first known attempt by the government to acquire fingerprints of multiple individuals in a certain location to unlock smartphones. The document also showed the government isn?t afraid of getting inventive to bypass the security of modern smartphones. Faced with growing technical difficulties of unlocking phones, the government has sought to find new legal measures allowing them easy routes in, hence the All Writs Act order that demanded Apple open the iPhone 5C of San Bernardino shooter Syed Rizwan Farook. But with Apple refusing to comply with the order, and pushback from the likes of Google and Microsoft, cops are increasingly looking to fingerprints as one option for searching smartphones. FORBES revealed earlier this year one of the first-known warrants demanding a suspect depress their fingerprints to open an iPhone, filed by Los Angeles police in February. This publication also uncovered a case in May where feds investigating an alleged sex trafficking racket wanted access to a suspect?s iPhone 5S with his fingerprints. Both were ultimately unsuccessful in opening the devices. The Michigan State Police Department had more luck this summer by asking a university professor to create a fake fingerprint that could unlock a Samsung Galaxy S6. The team, led by Dr. Anil Jain, succeeded. He told FORBES in July the same techniques worked on an iPhone 6 and a Samsung S7. Is it legal? The memorandum ? which specifically named Apple, Samsung, Motorola and HTC as manufacturers of fingerprint-based authentication ? outlined the government?s argument that taking citizens? fingerprint or thumbprint without permission violated neither the Fifth nor Fourth Amendment. In past interpretations of the Fifth Amendment, suspects have not been compelled to hand over their passcode as it could amount to self-incrimination, but the same protections have not been afforded for people?s body data even if the eventual effect is the same. Citing a Supreme Court decision in Schmerber v. California, a 1966 case in which the police took a suspect?s blood without his consent, the government said self-incrimination protections would not apply to the use of a person?s ?body as evidence when it may be material.? It also cited Holt v. United States, a 1910 case, and United States v. Dionisio, a 1973 case, though it did point to more recent cases, including Virginia v. Baust, where the defendant was compelled to provide his fingerprint to unlock a device (though Baust did provide his biometric data, it failed to open the iPhone; after 48 hours of not using Touch ID or a reboot Apple asks for the code to be re-entered.). As for the Fourth, the feds said protections against unreasonable searches did not stand up when ?the taking of fingerprints is supported by reasonable suspicion,? citing 1985?s Hayes v. Florida. Other cases, dated well before the advent of smartphones, were used to justify any brief detention that would arise from forcing someone to open their device with a fingerprint. The justifications didn?t wash with Medvin or Lynch. Of the Fourth Amendment argument, Medvin said the police don?t have the right to search a person or a place in hopes of justifying the search later as reasonable. ?That?s not how the 4th Amendment works,? Medvin added. ?You need to have a reasonable basis before you begin the search ? that reasonable basis is what allows you to search in the first place.? ?The reason I?m so concerned about this ? is that it?s so broad in scope and the government is relying on these outdated cases to give it access to this amazing amount of information? The part the government is ignoring here is the vast amount of data that?s on the phone,? Lynch added. ?If this kind of thing became law then there would be nothing to prevent? a search of every phone at a certain location.? Tips and comments are welcome at TFox-Brewster at forbes.com or tbthomasbrewster at gmail.com for PGP mail. Get me on Twitter @iblametom and tfoxbrewster at jabber.hot-chilli.net for Jabber encrypted chat. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 18 06:29:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2016 11:29:12 -0000 Subject: [Infowarrior] - T---p's Twitter debate lead was 'swelled by bots' - BBC News Message-ID: Trump's Twitter debate lead was 'swelled by bots' - BBC News By Shiroma Silva BBC News More than four times as many tweets were made by automated accounts in favour of Donald Trump around the first US presidential debate as by those backing Hillary Clinton, a study says. The bots exaggerated support for the Republican, it suggests, but Trump would still have won a higher number of supportive tweets even if they had not. The authors warn such software has the capacity to "manipulate public opinion" and "muddy political issues". The report has yet to be peer-reviewed. And one critic noted that it was impossible to be completely sure which accounts were real and which were "web robots". < -- > The investigation was led by Prof Philip Howard, from the University of Oxford, and is part of a wider project exploring "computational propaganda". It covered tweets posted on 26 September, the day of the debate, plus the three days afterwards, and relied on popular hashtags linked to the event. < - > http://www.bbc.com/news/technology-37684418 -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 18 06:34:24 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2016 11:34:24 -0000 Subject: [Infowarrior] - =?utf-8?q?The_Government=E2=80=99s_Addiction_to_?= =?utf-8?b?4oCYU2VjcmV0IExhd+KAmQ==?= Message-ID: The Government?s Addiction to ?Secret Law? Elizabeth Goitein http://www.nytimes.com/2016/10/18/opinion/the-governments-addiction-to-secret-law.html Elizabeth Goitein co-directs the Brennan Center for Justice?s Liberty and National Security Program and is author of the center?s report ?The New Era of Secret Law.? The Central Intelligence Agency?s torture of detainees, and the National Security Agency?s warrantless wiretapping of Americans? international communications, were two of the most controversial programs our government implemented after Sept. 11. Both are now widely considered to have been illegal, even though both were authorized by official legal analyses that were withheld from the public ? a phenomenon known as ?secret law.? The notion of secret law is as counterintuitive as it is unsettling. When most of us think of law, we think of statutes passed by Congress, and we take for granted that they are public. Statutes, however, are only one kind of law. When the secret surveillance panel known as the Foreign Intelligence Surveillance Court, or FISA court, construed the Patriot Act to allow bulk collection of Americans? phone records, that interpretation became part of the statute?s meaning. When President Obama issued procedures and standards for using lethal force against suspected terrorists overseas, agency officials were bound to follow them. Mark Wilson/Getty Images In the realm of national security, where Congress tends to tread lightly, other sources of law predominate ? and a new study by the Brennan Center shows that they are frequently withheld from the public. Intelligence agencies routinely issue rules and regulations without publishing them in the Federal Register, exploiting what are intended to be narrow exceptions to the publication requirement. Most presidential directives addressing national security policy are not made public. Documents released by the State Department in litigation reveal that 42 percent of binding agreements between the United States and other countries are unpublished. Secret law persists even in areas where we thought the secrecy had ended. Although President Obama is often credited for releasing controversial memos written by the Justice Department?s Office of Legal Counsel under the Bush administration ? such as the infamous ?torture memos? ? new data show that at least 74 O.L.C. opinions from 2002 to 2009 on national security issues, including intelligence gathering and the detention and interrogation of suspected terrorists, remain classified. Similarly, despite the disclosure of many FISA court opinions following Edward Snowden?s revelations, new information from the Justice Department indicates that about 30 significant opinions remain secret. We pay a high price for this system. Secret law denies us the ability to shape the rules that govern official conduct through the democratic process. It prevents us from holding the government accountable for violations, rendering such violations more likely. It weakens checks and balances, as both legislative and judicial oversight operate less effectively under the constraints imposed by secrecy. Secret law is also bad law: When rules are developed by small groups of officials without the input of outside experts or stakeholders, their quality suffers. Indeed, an inherent conflict of interest exists when the executive branch enacts laws out of the public eye to govern its own actions. This can result in policies that are ineffective, ill advised or even contrary to statutes or the Constitution. In theory, congressional oversight should stand in for public scrutiny. But the system breaks down in practice. Executive officials sometimes refuse to provide legal interpretations to oversight committees. Even when they have access, lawmakers often fail to push back against interpretations that go too far. After all, they have little incentive to take on the national security establishment when their constituents are not even aware that a problem exists. The costs imposed by secret law are for the most part unjustified. National security frequently requires secrecy in the details of intelligence or military operations. Rules and regulations, however, establish general standards for conduct; they do not normally include details like dates, times, targets or sources. As for opinions that apply the law in specific cases, if their authors anticipated disclosure, they could write in a manner that minimized the entanglement of law and fact. The sensitive information could then be redacted without obscuring the legal analysis. There have been recent notable steps to rein in secret law. In 2015, Congress passed a law requiring more transparency in FISA court opinions, and the office of the director of national intelligence has published all of its ?Intelligence Community Directives? online. These changes are proof of concept, as the law in these areas has become far more accessible without harm to national security. We should now build on this progress. Decisions about what can be kept secret should be made by an interagency group rather than a single official. The standard for secrecy should be more specific and more demanding than the current, vague yardstick of potential harm to national security. Agencies should maintain public indexes, including certain basic information about each secret law, to enable challenges and an assessment of how the system is working. And there should be a firm limit on how long any law may remain secret. The president should order these changes, with Congress conducting public oversight to ensure their faithful implementation. These reforms might not end secret law altogether. But they would help ensure that secret law was the exception, not the expectation, in national security matters. In this election year, as we honor our right to govern ourselves, those in power and those seeking it should affirm that a regime of secret law has no place in a democracy. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 18 10:01:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2016 15:01:30 -0000 Subject: [Infowarrior] - Leo Beranek, Engineer Involved in Internet Precursor, Dies at 102 Message-ID: <83A041CC-2E27-4C0A-A730-8F5F73E6959A@infowarrior.org> Leo Beranek, Engineer Involved in Internet Precursor, Dies at 102 By GLENN RIFKIN http://mobile.nytimes.com/2016/10/18/business/leo-beranek-dead.html October 17, 2016 Leo L. Beranek, an engineer whose company designed the acoustics for the United Nations and concert halls at Lincoln Center and Tanglewood, then built the direct precursor to the internet under contract to the Defense Department, died on Oct. 10 at his home in Westwood, Mass. He was 102. His death was confirmed by his son James. Dr. Beranek taught acoustic engineering at Harvard and M.I.T. for more than three decades after World War II, conducting research there that laid the groundwork for acoustic advances with wide social impact, including noise standards for public buildings and airports. But one of his most notable achievements was well outside the field of acoustics. In 1969, the company he helped found, Bolt, Beranek & Newman, won a contract from the Defense Department?s Advanced Research Projects Agency to build the first computer-based network, which came to be called Arpanet. By demonstrating the ability to share data and messages through vast computer networks, Arpanet, a product of government-sponsored research, paved the way for the creation of the internet. Among its many breakthrough achievements, his company sent the first email message that used the @ symbol, in 1972. Dr. Beranek was a sought-after acoustics genius, and Bolt, Beranek & Newman?s first contract was to design the acoustics of the United Nations General Assembly Hall in New York. He also improved the acoustic environment in such landmark concert venues as the Koussevitzky Music Shed at the Tanglewood Music Center in Lenox, Mass., and Philharmonic Hall (now David Geffen Hall) at Lincoln Center in New York. Dr. Beranek?s most successful book, ?Acoustics,? published in 1954, remains a textbook for acoustic engineering students around the world. From 1948 to 1958 he did work on noise control, creating standards that are used internationally today. ?I looked into how quiet do spaces have to be to be pleasant for people,? he told an interviewer in 2009. ?In other words, can you write a specification saying that if you?re going to have an office, the noise should not be any greater than so much? What are acceptable noise standards in a home, in a factory, in a concert hall? I wrote those.? At the advent of the jet age, Dr. Beranek?s work on noise control became a factor in the controversy over noise levels near the world?s airports when the Boeing 707 jet began flights to Europe from Idlewild (now Kennedy International) Airport in 1958. Despite claims by the airlines and Boeing that jets were no louder than propeller aircraft, Dr. Beranek?s tests showed otherwise, and the airlines were compelled to install mufflers on their jets and make steep climbs during takeoffs to control the noise levels. These standards were adopted around the world. Dr. Beranek was also a founder of a Boston television station, WCVB, and a major donor to arts institutions, including the Boston Symphony Orchestra. Leo Leroy Beranek was born on Sept 14, 1914, in Solon, Iowa. His mother died when he was 11. His father was a farmer and later an owner of a hardware and farm machinery store in Mount Vernon, Iowa. When he was a junior in high school, Dr. Beranek took a correspondence course on radio that sparked a love affair with the medium that lasted for the rest of his life. He opened a radio repair business as a high school senior and became known in Mount Vernon as ?the radio man.? His business paid his tuition and living expenses at Cornell College in Mount Vernon, where he enrolled in fall 1931. He graduated with a degree in physics and mathematics in 1936. During his senior year, a chance encounter outside the Mount Vernon town library changed his life. One afternoon, Dr. Beranek noticed a Cadillac with a flat tire stopped on the street. A middle-aged man emerged from the car, and Dr. Beranek offered to help him change the tire. He chatted with the grateful driver, Glenn Browning, a businessman from Massachusetts, who suggested he apply to Harvard for graduate studies in engineering. Mr. Browning had once taught at Harvard and offered himself as a reference. Dr. Beranek applied and was offered a full scholarship. With a master?s degree in physics and communication engineering from Harvard, he worked with a professor of acoustics, Frederick Hunt, and earned a doctorate in 1940. He became an assistant professor at Harvard that year and held that position until 1946. In 1943 Dr. Bernanek married Phyllis Knight. She died in 1982. He later married Gabriella Sohn, who survives him. Beside his son James, other survivors include another son, Thomas Beranek Haynes; two stepsons, and a granddaughter. During World War II, Dr. Beranek became director of Harvard?s Electroacoustic Lab, where he worked to improve voice communication with airplanes at the request of the military. Until then, voice communication from the ground to airplanes at high altitude was impossible. After the war, Dr. Beranek was recruited to teach at M.I.T., where he was named technical director of the engineering department?s acoustics laboratory. The administrative director of that lab was Richard Bolt, who later founded Bolt, Beranek & Newman with Dr. Beranek and Robert Newman, a former student of Dr. Bolt?s. The company was conceived as a center for leading-edge acoustic research. But Dr. Beranek changed its direction in the 1950s to include a focus on the nascent computer age. ?As president, I decided to take B.B.N. into the field of man-machine systems because I felt acoustics was a limited field and no one seemed to be offering consulting services in that area,? Dr. Beranek said in a 2012 interview for this obituary. He hired J.C.R. Licklider, a pioneering computer scientist from M.I.T., to lead the effort, and it was Dr. Licklider who persuaded him that the company needed to get involved in computers. Under Dr. Licklider, the company developed one of the best software research groups in the country and won many critical projects with the Department of Defense, NASA, the National Institutes of Health and other government agencies. Though Dr. Licklider left in 1962, the company became a favored destination for a new generation of software developers and was often referred to as the third university in Cambridge. ?We bought our first digital computer from Digital Equipment Corporation, and with it we were able to attract some of the best minds from M.I.T. and Harvard, and this led to the ARPA contract to build the Arpanet,? Dr. Beranek said. ?I never dreamed the internet would come into such widespread use, because the first users of the Arpanet were large mainframe computer owners,? he said. ?This all changed when the personal computer became available. With the PC, I could see that computers were fun, and that is the real reason why all innovations come into widespread use.? Daniel E. Slotnik contributed reporting. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Oct 19 06:30:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Oct 2016 11:30:02 -0000 Subject: [Infowarrior] - Ecuador says it cut WikiLeaks founder's internet over US election interference Message-ID: Ecuador says it cut WikiLeaks founder's internet over US election interference Nicky Woolf https://www.theguardian.com/media/2016/oct/19/wikileaks-ecuador-julian-assange-internet-access Ecuador has confirmed that it has temporarily cut off internet access in its embassy in London to Julian Assange, the founder of the whistleblowing site WikiLeaks, over fears that he was using it to interfere in the US presidential election. The move followed the publication of leaked emails by WikiLeaks, including some from the Democratic National Committee (DNC) released just before the party?s convention in July, and more recently a cache of emails from the account of Hillary Clinton campaign adviser John Podesta. On Tuesday, officials released a statement saying that the government of Ecuador ?respects the principle of non-intervention in the internal affairs of other states? and had cut off the internet access available to Assange because ?in recent weeks, WikiLeaks has published a wealth of documents, impacting on the US election campaign?. The statement also reaffirmed the asylum granted to Assange and reiterated its intention ?to safeguard his life and physical integrity until he reaches a safe place?. Assange?s internet access was cut off on Monday morning. It was not immediately clear who was responsible, though a tweet from the site?s official account claimed it had been ?intentionally severed? by a ?state party?. It is not known who perpetrated the hacks that brought the emails to WikiLeaks. Assange?s organization styles itself a whistleblowing outfit and claims not to do or encourage any hacking itself. Yet cybersecurity experts have linked the hack of the DNC emails to hackers tied to the Russian government, leading many ? including Clinton?s campaign manager, Robby Mook ? to allege that Russia is using both hackers and Assange as tools to help rig the presidential election in favor of Donald Trump. On Saturday, the anti-secrecy organisation released three transcripts of Clinton?s paid Goldman Sachs speeches, which her campaign team had long refused to release. The transcripts show how she bantered with the investment bank?s executives, which is likely to fuel fears among liberal Democrats that she is too cosy with Wall Street. WikiLeaks was responsible for the release, in collaboration with several news organizations including the Guardian, of an explosive set of documents leaked by US army private Chelsea Manning, including a video titled Collateral Murder that showed a US air crew killing Iraqi civilians. Manning, who leaked the information, is currently in military prison. Assange has been confined to the Ecuadorian embassy in London since June 2012, when he sought and was granted asylum by Ecuador. Assange is wanted for questioning in Sweden over an allegation of rape in August 2010, which he denies. The Australian WikiLeaks founder has claimed he could be transferred to the US to face potential espionage charges arising from WikiLeaks? publishing activities. Swedish prosecutors had been due to question Assange at the embassy this week, but last week Ecuador?s attorney general said the long-awaited interview would be delayed until 14 November to ensure that Assange?s legal team could attend. The interview will be conducted by an Ecuadorian prosecutor, based on a list of questions from the Swedish chief prosecutor and a police investigator, who will be present. The Ecuadorians will later report the findings to Sweden. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Oct 19 06:35:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Oct 2016 11:35:02 -0000 Subject: [Infowarrior] - Media vulnerable to Election Night cyber attack Message-ID: <5767C34D-C090-4E24-A061-398E59704A3E@infowarrior.org> Media vulnerable to Election Night cyber attack By Darren Samuelsohn and Hadas Gold http://www.politico.com/story/2016/10/media-vulnerable-to-election-night-cyber-attack-229956 Despite spending hundreds of millions of dollars on security upgrades, U.S. media organizations have failed to properly protect their newsrooms from cyberattacks on their websites, communications systems and even editing platforms ? opening themselves up to the possibility of a chaos-creating hack around Election Day. In just the past month, BuzzFeed has been vandalized, and both Newsweek and a leading cybersecurity blog were knocked offline after publishing articles that hackers apparently didn?t appreciate. Federal law enforcement is investigating multiple attacks on news organizations, and journalists moderating the presidential debates say they?ve even gotten briefings from the FBI on proper cyber hygiene, prompting them to go back to paper and pens for prep work. ?We do a lot of printing out,? said Michele Remillard, an executive producer at C-SPAN, the network home to the backup moderator for all the debates. Journalists are seen as especially vulnerable soft targets for hackers. Their computers contain the kinds of notes, story ideas and high-powered contact lists coveted by foreign intelligence services. They also work in an environment that makes them ripe for attack, thanks to professional demands like the need for a constant online presence and inboxes that pop with emails from sources whom they don?t always know and which frequently contain the kinds of suspicious links and attachments that can expose their wider newsroom networks. Senior U.S. officials, current and former lawmakers and cybersecurity pros told POLITICO the threat against the media is real ? and they fret the consequences. Specifically, the security community is worried The Associated Press? army of reporters could get hacked and the wire service ? the newsroom that produces the results data on which the entire media world relies ? inadvertently starts releasing manipulated election tallies or that cybercriminals penetrate CNN?s internal networks and change Wolf Blitzer?s teleprompter. ?It?s the art of possible is what really scares me,? said Tony Cole, chief technology officer of FireEye, a Silicon Valley-based cybersecurity firm that works with some of the country?s major television and newspaper companies. ?Everything is hackable.? ?No site is safe,? added Tucker Carlson, editor-in-chief of The Daily Caller. ?If the federal government can be hacked, and the intelligence agencies have been hacked, as they?ve been then, can any news site say we have better cybersecurity than the FBI or Google?? The media have long been a spy?s best friend. Intelligence community sources say that foreign and U.S. agents use local newspapers to look for clues about their targets, and that strategy has only grown more sophisticated in an all-online era in which foreign intelligence is reportedly known to hover over a media company?s servers searching for any kind of heads-up on relevant stories inching closer to publication. Reporters on the campaign trail and back in their home bureaus said in interviews that they?ve become increasingly aware of their status as potential hacking victims. The spate of recent attacks ? involving their sites and their competitors' ? are more than ample warning of what?s possible. Several journalists said they now use email and other communication with the expectation they?re being watched, and under the assumption that their messages can and will be hacked and shared publicly with the wider world. ?We?re a bigger target than the 7-Eleven down the street,? said Mark Leibovich, chief national correspondent for The New York Times Magazine. ?Presumably, we have really good, smart IT people who know what they?re doing, who are taking all kinds of precautions, who are acutely in tune with what the risks are and what the threats are.? There is perhaps no greater target in election journalism than the AP, the venerable wire service that will have more than 5,000 reporters, editors and researchers working across the country, tabulating results, calling races and feeding a much wider network of subscribers. Often other news outlets refer to the AP before making calls on races, and AP projections on the East Coast can have effects on West Coast voting, which closes hours later thanks to the time differences. Multiple sources in media, government and the security industry fretted about the effect if the AP were to get hit, and what that would do to their ability to get the news out. Journalists moderating the presidential debates say they?ve gotten briefings from the FBI on proper cyber hygiene, prompting them to go back to paper and pens for prep work. | AP Photo The AP will deploy reporters across the country to send up vote tallies, usually by phone, the wire service explained to The Washington Post in May. It also has multiple checks and balances in place to monitor for errors. But as with many other news organizations contacted by POLITICO, AP spokesman Paul Colford said the wire service?s policy is to refrain from making public comments about its security measures. ?Given the extraordinary interest in the presidential election and thousands of other state and local contests, we would add that AP has been working diligently to ensure that vote counts will be gathered, vetted and delivered to our many customers on Nov. 8,? he said. Federal and state officials stress that even a successful hack on a major news outlet around Election Day would not affect the final results, which typically take weeks to certify. The vote tallies, after all, will be available on official sites and in many instances on special social media feeds. And if a news site did get defaced with incorrect information, the results would be more like a modern-day version of the famous ?Dewey Defeats Truman? headline that President Harry Truman triumphantly held aloft the day after his 1948 reelection. Still, there is a widespread recognition ? from the White House down to the local precinct level ? that a hack on the media could be damaging given the role it plays in getting election news out to satisfy the country?s insatiable information appetite. Misinformation circulated in the early hours of Nov. 8 about the race?s trajectory, for example, could factor into a voter?s decision to even show up during the election?s final hours, especially in Western states. There?s also concern that false media reports spread via a hacked news account could be a potential spark for violence in an already exceptionally charged atmosphere. On the flip side, there?s a recognition that the media can help build public confidence in the final results, especially following a campaign that?s been engulfed in its closing weeks by Russian-sponsored hacking of the Democratic National Committee, the hacking of Hillary Clinton?s campaign chairman?s personal emails, and Donald Trump?s unfounded charges of vote rigging. ?To the degree that foreign hackers could prevent the dissemination of good information around the election, that can be a problem,? said Rep. Adam Schiff, the top Democrat on the House Intelligence Committee. The California congressman said he frets that media outlets, like many other industries, face ?massive costs? in protecting themselves against cyberattacks with ?no end in sight? to the potential risks. Schiff added that he is especially concerned about smaller news organizations without major IT budgets or the backing of larger parent companies. ?They?re much more vulnerable,? he said. Cybersecurity experts say media spending to protect news organizations against cyberattack has grown substantially in the past three years, especially in the wake of North Korea?s attack on Sony Pictures in late 2014. The price tag for vulnerability audits and other techniques varies by the size of the newsroom and the surface area for potential attacks, but multiple sources said quarterly audits can easily cost $50,000 or more. Cyber experts and media officials from newsrooms across the country said they?re prepped to deal with a range of threats to their sites, including the kinds of malware that can infect a computer network and give hackers an entry point to manipulate a home site. They?re also building backup capacity in the event of a DDoS attack, or distributed denial of service, that tries to overwhelm a website or server with fake traffic. News sites, they note, are already prepping for monster traffic around the election, which can surge as much as 30 times compared with other big events this cycle, such as a debate or primary. At the staffing level, newsrooms have also been pushing for better cyber habits by hosting training seminars, requiring employees to take must-pass exams and requiring double-authentication before granting access to a newsroom?s internal filing system and social media accounts. But cyber experts warn that all the preparatory work in the world can matter little for a news organization if it?s facing an attack from a more sophisticated actor. ?If all of a sudden your adversary becomes a nation-state, like Sony or the DNC with Russia, you see those kind of procedures aren?t worth a darn,? said Robert Anderson, a former senior FBI cyber official and a managing director at the Navigant consulting firm. The press has indeed been a familiar target for hackers. In 2013, hackers hit the AP?s Twitter account and posted a false report about a bombing at the White House, sending the stock market into a five-minute spiral. In more recentincidents, a USA Today columnist wrote an article in February admitting he was hacked midair while using his commercial flight?s WiFi, and the New York Times reported in August that its Moscow bureau was targeted by what were believed to be Russian hackers. Newsweek blamed hackers for a DDoS attack that took down its site last month soon after it published an article about Trump?s company allegedly violating the U.S. embargo against Cuba through secret business dealings in the 1990s. And BuzzFeed had several articles on its site altered earlier this month after it ran a story identifying a person allegedly involved in the hacking of tech CEOs and celebrities. ?I?m sure that lots of newsrooms are having this conversation right now, particularly as we get closer to the election and people have a lot more to lose when things don?t go their way,? said Brian Krebs, the cybersecurity blogger and former Washington Post reporter whose site went down last month after a major DDoS attack that he says was spawned by his reporting about the arrest of two Israeli hackers. With the threat of hackings against the media reaching such a heightened pace, many election observers urged both reporters and the reading public to take a deep breath as the results start coming in. ?If Twitter is reporting that Jill Stein wins South Carolina, that should probably give you pause,? said David Becker, executive director of the Center for Election Innovation and Research. Kelsey Sutton contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Oct 19 10:28:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Oct 2016 15:28:55 -0000 Subject: [Infowarrior] - Comcast Sued For Misleading Fees It Claims Are Just Its Way Of Being 'Transparent' Message-ID: Comcast Sued For Misleading Fees It Claims Are Just Its Way Of Being 'Transparent' In addition to vanilla price hikes and usage caps and overage penalties, ISPs have spent the last few years borrowing a tactic from the banking industry to covertly jack up the advertised price of broadband service: the completely nonsensical hidden fee. From CenturyLink's $2 per month "Internet Cost Recovery Fee" to Fairpoint's $3 per month "Broadband Cost Recovery Fee," such fees usually just hide some of the cost of doing business below the line, letting an ISP advertise one price, then charge something quite different at the end of the month. Encouraged by the fact that the FCC can't be bothered to police this behavior, a few years ago Comcast began charging its cable customers a "Broadcast TV fee." At the time, Comcast proudly proclaimed it was just being "transparent" by taking a portion of the retransmission fees paid to broadcasters and putting it below the line: "Beginning in 2014, we will itemize a portion of broadcast retransmission costs as a separate line item to be more transparent with our customers about the factors that drive price changes," he said. ?In 2014, we will not increase the price of Limited Basic or Digital Preferred video service, and adjustments to other video service prices will be lower than they would have been without the Broadcast TV Fee." The problem with this logic is two fold. One, the money Comcast pays to broadcasters for programming is the cost of doing business as a cable company and should be included in the overall bill. Two, this is effectively little more than Comcast advertising a lower rate, only to shock users with a higher bill. It's false advertising, which is about as far from being "transparent" with consumers as you can get. Yet again, you'd be hard pressed to see the FCC so much as mention this sort of behavior, despite occasional, breathless announcements that the regulator is very concerned about transparency in the cable and broadband sector. Fast forward to this week, when eight plaintiffs filed a class action lawsuit against the cable giant alleging consumer fraud, unfair competition, unjust enrichment and breach of contract for trying to covertly raise rates while the users were supposed to be under a locked-in rate: < - > https://www.techdirt.com/articles/20161018/12321335831/comcast-sued-misleading-fees-it-claims-are-just-way-being-transparent.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 21 06:49:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Oct 2016 11:49:09 -0000 Subject: [Infowarrior] - How Podesta became a cybersecurity poster child Message-ID: How Podesta became a cybersecurity poster child By Martin Matishak http://www.politico.com/story/2016/10/john-podesta-cybersecurity-hacked-emails-230122 When John Podesta forgot his Apple iCloud password last spring, he asked an aide to remind him ? so she emailed it to him. And that set the stage for trouble for Hillary Clinton's campaign chairman. First, a WikiLeaks dump last week of Podesta's alleged Gmail messages revealed the password ? ?Runner4567" ? to the world. Then someone hijacked Podesta's Twitter account, possibly using the same password, and blasted out the tweet: ?I?ve switched teams. Vote Trump 2015.? The next morning, a security researcher found evidence that digital pranksters had used the password to remotely erase all the contents from Podesta?s Apple devices. The cascade of woes, which Clinton's campaign has not confirmed, appears to make Podesta just the latest Washington power player to join an inglorious club ? the roster of senior government officials and political operatives who, like tens of millions of other Americans, have failed to take basic protections for their sensitive data. Others in the elite group include Director of National Intelligence James Clapper, CIA Director John Brennan and 2012 Republican presidential nominee Mitt Romney, whose personal emails have all suffered assault from digital intruders. Podesta's saga is both an object lesson and a warning that D.C. needs to up its cyber game, security experts said. "This one has it all,? said Joe Siegrist, CEO of the password-management company LastPass, which offers people an encrypted app to house their login credentials. ?An absolutely terrible password. Assistants emailing the password. Passwords being re-used for a bunch of different sites. Pretty much all the classic mistakes that everybody who has zero care about this makes. ?When you do everything wrong, you?re bound to fail,? Siegrist added. While ordinary Americans routinely make many of the same mistakes, some cyber experts say such weaknesses are especially damaging when they involve big players like Podesta, whose emails were targeted by hackers in what U.S. intelligence agencies allege is an attempt by Russia to meddle in the U.S. presidential election. ?Podesta?s hack affects the rest of us,? said Christopher Soghoian, the chief technologist at the American Civil Liberties Union. ?If the hacking of his emails influences the election, that?s a big problem.? And the experts said U.S. cyber policy has an even more gaping flaw: High-ranking officials? private email accounts are not treated as the valuable trove of intelligence they are. ?These are not average people,? Soghoian said. ?Their communications are being targeted by nation-states and they need to be protected.? He said Podesta?s hack could be the tipping point by sparking ?a conversation about whether the personal accounts of policymakers and those involved in the political process should be getting help to protect themselves.? That help could come from an agency like the Secret Service, which is already a player in the digital realm and provides personal physical protection to top-level federal officials and campaign VIPs. But until then, experts believe senior officials will continue to bungle their personal digital security. Podesta?s place in the Cybersecurity Hall of Shame came about thanks to this month?s WikiLeaks dumps of emails allegedly hacked from his personal Gmail account, one of which revealed that he had openly shared his easy-to-crack Apple iCloud password. And even worse, they indicate, he may have used it for multiple accounts, including Twitter. An email from May 16 shows Podesta asking Eryn Sepp, his former special assistant at the White House, whether she knew his Apple ID, which would grant access to his Apple accounts and devices. ?I do,? she responded, pasting his password into the email, a practice security specialists highly discourage. Screenshots of the email quickly made the rounds on the internet. Within hours, a hacker had taken over Podesta?s Twitter account and sent out the pro-Trump tweet. The incident led to speculation that Podesta may have employed the ?Runner4567? password for his Twitter account, and that he hadn?t turned on a security feature called ?two-factor authentication,? which requires users to enter a one-time code sent to their cellphone in addition to the regular password. The next morning, digital security researcher Matt Tait, chief executive of the United Kingdom-based firm Capital Alpha Security, captured screenshots from digital activists indicating they had remotely erased all the content from Podesta?s Apple devices. If true, that would mean Podesta probably hadn?t changed his iCloud password since it had appeared in the WikiLeaks dump. The Clinton campaign has not confirmed the digital wipe. It has also refused to verify or dispute the authenticity of many of the WikiLeaks emails, including the one that revealed Podesta?s iCloud password. Still, the incidents have served as yet another distraction for the campaign amid the daily WikiLeaks releases, which were already generating headaches. Security researchers said Thursday that they believe that hackers linked to Russian intelligence had committed the original breach of Podesta?s Gmail account, using another all-too-common exploit: In March, the hackers sent him a bogus alert that appeared to come from Google, warning Podesta that ?someone has your password.? That apparently prompted Podesta to click a link that redirected him to a fake Google login page, where he entered his credentials. (The site Motherboard initially reported the researchers? conclusions.) Podesta, a former senior White House official in the Obama and Bill Clinton administrations, is far from the first prominent political figure to fall victim to basic security lapses. In 2012, Gawker reported that hackers had broken into Romney?s personal Hotmail account after correctly answering his backup security question: ?What is your favorite pet?? Though reporters never confirmed speculation that the pet was Seamus ? the Irish setter that Romney had famously transported on the roof of his car ? these type of questions are easy for digital intruders to research and answer when they involve famous people. (The culprit who took credit for the intrusion claimed to have not taken any information.) During the 2008 election, a University of Tennessee student used a similar technique to break into the Yahoo email account of Republican vice presidential nominee Sarah Palin, then disclose some of her messages to WikiLeaks. The student was later sentenced to a year in federal custody. And just last month, a federal judge sentenced Marcel Lazar ? a Romanian hacker who went by the alias ?Guccifer? ? for infiltrating the emails of several Bush family members. The intrusion brought to light images of former President George W. Bush?s paintings, including a self-portrait of him in the shower. Even top intelligence officials have had their own digital fumbles. Within the last two years, intruders compromised the personal email accounts of both Clapper, the director of national intelligence, and Brennan, the CIA chief. In Brennan?s case, hackers penetrated his AOL account by posing as Verizon employees and getting AOL to reset his password. While a strong password would not have prevented this, turning on two-step authentication could have stymied the hackers. But Brennan had no such security installed, allowing the digital pranksters to steal and publish the spy chief?s application for a security clearance, a document that included exhaustive amounts of personal information in addition to sensitive details such as Brennan's Social Security number. Authorities recently arrested two North Carolina men on charges of committing the break-in. Washington?s problems with passwords are so well-known it?s reached the point of self-parody. President Barack Obama joked about it last year during the White House?s much-hyped cybersecurity conference at Stanford University. ?It?s just too easy for hackers to figure out usernames and passwords, like ?password,?? he said. ?Or ?12345 ? 7.? ?Those are some of my previous passwords,? Obama added, to laughter. ?I've changed them since then.? The issue is more than a punchline, though. Siegrist estimated that the sloppy personal cyber habits of top-level officials are creating a threat to national security that he pegged ?probably at 8? on a scale of 1 to 10. That?s because it?s ?highly likely that a similar pattern that someone uses at home is used at work as well,? he said. The White House has acknowledged that the password is an inherently flawed security measure and is funding efforts to eliminate it altogether. Through a program known as the National Strategy for Trusted Identities in Cyberspace, the administration has doled out grants to pilot projects that would allow people to access their accounts using other identifiers that are harder for hackers to compromise. Since 2012, the initiative has injected money into password alternatives that let people authenticate their identity online using mobile devices, digital rings and even bracelets. But this process is going to take ?quite a number of years,? cautioned Emmanuel Schalit, CEO of Dashlane, another password-management company. So in the meantime, the Obama administration is also trying to nudge both the public and federal agencies into better password practices. After last year?s bruising cyberattack at the Office of Personnel Management ? which exposed over 20 million federal workers? personnel files and security clearance forms ? the White House directed all federal agencies to rapidly boost multifactor authentication for the vast majority of their network users. Earlier this year, the White House?s issued a wide-ranging cybersecurity plan that included an October public-awareness campaign to encourage multifactor authentication. The changes the administration is touting are desperately needed. A recent annual data breach report from Verizon found that 63 percent of confirmed intrusions involved hackers exploiting weak, default or stolen passwords. Dashlane estimates that more than 2 billion people use passwords to gain access to accounts, but only 50 million use software that generates random, unique passwords for each login. And the average American has 130 online accounts registered to a single email address, a figure expected to double every five years. Developing a password alternative ?could have been easy to fix 25 years ago when the internet was created,? but ?today the internet has become big enough and global enough you can?t really make a mandate to individuals or to digital service providers to have them use some other system,? Schalit told POLITICO. Jeffrey Goldberg, a product security officer at AgileBits, expressed some sympathy for people who fail to keep up with latest security techniques. While it?s ?easy to blame and laugh at people for picking weak and guessable passwords or, worse, for reusing the same password for multiple sites and services,? he said, ?I don't think that it is generally fair to do so.? ?The world has built a system that requires extraordinary effort and diligence to use security and then go and blame people for not using the system securely,? added Goldberg, whose company makes the password manager 1Password. But for those in the highest reaches of government, it is imperative that they are forced to at least take the basic steps, experts conceded. Siegrist compared the latest high-profile stumbles to someone who buys a house that hundreds of people have rented and then neglects to change the locks. ?Yeah, you can probably get away with it for a while,? he said, ?but if you had valuable things behind your doors, you need to think a little more about it or about how else you?re going to secure it.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 21 10:39:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Oct 2016 15:39:26 -0000 Subject: [Infowarrior] - Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking Message-ID: Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user?s names. by Julia Angwin ProPublica, Oct. 21, 2016, 8 a.m. https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company?s ?number one priority when we contemplate new kinds of advertising products.? And, for nearly a decade, Google did in fact keep DoubleClick?s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts. But this summer, Google quietly erased that last privacy line in the sand ? literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits ?may be? combined with what the company learns from the use Gmail and other tools. The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer. The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct. The move is a sea change for Google and a further blow to the online ad industry?s longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people?s real names. But until this summer, Google held the line. ?The fact that DoubleClick data wasn?t being regularly connected to personally identifiable information was a really significant last stand,? said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law. ?It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy,? he said. ?That wall has just fallen.? Google spokeswoman Andrea Faville emailed a statement describing Google?s change in privacy policy as an update to adjust to the ?smartphone revolution? ?We updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices,? Faville wrote. She added that the change ?is 100% optional?if users do not opt-in to these changes, their Google experience will remain unchanged.? (Read Google?s entire statement.) Existing Google users were prompted to opt-into the new tracking this summer through a request with titles such as ?Some new features for your Google account.? The ?new features? received little scrutiny at the time. Wired wrote that it ?gives you more granular control over how ads work across devices.? In a personal tech column, the New York Times also described the change as ?new controls for the types of advertisements you see around the web.? Connecting web browsing habits to personally identifiable information has long been controversial. Privacy advocates raised a ruckus in 1999 when DoubleClick purchased a data broker that assembled people?s names, addresses and offline interests. The merger could have allowed DoubleClick to combine its web browsing information with people?s names. After an investigation by the Federal Trade Commission, DoubleClick sold the broker at a loss. In response to the controversy, the nascent online advertising industry formed the Network Advertising Initiative in 2000 to establish ethical codes. The industry promised to provide consumers with notice when their data was being collected, and options to opt out. Most online ad tracking remained essentially anonymous for some time after that. When Google bought DoubleClick in 2007, for instance, the company?s privacy policy stated: ?DoubleClick?s ad-serving technology will be targeted based only on the non-personally-identifiable information.? In 2012, Google changed its privacy policy to allow it to share data about users between different Google services - such as Gmail and search. But it kept data from DoubleClick ? whose tracking technology is enabled on half of the top 1 million websites ? separate. But the era of social networking has ushered in a new wave of identifiable tracking, in which services such as Facebook and Twitter have been able to track logged-in users when they shared an item from another website. Two years ago, Facebook announced that it would track its users by name across the Internet when they visit websites containing Facebook buttons such as ?Share? and ?Like? ? even when users don?t click on the button. (Here?s how you can opt out of the targeted ads generated by that tracking). Offline data brokers also started to merge their mailing lists with online shoppers. ?The marriage of online and offline is the ad targeting of the last 10 years on steroids,? said Scott Howe, chief executive of broker firm Acxiom. To opt-out of Google?s identified tracking, visit the Activity controls on Google?s My Account page, and uncheck the box next to ?Include Chrome browsing history and activity from websites and apps that use Google services." You can also delete past activity from your account. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Oct 22 12:36:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Oct 2016 17:36:25 -0000 Subject: [Infowarrior] - AT&T reaches deal to buy Time Warner for more than $80 billion: Report Message-ID: AT&T reaches deal to buy Time Warner for more than $80 billion: Report JeeYeon Park | @JeeYeonParkCNBC 2 Mins Ago http://www.cnbc.com/2016/10/22/att-reaches-deal-to-buy-time-warner-for-more-than-80-billion-report.html AT&T has reached a deal to acquire Time Warner for more than $80 billion, according to a report from the Wall Street Journal Saturday. CNBC had previously reported that AT&T wanted to buy a media company, including potentially Time Warner, as rivals such as Verizon and Comcast have made moves in the media business, with ownership of properties like AOL and NBCUniversal, respectively. This story is developing. Please check back for further updates. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Oct 22 15:10:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Oct 2016 20:10:11 -0000 Subject: [Infowarrior] - Julian Assange's partisanship will bring down WikiLeaks with him Message-ID: http://thehill.com/blogs/pundits-blog/technology/302252-jullian-assanges-partisanship-brings-down-the-wikileaks-brand# Julian Assange's partisanship will bring down WikiLeaks with him October 21, 2016 - 04:02 PM EDT By David Mussington,contributor 0 Shares It seems that after more than four years of residence in Ecuador?s London Embassy, Julian Assange may finally be out-staying his welcome. Not that he hasn?t had a good run. Coordinating with Edward Snowden to embarrass and undermine U.S. foreign policy has been an impressive achievement, but of late even they have had a falling out over the timing and content of the leaks of information from the Democratic National Committee. So what are we to make of the most recent development ? the decision by the Ecuadorian government to restrict Assange?s Internet access? Citing a desire to ?respect the principle of non-intervention in other countries? affairs,? the Ecuadorians cut Assange?s Internet access in response to the leak of information arguably designed to influence the outcome of the U.S. presidential election. The high profile of these leaks ? and their attribution by the United States to the Russian government ? raises the stakes of Ecuadorian protection for Assange at the very time when that government might desire a change in its relationship with the U.S. once a new administration takes office in early 2017. To a significant extent, Ecuador?s relationship with the U.S. is now hostage to the WikiLeaks founder?s next precipitous outburst. Such a situation can?t be satisfactory to even his most principled ideological allies. Perhaps a wedge opportunity exists that can be exploited by Assange?s many opponents. For the U.S. intelligence community, any potential limitations on Assange and WikiLeaks? ability to leak sensitive U.S. and Western information are a net gain. But a more complete examination of Guccifer 2 (the Russian cyber persona responsible for the DNC hack), and the timing of the leaks shows linkages between WikiLeaks and the Russian government that have long been the subject of speculation. This fact will have much more serious longer term impact on the credibility of WikiLeaks as an independent civil society entity with its focus on a post-partisan free speech and advocacy agenda. Together with Assange?s own legal problems, the image of WikiLeaks as a standard bearer for free speech and anti-corruption is probably at a historically low. Interestingly, the deterioration in WikiLeaks? public image brings forward the prospect of drawing to a close the period during which Edward Snowden?s charges define the terms of the debate on U.S. and Western government surveillance of the world?s secrets. If the leading critic of these activities is increasingly seen as being an instrument of one side, the willingness to tolerate disclosures perceived to embarrass governments and undermine international relationships may diminish. The result could be a paradoxical rebound in public support for agencies perceived to be vital to opposing foreign interference in democratic political processes while reducing the tolerance of civil society critiques of public agencies. For the Obama administration, Ecuador?s decision to restrict Assange?s access to the Internet may represent a small success in prevailing upon a sometimes severe critic of the Western hemisphere to moderate the behavior of its most problematic guest. After all, popular criticism of both major candidates is more vociferous than ever, and the funds expended on advertising in the election are at record levels. At the same time, it is difficult to argue that they haven?t also received detailed (if at times unfair) scrutiny. Broad tolerance of political speech is still a characteristic of the American system with or without an Assange or Snowden. WikiLeaks? continuing existence bears tribute to this fact. Years after Snowden?s revelations, WikiLeaks and similar outlets continue to express their views on surveillance by Western intelligence and police agencies. The public debate on these issues continues, as does widespread mistrust of official statements on oversight of police and intelligence agency practices. WikiLeaks has prospered in this atmosphere of distrust ? continuing to undermine the claims of those who argue for the necessity of striking a different balance among privacy, law enforcement investigative requirements and protection of national security. Some accuse the United States of opposing unflattering speech that subjects its actions to legitimate criticism. This charge of hypocrisy is key to the WikiLeaks brand. Speaking truth to power only works if one is not seen as having bias. This is the Achilles heel revealed by Assange?s overreach. While appealing to his supporters as a determined truth teller, the WikiLeaks brand has begun to erode due to an ostensible ?tag team? attack with the Russian government on an American politician. Mussington is a Senior Fellow at the Center for International Governance Innovation (CIGI) and is also the Director, Center for Public Policy and Private Enterprise, University of Maryland. He is an expert on issues centered around cybersecurity, cyberdefense and cybercrime. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Oct 23 13:16:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Oct 2016 18:16:03 -0000 Subject: [Infowarrior] - This Is the Kind of Idiot That Congress Puts in Charge of Technology Message-ID: <5E82823F-4AED-4E4E-92B1-BF3063547B0C@infowarrior.org> This Is the Kind of Idiot That Congress Puts in Charge of Technology http://gizmodo.com/this-is-the-kind-of-idiot-that-congress-puts-in-charge-1788122640 Congresswoman Marsha Blackburn of Tennessee stopped by Wolf Blitzer?s Situation Room to drop some knowledge about Friday?s massive DDoS attack that affected large swaths of the internet. Blackburn managed to say a lot of techy-sounding things until her time was up. No one walked away feeling smarter. Blackburn sits on the House Subcommittee on Communications and Technology, so it?s not great news to hear the politician bumble through an update about Friday?s disruptive hack. What?s infuriating is listening to Blackburn try to tie this to the failed anti-piracy legislation known as SOPA: < - > http://gizmodo.com/this-is-the-kind-of-idiot-that-congress-puts-in-charge-1788122640 -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 25 07:42:06 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Oct 2016 12:42:06 -0000 Subject: [Infowarrior] - AT&T Is Spying on Americans for Profit, New Documents Reveal Message-ID: <73C90CD2-F7FB-49CF-B71F-7BD98063DA48@infowarrior.org> (No surprise there. -- rick) AT&T Is Spying on Americans for Profit, New Documents Reveal Kenneth Lipp10.25.16 5:13 AM ET http://www.thedailybeast.com/articles/2016/10/25/at-t-is-spying-on-americans-for-profit.html HOLD THE PHONE! The telecom giant is doing NSA-style work for law enforcement?without a warrant?and earning millions of dollars a year from taxpayers. On Nov. 11, 2013, Victorville, California, sheriff?s deputies and a coroner responded to a motorcyclist?s report of human remains outside of town. They identified the partially bleached skull of a child, and later discovered the remains of the McStay family who had been missing for the past three years. Joseph, 40, his wife Summer, 43, Gianni, 4, and Joseph Jr., 3, had been bludgeoned to death and buried in shallow graves in the desert. Investigators long suspected Charles Merritt in the family?s disappearance, interviewing him days after they went missing. Merritt was McStay?s business partner and the last person known to see him alive. Merritt had also borrowed $30,000 from McStay to cover a gambling debt, a mutual business partner told police. None of it was enough to make an arrest. Even after the gravesite was discovered and McStay?s DNA was found inside Merritt?s vehicle, police were far from pinning the quadruple homicide on him. Until they turned to Project Hemisphere. Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why. ?Merritt was in a position to access the cellular telephone tower northeast of the McStay family gravesite on February 6th, 2010, two days after the family disappeared,? an affidavit for his girlfriend?s call records reports Hemisphere finding (PDF). Merritt was arrested almost a year to the date after the McStay family?s remains were discovered, and is awaiting trial for the murders. In 2013, Hemisphere was revealed by The New York Times and described only within a Powerpoint presentation made by the Drug Enforcement Administration. The Times described it as a ?partnership? between AT&T and the U.S. government; the Justice Department said it was an essential, and prudently deployed, counter-narcotics tool. However, AT&T?s own documentation?reported here by The Daily Beast for the first time?shows Hemisphere was used far beyond the war on drugs to include everything from investigations of homicide to Medicaid fraud. Hemisphere isn?t a ?partnership? but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company?s massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public. These new revelations come as the company seeks to acquire Time Warner in the face of vocal opposition saying the deal would be bad for consumers. Donald Trump told supporters over the weekend he would kill the acquisition if he?s elected president; Hillary Clinton has urged regulators to scrutinize the deal. While telecommunications companies are legally obligated to hand over records, AT&T appears to have gone much further to make the enterprise profitable, according to ACLU technology policy analyst Christopher Soghoian. ?Companies have to give this data to law enforcement upon request, if they have it. AT&T doesn?t have to data-mine its database to help police come up with new numbers to investigate,? Soghoian said. AT&T has a unique power to extract information from its metadata because it retains so much of it. The company owns more than three-quarters of U.S. landline switches, and the second largest share of the nation?s wireless infrastructure and cellphone towers, behind Verizon. AT&T retains its cell tower data going back to July 2008, longer than other providers. Verizon holds records for a year and Sprint for 18 months, according to a 2011 retention schedule obtained by The Daily Beast. The disclosure of Hemisphere was not the first time AT&T has been caught working with law enforcement above and beyond what the law requires. Thank You! You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason Special cooperation with the government to conduct surveillance dates back to at least 2003, when AT&T ordered technician Mark Klein to help the National Security Agency install a bug directly into its main San Francisco internet exchange point, Room 641A. The company invented a programming language to mine its own records for surveillance, and in 2007 came under fire for handing these mined records over to the FBI. That same year Hemisphere was born. By 2013, it was deployed to three DEA High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers, according to the Times. Today, Hemisphere is used in at least 28 of these intelligence centers across the country, documents show. The centers are staffed by federal agents as well as local law enforcement; one center is the Los Angeles Regional Criminal Information Clearinghouse, where Merritt?s number was sent for analysis. Analysis is done by AT&T employees on behalf of law enforcement clients through these intelligence centers, but performed at another location in the area. At no point does law enforcement directly access AT&T?s data. A statement of work from 2014 shows how hush-hush AT&T wants to keep Hemisphere. ?The Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence,? it says. But those charged with a crime are entitled to know the evidence against them come trial. Adam Schwartz, staff attorney for activist group Electronic Frontier Foundation, said that means AT&T leaves investigators no choice but to construct a false investigative narrative to hide how they use Hemisphere if they plan to prosecute anyone. Once AT&T provides a lead through Hemisphere, then investigators use routine police work, like getting a court order for a wiretap or following a suspect around, to provide the same evidence for the purpose of prosecution. This is known as ?parallel construction.? ?This document here is striking,? Schwartz told The Daily Beast. ?I?ve seen documents produced by the government regarding Hemisphere, but this is the first time I?ve seen an AT&T document which requires parallel construction in a service to government. It?s very troubling and not the way law enforcement should work in this country.? The federal government reimburses municipalities for the expense of Hemisphere through the same grant program that is blamed for police militarization by paying for military gear like Bearcat vehicles. ?At a minimum there is a very serious question whether they should be doing it without a warrant. A benefit to the parallel construction is they never have to face that crucible. Then the judge, the defendant, the general public, the media, and elected officials never know that AT&T and police across America funded by the White House are using the world?s largest metadata database to surveil people,? Schwartz said. The EFF, American Civil Liberties Union, and Electronic Privacy Information Center have all expressed concern that surveillance using Hemisphere is unconstitutionally invasive, and have sought more information on the program, with little success. The EFF is currently awaiting a judge?s ruling on its Freedom of Information Act suit against the Department of Justice for Hemisphere documentation. AT&T spokesperson Fletcher Cook told The Daily Beast via an email that there is ?no special database,? and that the only additional service AT&T provides for Atlanta?s intelligence center is dedicated personnel to speed up requests. ?Like other communications companies, if a government agency seeks customer call records through a subpoena, court order or other mandatory legal process, we are required by law to provide this non-content information, such as the phone numbers and the date and time of calls,? AT&T?s statement said. AT&T referred The Daily Beast to this statement in response to all further questions about the project and its use. Soghoian said AT&T is being misleading. ?They say they only cooperate with law enforcement as required, and frankly, that?s offensive when they are mining the data of millions of innocent people, and really built a business and services around the needs of law enforcement,? he said. Sheriff and police departments pay from $100,000 to upward of $1 million a year or more for Hemisphere access. Harris County, Texas, home to Houston, made its inaugural payment to AT&T of $77,924 in 2007, according to a contract reviewed by The Daily Beast. Four years later, the county?s Hemisphere bill had increased more than tenfold to $940,000. ?Did you see that movie Field of Dreams?? Soghoian asked. ?It?s like that line, ?if you build it, they will come.? Once a company creates a huge surveillance apparatus like this and provides it to law enforcement, they then have to provide it whenever the government asks. They?ve developed this massive program and of course they?re going to sell it to as many people as possible.? AT&T documents state law enforcement doesn?t need a search warrant to use Hemisphere, just an administrative subpoena, which does not require probable cause. The DEA was granted administrative subpoena power in 1970. The Supreme Court ruled in 1979?s Smith v. Maryland that ?non-content? metadata such as phone records were like an address written on an envelope, and phone customers had no reasonable expectation that it would be kept private. AT&T stores details for every call, text message, Skype chat, or other communication that has passed through its infrastructure, retaining many records dating back to 1987, according to the Times 2013 Hemisphere report. The scope and length of the collection has accumulated trillions of records and is believed to be larger than any phone record database collected by the NSA under the Patriot Act, the Times reported. The database allows its analysts to detect hidden patterns and connections between call detail records, and make highly accurate inferences about the associations and movements of the people Hemisphere is used to surveil. Its database is particularly useful for tracking a subscriber between multiple discarded phone numbers, as when drug dealers use successive prepaid ?burner? phones to evade conventional surveillance. Some Hemisphere operations have regionally appropriate nicknames: Atlanta?s is ?Peach,? while Hawaii?s has been called ?Sunshine.? West Allis, Wisconsin, city council minutes do not name the contract at all, referring to it only as ?services needed for an investigative tool used by each of the HIDTA?s Investigative Support Centers from AT&T Government Solutions.? In 2014 Cameron County, Texas, Judge Carlos Casco ordered a line item in the commission minutes changed from ?Hemisphere Project? to ?database analysis services.? Casco is now the secretary of State of Texas. The Florida attorney general?s Medicaid Fraud Unit received ?Hemisphere Project? training in 2013, according to a report on the unit?s data-mining activities. Florida is one of eight states that is allowed to spend federal money on anti-fraud data mining initiatives. Florida Medicaid fraud investigators use such technology to look for suspicious connections between call detail records such as ?a provider and a beneficiary with the same phone number or address.? A group of shareholders represented by Arjuna Capital are concerned about the effect of negative press on stock value, and filed a proposal in December 2015 to require the company to issue a statement ?clarifying the Company?s policies regarding providing information to law enforcement and intelligence agencies, domestically and internationally, above and beyond what is legally required by court order or other legally mandated process.? AT&T contested the proposal and the matter is now before the Securities and Exchange Commission. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Oct 26 16:00:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2016 21:00:21 -0000 Subject: [Infowarrior] - Debunking the Patriot Act as It Turns 15 Message-ID: https://www.eff.org/deeplinks/2016/10/debunking-patriot-act-it-turns-15 October 26, 2016 | By Kate Tummarello Debunking the Patriot Act as It Turns 15 The Patriot Act turns 15 today, but that?s nothing to celebrate. Since President George W. Bush signed this bill into law on October 26, 2001, the Patriot Act has been ardently defended by its supporters in the intelligence community and harshly criticized by members of Congress, the tech industry, and privacy advocates like us. Despite the debates that have unfolded over the last 15 years, including last year?s reforms through the USA FREEDOM Act, there?s still a lot to learn about this controversial law. Introduced in the wake of the terrorist attacks on September 11, 2001, the Patriot Act opened up new justifications and methods for U.S. surveillance. In recent years, the debate around the law has focused on the sweeping phone records surveillance exposed by former NSA contractor Edward Snowden in 2013, but there are many aspects to the statute and how it came to be that are unfamiliar to many. In honor of the law?s 15th anniversary, here are 15 things you might not know about the Patriot Act. < - > https://www.eff.org/deeplinks/2016/10/debunking-patriot-act-it-turns-15 -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Oct 30 16:02:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Oct 2016 21:02:50 -0000 Subject: [Infowarrior] - OT: OpEd: On Clinton Emails, Did the F.B.I. Director Abuse His Power? Message-ID: On Clinton Emails, Did the F.B.I. Director Abuse His Power? Richard W. Painter http://www.nytimes.com/2016/10/30/opinion/on-clinton-emails-did-the-fbi-director-abuse-his-power.html Richard W. Painter, a professor at the University of Minnesota Law School, was the chief White House ethics lawyer from 2005 to 2007. The F.B.I. is currently investigating the hacking of Americans? computers by foreign governments. Russia is a prime suspect. Imagine a possible connection between a candidate for president in the United States and the Russian computer hacking. Imagine the candidate has business dealings in Russia, and has publicly encouraged the Russians to hack the email of his opponent and her associates. It would not be surprising for the F.B.I. to include this candidate and his campaign staff in its confidential investigation of Russian computer hacking. But it would be highly improper, and an abuse of power, for the F.B.I. to conduct such an investigation in the public eye, particularly on the eve of the election. It would be an abuse of power for the director of the F.B.I., absent compelling circumstances, to notify members of Congress from the party opposing the candidate that the candidate or his associates were under investigation. It would be an abuse of power if F.B.I. agents went so far as to obtain a search warrant and raid the candidate?s office tower, hauling out boxes of documents and computers in front of television cameras. The F.B.I.?s job is to investigate, not to influence the outcome of an election. Such acts could also be prohibited under the Hatch Act, which bars the use of an official position to influence an election. That is why the F.B.I. presumably would keep those aspects of an investigation confidential until after the election. And that is why, on Saturday, I filed a complaint against the F.B.I. with the Office of Special Counsel, which investigates Hatch Act violations, and with the Office of Government Ethics. I have spent much of my career working on government ethics and lawyers? ethics, including two and a half years as the chief White House ethics lawyer for President George W. Bush, and I never thought that the F.B.I. could be dragged into a political circus surrounding one of its investigations. Until this week. (For the sake of full disclosure, in this election I have supported Jeb Bush, Marco Rubio, John Kasich and Hillary Clinton for president, in that order.) On Friday, the director of the F.B.I., James B. Comey, sent to members of Congress a letter updating them on developments in the agency?s investigation of Mrs. Clinton?s emails, an investigation which supposedly was closed months ago. This letter, which was quickly posted on the internet, made highly unusual public statements about an F.B.I. investigation concerning a candidate in the election. The letter was sent in violation of a longstanding Justice Department policy of not discussing specifics about pending investigations with others, including members of Congress. According to some news reports on Saturday, the letter was sent before the F.B.I. had even obtained the search warrant that it needed to look at the newly discovered emails. And it was sent days before the election, at a time when many Americans are already voting. Violations of the Hatch Act and of government ethics rules on misuse of official positions are not permissible in any circumstances, including in the case of an executive branch official acting under pressure from politically motivated members of Congress. Such violations are of even greater concern when the agency is the F.B.I. It is not clear whether Mr. Comey personally wanted to influence the outcome of the election, although his letter ? which cast suspicion on Mrs. Clinton without revealing specifics ? was concerning. Also concerning is the fact that Mr. Comey has already made highly unusual public statements expressing his personal opinion about Mrs. Clinton?s actions, calling her handling of classified information ?extremely careless,? when he announced this summer that the F.B.I. was concluding its investigation of her email without filing any charges. But an official doesn?t need to have a specific intent ? or desire ? to influence an election to be in violation of the Hatch Act or government ethics rules. The rules are violated if it is obvious that the official?s actions could influence the election, there is no other good reason for taking those actions, and the official is acting under pressure from persons who obviously do want to influence the election. Absent extraordinary circumstances that might justify it, a public communication about a pending F.B.I. investigation involving a candidate for public office that is made on the eve of an election is thus very likely to be a violation of the Hatch Act and a misuse of an official position. Serious questions also arise under lawyers? professional conduct rules that require prosecutors to avoid excessive publicity and unnecessary statements that could cause public condemnation even of people who have been accused of a crime, not to mention people like Mrs. Clinton, who have never been charged with a crime. This is no trivial matter. We cannot allow F.B.I. or Justice Department officials to unnecessarily publicize pending investigations concerning candidates of either party while an election is underway. That is an abuse of power. Allowing such a precedent to stand will invite more, and even worse, abuses of power in the future. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Oct 31 14:18:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Oct 2016 19:18:27 -0000 Subject: [Infowarrior] - Apple just told the world it has no idea who the Mac is for Message-ID: Agree completely! --rick Apple just told the world it has no idea who the Mac is for https://medium.com/charged-tech/apple-just-told-the-world-it-has-no-idea-who-the-mac-is-for-722a2438389b#.1iuu3gors -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Oct 31 15:27:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Oct 2016 20:27:22 -0000 Subject: [Infowarrior] - FBI's Comey opposed naming Russians, citing election timing Message-ID: FBI's Comey opposed naming Russians, citing election timing: Source Eamon Javers | @EamonJavers 1 Hour AgoCNBC.com http://www.cnbc.com/2016/10/31/fbis-comey-opposed-naming-russians-citing-election-timing-source.html FBI Director James Comey argued privately that it was too close to Election Day for the United States government to name Russia as meddling in the U.S. election and ultimately ensured that the FBI's name was not on the document that the U.S. government put out, a former FBI official tells CNBC. The official said some government insiders are perplexed as to why Comey would have election timing concerns with the Russian disclosure but not with the Huma Abedin email discovery disclosure he made Friday. In the end, the Department of Homeland Security and The Office of the Director of National Intelligence issued the statement on Oct. 7, saying "The U.S. intelligence community is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations?These thefts and disclosures are intended to interfere with the US election process." An FBI spokesperson declined to comment on Comey's role in the decision making surrounding the Oct. 7 statement. According to the former official, Comey agreed with the conclusion the intelligence community came to: "A foreign power was trying to undermine the election. He believed it to be true, but was against putting it out before the election." Comey's position, this official said, was "if it is said, it shouldn't come from the FBI, which as you'll recall it did not." Comey took a different approach toward releasing information about the discovery of emails on a laptop that was used by former Congressman Anthony Weiner and his estranged wife Huma Abedin, the official said. "By doing a press conference, and personally testifying and giving his opinion about the conduct, he made this about James Comey and his credibility," the official said. "You can see why he did it, from his perspective, once he had had that press conference." The official said FBI investigators can get a "preliminary read" of the newly discovered emails within a couple of days and come to an initial conclusion about whether there is classified material in the files. "The questions is whether they will decide to share that read or not," the official said. "Normally in the FBI we would not, but we're not in normal land anymore." Comey's decision to announce the new investigative steps has come under severe criticism from Democrats, including Hillary Clinton who addressed the issue at a rally Monday. "I'm sure a lot of you may be asking what this new email story is about and why in the world the FBI would decide to jump into an election with no evidence of any wrongdoing with just days to go. That's a good question," Clinton said. "I am sure they will reach the same conclusion they did when they looked at my emails for the last year. There is no case here." The Donald Trump campaign, meanwhile, has praised Comey for continuing to investigate Clinton. "The right thing to do whatever the FBI thinks," said Trump campaign manager Kellyanne Conway on CNBC Monday morning. "It's not for us to say speed it up because of the election or slow it down because of the election." Eamon JaversCNBC Washington Reporter -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Oct 3 09:55:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Oct 2016 14:55:15 -0000 Subject: [Infowarrior] - Australia Collects More Metadata, Intercepts More Calls Than U.S. Message-ID: <4A410428-CBA8-45BE-B481-0B9749B95731@infowarrior.org> Australia Collects More Metadata, Intercepts More Calls Than U.S. UNSW report claims Australia "putting national security interests ahead of privacy". 03/10/2016 6:19 AM AEDT | Updated 18 hours ago ? Josh Butler Associate Editor, HuffPost Australia http://www.huffingtonpost.com.au/2016/10/02/australia-collects-more-metadata-intercepts-more-calls-than-u-s/ Australia is collecting more metadata per capita and issuing more warrants to intercept communications than the U.S, UK and Canada, according to a new report. University of NSW business law lecturer and research fellow Dr Rob Nicholls has collected and analysed publicly available data from the four countries between 2005 and 2015. In presenting his findings to the Australian Political Studies Association Conference on Monday, he claimed Australia is "putting national security interests ahead of privacy concerns", and that the vast majority of metadata access is used for drug crimes, not terrorism or security operations. Metadata is the background technical information around a communication; the time and date of a call, how long it lasted, the IP address of a webpage that an internet user browses to and email addresses, but not a recording of the actual content of the call or website visited (for a more detailed explanation, click here). In 2015, the government passed controversial laws that made it compulsory for telecommunications providers to retain metadata from their users for at least two years. Attorney-General George Brandis famously compared metadata to a letter in the post; "The metadata is the name and address on the envelope, not the content of the letter". "Increasingly, particularly in internet-based communications, the stuff on the envelope can be almost as useful [as the content] from an intelligence perspective," Nicholls told The Huffington Post Australia. Data retention is catching more drug dealers Much of the government's arguments and case for instituting the laws centered on the potential for such data, if available to law enforcement, to thwart terrorist attacks. However, Nicholls said those cases were in the minority of the uses of metadata. "It's major crime that dominates, and drugs crime. What we find is, for [telecommunications] interceptions, terrorism is at the most something in the order of three or four percent of warrants. Drug crime is 60 percent, that's common in all jurisdictions," he said. "If you just outlined that to the Australian people, they would say that response to drug crime is a credible and reasonable, proportionate response. Linking [data retention] to terrorism and national security is playing to a fear that shouldn't be played to." In 2013-14, there were 314,587 authorisations "made by a Law Enforcement Agency for access to existing information or documents in the enforcement of a criminal law" in Australia, according to a report published on the Attorney-General department's website. Nicholls said this compared to the UK with 570,135 authorisations, only 1.8 times the amount of authorisations in Australia, despite the fact the UK has 2.8 times the population of Australia. In a statement to HuffPost Australia, the Attorney-General's department defended Australia's data retention scheme and the circumstances in which the information is used. "Metadata is a critical tool for our law enforcement and security agencies in their fight against terrorism, espionage, organised and major crime, and child abuse and child exploitation," the department said in the statement. "Telecommunications companies have always retained metadata and law enforcement agencies have been permitted access to these records for decades. The Government's data retention legislation introduced in October 2015 simply standardised the type of data telecommunications companies are required to retain and the length of time they need to keep it. The legislation also introduced a number of safeguards and reduced the number of agencies accessing metadata from over 80 to 21." "Australia, Canada, the UK and the U.S. have very different regimes around metadata access and retention, making it difficult to draw meaningful comparisons between these jurisdictions." Nicholls also collected information about interception warrants. The same Attorney-General's report outlines that "interception warrants can only be obtained to investigate serious offences" generally carrying a penalty of at least seven years' jail (including murder, kidnapping, serious drug offences, terrorism child pornography and organised crime), and that "interception warrants are highly privacy intrusive and are only sought when operationally necessary". Nevertheless, in every year between 2005 and 2014, Nicholls says Australia issued more interception warrants than the U.S, UK and Canada. Not just on a per capita basis of population, but in real terms; for example, in 2013, Australia issued 4,232 warrants, while the UK issued 2,760 and the U.S. issued 3,576. In 2015, the only year surveyed where Australia did not lead the tally of interception warrants, the U.S. issued 4,148 while Australia had 3,926. In 2014-15, of the 4,127 interception warrants in Australia, 1,901 were in relation to serious drug offences; 420 for murder; 53 for kidnapping; 165 for fraud; and 121 for terrorism offences. The Attorney-General's report claimed that led to "3,100 arrests, 4,686 prosecutions and 1,912 convictions based on lawfully intercepted material". Nicholls said the different countries had different laws around the use of interceptions, which may account for some of the disparity in statistics, but said the numbers were stark. "I wouldn't want to say it means anything other than law enforcement agencies are enthusiastic about the use of these powers," he admitted. "I don't think we've found a good balance... it's not proportionate." To examine the numbers yourself, see the Australia data here, the U.S. data here, the UK data here and the Canada data here. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 4 08:47:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Oct 2016 13:47:11 -0000 Subject: [Infowarrior] - Wikileaks trolls Trump supporters Message-ID: <52E45862-19B1-4FDF-8C9F-09C525E8F751@infowarrior.org> Trump backers realize they?ve been played as WikiLeaks fails to deliver October surprise https://www.washingtonpost.com/news/worldviews/wp/2016/10/04/trump-backers-feel-played-as-wikileaks-fails-to-come-through-on-october-surprise/ LONDON ? The expectations were breathless. For weeks, backers of Republican nominee Donald Trump have hyped the tantalizing possibility that the anti-secrecy organization WikiLeaks was on the verge of publishing a set of documents that would doom Hillary Clinton?s chances in November. ?@HillaryClinton is done,? longtime Trump associate Roger Stone tweeted Saturday. ?#Wikileaks.? The group?s founder, Julian Assange, did nothing to dampen the enthusiasm, suggesting to Fox News hosts that his scoops could upend the race with documents ?associated with the election campaign, some quite unexpected angles, some quite interesting.? The announcement by WikiLeaks that it would host a major news conference Tuesday only seemed to confirm that the bombshell was ready to burst. The pro-Trump, anti-Clinton media world rippled with fevered speculation. But if an October surprise about the Democratic nominee really is coming, it will have to wait a little longer. Over the course of two hours Tuesday ? with the world?s media and bleary-eyed Trump die-hards across the United States tuning in ? Assange and other WikiLeaks officials railed against ?neo-McCarthyist hysteria,? blasted the mainstream press, appealed for donations and plugged their books (?40 percent off!?). But what they didn?t do was provide any new information about Clinton ? or about anything else, really. The much-vaunted news conference, as it turned out, was little more than an extended infomercial for WikiLeaks on the occasion of the 10th anniversary of its founding. Assange, whose group released a trove of hacked Democratic National Committee documents on the eve of the party?s convention this summer, breezily dismissed the idea that anyone should have expected any news at his news conference. ?If we are going to make a major publication about the U.S., we wouldn't do it at 3 a.m.," Assange said at one point, referring to the Eastern daylight start time for the event. That didn?t go over well with Trump backers who had stayed up through the night, thinking they?d be watching live the unveiling of the death blow to the Clinton campaign. Assange, as it turns out, had taken a page from Trump?s own playbook by drawing an audience with a tease, only to leave those tuning in feeling that they?d been tricked. Infowars, the pro-Trump and virulently anti-Clinton media vehicle launched by Texas radio host Alex Jones, had touted the WikiLeaks news conference as ?historic? and promised that ?the Clintons will be devastated.? Before Assange took the stage, Jones ? who broadcast through the wee hours of the American morning ? told viewers and listeners he was so excited he was worried his heart couldn't stand it. But by the end, Jones realized he?d been played ? or in his words, ?#wikirolled.? He wasn?t the only one. Sleep-deprived Trump backers and Hillary-haters all across the country took to Twitter to convey their displeasure. But perhaps those waiting for an October surprise shouldn?t lose all hope just yet. Or at least, that was the message from Assange, who spoke via video link from the Ecuadoran embassy in London, where he?s been holed up for the past four years as Swedish authorities seek his extradition on sexual assault charges. He promised to reveal documents every week for the next 10. He said some will have a direct bearing on the U.S. election. ?We think they?re significant,? he coyly informed his worldwide audience. But what will they reveal? And when will they come? Assange wouldn?t say. Karla Adam contributed to this report from London. R -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 4 09:21:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Oct 2016 14:21:12 -0000 Subject: [Infowarrior] - Signal messaging app turns over minimal data in first subpoena Message-ID: <56F51F7E-1412-476E-ADCF-55EFBBCFAF49@infowarrior.org> Tue Oct 4, 2016 | 10:03am EDT Signal messaging app turns over minimal data in first subpoena By Joseph Menn | SAN FRANCISCO http://www.reuters.com/article/us-usa-cyber-signal-idUSKCN1241JM?il=0 Open Whisper Systems, the developer of encrypted messaging app Signal, received a subpoena earlier this year requesting user information but was only able to supply the duration of a user's membership, according to court documents unsealed last week. An assistant attorney in the U.S. state of Virginia requested email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, the redacted documents showed. The request was made in the first half of this year, the documents showed. Citing its encryption technology, which is also used in other messaging services such as Facebook Inc's Whatsapp, Open Whisper Systems said it was only able to supply the registration date and the last date one of the numbers was used. The company had no information about the other number, according to the documents. "We've designed Signal so it minimizes the amount of data we retain on users, and we don't really have anything to respond with in situations like this," Open Whisper Systems security expert Moxie Marlinspike told Reuters. The subpoena was the first the company has received, he said. More than 2 billion people use a form of Signal's code, though companies licensed to use the code keep related information about users, Marlinspike said. (Reporting by Joseph Menn; Editing by Christopher Cushing) -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Oct 4 14:43:56 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Oct 2016 19:43:56 -0000 Subject: [Infowarrior] - Yahoo secretly scanned customer emails for U.S. intelligence Message-ID: <2E14085D-6BFB-4906-985D-DE48FECB69D2@infowarrior.org> Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources By Joseph Menn | SAN FRANCISCO http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events. Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time. It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified. Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request. According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc."Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment. Through a Facebook spokesman, Stamos declined a request for an interview. The NSA referred questions to the Office of the Director of National Intelligence, which declined to comment. The demand to search Yahoo Mail accounts came in the form of a classified directive sent to the company's legal team, according to the three people familiar with the matter. U.S. phone and Internet companies are known to have handed over bulk customer data to intelligence agencies. But some former government officials and private surveillance experts said they had not previously seen either such a broad directive for real-time Web collection or one that required the creation of a new computer program. "I've never seen that, a wiretap in real time on a 'selector,'" said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information. "It would be really difficult for a provider to do that," he added. Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target. The NSA usually makes requests for domestic surveillance through the FBI, so it is hard to know which agency is seeking the information. Reuters was unable to confirm whether the 2015 demand went to other companies, or if any complied. Alphabet Inc's Google and Microsoft Corp, two major U.S. email service providers, did not respond to requests for comment CHALLENGING THE NSA Under laws including the 2008 amendments to the Foreign Intelligence Surveillance Act, intelligence agencies can ask U.S. phone and Internet companies to provide customer data to aid foreign intelligence-gathering efforts for a variety of reasons, including prevention of terrorist attacks. Disclosures by former NSA contractor Edward Snowden and others have exposed the extent of electronic surveillance and led U.S. authorities to modestly scale back some of the programs, in part to protect privacy rights. Companies including Yahoo have challenged some classified surveillance before the Foreign Intelligence Surveillance Court, a secret tribunal. Some FISA experts said Yahoo could have tried to fight last year's directive on at least two grounds: the breadth of the demand and the necessity of writing a special program to search all customers' emails in transit. Apple Inc made a similar argument earlier this year when it refused to create a special program to break into an encrypted iPhone used in the 2015 San Bernardino massacre. The FBI dropped the case after it unlocked the phone with the help of a third party, so no precedent was set. Other FISA experts defended Yahoo's decision to comply, saying nothing prohibited the surveillance court from ordering a search for a specific term instead of a specific account. So-called "upstream" bulk collection from phone carriers based on content was found to be legal, they said, and the same logic could apply to Web companies' mail. As tech companies become better at encrypting data, they are likely to face more such requests from spy agencies. Former NSA General Counsel Stewart Baker said email providers "have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies." SECRET SIPHONING PROGRAM Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter. Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo's challenge was unsuccessful. Some Yahoo employees were upset about the decision not to contest the more recent directive and thought the company could have prevailed, the sources said. They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company's security team in the process, instead asking Yahoo's email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources. The sources said the program was discovered by Yahoo's security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in. When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users' security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails. Stamos's announcement in June 2015 that he had joined Facebook did not mention any problems with Yahoo. (bit.ly/2dL003k) In a separate incident, Yahoo last month said "state-sponsored" hackers had gained access to 500 million customer accounts in 2014. The revelations have brought new scrutiny to Yahoo's security practices as the company tries to complete a deal to sell its core business to Verizon Communications Inc for $4.8 billion. (Reporting by Joseph Menn; Editing by Jonathan Weber and Tiffany Wu) -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 7 07:23:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Oct 2016 12:23:48 -0000 Subject: [Infowarrior] - Prominent Pro-Patent Judge Issues Opinion Declaring All Software Patents Bad Message-ID: <84E9F475-47C7-4CDC-8E54-8AF01CF5F707@infowarrior.org> Prominent Pro-Patent Judge Issues Opinion Declaring All Software Patents Bad from the and-over-an-intellectual-ventures-lawsuit dept Well here's an unexpected surprise. A lawsuit brought by the world's largest patent troll, Intellectual Ventures, and handled on appeal (as are all patent cases), by the notoriously awful Court of Appeals for the Federal Circuit (CAFC) may have actually killed off software patents. Really. Notably, the Supreme Court deserves a big assist here, for a series of rulings on patent-eligible subject matter, culminating in the Alice ruling. At the time, we noted that you could read the ruling to kill off software patents, even as the Supreme Court insisted that it did not. In short, the Supreme Court said that any patent that "does no more than require a generic computer to perform generic computer functions" is not patent eligible. But then it insisted that there was plenty of software that this wouldn't apply to. But it's actually pretty difficult to think of any examples -- which is why we were pretty sure at the time that Alice should represent the end for software patents, but bemoaned the Supreme Court not directly saying so, noting it would lead to lots of litigation. Still, the impact has been pretty widespread, with the Alice ruling being used both by the courts and the US Patent Office to reject lots and lots of software and business method patent claims. But this latest ruling, from the very court that upended things nearly two decades ago in declaring software much more broadly patentable than anyone believed, may now be the nail in the coffin on software patents in the US. The headline, of course, is that the patents that Intellectual Ventures used against anti-virus firms Symantec and Trend Micro, were bunk, because they did not cover patent eligible subject matter. But the part that has everyone chattering is the concurring opinion by Judge Haldane Mayer, that says it's time to face facts: Alice killed software patents. And Mayer is not some newcomer. He's been at the Federal Circuit since the 1980s and was actually the chief judge in the late 90s/early 2000s when CAFC was at its worst in terms of expanding patent law. And it appears he's been born again into the anti-software patent world. It's... quite a conversion. < - > https://www.techdirt.com/articles/20161005/15280135720/prominent-pro-patent-judge-issues-opinion-declaring-all-software-patents-bad.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 7 07:39:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Oct 2016 12:39:07 -0000 Subject: [Infowarrior] - =?utf-8?q?NYC_To_Test_Facial_Recognition_Cameras_?= =?utf-8?b?QXQg4oCYQ3Jvc3NpbmcgUG9pbnRz4oCZ?= Message-ID: NY To Test Facial Recognition Cameras At ?Crossing Points? By Kevin Collier http://www.vocativ.com/365430/ny-facial-recognition-cameras-bridges-tunnels/ New York will soon test facial recognition technology around Manhattan. In a 35-minute speech detailing a landmark $100 billion investment into state infrastructure, largely focused on New York City and Long Island, Governor Andrew Cuomo made a number of promises that would thrill New Yorkers, like the promise of a renovated Penn Station, called Penn-Farley, a direct train from there to LaGuardia Airport, and the completion of the long-awaited Second Avenue Line. Oh, and facial recognition cameras around the city, he said: ?At each crossing, and at structurally sensitive points on bridges and tunnels, advanced cameras and sensors will be installed to read license plates and test emerging facial recognition software and equipment.? ?We?re going to be using this in Penn-Farley and we also want to be testing it in bridges and crossings system,? he added. The Governor devoted substantially more time during this speech to promises that New York City?s bridges and tunnels would be outfitted with LED lights. His office even released a separate video touting them, backed by the Jay Z and Alicia Keys hit song ?Empire State of Mind.? On the matter of facial recognition cameras, Cuomo was shy on details. It?s unclear how many cameras will be deployed, which agencies will have access to them, what defines a crossing, how citizens? photos will be stored, and what photo databases will be used to compare against the faces of the millions of people who drive into the city. A spokesperson for the Governor?s office said had trouble locating anyone who could speak about those issues since Vocativ began asking Wednesday. ?It?s troubling that we?re one step closer to the world of ?Minority Report? without any discussion of the serious privacy concerns that are implicated by this plan,? Mariko Hirose, a senior staff attorney at the New York Civil Liberties Union, told Vocativ. Facial recognition technology is used sporadically among law enforcement agencies in the U.S. The FBI has what is believed to be the largest such database in the country, though other agencies, like some fusion centers ? Department of Homeland Security initiatives to partner multiple law enforcement agencies together to share information ? are known to possess facial recognition software to compare images of suspects with, for example, mugshot databases. Law enforcement data retention laws vary state by state. New York has no maximum amount of time that police can hold onto, for example, camera or license plate reader data. In his speech, Cuomo referenced the cameras as necessary for New York to adapt to 21st century security threats. ?In this age of terrorist activity and lone wolves, if you look at points of vulnerability you?ll go to our tunnels and to our bridges. So really they have to be reimagined for a new reality,? he said. Hirose cautioned against casual implementation of such cameras. ?I think the addition of facial recognition technology that they?re testing is deeply troubling,? she said. ?There?s also a sense of a creeping surveillance apparatus. It all starts with one or two cameras or license plate readers, and it continues to expand.? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Oct 7 07:41:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Oct 2016 12:41:11 -0000 Subject: [Infowarrior] - =?utf-8?q?The_FBI_Wants_To_Crack_Another_Dead_Ter?= =?utf-8?q?rorist=E2=80=99s_Locked_iPhone?= Message-ID: The FBI Wants To Crack Another Dead Terrorist?s Locked iPhone ? Andy Greenberg Security ? Date of Publication: 10.06.16. 10.06.16 ? Time of Publication: 11:49 pm. 11:49 pm https://www.wired.com/2016/10/fbi-wants-crack-another-dead-terrorists-locked-iphone/ When the FBI asked a court to force Apple to help crack the encrypted iPhone 5c of San Bernardino shooter Rizwan Farook in February, Bureau director James Comey assured the public that his agency?s intrusive demand was about one terrorist?s phone, not repeated access to iPhone owners? secrets. But now eight months have passed, and the FBI has in its hands another locked iPhone that once belonged to another dead terrorist. Which means they may have laid the groundwork for another legal showdown with Apple. At a press conference in St. Cloud, Minnesota today, FBI special agent Rich Thorton said that the FBI has obtained the iPhone of Dahir Adan, who stabbed 10 people in a Minnesota mall before a police officer shot and killed him. (The fundamentalist militant organization ISIS claimed credit for the attack via social media.) As in Farook?s case, the attacker?s phone is locked with a passcode. And Thorton said the FBI is still trying to figure out how to gain access to the phone?s contents. ?Dahir Adan?s iPhone is locked,? Thornton told reporters, ?We are in the process of assessing our legal and technical options to gain access to this device and the data it may contain.? Thornton didn?t say in the press conference what model iPhone Adan owned or what operating system the device ran. Both are key factors in whether the FBI will be able to get past its security measures. That?s because beginning with iOS 8 in 2014, iPhones and iPads have been encrypted such that not even Apple can decrypt the device?s contents, even when police or FBI serve a warrant to the company demanding its help. After the San Bernardino shootings last spring, that new software security feature led the FBI earlier this year to demand that Apple write a new version of its operating system designed to help law enforcement ?brute force? the iPhone 5c PIN code of Rizwan Farook. The software it asked Apple to create would allow investigators to repeatedly try different PIN codes without triggering the lockout mechanism that prevents further guessing after ten tries. Apple refused, and the FBI filed a lawsuit. The FBI didn?t respond to WIRED?s email or phone calls about the second locked iPhone, and Apple declined to comment as to whether the FBI had asked for its assistance in accessing the device. < - > -- It's better to burn out than fade away.