From rforno at infowarrior.org Sat Jul 1 10:32:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Jul 2006 10:32:37 -0400 Subject: [Infowarrior] - NYT/LAT Editors' OpEd: When Do We Publish a Secret? In-Reply-To: Message-ID: July 1, 2006 Op-Ed Contributors When Do We Publish a Secret? By DEAN BAQUET, editor, The Los Angeles Times, and BILL KELLER, executive editor, The New York Times http://www.nytimes.com/2006/07/01/opinion/01keller.html?_r=1&oref=slogin&pag ewanted=print SINCE Sept. 11, 2001, newspaper editors have faced excruciating choices in covering the government's efforts to protect the country from terrorist agents. Each of us has, on a number of occasions, withheld information because we were convinced that publishing it could put lives at risk. On other occasions, each of us has decided to publish classified information over strong objections from our government. Last week our newspapers disclosed a secret Bush administration program to monitor international banking transactions. We did so after appeals from senior administration officials to hold the story. Our reports ? like earlier press disclosures of secret measures to combat terrorism ? revived an emotional national debate, featuring angry calls of "treason" and proposals that journalists be jailed along with much genuine concern and confusion about the role of the press in times like these. We are rivals. Our newspapers compete on a hundred fronts every day. We apply the principles of journalism individually as editors of independent newspapers. We agree, however, on some basics about the immense responsibility the press has been given by the inventors of the country. Make no mistake, journalists have a large and personal stake in the country's security. We live and work in cities that have been tragically marked as terrorist targets. Reporters and photographers from both our papers braved the collapsing towers to convey the horror to the world. We have correspondents today alongside troops on the front lines in Iraq and Afghanistan. Others risk their lives in a quest to understand the terrorist threat; Daniel Pearl of The Wall Street Journal was murdered on such a mission. We, and the people who work for us, are not neutral in the struggle against terrorism. But the virulent hatred espoused by terrorists, judging by their literature, is directed not just against our people and our buildings. It is also aimed at our values, at our freedoms and at our faith in the self-government of an informed electorate. If the freedom of the press makes some Americans uneasy, it is anathema to the ideologists of terror. Thirty-five years ago yesterday, in the Supreme Court ruling that stopped the government from suppressing the secret Vietnam War history called the Pentagon Papers, Justice Hugo Black wrote: "The government's power to censor the press was abolished so that the press would remain forever free to censure the government. The press was protected so that it could bare the secrets of the government and inform the people." As that sliver of judicial history reminds us, the conflict between the government's passion for secrecy and the press's drive to reveal is not of recent origin. This did not begin with the Bush administration, although the polarization of the electorate and the daunting challenge of terrorism have made the tension between press and government as clamorous as at any time since Justice Black wrote. Our job, especially in times like these, is to bring our readers information that will enable them to judge how well their elected leaders are fighting on their behalf, and at what price. In recent years our papers have brought you a great deal of information the White House never intended for you to know ? classified secrets about the questionable intelligence that led the country to war in Iraq, about the abuse of prisoners in Iraq and Afghanistan, about the transfer of suspects to countries that are not squeamish about using torture, about eavesdropping without warrants. As Robert G. Kaiser, associate editor of The Washington Post, asked recently in the pages of that newspaper: "You may have been shocked by these revelations, or not at all disturbed by them, but would you have preferred not to know them at all? If a war is being waged in America's name, shouldn't Americans understand how it is being waged?" Government officials, understandably, want it both ways. They want us to protect their secrets, and they want us to trumpet their successes. A few days ago, Treasury Secretary John Snow said he was scandalized by our decision to report on the bank-monitoring program. But in September 2003 the same Secretary Snow invited a group of reporters from our papers, The Wall Street Journal and others to travel with him and his aides on a military aircraft for a six-day tour to show off the department's efforts to track terrorist financing. The secretary's team discussed many sensitive details of their monitoring efforts, hoping they would appear in print and demonstrate the administration's relentlessness against the terrorist threat. How do we, as editors, reconcile the obligation to inform with the instinct to protect? Sometimes the judgments are easy. Our reporters in Iraq and Afghanistan, for example, take great care not to divulge operational intelligence in their news reports, knowing that in this wired age it could be seen and used by insurgents. Often the judgments are painfully hard. In those cases, we cool our competitive jets and begin an intensive deliberative process. The process begins with reporting. Sensitive stories do not fall into our hands. They may begin with a tip from a source who has a grievance or a guilty conscience, but those tips are just the beginning of long, painstaking work. Reporters operate without security clearances, without subpoena powers, without spy technology. They work, rather, with sources who may be scared, who may know only part of the story, who may have their own agendas that need to be discovered and taken into account. We double-check and triple-check. We seek out sources with different points of view. We challenge our sources when contradictory information emerges. Then we listen. No article on a classified program gets published until the responsible officials have been given a fair opportunity to comment. And if they want to argue that publication represents a danger to national security, we put things on hold and give them a respectful hearing. Often, we agree to participate in off-the-record conversations with officials, so they can make their case without fear of spilling more secrets onto our front pages. Finally, we weigh the merits of publishing against the risks of publishing. There is no magic formula, no neat metric for either the public's interest or the dangers of publishing sensitive information. We make our best judgment. When we come down in favor of publishing, of course, everyone hears about it. Few people are aware when we decide to hold an article. But each of us, in the past few years, has had the experience of withholding or delaying articles when the administration convinced us that the risk of publication outweighed the benefits. Probably the most discussed instance was The New York Times's decision to hold its article on telephone eavesdropping for more than a year, until editors felt that further reporting had whittled away the administration's case for secrecy. But there are other examples. The New York Times has held articles that, if published, might have jeopardized efforts to protect vulnerable stockpiles of nuclear material, and articles about highly sensitive counterterrorism initiatives that are still in operation. In April, The Los Angeles Times withheld information about American espionage and surveillance activities in Afghanistan discovered on computer drives purchased by reporters in an Afghan bazaar. It is not always a matter of publishing an article or killing it. Sometimes we deal with the security concerns by editing out gratuitous detail that lends little to public understanding but might be useful to the targets of surveillance. The Washington Post, at the administration's request, agreed not to name the specific countries that had secret Central Intelligence Agency prisons, deeming that information not essential for American readers. The New York Times, in its article on National Security Agency eavesdropping, left out some technical details. Even the banking articles, which the president and vice president have condemned, did not dwell on the operational or technical aspects of the program, but on its sweep, the questions about its legal basis and the issues of oversight. We understand that honorable people may disagree with any of these choices ? to publish or not to publish. But making those decisions is the responsibility that falls to editors, a corollary to the great gift of our independence. It is not a responsibility we take lightly. And it is not one we can surrender to the government. ? DEAN BAQUET, editor, The Los Angeles Times, and BILL KELLER, executive editor, The New York Times From rforno at infowarrior.org Sun Jul 2 10:22:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Jul 2006 10:22:02 -0400 Subject: [Infowarrior] - Microsoft denies WGA kill switch in Windows XP Message-ID: Microsoft denies WGA kill switch in Windows XP Eric Lai http://www.computerworld.com/action/article.do?command=viewArticleBasic&tax onomyName=software&articleId=9001559&taxonomyId=18 June 30, 2006 (Computerworld) Microsoft Corp. today denied speculation that it plans to cripple copies of Windows XP for users who refuse to install its controversial antipiracy tool, Windows Genuine Advantage (WGA). But the software company confirmed that for its upcoming Windows Vista operating system, companies will be required to activate their software differently than they do today in order to prevent the leakage of volume licenses that are the source of most Windows piracy. A ZDNet.com blogger reported earlier in the week on a conversation between a Windows user and a Microsoft support staffer, who allegedly admitted that users who refused to install the WGA update would be given 30 days before their copies of Windows would stop working. ZDNet.com said that Microsoft refused to deny the report at the time. But later, Microsoft appeared to sing a different tune. ?No, Microsoft antipiracy technologies cannot and will not turn off your computer,? said a spokeswoman with Waggener Edstrom, Microsoft?s public relations firm. ?The game is changing for counterfeiters. In Windows Vista, we are making it notably harder and less appealing to use counterfeit software, and we will work to make that a consistent experience with older versions of Windows as well.? Microsoft last fall began testing WGA as a way of trying to find pirated copies of Windows. In mid-June, it announced that users would need to download and pass WGA to be eligible to download the latest versions of add-on software such as Internet Explorer 7 and Windows Media Player 11. Users would still be able get the latest security updates, though. Companies that buy Windows XP through large package deals are exempt from having to install WGA. Since then, Microsoft has taken considerable heat from consumers and the media, who have likened WGA to spyware that has sometimes inaccurately labeled legal copies of Windows as pirated. Through its spokeswoman, Microsoft said that ?80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys.? Still, WGA has been so controversial that it led a French programmer to develop a tool to delete WGA and a Windows customer in Los Angeles to file a class-action lawsuit. Microsoft has tried to appease customers by releasing a new version of WGA that checks users? computers only once a month, rather than every day. The lawsuit, filed this week in U.S. District Court in Seattle, alleges that WGA violates antispyware laws by not fully disclosing itself when it was delivered to Windows users through Auto-Update. The suit is headed by the same lawyer who also led the class-action lawsuit earlier this year against Sony Corp. for not disclosing that it had placed copy-protection rootkit software on customers? PCs via music CDs it sold. The rootkits disabled users' protections against viruses and spyware. Sony later settled the lawsuit. Microsoft called the lawsuit ?baseless.? It said WGA is a necessary part of its campaign to catch those illegally using Windows XP, especially those using volume license keys issued to corporations. Volume licenses have long been Microsoft?s Achilles heel. Corporations are generally issued a single volume license key -- a text string of alphanumeric characters -- which is used to activate hundreds or thousands of copies of Windows at a time. Those strings can be copied or stolen and have been passed around on the Internet. To thwart the practice, corporations that upgrade to Windows Vista along with Longhorn Server will be required to run a small application called a Key Management Service. According to Microsoft and analysts, the service will track how many copies of the software the companies have paid for and how many they have installed. When asked if companies that have installed more copies of Vista than they have purchased will find those copies de-activated, Microsoft said through its spokeswoman that companies ?should think of it more like an application that tracks and protects their use of their Volume License keys and installations.? Paul DeGroot, an analyst at Kirkland, Wash.-based Directions On Microsoft, said that while most consumers may find this sort of tracking by Microsoft intrusive, many corporations may actually welcome it. ?Most corporations have no interest with getting away with anything at Microsoft?s expense,? he said. Indeed, corporations, especially those that have merged with another company or undergone a restructuring, often have a hard time keeping track of all the software they own. Most will ?overbuy licenses because it?s cheaper to do that then to designate staff people to actively manage them.? Microsoft said the Key Management Service will include administrative tools to help companies manage licenses. ?Microsoft isn?t tracking the numbers of copies installed; the key management services are internal to the organization,? the spokeswoman said. ?We will be rolling out Vista deployment guidebooks and information for customers and channel partners later this summer. As for consumer users of Vista, DeGroot said there is a good chance they will encounter WGA, or something like it. The Microsoft spokeswoman added, ?We don?t have specific details to share on individual features of WGA in Windows Vista at this time, but WGA will continue to be a part of Microsoft?s Genuine Software Initiative.? From rforno at infowarrior.org Sun Jul 2 10:24:36 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Jul 2006 10:24:36 -0400 Subject: [Infowarrior] - NSA Sought U.S. Call Records Before 9/11, Lawyers Say Message-ID: Spy Agency Sought U.S. Call Records Before 9/11, Lawyers Say http://www.bloomberg.com/apps/news?pid=20601087&sid=abIV0cO64zJE&refer=# June 30 (Bloomberg) -- The U.S. National Security Agency asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks, lawyers claimed June 23 in court papers filed in New York federal court. The allegation is part of a court filing adding AT&T, the nation's largest telephone company, as a defendant in a breach of privacy case filed earlier this month on behalf of Verizon Communications Inc. and BellSouth Corp. customers. The suit alleges that the three carriers, the NSA and President George W. Bush violated the Telecommunications Act of 1934 and the U.S. Constitution, and seeks money damages. ``The Bush Administration asserted this became necessary after 9/11,'' plaintiff's lawyer Carl Mayer said in a telephone interview. ``This undermines that assertion.'' The lawsuit is related to an alleged NSA program to record and store data on calls placed by subscribers. More than 30 suits have been filed over claims that the carriers, the three biggest U.S. telephone companies, violated the privacy rights of their customers by cooperating with the NSA in an effort to track alleged terrorists. ``The U.S. Department of Justice has stated that AT&T may neither confirm nor deny AT&T's participation in the alleged NSA program because doing so would cause `exceptionally grave harm to national security' and would violate both civil and criminal statutes,'' AT&T spokesman Dave Pacholczyk said in an e-mail. U.S. Department of Justice spokesman Charles Miller and NSA spokesman Don Weber declined to comment. Pioneer Groundbreaker The NSA initiative, code-named ``Pioneer Groundbreaker,'' asked AT&T unit AT&T Solutions to build exclusively for NSA use a network operations center which duplicated AT&T's Bedminster, New Jersey facility, the court papers claimed. That plan was abandoned in favor of the NSA acquiring the monitoring technology itself, plaintiffs' lawyers Bruce Afran said. The NSA says on its Web site that in June 2000, the agency was seeking bids for a project to ``modernize and improve its information technology infrastructure.'' The plan, which included the privatization of its ``non-mission related'' systems support, was said to be part of Project Groundbreaker. Mayer said the Pioneer project is ``a different component'' of that initiative. Mayer and Afran said an unnamed former employee of the AT&T unit provided them with evidence that the NSA approached the carrier with the proposed plan. Afran said he has seen the worker's log book and independently confirmed the source's participation in the project. He declined to identify the employee. Stop Suit On June 9, U.S. District Court Judge P. Kevin Castel in New York stopped the lawsuit from moving forward while the Federal Judicial Panel on Multidistrict Litigation in Washington rules on a U.S. request to assign all related telephone records lawsuits to a single judge. Robert Varettoni, a spokesman for Verizon, said he was unaware of the allegations against AT&T and declined to comment. Earlier this week, he issued a statement on behalf of the company that Verizon had not been asked by the NSA to provide customer phone records from either its hard-wired or wireless networks. Verizon also said that it couldn't confirm or deny ``whether it has any relationship to the classified NSA program.'' Mayer's lawsuit was filed following a May 11 USA Today report that the U.S. government was using the NSA to monitor domestic telephone calls. Earlier today, USA Today said it couldn't confirm its contention that BellSouth or Verizon had contracts with the NSA to provide a database of domestic customer phone call records. Jeff Battcher, a spokesman for Atlanta-based BellSouth, said that vindicated the company. ``We never turned over any records to the NSA,'' he said in a telephone interview. ``We've been clear all along that they've never contacted us. Nobody in our company has ever had any contact with the NSA.'' The case is McMurray v. Verizon Communications Inc., 06cv3650, in the Southern District of New York. To contact the reporter on this story: Andrew Harris in Chicago at aharris16 at bloomberg.net From rforno at infowarrior.org Sun Jul 2 10:26:33 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Jul 2006 10:26:33 -0400 Subject: [Infowarrior] - California uses Fed Homeland Security money to track protesters In-Reply-To: Message-ID: (c/o D) California is now getting into the Homeland Security business, with: 1. security contractors tracking protesters (anti-war, animal rights activists, etc.) 2. creating new and special security clearances for select legislators 3. leaks 4. lying by the executive 4. apologies from the executive (for getting caught?) July 1: California State tracked protesters in name of terrorism security by Peter Nicholas http://www.latimes.com/news/printedition/la-me-security1jul01,0,5271977.stor y?coll=la-editions-inland-news July 2: Governor to release records of Calif spying on protesters by Peter Nicholas http://www.latimes.com/news/local/la-me-security2jul02,1,5940914.story?coll= la-headlines-california&ctrack=1&cset=true State Tracked Protesters in the Name of Security Officials say they have stopped monitoring antiwar and political rallies. The practice violates civil rights, Atty. Gen. Lockyer says. By Peter Nicholas, Times Staff Writer July 1, 2006 SACRAMENTO - Gov. Arnold Schwarzenegger's office in charge of protecting California against terrorism has tracked demonstrations staged by political and antiwar groups, a practice that senior law enforcement officials say is an abuse of civil liberties. The Times obtained reports prepared for the state Office of Homeland Security in recent months that contain details on the whereabouts and purpose of a number of political demonstrations throughout California. The source of the information is listed in some cases as federal law enforcement agencies, including the Immigration and Customs Enforcement agency, an investigative arm of the U.S. Homeland Security department. Political activities cited in the reports include: * An animal rights rally outside a Canadian consulate office in San Francisco to protest the hunting of seals. * A demonstration in Walnut Creek at which U.S. Rep. George Miller (D-Martinez) and other officials spoke against the war in Iraq. * A Women's International League for Peace and Freedom gathering at a courthouse in Santa Barbara in support of an antiwar protester - a 56-year-old Salinas woman - facing federal trespassing charges. California Atty. Gen. Bill Lockyer's office learned of the monitoring activity more than two months ago. On Friday, a spokesman condemned the actions, saying they violated the groups' constitutional right of free speech. "When people exercise their 1st Amendment rights to rally, march and protest, they should not have to worry that intelligence officials are watching them or their activities are in any way being painted with the terrorism brush," Lockyer spokesman Tom Dresslar said in an interview. "That kind of conduct by anti-terrorism intelligence agencies threatens civil liberties, runs counter to our values and violates this office's policy regarding criminal intelligence gathering," Dresslar said. The Times obtained two of the reports, which were compiled daily. The state homeland security office declined to release others. The office is a 53-person operation that grew out of the Sept. 11 attacks and is financed primarily by federal money. Officials there said the details about the rallies were reported by SRA International, a company hired to provide counter-terrorism analysis. The officials said such information made it into only the two reports that The Times obtained, out of 60-some daily intelligence reports produced since March. No reports were produced before March, said Chris Bertelli, spokesman for the state office. When officials in the agency learned of the practice, he said, they ordered it stopped. Copies of the reports were shared with the California Highway Patrol and the attorney general's office. Nothing else was done with the information about the demonstrations, Bertelli said. The reports are on the letterhead of a California anti-terrorism partnership that includes the homeland security office, the attorney general and the Highway Patrol. Dresslar said staffers in Lockyer's office saw the reports and raised concerns with their superiors, who complained to the Office of Homeland Security. "When we discovered their existence, we informed OHS officials that we had absolutely no use for that kind of information," Dresslar said. "Collecting information on protests has no legitimate anti-terrorism intelligence function. None. No intelligence agency has any need to maintain this kind of information." The reports obtained by The Times contain summaries of news articles about the war in Iraq, animal rights activists and terrorism. One has a section titled "Upcoming California Protests," followed by summaries of the demonstrations. Each includes an entry for "officer safety issues." No issues are cited. One group whose antiwar rally was in the reports criticized the state agency's practice. "It seems like a waste of taxpayer dollars and a creeping invasion of our 1st Amendment rights to demonstrate and speak," said Devlin Donnelly, assistant coordinator for the Chico Peace and Justice Center, which held a rally in Chico in March calling for an end to the war in Iraq. Schwarzenegger had "no information and no knowledge that this was happening," said Adam Mendelsohn, the governor's communications director. "The governor feels that this particular information gathering is totally inappropriate and unacceptable." Anti-terrorism ideas from the state homeland security office have stirred qualms before. Past and present members of the attorney general's office said they were troubled by a meeting at the security office last September in which federal and state officials discussed ways to prevent Islamic militants from recruiting prison inmates. In attendance were officials from the FBI, the state Department of Corrections and Rehabilitation and various local law enforcement agencies, according to documents obtained by The Times. One account of the meeting is provided in a whistle-blower complaint filed by a former high-ranking official in the attorney general's office, Edward Manavian. The complaint says homeland security information analyst William Hipsley proposed monitoring private conversations in state prisons between inmates and Islamic clergymen and, citing a potential national security threat from Iran, getting a list of Iranians living in California. State law makes it a felony to eavesdrop on conversations between a person in custody and his attorney, doctor or religious advisor. Brian Parriott, a spokesman for the state prison system, said it is not the corrections department's practice to listen in on private conversations between inmates and visitors from the clergy. And Mark Schlosberg, a policy director for the ACLU's San Francisco office, said it is discriminatory to compile databases on broad groups of people based on national origin without any specific link to criminal activity. "It's contrary to our constitutional protections and our systems, and it's also ineffective in terms of law enforcement," Schlosberg said. The state homeland security office denied Manavian's version of events and issued rebuttals from Hipsley and a staff member who also attended. In a written statement, Hipsley said that he never suggested "Muslim clerics offices be 'bugged' " and that the subject of Iran never came up. George Aradi, an assistant deputy director for information analysis, concurred in a separate statement. Manavian was demoted in February. In his complaint, he said that happened in part because he refused to cooperate with "attempts to violate the civil rights of citizens in this state." He resigned in April. His complaint is pending before the state Personnel Board, and a hearing is scheduled in late July. Lockyer's office publicly criticized the monitoring actions after an inquiry from The Times. But Allen Benitez, assistant chief of the attorney general's criminal intelligence bureau, had told one of his bosses in a memo April 18 that the security office was gathering information on "political groups" and protests. He voiced concerns that such tracking "may not be allowed under the law." Lockyer's office handled the matter privately with the security office, Dresslar said. Questions about the office come at a time when assessments by nonpartisan reviewers have concluded the state is unprepared for a terrorist attack or natural disaster. Schwarzenegger casts himself as being immersed in efforts to prepare California for disaster, making repeated public visits to the state's emergency command center outside Sacramento, where he has watched over exercises simulating what would happen in a disaster, such as an earthquake or flood. But a report by the legislative analyst's office last year said California lacks "a unified strategic approach to homeland security." And more recently, the state's Little Hoover Commission watchdog agency issued a report saying it is unclear who would take charge in the event of an emergency or terrorist attack. Governor to Release Intelligence Reports Schwarzenegger acts to ease concerns about inappropriate compilation of information on antiwar and political rallies. By Peter Nicholas, Times Staff Writer July 2, 2006 SACRAMENTO - Gov. Arnold Schwarzenegger's office said Saturday he was ordering the release of dozens of intelligence reports prepared for the state Office of Homeland Security - a step that comes as lawmakers from both parties are denouncing a practice in which state intelligence agents compiled information about political and antiwar protests and rallies. Schwarzenegger administration officials say there were only two cases in which state homeland security agents collected material on political protests in recent months. Releasing the full trove of intelligence reports will prove that point, assuring the public that the practice was not more widespread, according to those officials. State lawmakers from both parties said it was inexcusable that two such intelligence reports from March and April carried details about the location and purpose of political rallies throughout California. The two reports, obtained by The Times, were described in a news article published Saturday. "The governor believes that any inappropriate information gathering like this is totally unacceptable," Adam Mendelsohn, Schwarzenegger's communications director, said in an interview. The governor's homeland security director, Matthew Bettenhausen, said Saturday that the material was mistakenly included in the reports by a private contractor working for his office. Schwarzenegger will allow the media to review the approximately 60 intelligence reports that have been prepared for the homeland security director since March, but no copies will be allowed, Mendelsohn said. Before the reports can be reviewed in coming days, officials will remove all "law-enforcement-sensitive information" - anything covering "ongoing investigations" and related "safety threats," said Chris Bertelli, spokesman for the homeland security office. Rep. George Miller (D-Martinez) said in an interview that there should be a "very, very high threshold" for removing anything and that the reports should not be sanitized. The congressman attended an antiwar rally in Walnut Creek in March that was listed in one of the intelligence reports, in a section called "Upcoming California Protests." State legislators said they were pleased that the governor was releasing the material. Yet some said they were troubled by what they viewed as a continuing pattern of aggressive intelligence gathering by his administration. Last year, the state Senate held hearings into news accounts that a California National Guard intelligence unit had tracked a Mother's Day antiwar rally. State Sen. Joe Dunn (D-Santa Ana), who led the hearings on the National Guard, said the homeland security episode is fresh proof of the need for greater oversight. Dunn said he wants to create a special legislative intelligence committee that would monitor California's fast-growing homeland security apparatus. Lawmakers serving on the committee would receive a special security clearance. He said he has broached the idea with the Senate leadership. "I am very pleased that they're willing to share all the reports," Dunn said. "However, I was assured after the one spying incident in May 2005 by the California National Guard that the practice was not more widespread at the state level. "We now discover that those assurances were patently false. I hope the current assurances are a little more truthful than the ones of a year ago." The homeland security office quickly arranged a news conference Saturday morning to offer some reassurances of its own. Bettenhausen, a Schwarzenegger appointee, said there was no surveillance of any of the political demonstrations listed in the intelligence reports. One of the rallies was staged by animal rights activists protesting the slaughter of Canadian seals. Another was a women's peace protest aimed at showing support for a Salinas woman facing charges of trespassing at Vandenberg Air Force Base. Several other protests concerned the war in Iraq. The two reports from March and April that mentioned the political demonstrations were shared with the California Highway Patrol and the attorney general's office, but not with any other law enforcement entity, Bettenhausen said. These two agencies are part of a state partnership set up to combat terrorism and gather intelligence. Bettenhausen described how the material made its way into the reports. A state contractor retained by homeland security issued a report March 7. That document included summaries of 10 rallies set for later in the month. Listed were the date of the event, the purpose, the location, the expected number of people, the source of the information, and "officer safety issues." When they saw that, homeland security officials told the contractor not to include such information again, Bettenhausen said. Yet similar material was part of a report dated April 10. Again, homeland security officials saw it and told the contractor to leave out such information in the future, Bettenhausen said. Since then, none of the reports prepared for Bettenhausen have included information on political protests, homeland security officials said. Bettenhausen said his office "does not tolerate the gathering of inappropriate information and we never will. We will not stand for it." The contractor used by the state homeland security agency is SRA International Inc., which is being paid up to $16 million to provide counterterrorism analysis. From rforno at infowarrior.org Mon Jul 3 10:55:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Jul 2006 10:55:21 -0400 Subject: [Infowarrior] - We Need Fewer Secrets Message-ID: We Need Fewer Secrets By Jimmy Carter Monday, July 3, 2006; Page A21 The U.S. Freedom of Information Act (FOIA) turns 40 tomorrow, the day we celebrate our independence. But this anniversary will not be a day of celebration for the right to information in our country. Our government leaders have become increasingly obsessed with secrecy. Obstructionist policies and deficient practices have ensured that many important public documents and official actions remain hidden from our view. The events in our nation today -- war, civil rights violations, spiraling energy costs, campaign finance and lobbyist scandals -- dictate the growing need and citizens' desire for access to public documents. A poll conducted last year found that 70 percent of Americans are either somewhat or very concerned about government secrecy. This is understandable when the U.S. government uses at least 50 designations to restrict unclassified information and created 81 percent more "secrets" in 2005 than in 2000, according to the watchdog coalition OpenTheGovernment.org. Moreover, the response to FOIA requests often does not satisfy the transparency objectives or provisions of the law, which, for example, mandates an answer to information requests within 20 working days. According to the National Security Archives 2003 report, median response times may be as long as 905 working days at the Department of Agriculture and 1,113 working days at the Environmental Protection Agency. The only recourse for unsatisfied requesters is to appeal to the U.S. District Court, which is costly, timely and unavailable to most people. Policies that favor secrecy, implementation that does not satisfy the law, lack of a mandated oversight body and inaccessible enforcement mechanisms have put the United States behind much of the world in the right to information. Increasingly, developed and developing nations are recognizing that a free flow of information is fundamental for democracy. Whether it's government or private companies that provide public services, access to their records increases accountability and allows citizens to participate more fully in public life. It is a critical tool in fighting corruption, and people can use it to improve their own lives in the areas of health care, education, housing and other public services. Perhaps most important, access to information advances citizens' trust in their government, allowing people to understand policy decisions and monitor their implementation. Nearly 70 countries have passed legislation to ensure the right to request and receive public documents, the vast majority in the past decade and many in middle- and low-income nations. While the United States retreats, the international trend toward transparency grows, with laws often more comprehensive and effective than our own. Unlike FOIA, which covers only the executive branch, modern legislation includes all branches of power and some private companies. Moreover, new access laws establish ways to monitor implementation and enforce the right, holding agencies accountable for providing information quickly and fully. What difference do these laws make? In South Africa, a country emerging from authoritarian rule under the apartheid system, the act covering access to information gives individuals an opportunity to demand public documents and hold government accountable for its actions, an inconceivable notion just a decade ago. Requests have exposed inappropriate land-use practices, outdated HIV-AIDS policies and a scandalous billion-dollar arms deal. In the United Kingdom, the new law forced the government to reveal the factual basis for its decision to go to war in Iraq. In Jamaica, one of the countries where the Carter Center has worked for the past four years to help establish an access-to-information regime, citizens have used their right to request documents concerning the protection of more than 2,500 children in public orphanages. Two years ago there were credible allegations of sexual and physical abuse. In the past year, a coalition of interested groups has made more than 40 information requests to determine whether new government recommendations were implemented to ensure the future safety and well-being of these vulnerable children. Even in such unlikely places as Mali, India and Shanghai, efforts that allow access to information are ensuring greater transparency in decision making and a freer flow of information. In the United States, we must seek amendments to FOIA to be more in line with emerging international standards, such as covering all branches of government; providing an oversight body to monitor compliance; including sanctions for failure to adhere to the law; and establishing an appeal mechanism that is easy to access, speedy and affordable. We cannot take freedom of information for granted. Our democracy depends on it. The writer was the 39th president and is founder of the Carter Center. From rforno at infowarrior.org Mon Jul 3 14:02:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Jul 2006 14:02:11 -0400 Subject: [Infowarrior] - Academics break the Great Firewall of China Message-ID: Academics break the Great Firewall of China By Tom Espiner http://news.com.com/Academics+break+the+Great+Firewall+of+China/2100-7348_3- 6090437.html Story last modified Mon Jul 03 09:15:45 PDT 2006 Computer experts from the University of Cambridge claim not only to have breached the Great Firewall of China, but have found a way to use the firewall to launch denial-of-service attacks against specific Internet Protocol addresses in the country. The firewall, which uses routers supplied by Cisco, works in part by inspecting Web traffic for certain keywords that the Chinese government wishes to censor, including political ideologies and groups it finds unacceptable. The Cambridge research group tested the firewall by firing data packets containing the word "Falun" at it, a reference to the Falun Gong religious group, which is banned in China. The researchers found that it was possible to circumvent the Chinese intrusion detection systems by ignoring the forged transmission control protocol resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection. "The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine." Clayton added that this means the Chinese firewall can be used to launch denial-of-service attacks against specific IP addresses within China, including those of the Chinese government itself. The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a "sensitive" keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time. If an attacker had identified the machines used by regional government offices, they could block access to Windows Update, or prevent Chinese embassies abroad from accessing specific Chinese Web content. "Due to the design of the firewall, a single packet addressed from a high party official could block their Web access," said Clayton. Even though this technique would block communication between only two particular points on the Internet, the researchers calculated that a lone attacker using a single dial-up connection could still generate a "reasonably effective" denial-of-service attack. If an attacker generated 100 triggering packets per second, and each packet caused 20 minutes of disruption, 120,000 pairs of endpoints could be prevented from communicating at any one time. Clayton, speaking at the Sixth Workshop on Privacy Enhancing Technologies in Cambridge last week, said that the researchers had reported their findings to the Chinese Computer Emergency Response Team. Tom Espiner of ZDNet UK reported from London. From rforno at infowarrior.org Mon Jul 3 15:25:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Jul 2006 15:25:38 -0400 Subject: [Infowarrior] - On Right and Left, a Push for Government Openness Message-ID: On Right and Left, a Push for Government Openness By JASON DePARLE http://www.nytimes.com/2006/07/03/washington/03cyber.html?_r=1&oref=slogin&p agewanted=print WASHINGTON, July 2 ? Exasperated by his party's failure to cut government spending, Senator Tom Coburn, Republican of Oklahoma, is seeking cyberhelp. Mr. Coburn wants to create a public database, searchable over the Internet, that would list most government contracts and grants ? exposing hundreds of billions in annual spending to instant desktop view. Type in "Halliburton," the military contractor, or "Sierra Club," the environmental group, for example, and a search engine would show all the federal money they receive. A search for the terms "Alaska" and "bridges" would expose a certain $223 million span to Gravina Island (population 50) that critics call the "Bridge to Nowhere." While advocating for openness, Mr. Coburn is also placing a philosophical bet that the more the public learns about federal spending, the less it will want. "Sunshine's the best thing we've got to control waste, fraud and abuse," he said. "It's also the best thing we've got to control stupidity. It'll be a force for the government we need." But Mr. Coburn's plan, hailed by conservatives, is also sponsored by a Democrat, Senator Barack Obama of Illinois, and applauded by liberal groups that support activist government. The result is a showcase of clashing assumptions and the oddest of coalitions, uniting Phyllis Schlafly, a prominent critic of gay rights, with the National Gay and Lesbian Task Force. Liberal groups, while also praising openness, are hoping for a new appreciation of what government does, like providing clean water and feeding the hungry. "We need to remind people where Uncle Sam helps us each day," said Gary Bass, director of OMB Watch, a liberal group that got its start monitoring the White House Office of Management and Budget. The House unanimously passed a version of the proposal in late June, though in a form that has drawn outside criticism. The House bill creates a database that would omit contracts, which typically go to businesses, but would include about $300 billion in grants, which usually go to nonprofit groups. "Contracts are awarded in a much more competitive environment," said Representative Thomas M. Davis III, a Virginia Republican who was a sponsor of the bill. That makes them more self-policing, he said. Mr. Davis, whose district includes many government contractors, said grants "are more susceptible to abuse." But liberal critics see a revival of what they call old partisan efforts to "de-fund the left," by reducing grants to liberal groups or adding conditions that limit their activities. Mr. Coburn joined them in criticizing the House omission of contracts. Including them in the database, he said, is "the only way you're going to bust these indecent relationships of former Pentagon employees working for defense contractors and getting sweetheart deals from buddies inside." When told of Mr. Coburn's statement, Mr. Davis said, "As usual, I think he's headline grabbing." While Mr. Davis supports more openness in contracting, he said including contracts would "gum up the works" legislatively since more Congressional committees would be involved. Spending hawks have sought a spending database for years. The Heritage Foundation, a conservative Washington group, tried to build one itself, but search-engine technology now makes the task easier. On the right, support for the plan reflects an old concern about spending and a new faith in the power of blogs. Supporters picture a citizen army of e-watchdogs, greatly increasing the influence of antispending groups in Washington. "Now that you've got the Internet, you'll have tens of thousands of watchdogs," said Bridgett G. Wagner of the Heritage Foundation, who is leading a coalition of conservative groups that support the Coburn bill. "That's what people see in it." Among the bill's leading supporters is Mark Tapscott, the editorial page editor of The Washington Examiner, who has promoted it there and on his blog, Tapscott's Copy Desk. While most spending is already a matter of public record, Mr. Tapscott argues that it is often buried in obscure documents. "The spending cannot be sufficiently scrubbed," Mr. Tapscott said. Whether the database causes spending to rise or fall (he guesses it will fall), "what's important to me is the principle of the public's right to know," Mr. Tapscott said. A number of blogs popular among conservatives have praised Mr. Coburn's bill. Instapundit, among the most popular, has pushed it. Seeker Blog called it "the best news I've heard out of D.C. this year." Captain's Quarters demanded "Give us the Pork Database," and Porkopolis hailed the measure with the slogan, "Show Me the Money." While the bill has few overt critics, it may encounter resistance from Congressional insiders who have used their influence to secure projects back home. When Mr. Coburn tried to attach the measure to a lobbying reform bill this spring, Senator Trent Lott, a Mississippi Republican known for his zeal in aiding his state, killed it on procedural grounds. Not everyone is convinced more sunshine will matter. "All this information is out there right now" and being mined by watchdog groups, said Douglas Holtz-Eakin, a former director of the Congressional Budget Office. While it was "certainly appropriate" to build a database, he said: "I don't think it would dramatically change public perception of the appropriate size and scope of government. That's a much deeper issue." One important challenge involves tracking subcontractors. Money awarded, for example, to Lockheed, to build a military plane, might get divided among hundreds of parts suppliers. The database, Mr. Coburn said, would seek to list them all. The push for openness runs counter to the trend of increased secrecy among government officials who cite the need to protect national security. Criticizing that trend, Mr. Tapscott said, "people in the Pentagon, like bureaucrats everywhere, overclassify too much because of the basic instinct to protect yourself." But Mr. Coburn said he was comfortable with the overall level of secrecy. His database would adhere to current disclosure rules, he said. What if sunlight so cleanses the government that the public wants more of it? Grover Norquist, an antitax advocate who supports the House bill, just laughed. "They might say, 'Oh my goodness, look at all the good work that's being done,' " he said. "But I'm willing to take that chance." From rforno at infowarrior.org Tue Jul 4 08:28:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Jul 2006 08:28:04 -0400 Subject: [Infowarrior] - A Dissident's Holiday Message-ID: A Dissident's Holiday By E. J. Dionne Jr. Tuesday, July 4, 2006; A15 http://www.washingtonpost.com/wp-dyn/content/article/2006/07/03/AR2006070300 925_pf.html Have you ever noticed a certain hesitant quality to the expressions of patriotism by progressives or left-wingers? The patriotism of the conservative goes unquestioned. It's assumed that every politician on the right will wear a flag on his lapel and effortlessly hold forth on ours as "the greatest country in the history of the world." You can be certain that on this, as on every July 4th, patriotic oratory will flow as well from liberals declaring their love of flag, country and the Declaration of Independence. Many will speak of how our constitutional republic is to be revered especially for its guarantees of liberty and justice for all and -- hint, hint -- limits on the powers of overreaching monarchs. But the progressive and the reformer have a problem with what passes for unadulterated patriotism. By nature, the reformer is bound to insist that the country, however glorious, is not a perfect place, that it is capable of doing wrong as well as right. The nation that declared "all men are created equal" was, at the time those words were written, the home of an extensive system of slavery. Most reformers guard their patriotic credentials by moving quickly to the next logical step: that the true genius of America has always been its capacity for self-correction. I'd assert that this is a better argument for patriotism than any effort to pretend that the Almighty has marked us as the world's first flawless nation. One need only point to the uses that Abraham Lincoln and Martin Luther King Jr. made of the core ideas of the Declaration of Independence against slavery and racial injustice to show how the intellectual and moral traditions of the United States operate in favor of continuous reform. There is, moreover, a distinguished national tradition in which dissident voices identify with the revolutionary aspirations of the republic's founders. Frederick Douglass, the former slave turned anti-slavery champion, offered the classic text in his 1852 address often published under the title: "What to the Slave is the Fourth of July?" "To say now that America was right, and England wrong, is exceedingly easy," Douglass declared. "Everybody can say it. . . . But there was a time when, to pronounce against England, and in favor of the cause of the colonies, tried men's souls. They who did so were accounted in their day, plotters of mischief, agitators and rebels, dangerous men. To side with the right, against the wrong, with the weak against the strong, with the oppressed against the oppressor! here lies the merit, and the one which, of all others, seems unfashionable in our day." This telling of the Fourth of July story identifies the day as part of a long, progressive history and turns "agitators" and "plotters of mischief" into the holiday's true heroes. The Fourth is transformed from an affirmation of continuity into a celebration of change. The republic's founders are praised not because they inaugurated a system designed to stand forever, unaltered, but because they blazed a path toward what Supreme Court Justice Stephen Breyer has called "active liberty." They set the nation on a course that would, as Breyer put it, expand "the scope of democratic self-government." This is not a philosophy for the stand-patter nor a recipe for living in the past. And it emphatically rejects any definition of true patriotism that cedes to a current ruling group the right to declare what is or is not "Americanism." The Fourth of July is, of course, a celebration of national unity and of shared love of country. But it need not bother us that there has always been a struggle over the day's meaning. This is part of a larger argument over how to interpret our national tradition, an ongoing quarrel that I suspect the revolutionaries of '76 would understand. Those who reject the idea of national perfection, who insist that the Founders laid out a pathway and not a destination, should thus resist defensiveness. They should embrace the creed offered in a speech to Congress in 1990 by Vaclav Havel, the Eastern European dissident who became president of the Czech Republic. "As long as people are people, democracy, in the full sense of the word, will always be no more than an ideal," Havel said. "One may approach it as one would the horizon in ways that may be better or worse, but it can never be fully attained. In this sense, you, too, are merely approaching democracy." That we're still trying, 230 years after we declared independence, is our national glory. postchat at aol.com ? 2006 The Washington Post Company From rforno at infowarrior.org Tue Jul 4 16:34:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Jul 2006 16:34:09 -0400 Subject: [Infowarrior] - Music industry prepares lawsuit against Yahoo China Message-ID: Music industry prepares lawsuit against Yahoo China http://www.washingtonpost.com/wp-dyn/content/article/2006/07/04/AR2006070400 463_pf.html Reuters Tuesday, July 4, 2006; 12:02 PM LONDON (Reuters) - The world's biggest music companies are preparing a lawsuit against Yahoo China for copyright infringement as part of the industry's efforts to crack down on piracy. "Yahoo China has been blatantly infringing our members' rights. We have started the process and as far as we're concerned we're on the track to litigation," said John Kennedy, chairman and chief executive of the music industry trade group the International Federation of the Phonographic Industry. "If negotiation can prevent that, so be it," he added. Yahoo China officials could not immediately be reached for comment. Yahoo China is a partnership between Internet giant Yahoo Inc, which owns 40 percent of the business, and China's Alibaba.com. The IFPI has blasted Yahoo China's search engine for providing links to Web sites that offer unlicensed music downloads. In a speech in Shanghai in May, Kennedy said China was the most exciting new market in the world for the music industry but that online piracy "threatens to strangle the fledgling legitimate digital music market before it has hardly evolved." The IFPI estimates that about 85 percent of all music consumed in China is pirated. Kennedy singled out Yahoo China and Chinese Internet search leader Baidu.com, which was ordered by a Beijing judge last year to stop directing users to music download sites. The music industry has relied on an anti-piracy strategy of lawsuits against illegal music services and their users paired with growth in legal music services like Apple's market-leading iTunes Music Store. The UK music trade group BPI is currently suing the Russian Web site AllofMP3.com. ? 2006 Reuters From rforno at infowarrior.org Wed Jul 5 10:00:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 10:00:27 -0400 Subject: [Infowarrior] - Sophos: Web perils advise switch to Macs Message-ID: Web perils advise switch to Macs http://news.bbc.co.uk/2/hi/technology/5150508.stm Security threats to PCs with Microsoft Windows have increased so much that computer users should consider using a Mac, says a leading security firm. Sophos security said that the 10 most commonly found pieces of malicious software all targeted Windows machines. In contrast, it said, none of the "malware" were capable of infecting the Mac OS X operating system. Microsoft has pledged that the latest version of its operating system, known as Vista, will be its most secure yet. "It is our goal to give PC users the control and confidence they need so they can continue to get the most out of their PCs," a Microsoft spokesperson said. "Windows Vista contains a number of new safety features that, taken together, are designed to make Windows PCs more secure and online experiences safer." Microsoft said that security on Vista would be an integral part of the operating system rather than an add-on like in previous systems. Top threats The advice from Sophos was given as it released a report, detailing the security threats posed to computers so far in 2006. The report says that there has been a vast drop in malicious software like viruses and worms. It seems likely that Macs will continue to be the safer place for computer users for some time to come Graham Cluley, Sophos However, the company warns that there has been a sharp increase in the number of Trojans. It said that 82% of new security threats this year were from these programs. Trojans are pieces of malicious software that are hidden in other legitimate programs such as downloaded screensavers. The Trojan may collect financial information or allow the infected computer to be controlled remotely for sending spam or launching web attacks. "The continuing rise of malware will concern many - the criminals responsible are obviously making money from their code, otherwise they'd give up the game," said Graham Cluley, senior technology consultant at Sophos. Mac flaws Although Trojans dominate the list of security threats, the most widespread problem was the Sober-Z worm. The worm, which was spread by e-mail, infected people's computers and tried to turn off security settings. It replicated by looking for other e-mail addresses on the computers' hard drives. The worm infected computers running the Windows operating system, but was not designed to infect Apple Macs. "It seems likely that Macs will continue to be the safer place for computer users for some time to come," said Mr Cluley. "[That is] something that home users may wish to consider if they're deliberating about the next computer they should purchase," he added. Earlier this year, a security flaw in the way that Macs downloaded files was identified; while three concept viruses and a worm written specifically for Apple computers were also discovered. The viruses were never released into the "wild" and posed little security threat. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/5150508.stm Published: 2006/07/05 12:33:12 GMT From rforno at infowarrior.org Wed Jul 5 10:05:45 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 10:05:45 -0400 Subject: [Infowarrior] - Blogs Study May Provide Credible Information Message-ID: Blogs Study May Provide Credible Information By William J. Sharp, Air Force Office of Scientific Research URL of this article: http://www.defencetalk.com/news/publish/printer/printer_6737.php Wed, 5 Jul 2006, 00:00 Arlington, VA: The Air Force Office of Scientific Research recently began funding a new research area that includes a study of blogs. Blog research may provide information analysts and warfighters with invaluable help in fighting the war on terrorism. Dr. Brian E. Ulicny, senior scientist, and Dr. Mieczyslaw M. Kokar, president, Versatile Information Systems Inc., Framingham, Mass., will receive approximately $450,000 in funding for the 3-year project entitled "Automated Ontologically-Based Link Analysis of International Web Logs for the Timely Discovery of Relevant and Credible Information." "It can be challenging for information analysts to tell what's important in blogs unless you analyze patterns," Ulicny said. Patterns include the content of the blogs as well as what hyperlinks are contained within the blog. Within blogs, hyperlinks act like reference citations in research papers thereby allowing someone to discover the most important events bloggers are writing about in just the same way that one can discover the most important papers in a field by finding which ones are the most cited in research papers. This type of analysis can help information analysts' searches be as productive as possible. The blog study is part of Air Force Office of Scientific Research's new Information Forensics and Process Integration research program recently launched at Syracuse University, Syracuse, N.Y. The new portfolio of projects consists of three areas of research emphasis - incomplete information and metrics; search, interactive design, and active querying; and cognitive processing. One of the problems analysts may have with blog monitoring, Ulicny noted, is there is too much actionable information for the analyst to properly analyze. "We are developing an automated tool to tell analysts what bloggers are most interested in at a point in time," Ulicny said. This analysis, Kokar said, is based on what Versatile Information Systems calls the RSTC approach to blog analysis - relevance, specificity, timeliness, and credibility. RSTC helps information analysts filter the most important information to study. "Relevance involves developing a point of focus and information related to a particular focus," Kokar said. Timeliness has to do with immediacy - how important is a topic now. "Credibility," he continued, "is the amount of trust you have in an information source." Finally, specificity can provide value to information analysts depending on how general or specific they need the information to be. In some ways, the team's automated project works like a search engine but with a more focused approach. Traditional search engines present users with information based on, for example, the number of times a term appears in a document. The information obtained via a search engine query tends to be similar among the documents returned. Blog postings, however, can be much more dissimilar from one to another. "What we're doing is a sort of information retrieval," Ulicny said. "The difference is that in order to find and analyze blog entries, you need to more adequately model how the blogs work on a global scale." To some degree blog interpretation, he said, involves understanding a different form of communication. "Blog entries have a different structure," Ulicny said. "They are typically short and are about something external to the blog posting itself , such as a news event. It's not uncommon for a blogger to simply state, 'I can't believe this happened,' and then link to a news story." In this example, Ulicny said, there might not be much of interest in the blog posting, yet the fact that the blogger called attention to this story can be significant to understanding what matters. A good example, he said, is the recent furor in the Muslim world over the publication of cartoons of Mohammad in a Danish newspaper. The original publication wasn't much noticed in the West, but bloggers discussed this event that possibly contributed to riots worldwide. "The fact that the web is a vast source of information is sometimes overlooked by military analysts," Kokar said. "Our research goal is to provide the warfighter with a kind of information radar to better understand the information battlespace." From rforno at infowarrior.org Wed Jul 5 10:11:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 10:11:13 -0400 Subject: [Infowarrior] - Ted Stevens is a [blithering] idiot Message-ID: As Mark Twain said, "Suppose you were an idiot. And suppose you were a member of Congress ... But then I repeat myself." http://blog.wired.com/27BStroke6/?entry_id=1512499 There are other fantastic bon mots uttered by Senator Ted in his speech last week -- check out the link above for more heartaches, like these gems: "I just the other day got, an internet was sent by my staff at 10 o'clock in the morning on Friday and I just got it yesterday...." < snip > "Now we have a separate Department of Defense internet now, did you know that? Do you know why? Because they have to have theirs delivered immediately. They can't afford getting delayed by other people." (he obviously hasn't heard of NMCI...) < snip > That said, please, somebody, send me an internet, okay? Please? I'll even wait until Christmas to get it. Please? :) -rf From rforno at infowarrior.org Wed Jul 5 10:34:36 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 10:34:36 -0400 Subject: [Infowarrior] - Ken Lay dead of massive heart attack Message-ID: Ken Lay dead of massive heart attack 09:33 AM CDT on Wednesday, July 5, 2006 Former Enron CEO Ken Lay has died of what is believed to be a massive heart attack in Aspen. He was there with his family awaiting sentencing after being convicted in May. Lay led Enron?s meteoric rise from a staid natural gas pipeline company formed by a 1985 merger to an energy and trading conglomerate that reached No. 7 on the Fortune 500 in 2000 and claimed $101 billion in annual revenues. He was convicted in May of defrauding investors and employees by repeatedly lying about Enron?s financial strength in the months before the company plummeted into bankruptcy protection in December 2001. <-> http://www.khou.com/topstories/stories/khou060705_mh_laybio.29d73d64.html From rforno at infowarrior.org Wed Jul 5 13:42:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 13:42:44 -0400 Subject: [Infowarrior] - CALEA - Final Rule Message-ID: FEDERAL COMMUNICATIONS COMMISSION 47 CFR Parts 1, 22, 24, and 64 [ET Docket No. 04-295; RM-10865; FCC 06-56] Communications Assistance for Law Enforcement Act and Broadband Access and Services AGENCY: Federal Communications Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: This document addresses the assistance capabilities required, pursuant to section 103 of the Communications Assistance for Law Enforcement Act (CALEA) for facilities-based broadband Internet access providers and providers of interconnected Voice over Internet Protocol (VoIP). More generally, the Second Report and Order and Memorandum Opinion and Order (Second R&O and MO&O) specifies mechanisms to ensure that telecommunications carriers comply with CALEA. The MO&O denies in part and grants in part a petition for reconsideration and clarification filed by the United States Telecom Association (USTelecom) relating to the compliance date for broadband Internet access providers and providers of interconnected VoIP. < - > http://cryptome.org/fcc070506.htm From rforno at infowarrior.org Wed Jul 5 19:50:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 19:50:49 -0400 Subject: [Infowarrior] - Windows genuine disadvantage Message-ID: Windows genuine disadvantage Mark Rasch, http://www.securityfocus.com/print/columnists/409 A recent lawsuit filed against Microsoft should have all companies reexamining their privacy policies to determine what information they are actually collecting about customers, and what they can possibly do with it. What would you call a computer program that surreptitiously installed itself onto your computer, collected personal information about you without your knowledge or effective consent, was difficult or impossible to remove, installed pop-up banners that constantly harassed you, and presented significant security vulnerabilities? If you were Los Angeles resident Brian Johnson, the answer would be simple. You'd call it Windows. Or more specifically, it's the anti-piracy software download known as Windows Genuine Advantage. His class action lawsuit (PDF), filed in U.S. federal District Court in Seattle, Washington on June 26, 2006, alleges that the Microsoft software violates California and Washington State privacy laws, consumer protection laws, and anti-spyware laws. The outcome of the case may well dictate how companies package software, and more particularly how they promise privacy. This will apply not only to software companies, but also to any company that, either knowingly or not, collects certain "personal information" about visitors to its websites. Genuine advantage? In April 2004, with much fanfare, Microsoft announced a new program to protect the consumer from ... well, from themselves. Ostensibly an anti-fraud program, the Windows Genuine Advantage (WGA) program was marketed as a means for individuals to determine whether the software on their system (that is, only the Microsoft OS software) was properly licensed. In theory, the target for this program was people who bought computers with OEM Microsoft software which, unbeknownst to them, was not appropriately licensed. In theory, people who downloaded or obtained software off the web kinda knew or suspected that their free copy of Windows XP Professional might not be legitimate. The WGA program was not really a consumer protection program. It was actually designed to protect Microsoft itself from people obtaining unlicensed copies of its Windows (tm) operating system, and forcing them to obtain actual licensed copies of the OS. If you were the victim of fraud, and had unknowingly obtained a copy of the OS without a license, Microsoft's software did not help you obtain redress against the seller of the computer or OS. It merely offered you a mechanism to repurchase the software, at full price, from Microsoft itself. Presumably, the consumer who obtained a perfectly functional computer from an OEM manufacturer at a fair market price (well, lets assume a slight bargain) was now given the opportunity to give Microsoft more money to prevent piracy. I must admit some aversion to the term "piracy" ? as it evokes images of peg-legged men with parrots swinging from riggings of Galleons with knives between their teeth demanding ransom ? not someone who has obtained software without adhering to the terms of the End User License Agreement. Captain Jack Sparrow with a modem? Software "piracy" is at worst theft, and more generally a breach of contract ? not an armed gunmen taking hostages off the Somali coast. Congress' authority to regulate software piracy rests in Article I Section 8 of the Constitution, which gives them the ability, "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries." This is not the portion two clauses down which gives them the ability "To define and punish Piracies and Felonies committed on the high Seas, and Offences against the Law of Nations." Unless of course, you had a broadband connection on your Brigantine. Indeed, those who were the "victims" of software piracy and who presumably wanted to "get legal" were the ones who purchased OEM products that were unlicensed ? and they were the ones being forced by Microsoft to "walk the plank." Arrrrrrrrrrrrgh. It's not like Microsoft was going after the OEM manufacturers and distributors of unlicensed product, obtaining monetary judgments and then giving that money to the purchasers of the products. No, the enforcement actions were aimed at obtaining license fees and civil and criminal sanctions for the company, all the while the company was claiming that the unwitting purchasers were the victims. In fact, even if the Redmond giant successfully squeezed license fees or other sanctions from the OEM selling the unlicensed software, they still retained the right, through the WGA program, to go after the individual (and possibly unwitting) purchasers for the license fees again. Well, life 'aint fair. Deal with it. The progression of security updates and unlicensed software Now make no mistake. The sale and transfer of unlicensed software presents serious economic costs to software manufacturers. The Business Software Alliance (PDF) estimated in its March 2006 report that for the previous year about 35% of software on PCs was improperly licensed, and that worldwide the median piracy rate was about 64%. In fact, the BSA estimated that, in 2005, for every two dollars of software purchased legally, one dollar's worth was obtained illegally. This amounts to billions of dollars of losses ? a sizeable portion of which must be for Microsoft itself. No wonder they instituted a program to protect themselves. But did they go too far? As originally instituted in April, 2004, the WGA program was a way for you to scan you own PC and determine whether your copy of the Windows OS was appropriately licensed. The software was listed as an "update" ? and a high priority update at that, when you went to download and install security updates. So you would think that this was a high priority update to help you to secure your own computer. But no. What it was, in fact, was a program that you would install on your computer that would collect information for the benefit of Microsoft. Indeed, assuming that the pirated software was genuine pirated software (that is, not a Trojan horse program) then by installing the program you actually became less secure. A few observations are in order. Out of the box, with no updates, service packs, or patches, the Microsoft OS of your choice is buggy and has obvious security vulnerabilities. Indeed, if you buy a new PC, fully licensed out of the box, once you connect to the Internet, it can take as long as several hours for you to download and install all of the relevant patches, updates and drivers just to get the machine functional. And that doesn't include things like firewall settings, anti-viral and anti-spyware software, which you have to buy separately from Microsoft or other vendors. The plain truth was that most casual users never did these downloads. As a result, most systems were woefully insecure. In an effort to "take the human out of the loop," Microsoft introduced an automatic update service. After agreeing to a general End User License Agreement, you would set your computer up in automatic mode, and it would download and install updates necessary to protect not only your computer but any computer to which your computer might connect. You also had the option to have more control over the settings and just install the software, or you could simply manually update your system. But again, the more updated your system was, presumably the more secure. So automatic update was the way to go. If you have automatic updates set up, you get the WGA installed automatically. According to the complaint, Microsoft's director of Genuine Windows, David Lazar described the WGA program stating: "The system works by identifying unique characteristics of a system and implanting a software key that can be read by Microsoft when updates are requested. The only way to remove the key is to reformat the hard drive [...] The key won't be used to identify individual users, only individual systems [...] I would go back to our privacy policy which says we have no knowledge of the identity of the users, so a user shouldn't be concerned about the use of that key." Um... not quite. First of all, the software looks at a bunch of things in the hardware to develop a profile of the user ? the MAC address, the serial number of the hard drive, its size, and so on. Thus, if you get a new hard drive or other hardware, the key won't match, and you could be flagged as a pirate for using your licensed software. Second, the statement suggests that the only time you get electronically frisked is when you affirmatively request an update. Also not true. With automatic updates on (a setting suggested by Microsoft) you are frisked every time your computer updates ? or every time Microsoft pushes an update to you. Indeed, you are frisked more often than that. Finally, and most disturbingly is the allegation that the key won't be used to identify individual users. Oh really? Cross your heart and hope to die, pinky promise? Broken promises? In July of 2005, Microsoft changed the WGA program, making users install an Active X control that also generated a software key, and again promised that Microsoft does not collect any information during this process] that can be used to identify you or contact you." Similar promises were contained in the FAQs and privacy policy of Microsoft. In April of 2006 the program was expanded once again ? to Microsoft's advantage. Now, as you automatically updated the software using Windows Automatic Update, the WGA validation program was automatically added to your system. If the software thought your software wasn't valid, you got annoying pop-ups prompting you to get legal, allegations that you were breaking the law, and slower boot up times. In addition, this high priority update was now being used to hold users hostage ? no longer could they automatically get software necessary to make their buggy OS reasonably secure without agreeing to the electronic frisking. Without the possibility of pop ups and accusations, you could not get critical security updates. In May of 2006, the head of Microsoft's antipiracy program, Michala Alexander told CNet that, "... the WGA is a voluntary service. You can turn off the pop-ups, and people can opt out of it. They still get all the core downloads, but what they don't get is stuff such as Windows Defender. They still get all the security patches--we don't penalize customers for not joining." Not quite. You couldn't get the stuff automatically. Thus, if you didn't install the WGA software, you were putting everyone else on the Internet at risk. Fun stuff. Once installed, the EULA says that "you will not be able to uninstall the software..." It describes the fact that the software will connect to Microsoft, that by using the now permanent software you consent to this, and that you will not be notified when the connection is made. The EULA notifies you that it uses Internet protocols which sends to Microsoft computer information such as your XP product key, PC manufacturer, OS version, XP product ID, PC BIOS information, locale setting and language version of Windows XP. It then explains that Microsoft does not use the information to identify or contact you. Yeah... right. Well, not today... maybe. Windows Genuine Advantage versus spyware So what does the WGA software do, exactly? It runs surreptitiously on your computer. It scans the software and hardware, and extracts information about it. If you DON'T run it, your computer becomes unsafe. If you do run it, you have the possibility of getting pop-ups and slowing down your system. Indeed, Microsoft on July 2, 2006 promised that the unlicensed user experience would get even worse. This was with Microsoft's PR flack telling Computerworld that, "In Windows Vista, we are making it notably harder and less appealing to use counterfeit software, and we will work to make that a consistent experience with older versions of Windows as well." Sounds an awful lot like spyware to me. Indeed, the EULA here is more onerous and less clear than that which the FTC found actionable for online spyware manufacturer Odysseus, who purported to allow people to download software to make Kazaa P2P software anonymous, but which actually collected personal information and sent adware to the users (PDF). In plain terms, spyware EULAs aren't enforceable, and the WGA license sure sounds like a spyware EULA. In fact, the class action lawsuit against Microsoft, in addition to alleging violations of the Washington State and California deceptive and unfair trade practices statutes, alleges that the WGA software violates the Washington State anti-spyware law which makes it a crime to: (1) Induce an owner or operator to install a computer software component onto the computer by intentionally misrepresenting the extent to which installing the software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content; and (2) Deceptively cause the execution on the computer of a computer software component with the intent of causing the owner or operator to use the component in a manner that violates any other provision of this section. The lawsuit also alleges a violation of the California anti-spyware statute which also says that you cannot: (1) Induce an authorized user to install a software component onto the computer by intentionally misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content. (2) Deceptively causing the copying and execution on the computer of a computer software component with the intent of causing an authorized user to use the component in a way that violates any other provision of this section. So what about the promise that the information cannot and will not be used to identify individual users? Not so fast. Lets see exactly what information Microsoft is having its OS call home with. Sure, it sends the key, and configuration information. But it sends it over the Internet. This adds one more piece of information to the mix ? the system's IP address. The government is increasingly demanding that ISPs ? and now entities like Myspace.com ? retain information for years about IP address holders specifically so that it (and private litigants) can use the IP information to determine the true identity of users. Does Microsoft's promise that it does not collect information from which it can learn your identity mean that it doesn't collect the IP information for millions of computers that connect to its servers? I think not. Or that it doesn't retain (at least briefly) that information? Somehow I doubt it. This problem is not unique to Microsoft. Many companies proudly exclaim on their websites that they "do not collect personal information" or that they only collect that information that people voluntarily provide. They also eschew any attempt to find out who you are ? ever, for any reason ? really and truly ? we mean it. What this really means is that, if a hacker or attacker were to attempt to access the system, or was truly able to break in, the company's privacy policy pretty much says we won't use the information on our system (your IP address, keystrokes, and so on) to try to identify you. I mean, isn't that what it means when you say you wont collect any information and wont attempt to use it? In the case of Microsoft, are they really saying that, if the FBI came to them pursuant to a criminal investigation of software piracy, they would not and could not turn over the IP information to help the FBI determine the identity of those committing piracy? Does this mean that Microsoft has never collected it? That if they really wanted to, they could never find out who had unlicensed products? Somehow, I don't think so. In fact, Microsoft's head is writing checks its body can't cash. On July 2, 2006, Microsoft's PR flack responded to rumors in the blogosphere that, in addition to annoying pop-up ads, Microsoft would soon deactivate any unlicensed copy of Windows. The Redmond giant quickly, but in my opinion unconvincingly, quashed these rumors. According to a spokeswoman with Waggener Edstrom, from Microsoft's public relations firm, "Microsoft antipiracy technologies cannot and will not turn off your computer." Hmmm... Microsoft cannot turn off your computer? Well, um... of course they can. When the software phones home to see if it is licensed and it receives a "no" signal, it could simply cease to operate. It is technologically feasible, isn't it? Perhaps she meant that the computer's power will still be on (it won't turn off your computer...), not that it will continue to function. Moreover, as we have learned from past experience, the fact that Microsoft says now that software will behave in one way doesn't mean that this is the way it will behave in the future. Just download another EULA ? or another update. What all this means is that whenever you collect personal information ? whether actively or passively ? that could be used to identify people, you need to let them know in clear, unambiguous and easily accessible language. Don't worry, nobody is going to read it anyway. And in the case of Microsoft, do they have any meaningful choices? Sure... that little Antarctic bird... From rforno at infowarrior.org Wed Jul 5 22:39:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Jul 2006 22:39:07 -0400 Subject: [Infowarrior] - Consultant Breached FBI's Computers Message-ID: Consultant Breached FBI's Computers Frustrated by Bureaucracy, Hacker Says Agents Approved and Aided Break-Ins By Eric M. Weiss Washington Post Staff Writer Thursday, July 6, 2006; A05 http://www.washingtonpost.com/wp-dyn/content/article/2006/07/05/AR2006070501 489_pf.html A government consultant, using computer programs easily found on the Internet, managed to crack the FBI's classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III. The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused. The government does not allege that the consultant, Joseph Thomas Colon, intended to harm national security. But prosecutors said Colon's "curiosity hacks" nonetheless exposed sensitive information. Colon, 28, an employee of BAE Systems who was assigned to the FBI field office in Springfield, Ill., said in court filings that he used the passwords and other information to bypass bureaucratic obstacles and better help the FBI install its new computer system. And he said agents in the Springfield office approved his actions. The incident is only the latest in a long string of foul-ups, delays and embarrassments that have plagued the FBI as it tries to update its computer systems to better share tips and information. Its computer technology is frequently identified as one of the key obstacles to the bureau's attempt to sharpen its focus on intelligence and terrorism. An FBI spokesman declined to discuss the specifics of the Colon case. But the spokesman, Paul E. Bresson, said the FBI has recently implemented a "comprehensive and proactive security program'' that includes layered access controls and threat and vulnerability assessments. Beginning last year, all FBI employees and contractors have had to undergo annual information security awareness training. Colon pleaded guilty in March to four counts of intentionally accessing a computer while exceeding authorized access and obtaining information from any department of the United States. He could face up to 18 months in prison, according to the government's sentencing guidelines. He has lost his job with BAE Systems, and his top-secret clearance has also been revoked. In court filings, the government also said Colon exceeded his authorized access during a stint in the Navy. While documents in the case have not been sealed in federal court, the government and Colon entered into a confidentiality agreement, which is standard in cases involving secret or top-secret access, according to a government representative. Colon was scheduled for sentencing yesterday, but it was postponed until next week. His attorney, Richard Winelander, declined to comment. According to Colon's plea, he entered the system using the identity of an FBI special agent and used two computer hacking programs found on the Internet to get into one of the nation's most secret databases. Colon used a program downloaded from the Internet to extract "hashes" -- user names, encrypted passwords and other information -- from the FBI's database. Then he used another program to "crack" the passwords by using dictionary-word comparisons, lists of common passwords and character substitutions to figure out the plain-text passwords. Both programs are widely available for free on the Internet. What Colon did was hardly cutting edge, said Joe Stewart, a senior researcher with Chicago-based security company LURHQ Corp. "It was pretty run-of-the-mill stuff five years ago," Stewart said. Asked if he was surprised that a secure FBI system could be entered so easily, Stewart said, "I'd like to say 'Sure,' but I'm not really. They are dealing with the same types of problems that corporations are dealing with." Colon's lawyer said in a court filing that his client was hired to work on the FBI's "Trilogy" computer system but became frustrated over "bureaucratic" obstacles, such as obtaining written authorization from the FBI's Washington headquarters for "routine" matters such as adding a printer or moving a new computer onto the system. He said Colon used the hacked user names and passwords to bypass the authorization process and speed the work. Colon's lawyers said FBI officials in the Springfield office approved of what he was doing, and that one agent even gave Colon his own password, enabling him to get to the encrypted database in March 2004. Because FBI employees are required to change their passwords every 90 days, Colon hacked into the system on three later occasions to update his password list. The FBI's struggle to modernize its computer system has been a recurring headache for Mueller and has generated considerable criticism from lawmakers. Better computer technology might have enabled agents to more closely link men who later turned out to be involved in the Sept. 11, 2001, attacks, according to intelligence reviews conducted after the terrorist strikes. The FBI's Trilogy program cost more than $535 million but failed to produce a usable case-management system for agents because of cost overruns and technical problems, according to the Government Accountability Office. While Trilogy led to successful hardware upgrades and thousands of new PCs for bureau workers and agents, the final phase -- a software system called the Virtual Case File -- was abandoned last year. The FBI announced in March that it would spend an additional $425 million in an attempt to finish the job. The new system would be called "Sentinel." ? 2006 The Washington Post Company From rforno at infowarrior.org Thu Jul 6 09:01:01 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Jul 2006 09:01:01 -0400 Subject: [Infowarrior] - AU Watchdog to vet internet content Message-ID: Watchdog to vet internet content http://www.theage.com.au/news/technology/watchdog-to-vet-internet-content/20 06/07/05/1151779012292.html Ben Doherty, Canberra, and Daniel Ziffer July 6, 2006 AdvertisementAdvertisement ALL local internet content will come under Federal Government supervision after the Communications Minister revealed her response to the Big Brother sexual assault scandal. The regulatory powers of the media watchdog will be broadened to cover emerging technologies such as video streaming on the internet and mobile phones. The code of practice governing the classification of free-to-air television programs will likely be reviewed, despite it being overhauled two years ago. Australia's media watchdog yesterday said that it was powerless to rule on the Big Brother incident. It did not breach broadcast regulations, because, technically, it was not broadcast. The incident, in which a male housemate rubbed his genitals in the face of a woman while she was being held down, did not appear on the Big Brother TV show, but was streamed "live" on the internet from the show's website and on mobile phones. While Channel Ten, which presents Big Brother, has not screened the footage, Australia's other commercial networks have as part of news stories and it remains accessible on the net. The Australian Communications and Media Authority will soon be given the power to regulate similar broadcasts, on top of its jurisdiction over free-to-air TV, radio and internet content "stored" on particular sites. Communications Minister Helen Coonan said yesterday that legislation to broaden the authority's regulatory powers would be introduced into Parliament as soon as possible. "This matter has reinforced the need for changes to the act to ensure that these new services being offered over the internet and mobile devices are subject to the same content restrictions that apply to television broadcasts," she said. Senator Coonan suggested the code might need overhauling. "Given the community outrage about this matter, it would appear the codes applying to television program classifications may also be out of step with community standards." "I think we really need to consider whether the current approach to the classification of reality programming is appropriate," Senator Noonan said. Prime Minister John Howard said this week that the Big Brother show was "stupid" and urged that it be axed. A record number of public submissions were received during the 2004 review of the code. Commercial television's peak body said it was confident that the code, which shapes the classification of programs, reflected public standards. "Broadcasters take their responsibilities under the code very seriously and will co-operate with the review," Free TV chief executive Julie Flynn said. Mike Van Niekerk, editor-in-chief of the websites for The Age and Sydney Morning Herald, received a letter from the minister on Monday, threatening to alert the authority if the Big Brother video was not removed from the sites. Mr Van Niekerk said the video was being removed due to questions about copyright. Shadow communications minister Stephen Conroy said the Government needed to give ACMA the power to punish transgressors, otherwise any changes to the law would be "window dressing". From rforno at infowarrior.org Thu Jul 6 09:01:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Jul 2006 09:01:49 -0400 Subject: [Infowarrior] - AOL may offer free high-speed Internet Message-ID: AOL may offer free high-speed Internet Reuters Thursday, July 6, 2006; 4:37 AM http://www.washingtonpost.com/wp-dyn/content/article/2006/07/06/AR2006070600 154_pf.html NEW YORK (Reuters) - Time Warner Inc.'s AOL unit may offer its full menu of services, including e-mail, free of charge to anyone with a high-speed Internet connection, The Wall Street Journal said on Thursday, citing people familiar with the matter. AOL could give up as much as $2 billion in subscription revenue if a gambit aimed at boosting the Internet service's advertising revenue goes ahead, the Journal said. Under the plan, AOL would stop charging subscription fees for users with high-speed Internet access or a dial-up service from another provider, the newspaper said. Subscribers who have traditional "dial-up" Internet access through AOL would still have to pay their monthly fee, the Journal said. AOL expects that 8 million of its existing dial-up customers would cancel their subscription to take advantage of the new offer. Nearly one-third of the company's customer base of 18.6 million in the first quarter already has high-speed access, it said. AOL is losing subscribers to high-speed Internet providers at a quickening pace, losing about 850,000 in the first quarter, the Journal said. Total U.S. subscribers at the end of 2002 was 26.5 million, the newspaper said. AOL Chief Executive Jonathan Miller presented the proposal to top Time Warner executives in New York last week, the newspaper said. Time Warner was not immediately available for comment. ? 2006 Reuters From rforno at infowarrior.org Thu Jul 6 15:47:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Jul 2006 15:47:48 -0400 Subject: [Infowarrior] - Western Union blocks Arab cash deliveries Message-ID: Western Union blocks Arab cash deliveries http://news.yahoo.com/s/ap/20060706/ap_on_bi_ge/emirates_muslim_money By ANJAN SUNDARAM, Associated Press Writer Thu Jul 6, 3:24 AM ET DUBAI, United Arab Emirates - Money transfer agencies have delayed or blocked thousands of cash deliveries on suspicion of terrorist connections simply because senders or recipients have names like Mohammed or Ahmed, company officials said. In one example, an Indian driver here said Western Union prevented him from sending $120 to a friend at home last month because the recipient's name was Mohammed. "Western Union told me that if I send money to Sahir Mohammed, the money will be blocked because of his name," said 36-year-old Abdul Rahman Maruthayil, who later sent the money through UAE Exchange, a Dubai-based money transfer service. In a similar case, Pakistani Qadir Khan said Western Union blocked his attempt this month to wire money to his brother Mohammed for a cataract operation. "Every Mohammed is a terrorist now?" Khan asked. Dubai-based representatives from Western Union Financial Services, an American company based in Colorado, and Minnesota-based MoneyGram International said their clerks are simply following U.S. Treasury Department guidelines that scrutinize cash flows for terrorist links. Most of the flagged transactions are delayed a few hours. Some are blocked entirely. In many cases, would-be customers like Maruthayil simply find another way to send the funds ? often through informal exchanges with less stringent monitoring. Critics say the screening is far too broad. The number of people inconvenienced in the Emirates alone, which closely cooperates with U.S. counterterror operations, is thought to be in the tens of thousands. One Western Union clerk said about 300 money transfers from a single Dubai franchise were blocked or delayed each day ? none of which has turned up a terrorist link. In Washington, U.S. Treasury spokeswoman Molly Millerwise said foreign banks have used the department's list of terrorist names to freeze $150 million in assets since Sept. 11. Millerwise didn't know the value of money transfers blocked using the list, but said frustrations endured were regrettable but necessary. "We have an obligation to do all we can to keep money out of the hands of terrorists," Millerwise said. The list of names, available on the Treasury's Office of Foreign Assets Control Web site, contains hundreds of Mohammeds. Inconveniences from the screening go far beyond money transfers in the Middle East. In the United States, banks, car dealers, title companies, landlords, and employers have used the list to unjustly block scores of ordinary transactions, said Shirin Sinnar, a San Francisco attorney with the Lawyers' Committee for Civil Rights. In one case, a couple in Sacramento, Calif. was thwarted from purchasing a treadmill on a financing plan, simply because the husband's first name was Hussein, Sinnar said in an e-mail interview. Western Union's caution is perhaps understandable. Sept. 11 hijacker Mohammed Atta sent money from two Western Union agencies in Maryland before boarding a plane he helped crash into New York's World Trade Center. The money transfer crackdown comes amid revelations that the U.S. Treasury and CIA have tracked millions of confidential transactions handled by the Belgium-based Society for Worldwide Interbank Financial Telecommunication. In Dubai, a Western Union branch manager said he was forced to obey U.S. rules he and others consider too broad. "Mohammed and Ahmed have become problematic names because they are so common on the list of terrorists," said Nixon Baby, who runs a Western Union franchise in Bur Dubai, a neighborhood packed with South Asian businesses. "These are regulations that Western Union is required to obey. We have no control." At another Western Union office, an executive who deals with security measures said about 1 percent of the store's 30,000 daily money transfers ? about 300 a day ? are delayed or blocked because of suspected terrorist links. Thus far, all have proven false, the executive said on condition of anonymity, because she wasn't permitted to speak to a reporter. Western Union routinely delays or blocks transfers between customers whose names even partially match names on the Treasury list. The money is usually released once suspects show identity documents that prove they are not on the list, the executive said. Bernie Rabina, a representative at Dubai airport's MoneyGram outlet, said her company follows a similar process. Rabina didn't know what percentage of her franchise's daily transactions were blocked. The U.S. regulations apply to Western Union money transfers made anywhere, said Marc Aubry, the company's Dubai-based Mideast marketing director. But the United Arab Emirates, where Dubai is one of seven city-states, is especially susceptible to the Treasury's restrictions because it is home to more than a million foreign laborers who sent home a collective $14 billion last year, according to a government report. The Emirates government has cooperated with the U.S. Treasury in tightening oversight after a 2004 U.S. investigation found that Emirates banks handled most of the $400,000 spent on the Sept. 11 attacks. Dubai expatriates like Khan and Maruthayil say Western Union, which earns about $3 billion annually from operations in 200 countries, has no valid basis for delaying cash meant for their families. They say Treasury guidelines are sending more people to informal money transfer networks called "hundis" or "hawalas" that have been used by gangsters and terrorists because they circumvent such scrutiny. "Sending money by hawala is cheaper and it does not get checked by banks, so it is quicker," said a Pakistani taxi driver who called himself Munir Ahmed. "They say it is not legal, but it is a reliable alternative to Western Union." At the Council on American-Islamic Relations in Washington, spokesman Corey Saylor said Treasury needs to reform its rules. "The Treasury program interferes with even the most innocent transactions," Saylor said. "Just because Ahmed is a common name on their list, everyone with that name is suddenly stuck." From rforno at infowarrior.org Thu Jul 6 17:24:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Jul 2006 17:24:12 -0400 Subject: [Infowarrior] - Britain OKs Hacker's Extradition to U.S. Message-ID: Britain OKs Hacker's Extradition to U.S. http://www.salon.com/wire/ap/archive.html?wire=D8IMMQJ81.html - - - - - - - - - - - - By BETH GARDINER Associated Press Writer July 06,2006 | LONDON -- Britain's top law enforcement official on Thursday approved the extradition to the United States of an alleged computer hacker accused of damaging U.S. military systems. Gary McKinnon, 40, has two weeks to appeal the order, signed Tuesday by Home Secretary John Reid, the Home Office said. A judge ruled in May that McKinnon, who has been indicted in New Jersey and northern Virginia, should be sent to the United States to face trial. The decision required Reid's approval. His office said he was not convinced by the arguments McKinnon raised in his defense. McKinnon said he planned to appeal, telling British Broadcasting Corp. television "I am very worried and feeling very let down by my own government." He is accused of illegally accessing 97 computers, causing at least $700,000 in damage in the largest attack on the U.S. government's computer networks, U.S. government attorneys told a British court. Court records in Virginia allege McKinnon caused up to $900,000 in damage to computers, including those of private companies, in 14 states. McKinnon, an unemployed computer system administrator who lives in London, has said he did not intend to cause damage, but was seeking evidence that America is concealing the existence of UFOs. But Judge Nicholas Evans said he left messages on one system protesting U.S. foreign policy. "U.S. foreign policy is akin to government-sponsored terrorism," Evans quoted one such note as saying. McKinnon was arrested in 2002. He opposed extradition, claiming he could face prosecution under U.S. anti-terror laws. He is accused of hacking into U.S. government computers including a system at the Pentagon between February 2001 and March 2002. He allegedly accessed a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, N.J., and stole 950 passwords. The alleged break-in occurred shortly after the Sept. 11, 2001, attacks and shut down the whole system for a week, Evans said. The station is responsible for replenishing the Atlantic fleet's munitions and supplies. It is up to officials in New Jersey and Virginia to decide where McKinnon will be tried. If convicted of the charges in New Jersey, McKinnon faces a maximum sentence of five years in federal prison and a $250,000 fine, U.S. Attorney Christopher J. Christie said when the indictment was disclosed. Although McKinnon was able to view sensitive details about naval munitions and shipbuilding on the U.S. computer systems, he did not access classified information, an investigation found. Salon provides breaking news articles from the Associated Press as a service to its readers, but does not edit the AP articles it publishes. ? 2006 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press. From rforno at infowarrior.org Thu Jul 6 19:49:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Jul 2006 19:49:27 -0400 Subject: [Infowarrior] - Military reviews "slant" for embed program Message-ID: Military reviews "slant" for embed program http://blog.foreignpolicy.com/node/1042 Wed, 07/05/2006 - 4:22pm. Security concerns already hinder the media in Iraq, but now the military may be adding another restrictive layer. In FP's Seven Questions this week, Rod Nordland, Newsweek's former Baghdad bureau chief, says journalists in Iraq are subject to a review of their previous work and their "slant" prior to their participation in the U.S. military's embedded media program. > The military has started censoring many [embedded reporting] arrangements. > Before a journalist is allowed to go on an embed now, [the military] check[s] > the work you have done previously. They want to know your slant on a story ? > they use the word slant ? what you intend to write, and what you have written > from embed trips before. If they don't like what you have done before, they > refuse to take you. There are cases where individual reporters have been > blacklisted because the military wasn?t happy with the work they had done on > embed. From rforno at infowarrior.org Sat Jul 8 02:22:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 02:22:38 -0400 Subject: [Infowarrior] - FBI plans new Net-tapping push Message-ID: FBI plans new Net-tapping push By Declan McCullagh http://news.com.com/FBI+plans+new+Net-tapping+push/2100-1028_3-6091942.html Story last modified Fri Jul 07 18:55:01 PDT 2006 The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned. FBI Agent Barry Smith distributed the proposal at a private meeting last Friday with industry representatives and indicated it would be introduced by Sen. Mike DeWine, an Ohio Republican, according to two sources familiar with the meeting. The draft bill would place the FBI's Net-surveillance push on solid legal footing. At the moment, it's ensnared in a legal challenge from universities and some technology companies that claim the Federal Communications Commission's broadband surveillance directives exceed what Congress has authorized. The FBI claims that expanding the 1994 Communications Assistance for Law Enforcement Act is necessary to thwart criminals and terrorists who have turned to technologies like voice over Internet Protocol, or VoIP. "The complexity and variety of communications technologies have dramatically increased in recent years, and the lawful intercept capabilities of the federal, state and local law enforcement community have been under continual stress, and in many cases have decreased or become impossible," according to a summary accompanying the draft bill. Complicating the political outlook for the legislation is an ongoing debate over allegedly illegal surveillance by the National Security Administration--punctuated by several lawsuits challenging it on constitutional grounds and an unrelated proposal to force Internet service providers to record what Americans are doing online. One source, who asked not to be identified because of the sensitive nature of last Friday's meeting, said the FBI viewed this as a top congressional priority for 2007. Breaking the legislation down The 27-page proposed CALEA amendments seen by CNET News.com would: ? Require any manufacturer of "routing" and "addressing" hardware to offer upgrades or other "modifications" that are needed to support Internet wiretapping. Current law does require that of telephone switch manufacturers--but not makers of routers and network address translation hardware like Cisco Systems and 2Wire. ? Authorize the expansion of wiretapping requirements to "commercial" Internet services including instant messaging if the FCC deems it to be in the "public interest." That would likely sweep in services such as in-game chats offered by Microsoft's Xbox 360 gaming system as well. ? Force Internet service providers to sift through their customers' communications to identify, for instance, only VoIP calls. (The language requires companies to adhere to "processing or filtering methods or procedures applied by a law enforcement agency.") That means police could simply ask broadband providers like AT&T, Comcast or Verizon for wiretap info--instead of having to figure out what VoIP service was being used. ? Eliminate the current legal requirement saying the Justice Department must publish a public "notice of the actual number of communications interceptions" every year. That notice currently also must disclose the "maximum capacity" required to accommodate all of the legally authorized taps that government agencies will "conduct and use simultaneously." Jim Harper, a policy analyst at the free-market Cato Institute and member of a Homeland Security advisory board, said the proposal would "have a negative impact on Internet users' privacy." "People expect their information to be private unless the government meets certain legal standards," Harper said. "Right now the Department of Justice is pushing the wrong way on all this." Neither the FBI nor DeWine's office responded to a request for comment Friday afternoon. DeWine has relatively low approval ratings--47 percent, according to SurveyUSA.com--and is enmeshed in a fierce battle with a Democratic challenger to retain his Senate seat in the November elections. DeWine is a member of a Senate Judiciary subcommittee charged with overseeing electronic privacy and antiterrorism enforcement and is a former prosecutor in Ohio. A panel of the U.S. Court of Appeals in Washington, D.C., decided 2-1 last month to uphold the FCC's extension of CALEA to broadband providers, and it's not clear what will happen next with the lawsuit. Judge Harry Edwards wrote in his dissent that the majority's logic gave the FCC "unlimited authority to regulate every telecommunications service that might conceivably be used to assist law enforcement." The organizations behind the lawsuit say Congress never intended CALEA to force broadband providers--and networks at corporations and universities--to build in central surveillance hubs for the police. The list of organizations includes Sun Microsystems, Pulver.com, the American Association of Community Colleges, the Association of American Universities and the American Library Association. If the FBI's legislation becomes law, it would derail the lawsuit because there would no longer be any question that Congress intended CALEA to apply to the Internet. From rforno at infowarrior.org Sat Jul 8 02:33:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 02:33:11 -0400 Subject: [Infowarrior] - A Chronology of Data Breaches Since ChoicePoint Message-ID: A Chronology of Data Breaches Reported Since the ChoicePoint Incident The data breaches noted below have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. A few breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of records involved in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws. The running total we maintain at the end of the Chronology represents the approximate number of *records* that have been compromised due to security breaches, not necessarily the number of *individuals* affected. Some individuals may be the victims of more than one breach, which would affect the totals. < - > http://www.privacyrights.org/ar/ChronDataBreaches.htm From rforno at infowarrior.org Sat Jul 8 02:35:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 02:35:00 -0400 Subject: [Infowarrior] - Researchers look to predict software flaws Message-ID: Researchers look to predict software flaws Robert Lemos, SecurityFocus 2006-07-07 http://www.securityfocus.com/news/11399?ref=rss Want to know how many flaws will be in the next version of a software product? Using historical data, researchers at Colorado State University are attempting to build models that predict the number of flaws in a particular operating system or application. In an analysis to be presented at a secure computing conference in September, three researchers used monthly flaw tallies for the two most popular Web servers--The Apache Foundation's Apache Web server and Microsoft's Internet Information Services (IIS) server--to test their models for predicting the number of vulnerabilities that will be found in a given code base. The goal is not to help software developers to create defect-free software--which may be so unlikely as to be impossible--but to give them the tools to determine where they need to concentrate their efforts, said Yashwant Malaiya, professor of computer science at Colorado State University and one of the authors of the paper on the analysis. "The possible reasons that vulnerabilities arise are much smaller than the reasons for the number of defects, so it should be possible to reduce the number of vulnerabilities," Malaiya said. "It would never be possible to reduce the issues to zero, but it should be possible to reduce it to a much smaller number." The research could be another tool for developers in the fight to improve programmers' security savvy and reduce the number of flaws that open up consumers and companies to attack. While the number of vulnerabilities found in recent years leveled off, Web applications boosted the number of flaws found in 2005. Moreover, the advent of data-breach notification laws has forced companies, universities and government agencies to tell citizens when a security incident has put their information in peril. The resulting picture painted by numerous breach notifications has not been heartening. The latest research focuses on fitting an S-shaped curve to monthly vulnerability data, positing that a limited installed based and little knowledge of new software limits the finding of vulnerabilities in a just-released application, while exhaustion of the low-hanging fruit makes finding vulnerabilities in older products more difficult. The researchers found that the number of vulnerabilities found in Windows 95, Windows NT and Red Hat Linux 7.1 fit their model quite well as does those found in the Apache and IIS Web servers between 1995 and the present. The Web server analysis, which will be discussed in the September paper, suggests that IIS has reached a saturation point, with a lower rate of vulnerabilities discovered than Apache. Moreover, that analysis found that the S-curve relationship holds for broad classes of vulnerabilities, such as input validation errors, race conditions, and design errors. Some software developers believe that such research could allow product managers to make better decisions about when a software program is ready to be shipped and how many vulnerabilities will likely be found. "There isn't an engineering manager that wouldn't love to know the number of vulnerabilities they should expect to have after pushing out a product," said Ben Chelf, chief technology officer for Coverity, a maker of source-code analysis tools that can be used to detect potential software flaws. "A VP of engineering can, on the release date, say, 'We expect to find 50 more security issues in this code.' That helps mitigate cost and risk." Yet, the researchers' predictions have been hit or miss, even with a large margin of error of 25 percent. A paper released in January 2006 predicted that the number of flaws found in Windows 98 would saturate between 45 and 75; at the time, data from the National Vulnerability Database showed that 66 vulnerabilities had been found, but that number has continued to increase to 91 as of July. However, the researchers' prediction for Windows 2000 has apparently been accurate: The current number of vulnerabilities for the operating system is 305, just within the 294-to-490 range given in the computer scientists' paper. Whether the models become more accurate may rely on getting better data on the number of software flaws discovered after development. The models used for prediction of future vulnerabilities assume that defect density--the number of software flaws per 1,000 lines of code--remains the same between software versions. It's not an unreasonable assumption: Historically, the researchers found that a company's programming teams tend not to get better, making the same number of mistakes in one version of software as the next, said CSU's Malaiya. However, such observations use data that predates the increasing use of static code analysis software and initiatives among developers, such as Microsoft, to improve the security of their products. Some security experts have doubts whether the model will ever be able to make better than a rough estimate of the number of vulnerabilities that will likely to be found in a particular application. The prediction of the number of vulnerabilities from general trend data may gloss over too many important details to be of real value, said Gerhard Eschelbeck, chief technology officer for anti-spyware firm Webroot Software. "This is a little bit like predicting the next earthquake," Eschelbeck said. "It's a valuable area of research but it may not, in the end, be practical." Because vulnerability researchers' interest in finding flaws in a particular product can be fickle, general trends could be swamped by other variables. In July, for example, Microsoft's Internet Explorer browser will likely see an uncharacteristically large number of vulnerabilities found because one researcher has decided to release a bug each day of the month. Market forces could also throw off the models, since a handful of companies now pay for previously unknown flaws, a situation that could cause researchers to stay interested in older operating systems. Moreover, the discovery of less serious flaws is far less important than critical vulnerabilities that could lead to remote compromises, Eschelbeck said. "It is not just about the number, but about the severity," he said. "Just the pure number does not mean a lot without the context." If such limitations could be overcome, the ability to predict the future number of software flaws could have big benefits, said Brian Chess, chief scientist with source-code analysis tool maker Fortify. For example, the assumption that vulnerabilities will always be present in software may suggest a better strategy for dealing with the issues. Developers can choose to put their resources into finding the more serious issues, he said. "If you accept that flaws can't be gotten rid of, you can decide which mistakes you are going to make and which ones are not acceptable," Chess said, "Even though you cannot predict which line of codes will have the vulnerabilities, you can push the actual class of vulnerabilities one way or another." In the end, even if the research does not produce accurate predictions, accepting that you will have security problems and learning to deal with the aftermath of releasing a software product are important lessons, he said. "The next thing you build will have security problems just like the last thing you did, but let's make sure that when we have a vulnerability, we can deal with it," Chess said. "I think that is an evolution in the way that people think about building security into their software." From rforno at infowarrior.org Sat Jul 8 02:36:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 02:36:12 -0400 Subject: [Infowarrior] - College Music Sites: Free, Legal and Ignored Message-ID: Free, Legal and Ignored Colleges Offer Music Downloads, But Their Students Just Say No; Too Many Strings Attached By NICK TIMIRAOS July 6, 2006; Page B1 http://online.wsj.com/public/article/SB115214899486099107-vuoIhGUthiYcFwsQK0 DjegSRPwQ_20070706.html?mod=blogs As a student at Cornell University, Angelo Petrigh had access to free online music via a legal music-downloading service his school provided. Yet the 21-year-old still turned to illegal file-sharing programs. The reason: While Cornell's online music program, through Napster, gave him and other students free, legal downloads, the email introducing the service explained that students could keep their songs only until they graduated. "After I read that, I decided I didn't want to even try it," says Mr. Petrigh, who will be a senior in the fall at the Ithaca, N.Y., school. College students don't turn down much that's free. But when it comes to online music, even free hasn't been enough to persuade many students to use such digital download services as Napster, Rhapsody, Ruckus and Cdigix. As a result, some schools have dropped their services, and others are considering doing so or have switched to other providers. To stop students from pirating music, more than 120 colleges and universities have tried providing free or subsidized access to the legal subscription services over campus networks in the past few years. About 7% of all four-year schools and 31% of private research universities provided one of the legal downloading services, according to a 2005 survey of 500 schools by the Campus Computing Project, a nonprofit that studies how colleges use information technology. Universities typically pay for the services, some with private grants and others through student fees. While a typical monthly subscription to Napster is $9.95, the schools have been able to cut special deals, funded in part by record companies. Purdue University officials say that lower-than-expected demand among its students stems in part from all the frustrating restrictions that accompany legal downloading. Students at the West Lafayette, Ind., school can play songs free on their laptops but have to pay to burn songs onto CDs or load them onto a digital music device. There's also the problem of compatibility: The services won't run on Apple Computer Inc. computers, which are owned by 19% of college students, according to a 2006 survey of 1,200 students by the research group Student Monitor. In addition, the files won't play on Apple iPods, which are owned by 42% of college students, according to the survey. "People still want to have a music collection. Music listeners like owning their music, not renting," says Bill Goodwin, 21, who graduated in May from the University of Southern California in Los Angeles. USC decided last year that it was finished with Napster after fewer than 500 students signed up, and it moved to Ruckus, hoping students would find that service more appealing. Meanwhile, both Cornell and Purdue will no longer offer their students free music next year. An anonymous donor had paid for Cornell to offer Napster for two years, but the student government passed on a chance to keep the service by charging students a fee. "There hasn't been an overwhelming response to keep it," says Kwame Thomison, Cornell's student assembly president. "Students that enjoyed the service enough can pay for it themselves." The number of students using Napster at George Washington University dropped by more than half between the first and second year, from one-third to one-seventh of eligible users. Alexa Kim, who oversees the Washington school's program, attributes the higher use at the start to the service's novelty and to press attention during the inaugural year. She adds that the university hasn't decided if it will renew its contract. Colleges started offering the services in part because they were concerned that the recording industry might try to hold them liable for their students' copyright violations. So far no schools have been sued by the recording industry. Universities also have another reason for reducing illegal downloading: The large amount of bandwidth used by movie and music downloads chokes universities' computer networks. The subscription services complement university filtering programs that can identify users who are misusing school networks. "The bandwidth that I recovered saved us $75,000 a year in network costs," says Matthew Jett Hall, assistant vice chancellor at Vanderbilt University in Nashville, Tenn. The university's Napster program requires users to pay $2 a month for unlimited downloads. The Recording Industry Association of America says it has been happy with the progress the program has made so far. "Universities tend to move not all that quick to do things like this, so it's really quite an achievement," says RIAA President Cary Sherman. Some schools that don't offer free downloads dismiss the subscription services as too costly for the results they achieve, especially because so many students now buy music from Apple's iTunes Music Store. "We were not in a position to offer an alternative to iTunes," says Lev Gonick, the chief information officer at Case Western Reserve University in Cleveland. "The alternatives looked like they had more sizzle than steak." There is also little consensus among administrators about how successful the services have been in eliminating piracy. Although some say complaints from the recording industry have dropped sharply, no one can tell if that's because fewer students are engaging in illegal file-sharing or if the industry simply doesn't want to go after schools that are spending money to combat the problem. "The RIAA's push to buy into these services strikes me as protection money. Buy in and we'll protect you from our lawsuits," says Kenneth C. Green, the Campus Computing Project's director. The RIAA denies the charge. "We do sue students and send takedown notices to universities that have legal services all the time," says Mr. Sherman. Universities have a particular responsibility to teach students the value of intellectual property, he adds, because they are "probably the No. 1 creator of intellectual property." And he disputes the idea that the subscription services have fallen out of favor. The number of campuses that subscribe will increase "pretty significantly" in the fall, he says. Even at schools where more than half of the students use the services, few choose to buy songs. Only 2% of students at the University of Rochester in New York reported buying a song that they had downloaded from Napster in a fall 2005 survey of about 700 students. In the same survey, 10% said they downloaded songs from other services -- not necessarily legally -- after finding one they liked on Napster. "There isn't that much we can do," acknowledges Aileen Atkins, Napster's senior vice president for business affairs and general counsel. "If they have an iPod, they're going to buy it on iTunes. It's a fact of life." Write to Nick Timiraos at nick.timiraos at wsj.com From rforno at infowarrior.org Sat Jul 8 03:06:08 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 03:06:08 -0400 Subject: [Infowarrior] - EFF: Defending liberties in high-tech world Message-ID: Defending liberties in high-tech world Despite its many legal victories, critics charge the EFF with idealism By ANICK JESDANUN The Associated Press Updated: 6:00 p.m. ET July 5, 2006 SAN FRANCISCO - In March 1990, when few people had even heard of the Internet, U.S. Secret Service agents raided the Texas offices of a small board-game maker, seizing computer equipment and reading customers' e-mail stored on one machine. A group of online pioneers already worried about how the nation's laws were being applied to new technologies became even more fearful and decided to intervene. And thus the Electronic Frontier Foundation was born ? 16 years ago this week ? taking on the Secret Service as its first case, one the EFF ultimately won when a judge agreed that the government had no right to read the e-mails or keep the equipment. Today, after expanding into such areas as intellectual property and moving its headquarters twice along with its focus, the EFF is re-emphasizing its roots of trying to limit government surveillance of electronic communications, while keeping a lookout for emerging threats even as the Internet and digital technologies become mainstream. In one of its highest-profile lawsuits to date, the EFF has accused AT&T Inc. of illegally cooperating with the National Security Agency to make phone and Internet communications available without warrants. "It's quite possibly the most important privacy and free speech issue in the 21st century," said Kevin Bankston, an EFF staff attorney formerly with the American Civil Liberties Union. "We are trying to force the government to follow the law. We are trying to force the phone company to follow the law." Shari Steele, the EFF's executive director, described the NSA program as "a place where technology and civil liberties collide in a big way." The EFF was born July 10, 1990, as three men who met on the online community The WELL grew concerned that the ACLU and other traditional civil-liberties organizations didn't understand technology enough to question government actions like the Secret Service raid. "It's difficult at this stage of the game to remember how few people even knew the Internet existed," said John Perry Barlow, a co-founder who used to write lyrics for the Grateful Dead. "It wasn't on their radar." Even the World Wide Web wouldn't be invented for another five months. Software pioneer Mitch Kapor, another co-founder, said that even when a group like the ACLU had the will, it didn't have the technical know-how to consider how basic, constitutional rights would even apply to the online world. "Nobody had done the thinking," he said. "The questions hadn't been raised." So from Day One, the EFF sought to become a high-tech ACLU and ensure that offline rights indeed transferred to emerging technologies. Early on, the EFF took on government efforts to treat encryption technology as military weapons rather than speech, and later it joined other groups in successfully challenging _ on free-speech grounds _ congressional efforts to block online pornography. The group also defended developers of file-sharing software, arguing that technology with legal uses shouldn't be barred even if others can use it to commit crimes, such as trading copyright music and movies. There have been internal tensions along the way as the organization left Cambridge, Mass., for Washington, D.C., in 1993. The EFF started trying to influence legislation, and some in the organization grew uncomfortable with the need to compromise in that setting. So the EFF moved once more, to San Francisco in 1995, and after dabbling with corporate issues like privacy policies and spinning off the TRUSTe privacy-certification program for businesses as a standalone organization, it redirected its energies to litigation. Most of the EFF's 25 employees now work in a former sewing factory and paint warehouse in San Francisco's gritty Mission District, its cubicle-less offices having the makeshift, open feel of a political campaign rather than a law firm. Attorneys walk around sans ties and suits and hold impromptu meetings on colorful couches. Chewed up tennis balls scattered throughout provide evidence of a dog-friendly environment. Although the EFF was among the few tech-focused groups when it formed, many other organizations now complement it. The Center for Democracy and Technology, or CDT, formed by former EFF staffers in the rift over its role in lobbying, is housed in Washington and tackles issues before Congress and federal agencies. The ACLU also became active in technology and led the online pornography lawsuits. In challenging the Bush administration's domestic-surveillance program, the ACLU sued the government, while the EFF sued AT&T. The EFF's nonlitigation projects include ongoing funding for the Tor system for anonymous online communications and research last year exposing tracking codes embedded in color laser printers. Its staffers also testify at public hearings; one took part in an electronic-voting task force that released a report on security in late June. But the bulk of the work is legal ? 60 percent to 70 percent, Steele estimated. That focus has left the group open to criticisms that by refusing to play the Washington game of compromising, its views are idealistic and sometimes extremist. "They are the lawyers for the open vision of the Internet," said Peter Swire, the Clinton administration privacy counselor who sometimes tussled with the EFF. "They are the Left Coast advocacy group." Companies targeted by the EFF say the group appears overly skeptical of intellectual property and the free market. Paul Ryan, whose Acacia Research Corp. the EFF cited for "crimes against the public domain" for claiming patents on streaming media, said the EFF ignores the fact that without patent protection, companies have less incentive to innovate. The EFF also has faced criticisms that, despite its many victories, its losses can establish legal precedents that make subsequent cases harder to win. In the file-sharing case, the EFF won twice in lower courts, but the Supreme Court narrowed a 1984 ruling that technology shouldn't automatically be barred because it had illegal uses. "The decision to expend energy on cases and in some sense to work to get them to the Supreme Court is to really gamble with the outcome," said Danny Weitzner, who left EFF in 1994 to help form the rival CDT. He said the EFF should have waited for a better case, so that the high court wouldn't be "deciding about whether kids could steal music." EFF attorneys say that they can't always wait for the perfect case and could at least prevent a worse ruling. Others say that by refusing to take risks, no rights will be left. "People will always second guess what you do," said Lee Tien, an EFF attorney active in the AT&T lawsuit. "If you're going to be afraid to complain about something wrong, you deserve to have wrongdoing done to you." The EFF continues to tackle issues like anonymity, electronic voting, patents and copyright, but the Sept. 11 attacks nearly five years ago have forced the EFF to spend more time on surveillance. It has sought to require more evidence before law enforcement can legally track people's locations by their cell phones, and in January the group sued AT&T, saying the San Antonio-based company violated U.S. law and the privacy of its customers. AT&T and NSA officials declined comment for this article. The AT&T lawsuit already has generate grassroots momentum for the group, which gets the bulk of its $2.5 million budget from individuals. About 1,400 joined the EFF and sent in contributions after the EFF sent a mid-May appeal that cited the AT&T case. The group now has about 11,500 dues-paying members. Basic online rights are more established today than when the EFF formed, but EFF legal director Cindy Cohn said there's no shortage of cutting-edge cases. "We're not near the end of the digital revolution in terms of new technology being rolled out," she said. "Just because some stuff is mainstream, there's still a lot of stuff coming down the road to raise new issues or raise old issues over again in slightly new ways." The EFF, she said, remains committed to fighting the battles "nobody's talking about yet." Copyright 2006 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. URL: http://www.msnbc.msn.com/id/13718446/ ? 2006 MSNBC.com From rforno at infowarrior.org Sat Jul 8 03:32:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 03:32:03 -0400 Subject: [Infowarrior] - Next-gen DVD formats fall to the first of many hacks Message-ID: ...anyone care to speculate how long before the MPAA will try to get the use of the Print Screen button criminalized? -rf Next-gen DVD formats fall to the first of many hacks 7/7/2006 1:21:01 PM, by Jon Hannibal Stokes http://arstechnica.com/news.ars/post/20060707-7214.html The folks at c't magazine have discovered a simple tool for beating the content protection on Blu-ray and HD-DVD formats: the print screen button. By pressing the print screen button once per frame, you can capture an entire movie at full resolution. Of course, you'd want to automate this task, but c't has shown that it can be done. They're promising more details in the forthcoming print version of their magazine. The few machines on which they've confirmed the hack have been running Intervideo's WinDVD, though it's likely that this hack isn't specific to WinDVD. C't also reports that Toshiba now has updates planned to disable the screen capture function while the software is running, and they may also update the AACS key in order to force users to either patch their software or be unable to decode the content. I think it's ultimately pointless for Toshiba to even bother to plug this particular hole. I mean, from a legal standpoint they're clearly obligated to address the matter, because if a rightsholder lets stuff like this slide it will come back to bite them in court. But from the perspective of combatting so-called "piracy," Joe User is not going to rip a DVD this way, because even if the process is automated it's still going to be labor- and time-intensive to get a full movie using this method. The vast majority of unauthorized viewers of movie content prefer to grab a full DVD rip off P2P rather than do the relatively painless work of ripping DVDs themselves. The new HD content will still be available from unauthorized sources like P2P networks and bootleg dealers, one way or the other, because there's just too much money in black market movie sales. I read someone somewhere commenting on the US-Mexico border fence that was being debated a while back, and this person said, "a 10 foot wall will just create a market for 12 foot ladders." This is a pretty good way of phrasing the point that many problems that we might try to solve with technology are really economic problems. People don't use P2P because they're immoral, or uneducated about intellectual property rights, or because they just enjoy wading through a sea of bad rips, trojans, and disguised advertisements for porn; they use P2P because content is either too expensive, or because it comes burdened with so much onerous and restrictive DRM "protection" that they can't enjoy it the way they want. From rforno at infowarrior.org Sat Jul 8 23:22:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Jul 2006 23:22:19 -0400 Subject: [Infowarrior] - When in Doubt, Publish Message-ID: When in Doubt, Publish By On Secrets Sunday, July 9, 2006; B02 http://www.washingtonpost.com/wp-dyn/content/article/2006/07/07/AR2006070701 146_pf.html It is the business -- and the responsibility -- of the press to reveal secrets. Journalists are constantly trying to report things that public officials and others believe should be secret, and constantly exercising restraint over what they publish. Most Americans want their government to be held accountable, which is the raison d'?tre of watchdog journalism. At the same time, they do not want the press to disclose government secrets that are vital to national security. The journalist's dilemma, then, lies in choosing between the risk that would result from disclosure and the parallel risk of keeping the public in the dark -- a quandary that has become all the more pointed since the attacks of Sept. 11, 2001. As deans charged with imparting the values of journalism to the next generation of reporters and editors, we favor disclosure when there are not strong reasons against it. That issue is front and center again because of the June 23 articles in the New York Times, the Los Angeles Times and the Wall Street Journal describing the government's efforts to track terrorist financing. The New York Times has attracted most of the outrage because it took the lead in investigating the system. It is appropriate for Americans to be concerned when news organizations publish information that the president and others in authority have strongly urged not be published. No sane citizen would wish the media to provide terrorists with information that would be likely to endanger Americans. President Bush has denounced the Times in exceptionally harsh language, and on June 29 the House formally condemned the paper. Some critics of the Times have termed its actions "treasonous" and called for criminal charges under the Espionage Act. One conservative commentator told the San Francisco Chronicle that she would happily send Bill Keller, the paper's executive editor, to the gas chamber. Keller has characterized the decision to publish the information as a "close call," making this an especially important example to examine. Despite its security concerns, the public has shown steady support for the media's watchdog role. Earlier this year, a survey by the Pew Research Center for the People and the Press found that 56 percent of respondents said it was very important for the media to report stories they believe are in the nation's interest. A third of respondents ranked government censorship on the grounds of national security as more important. The public wants the press to keep a sharp lookout, but wants the job performed responsibly. We share this sentiment. In the case of the stories about financial data, the government's main concern seemed to be that the hitherto cooperative banks might stop cooperating if the Times disclosed the existence of their financial tracking system. So far, that apparently has not happened. For many Americans, however, the possibility of damage to terrorist surveillance should have been sufficient justification for the Times to remain silent. Why, they ask, should the press take such a chance? There are situations in which that chance should not be taken. For instance, there was no justification for columnist Robert D. Novak to have unmasked Valerie Plame as a covert CIA officer. We believe that in the case of a close call, the press should publish when editors are convinced that more damage will be done to our democratic society by keeping information away from the American people than by leveling with them. We know from history that the government often claims to be concerned about national security when its concern is that disclosure will prove politically or personally embarrassing. The documents that came to be known as the Pentagon Papers in 1971 told how Presidents Dwight D. Eisenhower, John F. Kennedy and Lyndon B. Johnson had misled Americans about our role in the Vietnam War. Hence the classification of their contents. In the aftermath of 9/11, a new climate of caution was a sensible response to a sophisticated terrorist foe. But Bush's reaction -- declaring a "war on terror" and claiming the Constitution grants almost limitless powers to the president in a time of war -- is excessive. His administration has been aggressively restricting access to information on the grounds of national security. For example, earlier this year historians complained that intelligence agencies were removing previously declassified documents from archives. Some of these papers dated as far back as the Korean War; many had been cited multiple times in books. In general, the administration has sought to conduct much of what it calls the war on terror in secret, and it has been able to do so with little oversight from Congress, which would normally be a key check on power. When the press has played such an oversight role, it has often been harshly criticized. For instance, a few months ago Bush denounced the Times for revealing the National Security Agency's program of monitoring international telephone calls by Americans without first obtaining warrants, as the law requires. In that case, Bush rebuked the paper for revealing a classified secret. For most observers, however, the most important secret that was revealed was that the president had ignored the statutory process that Congress had established. Despite the rhetoric of their fiercest critics, most journalists take secrets seriously. Indeed, in a number of cases since 9/11, many news organizations, including the Times, have forgone publication of information at the request of the Bush administration. The Times held the article on domestic eavesdropping for a year, publishing it only after the paper thought that the issues raised were of great importance. We believe that the extraordinary power of the presidency at this moment mandates more scrutiny rather than less. Yet Attorney General Alberto R. Gonzales has said he would consider prosecuting journalists for publishing classified information. Such an action would threaten to tilt the balance between disclosure and secrecy in a direction that would weaken watchdog reporting at a time when it is badly needed. We subscribe to the vision of Carl C. Magee, a crusading journalist whose Albuquerque newspaper infuriated another president in the 1920s with revelations in the Teapot Dome scandal. Forced to close his paper after being driven to bankruptcy, Magee emerged two months later with another newspaper. Emblazoned on the front page was a new motto, borrowed from Dante: Give Light and the People Will Find Their Own Way. journalismdeans at hotmail.com Geoffrey Cowan, dean Annenberg School for Communication University of Southern California Alex S. Jones, director Shorenstein Center Harvard University John Lavine, dean Medill School of Journalism Northwestern University Nicholas Lemann, dean Graduate School of Journalism Columbia University Orville Schell, dean Graduate School of Journalism University of California at Berkeley ? 2006 The Washington Post Company From rforno at infowarrior.org Sun Jul 9 12:59:33 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Jul 2006 12:59:33 -0400 Subject: [Infowarrior] - Cracking the Secret Codes of Europe's Galileo Satellite Message-ID: Cracking the Secret Codes of Europe's Galileo Satellite http://www.newswise.com/p/articles/view/521790/ Description Members of Cornell University's Global Positioning System Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. Newswise ? Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites. The codes and the methods used to extract them were published in the June issue of GPS World. The navigational satellite, GIOVE-A (Galileo In-Orbit Validation Element-A), is a prototype for 30 satellites that by 2010 will compose Galileo, a $4 billion joint venture of the European Union, European Space Agency and private investors. Galileo is Europe's answer to the United States' GPS. Because GPS satellites, which were put into orbit by the Department of Defense, are funded by U.S. taxpayers, the signal is free -- consumers need only purchase a receiver. Galileo, on the other hand, must make money to reimburse its investors -- presumably by charging a fee for PRN codes. Because Galileo and GPS will share frequency bandwidths, Europe and the United States signed an agreement whereby some of Galileo's PRN codes must be "open source." Nevertheless, after broadcasting its first signals on Jan. 12, 2006, none of GIOVE-A's codes had been made public. In late January, Mark Psiaki, associate professor of mechanical and aerospace engineering at Cornell and co-leader of Cornell's GPS Laboratory, requested the codes from Martin Unwin at Surrey Space Technologies Ltd., one of three privileged groups in the world with the PRN codes. "In a very polite way, he said, 'Sorry, goodbye,'" recalled Psiaki. Next Psiaki contacted Oliver Montenbruck, a friend and colleague in Germany, and discovered that he also wanted the codes. "Even Europeans were being frustrated," said Psiaki. "Then it dawned on me: Maybe we can pull these things off the air, just with an antenna and lots of signal processing." Within one week Psiaki's team developed a basic algorithm to extract the codes. Two weeks later they had their first signal from the satellite, but were thrown off track because the signal's repeat rate was twice that expected. By mid-March they derived their first estimates of the code, and -- with clever detective work and an important tip from Montenbruck -- published final versions on their Web site () on April 1. The next day, NovAtel Inc., a Canadian-based major manufacturer of GPS receivers, downloaded the codes from the Web site and within 20 minutes began tracking GIOVE-A for the first time. Galileo eventually published PRN codes in mid-April, but they weren't the codes currently used by the GIOVE-A satellite. Furthermore, the same publication labeled the open source codes as intellectual property, claiming a license is required for any commercial receiver. "That caught my eye right away," said Psiaki. "Apparently they were trying to make money on the open source code." Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki. The upshot: The Europeans cannot copyright basic data about the physical world, even if the data are coming from a satellite that they built. "Imagine someone builds a lighthouse," argued Psiaki. "And I've gone by and see how often the light flashes and measured where the coordinates are. Can the owner charge me a licensing fee for looking at the light? ? No. How is looking at the Galileo satellite any different?" Other authors of the GPS World article are Paul Kintner, Cornell professor of electrical and computer engineering, graduate students Todd Humphreys, Shan Mohiuddin and Alessandro Cerruti, and engineer Steven Powell. This story was written by graduate student Thomas Oberst, a writer intern at Cornell News Service. ? 2006 Newswis From rforno at infowarrior.org Sun Jul 9 21:52:20 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Jul 2006 21:52:20 -0400 Subject: [Infowarrior] - MI5 to post terror threat level on the internet Message-ID: MI5 to post terror threat level on the internet By Philip Johnston, Home Affairs Editor http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2006/07/10/nterr10.xml& sSheet=/news/2006/07/10/ixuknews.html The public is to be given more information about the terrorist threat levels facing the country under plans to be announced by John Reid, the Home Secretary, today. His initiative is likely to stop short of the routine release of colour-coded warnings that operate in America, which are often criticised as confusing and unduly alarmist. But ministers have accepted that greater openness is needed. The existing system of threat levels was introduced in 2003 after the Bali bombings led to complaints about the way international warnings had been framed. It has seven stages, ranging in seriousness from negligible to critical. The present threat level is 2(G) - severe general - which means that available intelligence and recent events indicate that terrorists have an established capability and current intent to mount an attack. It is also assessed that an attack is a priority for the terrorists and is likely to be mounted. A review of the system has been undertaken since the July 7 bomb attacks on London last year after it emerged that the threat level had been reduced only a few weeks earlier from "severe general" to "substantial". Threat levels are determined by the Joint Terrorism Analysis Centre and issued as part of a detailed MI5 report on terrorist groups that is circulated across Whitehall. These are used to inform decisions about the state of alert to be observed in defence establishments and Government departments. Such reports, which include details of terrorist groups, activities and intelligence sources, are highly classified and have limited circulation. However, summaries containing fewer details are produced with a far lower classification. They are more widely circulated but are still not made public. Mr Reid will announce a streamlined system of five warning categories, which will be posted on the Home Office and MI5 websites with advice to the public on what action to take. In America, the Homeland Security Department also has a five-tier system which is made public. The levels range from green (low), through yellow (elevated) to red (severe). However, the system has been widely derided because it is lowered and raised so regularly. Mr Reid's announcement coincides with fresh speculation about the background of the July 7 suicide bombers, a few days after the first anniversary of their attacks. A BBC documentary tomorrow will claim that Mohammed Siddique Khan, the ringleader, had previously met two British Muslims who went to Israel to carry out a suicide mission. It quotes an alleged witness, who has not come forward before, as saying that he collaborated with Omar Sharif, from Derby, and Hanif Asif, from Hounslow, north-west London, to recruit young Muslims for training camps in Afghanistan five years ago. Kursheed Fiaz, a businessman who runs an information technology company in Manchester, says that he had four or five meetings - the first in 2001 - with Khan, who was initially accompanied by Sharif and later by Asif. If true, this would have significant implications for the investigation into extremist jihadi groups, suggesting closer links than had been realised. However, this connection is unknown to police and MI5 officers who have been compiling a profile of Khan and his associates in the year since the London attacks. There is some scepticism about the claim among counter-terrorism specialists, not least that the operation mounted by the two Britons in Israel was carried out by Hamas, not al-Qa'eda. ? The Crown Prosecution Service is expected shortly to reveal its decision on whether to prosecute any police officers over the shooting of Jean Charles de Menezes, an innocent Brazilian man, at Stockwell Underground station, south London, last July. He was mistaken for a suicide bomber. From rforno at infowarrior.org Sun Jul 9 22:27:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Jul 2006 22:27:40 -0400 Subject: [Infowarrior] - Hollywood wins legal fight against sanitized DVDs Message-ID: Hollywood wins legal fight against sanitized DVDs By Cynthia Littleton Reuters Sunday, July 9, 2006; 9:48 PM http://www.washingtonpost.com/wp-dyn/content/article/2006/07/09/AR2006070900 861_pf.html LOS ANGELES (Hollywood Reporter) - A federal judge in Colorado has handed the entertainment industry a big win in its protracted legal battle against a handful of small companies that offer sanitized versions of theatrical releases on DVD. The case encompasses two of Hollywood's biggest headaches these days: the culture wars and the disruptive influence of digital technologies. Senior U.S. District Court Judge Richard Matsch came down squarely on the side of the Directors Guild of America and the major studios in his ruling that the companies must immediately cease all production, sale and rentals of edited videos. The summary judgment issued Thursday requires the companies -- Utah-based CleanFlicks, CleanFilms and Play It Clean Video, Arizona-based Family Flix USA and the separate entity CleanFlicks of Colorado -- to turn over all existing copies of their edited movies to lawyers for the studios for destruction within five days of the ruling. Utah's CleanFlicks, which describes itself as the largest distributor of edited movies, through online sales and rentals and sales to video stores in Utah, Arizona and other states in the region, said it would continue its fight against the guild and the studios. CleanFlicks and the others make copies of official DVD releases and then edit them for sex, nudity, violence and profanity. David Schachter, attorney for CleanFlicks of Colorado, said Sunday that it was unclear whether any of the video-editing companies would seek an emergency hearing this week to request a stay of the injunction pending an appeal. He said such a move was unlikely for his client, which operates a retail store in Colorado Springs. It was unclear whether the store was still open Sunday. Representatives for Family Flix could not be reached for comment during the weekend. A posting on the Web site http://www.clean-edited-movies.com reported that the Family Flix had decided to shut its doors after five years as a result of the litigation, though the date of the posting was unclear. The site quoted Family Flix founders Richard and Sandra Teraci as making plans to establish their own production company. CleanFlicks and the others maintained their edited DVDs were legal under fair use guidelines that allow for the use of copyrighted material in criticism, news reporting, parody and other circumstances. The slogan on the CleanFlicks Web site is "It's About Choice." An online listing for Family Flix's offerings on the Web site of the Mormon-based Meridian magazine noted that the content snipped out of its edited videos included all references to "homosexuality, perversion and co-habitation." The mainstreaming of sophisticated digital editing technologies has fueled the cottage industry of movie sanitizers. CleanFlicks and others purchase an official DVD copy of a film on DVD for each edited version of the title they produce through the use of editing systems and software. The official release disc is included alongside the edited copy in every sale or rental transaction conducted. As such, the companies argued that they had the right on First Amendment and fair use grounds to offer consumers the alternative of an edited version for private viewing, so long as they maintained that "one-to-one" ratio to ensure that copyright holders got their due from the transactions. Matsch disagreed. "Their business is illegitimate," the judge wrote in his 16-page ruling. "The right to control the content of the copyrighted work ... is the essence of the law of copyright." The fight began in August 2002 with a pre-emptive legal filing by CleanFlicks against the DGA and 16 prominent directors after it got wind that the guild was preparing a legal case against the company. CleanFlicks sought a court ruling clarifying its right to market the videos on First Amendment grounds. The DGA and directors countersued the following month. After initially staying out of the fray, eight Hollywood studios joined with the directors and the guild in December 2002, filing claims of copyright infringement against CleanFlicks and other companies. "Whether these films should be edited in a manner that would make them acceptable to more of the public playing on a DVD in a home environment is more than merely a matter of marketing; it is a question of what audience the copyright owner wants to reach," Matsch wrote. "This court is not free to determine the social value of copyrighted works. What is protected are the creator's rights to protect its creation in the form in which it was created." The studios involved in the suit are MGM, Time Warner, Sony Pictures Entertainment, the Walt Disney Co., DreamWorks, Universal, 20th Century Fox and Paramount Pictures. The directors named in the initial August 2002 filing included Martin Scorsese, Steven Spielberg, Steven Soderbergh, Michael Mann, Robert Altman, Curtis Hanson, Betty Thomas and DGA president Michael Apted. Apted called Matsch's ruling a vindication for the guild and its members, especially with its clear support for rights of the work's original creator to protect how their film is presented. "No matter how many disclaimers are put on the film, it still carries the director's name," Apted said. "So we have great passion about protecting our work, which is our signature and brand identification, against unauthorized editing." Early on, the legal sparring involved Salt Lake City-based ClearPlay, which offers video filtering software that allows for home viewing of cleaned-up versions of Hollywood titles. ClearPlay offers software programs developed for specific titles that users can run on their computer or ClearPlay's proprietary DVD player along with an official copy of the DVD. With this technology, a nude shot of an actor can be altered to show a silhouette, or profanity can be bleeped out. Because ClearPlay's technology does not involve making an altered DVD copy, it has been shielded from the copyright infringement claims. The debate over movie content filtering activities made its way into Congress, which passed the 2005 Family Movie Act that protects ClearPlay and other software-based filtering companies. Matsch noted that Congress at that time had the opportunity to also carve out legal protections for CleanFlicks and its ilk, but chose not to. The DGA said in its statement on the ruling it "remains concerned about this exception to copyright protection." Matsch's opinion could wind up eliminating most of ClearPlay's competition, but company CEO Bill Aho still criticized Matsch's reasoning. "While it may be good for ClearPlay Inc., it's bad for parents," Aho said. "Moms and dads need all the help they can get to protect their kids, and these companies were providing a valuable service." Reuters/Hollywood Reporter ? 2006 Reuters From rforno at infowarrior.org Mon Jul 10 08:24:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jul 2006 08:24:37 -0400 Subject: [Infowarrior] - Parents turn to tech toys to track teens Message-ID: Parents turn to tech toys to track teens - Janine DeFao, Chronicle Staff Writer Sunday, July 9, 2006 http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2006/07/09/BIGMOTHER.TMP&typ e=printable Paige White was surprised when her parents figured out soon after she started driving last year that she'd gone 9 miles to a party, not 4 miles to the friend's house she'd told them she was visiting. It seemed to her almost as if her car was bugged. It was. Paige's parents had installed a device in their daughter's SUV that can tell them not only how far she's driven, but how fast and whether she's made any sudden stops or hard turns. "I was kind of mad because I felt it was an invasion of my privacy," said the Los Gatos resident, now 17. Parents, some of whom feel outmatched by their offspring in this tech-savvy world, are using a growing number of gadgets, software and specially equipped cell phones to track kids' driving, read their instant messages and pinpoint where they're hanging out. Move over, Big Brother. Big Mother is in the house. But cyber-snooping is simply a new tool, experts say. It doesn't resolve the dilemma parents have grappled with for generations: How much free rein do you give children so they can learn the lessons they need to grow up and be independent? "There's a gap between parents and kids which is unbridgeable: We want them to be safe, and they want to have a good time," said Anthony Wolf, a Massachusetts child psychologist and author of "Get Out of My Life, but First Could You Drive Me & Cheryl to the Mall?: A Parent's Guide to the New Teenager." Proponents of the new technology say it can help protect kids -- whether from predators lurking online or their own bad driving. But while there may be gains, monitoring also can take a toll. "The bottom line is, surveillance will cut down somewhat on potential risk behavior kids will engage in, but it is at a cost," Wolf said. "To the extent that you do surveillance, you are potentially interfering with your kids developing responsibility for their own lives." Bill White had safety in mind when he decided to get the CarChip, made by Davis Instruments in Hayward, for Paige's car when she first got her license. "I know how I drove when I was in high school," said White, 47. About the size of a 9-volt battery, the device plugs in beneath a car's dashboard and records driving behavior. The data it collects can be downloaded to a computer, and the device can sound an alarm when the car speeds or accelerates too fast. While her friends make fun of her for having one, Paige now admits liking the CarChip. "It helps me watch my speed and keeps me honest," she said. Supporters say tracking teen driving can save lives. Motor vehicle crashes are the leading cause of death for 15- to 20-year-olds, with 3,620 young drivers killed and 303,000 injured across the country in 2004, according to the National Highway Traffic Safety Administration. Teen Arrive Alive, a Florida company, offers Global Positioning System-enabled cell phones that allow parents to go online to check the location and speed of a car their child is driving or riding in. "This is about parents being given tools to better protect their kids. That's not Big Brother. That's parenting," said company spokesman Jack Church, whose 20-year-old son died in a drunken-driving accident in 2000. It took two days to find the car and the young man's body in a ditch. Church concedes the technology wouldn't have saved his son's life, but said it could have spared him and his wife the agony of searching for two days. Another company, Alltrack USA, offers a service that e-mails or calls parents if the car they're monitoring exceeds a certain speed or leaves a defined geographic area. DriveCam, which now installs cameras in fleet vehicles, plans to offer a monthly service to parents and teens next year that will let them watch video clips of their driving and receive coaching from driving experts. CarChip-type devices differ from the "black boxes," or event data recorders, installed by manufacturers in many cars to record speed and other data in the seconds before a crash. A California law that limits access to that data does not apply to the types of accessories parents are using. Nor do privacy laws give kids protection from prying parents. "In the United States, we sort of think of children as being the property of their parents," said Jennifer Granick, executive director of the Center for Internet and Society at Stanford Law School. "Generally, there's not going to be anything that says parents can't keep tabs on their children." Another way parents are doing that is with GPS-enabled cell phones. Sprint's Family Locator service allows parents to map the location of their children's cell phones online. Verizon's similar Chaperone service, introduced last month, can send parents text messages if their child leaves a predetermined zone. SmartWear Technologies in San Diego plans to take GPS monitoring to another level in the fall, offering radio-frequency tags for children's clothing. Already in many items because major retailers use them to track inventory, the tags can be encoded with identification and even a child's medical history. A GPS component will be available next year, said company President Bob Reed. Orinda mother Melinda Reilly said she is struggling with whether to get her 15-year-old daughter a GPS-enabled cell phone that Reilly can track in the event of the "worst-case scenario" that she couldn't reach the teen by phone. "When I mentioned it to my daughter, she turned white. She said, 'You wouldn't use it to track me down?' I said, 'That too -- but you don't have anything to hide, right?' " said Reilly, 52, who now asks her daughter to check in frequently from her regular cell phone. "All of these devices, I think, help parents. They're largely not as sophisticated as their kids are in this tech-driven world," added Reilly, who writes a blog urging parents to be more involved in their children's safety (parentsheadsup.blogspot.com). But, she said, "These are very hard choices for parents." Parent educator and author Jane Bluestein said monitoring kids without cause could backfire, especially when children appear to be following rules and have a good rapport with their parents. "I think it's going to add a lot of stress to a lot of relationships that really don't need it," said Bluestein, who lives in Albuquerque and wrote "Parents, Teens and Boundaries: How to Draw the Line." "To track kids for the sake of tracking kids -- I know it gives parents a sense of control, but I think it points to bigger problems in the relationship: mistrust, a need to control, a need to think for your kids." It's more important, she said, "for parents to teach kids how to think and act when they're not there." But she said monitoring also could help kids to regain their parents' trust if they've violated it by breaking curfew or lying about where they're going. Other experts tout the technology as a helping hand for all parents, saying they could be unaware of what their children are up to, especially online. Internet safety consultant and Bay Area police Officer Steve DeWarns particularly likes software that goes beyond Web filters, which keep children off objectionable sites. Newer software allows parents to track their children's Internet use remotely and can copy instant messages and online chats into e-mails that are sent to parents. DeWarns knows a father who was tracking his 14-year-old daughter's online correspondence when he learned, while out of town, that a 24-year-old man she'd met online had bought her a bus ticket to visit him out of state. The father thwarted the plan by calling his wife and telling her not to let their daughter out of her sight. DeWarns even advises parents not to tell older teens they're being monitored, because they may simply avoid the bugged computer. "The dilemma is, it's like peeking into your kid's diary or journal. The question is: What do you do with that information?" said DeWarns. "It may seem as though parents are going to extremes to monitor their children. However, I'm sure if we asked our parents if they ever listened in on one of our telephone conversations, they would be guilty of it." One Pleasant Hill mother has been using SpectorSoft's eBlaster for about a year to track her sons' online activity, including instant messaging. She's found the boys, 14 and 16, looking at "light porn" and discussing oral sex, and she's ferreted out weekend parties where no adults were going to be home. In those cases, she's made family plans without telling her sons what she knew. She said the boys think the history function on the computer lets her check up on them. They don't know she has the software or the level of detail she can see, and she asked not to be named for that reason. She said she fears telling them about the software because they may not use the computer as much. "It has been a chance for my husband and I to bring up subjects that may not come up having to do with sexuality and drugs," she said. "My oldest son said at first he felt we were raiding his privacy. We said the Internet is not a private thing. "They may fight it, but way deep down, I think they want those boundaries that aren't there for them otherwise on the computer," she said. "It's something they need until they grow up." Companies that make such software say sales have increased as parents have become more concerned about a range of issues, including pedophiles using the Web to solicit children and teens talking graphically about sex online. SpectorSoft President Doug Fowler said monthly sales of eBlaster have risen from 100 or 200 copies four years ago to 2,500 or 3,000 this year. No numbers are available for overall use of the various types of monitoring technology, though Church, of Teen Arrive Alive, said sales are lower in more liberal places such as the Bay Area, where parents may be more concerned about their children's privacy. SpectorSoft recommends that parents tell children they are using the software, Fowler said, but he pointed out parents are not legally required to do so. Other companies are mum on the subject. Fowler said safeguards are built in to keep children from removing the software from the family computer. Daly City mother Jean Aro said she would have been tempted in the past to know her children's whereabouts at all times, but now that the technology is available, she's not buying. "I don't know what kind of message I would be giving my child," said Aro, 51, who has four children and stepchildren ages 13 to 26. "It would have made me mad as hell as a teenager. "When you know you're being trusted, sometimes you want to show it," she said. "If they feel they're not trusted, they're not going to be trustworthy." Child-tracking technologies Car: Devices can record distance, speed and driving behavior, such as hard braking and sharp turning. Some pinpoint a car's location using Global Positioning System technology and alert parents if a teen driver exceeds a certain speed or leaves a defined geographic area. One, the CarChip, costs $139. Monthly services cost $20 and up. Cell phones: GPS enables parents to locate a child's phone on an online map. One service will text message parents if the phone leaves a predetermined zone. Monthly services typically cost $10 to $20. Software: Various programs can track Web activity and record online chats, instant messages and e-mail. Parents can receive reports and alerts by e-mail and, in some cases, by phone or text message. Prices range from $40 to $100 in one-time or annual fees. Page A - 1 URL: http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2006/07/09/BIGMOTHER.TMP From rforno at infowarrior.org Mon Jul 10 09:51:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jul 2006 09:51:14 -0400 Subject: [Infowarrior] - The Politics of Paranoia and Intimidation Message-ID: (c/o BruceS) The Politics of Paranoia and Intimidation by Floyd Rudmin http://www.lewrockwell.com/orig7/rudmin1.html Save a link to this article and return to it at www.savethis.comSave a link to this article and return to it at www.savethis.com Email a link to this articleEmail a link to this article Printer-friendly version of this articlePrinter-friendly version of this article View a list of the most popular articles on our siteView a list of the most popular articles on our site The Bush administration and the National Security Agency (NSA) have been secretly monitoring the email messages and phone calls of all Americans. They are doing this, they say, for our own good. To find terrorists. Many people have criticized NSA's domestic spying as unlawful invasion of privacy, as search without search warrant, as abuse of power, as misuse of the NSA's resources, as unConstitutional, as something the communists would do, something very unAmerican. In addition, however, mass surveillance of an entire population cannot find terrorists. It is a probabilistic impossibility. It cannot work. What is the probability that people are terrorists given that NSA's mass surveillance identifies them as terrorists? If the probability is zero (p=0.00), then they certainly are not terrorists, and NSA was wasting resources and damaging the lives of innocent citizens. If the probability is one (p=1.00), then they definitely are terrorists, and NSA has saved the day. If the probability is fifty-fifty (p=0.50), that is the same as guessing the flip of a coin. The conditional probability that people are terrorists given that the NSA surveillance system says they are, that had better be very near to one (p=1.00) and very far from zero (p=0.00). The mathematics of conditional probability were figured out by the Scottish logician Thomas Bayes. If you Google "Bayes' Theorem", you will get more than a million hits. Bayes' Theorem is taught in all elementary statistics classes. Everyone at NSA certainly knows Bayes' Theorem. To know if mass surveillance will work, Bayes' theorem requires three estimations: 1. The base-rate for terrorists, i.e. what proportion of the population are terrorists; 2. The accuracy rate, i.e., the probability that real terrorists will be identified by NSA; 3. The misidentification rate, i.e., the probability that innocent citizens will be misidentified by NSA as terrorists. No matter how sophisticated and super-duper are NSA's methods for identifying terrorists, no matter how big and fast are NSA's computers, NSA's accuracy rate will never be 100% and their misidentification rate will never be 0%. That fact, plus the extremely low base-rate for terrorists, means it is logically impossible for mass surveillance to be an effective way to find terrorists. I will not put Bayes' computational formula here. It is available in all elementary statistics books and is on the web should any readers be interested. But I will compute some conditional probabilities that people are terrorists given that NSA's system of mass surveillance identifies them to be terrorists. The US Census shows that there are about 300 million people living in the USA. Suppose that there are 1,000 terrorists there as well, which is probably a high estimate. The base-rate would be 1 terrorist per 300,000 people. In percentages, that is .00033%, which is way less than 1%. Suppose that NSA surveillance has an accuracy rate of .40, which means that 40% of real terrorists in the USA will be identified by NSA's monitoring of everyone's email and phone calls. This is probably a high estimate, considering that terrorists are doing their best to avoid detection. There is no evidence thus far that NSA has been so successful at finding terrorists. And suppose NSA's misidentification rate is .0001, which means that .01% of innocent people will be misidentified as terrorists, at least until they are investigated, detained and interrogated. Note that .01% of the US population is 30,000 people. With these suppositions, then the probability that people are terrorists given that NSA's system of surveillance identifies them as terrorists is only p=0.0132, which is near zero, very far from one. Ergo, NSA's surveillance system is useless for finding terrorists. Suppose that NSA's system is more accurate than .40, let's say, .70, which means that 70% of terrorists in the USA will be found by mass monitoring of phone calls and email messages. Then, by Bayes' Theorem, the probability that a person is a terrorist if targeted by NSA is still only p=0.0228, which is near zero, far from one, and useless. Suppose that NSA's system is really, really, really good, really, really good, with an accuracy rate of .90, and a misidentification rate of .00001, which means that only 3,000 innocent people are misidentified as terrorists. With these suppositions, then the probability that people are terrorists given that NSA's system of surveillance identifies them as terrorists is only p=0.2308, which is far from one and well below flipping a coin. NSA's domestic monitoring of everyone's email and phone calls is useless for finding terrorists. NSA knows this. Bayes' Theorem is elementary common knowledge. So, why does NSA spy on Americans knowing it's not possible to find terrorists that way? Mass surveillance of the entire population is logically sensible only if there is a higher base-rate. Higher base-rates arise from two lines of thought, neither of them very nice: 1. McCarthy-type national paranoia; 2. political espionage. The whole NSA domestic spying program will seem to work well, will seem logical and possible, if you are paranoid. Instead of presuming there are 1,000 terrorists in the USA, presume there are 1 million terrorists. Americans have gone paranoid before, for example, during the McCarthyism era of the 1950s. Imagining a million terrorists in America puts the base-rate at .00333, and now the probability that a person is a terrorist given that NSA's system identifies them is p=.99, which is near certainty. But only if you are paranoid. If NSA's surveillance requires a presumption of a million terrorists, and if in fact there are only 100 or only 10, then a lot of innocent people are going to be misidentified and confidently mislabeled as terrorists. The ratio of real terrorists to innocent people in the prison camps of Guantanamo, Abu Ghraib, and Kandahar shows that the US is paranoid and is not bothered by mistaken identifications of innocent people. The ratio of real terrorists to innocent people on Bush's no-fly lists shows that the Bush administration is not bothered by mistaken identifications of innocent Americans. Also, mass surveillance of the entire population is logically plausible if NSA's domestic spying is not looking for terrorists, but looking for something else, something that is not so rare as terrorists. For example, the May 19 Fox News opinion poll of 900 registered voters found that 30% dislike the Bush administration so much they want him impeached. If NSA were monitoring email and phone calls to identify pro-impeachment people, and if the accuracy rate were .90 and the error rate were .01, then the probability that people are pro-impeachment given that NSA surveillance system identified them as such, would be p=.98, which is coming close to certainty (p=1.00). Mass surveillance by NSA of all Americans' phone calls and emails would be very effective for domestic political intelligence. But finding a few terrorists by mass surveillance of the phone calls and email messages of 300 million Americans is mathematically impossible, and NSA certainly knows that. May 26, 2006 Floyd Rudmin [send him mail] is Professor of Social & Community Psychology at the University of Troms? in Norway. From rforno at infowarrior.org Mon Jul 10 11:59:20 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jul 2006 11:59:20 -0400 Subject: [Infowarrior] - DoD releases OTD Roadmap Message-ID: Title DoD releases OTD Roadmap Date 2006.07.07 19:00 Author Joe Barr Topic http://trends.newsforge.com/article.pl?sid=06/07/07/233257 The Open Source Software Institute (OSSI) has announced the release of a Department of Defense (DoD) report entitled the Open Technology Development Roadmap which focuses on how to make the use of open technology development an integral part of the Department of Defense (DoD) software acquisition and development processes. According to OSSI, "OTD methodology will enable DoD organizations and contractors to rapidly adapt and extend existing software capabilities in response to shifting threats and requirements without, being locked in to a specific vendor or held hostage to proprietary technologies." The 79 page report defines Open Technology Development, explains the key need that it fulfills, and makes concrete recommendations on how to make its use a standard operating procedure within the DoD. According to the report, Open Technology Development "combines salient advances" in four key areas: * Open Standards and Interfaces * Open Source Software and Designs * Collaborative/Distributive culture and online support tools * Technological Agility The report distinguishes between open source and OTD, since ODT code may be developed internally at the DoD and only available for distribution within the department. NewsForge spoke briefly this afternoon with John Scott, one of the report's three authors. Scott told us the biggest single benefit OTD brings to the DoD is not in cost savings, but in agility: getting IT tools to those who use them more quickly and efficiently. John Weathersby of OSSI said "OTD is more than the technical benefits of open source. OTD focuses on the changing, evolving business model...how open source is, and will become, an integral part of the DoD business process." Links 1. "Open Source Software Institute" - http://www.oss-institute.org/ 2. "Open Technology Development Roadmap" - http://www.oss-institute.org/NCOSPR/OTDRoadmap_v3_Final.pdf 3. "report" - http://www.oss-institute.org/NCOSPR/OTDRoadmap_v3_Final.pdf 4. "John Scott" - http://powdermonkey.blogs.com/powdermonkey/ From rforno at infowarrior.org Mon Jul 10 14:57:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jul 2006 14:57:58 -0400 Subject: [Infowarrior] - White House asks for dismissal of NSA wiretap suit Message-ID: White House asks for dismissal of NSA wiretap suit By Jui Chakravorty Reuters Monday, July 10, 2006; 1:47 PM http://www.washingtonpost.com/wp-dyn/content/article/2006/07/10/AR2006071000 596_pf.html DETROIT (Reuters) - The Bush administration on Monday asked a federal judge to dismiss a lawsuit challenging the National Security Agency's domestic eavesdropping program, arguing that defending the four-year-old wiretapping program in open court would risk national security. In arguments before U.S. District Judge Anna Diggs Taylor in Detroit, the American Civil Liberties Union on Monday renewed its call for a court order that would force the government to suspend its program of intercepting without a court order the international phone calls and e-mails of U.S. citizens. But the U.S. Justice Department has asked federal judges in Detroit and New York to throw out the landmark challenges to the eavesdropping program. In both cases, the Bush administration has invoked a legal doctrine known as the "state-secrets privilege" that it has used to head off other court action spy programs. "If the court accepts the state-secret argument, we are truly facing a constitutional crisis in this country," Michael Steinberg, legal director for ACLU Michigan, told reporters after the hearing. The ACLU, which filed the lawsuit in January, argues that the NSA wiretaps violate free-speech and privacy rights protected by the U.S. Constitution. Government lawyers on Monday argued that the NSA program was key to protecting national security. "This program targets members or agents of al Qaeda," Anthony Coppolino, the lead attorney for the Department of Justice said in the hearing, which lasted an hour and a half. Coppolino said the program was "well within bounds of the law" and that it was needed to "detect and prevent foreign terrorist threats in the United States." Taylor, who was appointed to the federal bench in 1979 by then-President Jimmy Carter, adjourned court without indicating when she would rule on whether the lawsuit can proceed. Several individuals and groups -- including the National Association for the Advancement of Colored People, the American-Arab Discrimination Committee, the Asian American Legal Defense and members of Congress -- have filed briefs in support of the ACLU's claim. The lawsuit was prompted by President George W. Bush's disclosure in December that he had authorized the warrantless eavesdropping shortly after the September 11 attacks in order to track suspected communication from al Qaeda operatives. U.S. officials have declined to provide details on how widely the NSA wiretaps have been used or what communications have been intercepted. The ACLU said it expected a decision soon from Taylor. "She has so far been proceeding quite quickly," said the ACLU's associate legal director Ann Beeson. The ACLU filed its lawsuit on behalf of scholars, attorneys, journalists and nonprofit groups that regularly communicate by phone and e-mail with people in the Middle East. The case was filed in Detroit because the area is home to one of the largest Arab populations outside the Middle East. The Center for Constitutional Rights has a parallel case pending before a federal judge in New York. ? 2006 Reuters From rforno at infowarrior.org Mon Jul 10 23:21:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jul 2006 23:21:58 -0400 Subject: [Infowarrior] - OpEd: Going after the Freedom of Information Act is a slippery slope Message-ID: Bob Richter: Going after the Freedom of Information Act is a slippery slope Web Posted: 07/09/2006 12:00 AM CDT San Antonio Express-News http://www.mysanantonio.com/news/metro/stories/MYSA070906.03B.richter.ceff8d .html The Express-News reported Friday that St. Mary's University's Center for Terrorism Law has received a $1 million Defense Department grant "to limit the scope of the Freedom of Information Act." Journalists get slippery-slope worries when we hear the Pentagon wants to alter a law that allows the sun to shine on what politicians and government officials do behind closed doors. As a federal judge in Michigan (Damon J. Keith) said a couple years ago: "Democracies die behind closed doors." I compare the Freedom of Information Act, or FOIA, with closing the Chicken Ranch ("The Best Little Whorehouse in Texas"). Once it was proposed, who could vote against it? But, truth be known, the law was under attack from Day 1. President Lyndon B. Johnson, who signed it on July 4, 1966, worried then that FOIA opened the door too wide, the Associated Press reported last week, citing new information. Forty years and another Texas president later, advocates for a free and free-wielding press worry about tinkering with open government, even in the name of national security. The Bush administration has had a schizophrenic relationship with the media. While President Bush is well-liked for the most part by the people who follow him and write or talk about him daily, White House media strategy has varied wildly: >From staying on message, but not answering specific questions (as a colleague analogizes, "You ask them the score of the Astros game; they give you the weather report"); to Bush having private, off-the-record visits with small groups of journalists to curry favor; to the Bush's attorney general threatening to prosecute journalists for treason. So when St. Mary's is asked by the Pentagon ? headed by Don Rumsfeld, who gets rotten press ? to tighten FOIA, thoughtful people get suspicious, even if they're not journalists or don't fully appreciate the importance of press freedom. Randy Sanders, the retired editor of the Lubbock Avalanche-Journal and president of the Freedom of Information Foundation of Texas, criticized the St. Mary's project. "It seems like we're losing all our freedoms in the name of homeland security," he said. "I just wonder where the real threat is. We're not going to keep terrorists from finding out about power plants and water supplies by tightening the Freedom of Information Act." Jeffrey Andicott, director of the Center for Terrorism Law, is an expert in national security and human rights law, a former legal adviser to the Green Berets, and advises the federal government on the Navy prison at Guantanamo Bay, Cuba. He told me the grant requires his team to study the various state freedom of information laws, federal and states, with a goal of developing a model statute by Aug. 1, 2007, that can be presented to federal and state governments. He said the research will be "strictly from a legal perspective, not political." "The mission is to balance the need for security with civil liberties," Andicott said, explaining the research will be open, that a "bench book" will be compiled, and that there will be a conference to discuss the findings. "We'd love to invite the media to participate," he added. Journalists here and elsewhere should hold his feet to the fire on that promise. At the end, whatever the center recommends will be subject to legislative approval. The FOIA was passed for good reason. After two years of working for a state politician, I know firsthand that the pols hate it because it gives reporters and constituents a slim ray of sunshine to see how politicians operate behind closed doors. In the current "attack the media" climate in Washington, many pols and many Americans are saying, "To hell with the press." It's a popular refrain, but here's a better one, from a better thinker than anyone in Washington today, Thomas Jefferson, who was often crucified in the press: "If I had to choose between government without newspapers, and newspapers without government, I wouldn't hesitate to choose the latter." Bob Richter is Express-News public editor. His opinions are his own. Contact him at (210) 250-3264 or brichter at express-news.net or visit his blog at MySA.com, keyword: publiceditor. From rforno at infowarrior.org Tue Jul 11 08:51:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 08:51:14 -0400 Subject: [Infowarrior] - Fed register screwup? Message-ID: http://cryptome.org/pidb071106.htm Information Security Oversight Office; Public Interest Declassification Board (PIDB); Notice of Meeting "This meeting will be open to the public. However, due to space limitations and access procedures, the name and telephone number of individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than Monday, July 10, 2006. ISOO will provide additional instructions for gaining access to the location of the meeting." ..yet the notice appeared in the July 11, 2006 Federal Register - one day later. Was this an oversight on the person writing this, or do they just want to minimize public folks showing up? (Or is this common practice....?) -rf From rforno at infowarrior.org Tue Jul 11 08:58:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 08:58:13 -0400 Subject: [Infowarrior] - LA Times: We aren't all pirates Message-ID: (this, from the newspaper "of Hollywood"......rf) http://www.latimes.com/news/opinion/editorials/la-ed-piracy10jul10,0,2000938 .story?coll=la-news-comment-editorials We aren't all pirates Anti-piracy proposals before Congress could limit innovation and legal uses of technology. July 10, 2006 THE INTERNET AND DIGITAL technology have been both a blessing and a curse for the entertainment industry, opening new opportunities for selling music and video but also fueling rampant global piracy. To attack the latter problem, industry lobbyists are pressing Congress to adopt at least five different proposals that would give them more control over their works as they flow through new digital pipelines into living rooms and portable devices. But these measures, like the technologies they would affect, have a hard time distinguishing between illicit actions and legitimate ones. The bills would pressure device makers and service providers to limit or eliminate features from some products, such as the ability to record individual songs off satellite radio. In essence, tech companies would have to alter what they are selling to safeguard the entertainment industry's wares. Protecting intellectual property is a legitimate goal for Congress ? after all, the Constitution called on Congress to give authors and inventors exclusive rights "to promote the progress of science and useful arts." The task has grown more urgent with the emergence of an Internet-fueled global information economy. But what the entertainment industry is seeking in this year's proposals isn't merely protection from piracy; it's after increased leverage to protect its business models. That's why lawmakers must bear in mind the balance needed between copyright holders' interests and the public's, something Congress has not done well lately. In 1998, it gave copyright holders broad power to block legitimate uses of works, even those in the public domain, through the use of electronic locks that impede copying of digital products. And that same year, it prolonged the public domain's starvation diet by extending copyrights an additional 20 years, to 70 years beyond the death of the creator. The movie and music industries have similar interests, but their agendas this year are distinct. The major studios want to alter digital TV receivers, recorders and home networks to stop shows from being redistributed indiscriminately online ? a proposal that has won grudging support from some consumer-electronics and high-tech firms. They also want to redesign computers, set-top boxes and other products to ensure that the limits placed on digital videos are not removed when the data are converted from digital to analog. This approach could deter people from making a permanent copy of a pay-per-view movie, but it also could make it hard for digital movie buyers to create backup copies or transfer videos to portable players. The music industry, meanwhile, is focusing its fire on satellite and digital radio services that make it easy for listeners to record and save individual songs. Those recorders don't fuel piracy, given that federal law already requires them to include a form of anti-piracy technology. Instead, a more immediate effect of the industry-backed proposals would be to give labels and music publishers more control over listeners' ability to record broadcasts, while helping them collect more money from XM, Sirius and other digital music businesses. Clearly, the industry-backed proposals would do more than just defend copyrighted works from pirates. They also would impinge on devices that have legitimate uses and steer the development of technology, cutting off some innovation. As they weigh the entertainment industry's pleas, lawmakers shouldn't assume all consumers are bootleggers and every digital device is a hand grenade aimed at Hollywood. From rforno at infowarrior.org Tue Jul 11 09:01:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 09:01:42 -0400 Subject: [Infowarrior] - OpEd: Net Neutrality and Information Security Message-ID: Net Neutrality and Information Security, (Mon, Jul 10th) http://isc.sans.org/diary.php?storyid=1467&rss With the recent debate on network neutrality raging, I thought it appropriate to mention some of what I think the information security implications of net neutrality are (if adopted). This is probably US-centric, but it shows how a policy if not fully thought through can negatively impact the ability of an organization to secure their environment. Briefly, network neutrality is designed to prevent ISPs from favoring certain websites over others (faster load times) or certain applications over others. In short, it's designed for consumer PC environments only (the exact environments that are pretty much the biggest nightmare on the internet). The supporters of network neutrality would allow for filtering of illegal traffic, but the problem comes in with grey areas. For instance, network neutrality would not allow ISPs to filter P2P traffic as a class. P2P isn't inherently illegal (as much as the MPAA/RIAA would like to say otherwise) however it isn't generally used for honest purposes (with few exceptions). For instance, on my network, when I see bittorrent I know someone is generally doing something bad. Because DMCA makes ISPs responsible for P2P piracy of their users, some ISPs simply don't allow P2P. That would not be a viable option under a net neutrality regime. If you don't like P2P because there is about a 1% chance that a given P2P use might be for legitimate software vendors too cheap to pay for bandwidth, the above is just as applicable for spam. Sure, some spam is illegal but the perenial complain is that the law has not kept up with the spam problem (i.e. a good amount is still strictly legal). With net neutrality if it's legal, it can't be filtered. Not only incoming spam but outgoing spam must be allowed unless it can be shown to be illegal (a judgement simply well out-of-scope for an ISP to be making). Here's a more potent example. Many ISPs blocked inbound port 80 during the Code Red days. There is nothing illegal about having webservers, however ISPs (in my opinion, rightly) decided that the risk was not worth the benefit and blocked that application. This helped mitigate to some degree the spread of Code Red. This would no longer be an allowable option with net neutrality as they'd presumably have to wait UNTIL a machine is infected to do something about it, instead of protecting the machine to begin with. It should be intuitive that proactive security is better than reactive security (despite the fact that as an industry we keep insisting on being reactive). The point is, there is a lot of "grey" in network traffic and gutting AUPs with network neutrality regulations would take away valuable tools to help stop bad traffic. It converts the game from least privilege to most privilege. If I start probing from my PC on a DSL line, my ISP (if they are paying attention) may outright block me unless I can prove legitimacy. With net neutrality, legitimacy is presumed until a crime can be proven. At that point damage is done. It puts us once again behind the hackers, forced to wait until either the FCC decides ISPs can move or there is a crime with a victim and damage. Security policies (or laws) in general should not emasculate security officers into a wait-and-see position. Cost/benefit decisions should be allowed so that organizations can appropriately manage their own risk. (Full disclosure: In addition to being in IT security, I'm a columnist. My next column comes out against net neutrality for political reasons. I mention this because I'm sure someone out there will think they are terribly clever for managing to use google, finding out I'm a columnist, and saying my politics are shaping my technical analysis here. My point is that these security considerations have not been analyzed and thought through and I know this because I interviewed the drivers of the net neutrality policy. Maybe net neutrality can be revamped to allow for appropriate information security considerations to come into play, that's the point of this post. I'd prefer to think about this stuff before policies are decided on than after, regardless of what I think about the policy in general.) ---- John Bambenek bambenek /at/ gmail /dot/ com From rforno at infowarrior.org Tue Jul 11 21:52:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 21:52:40 -0400 Subject: [Infowarrior] - Interesting....White House Salary List Message-ID: 2006 WHITE HOUSE SALARY LIST Who's Making What In The White House By Alexis Simendinger, for NationalJournal.com ? National Journal Group Inc. Tuesday, July 11, 2006 < - > http://nationaljournal.com/about/njweekly/stories/2006/0711nj1.htm From rforno at infowarrior.org Tue Jul 11 22:13:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 22:13:31 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Cond_=E9_Nast_Buys_Wired_News?= Message-ID: Cond? Nast Buys Wired News http://wired.com/news/technology/internet/1,71366-0.html By Wired News Staff 17:00 PM Jul, 11, 2006 Lycos is selling its Wired News unit to Cond? Nast Publications for $25 million, Lycos parent Daum Communications announced in Korea late Tuesday, a deal that brings Wired.com and Wired magazine under the same owner after an eight-year separation. Lycos acquired Wired News as part of its June 1999 acquisition of Wired Digital in a stock transaction valued at about $83 million at the time. Since then, Wired News has published Wired magazine articles on the web under a contractual relationship, while reporting independently on technology and science news. Tuesday's deal includes all the assets of Wired News, such as the website, news content and domain name, but leaves Lycos in control of former Wired Digital properties such as HotBot, Hotwired and Webmonkey. Upon completion of the transaction, the assets of Wired News will be operated as part of Cond? Nast Publications' web division, Cond?Net. No layoffs at Wired News are planned as a result of the deal. "We are thrilled to be bringing Wired News back into the fold after eight years of separation from the print publication, especially since it comes at a time of exploding growth and creativity on the web," said Steve Newhouse, chairman of the Advance.net web division of Advance Publications, the privately held parent company of Cond? Nast, in a joint statement with Lycos, also released Tuesday. Net ad revenues reached a new record of $3.9 billion for the first quarter of 2006, the Interactive Advertising Bureau reported in May, up 38 percent over the same period last year, and up 6 percent over the 2005 fourth quarter total of $3.6 billion. According to TNS Media Intelligence, internet display advertising grew faster than for any other medium in the first quarter of the year, rising 19.4 percent to $2.31 billion -- though its report did not account for paid search listings, a category that has fueled meteoric growth at web darling Google. Total advertising expenditures for the same period grew just 5.2 percent, the research firm said, reaching $34.9 billion. After an initially slow start courting the net, Cond? Nast has begun to explore new ways to position its wide stable of popular magazines -- such as Vogue, W, Gourmet and Cond? Nast Traveler, among others -- on the web. In April, the company added to its stable of destination sites, launching Brides.com, a web portal that combines three of its bridal magazine titles and offers various web-only interactive features. It has also adopted a web portal model for Epicurious (food), Concierge.com (travel) and Style.com (fashion). For Lycos, the sale represents the latest effort to streamline and reposition following a $95 million December 2004 buyout by Korea-based internet service provider Daum. The company, best known as an internet search provider before the dot-com bubble burst, has since sold off various assets, including its Quote.com financial site, and is now focusing on developing broadband TV and community content services. "Lycos is one of the most widely recognized internet brands in the world, and my goal is to continue to reinvigorate the Lycos brand," said Alfred Tolle, CEO of Lycos and president of Daum Global, in a statement. "This deal allows us to focus entirely on building out Lycos as an entertainment broadband destination." Wired News is the heir to Hotwired.com, a news and opinion site launched by Wired magazine under the stewardship of founder Louis Rossetto more than a decade ago. The site is widely credited as an innovative web pioneer, but it has also struggled, suffering cutbacks and several rounds of layoffs, most recently last summer. In a statement Tuesday, Wired Editor in Chief Chris Anderson said that reuniting Wired News with the magazine was a long-cherished goal. "Wired's focus on innovation and how technology is changing the world can now be matched with our own innovation and experimentation with new ways of doing media online. We're bursting with ideas and can't wait to put them into practice," he said. From rforno at infowarrior.org Tue Jul 11 22:17:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 22:17:37 -0400 Subject: [Infowarrior] - OT: Syd Barrett, Founder of Pink Floyd, Dies Message-ID: (couldn't pass up a mention of one of my favorite groups.......rf) Syd Barrett, Founder of Pink Floyd, Dies By JILL LAWLESS The Associated Press Tuesday, July 11, 2006; 3:46 PM http://www.washingtonpost.com/wp-dyn/content/article/2006/07/11/AR2006071100 344_pf.html LONDON -- Syd Barrett, the troubled Pink Floyd co-founder who spent his last years in reclusive anonymity, has died, the band said Tuesday. He was 60. A spokeswoman for the band said Barrett died several days ago, but she did not disclose the cause of death. Barrett had suffered from diabetes for years. The surviving members of Pink Floyd _ David Gilmour, Nick Mason, Roger Waters and Richard Wright _ said they were "very upset and sad to learn of Syd Barrett's death." "Syd was the guiding light of the early band lineup and leaves a legacy which continues to inspire," they said in a statement. Barrett co-founded Pink Floyd in 1965 with Waters, Mason and Wright, and wrote many of the band's early songs. The group's jazz-infused rock and drug-laced, multimedia "happenings" made them darlings of the London psychedelic scene. The 1967 album "The Piper at the Gates of Dawn" _ largely written by Barrett, who also played guitar _ was a commercial and critical hit. But Barrett suffered from mental instability, exacerbated by his use of LSD. His behavior grew increasingly erratic, and he left the group in 1968 _ five years before the release of Pink Floyd's most popular album, "Dark Side of the Moon" _ to be replaced by Gilmour. Barrett released two solo albums _ "The Madcap Laughs" and "Barrett" _ but soon withdrew from the music business altogether. An album of previously unreleased material, "Opel," was issued in 1988. He reverted to his real name, Roger Barrett, and spent much of the rest of his life living quietly in his hometown of Cambridge, England. Moving into his mother's suburban house, he passed the time painting and tending the garden. His former bandmates made sure Barrett continued to receive royalties from his work with Pink Floyd. He was a familiar figure to neighbors, often seen cycling or walking to the corner store, but rarely spoke to the fans and journalists who sought him out over the years. Despite his brief career, Barrett's fragile, wistful songs influenced many musicians including David Bowie _ who covered the Barrett track "See Emily Play." Bowie said in a statement posted on his Web site that Barrett had been a "major inspiration." "His impact on my thinking was enormous," Bowie write. "A major regret is that I never got to know him. A diamond indeed." The other members of Pink Floyd recorded the album "Wish You Were Here" as a tribute to their troubled bandmate. It contained the song "Shine On You Crazy Diamond" _ "Remember when you were young, you shone like the sun." The band also dwelt on themes of mental illness on the albums "Dark Side of the Moon" and "The Wall." The band spokeswoman said a small, private funeral would be held. ? 2006 The Associated Press From rforno at infowarrior.org Tue Jul 11 22:28:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jul 2006 22:28:18 -0400 Subject: [Infowarrior] - Brilliant mash-up of Ted Stevens "Internet Tubes" Message-ID: "Tubes!" "Tubes" -- quite catchy.... http://66.132.137.45/podcast/steves_viral/DJ_teds_techno_tubes.mp3 From rforno at infowarrior.org Wed Jul 12 07:30:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jul 2006 07:30:18 -0400 Subject: [Infowarrior] - U.S. Terror Targets: Petting Zoo and Flea Market? Message-ID: July 12, 2006 U.S. Terror Targets: Petting Zoo and Flea Market? By ERIC LIPTON http://www.nytimes.com/2006/07/12/washington/12assets.html?_r=1&oref=slogin& pagewanted=print WASHINGTON, July 11 ? It reads like a tally of terrorist targets that a child might have written: Old MacDonald?s Petting Zoo, the Amish Country Popcorn factory, the Mule Day Parade, the Sweetwater Flea Market and an unspecified ?Beach at End of a Street.? But the inspector general of the Department of Homeland Security, in a report released Tuesday, found that the list was not child?s play: all these ?unusual or out-of-place? sites ?whose criticality is not readily apparent? are inexplicably included in the federal antiterrorism database. The National Asset Database, as it is known, is so flawed, the inspector general found, that as of January, Indiana, with 8,591 potential terrorist targets, had 50 percent more listed sites than New York (5,687) and more than twice as many as California (3,212), ranking the state the most target-rich place in the nation. The database is used by the Homeland Security Department to help divvy up the hundreds of millions of dollars in antiterrorism grants each year, including the program announced in May that cut money to New York City and Washington by 40 percent, while significantly increasing spending for cities including Louisville, Ky., and Omaha. ?We don?t find it embarrassing,? said the department?s deputy press secretary, Jarrod Agen. ?The list is a valuable tool.? But the audit says that lower-level department officials agreed that some older information in the inventory ?was of low quality and that they had little faith in it.? ?The presence of large numbers of out-of-place assets taints the credibility of the data,? the report says. In addition to the petting zoo, in Woodville, Ala., and the Mule Day Parade in Columbia, Tenn., the auditors questioned many entries, including ?Nix?s Check Cashing,? ?Mall at Sears,? ?Ice Cream Parlor,? ?Tackle Shop,? ?Donut Shop,? ?Anti-Cruelty Society? and ?Bean Fest.? Even people connected to some of those businesses or events are baffled at their inclusion as possible terrorist targets. ?Seems like someone has gone overboard,? said Larry Buss, who helps organize the Apple and Pork Festival in Clinton, Ill. ?Their time could be spent better doing other things, like providing security for the country.? Angela McNabb, manager of the Sweetwater Flea Market, which is 50 miles from Knoxville, Tenn., said: ?I don?t know where they get their information. We are talking about a flea market here.? New York City officials, who have questioned the rationale for the reduction in this year?s antiterrorism grants, were similarly blunt. ?Now we know why the Homeland Security grant formula came out as wacky as it was,? Senator Charles E. Schumer, Democrat of New York, said Tuesday. ?This report is the smoking gun that thoroughly indicts the system.? The source of the problems, the audit said, appears to be insufficient definitions or standards for inclusion provided to the states, which submit lists of locations for the database. New York, for example, lists only 2 percent of the nation?s banking and finance sector assets, which ranks it between North Dakota and Missouri. Washington State lists nearly twice as many national monuments and icons as the District of Columbia. Montana, one of the least populous states in the nation, turned up with far more assets than big-population states including Massachusetts, North Carolina and New Jersey. The inspector general questions whether many of the sites listed in whole categories ? like the 1,305 casinos, 163 water parks, 159 cruise ships, 244 jails, 3,773 malls, 718 mortuaries and 571 nursing homes ? should even be included in the tally. But the report also notes that the list ?may have too few assets in essential areas.? It apparently does not include many major business and finance operations or critical national telecommunications hubs. The department does not release the list of 77,069 sites, but the report said that as of January it included 17,327 commercial properties like office buildings, malls and shopping centers, 12,019 government facilities, 8,402 public health buildings, 7,889 power plants and 2,963 sites with chemical or hazardous materials. George W. Foresman, the department?s under secretary for preparedness, said the audit misunderstood the purpose of the database, as it was an inventory or catalog of national assets, not a prioritized list of the most critical sites.The database is just one of many sources consulted in deciding antiterrorism grants. The inspector general recommends that the department review the list and determine which of the ?extremely insignificant? assets that have been included should remain and provide better guidance to states on what to submit in the future. Mr. Agen, the Homeland Security Department spokesman, said that he agreed that his agency should provide better directions for the states and that it would do so in the future. One business owner who learned from a reporter that a company named Amish Country Popcorn was on the list was at first puzzled. The businessman, Brian Lehman, said he owned the only operation in the country with that name. ?I am out in the middle of nowhere,? said Mr. Lehman, whose business in Berne, Ind., has five employees and grows and distributes popcorn. ?We are nothing but a bunch of Amish buggies and tractors out here. No one would care.? But on second thought, he came up with an explanation: ?Maybe because popcorn explodes?? From rforno at infowarrior.org Wed Jul 12 16:15:05 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jul 2006 16:15:05 -0400 Subject: [Infowarrior] - US unveils emergency alert system for mobile phones, computers Message-ID: US unveils emergency alert system for mobile phones, computers Jul 12 3:12 PM US/Eastern http://www.govexec.com/dailyfed/0706/071206j1.htm The US government unveiled a communications system that in case of emergency should soon allow it to send SMS alerts to Americans' mobile phones and computers. "We have the ability to do this. It's a major step," Federal Emergency Management Agency (FEMA) Director David Paulson told reporters outside the US capital as he unveiled the program's design. The Digital Emergency Alert System (DEAS) will include the participation of television networks and public radio stations and be based on an existing alert system built in the Cold War era for use in the event of a nuclear attack. The new system will initially allow the government to quickly alert public organizations and first-aid groups in case of an emergency. It is planned to become operational in southern and eastern states by the end of the year, and nationally at the end of 2007. At the same time, the government said it will build a system that can also send alerts to mobile phone users and computers linked to the Internet. The SMS messages will be sent out in case "something unfortunate has happened," said John Lawson, president and chief executive officer of the Association of Public Television Stations. Internet-linked computers will automatically switch on to a video message from the US Department of Homeland Security while downloading instructions prepared specifically from natural disasters, chemical and nuclear attacks, and other calamities. From rforno at infowarrior.org Wed Jul 12 19:09:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jul 2006 19:09:00 -0400 Subject: [Infowarrior] - Link to controversial DHS IG report on "terror targets" Message-ID: Progress in Developing the National Asset Database DEPARTMENT OF HOMELAND SECURITY Office of Inspector General http://www.nytimes.com/packages/pdf/politics/20060711_DHS.pdf Eg: > Table 2: Examples of Out-of-Place Assets From Four States > (July 2004 Data Call) > Psychiatry Behavioral Center Order of Elks National Memorial > Ice Cream Parlor Bakery & Cookie Shop > Inn Donut Shop > Sears Auto Center Wine and Coffee Co. > Sports Club Casket Company > Bass Pro Shop Muzzle Shoot Enterprise > Several Wal-Marts Property Owners Associations > Apple and Pork Festival Rolls Royce Plant > Pepsi Bottlers Yacht Repair Business > Anti-Cruelty Society Tackle Shop > Elevator Company Center for Veterinary Medicine > American Legion UPS Store > Heritage Groups Parcel Shop > YMCA Center Brewery > Mail Boxes Etc Night clubs > From rforno at infowarrior.org Thu Jul 13 10:02:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jul 2006 10:02:18 -0400 Subject: [Infowarrior] - DHS's Unlimited "Priorities" Message-ID: The Department of Homeland Security's Unlimited "Priorities" Yesterday's New York Times story on the Department of Homeland Security's promiscuous "National Asset Database" is custom made for satire. An Amish popcorn company, the Groundhog Zoo in Pennsylvania, a kangaroo conservation center, literally some beach somewhere "at the end of the street," all listed in THE government database of critical infrastructure and key resources, a list that just also happens to exclude the Statue of Liberty and Empire State Building. "We don't find it embarrassing" at all, the DHS spokesman responded to an internal Inspector General's report on the database. The Department pulled out all the patent bureaucratic answers: It is still too early in the process to assess the database, the "states" provided "quirky totals" that still need to be double checked, with more time and more money, we'll produce an even bigger, better list. < - > http://blog.washingtonpost.com/earlywarning/2006/07/the_department_of_homela nd_sec_1.html From rforno at infowarrior.org Thu Jul 13 13:05:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jul 2006 13:05:50 -0400 Subject: [Infowarrior] - White House agrees to NSA review by court: senator Message-ID: I'm sure there's a catch somewhere, but haven't found it yet. -rf White House agrees to NSA review by court: senator By Thomas Ferraro Reuters Thursday, July 13, 2006; 11:48 AM http://www.washingtonpost.com/wp-dyn/content/article/2006/07/13/AR2006071300 689_pf.html WASHINGTON (Reuters) - The White House, in a policy reversal, has agreed to allow a secret federal court review of the National Security Agency's domestic spying program, a top Senate Republican announced on Thursday. Senate Judiciary Committee Chairman Arlen Specter said he has negotiated a proposed bill with the White House that would achieve that and voiced hope his panel would approve it. "We have structured a bill which is agreeable to the White House and I think will be agreeable to this committee," Specter told the panel, which will vote on it perhaps later this month after members have had an opportunity to review it. Specter and other lawmakers pressed Bush to seek clearance from the secret Foreign Intelligence Surveillance Act court for the spying program, implemented after the September 11 attacks and first disclosed last December by The New York Times. Specter earlier said the administration may have broken the law in allowing the NSA to monitor international phone calls and e-mails of U.S. citizens without first obtaining warrants. The act requires warrants from the court for intelligence-related eavesdropping inside the United States. But Bush had defended the program, saying he had the power and responsibility as a wartime president to protect the nation. Specter said he had been in discussions with Bush and other members of the administration for weeks to forge a deal. The Pennsylvania Republican said the court will determine the program's constitutionality based, in part, on arguments presented to it by the attorney general. Specter said the court will also consider an explanation about how the program is "reasonably designed to ensure that the communications intercepted involve a terrorist agent of a terrorist or someone reasonably believed to have communications associated with a terrorist." The bill would also require the attorney general to provide members of the House of Representatives and Senate intelligence committees with information about any electronic surveillance program in effect. ? 2006 Reuters From rforno at infowarrior.org Thu Jul 13 15:14:01 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jul 2006 15:14:01 -0400 Subject: [Infowarrior] - More on the new NSA agreement Message-ID: ...I think the potential "gotcha" I referred to earlier is the last paragraph about consolidating the various surveillance suits into one case brought before FISC....meaning they'd only have to worry about winning one case instead of dozens? The whole "misusing information" thing is interesting -- what standard will be used to determine such misuse? -rf http://www.foxnews.com/story/0,2933,203339,00.html < - > Specter told the committee that the bill, among other things, would: ? Require the attorney general to give the intelligence court information on the program's constitutionality, the government's efforts to protect Americans' identities and the basis used to determine that the intercepted communications involve terrorism. ?Expand the time for emergency warrants secured under the Foreign Intelligence Surveillance Act from three to seven days. ?Create a new offense if government officials misuse information. ?At the NSA's request, clarify that international calls that merely pass through terminals in the United States are not subject to the judicial process established under the Foreign Intelligence Surveillance Act. The administration official, who asked not to be identified because discussions are still ongoing, said the bill also would give the attorney general power to consolidate the 100 lawsuits filed against the surveillance operations into one case before the Foreign Intelligence Surveillance Court. From rforno at infowarrior.org Thu Jul 13 15:25:59 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jul 2006 15:25:59 -0400 Subject: [Infowarrior] - Schneier: A Minor Security Lesson from Mumbai Terrorist Bombings Message-ID: ...agree 100% -rf A Minor Security Lesson from Mumbai Terrorist Bombings http://www.schneier.com/blog/archives/2006/07/a_minor_securit.html Two quotes: Authorities had also severely limited the cellular network for fear it could be used to trigger more attacks. And: Some of the injured were seen frantically dialing their cell phones. The mobile phone network collapsed adding to the sense of panic. (Note: The story was changed online, and the second quote was deleted.) Cell phones are useful to terrorists, but they're more useful to the rest of us. From rforno at infowarrior.org Fri Jul 14 08:37:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 08:37:42 -0400 Subject: [Infowarrior] - FBI grapples with out-of-date computers Message-ID: FBI grapples with out-of-date computers By Anne Broache http://news.com.com/FBI+grapples+with+out-of-date+computers/2100-1028_3-6094 070.html Story last modified Fri Jul 14 04:00:05 PDT 2006 Four years ago, a former FBI project manager lamented the state of the agency's primitive electronic case-management system. "There's no mouse; there's no icon," the official told the U.S. Senate Judiciary Committee in July 2002, according to a recent government report. "There's no year 2000 look to it. It's all very keyboard-intensive." Not much has changed since then. According to recent reports, a string of managerial blunders, financial indiscretions and assorted snags have accompanied efforts to modernize the agency's computer systems. A former government contractor assigned to an earlier incarnation of the upgrades was sentenced Thursday to three years of probation, six months' home detention and $20,000 in restitution after pleading guilty in March to "exceeding authorized access" to FBI records, the agency said. According to court filings, he abused his network administrator privileges and used free hacking software that's readily available on the Internet to crack 30,000 agency user names and passwords. Despite that latest embarrassment, the FBI says a turnaround is near. The bureau in March sealed a six-year, $305 million deal with prominent defense contractor Lockheed Martin to start over. For the upcoming year, it's requesting $100 million from Congress to launch the four-phase, 42-month overhaul, known as Sentinel, with the target completion date set for 2009. "In the past few years we have struggled with our information technology programs," FBI Director Robert Mueller told a Senate committee in May. "However, we have learned hard lessons from our missteps, and we are doing things very differently this time." For now, Sentinel "appears to be on the right track," with a new crop of management and oversight processes already in place, Justice Department Inspector General Glenn Fine assured the senators in May. But his office has already flagged potential obstacles, such as incomplete staffing, the agency's ability to track and control the project's costs, and the possibility that systems won't be compatible with those of other investigative agencies such as the Department of Homeland Security. "The bureau's effectiveness hangs in the balance, and the American people cannot afford another fiasco." --Sen. Patrick Leahy With that in mind, auditors plan to "aggressively monitor" the project as it proceeds, Fine added. Critics aren't convinced yet. Sen. Patrick Leahy, the Judiciary Committee's Democratic co-chairman, said at the May hearing that he remained "very concerned" about progress on what he called an "essential task." "The bureau's effectiveness hangs in the balance," he said, "and the American people cannot afford another fiasco." There are plenty of skeptics off Capitol Hill as well. Jim Harper, director of information policy studies at the Cato Institute, said he didn't see any reason to believe the Sentinel project will be better managed than its predecessors. "The problem is institutional; when an organization's membership doesn't enjoy feast or famine based on the success of the organization, very little can bring it into focus and create success," he said in an e-mail interview with CNET News.com. "Congressional and public oversight is a weak, weak substitute for competitive pressure." Computer blamed The push for computer upgrades at the FBI picked up after the Sept. 11 attacks. Critics, including former Attorney General John Ashcroft, blamed neglected, incompatible systems for possibly hindering investigators' ability to gather and share intelligence on terrorists. Those scathing assessments have already led to some changes. FBI's aging computer woes In 2001, the FBI launched a massive computer overhaul and has successfully upgraded its network and IT hardware. But the more difficult goal of upgrading its case-management software remains elusive. By April 2004, the FBI completed the first two components of a now-defunct project called Trilogy. After forking over $337 million--nearly $100 million more than originally projected--the agency replaced its employees' desktop computers, more than 13,000 of which were already between 4 and 8 years old during the late 1990s. The bureau also scrapped an even older network, bearing speeds roughly equivalent to those of a 56Kbps (kilobits per second) modem, and deployed a new "wide area network" that it said enhances the ability of FBI offices and other law enforcement organizations to communicate. "Without getting into sensitive and classified information," Mueller told senators at a February 2005 hearing, "I can assure you that our ability to intercept and decipher communications and to otherwise monitor criminal activity and gather intelligence is among the best in the world." But agents continue to struggle with day-to-day tasks related to managing case files and records through a mainframe system that dates to the 1980s. Officials and auditors have called that Automated Case Support, or ACS, system cumbersome, ineffective, "severely outdated" and insufficiently user-friendly. The ACS system is essentially a repository of hard-copy documents, manually scanned and uploaded for electronic viewing. Information is not readily searchable, and "agents and analysts cannot easily acquire and link information across the FBI," said an Inspector General's report from March. On average, it takes 13 keystrokes just to bring up a single document, FBI Chief Information Officer Zalmai Azmi said in a phone interview. With single case files containing as many as 100,000 separate documents and pieces of evidence, that's bound to be a serious shortcoming, auditors have said. "You have to put commands in there; you have to do everything manually," Azmi said, acknowledging that "we don't have any mouse interaction with that version." The first phase of Sentinel, according to planning documents, is supposed to yield a Web-based portal that will allow investigators a more streamlined way of accessing and entering data in the existing case-management system. Later, the agency plans to begin a transition to a fully paperless process and to install a more sophisticated database designed to allow agents to "connect the dots" among cases. The final goal is to retire the ACS system in favor of an entirely new--and exclusively electronic--case management system that eradicates the need for paper files. That objective is not unlike that of the failed Virtual Case File, or VCF, project, which the FBI discontinued last year after three years of development, expenditures of $104.5 million and harsh criticism from auditors. Although VCF and Sentinel have seemingly similar aims--namely, a Web-based, ultimately paperless interface--the Inspector General's March report said it was unclear how much of the investment in VCF could be directly applied to Sentinel. The FBI, for its part, has made a concerted effort to distance Sentinel from its predecessors. Speaking before senators in May, Mueller said he expected the new project to offer "greater capabilities" and said he wanted "to emphasize that the Sentinel program is not a reincarnation of the Virtual Case File." Keeping costs in check has not been the FBI's strong suit, according to auditors of its activities. Earlier this year, the Government Accountability Office issued a report that faulted the FBI for squandering $10.1 million on "questionable contractor costs," including customized ink pens and highlighters for training sessions, and misplacing more than $7 million in equipment related to the Trilogy project. The agency said it's determined not to repeat those mistakes with the Sentinel program. Among its plans are frequent meetings with the contractors, biweekly updates on the variations in the intended project schedule, financial incentives for meeting performance standards, and a new program office slated to include 76 staffers dedicated exclusively to the project. The goal, CIO Azmi said, is to reverse previous pitfalls "so there are no rogue operations and there are no ad hoc developments within the bureau." CNET News.com's Declan McCullagh contributed to this report. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Jul 14 08:39:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 08:39:07 -0400 Subject: [Infowarrior] - Interview with FBI CIO on FBI IT woes Message-ID: FBI's CIO faces agency's tech challenges By Anne Broache http://news.com.com/FBIs+CIO+faces+agencys+tech+challenges/2008-1028_3-60941 46.html Story last modified Fri Jul 14 04:00:06 PDT 2006 When Zalmai Azmi took the job of the FBI's chief information officer three years ago, he had a daunting task ahead of him: steering the agency's rocky computer modernization project back on course. The results so far have been mixed. Last year, the FBI was forced to abandon its initial plans to create a so-called Virtual Case File system, with FBI Director Robert Mueller admitting to Congress that more than $100 million had been wasted. In addition, a series of damming reports have described slipshod management and missing equipment. Now, however, the FBI is trying again with a project named Sentinel that's designed to succeed a paper-intensive system that relies on 1980s mainframe technology. In March, the FBI awarded Lockheed Martin the contract for Sentinel's development, which is estimated at $305 million over six years. Azmi, an Afghan native, came to the FBI from the Executive Office of the U.S. Attorneys, where he was responsible for developing and carrying out a multi-year IT transformation plan. CNET News.com spoke with Azmi about Sentinel's direction, the existing cumbersome systems and recent reports that a contractor hacked the FBI's computers. Q: The FBI spent over $100 million on a system that ultimately had to be abandoned. Earlier this year, government auditors faulted the bureau for wasting millions of dollars on "questionable contractor costs" and misplaced equipment from earlier stages of the upgrade process. How can you be sure that taxpayer money won't go to waste again? Azmi: The GAO audit was specific to the Trilogy program and not specifically to the Virtual Case File. Sentinel is more akin to VCF than it was (to) Trilogy because Trilogy was the deployment of our network, desktops, laptops, scanners, printers, a lot of moving parts and a lot of computers. Sentinel is different. It's not going to supply any desktops or laptops or anything like that, it's more of an application we will make available to our users through Web technology or through a Web browser. Regardless of that, a lot has changed since the Virtual Case File program was envisioned. Now we have an enterprise architecture in place...We have the governance process to do that project from cradle to grave. As we go through that process, there are specific control gates and reviews and a proof of project to move to the next step. We have an investment management board in place...to make sure we're investing in technologies that the bureau needs, technologies that are what our vision needs, and technologies that are budgeted for and envisioned for in enhancing the FBI's future mission. We do have a very strict certification and accreditation policy or program in place for security, so every program has to go through what we call a C&A process. We also have a Life Cycle Management directive in place, which means that every program has to be developed according to a set of standards within the bureau, and those standards are reviewed and monitored through the governance process to make sure our contractors and our vendors are following the policies, methodologies that we have put in place. With our current mission of national security and cybersecurity, it is imperative for us to have the latest and greatest tools within the bureau. >From the perspective of agents and analysts doing their day-to-day work, how urgent is it that the FBI modernize its case-management system? If the system itself dates back to the 1980s, why weren't upgrades started sooner? Azmi: Information technology has to be revamped on a regular basis. Within the government, the best practices, every three to four years we have to replace our computers, and every five or maybe six years our servers. So there's a refresh cycle for the technology because it's constantly changing. With our current mission of national security and cybersecurity, it is imperative for us to have the latest and greatest tools within the bureau. And that's why there's a sense of urgency, we need to have those critical tools at the disposal of our agents and analysts to do their job, and that urgency will remain. We're looking at new technologies every single year to enhance our mission. The FBI's case-management system seems to be keyboard-based and paper-intensive, slowing down the process of accessing records. What are some of the complaints that FBI users have made about the way the case management system works, and how would the new system address those concerns? Azmi: The existing automated case system that we have, which is called ACS, is a mainframe application, what we call a green screen, because it's command driven. You have to put commands in there, you have to do everything manually. It is true we don't have any mouse interaction with that version of automated case system. It is not taking advantage of modern technology. For example it's probably going to take about 13 function keys or pressing of the keys on the keyboard to load a document into the mainframe in comparison to what you are probably aware or familiar with when you go into your e-mail and see an attached document. It's a couple of clicks and the document is on its way thru to the receiver. The new technology, the central program that we will be implementing is a program based on Web technologies. It is a service-oriented architecture, meaning each capability of the program will be provided as a service in terms of information management, document management, search capabilities, reporting capabilities, those will be all services that we will provide through this application. But also the benefit of this approach is the same services can be used by other applications throughout the enterprise. In a nutshell, the new Sentinel is going to be akin to an AOL or a Yahoo Web page where you go and information is available to you through your searches, through your data entry, and you move forward to the daily work. The other part of the challenge was the uploading of the documents. It was also the process of electronically routing documentation. Currently, if we are in one of our resident agencies and we do that paperwork, that paperwork requires a signature of our supervisor. Basically we have to put that file in an envelope, we have to mail it to our field office where our supervisor is going to take a look at it, maybe sign it, maybe comment on it, or whatever, so in my view that is a delay in time. With our new system, that process will be seamless...because you work online, you just forward the e-mail, that document, to your supervisor who is going to approve it and move forward. So there's time saving in there, there's accountability for the document at any given time. It's not going to get lost in the mail, and there will be also a chain of custody. At any given time you will know who has that document, the critical capabilities that we are missing currently. What made the FBI decide on Lockheed Martin as the primary contractor this March? Will there be other companies working on Sentinel as well? Azmi: The contract was completed under the National Institutes of Health's (procedure). There were a number of vendors that actually bid on this, and Lockheed was the one that was selected based on their proposal and their strategy for developing this program. Lockheed has a number of (subcontractors) under it, about 10 primary subs are working with Lockheed to support Lockheed in this endeavor. (Some of them are Accenture, Computer Sciences Corp. and CACI.) The Washington Post recently reported that a former contractor broke into secret FBI systems without proper authorization. The contractor that broke in, working from a field office in Virginia, apparently took advantage of an antiquated security mechanism (/etc/passwd files in cleartext) that the private sector abandoned a decade ago. Why was the FBI so behind? Do you plan changes in security with Sentinel? Azmi: It's two different issues--first of all, let me clarify that the individual who had access to our networks was a privilege that was granted to him because he was part of our system administrative staff when he was deploying Trilogy, so he already had access to the system, took advantage of those privileges, so that's how he was caught. Sentinel is actually an application that has its own security mechanism, which is different and actually does not even relate to the case in Springfield at all, because we manage passwords and security in Sentinel much different than what happened in Springfield. Springfield was (about) access to the network, and Sentinel is access to an application, two different things. Statements were made that this guy cracked the passwords and that's how he gained access to the network. That's not true. He had the privilege already to the network, and he abused that privilege and that's how he was caught... We knew of the vulnerability, and we also are protecting our password files, but the fact that this guy had the administrative rights to our system, that's what made it vulnerable, and that's why we call it insider threats. It's very difficult to defend against that, it's almost like you shouldn't give anybody administrative rights, but who's going to manage the system? So there's a balance you always have to reach. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Jul 14 10:04:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 10:04:51 -0400 Subject: [Infowarrior] - GAO Finds Pentagon Erratic In Wielding Secrecy Stamp Message-ID: GAO Finds Pentagon Erratic In Wielding Secrecy Stamp http://www.washingtonpost.com/wp-dyn/content/article/2006/07/13/AR2006071301 518_pf.html By Walter Pincus Washington Post Staff Writer Friday, July 14, 2006; A19 The Government Accountability Office has criticized the Defense Department for sloppy management of its security classification system, including the marking as "Confidential or Secret" material that Pentagon officials acknowledged was unclassified information. The GAO said in a report June 30 that one of the major questions raised by its study was "whether all of the information marked as classified met established criteria for classification." The GAO also found "inconsistent treatment of similar information within the same document." The GAO reviewed only a "nonprobability sample" of 111 classified Defense Department documents from the Office of the Secretary of Defense. To understand how minute the sample is, the GAO reported that in the five fiscal years between 2000 and 2004, the Pentagon was responsible for 66.8 million new classified records. That is about 13.4 million a year. The GAO report, which was sent to Rep. Christopher Shays (R-Conn.), chairman of the subcommittee on national security of the Government Reform Committee, and disclosed on the Secrecy News Web site of Steven Aftergood, concluded that "a lack of oversight and inconsistent implementation of DOD's information security program are increasing the risk of misclassification." The report was issued at a time when the Bush administration is criticizing newspapers for publishing classified information, and when two nongovernment civilians, who were lobbyists for a pro-Israeli organization, are being prosecuted under the 85-year-old Espionage Act for receiving and retransmitting material they got from a Pentagon official involving national defense secrets. "One reason why classification is an unreliable guide as to what should or should not be published by the press is that classification policy is implemented erratically by the government," Aftergood wrote on his Web site. Of the 111 classified documents reviewed, the GAO questioned classification determinations of 29, about one out of every four. A majority of those questioned "pertained to whether all of the information marked as classified met established criteria for classification." Pentagon officials agreed that in five documents "the information was unclassified and in a sixth document the information should be downgraded." In a broader administrative criticism, the GAO found that 92 of the 111 documents had some marking error, such as failure to include declassification instructions or the source of the classification as required. In 2004, there were 1,059 senior Defense Department officials designated to possess "original classification authority," but more than 1.8 million defense employees who were authorized to classify papers "derivatively," meaning the incorporation of already classified information into a new document by paraphrasing or repetition. The report also comments on a broader problem: that the government as a whole has no common security classification standard and no penalties for overclassification, underclassification or failure to declassify. It notes, for example, that although different agencies have authority to classify material, there are conflicting markings in some agencies for annotating with an "R" whether a record is to be released or declassified or retained and kept classified. "One of the agencies uses a 'D' to denote 'deny automatic declassification' and an 'R' to denote release," the report says. "While the other agency uses a 'D' to denote 'declassify' and an 'R' to denote 'retain.' " The report also said that even though the president, Congress and the public are given figures estimating how many Defense Department documents are classified each year, such estimates are "unreliable" because Pentagon agencies use different assumptions "about what should be included." ? 2006 The Washington Post Company From rforno at infowarrior.org Fri Jul 14 12:09:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 12:09:52 -0400 Subject: [Infowarrior] - MySpace Kills Internet Tube Song Message-ID: MySpace Kills Internet Tube Song >From Wired News, July 14, 2006 By Ryan Singel http://www.freepress.net/news/print.php?id=16521 After hearing Sen. Ted Stevens? now infamous description of the internet as a ?series of tubes,? Andrew Raff sang the senator?s words over a folksy ditty and anonymously posted it to MySpace.com, where about 2,500 people listened to the tune, thanks to a link from one of the net?s top blogs. On Tuesday, MySpace canceled the TedStevensFanClub account, telling Raff that the social-networking site, now owned by media mogul Rupert Murdoch?s News Corp., had received a ?credible complaint of your violation of the MySpace Terms of Services.? (Editor?s note: MySpace reinstated Raff?s account Thursday afternoon following publication of this story. The company says Raff?s account was deleted in error.) The cancellation e-mail referenced a number of prohibited activities, including trademark and copyright violations. MySpace also reserves the right to remove any profile for any reason. But Raff, a recent graduate from law school, didn?t violate any copyright laws in using the Alaskan senator?s words, since government works cannot be protected by copyright. And Raff composed the music himself. Raff doesn?t contest MySpace?s right to enforce its terms of service, but he sees a political lesson in the takedown ? a foreshadowing of the kind of repression of speech that could become commonplace if phone companies prevail in their efforts to create a two-tiered internet. In an e-mail interview, he also questioned MySpace?s motives in removing his political commentary from the site. ?I?m not at all upset about MySpace taking the page down ? just curious as to why,? he wrote. ?I have yet to receive a reply to my inquiry as to why this account was deleted?. I am very curious about the reasons why they took this down ? if it is a case of extreme caution with regards to copyright or whether it is the result of some other influence (perhaps even good taste).? Art Brodsky, communications director for Public Knowledge, questioned the timing of the takedown, noting that News Corp. has interests in the telecommunications bill put forth by the Senate Commerce Committee that Stevens heads, and that some in Congress are looking to regulate MySpace over concerns about pedophiles. ?Of all the God-knows-how-many separate postings on MySpace, this one was singled out,? Brodsky said. ?You can?t fill out an online form to get something deleted; somebody had to make a specific call on that specific song. Given all that has been happening with Stevens ? he was on The Daily Show last night and all the writing we have been doing ? I just have a very skeptical view of coincidence.? MySpace?s PR firm said it would look into the matter. Public Knowledge, a nonprofit that has been fighting against the broadcast flag and for net neutrality, originally posted the recording of Stevens? odd, and technically inaccurate, explanation of why he was voting against net neutrality. After a Wired News blog published a transcript of his remarks, they became a sensation over the long July 4 weekend, spawning hundreds of blog posts and comments at sites such as digg and Slashdot, and inspiring netizens to make T-shirts, PowerPoint presentations and songs lampooning the senator?s assertion that the ?internet isn?t a truck ? it?s a series of tubes.? The internet tube meme hit the big time when comedian Jon Stewart aired the audio on The Daily Show Wednesday night, complete with a helpful diagram illustrating how a tube-based internet might work. From rforno at infowarrior.org Fri Jul 14 12:12:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 12:12:24 -0400 Subject: [Infowarrior] - Daily flaws ratchet up disclosure debate Message-ID: Daily flaws ratchet up disclosure debate Robert Lemos, SecurityFocus 2006-07-14 http://www.securityfocus.com/news/11400?ref=rss HD Moore is used to polarizing the vulnerability-research community. As the creator of the Metasploit Project, an open-source tool for automating the exploitation of vulnerabilities, Moore has had his share of contentious debates with other security professionals. However, his latest endeavor--releasing a browser bug every day during the month of July--has raised hackles on both sides of the security equation, among the black-hat as well as white-hat researchers. After the first week of flaws were released, one online miscreant from Russia shot off an e-mail to Moore, complaining that he had outed a vulnerability the Russian had been exploiting, Moore said. "The black hats don't like that the fact that this is public because they have been using these bugs," Moore said. "By dumping out the bugs on the community, I'm clearing the air and letting the good guys know what others are doing." Yet, the release did not seem so altruistic to Microsoft, whose Internet Explorer browser suffers from the lion's share of the bugs found by Moore. The software giant indirectly criticized the release of vulnerabilities in a statement to SecurityFocus, underscoring the importance of getting customers updated before they are exposed to threats from malicious attackers. "Microsoft continues to encourage responsible disclosure of vulnerabilities," the software giant said in a statement sent to SecurityFocus. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests." The software giant stressed that many of the flaws merely crashed the Internet Explorer browser, while the more serious vulnerabilities were fixed in the recent MS06-021 security update. Other browsers had fewer flaws, Moore said. He discovered some issues with Mozilla's Firefox had, but the group fixed them quickly, he said. Opera's browser, at least the most recent version, stood up quite well "Opera 8.5 fell apart ten different ways, but 9.0 looks pretty solid," he said. While Microsoft and other software makers have improved their relationships with many flaw finders, other researchers have ratcheted up the pressure on the companies to fix the vulnerabilities in their systems. After finding a flaw in the online-application Web site of the University of Southern California, security professional Eric McCarty decided to go public with the issue to put pressure on the university and is now being prosecuted for breaching the site's security. Another researcher, David Litchfield, released descriptions of Oracle flaws, after the database maker failed to patch the issues immediately. In the most recent case, Moore had first warned software makers of the threat posed by potential attackers using the tools, known as fuzzers. Because response to the warning seemed slow, he decided to publicly release many of the bugs, one each day in July. The avalanche of browser flaws underscores the problems for software vendors as fuzzers become more popular. The flaw-finding programs systematically change the data sent to an application to see how the software reacts. In many cases, bad data can cause an application to crash; other times, the application's response to the mangled data reveals underlying security flaws. HD Moore used five different fuzzers--all but one of which is publicly available--to find hundreds of vulnerabilities in the major browsers, he said. "People now have a feeling about how things stand," Moore said. "There will be five or six tools that they can run and find out what flaws potentially could be exploited." While the Month of Browser Bugs project has come under criticism, the objections of the black hat community underscores why it is important. Making the vulnerabilities known will prompt software developers and defenders to respond to threats and secure their systems, said Peter Swire, a professor at Ohio State University's Moritz College of Law. "The attackers probably know about the vulnerabilities, the defenders have not patched pervasively, so disclosure will tend to help the defenders," Swire said. In a paper published in 2004, Swire argued that--while there are cases where obscurity can help security--that's not the case for Internet-connected computers. After informing the software maker and giving them time to patch the problem, releasing the information helps overall security, he said. "In many cyber applications, it makes sense to use openness," Swire said. "The factors tilt towards openness because the attackers can attack repeatedly, learn from the attacks and tell people about the attack. It is different from many real world applications where they can get the plans for the banks and that will help them with the attack because they know where to step to avoid the alarm sensors." Others have taken the issue of disclosure as an incentive to secure systems to a more extreme degree. In a law note published in the Harvard Law Review (PDF) last month, recent graduate Jonathan Lin argued that even acts of cybercrime that do not cause major damage should be considered a benefit because it helps secure the Internet, similar to disclosure. "I think there should be a more nuanced approach to how we measure what are the most damaging attacks," said Jonathan Lin, a recent graduate from Harvard University's School of Law and the author of the note. Focusing on the online vandals that do minor damage to systems through attacks that highlight security risks may not be the best use of government resources, he said. The result of such prosecution could be a far less secure Internet, he argued. "It is really difficult for the U.S. government to protect itself from attacks that span the globe," he said. "So the centralized response of prosecution is not going to be very effective--it feels almost like a lost cause. We have to do something about it, but I feel that the effort is focused on the wrong threat." Looked at from an economic perspective, the enhanced security that comes from disclosure--and some minor cybercrimes--is known as a positive externality, a beneficial effect on the consumer from an event in which they did not participate, said Eric Goldman, director of the High-Technology Law Institute at Santa Clara University's School of Law. While online attackers target vulnerable software applications, when the software maker offers a program patch to close the security hole, the consumer benefits. However, the flip side of the effect--so-called negative externalities--typically outweigh the positive for acts such as cybercrime, Goldman said. "There is no real wealth created by the investments in security, it is just a cost of everything we do in our lives," said. "When the (Harvard) article argues that we create a social benefit, it could also be argued that the person is creating a bunch of dead-weight losses that really don't benefit society." Certainly, software makers, who now have to run multiple data-fuzzing tools against their software, may feel that way. The dramatic daily release of bugs during July is a warning that the companies need to use data-fuzzing tools to find application flaws before attackers find the weaknesses first. The number of exploits of previously unknown flaws--called zero-day exploits--detected by security firms has also, at least anecdotally, increased dramatically over the last year. And these tend not to be flaws that can easily be found by researchers--fuzzer-found flaws tend to be somewhat obscure, Moore said. "These weren't well-understood bugs," he said. "They are really strange issues that it is really hard to understand, even after the fact. For example, one ActiveX bug requires ten different variables be set." Microsoft has made fuzzing part of its Software Development Lifecycle and runs the tools, not just against browsers, but its other software as well, a spokesperson said. While Moore has grown somewhat tired of fuzzing, he is not done quite yet. A yet-unreleased data-fuzzing tool has found a number of other vulnerabilities in the current version of Internet Explorer, he said. He has not released information on those issues, except to Microsoft, but plans to create a tool so that system administrators can eventually check their systems for the flaws. CORRECTION: The article's discussion of Peter Swire's paper and position was clarified to stress that he believes proper disclosure involves first notifying the vendor, giving them time to fix the issue and then releasing vulnerability information. From rforno at infowarrior.org Fri Jul 14 12:27:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 12:27:26 -0400 Subject: [Infowarrior] - New Markle Report on Information-Sharing Message-ID: Markle Task Force on National Security in the Information Age Releases Third Report, "Mobilizing Information to Prevent Terrorism: Accelerating Development of a Trusted Information Sharing Environment" Report recommends new concepts that reconcile national security needs with civil liberties requirements http://www.markle.org/resources/press_center/press_releases/2006/press_relea se_07132006.php Washington, DC (July 13, 2006) - - The Markle Foundation Task Force on National Security in the Information Age released its third report today with recommendations on how to reconcile national security needs with civil liberties requirements. The report offers a new "authorized use" standard for government handling of legally collected information that bases authorization to view information on how the information is going to be used, rather than on the nationality of the subject or the location of collection. The report also proposes a new risk management approach to sharing classified information that balances the risk of compromising classified information with the security risk that can come from failing to share information with those who need it to understand the threats to national security. Further, the report identifies examples of technology that can be used effectively to provide appropriate oversight and accountability. In its two previous reports that were incorporated in the information sharing provisions of the Intelligence Reform and Terrorism Prevention Act of 2004 and several Executive Orders, the Task Force called for the creation of a trusted information sharing environment where terrorist-related information is shared among all the people who need it - at the federal, state and local level as well as the private sector - with confidence and accountability for security and civil liberties protections. Better information sharing is essential in the fight against terrorism. Two years since the publication of its last report, and nearly five years since the terrorist attacks of September 11, the Task Force finds that while more information is being shared, the government still has not taken many key steps to meet the challenges of sharing information to prevent terrorism while protecting civil liberties. "We have consistently said that public trust in a network that uses personally-identifiable information can only be achieved if government-wide guidelines for information sharing and privacy protection are established after open public debate," said Zoe Baird, co-chair of the Task Force and President of the Markle Foundation. The Task Force again emphasized the importance of trust in the information sharing environment. Government agencies must trust each other with sensitive information, and the American people must trust their government to use information in a manner that protects their privacy and civil liberties. The report calls for renewed leadership by the President and Congress to accelerate the process already underway. "Persistent leadership in the implementation and strong oversight of the operation of information sharing systems is required from all branches to accelerate the creation of a trusted information sharing environment" said James Barksdale, Co-Chair of the Task Force. To help implement a trusted information sharing environment, the Task Force recommends the adoption of: * An "authorized use" standard to determine who should have access to information the government has lawfully collected based on the use to which they will put the information rather than its place of collection. "The borderless nature of the threat has rendered unworkable some of the old rules on sharing lawfully collected information. Under the authorized use approach we propose, each agency can get the information it needs to pursue a clearly articulated mission, subject to auditing to ensure accountability and protect privacy," says Jim Dempsey of the Center for Democracy and Technology and a member of the Task Force. The rules for the authorized use standard should be developed through open public debate. The current outdated standards for sharing and accessing information based on nationality and place of collection have caused confusion and in some cases produced a rigidity that impedes desirable information sharing without protecting civil liberties. The Task Force recommends an "authorized use" standard based on well-defined missions for participants in the information sharing environment. * A "risk management" approach to classification that better balances the risks of inappropriate disclosure with the risks of failing to share information. Current classification procedures are frequently a barrier to effective information sharing because they overemphasize the risks of inadvertent disclosure over those of failure to share information. To avoid this situation, the Task force recommends a new risk management approach to classification that gives adequate weight to the risks of not sharing information. * Clear guidelines for sharing information while protecting civil liberties. "Government-wide policies, processes and guidelines that facilitate information sharing and provide trust by empowering and constraining users should be developed as well as the technology solution we have suggested," says Bill Crowell of the Task Force. "The guidelines should clarify agency missions and address the requisite security, civil liberties and privacy protections." Every government agency and department should know and understand the rules of information sharing - not only to improve our anti-terror efforts but also to provide a standard to measure success and ensure accountability. * Technology that facilitates sharing while protecting security and privacy. The Task Force calls for the continued development and use of technology to connect people in ways that improve trust among government officials and the public. Technology exists that can improve data sharing, enhance security, as well as facilitate privacy and accountability. * An effective dispute resolution process. Even with clear and consistent guidelines for information sharing, disputes will inevitably arise over decisions not to share information. The Task Force recommends the creation of a systematic, workable, efficient process to resolve these disputes. The recommendations address disputes about dissemination and retention, accuracy and correction, as well as broader disagreements about access to and use of databases and categories of information. * A new Information Sharing Institute. The Institute could make operational and professional expertise available beyond that of individuals working in any particular government agency, department, or contractor. This Institute would provide a mechanism to identify and distribute best practices, and to apply technologies available in other sectors. It should have the full and active participation of organizations from federal, state, and local governments as well as the private sector. The Task Force promotes a trusted environment that fosters sharing and collaboration among those with information useful to understand terrorist threats; where policies and technologies are developed in tandem; and where security is enhanced and civil liberties are protected. About the Markle Task Force In the wake of the September 11, 2001, terrorist attacks, the Markle Foundation established the Task Force on National Security in the Information Age to address the question of how best to mobilize information and intelligence to improve domestic security while protecting established civil liberties. The Task Force members include some of the nation?s leading experts on national security from the administrations of Presidents Carter, Reagan, George H. W. Bush, Clinton and George W. Bush, as well as leading experts on information technology and civil liberties. To download a copy of "Mobilizing Information to Prevent Terrorism: Accelerating Development of a Trusted Information Sharing Environment," please visit www.markletaskforce.org. For additional information or questions, please contact Mara Rudman at (202) 841-7111. From rforno at infowarrior.org Fri Jul 14 22:12:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 22:12:11 -0400 Subject: [Infowarrior] - System vulnerabilities being sold in on-line auctions Message-ID: http://www.theglobeandmail.com/servlet/story/RTGAM.20060713.gtauctionjul13/B NStory/Technology/home System vulnerabilities being sold in on-line auctions NESTOR E. ARELLANO ITWorld Canada On-line scammers turned entrepreneurs have found a new commodity to auction off: system and software vulnerabilities. Here's how it works: Tech savvy cyber crooks identify bugs or vulnerabilities in software applications. Then ? instead sharing these findings with the vendor so a patch can be developed ? they auction it off on-line to buyers, many of whom are willing to pay top dollar for this information. "The name of the game is money," says a study on malware distribution evolution released recently by Finjan Inc., a Web security product development firm based in San Jose, Calif. The study was conducted by a Finjan facility called the Malicious Code Research Centre (MCRC). Below are three samples of postings lifted by Finjan from 'Full Disclosure', an un-moderated mailing list for discussions on security issues and a forum where software vulnerabilities are detailed and openly discussed: * "I just found a second bug that allows one to remotely retrieve the contents of other tabs in IE [Internet Explorer Version] 7. Again for sale. Higgest Bidder." * "So I just found another vulnerability. This time working on the latest patched up [Internet Explorer] version 6.0. It allows for my code to be run... Let the bidding begin." * "Due to the success of my IE [vulnerability] sale I have decided to sell a Windows Vista exploit I discovered. This one work remote (sic) and will run code." Cyber crooks are not hesitant to make such open declarations of illicit intent because of the anonymity offered by the Internet. Some have had the gall to try and peddle their information on popular on-line auction sites such as eBay. Last December eBay pulled an ad that was selling vulnerability information about Microsoft's spreadsheet program Excel. "That was a bold, if foolhardy, move on the part of the seller, because eBay is hardly blackmarket at all," said Ross Armstrong, senior analyst at technology consultancy firm Info-Tech Research Ltd. in London, Ont. But vulnerability information is also sometimes purchased by legitimate companies. For instance, TippingPoint Technologies Inc. of Houston, Texas, and iDefense Inc. of Dulles, VA. have both sometimes bought vulnerability data so as to assist other firms in deterring virus attacks. Last year TippingPoint said it would pay as much as $2,000 (U.S.) for a verified vulnerability. "We are for responsible disclosure of vulnerabilities," said David Endler, director of security research for TippingPoint. The company deals with "security researchers" who contact TippingPoint with whatever vulnerability they discover. TippingPoint validates the vulnerability, tests it out and classifies it according to potential severity. It then helps its clients develop means of mitigating the vulnerability. The firm also informs the software vendor about the vulnerability in their product, but does not go public until the vendor develops a patch. While TippingPoint waits for the vendor to come up with their patches other firms disclose to the public any vulnerability they encounter. Open disclosure according to analysts may a double-edged sword. The disclosure could alert malicious hackers about a system's flaws, but it could be the only reliable way to ensure software makers come up with the patches. For those who choose to auction off their findings, "vulnerability" market is also ruled by the laws of supply and demand, and indications are ? right now ? demand is pretty hot. "As the price tag for new vulnerabilities continues to increase, so does the temptation to sell [them] on the black-market, rather than disclose the information to responsible vendors that can develop patches," the Finjan study says. Web security experts say information on how to break into a system can be used to launch spam and phishing attacks or create websites with malicious code that covertly take control of a person's computer. "The market is driven by crime," according to Bruce Schneier, security technologist and founder of Counterpane Internet Security Inc. of Mountain View, Calif. He said organizations involved in identity theft "would only be [too] glad to pay upwards of US$1,000 for information that can help them single out at systems vulnerability and exploit it for financial gain." The information can also be used to create so called "bot-nets" or networks of personal computers controlled remotely by a malicious hacker, according to Info-Tech's Armstrong, "When you have a bot-net of 10,000 to 20,000 hijacked computers, that's a lot of computing power to use for denial of service attacks, to launch spam, or host websites that steal visitors' confidential information," said Armstrong. The Finjan study said back in the 1990s, distribution of viruses was carried out by "script kiddies" in search of fame and recognition among their peers. Later phishing scammers used spoofed e-mail messages to fool people into revealing credit card numbers, passwords and other personal information. Today spam has evolved from a mere annoyance to a channel for propagating malicious code. Late this June customers of the National Australian Bank (NAB) were targeted by a spam message claiming the bank had gone bankrupt, and directing readers to another website to read the full story. The second website actually installed a Trojan virus on the machine of people who visited the site. The code immediately searched for unpatched vulnerabilities on user machines and exploited them to gain control of the computer. There is the odd time when vulnerabilities are created ? perhaps inadvertently ? by a legit company. For instance, late last year SonyBMG placed copy protection software on one of its CDs that used a sophisticated cloaking technique involving use of a rootkit. A rootkit is often used by virus writers to hide traces of their work on a computer, and can be used by a malicious hacker to gain control over a computer. As part of a court-ordered settlement, SonyBMG was recently directed to compensate consumers who purchased Sony audio CDs that installed a rootkit when they were played on a PC. The compensation amounts to US$7.50 and a free album download from Sony's catalogue for each CD purchased. "What is common to all these threats is that they are driven by active content (such as Java Script, VB Script, ActiveX, or Java Applets) ? those same technologies that enable users to browse websites and run common business applications," the study said. Yuval Ben-Itzhak, chief technology officer of Finjan said a great deal of malicious code is able to bypass traditional anti-virus and anti-spam software in the market today because these products are signature-based. "These software products search for virus signatures. But if a virus is new or unknown, the software will not be able to recognize it." Ben-Itzhak said Finjan software blocks malicious code based on its behaviour. The moment the NG 51000 detects questionable behaviour on the part of a visited site it blocks that site. "If a site begins installing executable codes on a computer, tries to access disks or read files, monitor keystrokes, access and modify registry or try to control the computer, it's out," Ben-Itzhak said. "Open disclosure may be imperfect, but it's the only way to guarantee that things will get fixed," said Schneier. "Unless vulnerability is made public, some software makers won't work on the patches." Armstrong said legitimate firms who buy vulnerability information to develop filters or alert its clients are beneficial. "It is a good, pro-active approach and it helps vendors save on research dollars," he said. Aside from the anonymity provided by the Internet, the lack of a coherent and legislation covering the matter prevents authorities from keeping the lid on vulnerability auctions. "This is one giant grey zone," according to Armstrong. "While it may be against the law to propagate viruses, or steal private information, it is not illegal to publish or sell vulnerability information," he said. From rforno at infowarrior.org Fri Jul 14 23:16:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 23:16:42 -0400 Subject: [Infowarrior] - MSNBC At 10: Remembering "The Site" Message-ID: Geeks of the world, unite. :) -rf MSNBC At 10: Remembering "The Site" http://www.mediabistro.com/tvnewser/msnbc/msnbc_at_10_remembering_the_site_4 0167.asp?c=rss It lasted just 13 months in MSNBC's primetime lineup. But invariably, cable news veterans remember the award-winning nightly technology program. "To this day, people stop me and say 'I remember that show you did!,'" The Site host Soledad O'Brien recalled to TVNewser. "I can't believe it's been 10 years." O'Brien, now a co-host of CNN's American Morning, still has a soft spot in her heart for The Site. "Our theory was that we were going to be the first nightly newscast covering the digital revolution," she said. Really fun, really scary Shortly after NBC and Microsoft announced the formation of MSNBC, Ziff Davis offered a proposal for a show about technology. NBC News president Andy Lack directed executive producer of specials David Bohrman (now of CNN) to meet with ZD. "The net result was, I ended up spending about three months in California really helping whip the show into creation," he said. A big abandoned soundstage on Townsend Street in San Francisco was transformed into a TV studio complete with a fully functional espresso bar. Bohrman's breakfast meeting with O'Brien, then the Oakland bureau chief for KRON, led to her hosting gig. Bohrman became the executive in charge of the show. A frantic few days led up to the premiere on July 15, 1996. With two or three days before air, "we had no control room," O'Brien recalled. "It was in boxes. It had been delivered, but there was no control room. But David... was on the floor connecting cables and creating a control room for us." She sums up the experience this way: "It was really fun and really scary at the same time." The Site was a start-up in a community of start-ups as the World Wide Web began to take off. Covering a "big change in the world" "I remember wondering...how we were going to pull this off," O'Brien said. "Did we have enough material to do this? Every single night for an hour? I think we were a little surprised when we did." The show covered subjects like Web design, gaming, and Silicon Valley. It reviewed Web sites and included commentaries from a tech-wary Berkeley professor, among other segments. "Our goal was to talk about the sociological implications -- what does this big change in the world mean to us?," O'Brien said. "The show was the perfect program for MSNBC," Bohrman added. "It was the mix of whatever the Web was going to be and the technology was going to be." The Site symbolized an early attempt to marry television and the Web. The show would frequently refer to its Web site for more information. Lack told O'Brien she should try to be "the viewer, and ask intelligent questions about technology." thesitejuly142.jpgTalking to Dev She posed those questions to Dev. The Site also featured what was the first -- and probably still is the first only -- computer-generated character on cable news. An avatar named Dev Null interacted with O'Brien and answered technology questions submitted by viewers. Leo LaPorte "was the guy in the suit," O'Brien explained. The technology of Dev himself was brand-new. LaPorte wore a motion suit that could sense his body movement. A computer program translated the movement and created the character. The control room then placed O'Brien and Dev on the same set using a switcher. "This feels career-ending to me," O'Brien would remark to Bohrman as she stared at a piece of tape on the wall that marked Dev's virtual position. But somehow, it worked: "She would do real-time Q&A with this cartoon character who was the smartest person in the world when it came to technology issues," Bohrman said. "It was great." "I really loved it" It didn't last for long. When Princess Diana died on August 31, 1997, The Site was replaced by live news updates. MSNBC's ratings skyrocketed as viewers tuned to cable for news about Di. It was the first, but not the last, time that MSNBC changed formats following a breaking news event. O'Brien said she was "heartbroken" when the show was cancelled. "I really loved it," she said. She wasn't alone. Ratings for The Site never went through the roof, but it had a clear community of fans. O'Brien said she received a lot of prom invitations from 15-year-old boys. "It made a difference in the culture, honestly," she said. "I know that sounds grandiose and maybe even a little obnoxious. But every person I meet, they want to talk about it." From rforno at infowarrior.org Fri Jul 14 23:19:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jul 2006 23:19:48 -0400 Subject: [Infowarrior] - Link to text of Specter bill on NSA 'compromise' Message-ID: Subject says it all. -rf http://balkin.blogspot.com/FinalSpecter%20TSPFISA%20Bill.7.13.06.pdf From rforno at infowarrior.org Sat Jul 15 12:31:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jul 2006 12:31:58 -0400 Subject: [Infowarrior] - Wiretap Surrender Message-ID: Wiretap Surrender Sen. Specter's bill on NSA surveillance is a capitulation to administration claims of executive power. http://www.washingtonpost.com/wp-dyn/content/article/2006/07/14/AR2006071401 578.html Saturday, July 15, 2006; Page A20 SENATE JUDICIARY Committee Chairman Arlen Specter (R-Pa.) has cast his agreement with the White House on legislation concerning the National Security Agency's warrantless surveillance as a compromise -- one in which President Bush accepts judicial review of the program. It isn't a compromise, except quite dramatically on the senator's part. Mr. Specter's bill began as a flawed but well-intentioned effort to get the program in front of the courts, but it has been turned into a green light for domestic spying. It must not pass. The bill would, indeed, get the NSA's program in front of judges, in one of two ways. It would transfer lawsuits challenging the program from courts around the country to the super-secret court system that typically handles wiretap applications in national security cases. It would also permit -- but not require -- the administration to seek approval from this court system, created by the Foreign Intelligence Surveillance Act, for entire surveillance programs, thereby allowing judges to assess their legality. But the cost of this judicial review would be ever so high. The bill's most dangerous language would effectively repeal FISA's current requirement that all domestic national security surveillance take place under its terms. The "compromise" bill would add to FISA: "Nothing in this Act shall be construed to limit the constitutional authority of the President to collect intelligence with respect to foreign powers and agents of foreign powers." It would also, in various places, insert Congress's acknowledgment that the president may have inherent constitutional authority to spy on Americans. Any reasonable court looking at this bill would understand it as withdrawing the nearly three-decade-old legal insistence that FISA is the exclusive legitimate means of spying on Americans. It would therefore legitimize whatever it is the NSA is doing -- and a whole lot more. Allowing the administration to seek authorization from the courts for an "electronic surveillance program" is almost as dangerous. The FISA court today grants warrants for individual surveillance when the government shows evidence of espionage or terrorist ties. Under this bill, the government could get permission for long-term programs involving large numbers of innocent individuals with only a showing that the program is, in general, legal and that it is "reasonably designed" to capture the communications of "a person reasonably believed to have communication with" a foreign power or terrorist group. The bill even makes a hash out of the generally reasonable idea of transferring existing litigation to the FISA court system. It inexplicably permits the FISA courts to "dismiss a challenge to the legality of an electronic surveillance program for any reason" -- such as, say, the eye color of one of the attorneys. This bill is not a compromise but a full-fledged capitulation on the part of the legislative branch to executive claims of power. Mr. Specter has not been briefed on the NSA's program. Yet he's proposing revolutionary changes to the very fiber of the law of domestic surveillance -- changes not advocated by key legislators who have detailed knowledge of the program. This week a remarkable congressional debate began on how terrorists should face trial, with Congress finally asserting its role in reining in overbroad assertions of presidential power. What a tragedy it would be if at the same time, it acceded to those powers on the fundamental rights of Americans. From rforno at infowarrior.org Sat Jul 15 22:10:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jul 2006 22:10:50 -0400 Subject: [Infowarrior] - USA's "Minority Report" Jurisprudence Message-ID: Stop Me Before I Think Again By Dahlia Lithwick Sunday, July 16, 2006; B03 http://www.washingtonpost.com/wp-dyn/content/article/2006/07/14/AR2006071401 383_pf.html The government claims to have foiled two major terrorism plots in the past month -- both in early planning stages that had not crossed the line from talk to action. In late June, seven men were arrested in Miami on suspicion of concocting a plan to blow up, among other places, the Sears Tower in Chicago. Then, several men were arrested in the Middle East in connection with plotting suicide bombings of transit tunnels between New Jersey and Manhattan. This shift -- toward disrupting attacks long before explosives are stockpiled or targets scoped out -- makes some sense, given what we know about the Sept. 11, 2001, attacks and last year's mass-transit bombings in London. The difference between grandiose gym talk and a lethal terrorist strike can be bridged in a nanosecond, with a box cutter and a phone call. But it's also a shift from prosecuting tangible terrorism conspiracies to prosecuting bad thoughts. And we need to think carefully before we go further down that road. Even the FBI's deputy director has conceded that the plan of the so-called Miami 7 was "more aspirational than operational." Comedy writers lie awake at night dreaming about indictments like this one : The leader of the Miami plotters met with an FBI informant posing as a member of al-Qaeda and promptly demanded "a list of materials and equipment needed in order to wage jihad, which list included boots, uniforms, machine guns, radios and vehicles." In demanding the complete GI Joe Action War Kit, the group's ringleader somehow forgot to ask for something to, er, go boom. The very foolishness of these plans -- plus the fact that the FBI informant may have done more to forward the plot than those who were arrested in connection with it -- makes it easy for defense lawyers and liberal critics to claim that we are coming perilously close to establishing a new class of thought crime in this country. So who has the better argument: a government that claims to be fighting a new type of crime that warrants a preemptive legal response? Or civil libertarians who claim that we are a hop from the science fiction world of Philip K. Dick's story "The Minority Report," in which people are arrested for crimes they hope to commit in the future? The truth, as usual, lies somewhere in between. Some of the early intellectual rowing has been done by Yale Law School's Bruce Ackerman in "Before the Next Attack," his new book about terrorism and civil liberties. Ackerman suggests the criminal law paradigm "is fundamentally inadequate as a complete response" to the terrorism predicament. Conspiracy laws that may work to bring down mobsters, for instance, may not serve us well when terrorist aims and objectives are so different from those of the Mafia. But before we agree to mangle criminal law to prevent largely theoretical attacks, there are important questions that warrant asking: 1. Should it matter that the object of the conspiracy is remote, if not impossible? In the New York and Miami plots, the alleged conspirators had no explosives, no surveillance, and the Miami group had no link to a real terrorist organization. The New York group had barely made it out of Internet chat rooms. Should it matter that these "terror cells" are so often teeming with grandiose bumblers? Maybe not. The twin towers and the London transit system were not attacked by criminal masterminds bearing NASA-grade technology. As Homeland Security Secretary Michael Chertoff put it recently: "It is a mistake to assume that the only terrorist that's a serious terrorist is the kind of guy you see on television, that's a kind of James Bond type. The fact of the matter is, mixing a bomb in a bathtub does not take rocket science." Many experts have argued in recent months that today's more decentralized al-Qaeda increasingly waits for grandiose kooks and "self-starters" to plan attacks on their own. That means today's disaffected braggart is easily converted to tomorrow's subway bomber. 2. Should it matter that most plotters have not yet advanced beyond the chattering phase? As a legal matter, no. Even if the conspirators haven't yet entered the country, or acquired the explosives, or scoped out the target -- as was evidently the case in the New York plot -- they may still be criminally liable under our famously elastic conspiracy laws. And that might still be okay. The real policy question is whether this plot consisted exclusively of chatter or could have ever gotten beyond that stage. We don't yet know enough about the New York bombing plan to answer that (though Mark J. Mershon, the FBI's assistant director for New York, has called the threat "the real deal"). Still, even Americans willing to compromise on civil liberties should be concerned by how the Miami case was handled. The arrests there appear to have been triggered not by some threshold of danger being crossed, but by the conspirators beginning to have doubts about the FBI informant who was stringing them along. If we decide as a nation to move the conspiracy goal posts even further away from the commission of overt acts, let's do so because the plotters are uniquely dangerous, and not because the investigation went sour. 3. Should we even worry about all these details? In one of the strangest legal statements of all time, Attorney General Alberto R. Gonzales said: "I think it's dangerous for us to try to make an evaluation, case by case, as we look at potential terrorist plots and making a decision, well, this is a really dangerous group, this is not a really dangerous group." Really? I thought that's what government lawyers were supposed to do. The most dangerous aspect of these new terrorism arrests isn't that the government nabbed super nice guys. These plotters hate this country and want to harm it. The danger is that there is no nuance, no caution and no shade of gray in this new theory of criminal deterrence by CAT scan -- the proposition that you can arrest a man solely for what's on his mind. Gonzales and his colleagues seem to be falling into a familiar trap: They think that since 9/11 happened because of government inaction, any and all government action should be welcome -- including widespread arrests of genuine plotters along with hapless paintballers. The law works best when it's used as a scalpel, not an ax. So please, let's not start arresting citizens for the badness of their thoughts. Because, whoops, I just had another one. dahlia.lithwick at hotmail.com Dahlia Lithwick covers legal affairs for Slate, the online magazine at www.slate.com. ? 2006 The Washington Post Company From rforno at infowarrior.org Sun Jul 16 11:31:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jul 2006 11:31:03 -0400 Subject: [Infowarrior] - CFP:Conference on Availability, Reliability and Security (ARES 07) In-Reply-To: <7cc56a960607121558g292e82e0y5db3aabebc35f53e@mail.gmail.com> Message-ID: Preliminary Call for Papers --------------------------------------------------------------------- The Second International Conference on Availability, Reliability and Security (AReS) ARES 2007 - "The International Security and Dependability Conference" --------------------------------------------------------------------- April 10th ? April 13th, 2007 Vienna University of Technology, Austria http://www.ares-conf.org http://www.ares-conference.eu Conference ----------- The 1st International Conference on Availability, Reliability and Security conference (ARES 2006) has been succesfully organized in Vienna, AUSTRIA from April 20 to April 22, 2006 by the Technical University of Vienna in cooperation with the European Network and Security Agency (ENISA). We have attracted 250 participants for this conference with its 3 keynotes speakers and its 9 workshops held in conjunction with. In continuation of the successful 1st ARES conference, The Second International Conference on Availability, Reliability and Security ("ARES 2007 ? The International Security and Dependability Conference") will bring together researchers and practitioners in the area of IT-Security and Dependability. ARES 2007 will highlight the various aspects of security ? with special focus on secure internet solutions, trusted computing, digital forensics, privacy and organizational security issues. ARES 2007 aims at a full and detailed discussion of the research issues of security as an integrative concept that covers amongst others availability, safety, confidentiality, integrity, maintainability and security in the different fields of applications. Important Dates ---------------- * Workshop Proposal: September, 10th 2006 * Submission Deadline: November, 19th 2006 * Author Notification: January, 7th 2007 * Author Registration: January, 21st 2007 * Proceedings Version: January, 21st 2007 Workshop Proposal ----------------- In conjunction with the AReS2007 conference, a number of workshops will be organised. Workshop proposals which should include the call for papers, the number of papers to be accepted, the contact person, etc. are to be sent to the Workshop Organizing Committee (tho at ifs.tuwien.ac.at), by September 10th 2006. Proceedings of the ARES 2007 workshops will be published by IEEE Computer Society Press. Topics of interest include, but are not limited to: ---------------------------------------------------- * Process based Security Models and Methods * Authorization and Authentication * Availability and Reliability * Common Criteria Protocol * Cost/Benefit Analysis * Cryptographic protocols * Dependability Aspects for Special Applications (e.g. ERP-Systems, Logistics) * Dependability Aspects of Electronic Government (e-Government) * Dependability administration * Dependability in Open Source Software * Designing Business Models with security requirements * Digital Forensics * E-Commerce Dependability * Failure Prevention * IPR of Security Technology * Incident Response and Prevention * Information Flow Control * Internet Dependability * Interoperability aspects * Intrusion Detection and Fraud Detection * Legal issues * Mobile Security * Network Security * Privacy-enhancing technologies * RFID Security and Privacy * Risk planning, analysis & awareness * Safety Critical Systems * Secure Enterprise Architectures * Security Issues for Ubiquitous Systems * Security and Privacy in E-Health * Security and Trust Management in P2P and Grid applications * Security and privacy issues for sensor networks, wireless/mobile devices and applications * Security as Quality of Service * Security in Distributed Systems / Distributed Databases * Security in Electronic Payments * Security in Electronic Voting * Software Engineering of Dependable Systems * Software Security * Standards, Guidelines and Certification * Survivability of Computing Systems * Temporal Aspects of Dependability * Trusted Computing * Tools for Dependable System Design and Evaluation * Trust Models and Trust Management * VOIP/Wireless Security Submission Guidelines ---------------------- Authors are invited to submit research and application papers following the IEEE Computer Society Proceedings Manuscripts style: two columns, single-spaced, including figures and references, using 10 fonts, and number each page. You can confirm the IEEE Computer Society Proceedings Author Guidelines at the following web page: URL: http://computer.org/cspress/instruct.htm The Web site for paper registration and electronic submission will be accessible from the first week of October 2006. Please refer to ARES website (http://www.ares-conf.org or http://www.ares-conference.eu) for update information. From rforno at infowarrior.org Sun Jul 16 11:35:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jul 2006 11:35:56 -0400 Subject: [Infowarrior] - US government told to take its hands off internet Message-ID: Original URL: http://www.theregister.co.uk/2006/07/15/ntia_inquiry_results/ US government told to take its hands off internet By Kieren McCarthy Published Saturday 15th July 2006 22:50 GMT The United States government has been told to end its oversight role of the internet during its own consultation exercise over the future of net governance. In a stark result, over 87 percent of those that commented on the US's continued control of the internet's hierachy said that it was time for it to transition toward a new, more international model. The company that the consultation was designed to review - not-for-profit overseeing organisation ICANN - fared little better, with nearly two-thirds of comments coming down against it. The results will be a wake-up call to the National Telecommunications and Information Administration (NTIA) - the arm of the US government that carried out the consultation prior to the ending of its contract with ICANN on 30 September. The NTIA had quietly announced a notice of inquiry (http://www.ntia.doc.gov/ntiahome/frnotices/2006/NOI_DNS_Transition_0506.htm ) at the end of May in which it asked the public to respond to a number of questions it had over the future of ICANN's role as technical overseeing body for the internet. In the end, the NTIA was swamped with emails and took a week after the deadline had ended to post all the comments received. Just over half of the 632 comments finally received (http://www.ntia.doc.gov/ntiahome/domainname/dnstransition.html) (discounting multiple emails) were not relevant to the inquiry itself, with 153 concerning themselves with the hot political issue of net neutrality in the US at the moment, and a further 174 making broad and often unhelpful comments along the lines of "keep the net free!" and "let the internet the way it is". However, of the remaining 305 comments, nearly two-thirds (197) explicitly stated that the US government should review its own position as ultimate head of the net (with a further nine saying so as a secondary point), compared to 26 that supported its role (and four supporting it as a secondary point). There were a variety of suggestions over how the USG could transition its role to a new body but a broad consensus was reached that it should not be a United Nations body but one outside of existing organisations, capable of moving faster with greater flexibility. Academia Half of the comments critical of the USG repeated the same message as devised by an organisation called the Internet Governance Project (IGP), run by noted net academic Milton Mueller. The IGP had produced a simple two-paragraph response to the inquiry which was then used by a large number of people within the US and outside to make a single point. It read: "The Internet's value is created by the participation and cooperation of people all over the world. The Internet is global, not national. Therefore no single Government should have a pre-eminent role in Internet governance. "As the US reviews its contract with ICANN, it should work cooperatively with all stakeholders to complete the transition to a Domain Name System independent of US governmental control." Many of the comments went into great depth about the successes and failures of ICANN as an organisation since its inception in 1998 and while the vast majority accepted that the contract with ICANN will be renewed by the US government, there were still strong words of criticism. There was almost unanimous agreement that the area where ICANN had failed most was in realising the "private, bottom-up coordination" aspect of its role. The organisation remains too secretive and does not take into sufficient account the views and wishes of everyday internet users and companies, a very large number of comments pointed out. Controversy The most controversial issues were the proposed .xxx domain (which elicited two comments solely about the saga) and the renewal of the dotcom contract. Difficulties with the domain name system itself formed the lead point of eight comments and a further four concentrated on the issue of Whois. In total, forty-four comments were openly critical of ICANN, and a further eight criticised the organisation as a secondary point in their comments. On the other side, 24 comments supported ICANN, saying it had done a good job, with a further six comments providing support as a secondary point. There was however a broad consensus that ICANN should remain in its position for the time being, and be held under the auspices of either the US government or an international organisation until such a time as it had solved its existing problems. ICANN itself did not respond to the inquiry, having decided to run its own parallel consultation, but there are clear signs that CEO Paul Twomey is already aware of the feeling held against his organisation. Several new members of staff have been recruited to improve ICANN's communication with other stakeholders and encourage greater public participation. It remains to be seen how the United States government will react to an overwhelming call for its to end its role as head of the internet. It will hold a public meeting in Washington on 26 July where the comments will be discussed. ? For a more detailed rundown of the comments go here (http://kierenmccarthy.co.uk/2006/07/15/us-government-gets-a-net-kick-in-the -teeth/). From rforno at infowarrior.org Sun Jul 16 16:26:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jul 2006 16:26:58 -0400 Subject: [Infowarrior] - Online news dies after 36 hours Message-ID: Online news dies after 36 hours Boffins work out the science of net news http://www.theinquirer.net/default.aspx?article=32938 By Nick Farrell: Tuesday 11 July 2006, 07:49 BOFFINS at the University of Notre Dame, in the US, have proved what most newspaper journalists could have told them for the price of a beer, a web news story will die after 36 hours. Physicist Albert-L?szl? Barab?si, working with a team from Hungary, had thought that the number of hits on a news story would grow exponentially over time as the story was distributed across the World Wide Wibble. In fact they found that the number of people who read a news story on the web decays with time. Barab?si is interested in studying the Web as an example of a "complex network", with a topology that changes as new documents and links are continually added. The research reckons that a news site has a relatively stable "skeleton" of documents which creates a cumulative number of visitors over time. But news documents receive the most hits directly after their release, decrease with time and are useless after just a few days. The half-life of a news story is just 36 hours, or one and a half days after it is released. While this is short, it is longer than predicted by simple exponential models, which assume that web page browsing is less random than it actually is. This means that if punters do not visit the site for 36 hours they could miss out on the news entirely, which is why some publishers have resorted to RS Feeds or email alerts. Most punters read a particular web page not just because it looks interesting but because it can be accessed easily, the boffins found. It does not matter how important or interesting a story is, if it is older than 36 hours, interest in it will decay faster than yoghurt in a Saharan summer. More here. ? From rforno at infowarrior.org Tue Jul 18 14:59:33 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jul 2006 14:59:33 -0400 Subject: [Infowarrior] - Cato report on overuse of SWAT In-Reply-To: Message-ID: (c/o D) July 17, 2006 Time to Curb Rise in Deadly Paramilitary Police Raids Cato study and interactive map document bungled SWAT-style raids WASHINGTON -- The last 25 years have seen a 1,300 percent increase in the number of paramilitary raids on American homes. The vast majority of these are to serve routine drug warrants, including for offenses as trivial as marijuana possession, according to a new study by the Cato Institute. "These raids, 40,000 per year by one estimate, are needlessly subjecting nonviolent drug offenders, bystanders, and wrongly targeted civilians to the terror of having their homes invaded while they're sleeping," writes Cato policy analyst Radley Balko, "usually by teams of heavily armed paramilitary units dressed not as peace officers, but as soldiers." "Overkill: The Rise of Paramilitary Police Raids in America" provides a legal, historical, and policy background explaining the trend. Balko offers a critique of "no-knock" and "short-notice" raids, explains how such confrontational tactics cause violence rather than lessening risks, and offers recommendations for reform. The paper has an appendix of nearly 150 examples of documented botched raids, including: the case of Alberto Sepulveda, an 11-year-old boy shot in the head during a bungled raid in Modesto, California; Clayton Helriggle, a 23-year-old shot and killed when an inexperienced SWAT team raided a house of college-aged men guilty of recreational marijuana use; Sal Culosi, an optometrist in Fairfax, Virginia mistakenly killed by a SWAT team that had come to his home to arrest him for betting on sports games; and Mississippi police officer Ron Jones, shot and killed when Cory Maye, a man asleep at home with his daughter and who had no criminal record, mistook Jones' raid team for criminal intruders. Balko has found more than three dozen examples of completely innocent people killed in mistaken raids, twenty cases of nonviolent offenders who've been killed, and more than a dozen cases of police officers killed by suspects or mistakenly targeted civilians who thought the police were criminal intruders. Accompanying Balko's report, Cato is releasing also an interactive Google Maps application that plots nearly 300 examples of mistaken raids since the mid-1980s. Users can zoom in to street level, and sort raids by their end result (death of an innocent, death of a police officer, etc.), and the year of the raid. The map is available at . Balko concludes that these policing tactics "bring unnecessary violence and provocation to nonviolent drug offenders, many of whom were guilty only of misdemeanors, they terrorize innocents when police mistakenly target the wrong residence, and they have resulted in dozens of needless deaths and injuries, not only of drug offenders, but also of police officers, children, bystanders, and innocent suspects." White Paper: -------------- next part -------------- An HTML attachment was scrubbed... URL: https://attrition.org/mailman/private/infowarrior/attachments/20060718/ccfc13f7/attachment-0001.html From rforno at infowarrior.org Tue Jul 18 18:31:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jul 2006 18:31:51 -0400 Subject: [Infowarrior] - Gonzales: Bush Blocked Eavesdropping Probe Message-ID: http://www.washingtonpost.com/wp-dyn/content/article/2006/07/18/AR2006071800 601_pf.html Gonzales: Bush Blocked Eavesdropping Probe By Dan Eggen Washington Post Staff Writer Tuesday, July 18, 2006; 2:50 PM President Bush personally blocked an internal investigation into the role played by Justice Department lawyers in approving a controversial warrantless eavesdropping program on calls between the United States and overseas, Attorney General Alberto Gonzales testified today. During an appearance before the Senate Judiciary Committee, Gonzales was questioned by the panel's chairman, Sen. Arlen Specter (R-Pa.), on why staffers in the Justice Department's Office of Professional Responsibility were not allowed security clearances necessary to conduct an investigation into the eavesdropping program. "It was highly classified, very important and many other lawyers had access," Specter asked. "Why not OPR?" "The president of the United States makes the decision," Gonzales answered. The exchange was part of a wide-ranging and often tense hearing touching on many of the most controversial topics related to the Justice Department, from leak prosecutions to the Supreme Court's recent ruling invalidating the Bush administration's commissions for detainees in military custody. The eavesdropping program, begun in secret after the Sept. 11, 2001 attacks and revealed in press reports last December, allows the NSA to intercept telephone calls between the United States and overseas without court approval and has been the focus of months of political debate over its legality. OPR, the Justice Department's internal affairs office, announced earlier this year that it was unable to investigate the role that department lawyers played in the program because it was repeatedly denied the necessary security clearances. Until today, Gonzales and other Justice officials had declined to provide details on who made the decision to block the Justice probe. In a related letter to Specter, also released today, Gonzales wrote that Bush decided that limits had to be placed on the number of officials with access to details about the NSA effort, which the administration dubbed the "Terrorist Surveillance Program" several weeks after its existence was revealed. "The president decided that protecting the secrecy and security of the program requires that a strict limit be placed on the number of persons granted access to information about the program for non-operational reasons," Gonzales wrote. "Every additional security clearance that is granted for the TSP increases the risk that national security might be compromised." But in a series of memos to Gonzales's deputy also released today, OPR chief H. Marshall Jarrett noted that "a large team of attorneys and agents" assigned to a criminal investigation of the disclosure of the NSA program were promptly granted the same clearances. He also noted that numerous other investigators and officials--including the members of a civil-liberties board--had been granted access to or briefed on the program. "In contrast, our repeated requests for access to classified information about the NSA program have not been granted," Jarrett wrote on March 21. "As a result, this Office, which is charged with monitoring the integrity of the Department's attorneys and with ensuring that the highest standards of professional ethics are maintained, has been precluded from performing its duties." ? 2006 The Washington Post Company From rforno at infowarrior.org Tue Jul 18 21:29:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jul 2006 21:29:06 -0400 Subject: [Infowarrior] - Specter's Bill Still No Compromise - A Primer Message-ID: Specter's Bill Still No Compromise - A Primer http://blog.wired.com/27BStroke6/index.blog?entry_id=1523373 white houseA new wave of stories on the so-called "Specter-Cheney" spying bill is likely to hit your local paper tomorrow, following today's ACLU briefing on the legislation. Reporters from Fox News, the Washington Times, and the Christian Science Monitor were all in on the call and likely will file stories that won't call the bill a compromise as reporters called it last week. In short, the ACLU thinks the bill is more sweeping in handing over unsupervised surveillance authority to the President than the Patriot Act. That's not alarmist rhetoric, since it is actually true. The bill is very complicated and touches on some high-level separation of powers issues, but I'll try to explain it here more clearly than I have before. Background: In 1978 -- following revelations about unchecked spying on Americans by Nixon and Hoover --, Congress established a secret court that would allow the government to wiretap, inside the United States, suspected spies and Americans working for other countries. To get the warrant, the government would have to tell the court who they were spying on, why the government believed they were a spy and what they wanted to wiretap or search. This law (the Foreign Intelligence Surveillance Act) stated that this was the only method for conducting such surveillance and made it a felony to spy on Americans without a warrant. Regular criminal wiretaps for catching drug dealers or the mafia had different standards and were handled by regular courts. The government had free rein to do whatever it wanted in terms of the overseas surveillance of non-Americans (this was mostly handled by the NSA). The secret court almost always approved the requests for the surveillance (giving a flat no in only 10 or so out of approximately 30,000 applications). The Patriot Act loosened some of the requirements, allowed more overlap between criminal and spy wiretaps and made wiretaps last longer. The number of requests to the court rose steadily. In 2004, the President said that the government did not wiretap or surveill Americans without a getting a warrant. Some minor changes were made to wiretap laws in 2005 when portions of the Patriot Act were renewed, following more than 20 hearings on its provisions. Then in December 2005, the New York Times reported, and the Administration confirmed, that the NSA was running a massive, warrantless wiretapping program that captured the contents of phone calls made between an American and someone overseas that was suspected of being connected to a terrorist group. In December 2005 and February 2006, the L.A. Times and USA Today reported that the government had been getting billions of phone records documenting American citizens phone calls from major telecoms and analyzing them to spot terrorists. While the Administration did not confirm this story, it defended its NSA wiretapping by arguing that the president has wartime powers under Article II of the Constitution to wiretap as much as he deems necessary. The Administration used the same argument to defend the sham military tribunals set up for Guantanamo detainees. That argument was shot down 5-4 by the Supreme Court in the recent Hamdan decision, which ruled that the Geneva Convention applied in wartime because it was a treaty agreed to by the Senate and that was still binding. A staggering number of lawsuits have been filed against the government and the corporations that are alleged to have helped with the surveillance. Some in Congress have been talking about holding hearings on the warrantless wiretapping. Some want to tweak the law a little bit to make the process easier for the government to get warrants, but still keep the secret court as the only way to spy on Americans. Others want to re-write the law to make dragnet programs legal. Senator Arlen Specter, the head of the Senate Judiciary Committee, seems to schizophrenically want all three. He has threatened to issue subpoenas to telecommunications executives, then supported a bill that would make dragnet-data-mining programs legal, then co-sponsored another that implicitly called the program illegal. Now he has written a bill with the White House that completely re-writes how surveillance on American soil happens and allows, but doesn't require, the secret court to review the legality of whole surveillance programs. The Specter Bill: Specter's bill is the one that a Washington Post reporter Charles Babington, among others, called a compromise last week. It's nothing of the sort. The bill (this is line by line .doc version created by the ACLU on Tuesday) has four main prongs: First, it removes the part of the law that says that the only way to spy on American soil is through the FISA law. Now, the proposed bill says that surveillance is only legal if conducted through the president's inherent wartime powers or the law. Currently, there's a head-on legal collision. The law says surveillance has to happen through the court system. The Administration says it is above that law and can spy on Americans at will because we are at war. Removing the exclusivity provision gives credence to and removes the counter-argument to the executive power claim. The current law, in interests of flexibility, allows the president to wiretap at will for 15 days following a declaration of war. The new bill oddly removes that provision. You might think that change means that after a declaration of war, the president couldn't wiretap at will. That's not what the change means. The removal, if passed, means that Congress hasn't set any limits on what the president can do in a time of war and therefore, Congress is thereby recognizing that the president may wiretap Americans at will for as long as the country is at war. Second, the bill moves the most crucial part of all the lawsuits against the government surveillance programs and the telecoms that allegedly are helping with warrantless surveillance of Americans to the secret court. There the government gets to show secret evidence as to why a suit should be dismissed on the grounds of "state secrets." The other side doesn't get to argue its side, let alone see the secret evidence. The bill also gives the court the right to dismiss any lawsuit on any grounds, e.g. the court doesn't like the font that the lawyers use. This is crucial since several judges, including the one hearing the Electronic Frontier Foundation case against AT&T, have shown that they want to find a way to preserve the constitutional right to seek redress for grievances, even though the government wants the cases simply dismissed. The secret court judges have a history of being deferential to the executive branch, and a closed proceeding is stacked against the challenger. Third, the law creates a fall-back position for the administration if a court happened to hear a challenge to the president's claim of authority and decides -- as the Supreme Court did in Hamdan -- that the president doesn't have the right to ignore Congress or the Fourth Amendment. The new law would allow the government to legally continue doing all the surveillance it has been doing. The bill would let the administration engage in widespread, untargeted information dragnets without having to ask permission from the secret court. The administration would, under the bill, have the option of asking the secret court to rule on the legality of a whole program. This is something the original law never envisioned since the court was supposed to approve instances of surveillance on specific individuals for a specified period of time. This option is what was widely referred to in the press as a compromise or even an acknowledgement by the administration that its surveillance was on weak legal grounds. That's simply inaccurate. Fourth, there are a huge number of changes in the bill regarding how the executive branch can bypass the secret court, including one provision that would make it possible for the government to never have to use the court at all. The current wiretapping statute leaves open a provision that allows the Attorney General to authorize on his own authority wiretaps of foreign embassies. That's because foreign embassies have always been thought of as de facto foreign soil. The only catch was that the surveillance had to only catch communications between agents of a foreign power AND that "there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party." The new bill expands the definition of an agent of a foreign power and removes the prohibition on surveillance that might target Americans. The bill also redefines the term Attorney General to mean the Attorney General and anyone that he designates his authority to. The Attorney General can also order any electronic or communications service or a landlord to secretly help without telling anyone. They have no legal way to protest such an order. The only limitation left is that communications that aren't found to be about terrorism have to be "minimized," which means blacked out in some manner after a government agents reads the email or listens to the call and finds it non-incriminating. So, under Specter's bill, the Attorney General could order AOL, Yahoo and Microsoft to send a copy of every instant message to the government, every credit card company to send a copy of every transaction of every one of its customers, and every email provider to siphon off to the FBI a copy of every email sent by and to Americans -- all WITHOUT ever seeing a judge. And none of these companies or organizations could say anything publicly or contest the order in court (though they would get paid for the service). If this bill passes, the Attorney General could also decide that getting warrants from the secret court (which they did more than 2,000 times in 2005) was too burdensome. Instead, he could deputize the Special-Agents-In-Charge at each FBI branch in the country and instead of proving to a court that they have reason to spy on someone, they simply write their own warrants. There's more to the bill too, but clearly this bill isn't a compromise. It may be that this is the power that Congress and the American people believe the executive branch should have, but so far, I haven't seen a single mainstream news account that accurately describes the bill's radical re-writing of the nation's surveillance laws. Perhaps that will change tomorrow. From rforno at infowarrior.org Tue Jul 18 22:04:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jul 2006 22:04:17 -0400 Subject: [Infowarrior] - Microsoft Acquires Winternals Software Message-ID: Microsoft Acquires Winternals Software Company appoints operating systems kernel expert Mark Russinovich as technical fellow. REDMOND, Wash. ? July 18, 2006 ? Microsoft Corp. today announced the acquisition of Winternals Software LP, a privately held company based in Austin, Texas, that provides Windows?-based enterprises with systems recovery and data protection solutions in addition to offering a freeware tools Web site called Sysinternals. The addition of Winternals is a significant advance in Microsoft?s promise to lower customers? total cost of ownership of the Microsoft? Windows platform. Customers will be able to continue building on Sysinternals? advanced utilities, technical information and source code for utilities related to Windows. Financial terms of the acquisition were not disclosed. Winternals was established in 1996 by Mark Russinovich and Bryce Cogswell, who are recognized industry leaders in the areas of operating system design and architecture. Russinovich will join the Microsoft Platforms & Services Division as a technical fellow, working with numerous technology teams across Microsoft, and Cogswell will join the Windows Component Platform Team in the role of software architect. ?I?ve had my eye on Mark for some time,? said Jim Allchin, co-president of the Platforms & Services Division at Microsoft. ?The work he and Bryce have completed in system recovery and data protection illustrates the depth of thinking and skill they will bring to future versions of Windows. The addition of their deep kernel-level expertise to our existing strong talent will help provide us with the edge we need to continue to raise the quality and functionality bar for Windows on both the client and the server.? ?I witness regularly the profound impact that even a few lines of code can have in a world of globally connected systems,? said Russinovich. ?The technologies that sustain and enhance business, health, commerce and entertainment are emerging from platforms that Microsoft creates. I look forward to bringing my experience in designing operating system technologies to Microsoft. I?m excited to broaden the reach and impact on Windows and Microsoft customers.? Winternals products support IT professionals in numerous ways, providing intelligent enterprise recovery solutions, network defragmentation solutions and powerful system tools, all focused on reducing the total cost of ownership for Microsoft-based businesses. Sysinternals enjoys a strong and active community of systems administrators and support personnel, averaging about a million visitors per month. Microsoft is evaluating how the Winternals products and technologies can be integrated within Microsoft offerings to maximize customer value. Founded in 1975, Microsoft (Nasdaq ?MSFT?) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft?s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft?s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx From rforno at infowarrior.org Tue Jul 18 22:15:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jul 2006 22:15:11 -0400 Subject: [Infowarrior] - YouTube's controversial T&C Message-ID: (remember when GeoCities and/or Microsoft tried this a few years ago and ultimately changed their T&C after major public complaints?? -rf) YouTube's 'New' Terms Still Fleece Musicians http://blog.wired.com/music/#1523392 Musicians such as Billy Bragg have been complaining about networking/music site MySpace's terms of use ? and rightfully so. MySpace is said to be changing its tune, and should be posting updated terms soon (currently, its About page is offline). The video site YouTube constitutes an equal or larger threat to small content producers. Before you upload that video of your 19-person indie rocker reggae band playing its new single, for instance, you may want to read the fine print. YouTube's "new" Terms & Conditions allow them to sell whatever you uploaded however they want: "?by submitting the User Submissions to YouTube, you hereby grant YouTube a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the User Submissions in connection with the YouTube Website and YouTube's (and its successor's) business? in any media formats and through any media channels." Among other things, this means they could strip the audio portion of any track and sell it on a CD. Or, they could sell your video to an ad firm looking to get "edgy"; suddenly your indie reggae tune could be the soundtrack to a new ad for SUVs. The sky's still the limit, when it comes to the rights you surrender to YouTube when you upload your video. Perhaps even scarier is the idea that anyone who might eventually buy YouTube would automatically obtain these same rights. Since YouTube is so popular, with 100 million videos shown each day, it's an attractive acquisition target for any number of companies. A lot of the more mainstream stuff on there was uploaded by people who didn't hold the copyrights. Videos on YouTube that were produced by large media companies would surely be filtered out before any mass redistribution were to take place. It's the small content producers who owned the copyrights to the stuff they uploaded who really have something to lose. I wish YouTube didn't annex so many of its uploaders' rights, but if you keep the site's Terms and Conditions in mind, the site still has a lot to recommend it. Musicians and other content uploaders might want to take precautions though, such as submitting music videos with relatively low-quality audio or keeping parts of their catalogs off of YouTube. Hopefully, the site will start offering more levels of user control, so that uploaders will be able to specify how their songs get used (or, more importantly, how they don't get used). From rforno at infowarrior.org Thu Jul 20 09:18:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jul 2006 09:18:17 -0400 Subject: [Infowarrior] - DHS responds to criticism of database on vulnerable infrastructure In-Reply-To: Message-ID: DHS responds to criticism of database on vulnerable infrastructure http://www.govexec.com/story_page.cfm?articleid=34581 By Chris Strohm CongressDaily July 19, 2006 A top Homeland Security Department official lashed out in frustration Tuesday at critics who say the department is failing to make good judgments when it comes to risks and threats facing the country. The department has come under heavy criticism recently -- and become the butt of jokes by late-night comedians -- due to its decision in May to cut urban antiterror funding to major metropolitan areas and an inspector general's report last week that found a national database of vulnerable targets rife with locations that pose no security risk. The IG cited more than 32,000 assets out of about 72,000 in the database that "are not nationally significant," including a Mule Day Parade in Columbia, Tenn.; an Old MacDonald's Petting Zoo in Woodville, Ala.; an Amish popcorn factory in Berne, Ind.; a bean festival in Mountain View, Ark.; and the Kangaroo Conservation Center in Dawsonville, Ga. Robert Stephan, the department's assistant secretary for infrastructure protection, told reporters that the inspector general "ignored" the facts and came to conclusions that are "fundamentally false." "This is just a ridiculous thing that happened," he said. Stephan, speaking at an event billed as a briefing on a recently released National Infrastructure Protection Plan, defended the asset database the plan relied on, but acknowledged that the department now faces a serious public perception problem. Senate Democrats scolded the department last week by including a provision in the fiscal 2007 Homeland Security appropriations bill that requires it to comply with the inspector general's recommendations for overhauling the database. The amendment, offered by Sen. Barbara Boxer, D-Calif., would prohibit the department from spending preparedness funds on administrative and management employee travel until the recommendations are implemented or officials explain to Congress why they were not. "The Inspector General's report outlines a case of gross mismanagement within the Department of Homeland Security," Boxer said. "There is no excuse for including sites facing no significant threat at a time when the Department of Homeland Security is downgrading its risk assessment for San Diego, Sacramento and other high-risk locations." Attempting to set the record straight, Stephan said neither he nor key members of his management team were interviewed for the IG's report. He said low-level members of his staff were initially interviewed, but none of their input showed up in the report. "The lower level provided feedback that was ignored by the IG," he said, adding that the inspector general never came back for additional information. Stephan did acknowledge that the database contains locations and assets that are not at risk, but he said that information is raw data provided by state and local governments. He asserted the department does not include no-risk assets in making decisions about priorities or how to spend money and distribute grants. "No single raw data point . . . has any relevance to anything," he said. He said those decisions are made after evaluating targets based on threat, vulnerability and the consequence of an attack. Stephan added that the department's National Infrastructure Protection Plan identifies critical infrastructure for 17 sectors, and how the federal government will work with state and local governments and the private sector to protect those assets. "We now have a playbook, commonly agreed to in an organized manner," he said. "This is a way out of the wilderness." The private sector, however, is not required to comply with the plan. 2006 by National Journal Group Inc. All rights reserved. From rforno at infowarrior.org Thu Jul 20 10:18:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jul 2006 10:18:11 -0400 Subject: [Infowarrior] - PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) In-Reply-To: <200607170059.43385.dr@kyx.net> Message-ID: url: http://pacsec.jp PacSec 2006 CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology. The most significant new discoveries about computer network hack attacks will be presented at the third annual PacSec conference to be discussed. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In a relaxed setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. Announcing the opportunity to submit papers for the PacSec 2006 applied security training conference. The conference will be held November 27-30th in Tokyo. The conference focuses on emerging information security tutorials - it will be a bridge between the international and Japanese information security technology communities.. Please make your paper proposal submissions before August 4 2006. Slides for the papers must be submitted by October 1st 2006. The conference is November 29th and 30th 2006, presenters need to be available in the days before to meet with interpreters. The Security Masters Dojo, Tokyo, is November 27 -28, 2006. Both events will be held at Aoyama Diamond Hall. Some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and acommodations for the speakers. If you have a proposal for a tutorial session then please email a synopsis of the material and your biography, papers and, speaking background to secwest06 [at] pacsec.jp. Tutorials are one hour in length, but with simultaneous translation should be approximately 45 minutes in English, or Japanese. Only slides will be needed for the October paper deadline, full text does not have to be submitted. The PacSec conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is tolerated, but it needs to be backed up by a technical presenter - either giving a valuable tutorial and best practices instruction or detailing significant new technology in the products. Paper proposals should consist of the following information: 1) Presenter, and geographical location (country of origin/passport) and contact info (e-mail, postal address, phone, fax). 2) Employer and/or affiliations. 3) Brief biography, list of publications and papers. 4) Any significant presentation and educational experience/background. 5) Topic synopsis, Proposed paper title, and a one paragraph description. 6) Reason why this material is innovative or significant or an important tutorial. 7) Optionally, any samples of prepared material or outlines ready. Please forward the above information to secwest06 [at] pacsec.jp to be considered for placement on the speaker roster. Please include a plain text version of all the above informaiton along with any other submission data/information. -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 26-30 2006 http://pacsec.jp pgpkey http://dragos.com/ kyxpgp From rforno at infowarrior.org Thu Jul 20 16:46:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jul 2006 16:46:03 -0400 Subject: [Infowarrior] - FF Defeats USG, AT&T's Motions to Dismiss in NSA Spying Case Message-ID: Huge Victory - EFF Defeats Government's, AT&T's Motions to Dismiss in NSA Spying Case July 20, 2006 Today, Judge Walker denied the government's and AT&T's motions to dismiss in our case against AT&T for assisting the NSA's massive and illegal spying program. The order can be found here. http://www.eff.org/deeplinks/archives/004831.php From rforno at infowarrior.org Thu Jul 20 16:49:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jul 2006 16:49:35 -0400 Subject: [Infowarrior] - Security Theater: "Anti-Terror Airline Cutlery" for sale Message-ID: Anti-terror airline cutlery takes off http://www.timesonline.co.uk/article/0,,2-2277493,00.html A British company has produced ?anti-terror cutlery? for use on board aircraft. The knives made by Arthur Price have shortened blades with rounded ends, and the forks have prongs that the company claims are too small to be used as a weapon. The cutlery has been designed to meet guidelines issued by the Department for Transport. A spokesman said orders had been taken and BAA, the owner of the UK?s biggest airports, was considering the products. From rforno at infowarrior.org Sat Jul 22 16:30:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jul 2006 16:30:18 -0400 Subject: [Infowarrior] - CDC releases SCATTERCHAT program Message-ID: http://www.scatterchat.com/ ScatterChat is a HACKTIVIST WEAPON designed to allow non-technical human rights activists and political dissidents to communicate securely and anonymously while operating in hostile territory. It is also useful in corporate settings, or in other situations where privacy is desired. It is a secure instant messaging client (based upon the Gaim software) that provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation. Its security features include resiliency against partial compromise through perfect forward secrecy, immunity from replay attacks, and limited resistance to traffic analysis... all reinforced through a pro-actively secure design. From rforno at infowarrior.org Sat Jul 22 23:26:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jul 2006 23:26:06 -0400 Subject: [Infowarrior] - TV news observation...and a question Message-ID: (x-posted to a few places) Granted, most cable news has become sensational to the point of absurdity in recent years, but has anyone else noticed that most of the cable networks -- particularly CNN -- seem to be abusing the "Breaking News" moniker since the Lebanon situation broke nearly two weeks ago? While a major event -- such as a full-scale Israeli invasion of Lebanon or a series of dramatic Hez attacks - would be significant from the norm of the generally-known situation in the region right now, why is a two-week-old story still promoted as "breaking"? Short of major new developments in the situation, should there still be a "breaking news" graphic on the screen? This leads me to wonder, aside from using the term as a magnet for channel surfers to attract eyeballs to support understandable business goals of the news networks, what *should* constitute the use of the "breaking" news graphic? And, does anyone think this practice is being abused by the news channels simply to attract more viewers? -rick Infowarrior.org From rforno at infowarrior.org Sun Jul 23 09:43:53 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jul 2006 09:43:53 -0400 Subject: [Infowarrior] - 95 Theses of Geek Activism Message-ID: 95 Theses of Geek Activism Posted by Devanshu in Science Addiction, Rants, Geek Addictions, Politics, http://www.scienceaddiction.com/2006/07/23/95-theses-of-geek-activism/ Geek activism has not taken off yet, but it should. With the gamers recognizing the need for a louder voice, EFF gaining momentum and Linux taking on the mainstream on the one hand and recent severe losses in privacy, freedom of speech and intellectual property rights on the other, now seems to be the best time to rally around the cause. Geeks are not known to be political or highly vocal (outside of our own circles)- this must change if we want things to improve. So here is my list of things people of all shapes, sizes and sides of the debate need to know. Some of these are obvious, others may not be meant for you. But hopefully, some of these will inspire you to do the right thing and others will help you frame the next discussion, debate or argument you have on these topics. 1. Reclaim the term ?hacker?. If you tinker with electronics, you are a hacker. If you use things in more ways than intended by the manufacturer, you are a hacker. If you build things out of strange, unexpected parts, you are a hacker. Reclaim the term. 2. Violating a license agreement is not theft. 3. All corporations are not on your side. 4. Keep in touch with everyone you can vote for and make sure you know where they stand on the issues you care about. 5. More importantly, make sure they know where you stand on the issues you care about. 6. Everything will enter the public domain some day- even Mickey Mouse. 7. Read the original 95 theses. Yes, they are irrelevant to these causes. Yes, they are religious- and not even close to my religion. And yes, they are 500 years old. But they do demonstrate how stating your beliefs clearly, effectively and publicly to challenge the status quo can change the world. Of course, I have no delusions of grandeur! 8. Use TOR for privacy and anonymity. 9. Trusted computers must not be trusted. 10. Democrats may seem to be on your side, but keep an eye on them. They may only be the lesser of two evils. 11. Republicans may seem to be the enemy, but that is only because they are in power now. The true enemy is a lack of accountability. 12. Read Eric Raymond?s The Cathedral and the Bazaar. 13. Why do I have to jump through hoops just to get video off my own home movie DVDs? 14. Know the DMCA so you know what you are up against. 15. The true enemy is the line: ?If you haven?t done anything wrong, what do you fear?? The problem with that line, as Schneier has said, is that it assumes that the desire for privacy implies wrong-doing. 16. Proprietary data formats must never store public information. 17. Some corporations are on your side- find them and reward them. 18. No one has ever told me where I could play my 45 RPMs. Why are my MP3s any different? 19. The analog hole is not a hole. The world is analog. 20. If you are in the US, let your Senator know what you feel. 21. Treating your customers like criminals- or potential criminals- will turn customers away. 22. This bears repeating, treating paying customers as potential criminals is a losing strategy. 23. Some corporations may seem to be on your side, but are not. 24. Fair use is a good thing. 25. Use multiple operating systems regularly so you truly understand interoperability. 26. Write to your local newspaper- they can shape the opinions of the people do not understand the issues we care about. 27. Do not follow the Electronic Frontier Foundation, participate in it. 28. Read of Thoreau?s words on civil disobedience. 29. Data mining will not stop terror. 30. Express your opinion in public. 31. Blog. 32. The GPL is not gospel, but it comes close. 33. Use multiple MP3/music players so you truly understand interoperability. 34. If you are in the US, let your house representative know how you feel. 35. Those in favor of suspending some liberties for security, answer this: ?Who watches the watchers?? 36. Except for extreme cases, the government should not be in the business of parenting our children. 37. When arguing with people who disagree, be polite, but not condescending. 38. RFID is just a technology- its existence does not make us more secure. 39. Now and in the future, presence of encryption implies nothing. In fact, whatever it does imply is none of your business. Without any other probable cause, the user must not bear the burden of explaining reasons for use of encryption. 40. Flame wars help the other side. 41. New technologies to promote and develop media will prosper because of computers and the Internet, not inspite of it. 42. Security is a trade-off- what are you willing to give up? 43. Calling Microsoft evil buys you nothing- it only polarizes the argument. 44. Holding Google to it?s ?Don?t do evil? mantra buys us a lot. 45. Read of Gandhi?s actions in civil disobedience. Discover Satyagraha. 46. Use Creative Commons. 47. Understand the difference between civil disobedience and breaking the law. 48. Can?t find anything to watch on network TV? Watch Democracy TV. 49. Frame the argument in terms of the average person, not the edge-case geek. These problems affect geeks first, but will affect everyone in the future. 50. Privacy, civil liberties and civil rights are a slippery slope. The reason we continuously fight for them is not that we all seek a utopian society where doves fly free- in fact, I seek a perpetual ?tug-of-war? where the rope gradually slips in the direction of my beliefs. 51. Users do not want the permission to use digital media; they want to own digital media. This means using them as they choose, where they choose, in the device of their choice without fear of litigation or sudden inactivity. These users are customers- treat them with respect. 52. Support the free, public domain archives of information. 53. Undermine censorship by publishing information censored in oppressive countries. 54. And then, there is the 12-step plan for the games industry. 55. Corporations and producers of digital media must trust their own consumers. Sales will reward trust. 56. Breaking the law because you disagree with the current law is not the way to solve the problem in a democratic society. 57. ID cards do not make us more secure. 58. Voicing your views in a Slashdot comment thread is good, in your own blog is better, but in places that non-geeks frequent is best. 59. DRM does not work because the customer/user has the key, cipher and ciphertext in the player. (thanks Cory Doctorow) 60. Bloggers have rights- be aware of them. 61. Find out why electronic voting machines are regulated less than casino gaming machines. 62. Find out about Spimes- they are in your future if things go well. 63. Have a global perspective in ideas of geek civil liberties, intellectual property rights and so forth. Do you like your country?s policies in this respect? Can you help people from another country? 64. Geek activism is not all about extreme positions. There is a gradient- find your position on it. 65. Read the PATRIOT ACT- know what you are really up against. 66. In the US, put a few technologists in power in Washington. Abroad, do the same for your own seat of government. 67. Write to mainstream media- they have more mindshare than they are given credit for. 68. Read what your founding fathers said before taking someone?s word for it. Quote the founding fathers back at them- there were so many of them, and they said and wrote so much, that you will find a quote for each situation. Try this one for starters, ?Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.? ? Benjamin Franklin. Read more Bejamin Franklin. Read more cool quotes 69. Read more. 70. Mixed tapes are legal. Time-shifting TV is legal. Regardless of the media. 71. Decide what is offensive for yourself- don?t let the government decide it for you. If you do not, pretty soon, you may only see one side of every argument. 72. Music purchases should not be governed by determining which seller has the most clout among the player manufacturers. 73. We do not lock the door to our bedrooms or bathrooms because we have something to hide. We do not secure our networks, conversations, emails and files because we have something to hide. 74. Make sure that if a vendor locks you in, you lock them out. 75. 80% of games are not rated M. 76. You may agree with Richard Stallman, but make sure you understand the opposing point of view. 77. An email tax to certify that it is ?legitimate? is an aweful idea. 78. Know your rights and be prepared to defend them. 79. Open source is not free. 80. Free is open source. 81. The ESRB game rating system exists for a reason- so that parents can be parents and the government can get on with more important stuff. 82. Do not allow corporations to get away with assisting oppressive regimes. Let your voice be heard. 83. Linux is no longer a philosophy- it is a good piece of software. Use it because it if it fits your needs. 84. There are reasons based in mathematics that establish the NSA wiretaps and other similar brute data mining ideas do not work. 85. Multiple nag screens that warn us of possible insecurity do not make us more secure. 86. More information available to the most nummber of people is a good thing. 87. There are DRM free alternatives for music you can play anywhere. 88. Vote. 89. Free as in free lunch is good. Free as in a free people is even better. For software and for everything else. 90. Quoting Schneier?s blog: Cardinal Richelieu understood the value of surveillance when he famously said, ?If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.? Watch someone long enough, and you?ll find something to arrest?or just blackmail?with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies?whoever they happen to be at the time. 91. Read our modern geek philosophers- read Bruce Perens, Cory Doctorow, Bruce Sterling and even Richard Stallman. Read Schneier to find practical reasons why stupid security mechanisms are stupid. Read them even if you disagree with them- it will help frame your point of view. 92. DRM only keeps an honest user honest. 93. You have the right to anonymity on the internet. 94. Be proud of being a geek, a gamer, a privacy advocate, promoter of free speech and an innovator without fear of litigation, of government or restrictions on liberties- a geek activist. 95. Most of all- have fun. If you disagree with any or all of what I have said- good for you. Let me know how. Let me know why. Let us argue, let us debate. But, in the end, let us get stuff done. From rforno at infowarrior.org Sun Jul 23 09:52:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jul 2006 09:52:07 -0400 Subject: [Infowarrior] - The Burr proposal: Beginning of the end of unilateral control of the DNS Root? Message-ID: The Burr proposal: Beginning of the end of unilateral control of the DNS Root? - 18 July 06 http://internetgovernance.org/news.html#burrproposal_071806 The results of the recent NTIA consultation made it clear that there is no real public or industry support for unilateral control of the DNS root by the U.S. government. A global campaign orchestrated by IGP generated comments from 32 countries in seven regions arguing against it. IGP?s official filing offered a detailed rationale for that position. Several ccTLD operators incorporated similar positions into their comments. Even those not so enthusiastic about internationalization, such as the Washington-based, business-supported public interest group Center for Democracy & Technology, damned US control with faintest of praise. But what was perhaps most noteworthy was the almost complete absence of any strong or extended comments in favor of the current oversight situation. The latest and most interesting sign of the handwriting on the wall is a proposal being circulated by G. Beckwith Burr, the former Commerce Department official who mediated the creation of ICANN in 1998. Entitled, "Steps the U.S. Government Can Take to Promote Responsible, Global, Private Sector Management of the DNS," the four step proposal can be downloaded here. The well-thought out proposal asks the US to begin by "clearly articulating the purpose of residual governmental authority over the root," and asks for a commitment not to use that authority except to "preserve the technical stability and security of the Internet and/or the DNS." It then proposes the immediate creation of an international working group that would monitor changes in the root. The composition of the proposed group and the procedures by which it would organize consultation and intervention are interesting and deserve careful scrutiny, as they are likely to be the controversial elements of the plan. The proposal also asks the US to "lead by example," eschewing intervention in ICANN and demonstrating commitment to the principle of private sector and civil society governance with governments in an advisory role. Finally, it calls for strengthening ICANN's accountability mechanisms. Burr is circulating the proposal and asking for endorsements. So far, she has received at least one endorsement, from telecom industry lobbyist Marilyn Cade. IGP has not endorsed the proposal at this time, but is studying it and will issue an analysis later. However, the first, third and fourth steps of the proposal correspond closely to what IGP has already proposed in its NTIA comments. From rforno at infowarrior.org Mon Jul 24 08:30:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jul 2006 08:30:32 -0400 Subject: [Infowarrior] - More on....TV news observations Message-ID: Assorted responses.... > There have been two events in living memory where I swear you could > watch reporters actively harassing participants to get more drama out of > the situation. The first was the opening of Gulf War II, where I heard > the reports on CNN salivating over "shock and awe" and asking generals > when they were going to see the "shock and awe". Similarly, during the > interregnum between John Paul II's death and the installation of the new > Pope, you had the spectacle of reporters running up against the > Vatican's propensity to not saying anything. At all. > > I don't have my copy handy, but the most prophetic book I've found on > news reporting in general is Daniel Boorstin's "The Image". He write > this around Kennedy's time, but his concept of pseudo-events, and how > the news media mostly deals with and generates pseudo-events is a very > good description of the problem. In particular, he describes two ways > of reading a newspaper that doesn't report much: in one version, the > reader says "not much happened today", in the other, the ready says > "well, that's an uninteresting newspaper". With...5(?) television news > channels, I assume that all of them are operating in the latter model. Call me cynical. Personally, I think "Breaking News" is a statement made before a short statement of fact which leads to a word (or 2 or 3 or 4) by our sponsors. "Breaking News" keeps you from leaving the commercials which are interrupted by statements of facts. As to attracting more viewers, I doubt it. Most people already have their favorite source. And with the speed of communications, most stories are probably less than an hour away by an unknowing news group who will use a local stringer as their on-scene reporter, for a fee of course. > dude, most intelligent people have written off the drive-by er, main > stream media as a bunch of irrelevant wankers by now. why do you pay > any attention to them? let them slide into the oblivion they so richly > deserve. > > and yes, "breaking news" is their desperate attempt at screaming "look > at me! I'm still relevant." in the face of the masses dismissing the > stations themselves and their models as has beens. nobody benefits from > video news really. what matters shows up in print (NY Times fiction and > treason aside) It's only the latest in a long series of tactics. The ubiquitous crawl (initiated on 9/11), "busy backgrounds" (often including flag-waving), theme music, event titling ("crisis in FOO"), frantically-paced "interviews" that are really just a platform for anchors to spout their points of view, point-countpoint confrontations that are the antithesis of reasoned discussion, simulations/projections of actual events, tech gimmicks (like the "Situation Room" on CNN)...it's all about maximizing revenue by pandering to as many idiots as possible. If you've not seen "Network", this would be an excellent time to do so. > During this tragedy I've been switching between CNN and Fox (with a > smattering of the mostly pathetic wannabe's like MSNBC since they're > between CNN and FOX on my cable lineup). > > CNN is definitely abusing the "Breaking News" term. Fox seems to be > respecting it to a certain degree (they'll use it to announce the > imminence of a press conference by Condaleeza Rice, for example). CNN > will use it in the manner of "stay tuned - we'll have this after the > commercials" as previously noted. In that sense, perhaps they slyly > define "breaking" as "after the break". > > CNN is usually better for raw footage, and Fox for political analysis. > Fox is getting big names for in-depth call-in segments for some reason > (Bolton, various Israeli ambassadors). CNN gets some but not as many as > Fox. Fox is particularly bad with their consulting military analysis > though - I find it difficult to care what a retired O5 and O6 who last > served in Vietnam have to say (my dad's a retired O6 so I mean no > disrespect to the rank, and for the record HE doesn't care about what > they say; he has his own non-news sources that are much more accurate > anyway). > > I'm amazed that even the usual blatantly anti-Israeli CNN reporters > (e.g., Amanpour) are restraining their anti-Israeli tendencies this time > around. Of course, Amanpour has a special place in my heart for once > making then-president Clinton lose his temper and reveal that he was > cognitively disabled (when his pre-programmed script could not handle > her very simple question). One of the aspects that I think applies here is that we have so overused superlatives and attention grabbing phrases such as "Breaking News" in our world today that I think people are likely not to pay attention unless some such phrase is used. This is epitomized for me by a sign recently posted by our small local volunteer fire department in front of their fire engine garage door: "Absolutely No Parking". Simply "No Parking" should suffice in front of an obvious fire department fire engine door. My supposition is that they had a plain "No Parking" sign and found that it was ignored. We are overwhelming ourselves with information. The challenge is to get one to pay attention to some particular information. To achieve this the media or others resort to sensational phrases, sounds, video. It would be refreshing to have a news program that only used "Breaking News" when they had an item that was unexpected and judged to have significant ramifications for their listening/viewing audience. > I think that the "Breaking News" mantra is at least as much about trying > to convince the viewer that the news source in question is "ahead" of > the others as it is about getting eyeballs on that particular story. > It's both "There's something new worth watching" and "We got it FIRST!" > - neither of which may be true. > > If I may be allowed a rather disconnected observation, there are many > aspects of today's culture that bring to mind the stereotypical > impression one often reads or sees of Victorian times (which may not be > historically accurate). The increasing "polite" conservatism, with an > underbelly of truly creative depravity, increased religiosity, the > highlight on public morality, the image of the major power (England > then, America now) as needing to "save" the rest of the world from > itself, highly hyperbolic advertising and prose, and so forth. It all > seems so stylized. From rforno at infowarrior.org Mon Jul 24 08:43:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jul 2006 08:43:32 -0400 Subject: [Infowarrior] - MySpace down for power outage Message-ID: OMG!!! MySpace goes titsup Teen angst By Andrew Orlowski Published Monday 24th July 2006 11:23 GMT http://www.theregister.co.uk/2006/07/24/myspace_titsup/ The United States' most popular website has been taken offline by a power outage. A message from MySpace founder and president Tom Anderson said he expected the site to be back by early Sunday evening, Pacific Time. Eight hours later, the site was still out of action. Teenagers and lurking paedophiles were offered the chance to play a Flash version of the arcade classic PacMan, instead. Cute. "There's been a power outage in our data center. we're in the process of fixing it right now, so sit tight. hopefully we'll be back online within the hour. it's 6:40pm PST now. wanna place a bet?" wrote founder and president Tom Anderson, whose CapsLock key also appears to be on the blink. MySpace has suffered intermittent down time over the past fortnight. Last October, a few lines of invalid JavaScript on a user's web page brought the site to its knees. The author, who was learning AJAX programming for the first time, put the blame on web browsers executing invalid code. But cute messages and chronic unreliability are a feature of the current wave of 'Web 2.0' websites and services. TypePad suffered another serious outage 10 days ago; Flickr is notorious for its unreliability, and a Flickr-clone called Zooomr "launched" recently, only to disappear again for several days. ? From rforno at infowarrior.org Tue Jul 25 11:06:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 11:06:15 -0400 Subject: [Infowarrior] - Copyright freaks now taking on guitar tab sites Message-ID: (c/o Anonymous....here's another case of so-called-IP protections gone awry.....rf) http://www.guitarzone.com/forum/index.php?showtopic=163367 To all "Guitar Tab Universe" visitors: The company which owns this website has been indirectly threatened (via our ISP) with legal action by the National Music Publishers' Association (NMPA) as well as the Music Publishers' Association (MPA) on the basis that sharing tablature constitutes copyright infringement. At what point does describing how one plays a song on guitar become an issue of copyright infringment? This website, among other things, helps users teach eachother how they play guitar parts for many different songs. This is the way music teachers have behaved since the first music was ever created. The difference here is that the information is shared by way of a new technology: the Internet. When you are jamming with a friend and you show him/her the chords for a song you heard on the radio, is that copyright infringement? What about if you helped him/her remember the chord progression or riff by writing it down on, say, a napkin... infringement? If he/she calls you later that night on the phone or e-mails you and you respond via one of those methods, are you infringing? I don't know... but I would really like to know. If anyone has information on this, please email support at guitartabs.cc. Apparently, the NMPA/MPA believes that the Internet may be on the foul side of the legality line they would like to draw here. For me, I see no difference. It's teachers educating students and covered as a 'fair use' of the tablature. The teachers here don't even get paid nor do the students have to pay this website to access the lessons. An attack on this website is really an attack on every one of you who have told someone (in person, or via the written word, telephone, or e-mail) how you play a song on guitar. And who, especially among small websites, has the deep pockets to fight the NMPA/MPA? They use scare tactics while there is, in fact, no legal precedent on this matter (to the best of our knowledge). If you are interested in expressing your opinion to the NMPA/MPA, contact them via their respective websites. Please do not resort to vulgar language or insults. Millions of people use the Internet to learn guitar, in one form or another. It appears the NMPA/MPA and their members do not want to support us and help us further our education. To you visitors from outside the USA or UK, can you find your favorite artists' "official sheet music" at your local music store? Even in the United States and United Kingdom, we often can not. The NMPA/MPA have a choice to make: either they support us as aspiring guitarists, or they choose to alienate their customer base. To date, not one sheet music publisher has contacted this website to either inquire as to our activities or to express interest in any type of dialogue or collaboration whatsoever. All we deserve is a cold, indirect, impersonal threat without any explanation? They should embrace new technologies or else become relics of the old economy. Since I'm now 'worried' about working around tabs at all, I'm in a tough situation! Luckily, I'm fairly confident that if I alone listen to a song and then figure out how to play it by ear, I will then be able to enjoy using that knowledge to practice and improve my guitar playing skills. Is that what is necessary for everyone to do? Work these things out alone? What a sad situation From rforno at infowarrior.org Tue Jul 25 11:06:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 11:06:18 -0400 Subject: [Infowarrior] - DHS Appoints New Chief "Privacy" Officer Message-ID: New Chief "Privacy" Officer http://blog.wired.com/27BStroke6/index.blog?entry_id=1527022 After a nine-month search, the Department of Homeland Security has appointed mid-level homeland security lawyer Hugo Teufel III, who has no formal experience in privacy compliance, to be the Chief Privacy Officer for Homeland Security. While the Department interviewed prominent and experienced privacy officials both from the corporate world and within the government, Chertoff instead chose a loyalist lawyer with no real experience in the field of privacy policy. Hugo brings a wealth of knowledge and experience to this leadership position, having served previously as Associate Solicitor at the Department of the Interior, the Deputy Solicitor General for the state of Colorado, and as an attorney in private practice. Hugo is a graduate of the Washington College of Law at American University, where he was an editor of The Administrative Law Journal, and he is currently pursuing a Master?s degree in National Security and Strategic Studies from the Naval War College. I guess Homeland Security hiring practices are pretty much the same as they were in the Katrina "heckuva job" era. Word on the street is that the interviewees who had years of experience managing employees and dealing with privacy law and compliance didn't even get the courtesy of a callback. Teufel replaces Maureen Cooney, a civil servant named to be the acting chief privacy officer after Nuala O'Connor Kelly left the post in September 2005 to take a job with General Electric. O'Connor Kelly was the first to hold the position, which was created by an act of Congress. As civil servant holding down a job intended for an appointee, Cooney, who ably served as O'Connor Kelly's deputy, had little power within the department, and her office did not release a single report during her tenure. Teufel, who will manage an office of 30 civil servants in DHS's central privacy office and oversee privacy efforts in all DHS components, will have fine appointed company underneath him. From rforno at infowarrior.org Tue Jul 25 11:06:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 11:06:25 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?=8C_Protection_=B9_Act_Would_Strip?= =?iso-8859-1?q?_Consumers_of_Credit_Safeguards?= Message-ID: ?Protection? Act Would Strip Consumers of Credit Safeguards >From New Standard, July 24, 2006 By Jessica Azulay http://www.freepress.net/news/16671 The US House of Representatives is poised to consider a bill that would make it more difficult for consumers to protect their credit from identity thieves. Backed by the lucrative financial-services industry, the Financial Data Protection Act of 2005 would narrow the circumstances in which consumers could restrict their credit activity to prevent fraudulent borrowing, and it would undermine stronger state-based reporting rules for companies that hold and sell consumer data. ?It?s shocking that at a time when data breaches are in the headlines daily and consumers are at greater risk than ever [of] identity theft, Congress would choose to vote on a bill that would strip consumers of their existing identity-theft protections,? Susanna Montezemolo, policy analyst with Consumers Union, said in a press statement. Consumers Union publishes Consumer Reports magazine. Companies that stand to gain from the legislation have spent a small fortune on campaign contributions and lobbying. In the last two election cycles, finance and credit companies have donated more than $12.5 million to political campaigns, and in 2005 alone, the industry spent almost $30 million on lobbying, according to the Center for Responsive Politics, which tracks money?s influence on government. Two of the Act?s four co-sponsors are on the industry?s top-ten recipient list for the House: Michael Castle (R?Delaware) took in a total of $116,616, and Dennis Moore (D?Kansas) got $67,729. Another co-sponsor, Deborah Pryce (R?Ohio), received $22,500 from the industry. One of the most controversial provisions of the bill would make it much more difficult for consumers to ?freeze? their credit, a process that enables consumers to make it nearly impossible for anyone ? including the consumer him or herself ? to open new credit cards without first going through extra security precautions. Currently, a handful of states allow consumers to freeze their credit at will in order to protect themselves against fraud. But the bill would change the rules so that consumers in all states would have to supply evidence that identity theft has occurred before obtaining a freeze. Since their business models rely on consumers having easy access to credit and creditors having easy access to individuals? financial information, finance and credit companies stand to gain from this provision. But opponents of the bill say those seeking to protect their credit have a lot to lose. ?It?s like telling someone you can?t put a deadbolt on your front door until after you?ve been burglarized,? Washington state Attorney General Rob McKenna told the Washington Post. Another provision that has consumer advocates protesting would set federal rules for when companies that hold and sell personal financial data must investigate and report security breaches. The most notorious of such companies is ChoicePoint, which came to the national spotlight in early 2005 when it announced that potential identity thieves had posed as fake businesses and gained access to the files of tens of thousands of consumers. Opponents of the Financial Data Protection Act suggest that the ChoicePoint debacle may never have come to light if not for California?s relatively strong consumer-protection law that required the firm to notify consumers in that state whose data may have been breached. The Financial Data Protection Act would pre-empt California?s law as well as those in dozens of states that have stronger protection regulations than the ones being proposed at the national level. The Act under consideration by the House would leave it up to companies to investigate security breaches and determine whether there is a ?likelihood that such information has been, or will be, misused in a manner that may cause harm or inconvenience to the related consumer? before having to tell government agencies or notify consumers that their information may have been compromised. To Montezemolo of Consumers Union, Congress is putting the decision in the wrong hands. ?Consumers are the greatest protectors of their own personal information,? she said, ?yet the bill moving forward would let companies decide whether they would notify consumers about security breaches.? This article is from New Standard. If you found it informative and valuable, we strongly encourage you to visit their website and register an account to view all their articles on the web. Support quality journalism. From rforno at infowarrior.org Tue Jul 25 11:06:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 11:06:30 -0400 Subject: [Infowarrior] - Air Marshals: Innocent People Placed On 'Watch List' To Meet Quota. Message-ID: Marshals: Innocent People Placed On 'Watch List' To Meet Quota Marshals Say They Must File One Surveillance Detection Report, Or SDR, Per Month POSTED: 9:49 pm MDT July 21, 2006 http://www.thedenverchannel.com/news/9559707/detail.html DENVER -- You could be on a secret government database or watch list for simply taking a picture on an airplane. Some federal air marshals say they're reporting your actions to meet a quota, even though some top officials deny it. The air marshals, whose identities are being concealed, told 7NEWS that they're required to submit at least one report a month. If they don't, there's no raise, no bonus, no awards and no special assignments. "Innocent passengers are being entered into an international intelligence database as suspicious persons, acting in a suspicious manner on an aircraft ... and they did nothing wrong," said one federal air marshal. These unknowing passengers who are doing nothing wrong are landing in a secret government document called a Surveillance Detection Report, or SDR. Air marshals told 7NEWS that managers in Las Vegas created and continue to maintain this potentially dangerous quota system. "Do these reports have real life impacts on the people who are identified as potential terrorists?" 7NEWS Investigator Tony Kovaleski asked. "Absolutely," a federal air marshal replied. 7NEWS obtained an internal Homeland Security document defining an SDR as a report designed to identify terrorist surveillance activity. "When you see a decision like this, for these reports, who loses here?" Kovaleski asked. "The people we're supposed to protect -- the American public," an air marshal said. What kind of impact would it have for a flying individual to be named in an SDR? "That could have serious impact ... They could be placed on a watch list. They could wind up on databases that identify them as potential terrorists or a threat to an aircraft. It could be very serious," said Don Strange, a former agent in charge of air marshals in Atlanta. He lost his job attempting to change policies inside the agency. That's why several air marshals object to a July 2004 memo from top management in the Las Vegas office, a memo that reminded air marshals of the SDR requirement. The body of the memo said, "Each federal air marshal is now expected to generate at least one SDR per month." "Does that memo read to you that Federal Air Marshal headquarters has set a quota on these reports?" Kovaleski asked. "Absolutely, no doubt," an air marshal replied. A second management memo, also dated July 2004, said, "There may come an occasion when you just don't see anything out of the ordinary for a month at a time, but I'm sure that if you are looking for it, you'll see something." Another federal air marshal said that not only is there a quota in Las Vegas for SDRs, but that "it directly reflects on (their) performance evaluations" and on how much money they make. The director of the Air Marshal Service, Dana Brown, declined 7NEWS' request for an interview on the quota system. But the agency points to a memo from August 2004 that said there is not a quota for submitting SDRs and which goes on to say, "I do not expect reports that are inaccurate or frivolous." But, Las Vegas-based air marshals say the quota system remains in force, now more than two years after managers sent the original memos, and that it's a mandate from management that impacts annual raises, bonuses, awards and special assignments. "To meet this quota, to get their raises, do you think federal air marshals in Las Vegas are making some of this stuff up?" Kovaleski asked. "I know they are. It's a joke," an air marshal replied. "Have marshals in the Las Vegas office, I don't want to say fabricated, but 'created' reports?" Kovaleski asked. "Creative writing -- stretching a long ways the truth, yes," an air marshal replied. One example, according to air marshals, occurred on one flight leaving Las Vegas, when an unknowing passenger, most likely a tourist, was identified in an SDR for doing nothing more than taking a photo of the Las Vegas skyline as his plane rolled down the runway. "You're saying that was not an accurate portrayal of a potential terrorist activity?" Kovaleski asked. "No, it was not," an air marshal said. "It was a marshal trying to meet a quota ..." Kovaleski said. "Yes, he was," the air marshal replied. Strange said he didn't have a quota in the Atlanta office when he was in charge. "I would never have done that ... You are going to have people reporting every suspicious looking activity they come across, whether they in their heart feel like it's a threat, just to meet the quota," Strange said. Strange and other air marshals said the quota allows the government to fill a database with bad information. A Las Vegas air marshal said he didn't write an SDR every month for exactly that reason. "Well, it's intelligence information, and like any system, if you put garbage in, you get garbage out," the air marshal said. "I would like to see an investigation -- a real investigation conducted into the ways things are done here," the air marshal in Las Vegas said. Although the agency strongly denies any presence of a quota system, Las Vegas-based air marshals have produced documents that show their performance review is directly linked to producing SDRs. From rforno at infowarrior.org Tue Jul 25 11:06:33 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 11:06:33 -0400 Subject: [Infowarrior] - A Visual Exploration of Complex Networks Message-ID: A Visual Exploration of Complex Networks by Edit Staff ? Posted July 24, 2006 12:37 AM Complexity is everywhere. It's a structural and organizational principle that reaches almost every field imaginable, from genetics and social networks to food webs and stock markets. Contemporary scientific and technological accomplishments?including mapping the human genome, decoding neural networks and opening up the ocean to exploration?have seen our ability to generate and acquire information outpace our ability to make sense of it. With a surfeit of facts and few ways to synthesize them, "meaningful information" quickly becomes an oxymoron. As our cultural artifacts are increasingly measured in gigabytes and terabytes, organizing, sorting and displaying information in an efficient way is crucial to advancing knowledge. From the incredibly vast (the history of science) to the very small (protein complexes), science's visual dialect renders it both more dynamic and more innovative. Collected here are a few of the many intriguing, and often beautiful, images that illustrate how the whole is more than the sum of its parts. < - > http://www.seedmagazine.com/news/2006/07/look_around_you.php From rforno at infowarrior.org Tue Jul 25 14:32:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 14:32:13 -0400 Subject: [Infowarrior] - Do chief security officers really matter? Message-ID: Do chief security officers really matter? July 25, 2006 7:25 AM PDT Jon Oltsik More than 60 percent of North American organizations with over 1,000 employees have chief information security officers in place. Do these highly paid individuals really make a difference? The answer is yes--with an asterisk. CISOs are very good at getting the most out of security technology defenses and bolstering the IT troops. Unfortunately, CISOs are not as effective in influencing CEOs or corporate culture. Take a look at my latest ESG Research paper for more detail. < - > http://news.com.com/2061-11203_3-6098106.html?part=rss&tag=6098106&subj=news From rforno at infowarrior.org Tue Jul 25 14:53:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 14:53:26 -0400 Subject: [Infowarrior] - OT: The Bottled Water Madness Message-ID: I'm reminded of Lewis Black's skit on the Bottled Water Phenomenon.........rf The Bottled Water Madness http://www.counterpunch.org/lack07252006.html By LARRY LACK The bottled water industry is a prime example of why P.T. Barnum, not Adam Smith, should be anointed as capitalism?s patron saint. Aside from its usefulness in remote areas during disasters and emergencies, bottled water is an entirely needless affectation. The fears about the safety of public water supplies that its purveyors play on are exaggerated nonsense. But the enormous global bottled water industry built on these false fears undercuts public water, disfigures landscapes and exposes trusting bottled water consumers to serious health risks. Hyped by label and advertising images of mountain crags and crystal streams, single serving bottles of plain water (and their flavored and mineral or vitamin-enriched variations) are an omnipresent feature of modern life. Bottled water is less a commodity than a fashion trend. Its hucksters have used advertising to transform their mundane products into icons of health, fitness, youth and beauty, their pushers would have us think, from pristine springs. In 1990, about two billion gallons of bottled water were sold worldwide. By 2003 more than 30 billion gallons were consumed and sales, which in that year topped $35 billion, have continued to rise. Tens of millions of consumers now shun tap water and rely on bottled water exclusively. For this dubious privilege, according to the Natural Resources Defense Council (NRDC), they pay between 240 and 10,000 times the price of tap water ? including ten to fifteen cents per bottle to cover the cost of advertising. Surprisingly, despite all the current outrage over the price of gasoline, most North American consumers are casually forking over more for bottled water ? about a buck a quart ? than they are for gas. Approximately one fourth of all bottled water and as much as 40 per cent of that sold in North America is simply municipal tap water run through filters and treated with minerals or other additives. The rest of the bottled water found in stores is pumped from groundwater aquifers many of which have been severely depleted by these water ?takings?. Safety testing of bottled water is seldom required or done, but published studies indicate that heavy metals and other toxic chemicals as well as health threatening bacteria are found with surprising frequency in bottled water which, ironically, is marketed based on claims of ?purity?. Both chemical and bacterial contaminations tend to increase when water is stored in sealed bottles for long periods of time. Bacteria can get through filtering systems, and, if they are not well managed, these systems themselves may contaminate the water they are meant to purify. A comprehensive 2004 Dutch study found that 40 per cent of 68 commercial mineral waters tested were contaminated with either bacteria or fungi. The study?s author warned that bacteria in bottled water could threaten the health of consumers with compromised immune systems and called for more effective regulation of bottled water. A 1993 study published in the Canadian Journal of Microbiology and a follow-up study in 1998 found that nearly 40 per cent of the samples of bottled water sold in Canada from 1981 through 1997 contained bacteria in excess of applicable safety standards. Bottled water is responsible for an enormous increase in world production of plastic bottles. Surging sales of bottled water coincided with and may help account for a 56 per cent increase in U.S. plastic resin manufacture in the U.S.A. between 1995 and 2001 (from 32 million tons to over 50 million tons annually). Consuming critical supplies of petroleum and natural gas, plastic bottle factories create and release toxic wastes, including benzine, xylene, and oxides of ethylene into the environment. Toxic and carcinogenic constituents of plastic bottles, such as the phthalates that are used to make some containers flexible, can contaminate their contents during transportation or storage. In virtually every part of the world discarded water bottles have become a major component of roadside litter. They also swell landfills and release hazardous toxins into air and water when they are burned in backyard barrels or industrial incinerators. Despite the deliberately misleading circled arrows displayed on water bottles, in most places where they are sold single service bottled water containers are neither recycled nor returnable for refunds. This unsettling information, and a great deal more, is found in a wide-ranging overview of the bottled water business, In the Bottle, An Expos? of the Bottled Water Industry (Polaris Institute, Ottawa, 2005). Thanks to its focus on the consequences of treating water as a commodity, In the Bottle is being used as a study and action guide by environmental and political groups in Canada, including the Council of Canadians and Kairos, Canada?s network of progressive Christians. Authored by the director of the Polaris Institute, Tony Clarke, this initial edition of In the Bottle is offered as an early step in what seems to be a long-range strategy. At the end of each chapter Clarke solicits local information and suggestions from readers by posing questions and requesting email feedback. In the Bottle includes these additional well-documented (no pun intended) facts about the worldwide boom in bottled water: * Nearly one-fifth of North Americans use bottled water exclusively for their daily hydration. Canadians consume more bottled water than coffee, tea, apple juice or milk. In the past two decades bottled water sales have exploded and now far surpass sales of soft drinks and nearly all other sources of revenue for the beverage and food conglomerates that dominate the bottled water business. * Four companies ? two based in the U.S.A., Coca-Cola and PepsiCo, and two in Europe, Nestl? and Danone (the makers of Dannon yogurt) ? account for most worldwide sales of bottled water. Nestl??s bottled water brands, including Perrier, Poland Springs, Pure Life, Calistoga and a dozen others, and Danone?s Evian, Crystal and other brands, are pumped from natural aquifers in many countries, sometimes resulting in dry wells, regional water shortages, and major protests. Pepsi?s Aquafina (North America?s best selling bottled water) and Coke?s Dasani are filtered and/or ?re-mineralized? municipal tap water. (To complicate the corporate picture, under a licensing agreement also markets several of Danone?s brands of water, including Evian and Sparkletts, in North America * Bottled water ads, product label language and illustrations are often egregiously misleading. For example, according to the Polaris report, Alaska Premium Glacier bottled water ?is drawn from the municipal water system in Juneau, Alaska, specifically, pipe # 111241, which is not a glacier?. * In the U.S.A. and Canada, bottled water is subject to far less rigorous testing than tap water. North America?s hundreds of water bottling plants (an In the Bottle appendix lists 70 of these with their sources of water and the brands they produce) are monitored by public health officials whose numbers are minute. Quoting a 1999 Natural Resources Defense Council report (Bottled Water: Pure Drink or Pure Hype?), the Polaris report notes that the U.S. Food and Drug Administration?s bottled water regulatory and safety assurance staff then consisted of less than two full-time positions. * As a result, most water bottling plants in the U.S.A. are inspected only about once every five or six years. The Canadian Food Inspection Agency manages to inspect Canada?s water bottlers, on average, every three years. Yet bottled water ad campaigns encourage consumers to question the safety of public tap water, which in developed countries is constantly monitored and held to strict standards that many bottled waters could not meet. In addition to exposing the pattern of irresponsible practices of the big four players in the bottled water business, In the Bottle makes a compelling case for keeping public water public. It also informs its readers on the pitiful employment record of the $12 billion North American bottled water behemoth which in 2002 provided just 6,709 mostly low-wage jobs. As this report for community water activists recounts the damage done by bottled water ? including depletion of key agricultural aquifers and pesticide contamination of water sold in India (Coke) and subcontracting for slave labor in Burma (Pepsi) ? it tempers outrage with accounts of successful educational campaigns and models for corrective action drawn from the home front in the U.S.A. and Canada. While the report includes lots of useful graphs, pages of footnotes and supporting statistics from many sources, the cascade of information packed into In the Bottle cries out for an index. This one defect aside, the Polaris report offers readers ready access to bottled water basics in a magazine-style format that?s lively and engaging. Combined with its unique distribution strategy of motivating and empowering community groups, In the Bottle may reach and inspire enough readers to produce some useful changes in how communities in North America relate to the water that most of us still take for granted. In the Bottle?sconcluding chapter highlights promising measures ? mostly requiring effective regulation by government ? for reducing the health risks and environmental damage caused by the excesses of the bottled water juggernaut. Apart from the obvious fstep we all can take by staying off bottled water ourselves [we were never on it, Editors] and encouraging others to do so, first among the sensible policies In the Bottle recommends is adequate funding for rebuilding public water infrastructure. Future editions of the Polaris report should include an account of the quirky but determined Water Liberation Movement in Germany. Its adherents, after calculating that more than one per cent of Europe?s surface waters had been ?locked in bottles?, invaded supermarkets and convenience stores in groups and poured all the bottled water they could grab into drains, green strips and gutters on the streets outside. Their hope was that the water they were ?liberating? from those bottles would recharge the desiccated water cycle and be on tap to slake the thirst of prodigal humanity while coursing non-commercially to the sea. Larry Lack is a writer living in New Brunswick, Canada. He can be reached at lackward at nbnet.nb.ca From rforno at infowarrior.org Tue Jul 25 22:37:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 22:37:40 -0400 Subject: [Infowarrior] - Malware Evolution: MacOS X Vulnerabilities 2005 - 2006 Message-ID: Malware Evolution: MacOS X Vulnerabilities 2005 - 2006 Claudiu Dumitru This article looks at vulnerabilities detected in MacOS X in the first half of 2006. It compares these vulnerabilities to those detected in the first half of 2005, providing an overview of the evolution of threats targeting this increasingly popular platform. < - > http://www.viruslist.com/en/analysis?pubid=191968025 From rforno at infowarrior.org Tue Jul 25 22:43:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jul 2006 22:43:17 -0400 Subject: [Infowarrior] - Judge Rejects Customer Suit Over Records From AT&T Message-ID: July 26, 2006 Judge Rejects Customer Suit Over Records From AT&T By ADAM LIPTAK http://www.nytimes.com/2006/07/26/us/26nsa.html?_r=1&oref=slogin&pagewanted= print A federal judge in Chicago dismissed a class-action lawsuit yesterday against AT&T claiming it had illegally given information about its customers to the National Security Agency. The judge, Matthew F. Kennelly of Federal District Court, based his ruling on the state secrets privilege, which can bar suits that would disclose information harmful to national security. The ruling is at first blush at odds with a decision last week by a federal judge in San Francisco. That judge, Vaughn R. Walker of Federal District Court for the Northern District of California, allowed a similar suit against AT&T to proceed notwithstanding the state secrets privilege. But the two decisions can be reconciled, Judge Kennelly wrote. The Chicago case concerns records of phone calls, including when they were placed, how long they lasted and the phone numbers involved. The San Francisco case, by contrast, mainly concerns an N.S.A. program aimed not at a vast sweep of customers? records but at the contents of a more limited number of communications. Because the Bush administration has confirmed the existence of such targeted wiretapping, the San Francisco suit could proceed without running afoul of the state secrets privilege, Judge Walker ruled last week. ??The government has opened the door for judicial inquiry,? he wrote, ?by publicly confirming and denying material information about its monitoring of communications content.? In his decision yesterday, Judge Kennelly said there had been no comparable confirmation by the government or AT&T of ?the existence or nonexistence of AT&T?s claimed record turnover.? He refused to rely on news accounts of the program as proof of its existence and noted that ?no executive branch official has officially confirmed or denied the existence of any program to obtain large quantities of customer telephone records.? The case was brought by the journalist Studs Terkel, five other individual plaintiffs and the American Civil Liberties Union of Illinois. They argued that the program violated a federal law that forbids the disclosure of some customer records to the government, and they sought a court order to stop it. Among the papers the government submitted to Judge Kennelly to urge the dismissal of the case on state secrets grounds was a declaration from John D. Negroponte, the director of national intelligence. ?Even confirming that a certain intelligence activity or relationship does not exist, either in general or with respect to specific targets or channels,? Mr. Negroponte said, ?would cause harm to the national security because alerting our adversaries to channels or individuals that are not under surveillance could likewise help them avoid detection.? Judge Kennelly noted his ?great antipathy? for dismissing the suit. ?Nothing in this opinion,? he wrote, ?prevents the plaintiffs from using the legislative process, not to mention their right of free speech, to seek further inquiry by the executive and legislative branches into the allegations in their complaint.? More than 30 lawsuits over government surveillance programs are pending in the nation. Only one, in Detroit, has moved beyond questions of procedure and privilege to consider the legality of the wiretapping program. A decision in that case is expected soon. From rforno at infowarrior.org Wed Jul 26 08:42:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jul 2006 08:42:19 -0400 Subject: [Infowarrior] - Ashcroft Nostalgia Message-ID: Ashcroft Nostalgia http://www.washingtonpost.com/wp-dyn/content/article/2006/07/25/AR2006072501 308_pf.html By Ruth Marcus Wednesday, July 26, 2006; A17 Alberto Gonzales is achieving something remarkable, even miraculous, as attorney general: He is making John Ashcroft look good. I was no fan of President Bush's first attorney general, who may be best remembered for holding prayer breakfasts with department brass, hiding the bare-breasted statue in the Great Hall of Justice behind an $8,000 set of drapes, and warning darkly that those who differed with administration policy were giving aid to terrorists. But as I watched Gonzales testify before the Senate Judiciary Committee last week, it struck me: In terms of competence (the skill with which he handles the job) and character (willingness to stand up to the president), Gonzales is enough to make you yearn for the good old Ashcroft days. Gonzales is an amiable man, not nearly so polarizing or ideological as his predecessor. If you were given the old desert-island choice between the two, he would be the better option -- more likely to share the rainwater, less likely to make you listen to him sing. (If you've ever heard Ashcroft's "Let the Eagle Soar," you know what I mean.) Where Ashcroft was hard-edged and combative, Gonzales is pleasant and seemingly imperturbable. He's always reminded me a bit of the Pillsbury doughboy: No matter how hard he's poked, he springs back, smiling. At the start of last week's hearing, Senate Judiciary Committee Chairman Arlen Specter (R-Pa.), sounding like an exasperated high school English teacher, chastised Gonzales for failing to turn in his prepared statement on time. The attorney general sat silent, then calmly delivered the tardy testimony. The next three hours and 40 minutes illustrated just about everything that is wrong with Gonzales's Justice. There is no polite way to put this: Gonzales doesn't seem to have an adequate grasp of what's happening in his own department or much influence in setting administration policy. Asked about House-passed legislation that would bar Justice from enforcing a year-old law requiring trigger locks on newly sold handguns, Gonzales said he was "not aware of" the dispute. Asked about his department's prosecutions of corrupt Border Patrol agents (described in a front-page story in this newspaper), Gonzales said he would "have to get back to you." And when Sen. Edward M. Kennedy (D-Mass.) inquired whether the administration supported reauthorization of the Voting Rights Act as passed by the House, Gonzales didn't seem empowered to give him a straight answer -- though the Judiciary Committee was set to take up the measure that afternoon. "I don't know if I'm in a position to state that as an administration we're going to support that," Gonzales said. Gonzales as witness is a maddening exercise in jello-nailing. "I'm going to move on and accept your non-answer, because I don't think I'm going to get anything more on that subject, and perhaps nothing more on the next subject," Specter told Gonzales after a fruitless line of questioning about whether Justice was -- as the attorney general had said in May -- considering prosecuting journalists for publishing leaks. Specter's bleak prediction proved accurate. When he asked Gonzales about the attorney general's previous assurance that the National Security Agency's electronic surveillance was the only program not subject to judicial authorization, this illuminating exchange ensued. Gonzales: "I'm not sure that those are the words that I used, Mr. Chairman." Specter: "Well, the substance of the words you used." Gonzales: "Those are the substance of the words I used, but those are not the exact words that I used." At which point Specter gave up and changed topics. Sen. Patrick Leahy (D-Vt.) didn't fare any better on military tribunals. Leahy asked whether Congress should simply ratify the existing system, as an assistant attorney general had urged the previous week. Gonzales: "That would certainly be one alternative that Congress could consider, Senator Leahy." Leahy, trying again: "Is that the administration's position, yes or no?" Gonzales: "I don't believe the administration has a position as to where Congress should begin its deliberations." Well, that was informative. The big news of the hearing -- that the president had in effect killed an internal Justice investigation into the domestic spying program by refusing to grant the necessary security clearances to department lawyers -- underscores the most disturbing aspect of Gonzales's tenure: his lack of independence from the president. If Gonzales disagreed with this move -- a bad call and an even worse precedent -- he offered no hint of it at the hearing. This is not a surprise -- after all, Gonzales's entire public career is entwined with that of George W. Bush -- but it is a disappointment. Ashcroft at least clashed with the White House over detainee policy (he fought internally to give citizens detained as enemy combatants access to counsel) and warrantless surveillance (he refused when Gonzales came to his hospital room asking that he sign papers extending the program). To his credit, Gonzales did resist -- he supposedly threatened to quit -- when the president, pummeled by congressional Republicans over the search of a Democratic congressman's office, considered ordering Justice to return the documents. But Attorney General Gonzales doesn't seem to have any less zeal for unbridled presidential power -- or any less willingness to make outlandish arguments on its behalf -- than did White House Counsel Gonzales. Which is precisely why he shouldn't be there in the first place -- and why I am experiencing intermittent twinges of a most unexpected emotion: Ashcroft nostalgia. marcusr at washpost.com From rforno at infowarrior.org Wed Jul 26 22:51:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jul 2006 22:51:09 -0400 Subject: [Infowarrior] - Officials Urge Law to Allow Eavesdropping Message-ID: Officials Urge Law to Allow Eavesdropping Foreign Calls Routed Through U.S. at Issue http://www.washingtonpost.com/wp-dyn/content/article/2006/07/25/AR2006072500 992_pf.html By Walter Pincus Washington Post Staff Writer Thursday, July 27, 2006; A02 Senior Justice Department and intelligence officials urged Congress yesterday to approve new laws to accommodate the government's controversial warrantless eavesdropping program. Arguing that the 1978 law governing surveillance of terrorists is out of step with current technology, the officials, appearing before the Senate Judiciary Committee, said they previously had not sought new legislation to avoid disclosing a key part of the operation. That is the ability to intercept foreign phone calls and e-mails no matter what their destination as they pass through telecommunications facilities inside the United States, said Lt. Gen. Keith B. Alexander, director of the National Security Agency. But in the wake of media disclosures about the spying, that is no longer the case. "What's happened in the last seven months is that much of this program has already been put out into the public domain," said CIA Director Michael V. Hayden. "That inoculates some of the discussion we're having today against some of the downside." President Bush launched the program shortly after the Sept. 11, 2001, attacks, allowing eavesdropping without court warrants on phone calls and e-mails between the United States and locations overseas if one party was suspected of links to terrorists. As part of a proposed deal with Bush to submit the program to court review, the Senate Judiciary Committee is considering changes to the 1978 Foreign Intelligence Surveillance Act (FISA), which governs surveillance of suspected terrorists and spies. What Alexander and Hayden described to the senators are vast facilities that route foreign-to-foreign communications through the United States, where they are readily accessible to the NSA. Alexander testified that because no U.S. court order is needed to acquire communications of foreign intelligence targets overseas, even when they call to the United States, "it ought not to matter whether we do so from the United States or elsewhere." Sen. Dianne Feinstein (D-Calif.), a member of the Judiciary Committee and the Select Committee on Intelligence who has been briefed on the NSA program, said Alexander had "for the first time" told the Judiciary panel about "foreign-to-foreign switching." She said based on what she had learned in secret briefings about the number of U.S. citizens subject to wiretaps, the surveillance program "is easily accommodatable to an individual warrant for U.S. persons." Alexander disagreed. "If you were in hot pursuit, with the number of applications that you would have to make" for court warrants "and the times to make those, you could never catch up to the target," he said. Another witness at yesterday's hearing, Steven G. Bradbury, an acting assistant attorney general, made it clear that legislation introduced by Judiciary Committee Chairman Arlen Specter (R-Pa.) after negotiations with the White House would "encourage" -- but not require -- Bush or a future president to present any future surveillance program to the secret FISA court for approval. "It would be a very substantial change in FISA today by adding a new title that would give the court jurisdiction to review such a program on a program-wide basis," Bradbury said. "It is an important new tool that any president would have going forward." But Bradbury stressed that the president retained authority to institute such a program on his own and that Bush's pledge to submit the program for judicial review was only "if the chairman's legislation were enacted in its current form or with the further amendments sought by the administration." Bradbury also said Specter's proposal that civil litigation involving companies cooperating in the surveillance program be transferred to the FISA court was done "to ensure protection of sensitive national security information and promote uniformity in the law." ? 2006 The Washington Post Company From rforno at infowarrior.org Wed Jul 26 22:54:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jul 2006 22:54:17 -0400 Subject: [Infowarrior] - Police Blotter: Laptop border searches OK'd Message-ID: Police Blotter: Laptop border searches OK'd By Declan McCullagh http://news.com.com/Police+Blotter+Laptop+border+searches+OKd/2100-1030_3-60 98939.html Story last modified Wed Jul 26 18:12:18 PDT 2006 "Police blotter" is a weekly CNET News.com report on the intersection of technology and the law. What: A business traveler protests the warrantless search and seizure of his laptop by Homeland Security at the U.S.-Canada border. When: 9th Circuit Court of Appeals rules on July 24. Outcome: Three-judge panel unanimously says that border police may conduct random searches of laptops without search warrants or probable cause. These searches can include seizing the laptop and subjecting it to extensive forensic analysis. What happened, according to court documents: In January 2004, Stuart Romm traveled to Las Vegas to attend a training seminar for his new employer. Then, on Feb. 1, Romm continued the business trip by boarding a flight to Kelowna, British Columbia. Romm was denied entry by the Canadian authorities because of his criminal history. When he returned to the Seattle-Tacoma airport, he was interviewed by two agents of Homeland Security's Immigration and Customs Enforcement division. They asked to search his laptop, and Romm agreed. Agent Camille Sugrue would later testify that she used the "EnCase" software to do a forensic analysis of Romm's hard drive. That analysis and a subsequent one found some 42 child pornography images, which had been present in the cache used by Romm's Web browser and then deleted. But because in most operating systems, only the directory entry is removed when a file is "deleted," the forensic analysis was able to recover the actual files. During the trial, Romm's attorney asked that the evidence from the border search be suppressed. The trial judge disagreed. Romm was eventually sentenced to two concurrent terms of 10 and 15 years for knowingly receiving and knowingly possessing child pornography. The 9th Circuit refused to overturn his conviction, ruling that American citizens effectively enjoy no right to privacy when stopped at the border. "We hold first that the ICE's forensic analysis of Romm's laptop was permissible without probable cause or a warrant under the border search doctrine," wrote Judge Carlos Bea. Joining him in the decision were Judges David Thompson and Betty Fletcher. Bea cited the 1985 case of U.S. v. Montoya de Hernandez, in which a woman arriving in Los Angeles from Columbia was detained. Police believed she had swallowed balloons filled with cocaine, even though the court said they had no "clear indication" of it and did not have probable cause to search her. Nevertheless, the Supreme Court said police could rectally examine De Hernandez because it was a border crossing and, essentially, anything goes. (The rectal examination, by the way, did find 88 balloons filled with cocaine that had been smuggled in her alimentary canal.) Justices William Brennan and Thurgood Marshall dissented. They said the situation De Hernandez experienced had "the hallmark of a police state." "To be sure, the court today invokes precedent stating that neither probable cause nor a warrant ever have been required for border searches," Brennan wrote. "If this is the law as a general matter, I believe it is time that we re-examine its foundations." But Brennan and Marshall were outvoted by their fellow justices, who ruled that the drug war trumped privacy, citing a "veritable national crisis in law enforcement caused by smuggling of illicit narcotics." Today their decision means that laptop-toting travelers should expect no privacy either. As an aside, a report last year from a U.S.-based marijuana activist says U.S. border guards looked through her digital camera snapshots and likely browsed through her laptop's contents. A London-based correspondent for The Economist magazine once reported similar firsthand experiences, and a 1998 article in The New York Times described how British customs scan laptops for sexual material. Here are some tips on using encryption to protect your privacy. Excerpt from the court's opinion (Click here for PDF): "First, we address whether the forensic analysis of Romm's laptop falls under the border search exception to the warrant requirement...Under the border search exception, the government may conduct routine searches of persons entering the United States without probable cause, reasonable suspicion, or a warrant. For Fourth Amendment purposes, an international airport terminal is the "functional equivalent" of a border. Thus, passengers deplaning from an international flight are subject to routine border searches. Romm argues he was not subject to a warrantless border search because he never legally crossed the U.S.-Canada border. We have held the government must be reasonably certain that the object of a border search has crossed the border to conduct a valid border search....In all these cases, however, the issue was whether the person searched had physically crossed the border. There is no authority for the proposition that a person who fails to obtain legal entry at his destination may freely re-enter the United States; to the contrary, he or she may be searched just like any other person crossing the border. Nor will we carve out an "official restraint" exception to the border search doctrine, as Romm advocates. We assume for the sake of argument that a person who, like Romm, is detained abroad has no opportunity to obtain foreign contraband. Even so, the border search doctrine is not limited to those cases where the searching officers have reason to suspect the entrant may be carrying foreign contraband. Instead, 'searches made at the border...are reasonable simply by virtue of the fact that they occur at the border.' Thus, the routine border search of Romm's laptop was reasonable, regardless whether Romm obtained foreign contraband in Canada or was under "official restraint." In sum, we hold first that the ICE's forensic analysis of Romm's laptop was permissible without probable cause or a warrant under the border search doctrine." From rforno at infowarrior.org Wed Jul 26 22:55:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jul 2006 22:55:29 -0400 Subject: [Infowarrior] - Apple's Copy Protection Isn't Just Bad For Consumers, It's Bad For Business Message-ID: Opinion: Apple's Copy Protection Isn't Just Bad For Consumers, It's Bad For Business Apple's copy-protection technology makes media companies into its servants. Other copy-protection technologies, like Blu-Ray and HD-DVD, are just as bad, says Internet activist Cory Doctorow. By Cory Doctorow, InformationWeek July 26, 2006 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=191000408 When it comes to anti-copying technology, there are two possible outcomes: either you have a popular single-vendor system that's bad for the industry and general public, or you have a multi-vendor system that's bad for the industry and general public. Apple Computer's iTunes is hailed as the first really "balanced" copy-restriction system. Unlike the copy-restrictions built into failed systems from the likes of Sony, Toshiba, and Microsoft, the anti-copying/anti-use stuff in iTunes doesn't seem to have deterred the public from buying iTunes music and the iPods that play it. Indeed, more than a billion iTunes have been sold around the world. That only amounts to a couple CDs' worth of tracks on every iPod, but still, that's not bad, especially in a field where the big success stories to date have been digital music stores that managed to go out of business without costing their backers too much. Steve Jobs and Apple managed to lure the music industry into licensing the copyrights for the iTunes Music Store even though the Store's use-restrictions are comparatively mild. There's a bit of region-coding -- you pay a per-download charge based on the country your credit-card is billed to. There's a bit of multi-use restriction -- only five CPUs can be registered to a given iTunes account at a time. There are some miscellaneous restrictions, including ones that are genuinely bizarre, like limiting the number of times you can burn a given playlist. Removing iTunes's DRM is pretty straightforward. It's time-consuming, but it's not too difficult. You just have to burn a CD with the tracks, re-rip the CD tracks as MP3s, and re-enter the metadata, like title and artist. This doesn't work as well for the expensive audiobooks Apple sells, which generally come in chunks too large to fit on a CD. So far, so good. The iPod is the number one music player in the world. iTunes is the number one digital music store in the world. Customers don't seem to care if there are restrictions on the media Steve Jobs sells them -- though you'd be hard pressed to find someone who values those restrictions. No Apple customer woke up this morning wishing for a way to do less with her music. But there's one restriction that's so obvious it never gets mentioned. This restriction does a lot of harm to Apple's suppliers in the music industry. That obvious restriction: No one but Apple is allowed to make players for iTunes Music Store songs, and no one but Apple can sell you proprietary file-format music that will play on the iPod. In some respects, that's not too different from other proprietary platforms, of course. No one but Microsoft makes Word. But there's a huge difference between Word and iTunes: Word is protected only by market forces, while iTunes enjoys the protection of a corrupt law that gives Apple the right to exclude competitors from the market. iTunes is protected by the anti-circumvention provisions in the 1998 Digital Millennium Copyright Act (DMCA), itself a law passed to comply with the 1996 UN World Intellectual Property Organization (WIPO) "Internet Treaties." The DMCA makes it a crime to circumvent "effective means of access control." That means that breaking the locks off a digital work is illegal, even if you're breaking the lock to accomplish a legal end. It's otherwise legal to back up a DVD, or put a song on a home media-server, or quote an ebook in a college essay. But if you have to break through some copy-restriction technology to do this, you're breaking the law. It doesn't even matter if you're the creator of the work the lock controls! You can't even access your own work on your own terms if you need to break a lock to do it. The DMCA makes the kind of reverse-engineering that's commonplace in most industries illegal in copyright works. For example, in the software industry, it's legal to reverse-engineering a file-format in order to make a competing product. The reason: The government and the courts created copyright to provide an incentive to creativity, not to create opportunities to exclude competitors from the marketplace. Reverse engineering is a common practice in most industries. You can reverse-engineer a blender and make your own blades, you can reverse-engineer a car and make your own muffler, and you can reverse-engineer a document and make a compatible reader. Apple loves to reverse-engineer -- from Keynote to TextEdit to Mail.app, Apple loves reverse-engineering its competitors' products and making its own competing products. But the iTunes/iPod product line is off-limits to this kind of reverse-engineering. No one but Apple can authorize an iTunes/iPod competitor, and Apple's not exactly enthusiastic about such authorization --the one major effort to date was the stillborn Motorola ROKR phone, which was so crippled by ridiculous Apple-driven restrictions that it barely made a ripple as it sank to the bottom of the cesspool of failed electronics. It's easy to see how banning reverse-engineering is bad for Apple's customers. The ban creates a monopolistic lock-in that invites bad behavior that would otherwise be checked by competition. Apple has already demonstrated its willingness to abuse its monopoly over iTunes players by shipping "updates" to iTunes that add new restrictions to the songs its customers have already purchased. The business model of buying music on the Internet is that one buys a "license" for certain uses, but the company that supplies the product to you can revoke parts of the license, and there's nothing you can do about it. This is just abuse. Worse still: Apple's competition-proof music makes switching away from its product expensive for Apple's customers. The world of consumer electronics changes quickly and you'd have to be a fool to believe that no one will ever make a superior portable music player to the iPod. iPods and other walkmans have a low price-point and turn over often -- it's no coincidence that Apple's iPods are made out of materials that scratch if your breathe on them and look like they've been through a rock-tumbler after a couple weeks in your pocket -- which means that you're likely to be in the market for a new one every year or two. So say that in 2008, Creative finally manages to nail an iPod killer just as you're ready to retire your 2006 iPod Nano. At $180 for the new device, it's a no-brainer to pick one up on your next Amazon run or duty-free trip. But say you're the kind of iPod user who also buys the occasional iTunes Music Store song. Just one or two a month, maybe 20 a year. If you do that every year from the year the Music Store launched, you'll have 100 tracks by 2008. That's a $99 investment in music that only plays on the iPod/iTunes combo. Creative won't play Apple's music, and if Creative tries to do so, they'll find themselves in legal jeopardy under the DMCA, which would give Apple the right to sue them for trying. At 20 tracks a year, you add 50 percent to the cost of switching away from an iPod in five years. In ten years, you double the cost. And if you buy more than 20 tracks a year -- or splurge for audiobooks, full albums and other high-ticket iTunes Music Store items -- you'll find yourself in hock for thousands of dollars that you'll flush away if you change vendors. Sure, you could conceivably burn and rip all that music (except the audiobooks, which will come out mangled into 70-minute chunks) if you want to spend a couple days with your burner, and don't mind retyping all that tedious metadata. The more music you have -- the better a customer you've been for the iTunes Music Store -- the more onerous this task becomes. Incidentally, you may have heard that Creative has finally decided to enforce one of its bogus patents against Apple (hierarchical menus on digital music players -- what thicko Patent Inspector considered that to be "non-obvious to a skilled practitioner of the art?" I'd give long odds that if Creative prevails, it will ask for a license to play iTunes music on its players as part of the settlement. At the end of the day, though, we customers can always vote with our wallets. That's what many of us have done: P2P file-sharing of infringing music is the fastest-adopted technology in the history of the world. Even loyal iTunes customers are not filling their 10,000-song iPods at $0.99 a track (nor does the average 10,000-song-iPod-owner have a thousand CDs waiting to be ripped at home). Creative Commons-licensed music, public domain music and other freely sharable content accounts for some of those hard-disk sectors to be sure. But the customer has decided, by and large, to avoid Apple's lock-in by not buying anything at all -- they've joined the majority of Internet users in decided that copyright infringement is your best entertainment dollar. The music industry doesn't have the option of avoiding commercial decisions. They have to sell music -- that's what they're in business for --and that means that they have to go where the distribution channels are. The biggest, most successful, most powerful of those channels is Apple's. Apple has sold more than a billion of the music industry's tracks through that channel, and it controls it from top to bottom. The industry discovered this the hard way last year when Warner Music's Edgar Bronfman, Jr. proposed a differential pricing model for iTunes -- more than $0.99 for front-list titles, discounts for the backlist. I don't like the sound of that much, but the important thing is what Steve Jobs thought of it. He hated the idea. It died. The CEO of one of the largest music companies in the world went to a mere retailer and asked for the tiniest flexibility in its marketing plans and was all but laughed out of the board-room. Why not? If Apple doesn't want to give in to Warner's terms, what's Warner going to do? Withdraw its iTunes licenses? Sell exclusively over Rhapsody or Yahoo Music? Lots of luck selling music that won't play on the world's most popular music player. That's the real irony. The music industry provided the bait to Apple, in the form of the regulatory monopolies it receives over its copyrights. Apple hijacked that monopoly and used it to hook us. Warner can't authorize Real or Yahoo or Microsoft to break Apple's copy restriction in order to enable its own music to be copied onto a new device. Even though they hold those copyrights, they have lost control over their destiny. It's not just Warner, either. Through 2005 and 2006, Sony BMG music faced global lawsuits after it deployed millions of CDs infected with a crippling anti-copying technology called XCP that used a rootkit to disguise itself. Researchers who decompiled XCP noted that it contained code from a program that is used to circumvent iTunes copy-restriction. Many have suggested that Sony chose its cowboy DRM vendors based on their willingness to put Sony's music on Apple's players without going through the iTunes Music Store. European nations such as France, Norway and Denmark have announced regulatory and lawmaking interventions in the iTunes business model, often with the quiet approval of the record companies, who hope to force Apple to open iTunes to other DRM vendors. Is that the answer, then? Standardized crippleware that can be implemented by all comers? There are lots of these efforts underway, from the well-known (Blu-Ray, HD-DVD) to the obscure (Coral, the Broadcast Flag, DVB-CPCM). These specifications are hammered out by multi-party consortia, with oversight from the entertainment industry. I've attended my share of these meetings and "oversight" is putting it mildly -- the entertainment industry runs those consortia, shouting where necessary, threatening to withhold content from the platform, even (in the case of the Broadcast Flag), threatening to complain to powerful Congressional Chairmen. And therein lies the rub. Steve Jobs really doesn't care how many CPUs you play an iTune on, or whether you burn a playlist seven or 10 times. He wants you to get locked into iPods, not fall prey to some pie-in-the-sky pipe-dream where "consumers" pay for "features" like pausing a track or playing it in a different country. Steve Jobs's crippleware exists only to lure the entertainment industry in, not to control you in any meaningful way. But where you have a multi-party negotiation, you have a much weaker bargaining position. At the Broadcast Flag meetings in Hollywood a couple years ago, the studios caused a near-meltdown by announcing, four-fifths of the way through the process, that they weren't interested in ever approving single-vendor DRMs from Microsoft or Philips, but would welcome the giant, brawling consortia like 5C and 4C, whom they could play like a fiddle. Look at Blu-Ray and DVD-HD, where you have two competing consortia, for a view of how bad this can get. These two consortia have spent the past several years locked in a race to the bottom, competing to see who could announce the least-capable device and therefore command the lion's share of Hollywood films licensed for its platform. The battle came to an end when Blu-Ray added the most comprehensively dumb feature to its spec: region-coding, something that everyone agreed had been a miserable failure with old, standard DVDs. Ironically, these consortia DRM aren't any better for the entertainment industry than the single-vendor systems are. A DRM designed by the studios is a DRM that is destined to fail. This is an industry that believes in suing its customers. That believes in frisking moviegoers and patrolling the aisles with infra-red goggles. That characterized skipping commercials on TV as theft (though "a certain amount of bathroom activity would be tolerated"). That believed that the VCR was "the Boston Strangler of the American film industry." No matter how many smart, savvy execs there are working within the entertainment juggernauts, the organizations themselves are constitutionally incapable of designing a distribution platform that anyone actually wants to buy. So they sink their money and time into these dead-on-arrival systems, and lose money (at least Steve Jobs cuts them the occasional check). And those customers who get suckered into buying their devices end up with the consumer electronics equivalent of toxic waste, crud that treats its owner as a suspect and only grudgingly allows the least functionality. There's no good answer to designing a "good DRM." Or rather, no DRM is good DRM. iTunes is instructive again in this regard: Apple sold a billion tracks in three years in spite of its DRM, not because of it. No Apple customer bought an iTune because of the DRM. What's more, every track in the iTunes music store can be downloaded for free from P2P networks. Apple proves that you can sell music without DRM all day long -- all adding DRM to Apple's music does is give Apple the ability to abuse its customers and its partners from the labels. That's a lesson Yahoo Music has taken to heart -- they're abandoning DRM, shipping MP3s, and putting their engineering effort into producing a superior product. Cory Doctorow is co-editor of the Boing Boing blog, as well as a journalist, Internet activist, and science fiction writer. From rforno at infowarrior.org Wed Jul 26 23:05:57 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jul 2006 23:05:57 -0400 Subject: [Infowarrior] - Verizon 'Unlimited' EV-DO: Limited Message-ID: Verizon 'Unlimited' EV-DO: Limited And usage monitor may be incorrect? Posted 2006-07-26 13:10:40 http://www.broadbandreports.com/shownews/76751 Consumer Affairs realizes something we've been talking about for over a year: that Verizon's "unlimited" wireless EV-DO broadband service is actually limited to 10 gigs a month or so, and features an end-user agreement that restricts everything but simple browsing. A Verizon spokesman dances around the paradox of offering a limited, unlimited service: "Jeffrey Nelson, Verizon Wireless spokesman, said that calling the service, "unlimited" is not misleading. "It's very clear in all the legal materials we put out," he said. "It's unlimited amounts of data for certain types of data," he said. Consumer Affairs received a letter warning them that they had consumed more than 10 gigs in a month, when the outfit's own usage logs indicated they'd downloaded less than 2 gigs during the past year. "The letter also said our "10 Gigabytes" in 30 days was, "more than 40 times that of a typical user." That would mean the "typical user" only downloads about 8.3 megabytes per day - good for less than 12 seconds of constant downloading at the service's average speed." A copy of the letter Verizon Wireless sends out can be found here. From rforno at infowarrior.org Thu Jul 27 08:22:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jul 2006 08:22:48 -0400 Subject: [Infowarrior] - ISO 27001: A new standard for IT security Message-ID: ISO 27001: A new standard for IT security Thursday July 27, 2006 (11:01 AM GMT) By: Mikael Vingaard http://www.itmanagersjournal.com/article.pl?sid=06/07/26/1453251 Information security flaws can create havoc within your business operations. The ISO 27001 standard for information security management systems can help to locate existing security problems and prevent future threats before they prove harmful to your organization. ISO 27001 is the new international standard created by the International Standards Organization for Information Security Management Systems. An ISMS is a planned way to managing an organization's information so that it remains secure, by using the right methodology of people, processes, and IT systems. The best practices for ISMS includes a wide range of planning to ensure business continuity, minimize business damage, and maximize ROI and business opportunities. The standard sets out how the planning process should go and specifies the components that must be identified; people, processes, and pratices are essential. Official known as ISO/IEC 27001:2005, this standard, published last October, will replace the British BS7799-2 and the ISO 17799 standard; the latter may, however, be renumbered ISO 27002, but ISO has not made a final statement regarding ISO 17799 renumbering yet. Internationalization of these standards will create a demand for a recognised ISMS certification. Clients in the future may ask whether your organization have achieved ISO 27001 certification. Besides providing "marketing" value, it helps IT managers create a framework, based on a "Plan-Do-Check-Act" approach. If the Sarbanes-Oxley Act is relevant for your business, ISO 27001 could be your best way to get a framework. If SOX is not yet relevant -- if you live outside of the US, for instance -- you may be less interested in it. Successful certification requires a methodical approach, careful consideration of scope, and a thorough understanding of your organization information security needs. Achieving the ISO 27001 certification mitigates the risk of human error, by having sound procedures and regulations. The certification process involves several visits from certified external auditors, who review documents and processes. Any non-compliance must be corrected before their next visit. The time the certification process takes can differ greatly, as no two organizations are alike. There are clear relationships between ISO 27001 and the Sarbanes-Oxley Act's requirement to develop an information security management system that is integrated, comprehensive, and incorporates widely recognized best practices. ISO 27001 is a step toward effecting and demonstrating compliance with the SOX legislation. Getting the ISO 27001 certification also tells your clients that the requirements in SOX section 404 have been successfully passed. You can read the standard -- you may buy it online for $107 from Ansi.org, or for ?90 from British Standards Online, among other places. If your organization is acting under the Sarbanes-Oxley Act or other security legislation, take a look at the ISO 27001 standard. As an international standard and framework for best pratices, it is very good. Any organization can benefit from its "Plan-Do-Check-Act" approach, even without planning to get the certification. Mikael Vingaard, CISSP, works at BSDConsult with the ISO standards and on support and education for the Open/FreeBSD OS. From rforno at infowarrior.org Thu Jul 27 10:30:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jul 2006 10:30:29 -0400 Subject: [Infowarrior] - Makers of 'Kazaa' software settle global piracy lawsuits Message-ID: Makers of 'Kazaa' software settle global piracy lawsuits Updated 7/27/2006 8:04 AM ET E-mail | Save | Print | http://www.usatoday.com/tech/news/2006-07-27-kazaa_x.htm?POE=TECISVA WASHINGTON (AP) ? The company that distributed software called "Kazaa," which made it simple for millions of computer users to download music and movies over the Internet, has settled global lawsuits brought by the entertainment industry, the industry said Thursday. Sharman Networks Ltd., which produced and distributed the popular Kazaa software agreed to pay an unspecified "substantial sum" in penalties. It also promised to "use all reasonable means" to discourage online piracy, including building into its software "robust and secure" ways to frustrate computer users who try to find and download copyrighted music and movies, court papers said. The settlement concludes legal battles against Sharman Networks around the world. "Services based on theft are going legit or going under, and a legal marketplace is showing real promise," said Mitch Bainwol, head of the Washington-based Recording Industry Association of America, the trade group for the largest labels. The head of the Motion Picture Association of America, Dan Glickman, called the settlement an important victory in a historic legal case. Sharman Networks indicated it will negotiate licenses with entertainment companies to distribute music and movies lawfully over its Kazaa service, similar to Apple Inc.'s iTunes service. The settlement does not prohibit Sharman Networks from legally distributing copyrighted files. The Supreme Court ruled last year the entertainment industry can file piracy lawsuits against technology companies caught encouraging customers to steal music and movies over the Internet. Earlier this month, in a related federal lawsuit, a U.S. judge said evidence was "overwhelming" against StreamCast Inc., which produced similar software for downloading music and movies called "Morpheus." Copyright 2006 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Thu Jul 27 14:38:45 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jul 2006 14:38:45 -0400 Subject: [Infowarrior] - New Fingerprint Requirements at Airports Message-ID: New Fingerprint Requirements at Airports - - - - - - - - - - - - http://www.salon.com/wire/ap/archive.html?wire=D8J4EOL00.html By LESLIE MILLER Associated Press Writer July 27,2006 | WASHINGTON -- U.S. residents with green cards, parolees and some Canadians will have their fingerprints checked every time they re-enter the U.S. by air or sea. The new security checks announced Thursday by the Department of Homeland Security are part of the so-called US-VISIT program, which requires border-crossing documents to include a digital photograph and two fingerprints. The program, which currently has 61 million people enrolled from countries except Canada and Mexico, is being slowly phased in. "We have a lot more steps along the way," said Bob Mocny, acting director of the US-VISIT program. Mocny estimates that the new requirement, which will take effect Aug. 28, will add 1 million to 1.5 million enrollees. The purpose of the program is to make sure that their travel documents aren't forged and to screen out criminals. Under US-VISIT, the U.S. government has caught 1,100 criminals at ports of entry, Mocny said. There are between 8 million and 12 million legal permanent residents -- or green-card holders -- in the United States. But only a fraction of them travel outside of the country, Mocny said. Canadians who cross the border to shop, visit or take a holiday won't need to enroll in the program, according to the proposed rule published in the Federal Register. Canadians required to enroll -- including nurses, agricultural workers, students and religious workers -- will only have their fingerprints checked at land ports if a Customs and Border Protection official questions the validity of their documents, Mocny said. Everyone who re-enters the U.S. through an airport or seaport will be checked, he said. The program won't apply to Mexicans coming into the U.S. with a border crossing card. --__ On the Net: Homeland Security Department: http://www.dhs.gov/dhspublic/index.jsp From rforno at infowarrior.org Thu Jul 27 20:34:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jul 2006 20:34:12 -0400 Subject: [Infowarrior] - Billy Bragg gets MySpace's terms of service changed Message-ID: Billy Bragg gets MySpace's terms of service changed http://www.boingboing.net/2006/07/27/billy_bragg_gets_mys.html Billy Bragg's highly publicized campaign against MySpace's crummy, grabby terms of service has been successful. MySpace has revised its terms so that musicians who upload to the site retain control of their works, and MySpace/NewsCorp/Fox can't sell those songs without contracting with the musicians.... Now that the popularity of downloading has made physical manufacturing and distribution no longer necessary, the next generation of artists will not need to surrender all of their rights in order to get their music into the marketplace. It is therefore crucial that they understand, from the moment that they first post music on the internet, the importance of retaining their long term right to exploit the material that they create. This is doubly important on a networking site where many of the songs posted will be by unsigned artists. Ownership of the rights to such material is somewhat ambiguous. Thats why I hope that the groundbreaking decision of MySpace to come down on the side of the artists rights will be followed throughout the industry. I also welcome the new wording of the terms and conditions in which MySpace clarify exactly why they require specific rights and how they intend to use them. Again, I hope more sites follow the lead of MySpace in ensuring the use of clear and transparent language in contracts. The last thing any of us wants to see is a situation in which everyone posting a song on the site has to have a lawyer sitting next to them. From rforno at infowarrior.org Fri Jul 28 09:24:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jul 2006 09:24:42 -0400 Subject: [Infowarrior] - Army to require TPM built-in security Message-ID: UPDATED: Army to require built-in security http://www.fcw.com/article95422-07-26-06-Web By Cheryl Gerber Published on July 26, 2006 Editor's note: This story was updated at 1 p.m. July 27, 2006, to correct that Winbound, not National Semiconductor, offers the Trusted Platform Module. National Semiconductor sold this product line to Winbond May 4, 2005. In the next few weeks, the Army?s Network Enterprise Technology Command (Netcom) will announce that the Trusted Platform Module is a servicewide requirement for hardware-based security in all of its new computers, according to Army officials. TPM will take advantage of security features in Microsoft?s forthcoming Vista operating system. Before Netcom publicly issued its TechCon guidelines, the Army Small Computer Program (ASCP) acted on the requirement in its solicitation and last buy in March. ?We didn?t want to put computers into the Army inventory that will have to be replaced prematurely, so Netcom asked us to institute the requirement before the actual issuance of the TechCon,? said Micki LaForgia, ASCP project director. The upcoming technical guidelines require TPM Version 1.2 as a standard Army configuration baseline for all of the service?s computers. The service will apply the standard configuration during a consolidated purchase next month. Developed by the Trusted Computing Group, TPM is a dedicated security chip on the motherboard that conforms to the group?s standard specifications. Chipmakers have developed TPM versions of their chipsets, such as Intel?s LaGrande Technology and Advanced Micro Device?s Secure Execution Mode. IBM?s product has two TPM-compliant chips -- the Embedded Security Subsystem and ThinkVantage Technology. Hewlett-Packard, Fujitsu and Winbond also offer TPM chips. The Trusted Computing Group was founded in 2003 to develop vendor-neutral standard specifications for hardware and software security that works across multiple platforms. The group has 141 industry members, and many of those contributed to and instituted the standard specifications. From rforno at infowarrior.org Fri Jul 28 09:31:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jul 2006 09:31:15 -0400 Subject: [Infowarrior] - Happy System Admin Day! Message-ID: Friday, July 28th, 2006, is the 7th annual System Administrator Appreciation Day. On this special international day, give your System Administrator something that shows that you truly appreciate their hard work and dedication. Let's face it, System Administrators get no respect 364 days a year. This is the day that all fellow System Administrators across the globe, will be showered with expensive sports cars and large piles of cash in appreciation of their diligent work. But seriously, we are asking for a nice token gift and some public acknowledgement. It's the least you could do. Consider all the daunting tasks and long hours (weekends too.) Let's be honest, sometimes we don't know our System Administrators as well as they know us. Remember this is one day to recognize your System Administrator for their workplace contributions and to promote professional excellence. Thank them for all the things they do for you and your business. http://www.sysadminday.com/ From rforno at infowarrior.org Fri Jul 28 09:33:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jul 2006 09:33:51 -0400 Subject: [Infowarrior] - Teens Online: Not a Freak Zone Message-ID: Teens Online: Not a Freak Zone By Regina Lynn| Also by this reporter 02:00 AM Jul, 28, 2006 http://www.wired.com/news/columns/1,71482-0.html When I look at MySpace.com, I see a revved-up, high-octane, super-turbo-powered version of the internet, early 1990s. Or maybe AOL is a better comparison, a subcommunity built on top of the regular internet and a little to the side. MySpace has all the modern goodies like video and click-to-add-friends networking and interactive event calendars, along with user profiles that remind me of what we used to call "free web pages." But it doesn't have anything the internet didn't already have. I'm talking, of course, about people. Of all kinds. One thing that makes something popular among young people is that it baffles older people. Like cars, rock 'n' roll and mobile phones, MySpace offers new freedoms to teenagers that have many parents scrambling to keep up. "Teens, sex, the internet -- it's the three biggest fears mixed together," says L. Kris Gowen, who teaches human sexuality at Portland State University in Oregon. "It's hard for an adult to think rationally." Gowen has written several sex-ed books for teens. As a veteran of the dot-com era in San Francisco, Gowen has seen firsthand the impact of the internet on sexuality, particularly among youth. She has also seen ignorance, confusion and nervousness among adults -- about the technology more than about teen sexuality. Many parents, teachers and counselors discover what teens are doing online almost entirely through the media. "Media always portray new technology in alarmist, 'the world ends tomorrow' fashion," she says. "You get the sense that MySpace is an online sexual orgy where adults and kids sleep together in some kind of culty illicit community. That's really not what's going on." To show adults a more accurate picture of how teens use the internet, Gowen developed the Virtual Mystery Tour workshop to guide grown-ups through the tools and communities popular among young people. "My goal is to get parents to ask more informed questions so they can have a dialogue with their kid without feeling like they're at a quantum physics lecture," she says. "I want them to be able to ask intelligent questions, to know the lingo, not just 'what's that MySpace thing?'" We don't have a lot of hard data about teenagers' internet use around sex, she explains, mentioning one paper that cited a New York Times Magazine article about teenagers hooking up with each other online. ("In a research paper? That's not evidence!") "We do know that about one in three teens has looked up sex information online," she says. "We know anecdotally some teens are cybering. Teens definitely use the internet to talk about sex and experiment with being a sexual being." But no one knows how many teens have actually used the internet to set up meetings with people they didn't already know, Gowen says. We don't know how many have actively pursued cybersex, or how many have received direct sexual come-ons from adults. A 1999 study (.pdf) from the National Center for Missing and Exploited Children found that one in five internet users aged 10 to 17 were sexually solicited online. The paper defined "sexually solicited" to include everything from requests to meet offline to unwanted exposure to sexual content -- the researchers even included spam. The University of North Carolina's Add Health project, which recently studied the dubious efficacy of virginity pledges, lumps the internet in with other media, Gowen says. I find that shocking. Despite recent attempts to turn the internet into television, it isn't, and it won't ever be. The internet is about connection first, information second, with passive consumption way down the list. Treating the internet as merely another part of "the media" makes no sense, especially around sex. Other media can offer sexual content; the internet, even more than the telephone, offers sexual interaction -- with peers, with educators, with performers and, unfortunately, with creeps, too. The internet is a medium. It's not the media. One exercise in the Virtual Mystery Tour is a reality check in which the group diagrams the subsets of teen online interaction. For example, most teens use instant messaging. Of those, most only converse with their real-life friends and family -- people they already know. You then have a very small subset of kids who IM with strangers, and of them, a smaller percentage that meet up in person. "The at-risk kids, those not getting along with their parents, who have no friends, who are sad or depressed, are more likely to (form online relationships over) IM and meet face to face and then admit the person wasn't what they expected," Gowen says. "The same population at risk for everything else is at risk here." The Virtual Mystery Tour is not an attempt to paint a falsely positive picture that ignores the potential for young internet users to get into dangerous situations. "A few (participants) end up even more horrified, people who say, 'I still think this sucks, I'm going to ban it from my teens," she says. "But that's OK. I can't change everybody. At least I got them looking at it and not being as scared of it." She reassures parents that if their kids have common sense and they trust them in other ways, they're probably going to be able to talk intelligently with parents about what they should and shouldn't do online. And she reminds us that teens, like adults, generally feel freer to express themselves online in a false sense of anonymity and safety, but they often don???t realize the potential consequences that over-sharing can have. One part of the Virtual Mystery Tour focuses on teen identity and how teenagers portray themselves online, especially in youth-oriented communities. As for how much danger teenagers are actually in, Gowen is more interested in what we actually know than what we feel. "Both are important to address, but what's missing is information on what we know," says Gowen, who is also a member of the Sex Drive forum. "For whatever reason, the research community is not asking about (the internet). If they had asked anyone in the (forum), we'd have said, 'You're missing something big.'" See you next Friday, Regina Lynn - - - Regina Lynn invites you to converse with Dr. Gowen and other interesting people in the Sex Drive forum. From rforno at infowarrior.org Fri Jul 28 09:43:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jul 2006 09:43:19 -0400 Subject: [Infowarrior] - Big brother wants a window into VoIP at any cost Message-ID: Big brother wants a window into VoIP at any cost 7/27/2006 5:56:16 PM, by Nate Anderson http://arstechnica.com/news.ars/post/20060727-7372.html The Communications Assistance for Law Enforcement Act (CALEA), passed in 1994, has powered its way back onto the front page this summer, and if you 1) live in the US and 2) pay taxes, you might soon be paying to implement it. And if you're a drug-dealing mobster, you might soon be experiencing it. The FBI wants the ability to tap VoIP calls. To do this, the agency also wants access to all of your network traffic?and it looks like it's on the way to getting it. Following a long set of legal battles, the US Court of Appeals in June upheld 2-1 a newer and broader definition of CALEA's scope that could affect every university and library in the country. While the case may not be fully settled until the Supreme Court hears it, the Justice Department has announced plans to cut the legs out from beneath it. The DoJ proposed a series of amendments to the original legislation which explicitly give the FBI the authority it seeks. Unfortunately for network operators, these amendments could be costly?and the government has no plans to help them foot the bill. If either 1) the amendments pass or 2) the courts uphold the FCC decision, CALEA will open the floodgates for easy government surveillance of Internet activity, and it could cost taxpayers a bundle. What's included in the amendments, and how might they affect you? Let's take a look. >From cell phones to VoIP The FBI wanted greater access to cellular phones in the early 1990s, when the a technology was still in its infancy. Congress gave it to them in CALEA, a law intended to update surveillance authority for new forms of communication. The FBI has taken full advantage of that new authority; in 2005, 91 percent of all government intercepts involved portable devices?mainly mobile phones. But soon after the new law was written, technology leaped ahead. When the rise of broadband connections and VoIP services became too great to ignore any longer, the FBI pushed to expand CALEA's scope, claiming that it needed the new authority to keep up with high-tech criminals. In a 5-0 vote back in 2004, the FCC voted in favor of the FBI's proposals and opened the door to "wiretaps" of broadband networks, which had previously been excluded from wiretapping requirements. The new proposals caused controversy because CALEA had included a series of exemptions for Internet systems. The FBI argued that Congress had never meant to preclude the agency from tapping VoIP calls, and the FCC eventually agreed. The EFF, the Center for Democracy & Technology, and other groups opposed the move to extend the law to the Internet. A lawsuit was filed against the FCC which claimed that the regulator had overstepped its authority and had gone beyond the plain spirit of the law. The courts have now ruled in favor of the FCC, which means that most network operators will need to make their systems wiretap-friendly in 2007. Because of the way the rules were drawn up, the CALEA requirements extend to universities, public libraries, and other institutions that operate networks connected to the public Internet. The rules also make clear that the government will not reimburse operators for the necessary network upgrades. In the past, the FCC specifically elected to classify broadband Internet as a data service rather than a communications service in order to rationalize deregulation. Expanding the scope of CALEA to include Internet surveillance seems somewhat contradictory, since the language of CALEA clearly indicates that the law was intended only for communications services. Universities have been vocal critics of the new rules, claiming they will be fabulously expensive to implement. The government responded by allowing institutions to route all traffic through a Trusted Third Party (TTP) that would handle the necessary filtering and compliance. Costs for such a service could be far lower than the alternative, but this would involve passing all the traffic over a campus network to a private company, and not every university will be excited by the prospect. New CALEA amendments The government hopes to shore up the legal basis for the program by passing amended legislation. The EFF took a look at the amendments and didn't like what it found. According to the Administration, the proposal would "confirm [CALEA's] coverage of push-to-talk, short message service, voice mail service and other communications services offered on a commercial basis to the public," along with "confirm[ing] CALEA's application to providers of broadband Internet access, and certain types of 'Voice-Over-Internet-Protocol' (VOIP)." Many of CALEA's express exceptions and limitations are also removed. Most importantly, while CALEA's applicability currently depends on whether broadband and VOIP can be considered "substantial replacements" for existing telephone services, the new proposal would remove this limit. Also interesting is section 103e, which deals with "network access service assistance requirements." The entire section was added to clarify what, exactly, network operators need to do in order to make their networks wiretap-friendly. The government realizes that it would pose an undue burden on carriers to make them responsible for "looking inside" each packet and filtering it based on content. Instead, the law directs operators to grab the full "stream of wire or electronic communications"?in other words, all network data transmitted by an individual. This stream would then be passed to the government, which would have the job of sifting through it and extracting only the information covered by the court order (VoIP, e-mail, etc.). A government analysis of this section concludes that such a data stream might be too much for the government to handle in real-time. The analysis notes that "some temporary storage or buffering may be necessary" and network operators must "be capable of storing communications and other information or time period specified by the law enforcement agency as necessary to effectuate the interception or access." This provision worries the EFF. One of their lawyers tells Ars that "the bill will put the technology in place to buffer packet streams, and places the job of filtering those streams under government control. We know from the NSA warrantless wiretapping program that the government is not limiting itself to access to under court orders, and the CALEA bill must be considered in light of the capacity it generates." Although the new CALEA amendments make clear that this buffering and filtering will only be used under court supervision, the EFF is justifiably concerned that putting this technology in place on such a broad scale opens the door for abuse. If Congress enacts these CALEA provisions, surveillance can be ordered and analyzed from the comfort of FBI headquarters. Given how easy this could make wiretaps, and given the potential cost of implementation, the question remains: is the new program needed? "Surveillance state?" Each year, the Administrative Office of the United States Courts issues a report on wiretapping. The 2005 version makes for fascinating reading, and throws cold water on the idea that the government conducts massive wiretapping operations of 'Net activity. It also throws cold water on the idea that wiretap applications are hard to get. 1,773 intercepts were recorded last year, while a single one was rejected by the courts. Though many people imagine that "the Feds" do the bulk of such surveillance, reports shows that state police and prosecutors requested far more wiretaps than did their federal counterparts (1,148 to 625). Wiretap operations take, on average, 43 days, though the largest investigation of the year (involving mobsters in New York) took 287 days and netted 51,712 cell phone calls. Encryption was encountered only 13 times, all of them by state officials. None of the encryption systems prevented authorities from getting at the "plain text" of the messages. The vast majority of all wiretaps targeted cellular phones. Electronic taps accounted for only 23 cases, and only eight of those involved computers. This fact alone calls the CALEA expansion into question. If the government does so little electronic surveillance, and has no trouble getting the required court orders, why is it necessary to force every major computer network in the country to spend money to become wiretap-friendly? The FBI can do taps without the new CALEA authority, after all; that was the whole point behind the development of its Carnivore system (the agency now uses off-the-shelf tools). While this requires more work to set up each time a tap is needed, it was done fewer than 10 times last year?hardly a burden for the agency. Court-sanctioned searches aren't the only kind One of the most interesting bits in the 2005 wiretapping report concerned the nature of the alleged offenses. Most of the wiretaps?81 percent?dealt with drug crimes. Second on the list was racketeering. Homicide came third. Gambling was fourth. What's missing here? Terrorism. Given the government's current preoccupation with ferreting out terrorists and stopping potential attacks in their planning stages, it's interesting that terrorism doesn't show up more frequently (it's not even a category on the official chart). Obviously, this raises questions. Is the government truly doing few terrorism-related wiretaps? Or is such information being gained without judicial oversight? The EFF and other civil liberty groups believe that the latter is true. The public's odds of getting definitive answers wouldn't look good to a Vegas gambler, especially after the recent dismissal of the ACLU's case against AT&T, but there's still the possibility that some information will come to light. The EFF's case against the telecom giant is still alive, and it may only be through such cases that the public ever learns just how much of its government's surveillance goes on without oversight?and whether it wants to trust that same government with even broader powers. From rforno at infowarrior.org Fri Jul 28 15:18:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jul 2006 15:18:09 -0400 Subject: [Infowarrior] - Senator blasts Homeland Security's Net efforts Message-ID: Senator blasts Homeland Security's Net efforts By Anne Broache http://news.com.com/Senator+blasts+Homeland+Securitys+Net+efforts/2100-7348_ 3-6099753.html Story last modified Fri Jul 28 11:31:39 PDT 2006 advertisement WASHINGTON--A Republican senator on Friday blasted the U.S. Department of Homeland Security's readiness for a massive cyberattack, saying he hasn't seen any improvements since bringing in department officials for questioning last summer. "Despite spending millions of dollars over the past year, DHS continues to struggle with how to effectively form and maintain effective public-private partnerships in support of cybersecurity," Sen. Tom Coburn of Oklahoma said at a hearing convened by a Senate Homeland Security subcommittee, of which he is chairman. Coburn, the only politician present at the 90-minute hearing, grilled top computer security officials from Homeland Security, the National Security Agency, the Office of Management and Budget, and the Government Accountability Office (GAO). He also asked private-sector companies for suggestions for government action. The Oklahoma senator joined industry groups and congressional colleagues in chiding the agency for failing to appoint a high-level cybersecurity chief one year after the post's creation. He said having a strong leader in charge is critically important to defend against a crippling cyberattack that could take out not only e-commerce and communications capacities, but also "electrical transformers, chemical systems and pipelines" controlled by computers. "There's going to be an assistant secretary (for cybersecurity and telecommunications), I promise you, even if we have to raise the salary for the position," he said. Homeland Security's top cybersecurity post has remained a low- to mid-level position ever since Congress passed a 2002 law that melded 22 federal agencies and made the department chiefly responsible for protecting cyberspace. Numerous audits have faulted the sprawling cabinet department for its lack of readiness to handle large-scale attacks and for shortcomings on its internal networks. That blistering critique continued on Friday with a new GAO report, which accused Homeland Security of failing to finalize clear plans that detail the responsibilities of state and local governments, other federal agencies and the private sector before, during and after Internet disruptions. "Today, no such plan exists" despite a federal mandate to devise one, Keith Rhodes, the GAO's chief technologist, told the committee. DHS Undersecretary of Preparedness George Foresman acknowledged that his department still has much to accomplish, but he suggested the federal auditors' assessment "is much bleaker than what is the actual progress to date." Government officials have been meeting with corporations from vulnerable industries through committees and working groups, the official said, and the department conducted its first major cybersecurity exercise in February, with plans to release a report on lessons learned in the near future. "These lessons, like those of Katrina, will not sit idle," Foresman said. Coburn questioned why Homeland Security has not let private companies take on an even greater role in devising policy. "It just seems to me that if 75 percent of (the nation's infrastructure) is private-sector owned, your bottom line depends on this staying up and working...Why don't you tell us what to do?" he asked. "That's exactly what we're doing," Foresman responded, though he acknowledged it's challenging to work with companies that don't always trust the government with proprietary information that could aid their competitors. An icy Coburn also couldn't resist taking a jab at DHS officials on another front: He said the agency's prepared testimony for the Friday hearing didn't arrive at his office until late Thursday night, despite receiving notice of the event on June 12. The last-minute submission speaks volumes, he said, providing "an example of exactly what's happening in DHS on cybersecurity." Foresman, for his part, assured the senator that the tardiness will not occur in the future and added, "By no means were we trying not to get information to you." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Sat Jul 29 09:20:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Jul 2006 09:20:40 -0400 Subject: [Infowarrior] - Judge rules NFL pre-game patdowns unconstitutional Message-ID: Judge rules against Bucs; league defends pat-downs July 28, 2006 CBS SportsLine.com wire reports http://www.sportsline.com/print/nfl/story/9576028 TAMPA, Fla. -- Security "pat-downs" of fans at Tampa Bay Buccaneers games are unconstitutional and unreasonable, a federal judge ruled Friday, throwing into question the practice at NFL games nationwide. U.S. District Judge James D. Whittemore issued an order siding with a season-ticket holder who had sued to stop the fan searches that began last season after the NFL implemented enhanced security measures. High school civics teacher Gordon Johnson sued the Tampa Sports Authority, which operates the stadium, to stop officials from conducting the "suspicionless" searches. A state judge agreed with Johnston that the searches are likely unconstitutional and halted them. The case was later moved to federal court, where the sports authority sought to have that order thrown out. Whittemore refused Friday, writing that the pat-downs "constitute unreasonable searches under the Florida Constitution and the Fourth Amendment of the United States Constitution." Further, Whittemore said the Tampa Sports Authority failed to establish that the risks outweigh the need to protect the public from unreasonable searches. Howard Simon, executive director of the ACLU of Florida, which sued on Johnston's behalf, said Whittemore's decision could turn out to be significant. "It's obviously not going to govern what's happening around the country, but it's certainly going to be an influential precedent," Simon said. "Other courts may look at it." Simon said he thinks the decision shows that courts are "pushing back" at governmental attempts to violate citizens' civil rights on the basis of a perceived threat of terrorism or crime. Rick Zabak, an attorney for Tampa Sports Authority, said the decision will be appealed. "We're disappointed, and we respectfully disagree with the judge's conclusions," Zabak said. Calls to an NFL spokesman were not immediately returned Friday. In a previous statement, the NFL said "these limited screenings are reasonable and important to the protection of our fans." Another NFL pat-down case made it into federal court last week when the Chicago Park District sued in federal court to challenge the planned searches by police at Chicago Bears games. AP NEWS The Associated Press News Service Copyright 2005-2006, The Associated Press, All Rights Reserved From rforno at infowarrior.org Sat Jul 29 13:02:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Jul 2006 13:02:58 -0400 Subject: [Infowarrior] - Conference on Mathematical Models in Counterterrorism Message-ID: Descartes Conference on Mathematical Models in Counterterrorism http://www.c4ads.org/dcmmc2006 Honorary Chair Vladimir Lefebvre Co-chairs Jerrold Post Newton Howard Stefan Schmidt Organizing Committee Shlomo Argamon Ammar Qusaibaty Alan Steinberg Honoring Vladimir Lefebvre September 28-29, 2006 As violent non-state actors increasingly exploit technology to malignant ends, developing effective counterterrorism methods plays an evermore pervasive role. The 7/11 train bombings in Bombay, 7/7 in London, 3/11 in Madrid, and 9/11 in New York and at the Pentagon--each one of these crises called upon the scientific community to help mitigate the violence and prevent future attacks. In this spirit, the Descartes Conference on Mathematical Models in Counterterrorism addresses some of the latest developments in the application of mathematics to the development of counterterrorism, defense and security methods. Hosted and organized by the Center for Advanced Defense Studies, the conference is concerned with the relevance of mathematics to enhancing national and global security. This year's conference, to be held September 28 and 29, honors distinguished scientist Dr. Vladimir Lefebvre. The main themes of the conference include: * Cognitive psychology, models and reflexive control * Order structures, graph theory, lattice theory and formal concept analysis * Cognitive linguistics * Information retrieval and knowledge discovery * Imaging science and surveillance * Modeling and agent-based simulation Preview the Official Posters of DCMMC 2006 Conference poster Call for papers Become a DCMMC 2006 sponsor From rforno at infowarrior.org Sun Jul 30 12:05:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jul 2006 12:05:32 -0400 Subject: [Infowarrior] - Growing Australian ban on public photography Message-ID: Picture this: city puts photo ban in the frame http://www.theage.com.au/articles/2006/07/29/1153816426869.html THE signs may have come down at Southgate but the restrictions remain on photography in the Yarra River tourist complex. Public indignation followed Monday's posting of the signs that warned: "Southgate thanks you for not taking photographs within the complex unless approved by management." Management's attempts to control public behaviour have drawn political criticism from all quarters, including from Prime Minister John Howard, who described it as over the top. But it also highlights the problems of laws trying to protect or define public rights within private space. "In Australia, our law does not recognise the difference between commercial and private space," said Professor George Williams, an expert in public law at the University of NSW. "The law would say that once you own land you get to control what goes on there. "The basic problem is that so much of our space these days is out of public hands and in control of private enterprise." After acknowledging that the signs' image of a camera defaced with a bright red slash was provocative, Southbank centre's management, Savills Australia, removed the signs on Friday. But Savills' national marketing manager, Loraine Peck, said the company was standing firm. "This does not change the policy, but there are many policies and rules in place to help us manage our centres that are not mentioned on signs in the centre," she said. "We don't have signage saying you can't spit in our centres, and yet we would ask you to stop if you were spotted spitting. "So the signs have come down, but the policy remains the same and will only be enforced in a sensible manner." Civil libertarians were concerned that property managers, venue owners and security guards were not necessarily good judges of appropriate or sensible behaviour. Amateur photographer Val Moss was stopped by a security guard the day after the signs went up. "On Tuesday I was outside the Esso building and Langham's Hotel taking pictures of the Travelodge and Eureka Tower when this Chubb security guard started giving me the eye," said Ms Moss. "She was glaring at me. "She told me not to take pictures, and I told her I was in a public space, then she called her manager." Ms Moss moved 100 metres down the public footpath when she was asked not to take photographs "because of the terrorism overseas". "Do I look like a terrorist?" said Ms Moss. "I am a grandma." Ms Moss was within her rights because she was standing on public land. But the law recognises few public rights on private property, says Professor Williams. "It is a very large debate around the world. It has become a big issue in the US where shopping centres can ban people wearing T-shirts with political slogans, and the courts have sought to define quasi-public spaces." Southgate and the Southbank precinct are not alone. The Shopping Centre Council of Australia said it was "fairly common practice" for photography and filming inside shopping centres to be prohibited without permission from centre management. Melbourne Central management says it encourages photography for personal use of the tourist attractions, such as the shot tower and marionette clock, but there are limits. "At no times do we permit photography in our back-of-house areas, in or surrounding our restrooms and within individual retail tenancies," a spokeswoman said. "There are safety, security, privacy and copyright issues which need to be considered with all photography and filming within the centre, and we reserve the right to ask people to stop filming or photographing if it is deemed inappropriate." The Melbourne Tennis Centre, Olympic Park, Telstra Dome and the MCG were unable to tell The Sunday Age whether they had similar restrictions, or what was "deemed inappropriate" behaviour. It all reflects a culture of suspicion, according to Nick Rains, the spokesman for the Australian Institute of Professional Photographers. "It is not unreasonable for management to want to control commercial photography on their premises, we accept that," Mr Rains said. "But there is an enormous cultural interest in street photography. "We see this as a valid part of our culture and of Western art, and any infringement on that we would take very seriously. "The whole angle of security and terrorism is a bit of a stretch." According to Mr Rains, the actions of Southbank security guards reflect a growing culture of suspicion of photographers. "Security guards can hardly be expected to know the ins and outs of the law, but they are facing people who do know what their rights are," Mr Rains said. "There is a big public image problem for photographers when words like paparazzo, spies and pedophiles are used." From rforno at infowarrior.org Sun Jul 30 22:28:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jul 2006 22:28:13 -0400 Subject: [Infowarrior] - Where Have All The Pay Phones Gone? Message-ID: Where Have All The Pay Phones Gone? http://www.cbsnews.com/stories/2006/07/28/tech/printable1845997.shtml NEW YORK, July 28, 2006(AP) A stroll along Ninth Avenue in Manhattan reveals an ugly picture of the state of the pay phone these days. The phones are sticky, beat up and scarred; some don't work at all. A child's change purse is stuffed on one phone ledge, along with a large wad of wrapping plastic. On a nearby ledge, an empty bottle of tequila sits in front of a hole that once held a phone. Empty cans of malt liquor sheathed in brown paper bags are a frequent sight. With rising cell phone use and vandalism and neglect taking their toll, pay phones are disappearing around the nation. Consumer activists and advocates for the poor have protested the drop in numbers ? saying that public phones are necessary in emergencies and represent a lifeline for those who can't afford a cell phone or even a landline. "If you have a cell phone, you hardly look for the pay phones," said 25-year-old Sayed Mizan, listening to his iPod on a subway platform. "Besides, most of the time if you see the pay phones, they're either out of order or they're too filthy to touch." Public phone operators insist that the bad reputation of pay phones is undeserved ? though they do concede that they have removed many stands in recent years due to falling use. Nationwide, the number of pay phones has dropped by half, to approximately 1 million, over the last nine years, according to an estimate by the American Public Communications Council, a trade association for independent pay phone operators. "If a pay phone isn't covering its costs, we take it out," said Jim Smith, a spokesman for Verizon, which operates more pay phones in New York than any other company. "Toward the late '90s, the wireless phenomenon really got some momentum. That really put the squeeze on the pay phones." The drop in pay-phone numbers angers advocates, who are quick to point out that cell phones ? and sometimes any phones at all ? are prohibitively expensive for many people. A full 7.1 percent of the nation's households had no phone of any kind in November 2005, up from 4.7 percent three years earlier, according to the Federal Communications Commission. For those people, and for the estimated 43 percent of U.S. residents with no cell phones (as of June 2004), pay phones are especially crucial, advocates say. "Pay phones are a big deal for them," Sage Foster said of the homeless men and women he works with as a housing counselor. "For most of them, it's their only means of communication." Pay phones also served an important purpose during two recent catastrophes in New York City ? the Sept. 11 terrorist attacks and the 2003 blackout that darkened much of the Northeast. Cell phones failed during the crises, but many pay phones kept working because of their direct wiring and the phone company's backup power stores. Ragan Belton remembers queuing up at a pay phone with 30 others to call her daughter on Sept. 11. 'God forbid there's an emergency and you have to go several corners to find one that's working," she said. But public telephones were not always regarded as such a blessing. In the late 1970s and early '80s, the phones became increasingly unpopular with community boards and local officials afraid of drug dealers. Eventually, Verizon changed all its phones to refuse incoming calls and removed phone booths, which had become grim repositories for trash and human waste. "There was a time when all kinds of criminal elements would set up a sidewalk office using a pay phone," recalled Smith, the Verizon spokesman. But the phone stands that replaced them are still magnets for trash and vandalism, and some still smell distinctly of urine. "Some operators have just abandoned locations," said Willard R. Nichols, president of the independent operators' trade group. "If you've got vandalism and damage, it's very hard to keep the phone in service, because the repair costs are too high." Despite the rising costs, it is unlikely that pay phones will be phased out entirely, according to industry representatives who say demand remains high in working-class neighborhoods and in locations like truck stops and airports. Marilyn Ginsberg, a retired city employee who at 63 relies almost exclusively on her cell phone, says she hopes they are right. "They're important to have around, if for no other reason than if there's an emergency, someone can dial 911," she said. ?MMVI, The Associated Press. All Rights Reserved. From rforno at infowarrior.org Mon Jul 31 08:59:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jul 2006 08:59:43 -0400 Subject: [Infowarrior] - Why Should Feds Track College Students? Message-ID: http://www.courant.com/news/opinion/op_ed/hc- khwill0731.artjul31,0,984479.story?coll=hc-headlines-oped Why Should Feds Track College Students? July 31, 2006 Does the federal government need to know whether you aced Aristotelian ethics but had to repeat introductory biology? Does it need to know your family's financial profile, how much aid you received and whether you took off a semester to help out at home? The Secretary of Education's Commission on the Future of Higher Education thinks so. In its first draft report, released in late June, the commission called for creation of a tracking system to collect sensitive information about our nation's college students. Its second draft, made public last week, softens the name of the plan, but the essence of the proposal remains unchanged. Whether you call it a "national unit records database" (the first name) or a "consumer-friendly information database" (the second), it is in fact a mandatory federal registry of all American students throughout their collegiate careers - every course, every step, every misstep. Once established, it could easily be linked to existing K-12 and workforce databases to create unprecedented cradle-to-grave tracking of American citizens. All under the watchful eye of the federal government. The commission calls our nation's colleges and universities unaccountable, inefficient and inaccessible. In response it seeks to institute collection of personal information designed to quantify our students' performance in college and in the workforce. But many of us are concerned about invading our students' privacy by feeding confidential educational and personal data, linked to Social Security numbers, into a mandatory national database. Such a database would wrest control over educational records from students and hand it to the government. I'd like the commission to tell me how our students would benefit from our reporting confidential family financial information. Those of us in higher education aren't the only ones with concerns about this. Earlier this month, the National Association of Independent Colleges and Universities released results of a survey that showed the majority of Americans oppose creation of a national system to track students' academic, enrollment and financial aid information. More than 60 percent of those polled opposed the creation of such a system, and 45 percent of those surveyed were "strongly opposed" to the proposal. Privacy groups from both ends of the political spectrum - including the Eagle Forum and the American Civil Liberties Union - criticized an early form of the proposal that Education Department officials were exploring in 2004. We already have efficient systems in place to collect educational statistics. I question why the commission, which shares our concerns about the increased cost of education, would want to create a database that not only violates privacy but also would be very expensive. Our existing systems meet the government's need to inform public policy without intruding on student privacy because they report the data in aggregate form. Colleges and universities report on virtually every aspect of our students' experience - retention and graduation rates, financial aid rates and degrees conferred by major institutions - to the federal and state governments as well as to organizations such as the NCAA and to many publications. The commission seems bent on its Orwellian scheme of collecting extensively detailed, very personal student data. Supporters say it would make higher education more accountable and more affordable for students. Admirable goals, but a strange and forbidding solution. This proposal is a violation of the right to privacy that Americans hold dear. It is against the law. Moreover, there is a mountain of data already out there that can help us understand higher education and its efficacy. And, finally, implementation of such a database, which at its inception would hold "unit" record data on 17 million students, would be an unfunded mandate on institutions and add greatly to the expense of education. At a time when the world acknowledges the strength of the American system of higher education - that it is decentralized, diverse, competitive and independent - why would a commission on the future of higher education want to impose federal regulations and federal bureaucratic monitoring of individual students in the name of "improving" higher education? Katherine Haley Will is president of Gettysburg College and chairwoman-elect of the Annapolis Group, an organization of leading independent liberal arts colleges. This first appeared in The Washington Post. From rforno at infowarrior.org Mon Jul 31 09:10:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jul 2006 09:10:02 -0400 Subject: [Infowarrior] - Comcast DVR Question Message-ID: I've got a SciAtlanta DVR from Comcast here in NoVA. The audio chops out in 4-5 second bursts on various, but not all, cable (not local) channels with an increased frequency these days -- mostly at night...which makes watching a documentary, to say nothing of missing a Jon Stewart punchline, quite annoying. Six months ago, I would lose all audio over channel 96 and DVR functionality until I rebooted the box. That cleared up fairly quickly -- but this new problem is annoying as hell. It's like a cellphone that keeps getting chopped off during hours of peak usage for its customers (eg prime time) Any ideas? Maybe Comcast can't handle so many people watching a channel or surfing the web at a given time? Or is this just a bum box? ...or should I find a non-Comcast box? -rf From rforno at infowarrior.org Mon Jul 31 09:34:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jul 2006 09:34:51 -0400 Subject: [Infowarrior] - DHS to mark "Responsible Dog Ownership Day" ?!? Message-ID: ...words utterly fail me here. Except to wonder if DHS is selling advertising space on its Citizen Corps e-mail messages now? -rf http://blog.washingtonpost.com/earlywarning/2006/07/dog_days_at_homeland_sec urity.html This just in from the KG: The Department of Homeland Security has issued an update on National Preparedness Month, scheduled for September. Want to be particularly vigilant around the five year anniversary of 9/11 to prevent domestic terrorism? Celebrate Responsible Dog Ownership Day. With hurricane season upon us, with the fifth anniversary of 9/11 approaching, with the ?war? against going whole hog, the Department of Homeland Security, the most useless and hopeless entity of the United States government, is involved in a marketing campaign to celebrate National Preparedness Month. < snip > > EVENT REMINDER: RESPONSIBLE DOG OWNERSHIP DAY > > Last week we told you about Responsible Dog Ownership Day, held > nationwide by The American Kennel Club (AKC). We encourage you to hold a > community event that publicly promotes responsible dog ownership during > the month of September. To join the effort this year, visit > http://www.akc.org/clubs/rdod/index.cfm, create an Event Account, and > post an event. Remember - those who confirm the details of their event > by August 1, 2006 will receive a resource-filled packet including > posters, balloons, brochures, sample press releases and other materials > to assist you in ensuring your event's success. From rforno at infowarrior.org Mon Jul 31 21:40:20 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jul 2006 21:40:20 -0400 Subject: [Infowarrior] - Feds Appeal State Secrets Decision Message-ID: Monday, 31 July 2006 Feds Appeal State Secrets Decision nsa lawsuit textThe federal government asked an appeals court Wednesday to immediately hold a hearing on a lower court decision that allows an anti-eavesdropping lawsuit against AT&T to proceed, despite the government's arguments that the lawsuit would harm the national defense. In the request filed with the Ninth Circuit Court of Appeals, government lawyers argued that last week's landmark decision by Federal District Court Judge Vaughn Walker --a Republican appointee --usurped the executive branch's powers to wage war and keep the country safe. Walker refused to toss the Electronic Frontier Foundation lawsuit, saying that the existence of the program was no longer a secret since the Administration confirmed news reports that it was spying on some Americans' overseas communications without a warrant. That decision was one of the few times that a judge has not bowed down to the invocation of the state secrets privilege by the executive branch. While the privilege has a long history, the Bush Administration has used the legal equivalent of a "neutron bomb" widely to prevent information about secret CIA prisons, eavesdropping and FBI translation mistakes from being revealed in open court. Realizing that his decision would be controversial, Walker granted the government the right to appeal the non-dismissal immediately. The government reiterated to the Ninth Circuit that it believed any information about the program would harm national security. < - > http://blog.wired.com/27BStroke6/index.blog?entry_id=1531164